diff options
author | Pavel Březina <pbrezina@redhat.com> | 2013-09-27 14:49:49 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-01 21:14:42 +0200 |
commit | d1f3610aefcb634f212d4c099fac102b3e4dee59 (patch) | |
tree | 61f1f1fdbd97d68478792cf4e094c3de8114dbfb /src | |
parent | 4343b618051d295cbb1a805a85feb117a91c6945 (diff) | |
download | sssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.tar.gz sssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.tar.bz2 sssd-d1f3610aefcb634f212d4c099fac102b3e4dee59.zip |
sudo: allow specifying only one time restriction
https://fedorahosted.org/sssd/ticket/2100
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb_sudo.c | 81 |
1 files changed, 34 insertions, 47 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index d6cc3eae..65481f13 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -106,64 +106,51 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule, /* check for sudoNotBefore */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notBefore attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the earliest */ - if (!notBefore) { - notBefore = converted; - } else if (notBefore > converted) { - notBefore = converted; + /* Grab the earliest */ + if (!notBefore) { + notBefore = converted; + } else if (notBefore > converted) { + notBefore = converted; + } } + } else if (ret != ENOENT) { + goto done; } /* check for sudoNotAfter */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notAfter attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the latest */ - if (!notAfter) { - notAfter = converted; - } else if (notAfter < converted) { - notAfter = converted; + /* Grab the latest */ + if (!notAfter) { + notAfter = converted; + } else if (notAfter < converted) { + notAfter = converted; + } } + } else if (ret != ENOENT) { + goto done; } - if (now >= notBefore && now <= notAfter) { + if ((notBefore == 0 || now >= notBefore) + && (notAfter == 0 || now <= notAfter)) { *result = true; } |