diff options
author | Sumit Bose <sbose@redhat.com> | 2010-05-21 15:16:15 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-05-27 14:44:14 -0400 |
commit | a790a52db5bfe24679873d0083eb35236e616b83 (patch) | |
tree | 7e9a83f318c91c0236b474e9e913316bda61aee0 | |
parent | d66944d34d4969c2ba1ed1495e2dda91af665156 (diff) | |
download | sssd-a790a52db5bfe24679873d0083eb35236e616b83.tar.gz sssd-a790a52db5bfe24679873d0083eb35236e616b83.tar.bz2 sssd-a790a52db5bfe24679873d0083eb35236e616b83.zip |
Check ipaEnabledFlag
-rw-r--r-- | src/providers/ipa/ipa_access.c | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 58f937b8..590ae789 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -1269,9 +1269,9 @@ enum check_result check_remote_hosts(const char *rhost, return RULE_ERROR; } -static errno_t check_if_rule_applies(enum hbac_result *result, - struct hbac_ctx *hbac_ctx, - struct sysdb_attrs *rule_attrs) { +static errno_t check_if_rule_applies(struct hbac_ctx *hbac_ctx, + struct sysdb_attrs *rule_attrs, + enum hbac_result *result) { int ret; struct ldb_message_element *el; enum hbac_result rule_type; @@ -1296,6 +1296,24 @@ static errno_t check_if_rule_applies(enum hbac_result *result, } DEBUG(9, ("Processsing rule [%s].\n", rule_name)); + ret = sysdb_attrs_get_el(rule_attrs, IPA_ENABLED_FLAG, &el); + if (ret != EOK) { + DEBUG(1, ("Failed to find out if rule is enabled or not, " + "assuming it is enabled.\n")); + } else { + if (el->num_values == 0) { + DEBUG(1, ("Failed to find out if rule is enabled or not, " + "assuming it is enabled.\n")); + } else { + if (strncasecmp("false", (const char*) el->values[0].data, + el->values[0].length) == 0) { + DEBUG(7, ("Rule is disabled.\n")); + *result = HBAC_NOT_APPLICABLE; + return EOK; + } + } + } + /* rule type */ ret = sysdb_attrs_get_el(rule_attrs, IPA_ACCESS_RULE_TYPE, &el); if (ret != EOK) { @@ -1363,8 +1381,8 @@ static int evaluate_ipa_hbac_rules(struct hbac_ctx *hbac_ctx, for (i = 0; i < hbac_ctx->hbac_rule_count ; i++) { - ret = check_if_rule_applies(&result, hbac_ctx, - hbac_ctx->hbac_rule_list[i]); + ret = check_if_rule_applies(hbac_ctx, hbac_ctx->hbac_rule_list[i], + &result); if (ret != EOK) { DEBUG(1, ("check_if_rule_applies failed.\n")); return ret; |