diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-16 11:48:39 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-03-24 21:03:41 +0100 |
commit | 6dff95bdfe437afc0b62b5270d0d84140981c786 (patch) | |
tree | 887f95d15a683e3677d9dfa4e396ba1f9218eee7 /src/providers/ipa/ipa_hbac_rules.c | |
parent | fdfe33975cd902bf7a334e49f2667f6346c4e6ae (diff) | |
download | sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.gz sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.xz sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.zip |
IPA: Remove the ipa_hbac_treat_deny_as option
https://fedorahosted.org/sssd/ticket/2603
Since deny rules are no longer supported on the server, the client
should no longer support them either. Remove the option.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_hbac_rules.c')
-rw-r--r-- | src/providers/ipa/ipa_hbac_rules.c | 29 |
1 files changed, 9 insertions, 20 deletions
diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index 497eee612..ffef6dc4c 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -49,7 +49,6 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq); struct tevent_req * ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, - bool get_deny_rules, struct tevent_context *ev, struct sdap_handle *sh, struct sdap_options *opts, @@ -116,25 +115,15 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, state->attrs[13] = IPA_HOST_CATEGORY; state->attrs[14] = NULL; - if (get_deny_rules) { - rule_filter = talloc_asprintf(tmp_ctx, - "(&(objectclass=%s)" - "(%s=%s)(|(%s=%s)(%s=%s)", - IPA_HBAC_RULE, - IPA_ENABLED_FLAG, IPA_TRUE_VALUE, - IPA_HOST_CATEGORY, "all", - IPA_MEMBER_HOST, host_dn_clean); - } else { - rule_filter = talloc_asprintf(tmp_ctx, - "(&(objectclass=%s)" - "(%s=%s)(%s=%s)" - "(|(%s=%s)(%s=%s)", - IPA_HBAC_RULE, - IPA_ENABLED_FLAG, IPA_TRUE_VALUE, - IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW, - IPA_HOST_CATEGORY, "all", - IPA_MEMBER_HOST, host_dn_clean); - } + rule_filter = talloc_asprintf(tmp_ctx, + "(&(objectclass=%s)" + "(%s=%s)(%s=%s)" + "(|(%s=%s)(%s=%s)", + IPA_HBAC_RULE, + IPA_ENABLED_FLAG, IPA_TRUE_VALUE, + IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW, + IPA_HOST_CATEGORY, "all", + IPA_MEMBER_HOST, host_dn_clean); if (rule_filter == NULL) { ret = ENOMEM; goto immediate; |