diff options
author | Sumit Bose <sbose@redhat.com> | 2010-12-07 11:00:11 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-08 15:22:32 -0500 |
commit | 890db77ce114fa416838f363fe2b8627ff9087e0 (patch) | |
tree | 24ab0e1d849240cc3b9eb163d7f6e387012ed0e8 /src | |
parent | 0373e15d34ed1a21b8ce41b42e0d738b3d48d3c8 (diff) | |
download | sssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.gz sssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.bz2 sssd-890db77ce114fa416838f363fe2b8627ff9087e0.zip |
Remove check_access_time() from IPA access provider
It is planned to release IPA 2.0 without time range specifications in
the access control rules. To avoid confusion the evaluation is removed
from sssd, too.
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_access.c | 63 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 7 |
2 files changed, 0 insertions, 70 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 816b652f..3b188f09 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -29,7 +29,6 @@ #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_access.h" -#include "providers/ipa/ipa_timerules.h" #define OBJECTCLASS "objectclass" #define IPA_MEMBEROF "memberOf" @@ -1349,63 +1348,6 @@ enum check_result check_service(struct hbac_ctx *hbac_ctx, return RULE_NOT_APPLICABLE; } -enum check_result check_access_time(struct time_rules_ctx *tr_ctx, - struct sysdb_attrs *rule_attrs) -{ - int ret; - int i; - TALLOC_CTX *tmp_ctx = NULL; - struct ldb_message_element *el; - char *rule; - time_t now; - bool result; - - now = time(NULL); - if (now == (time_t) -1) { - DEBUG(1, ("time failed [%d][%s].\n", errno, strerror(errno))); - return RULE_ERROR; - } - - ret = sysdb_attrs_get_el(rule_attrs, IPA_ACCESS_TIME, &el); - if (ret != EOK) { - DEBUG(1, ("sysdb_attrs_get_el failed.\n")); - return RULE_ERROR; - } - if (el->num_values == 0) { - DEBUG(9, ("No access time specified, assuming rule applies.\n")); - return RULE_APPLICABLE; - } else { - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - DEBUG(1, ("talloc_new failed.\n")); - return RULE_ERROR; - } - - for (i = 0; i < el->num_values; i++) { - rule = talloc_strndup(tmp_ctx, (const char *) el->values[i].data, - el->values[i].length); - ret = check_time_rule(tmp_ctx, tr_ctx, rule, now, &result); - if (ret != EOK) { - DEBUG(1, ("check_time_rule failed.\n")); - ret = RULE_ERROR; - goto done; - } - - if (result) { - DEBUG(9, ("Current time [%d] matches rule [%s].\n", now, rule)); - ret = RULE_APPLICABLE; - goto done; - } - } - } - - ret = RULE_NOT_APPLICABLE; - -done: - talloc_free(tmp_ctx); - return ret; -} - enum check_result check_user(struct hbac_ctx *hbac_ctx, struct sysdb_attrs *rule_attrs) { @@ -1643,11 +1585,6 @@ static errno_t check_if_rule_applies(struct hbac_ctx *hbac_ctx, goto not_applicable; } - ret = check_access_time(hbac_ctx->tr_ctx, rule_attrs); - if (ret != RULE_APPLICABLE) { - goto not_applicable; - } - ret = check_remote_hosts(pd->rhost, hbac_ctx->remote_hhi, rule_attrs); if (ret != RULE_APPLICABLE) { goto not_applicable; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index af2afa70..27e0a11f 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -32,7 +32,6 @@ #include "providers/krb5/krb5_auth.h" #include "providers/ipa/ipa_auth.h" #include "providers/ipa/ipa_access.h" -#include "providers/ipa/ipa_timerules.h" #include "providers/ipa/ipa_dyndns.h" struct ipa_options *ipa_options = NULL; @@ -372,12 +371,6 @@ int sssm_ipa_access_init(struct be_ctx *bectx, goto done; } - ret = init_time_rules_parser(ipa_access_ctx, &ipa_access_ctx->tr_ctx); - if (ret != EOK) { - DEBUG(1, ("init_time_rules_parser failed.\n")); - goto done; - } - *ops = &ipa_access_ops; *pvt_data = ipa_access_ctx; |