Hi,
this patch fixes an inconsistency between the offline and the online
case. Now both cases return 'Access denied' if there are no HBAC rules
at all. This should fix #554.
bye,
Sumit
From ee0d15648902fe66d0bc95e95a5c72b941bb5dd0 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 21 Jul 2010 10:38:00 +0200
Subject: [PATCH] Do not treat missing HBAC rules as an error
---
src/providers/ipa/ipa_access.c | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 7e2bf8d..42731f2 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -145,6 +145,11 @@ static errno_t hbac_sysdb_data_recv(TALLOC_CTX *mem_ctx,
ret = sysdb_search_custom(mem_ctx, sysdb, domain, filter, subtree_name,
search_attrs, count, &msgs);
if (ret != EOK) {
+ if (ret == ENOENT) {
+ *count = 0;
+ *reply_attrs = NULL;
+ return EOK;
+ }
DEBUG(1, ("sysdb_search_custom failed.\n"));
return ret;
}
--
1.7.1.1
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
