diff options
| author | Simo Sorce <ssorce@redhat.com> | 2012-02-17 18:19:01 -0500 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2012-02-20 10:48:59 +0100 |
| commit | 8ec98dfcae3daf1324bf924e1bf1684007bcf9d1 (patch) | |
| tree | 4801ce2925c4994df9a07c309d5a56a11a820d24 /daemons | |
| parent | dc5592af1dd13d34e530c3bc209fbfc234f7f527 (diff) | |
| download | freeipa-8ec98dfcae3daf1324bf924e1bf1684007bcf9d1.tar.gz freeipa-8ec98dfcae3daf1324bf924e1bf1684007bcf9d1.tar.xz freeipa-8ec98dfcae3daf1324bf924e1bf1684007bcf9d1.zip | |
ipa-kdb: Fix ACL evaluator
Fixes: https://fedorahosted.org/freeipa/ticket/2343
Diffstat (limited to 'daemons')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_delegation.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_delegation.c b/daemons/ipa-kdb/ipa_kdb_delegation.c index 428e214b7..579a9f315 100644 --- a/daemons/ipa-kdb/ipa_kdb_delegation.c +++ b/daemons/ipa-kdb/ipa_kdb_delegation.c @@ -95,7 +95,7 @@ static krb5_error_code ipadb_match_acl(krb5_context kcontext, krb5_const_principal target) { struct ipadb_context *ipactx; - krb5_error_code kerr = ENOENT; + krb5_error_code kerr; LDAPMessage *lentry; LDAPDerefRes *deref_results; LDAPDerefRes *dres; @@ -126,6 +126,9 @@ static krb5_error_code ipadb_match_acl(krb5_context kcontext, goto done; } + /* the default is that we fail */ + kerr = ENOENT; + while (lentry) { /* both client and target must be found in the same ACI */ client_missing = true; |