diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2012-01-04 17:10:28 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-22 15:37:42 -0400 |
| commit | 40ad77e597b24cbef0cbd5738238547e44f6d1ee (patch) | |
| tree | 521dd27409a07c38175fb69d15bd5108b62d0c08 | |
| parent | 8a74cafda0688e80d761642a1a462ff36d0f2f5f (diff) | |
| download | sssd_unused-40ad77e597b24cbef0cbd5738238547e44f6d1ee.tar.gz sssd_unused-40ad77e597b24cbef0cbd5738238547e44f6d1ee.tar.xz sssd_unused-40ad77e597b24cbef0cbd5738238547e44f6d1ee.zip | |
HBAC: create empty groups with one NULL element
https://fedorahosted.org/sssd/ticket/1130
| -rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 31 |
1 files changed, 15 insertions, 16 deletions
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 21a08870..e362606e 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -180,6 +180,15 @@ replace_attribute_name(const char *old_name, return EOK; } +static errno_t +create_empty_grouplist(struct hbac_request_element *el) +{ + el->groups = talloc_array(el, const char *, 1); + if (!el->groups) return ENOMEM; + + el->groups[0] = NULL; + return EOK; +} /******************************************** * Functions for handling conversion to the * @@ -530,12 +539,7 @@ hbac_eval_user_element(TALLOC_CTX *mem_ctx, el = ldb_msg_find_element(msg, SYSDB_ORIG_MEMBEROF); if (el == NULL || el->num_values == 0) { DEBUG(7, ("No groups for [%s]\n", users->name)); - users->groups = talloc_array(users, const char *, 1); - if (users->groups == NULL) { - ret = ENOMEM; - goto done; - } - users->groups[0] = NULL; + ret = create_empty_grouplist(users); goto done; } DEBUG(7, ("[%d] groups for [%s]\n", el->num_values, users->name)); @@ -629,8 +633,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx, * This rule will only match the name or * a service category of ALL */ - svc->groups = NULL; - ret = EOK; + ret = create_empty_grouplist(svc); goto done; } else if (ret != EOK) { goto done; @@ -646,8 +649,7 @@ hbac_eval_service_element(TALLOC_CTX *mem_ctx, * This rule will only match the name or * a service category of ALL */ - svc->groups = NULL; - ret = EOK; + ret = create_empty_grouplist(svc); goto done; } @@ -718,8 +720,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, /* We don't know the host (probably an rhost) * So we can't determine it's groups either. */ - host->groups = NULL; - ret = EOK; + ret = create_empty_grouplist(host); goto done; } @@ -740,8 +741,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, * This rule will only match the name or * a host category of ALL */ - host->groups = NULL; - ret = EOK; + ret = create_empty_grouplist(host); goto done; } else if (ret != EOK) { goto done; @@ -757,8 +757,7 @@ hbac_eval_host_element(TALLOC_CTX *mem_ctx, * This rule will only match the name or * a host category of ALL */ - host->groups = NULL; - ret = EOK; + ret = create_empty_grouplist(host); goto done; } |