diff options
author | Ondrej Kos <okos@redhat.com> | 2013-09-09 15:51:15 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-09-13 16:34:28 +0200 |
commit | caf576da562bf7bd30e74ad921c1212ec7d230bc (patch) | |
tree | fc08978f2c746daebc66d1e84a4c57d22d10477e /src | |
parent | 777b638893289fa0b8743415ff1945c6468bd8b0 (diff) | |
download | sssd-caf576da562bf7bd30e74ad921c1212ec7d230bc.tar.gz sssd-caf576da562bf7bd30e74ad921c1212ec7d230bc.tar.xz sssd-caf576da562bf7bd30e74ad921c1212ec7d230bc.zip |
IPA: Deprecate ipa_hbac_support_srchost option
This option got already deprecated on the ipa server side.
Option is undocumented and warning is printed both to the sssd log files
and syslog.
Resolves:
https://fedorahosted.org/sssd/ticket/1918
Diffstat (limited to 'src')
-rw-r--r-- | src/man/sssd-ipa.5.xml | 23 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_hosts.c | 5 |
3 files changed, 11 insertions, 23 deletions
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index bf148bf48..667920edc 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -282,11 +282,6 @@ bases. </para> <para> - If filter is given in any of search bases and - <emphasis>ipa_hbac_support_srchost</emphasis> - is set to False, the filter will be ignored. - </para> - <para> Default: the value of <emphasis>ldap_search_base</emphasis> </para> @@ -459,24 +454,6 @@ </varlistentry> <varlistentry> - <term>ipa_hbac_support_srchost (boolean)</term> - <listitem> - <para> - If this is set to false, then srchost as given - to SSSD by PAM will be ignored. - </para> - <para> - Note that if set to <emphasis>False</emphasis>, - this option casuses filters given in - <emphasis>ipa_host_search_base</emphasis> to be ignored; - </para> - <para> - Default: false - </para> - </listitem> - </varlistentry> - - <varlistentry> <term>ipa_server_mode (boolean)</term> <listitem> <para> diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 58539f4c6..7d44788af 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -346,6 +346,12 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) * we want all hosts */ hostname = NULL; + + /* THIS FEATURE IS DEPRECATED */ + DEBUG(SSSDBG_MINOR_FAILURE, ("WARNING: Using deprecated option " + "ipa_hbac_support_srchost.\n")); + sss_log(SSS_LOG_NOTICE, "WARNING: Using deprecated option " + "ipa_hbac_support_srchost.\n"); } else { hostname = dp_opt_get_string(hbac_ctx->ipa_options, IPA_HOSTNAME); } diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 7f387c633..e85206e8f 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -268,6 +268,11 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, shosts->category = HBAC_CATEGORY_ALL; ret = EOK; goto done; + } else { + DEBUG(SSSDBG_MINOR_FAILURE, ("WARNING: Using deprecated option " + "ipa_hbac_support_srchost.\n")); + sss_log(SSS_LOG_NOTICE, "WARNING: Using deprecated option " + "ipa_hbac_support_srchost.\n"); } ret = hbac_host_attrs_to_rule(tmp_ctx, domain, |