Treat NULL or empty rhost as unknown

Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
author: Stephen Gallagher <sgallagh@redhat.com> 2011-07-01 16:34:03 -0400
committer: Stephen Gallagher <sgallagh@redhat.com> 2011-07-08 15:12:25 -0400
commit: 9b72b00ebcfd6225a4e139619c8e18d44a448f87 (patch)
tree: dc324d9ff8a9bc5d561fd5151c56bd9822813e2e /src/providers/ipa/hbac_evaluator.c
parent: 98fc4cbc838615a88b9725a13ab7491e89cbac32 (diff)
download: sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.tar.gz
sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.tar.xz
sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/src/providers/ipa/hbac_evaluator.c b/src/providers/ipa/hbac_evaluator.c
index 949f0aefd..e120d51e4 100644
--- a/src/providers/ipa/hbac_evaluator.c
+++ b/src/providers/ipa/hbac_evaluator.c
@@ -155,8 +155,10 @@ static bool hbac_evaluate_element(struct hbac_rule_element *rule_el,
     /* First check the name list */
     if (rule_el->names) {
         for (i = 0; rule_el->names[i]; i++) {
-            if (strcmp(rule_el->names[i], req_el->name) == 0) {
-                return true;
+            if (req_el->name != NULL) {
+                if (strcmp(rule_el->names[i], req_el->name) == 0) {
+                    return true;
+                }
             }
         }
     }
author	Stephen Gallagher <sgallagh@redhat.com>	2011-07-01 16:34:03 -0400
committer	Stephen Gallagher <sgallagh@redhat.com>	2011-07-08 15:12:25 -0400
commit	9b72b00ebcfd6225a4e139619c8e18d44a448f87 (patch)
tree	dc324d9ff8a9bc5d561fd5151c56bd9822813e2e /src/providers/ipa/hbac_evaluator.c
parent	98fc4cbc838615a88b9725a13ab7491e89cbac32 (diff)
download	sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.tar.gz sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.tar.xz sssd-9b72b00ebcfd6225a4e139619c8e18d44a448f87.zip