diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-05 22:37:09 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-08-16 13:31:03 +0200 |
commit | f004e23af14fe020d81b8f97f30b448105b79606 (patch) | |
tree | e39023d6237dabf0643f3ea6176f0bb354e15c92 /src/db/sysdb_selinux.c | |
parent | 79402313dc0d7f854b4334dd427e03b7baf0b9db (diff) | |
download | sssd-f004e23af14fe020d81b8f97f30b448105b79606.tar.gz sssd-f004e23af14fe020d81b8f97f30b448105b79606.tar.xz sssd-f004e23af14fe020d81b8f97f30b448105b79606.zip |
Only create the SELinux login file if there are mappings on the server
https://fedorahosted.org/sssd/ticket/1455
In case there are no rules on the IPA server, we must simply avoid generating
the login file. That would make us fall back to the system-wide default
defined in /etc/selinux/targeted/seusers.
The IPA default must be only used if there *are* rules on the server,
but none matches.
Diffstat (limited to 'src/db/sysdb_selinux.c')
-rw-r--r-- | src/db/sysdb_selinux.c | 7 |
1 files changed, 1 insertions, 6 deletions
diff --git a/src/db/sysdb_selinux.c b/src/db/sysdb_selinux.c index eaf07b50a..976489503 100644 --- a/src/db/sysdb_selinux.c +++ b/src/db/sysdb_selinux.c @@ -364,7 +364,7 @@ errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, struct ldb_message **msgs = NULL; struct sysdb_attrs *user; struct sysdb_attrs *tmp_attrs; - struct ldb_message **usermaps; + struct ldb_message **usermaps = NULL; struct sss_domain_info *domain; struct ldb_dn *basedn; size_t msgs_count = 0; @@ -462,11 +462,6 @@ errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, } } - if (usermaps[0] == NULL) { - ret = ENOENT; - goto done; - } - *_usermaps = talloc_steal(mem_ctx, usermaps); ret = EOK; |