38 lines
1.3 KiB
Diff
38 lines
1.3 KiB
Diff
From 010c1c605cfcd2879a6f91ba61ea8db53aa4c5ae Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Mon, 16 Mar 2015 11:28:25 +0100
|
|
Subject: [PATCH 48/99] IPA: Deprecate the ipa_hbac_treat_deny_as option
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
https://fedorahosted.org/sssd/ticket/2603
|
|
|
|
Deny rules have not been supported by the IPA server since 2.1. We
|
|
should deprecate the ipa_hbac_treat_deny_as option.
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
(cherry picked from commit fdfe33975cd902bf7a334e49f2667f6346c4e6ae)
|
|
---
|
|
src/providers/ipa/ipa_access.c | 4 ++++
|
|
1 file changed, 4 insertions(+)
|
|
|
|
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
|
|
index 2ebaec337eedd205bab7c7cbb2a77568616062d0..d1ae18999d0b1c7637ab6de52b0290cde1c40e87 100644
|
|
--- a/src/providers/ipa/ipa_access.c
|
|
+++ b/src/providers/ipa/ipa_access.c
|
|
@@ -178,6 +178,10 @@ static void ipa_hbac_check(struct tevent_req *req)
|
|
hbac_ctx->get_deny_rules = false;
|
|
} else {
|
|
hbac_ctx->get_deny_rules = true;
|
|
+ sss_log(SSS_LOG_NOTICE,
|
|
+ "WARNING: Using deny rules is deprecated, the option "
|
|
+ "ipa_hbac_treat_deny_as will be removed in the next "
|
|
+ "upstream version\n");
|
|
}
|
|
|
|
ret = hbac_retry(hbac_ctx);
|
|
--
|
|
2.4.0
|
|
|