diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2013-09-27 14:49:49 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-10-01 21:27:36 +0200 |
| commit | 9f3e9e9984e48bb45c6c3fb8f49b0ff5bf337393 (patch) | |
| tree | d4814f4c74955a73f7458e1eb10eb0cac3226b14 /src/db | |
| parent | 3aaf74d879324f2c2aefbe3304f706cb44a509db (diff) | |
| download | sssd-9f3e9e9984e48bb45c6c3fb8f49b0ff5bf337393.tar.gz sssd-9f3e9e9984e48bb45c6c3fb8f49b0ff5bf337393.tar.xz sssd-9f3e9e9984e48bb45c6c3fb8f49b0ff5bf337393.zip | |
sudo: allow specifying only one time restriction
https://fedorahosted.org/sssd/ticket/2100
Diffstat (limited to 'src/db')
| -rw-r--r-- | src/db/sysdb_sudo.c | 81 |
1 files changed, 34 insertions, 47 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index d6cc3eae5..65481f136 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -106,64 +106,51 @@ static errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule, /* check for sudoNotBefore */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notBefore attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the earliest */ - if (!notBefore) { - notBefore = converted; - } else if (notBefore > converted) { - notBefore = converted; + /* Grab the earliest */ + if (!notBefore) { + notBefore = converted; + } else if (notBefore > converted) { + notBefore = converted; + } } + } else if (ret != ENOENT) { + goto done; } /* check for sudoNotAfter */ ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER, tmp_ctx, &values); - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_LIBS, - ("notAfter attribute is missing, the rule [%s] is valid\n", - name)); - *result = true; - ret = EOK; - goto done; - } else if (ret != EOK) { - goto done; - } - - for (i=0; values[i] ; i++) { - ret = sysdb_sudo_convert_time(values[i], &converted); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", - name)); - goto done; - } + if (ret == EOK) { + for (i=0; values[i] ; i++) { + ret = sysdb_sudo_convert_time(values[i], &converted); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n", + name)); + goto done; + } - /* Grab the latest */ - if (!notAfter) { - notAfter = converted; - } else if (notAfter < converted) { - notAfter = converted; + /* Grab the latest */ + if (!notAfter) { + notAfter = converted; + } else if (notAfter < converted) { + notAfter = converted; + } } + } else if (ret != ENOENT) { + goto done; } - if (now >= notBefore && now <= notAfter) { + if ((notBefore == 0 || now >= notBefore) + && (notAfter == 0 || now <= notAfter)) { *result = true; } |