diff options
| author | Sumit Bose <sbose@redhat.com> | 2010-12-07 11:00:11 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-08 15:22:32 -0500 |
| commit | 890db77ce114fa416838f363fe2b8627ff9087e0 (patch) | |
| tree | 24ab0e1d849240cc3b9eb163d7f6e387012ed0e8 | |
| parent | 0373e15d34ed1a21b8ce41b42e0d738b3d48d3c8 (diff) | |
| download | sssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.gz sssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.xz sssd-890db77ce114fa416838f363fe2b8627ff9087e0.zip | |
Remove check_access_time() from IPA access provider
It is planned to release IPA 2.0 without time range specifications in
the access control rules. To avoid confusion the evaluation is removed
from sssd, too.
| -rw-r--r-- | src/providers/ipa/ipa_access.c | 63 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_init.c | 7 |
2 files changed, 0 insertions, 70 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 816b652fb..3b188f097 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -29,7 +29,6 @@ #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_access.h" -#include "providers/ipa/ipa_timerules.h" #define OBJECTCLASS "objectclass" #define IPA_MEMBEROF "memberOf" @@ -1349,63 +1348,6 @@ enum check_result check_service(struct hbac_ctx *hbac_ctx, return RULE_NOT_APPLICABLE; } -enum check_result check_access_time(struct time_rules_ctx *tr_ctx, - struct sysdb_attrs *rule_attrs) -{ - int ret; - int i; - TALLOC_CTX *tmp_ctx = NULL; - struct ldb_message_element *el; - char *rule; - time_t now; - bool result; - - now = time(NULL); - if (now == (time_t) -1) { - DEBUG(1, ("time failed [%d][%s].\n", errno, strerror(errno))); - return RULE_ERROR; - } - - ret = sysdb_attrs_get_el(rule_attrs, IPA_ACCESS_TIME, &el); - if (ret != EOK) { - DEBUG(1, ("sysdb_attrs_get_el failed.\n")); - return RULE_ERROR; - } - if (el->num_values == 0) { - DEBUG(9, ("No access time specified, assuming rule applies.\n")); - return RULE_APPLICABLE; - } else { - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - DEBUG(1, ("talloc_new failed.\n")); - return RULE_ERROR; - } - - for (i = 0; i < el->num_values; i++) { - rule = talloc_strndup(tmp_ctx, (const char *) el->values[i].data, - el->values[i].length); - ret = check_time_rule(tmp_ctx, tr_ctx, rule, now, &result); - if (ret != EOK) { - DEBUG(1, ("check_time_rule failed.\n")); - ret = RULE_ERROR; - goto done; - } - - if (result) { - DEBUG(9, ("Current time [%d] matches rule [%s].\n", now, rule)); - ret = RULE_APPLICABLE; - goto done; - } - } - } - - ret = RULE_NOT_APPLICABLE; - -done: - talloc_free(tmp_ctx); - return ret; -} - enum check_result check_user(struct hbac_ctx *hbac_ctx, struct sysdb_attrs *rule_attrs) { @@ -1643,11 +1585,6 @@ static errno_t check_if_rule_applies(struct hbac_ctx *hbac_ctx, goto not_applicable; } - ret = check_access_time(hbac_ctx->tr_ctx, rule_attrs); - if (ret != RULE_APPLICABLE) { - goto not_applicable; - } - ret = check_remote_hosts(pd->rhost, hbac_ctx->remote_hhi, rule_attrs); if (ret != RULE_APPLICABLE) { goto not_applicable; diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index af2afa70b..27e0a11fe 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -32,7 +32,6 @@ #include "providers/krb5/krb5_auth.h" #include "providers/ipa/ipa_auth.h" #include "providers/ipa/ipa_access.h" -#include "providers/ipa/ipa_timerules.h" #include "providers/ipa/ipa_dyndns.h" struct ipa_options *ipa_options = NULL; @@ -372,12 +371,6 @@ int sssm_ipa_access_init(struct be_ctx *bectx, goto done; } - ret = init_time_rules_parser(ipa_access_ctx, &ipa_access_ctx->tr_ctx); - if (ret != EOK) { - DEBUG(1, ("init_time_rules_parser failed.\n")); - goto done; - } - *ops = &ipa_access_ops; *pvt_data = ipa_access_ctx; |