summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2011-08-26 12:00:55 -0400
committerStephen Gallagher <sgallagh@redhat.com>2011-08-26 16:52:53 -0400
commit473c90800239fc54eaab9d3dc3194582b039d614 (patch)
tree99f57854dd1488e03ef40fefb40230276ba1104c
parent5215f682e5beda6fa85456576237de8a5a057bb8 (diff)
downloadsssd-473c90800239fc54eaab9d3dc3194582b039d614.tar.gz
sssd-473c90800239fc54eaab9d3dc3194582b039d614.tar.bz2
sssd-473c90800239fc54eaab9d3dc3194582b039d614.zip
HBAC: Use of hostgroups for targethost or sourcehost was broken
We were trying to look up the wrong attribute for the name of the hostgroup.
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 15522f49..70be90e1 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -257,7 +257,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t ret;
TALLOC_CTX *tmp_ctx;
struct hbac_rule_element *new_hosts;
- const char *attrs[] = { IPA_HOST_FQDN, NULL };
+ const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL };
struct ldb_message_element *el;
size_t num_hosts = 0;
size_t num_hostgroups = 0;
@@ -351,7 +351,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
IPA_HOST_FQDN,
NULL);
if (name == NULL) {
- DEBUG(1, ("Attribute is missing!\n"));
+ DEBUG(1, ("FQDN is missing!\n"));
ret = EFAULT;
goto done;
}
@@ -384,9 +384,9 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Original DN matched a single group. Get the groupname */
- name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
+ name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
if (name == NULL) {
- DEBUG(1, ("Attribute is missing!\n"));
+ DEBUG(1, ("Hostgroup name is missing!\n"));
ret = EFAULT;
goto done;
}