From 6dff95bdfe437afc0b62b5270d0d84140981c786 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 16 Mar 2015 11:48:39 +0100
Subject: IPA: Remove the ipa_hbac_treat_deny_as option
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://fedorahosted.org/sssd/ticket/2603

Since deny rules are no longer supported on the server, the client
should no longer support them either. Remove the option.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
 src/providers/ipa/ipa_hbac_rules.c | 29 +++++++++--------------------
 1 file changed, 9 insertions(+), 20 deletions(-)

(limited to 'src/providers/ipa/ipa_hbac_rules.c')

diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c
index 497eee612..ffef6dc4c 100644
--- a/src/providers/ipa/ipa_hbac_rules.c
+++ b/src/providers/ipa/ipa_hbac_rules.c
@@ -49,7 +49,6 @@ ipa_hbac_rule_info_done(struct tevent_req *subreq);
 
 struct tevent_req *
 ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
-                        bool get_deny_rules,
                         struct tevent_context *ev,
                         struct sdap_handle *sh,
                         struct sdap_options *opts,
@@ -116,25 +115,15 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
     state->attrs[13] = IPA_HOST_CATEGORY;
     state->attrs[14] = NULL;
 
-    if (get_deny_rules) {
-        rule_filter = talloc_asprintf(tmp_ctx,
-                                      "(&(objectclass=%s)"
-                                      "(%s=%s)(|(%s=%s)(%s=%s)",
-                                      IPA_HBAC_RULE,
-                                      IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
-                                      IPA_HOST_CATEGORY, "all",
-                                      IPA_MEMBER_HOST, host_dn_clean);
-    } else {
-        rule_filter = talloc_asprintf(tmp_ctx,
-                                      "(&(objectclass=%s)"
-                                      "(%s=%s)(%s=%s)"
-                                      "(|(%s=%s)(%s=%s)",
-                                      IPA_HBAC_RULE,
-                                      IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
-                                      IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW,
-                                      IPA_HOST_CATEGORY, "all",
-                                      IPA_MEMBER_HOST, host_dn_clean);
-    }
+    rule_filter = talloc_asprintf(tmp_ctx,
+                                  "(&(objectclass=%s)"
+                                  "(%s=%s)(%s=%s)"
+                                  "(|(%s=%s)(%s=%s)",
+                                  IPA_HBAC_RULE,
+                                  IPA_ENABLED_FLAG, IPA_TRUE_VALUE,
+                                  IPA_ACCESS_RULE_TYPE, IPA_HBAC_ALLOW,
+                                  IPA_HOST_CATEGORY, "all",
+                                  IPA_MEMBER_HOST, host_dn_clean);
     if (rule_filter == NULL) {
         ret = ENOMEM;
         goto immediate;
-- 
cgit