summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-01-04 17:10:28 +0100
committerStephen Gallagher <sgallagh@redhat.com>2012-01-06 14:11:12 -0500
commit3d8a87081a6cd197acbd355b5a39111669ec2aa6 (patch)
tree1596e231636838688d51b3f1f7e6fd595966465e /src/providers/ipa
parent8885f5a0ad4829705722946572fae0925683809b (diff)
downloadsssd2-3d8a87081a6cd197acbd355b5a39111669ec2aa6.tar.gz
sssd2-3d8a87081a6cd197acbd355b5a39111669ec2aa6.tar.xz
sssd2-3d8a87081a6cd197acbd355b5a39111669ec2aa6.zip
HBAC: create empty groups with one NULL element
https://fedorahosted.org/sssd/ticket/1130
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_hbac_common.c31
1 files changed, 15 insertions, 16 deletions
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 859b9840..af0000cf 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -179,6 +179,15 @@ replace_attribute_name(const char *old_name,
return EOK;
}
+static errno_t
+create_empty_grouplist(struct hbac_request_element *el)
+{
+ el->groups = talloc_array(el, const char *, 1);
+ if (!el->groups) return ENOMEM;
+
+ el->groups[0] = NULL;
+ return EOK;
+}
/********************************************
* Functions for handling conversion to the *
@@ -525,12 +534,7 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx,
el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF);
if (el == NULL || el->num_values == 0) {
DEBUG(7, ("No groups for [%s]\n", users->name));
- users->groups = talloc_array(users, const char *, 1);
- if (users->groups == NULL) {
- ret = ENOMEM;
- goto done;
- }
- users->groups[0] = NULL;
+ ret = create_empty_grouplist(users);
goto done;
}
DEBUG(7, ("[%d] groups for [%s]\n", el->num_values, users->name));
@@ -624,8 +628,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx,
* This rule will only match the name or
* a service category of ALL
*/
- svc->groups = NULL;
- ret = EOK;
+ ret = create_empty_grouplist(svc);
goto done;
} else if (ret != EOK) {
goto done;
@@ -641,8 +644,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx,
* This rule will only match the name or
* a service category of ALL
*/
- svc->groups = NULL;
- ret = EOK;
+ ret = create_empty_grouplist(svc);
goto done;
}
@@ -713,8 +715,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx,
/* We don't know the host (probably an rhost)
* So we can't determine it's groups either.
*/
- host->groups = NULL;
- ret = EOK;
+ ret = create_empty_grouplist(host);
goto done;
}
@@ -735,8 +736,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx,
* This rule will only match the name or
* a host category of ALL
*/
- host->groups = NULL;
- ret = EOK;
+ ret = create_empty_grouplist(host);
goto done;
} else if (ret != EOK) {
goto done;
@@ -752,8 +752,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx,
* This rule will only match the name or
* a host category of ALL
*/
- host->groups = NULL;
- ret = EOK;
+ ret = create_empty_grouplist(host);
goto done;
}