summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-12-07 11:00:11 +0100
committerStephen Gallagher <sgallagh@redhat.com>2010-12-08 15:22:32 -0500
commit890db77ce114fa416838f363fe2b8627ff9087e0 (patch)
tree24ab0e1d849240cc3b9eb163d7f6e387012ed0e8 /src
parent0373e15d34ed1a21b8ce41b42e0d738b3d48d3c8 (diff)
downloadsssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.gz
sssd-890db77ce114fa416838f363fe2b8627ff9087e0.tar.xz
sssd-890db77ce114fa416838f363fe2b8627ff9087e0.zip
Remove check_access_time() from IPA access provider
It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
Diffstat (limited to 'src')
-rw-r--r--src/providers/ipa/ipa_access.c63
-rw-r--r--src/providers/ipa/ipa_init.c7
2 files changed, 0 insertions, 70 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 816b652fb..3b188f097 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -29,7 +29,6 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_timerules.h"
#define OBJECTCLASS "objectclass"
#define IPA_MEMBEROF "memberOf"
@@ -1349,63 +1348,6 @@ enum check_result check_service(struct hbac_ctx *hbac_ctx,
return RULE_NOT_APPLICABLE;
}
-enum check_result check_access_time(struct time_rules_ctx *tr_ctx,
- struct sysdb_attrs *rule_attrs)
-{
- int ret;
- int i;
- TALLOC_CTX *tmp_ctx = NULL;
- struct ldb_message_element *el;
- char *rule;
- time_t now;
- bool result;
-
- now = time(NULL);
- if (now == (time_t) -1) {
- DEBUG(1, ("time failed [%d][%s].\n", errno, strerror(errno)));
- return RULE_ERROR;
- }
-
- ret = sysdb_attrs_get_el(rule_attrs, IPA_ACCESS_TIME, &el);
- if (ret != EOK) {
- DEBUG(1, ("sysdb_attrs_get_el failed.\n"));
- return RULE_ERROR;
- }
- if (el->num_values == 0) {
- DEBUG(9, ("No access time specified, assuming rule applies.\n"));
- return RULE_APPLICABLE;
- } else {
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(1, ("talloc_new failed.\n"));
- return RULE_ERROR;
- }
-
- for (i = 0; i < el->num_values; i++) {
- rule = talloc_strndup(tmp_ctx, (const char *) el->values[i].data,
- el->values[i].length);
- ret = check_time_rule(tmp_ctx, tr_ctx, rule, now, &result);
- if (ret != EOK) {
- DEBUG(1, ("check_time_rule failed.\n"));
- ret = RULE_ERROR;
- goto done;
- }
-
- if (result) {
- DEBUG(9, ("Current time [%d] matches rule [%s].\n", now, rule));
- ret = RULE_APPLICABLE;
- goto done;
- }
- }
- }
-
- ret = RULE_NOT_APPLICABLE;
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
enum check_result check_user(struct hbac_ctx *hbac_ctx,
struct sysdb_attrs *rule_attrs)
{
@@ -1643,11 +1585,6 @@ static errno_t check_if_rule_applies(struct hbac_ctx *hbac_ctx,
goto not_applicable;
}
- ret = check_access_time(hbac_ctx->tr_ctx, rule_attrs);
- if (ret != RULE_APPLICABLE) {
- goto not_applicable;
- }
-
ret = check_remote_hosts(pd->rhost, hbac_ctx->remote_hhi, rule_attrs);
if (ret != RULE_APPLICABLE) {
goto not_applicable;
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index af2afa70b..27e0a11fe 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -32,7 +32,6 @@
#include "providers/krb5/krb5_auth.h"
#include "providers/ipa/ipa_auth.h"
#include "providers/ipa/ipa_access.h"
-#include "providers/ipa/ipa_timerules.h"
#include "providers/ipa/ipa_dyndns.h"
struct ipa_options *ipa_options = NULL;
@@ -372,12 +371,6 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
goto done;
}
- ret = init_time_rules_parser(ipa_access_ctx, &ipa_access_ctx->tr_ctx);
- if (ret != EOK) {
- DEBUG(1, ("init_time_rules_parser failed.\n"));
- goto done;
- }
-
*ops = &ipa_access_ops;
*pvt_data = ipa_access_ctx;