diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-03-04 13:48:36 +0100 |
|---|---|---|
| committer | Sumit Bose <sbose@redhat.com> | 2014-03-05 10:06:42 +0100 |
| commit | 1878d79380be07c8a901e4645a624d1bee393d7f (patch) | |
| tree | 9366a5a7f5b7a72d418484e63b5b22ecf18e6fd0 | |
| parent | 21b362dab520d9e6f3919dc5bdf846ac52799982 (diff) | |
| download | sssd-1878d79380be07c8a901e4645a624d1bee393d7f.tar.gz sssd-1878d79380be07c8a901e4645a624d1bee393d7f.tar.xz sssd-1878d79380be07c8a901e4645a624d1bee393d7f.zip | |
IPA: Do not save intermediate data to sysdb
| -rw-r--r-- | src/providers/ipa/ipa_selinux.c | 56 |
1 files changed, 28 insertions, 28 deletions
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index d371d3c1d..6b28d4f97 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -296,34 +296,6 @@ static void ipa_selinux_handler_done(struct tevent_req *req) goto fail; } - /* Process the maps and return list of best matches (maps with - * highest priority). The input maps are also parent memory - * context for the output list of best matches. The best match - * maps should never be freed explicitly but always through - * their parent (or any indirect parent) */ - ret = ipa_selinux_process_maps(maps, op_ctx->user, op_ctx->host, - maps, map_count, - hbac_rules, hbac_count, &best_match_maps); - if (ret != EOK) { - goto fail; - } - - ret = create_order_array(op_ctx, map_order, - &order_array, &order_count); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to create ordered SELinux users array.\n"); - goto fail; - } - - ret = choose_best_seuser(best_match_maps, pd, order_array, order_count, - default_user); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to evaluate ordered SELinux users array.\n"); - goto fail; - } - ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -358,6 +330,34 @@ static void ipa_selinux_handler_done(struct tevent_req *req) } in_transaction = false; + /* Process the maps and return list of best matches (maps with + * highest priority). The input maps are also parent memory + * context for the output list of best matches. The best match + * maps should never be freed explicitly but always through + * their parent (or any indirect parent) */ + ret = ipa_selinux_process_maps(maps, op_ctx->user, op_ctx->host, + maps, map_count, + hbac_rules, hbac_count, &best_match_maps); + if (ret != EOK) { + goto fail; + } + + ret = create_order_array(op_ctx, map_order, + &order_array, &order_count); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to create ordered SELinux users array.\n"); + goto fail; + } + + ret = choose_best_seuser(best_match_maps, pd, order_array, order_count, + default_user); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to evaluate ordered SELinux users array.\n"); + goto fail; + } + /* If we got here in online mode, set last_update to current time */ if (!be_is_offline(be_ctx)) { op_ctx->selinux_ctx->last_update = time(NULL); |