IPA: Deprecate the ipa_hbac_treat_deny_as option

https://fedorahosted.org/sssd/ticket/2603 Deny rules have not been supported by the IPA server since 2.1. We should deprecate the ipa_hbac_treat_deny_as option. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-03-16 11:28:25 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-03-24 21:03:38 +0100
commit: fdfe33975cd902bf7a334e49f2667f6346c4e6ae (patch)
tree: 4296a91eda0ec0d7fc3a8a56fb58effac8b78e07
parent: c41ae115bfa808d04e729dcbd759d8aae8387ce7 (diff)
download: sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.tar.gz
sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.tar.xz
sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 2ebaec337..d1ae18999 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -178,6 +178,10 @@ static void ipa_hbac_check(struct tevent_req *req)
         hbac_ctx->get_deny_rules = false;
     } else {
         hbac_ctx->get_deny_rules = true;
+        sss_log(SSS_LOG_NOTICE,
+                "WARNING: Using deny rules is deprecated, the option "
+                "ipa_hbac_treat_deny_as will be removed in the next "
+                "upstream version\n");
     }
 
     ret = hbac_retry(hbac_ctx);
author	Jakub Hrozek <jhrozek@redhat.com>	2015-03-16 11:28:25 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-03-24 21:03:38 +0100
commit	fdfe33975cd902bf7a334e49f2667f6346c4e6ae (patch)
tree	4296a91eda0ec0d7fc3a8a56fb58effac8b78e07
parent	c41ae115bfa808d04e729dcbd759d8aae8387ce7 (diff)
download	sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.tar.gz sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.tar.xz sssd-fdfe33975cd902bf7a334e49f2667f6346c4e6ae.zip