diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-04 13:48:36 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-05 12:15:22 +0100 |
| commit | 0c1a13e435ceab2038233bec3a7468c726b903b9 (patch) | |
| tree | b7909200650ef55c433b62e11af0365ec51a5da3 /src/providers/ipa | |
| parent | 48b1db73639135dd4a15ee153f958c912836c621 (diff) | |
| download | sssd-0c1a13e435ceab2038233bec3a7468c726b903b9.tar.gz sssd-0c1a13e435ceab2038233bec3a7468c726b903b9.tar.xz sssd-0c1a13e435ceab2038233bec3a7468c726b903b9.zip | |
IPA: Do not save intermediate data to sysdb
https://fedorahosted.org/sssd/ticket/2264
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_selinux.c | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index d371d3c1d..6b28d4f97 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -296,34 +296,6 @@ static void ipa_selinux_handler_done(struct tevent_req *req) goto fail; } - /* Process the maps and return list of best matches (maps with - * highest priority). The input maps are also parent memory - * context for the output list of best matches. The best match - * maps should never be freed explicitly but always through - * their parent (or any indirect parent) */ - ret = ipa_selinux_process_maps(maps, op_ctx->user, op_ctx->host, - maps, map_count, - hbac_rules, hbac_count, &best_match_maps); - if (ret != EOK) { - goto fail; - } - - ret = create_order_array(op_ctx, map_order, - &order_array, &order_count); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to create ordered SELinux users array.\n"); - goto fail; - } - - ret = choose_best_seuser(best_match_maps, pd, order_array, order_count, - default_user); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to evaluate ordered SELinux users array.\n"); - goto fail; - } - ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -358,6 +330,34 @@ static void ipa_selinux_handler_done(struct tevent_req *req) } in_transaction = false; + /* Process the maps and return list of best matches (maps with + * highest priority). The input maps are also parent memory + * context for the output list of best matches. The best match + * maps should never be freed explicitly but always through + * their parent (or any indirect parent) */ + ret = ipa_selinux_process_maps(maps, op_ctx->user, op_ctx->host, + maps, map_count, + hbac_rules, hbac_count, &best_match_maps); + if (ret != EOK) { + goto fail; + } + + ret = create_order_array(op_ctx, map_order, + &order_array, &order_count); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to create ordered SELinux users array.\n"); + goto fail; + } + + ret = choose_best_seuser(best_match_maps, pd, order_array, order_count, + default_user); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to evaluate ordered SELinux users array.\n"); + goto fail; + } + /* If we got here in online mode, set last_update to current time */ if (!be_is_offline(be_ctx)) { op_ctx->selinux_ctx->last_update = time(NULL); |