From d1f3610aefcb634f212d4c099fac102b3e4dee59 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Fri, 27 Sep 2013 14:49:49 +0200 Subject: sudo: allow specifying only one time restriction https://fedorahosted.org/sssd/ticket/2100 --- src/db/sysdb_sudo.c | 81 ++++++++++++++++++++++------------------------------- 1 file changed, 34 insertions(+), 47 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index d6cc3eae..65481f13 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -106,64 +106,51 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule, /* check for sudoNotBefore */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notBefore attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the earliest */ - if (!notBefore) { - notBefore = converted; - } else if (notBefore > converted) { - notBefore = converted; + /* Grab the earliest */ + if (!notBefore) { + notBefore = converted; + } else if (notBefore > converted) { + notBefore = converted; + } } + } else if (ret != ENOENT) { + goto done; } /* check for sudoNotAfter */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notAfter attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the latest */ - if (!notAfter) { - notAfter = converted; - } else if (notAfter < converted) { - notAfter = converted; + /* Grab the latest */ + if (!notAfter) { + notAfter = converted; + } else if (notAfter < converted) { + notAfter = converted; + } } + } else if (ret != ENOENT) { + goto done; } - if (now >= notBefore && now <= notAfter) { + if ((notBefore == 0 || now >= notBefore) + && (notAfter == 0 || now <= notAfter)) { *result = true; } -- cgit