summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-08-26 12:00:55 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-08-29 08:23:38 -0400
commit088ebc59997fd75d290ca2a5ea1e9c1261ae2006 (patch)
tree69ccc191b5201fdc5fbe749d42798b1f553e97fb
parent6021240518059ec54e8ca15ca607cb3153228bea (diff)
downloadsssd-088ebc59997fd75d290ca2a5ea1e9c1261ae2006.tar.gz
sssd-088ebc59997fd75d290ca2a5ea1e9c1261ae2006.tar.xz
sssd-088ebc59997fd75d290ca2a5ea1e9c1261ae2006.zip
HBAC: Use of hostgroups for targethost or sourcehost was broken
We were trying to look up the wrong attribute for the name of the hostgroup.
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 4e753f374..dd82f2848 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -257,7 +257,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t ret;
TALLOC_CTX *tmp_ctx;
struct hbac_rule_element *new_hosts;
- const char *attrs[] = { IPA_HOST_FQDN, NULL };
+ const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL };
struct ldb_message_element *el;
size_t num_hosts = 0;
size_t num_hostgroups = 0;
@@ -351,7 +351,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
IPA_HOST_FQDN,
NULL);
if (name == NULL) {
- DEBUG(1, ("Attribute is missing!\n"));
+ DEBUG(1, ("FQDN is missing!\n"));
ret = EFAULT;
goto done;
}
@@ -384,9 +384,9 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Original DN matched a single group. Get the groupname */
- name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
+ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
if (name == NULL) {
- DEBUG(1, ("Attribute is missing!\n"));
+ DEBUG(1, ("Hostgroup name is missing!\n"));
ret = EFAULT;
goto done;
}