From 1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Thu, 9 Dec 2010 10:14:04 -0500
Subject: Add group support to the simple access provider

This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.

This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.

https://fedorahosted.org/sssd/ticket/440
---
 src/tests/simple_access-tests.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'src/tests')

diff --git a/src/tests/simple_access-tests.c b/src/tests/simple_access-tests.c
index c9bf4ea5..fbbc8361 100644
--- a/src/tests/simple_access-tests.c
+++ b/src/tests/simple_access-tests.c
@@ -113,8 +113,8 @@ START_TEST(test_both_set)
 
     ret = simple_access_check(ctx, "u1", &access_granted);
     fail_unless(ret == EOK, "access_simple_check failed.");
-    fail_unless(access_granted == true, "Access denied "
-                                        "while user is in allow list.");
+    fail_unless(access_granted == false, "Access granted "
+                                         "while user is in deny list.");
 
     ret = simple_access_check(ctx, "u3", &access_granted);
     fail_unless(ret == EOK, "access_simple_check failed.");
-- 
cgit