IPA: Remove the ipa_hbac_treat_deny_as option

https://fedorahosted.org/sssd/ticket/2603 Since deny rules are no longer supported on the server, the client should no longer support them either. Remove the option. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
author: Jakub Hrozek <jhrozek@redhat.com> 2015-03-16 11:48:39 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2015-03-24 21:03:41 +0100
commit: 6dff95bdfe437afc0b62b5270d0d84140981c786 (patch)
tree: 887f95d15a683e3677d9dfa4e396ba1f9218eee7 /src/providers/ipa/ipa_hbac_rules.c
parent: fdfe33975cd902bf7a334e49f2667f6346c4e6ae (diff)
download: sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.gz
sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.xz
sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.zip
1 files changed, 9 insertions, 20 deletions
diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c
index 497eee612..ffef6dc4c 100644
--- a/src/providers/ipa/ipa_hbac_rules.c
+++ b/src/providers/ipa/ipa_hbac_rules.c
@@ -49,7 +49,6 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq);
 
 struct tevent_req *
 ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
-                        bool get_deny_rules,
                         struct tevent_context *ev,
                         struct sdap_handle *sh,
                         struct sdap_options *opts,
@@ -116,25 +115,15 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
     state->attrs[13] = IPA_HOST_CATEGORY;
     state->attrs[14] = NULL;
 
-    if (get_deny_rules) {
-        rule_filter = talloc_asprintf(tmp_ctx,
-                                      "(&(objectclass=%s)"
-                                      "(%s=%s)(|(%s=%s)(%s=%s)",
-                                      IPA_HBAC_RULE,
-                                      IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
-                                      IPA_HOST_CATEGORY, "all",
-                                      IPA_MEMBER_HOST, host_dn_clean);
-    } else {
-        rule_filter = talloc_asprintf(tmp_ctx,
-                                      "(&(objectclass=%s)"
-                                      "(%s=%s)(%s=%s)"
-                                      "(|(%s=%s)(%s=%s)",
-                                      IPA_HBAC_RULE,
-                                      IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
-                                      IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW,
-                                      IPA_HOST_CATEGORY, "all",
-                                      IPA_MEMBER_HOST, host_dn_clean);
-    }
+    rule_filter = talloc_asprintf(tmp_ctx,
+                                  "(&(objectclass=%s)"
+                                  "(%s=%s)(%s=%s)"
+                                  "(|(%s=%s)(%s=%s)",
+                                  IPA_HBAC_RULE,
+                                  IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
+                                  IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW,
+                                  IPA_HOST_CATEGORY, "all",
+                                  IPA_MEMBER_HOST, host_dn_clean);
     if (rule_filter == NULL) {
         ret = ENOMEM;
         goto immediate;
author	Jakub Hrozek <jhrozek@redhat.com>	2015-03-16 11:48:39 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2015-03-24 21:03:41 +0100
commit	6dff95bdfe437afc0b62b5270d0d84140981c786 (patch)
tree	887f95d15a683e3677d9dfa4e396ba1f9218eee7 /src/providers/ipa/ipa_hbac_rules.c
parent	fdfe33975cd902bf7a334e49f2667f6346c4e6ae (diff)
download	sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.gz sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.tar.xz sssd-6dff95bdfe437afc0b62b5270d0d84140981c786.zip