summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_access.c63
-rw-r--r--src/providers/ipa/ipa_init.c7
2 files changed, 0 insertions, 70 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 816b652f..3b188f09 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -29,7 +29,6 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_timerules.h"
#define OBJECTCLASS "objectclass"
#define IPA_MEMBEROF "memberOf"
@@ -1349,63 +1348,6 @@ enum check_result check_service(struct hbac_ctx *hbac_ctx,
return RULE_NOT_APPLICABLE;
}
-enum check_result check_access_time(struct time_rules_ctx *tr_ctx,
- struct sysdb_attrs *rule_attrs)
-{
- int ret;
- int i;
- TALLOC_CTX *tmp_ctx = NULL;
- struct ldb_message_element *el;
- char *rule;
- time_t now;
- bool result;
-
- now = time(NULL);
- if (now == (time_t) -1) {
- DEBUG(1, ("time failed [%d][%s].\n", errno, strerror(errno)));
- return RULE_ERROR;
- }
-
- ret = sysdb_attrs_get_el(rule_attrs, IPA_ACCESS_TIME, &el);
- if (ret != EOK) {
- DEBUG(1, ("sysdb_attrs_get_el failed.\n"));
- return RULE_ERROR;
- }
- if (el->num_values == 0) {
- DEBUG(9, ("No access time specified, assuming rule applies.\n"));
- return RULE_APPLICABLE;
- } else {
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(1, ("talloc_new failed.\n"));
- return RULE_ERROR;
- }
-
- for (i = 0; i < el->num_values; i++) {
- rule = talloc_strndup(tmp_ctx, (const char *) el->values[i].data,
- el->values[i].length);
- ret = check_time_rule(tmp_ctx, tr_ctx, rule, now, &result);
- if (ret != EOK) {
- DEBUG(1, ("check_time_rule failed.\n"));
- ret = RULE_ERROR;
- goto done;
- }
-
- if (result) {
- DEBUG(9, ("Current time [%d] matches rule [%s].\n", now, rule));
- ret = RULE_APPLICABLE;
- goto done;
- }
- }
- }
-
- ret = RULE_NOT_APPLICABLE;
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
enum check_result check_user(struct hbac_ctx *hbac_ctx,
struct sysdb_attrs *rule_attrs)
{
@@ -1643,11 +1585,6 @@ static errno_t check_if_rule_applies(struct hbac_ctx *hbac_ctx,
goto not_applicable;
}
- ret = check_access_time(hbac_ctx->tr_ctx, rule_attrs);
- if (ret != RULE_APPLICABLE) {
- goto not_applicable;
- }
-
ret = check_remote_hosts(pd->rhost, hbac_ctx->remote_hhi, rule_attrs);
if (ret != RULE_APPLICABLE) {
goto not_applicable;
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index af2afa70..27e0a11f 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -32,7 +32,6 @@
#include "providers/krb5/krb5_auth.h"
#include "providers/ipa/ipa_auth.h"
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_timerules.h"
#include "providers/ipa/ipa_dyndns.h"
struct ipa_options *ipa_options = NULL;
@@ -372,12 +371,6 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
goto done;
}
- ret = init_time_rules_parser(ipa_access_ctx, &ipa_access_ctx->tr_ctx);
- if (ret != EOK) {
- DEBUG(1, ("init_time_rules_parser failed.\n"));
- goto done;
- }
-
*ops = &ipa_access_ops;
*pvt_data = ipa_access_ctx;