From 8ec98dfcae3daf1324bf924e1bf1684007bcf9d1 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Fri, 17 Feb 2012 18:19:01 -0500
Subject: ipa-kdb: Fix ACL evaluator

Fixes: https://fedorahosted.org/freeipa/ticket/2343
---
 daemons/ipa-kdb/ipa_kdb_delegation.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'daemons/ipa-kdb')

diff --git a/daemons/ipa-kdb/ipa_kdb_delegation.c b/daemons/ipa-kdb/ipa_kdb_delegation.c
index 428e214b7..579a9f315 100644
--- a/daemons/ipa-kdb/ipa_kdb_delegation.c
+++ b/daemons/ipa-kdb/ipa_kdb_delegation.c
@@ -95,7 +95,7 @@ static krb5_error_code ipadb_match_acl(krb5_context kcontext,
                                        krb5_const_principal target)
 {
     struct ipadb_context *ipactx;
-    krb5_error_code kerr = ENOENT;
+    krb5_error_code kerr;
     LDAPMessage *lentry;
     LDAPDerefRes *deref_results;
     LDAPDerefRes *dres;
@@ -126,6 +126,9 @@ static krb5_error_code ipadb_match_acl(krb5_context kcontext,
         goto done;
     }
 
+    /* the default is that we fail */
+    kerr = ENOENT;
+
     while (lentry) {
         /* both client and target must be found in the same ACI */
         client_missing = true;
-- 
cgit