summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/providers/ipa/ipa_session.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c
index 4ddf0529..4be0ec4e 100644
--- a/src/providers/ipa/ipa_session.c
+++ b/src/providers/ipa/ipa_session.c
@@ -32,6 +32,7 @@
#include "providers/ipa/ipa_session.h"
#include "providers/ipa/ipa_hosts.h"
#include "providers/ipa/ipa_hbac_rules.h"
+#include "providers/ipa/ipa_hbac_private.h"
#include "providers/ipa/ipa_selinux_common.h"
#include "providers/ipa/ipa_selinux_maps.h"
@@ -472,6 +473,7 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq)
struct ipa_get_selinux_state);
struct sysdb_attrs **rules;
struct sysdb_attrs *usermap;
+ struct ldb_message_element *el;
const char *hbac_dn;
const char *seealso_dn;
size_t rule_count;
@@ -494,6 +496,17 @@ static void ipa_get_selinux_hbac_done(struct tevent_req *subreq)
goto done;
}
+ /* We need to do this translation for further processing. We have to
+ * do it manually because no map was used to retrieve HBAC rules.
+ */
+ ret = sysdb_attrs_get_el(rules[i], IPA_MEMBER_HOST, &el);
+ if (ret != EOK) goto done;
+ el->name = SYSDB_ORIG_MEMBER_HOST;
+
+ ret = sysdb_attrs_get_el(rules[i], IPA_MEMBER_USER, &el);
+ if (ret != EOK) goto done;
+ el->name = SYSDB_ORIG_MEMBER_USER;
+
DEBUG(SSSDBG_TRACE_ALL,
("Matching HBAC rule %s with SELinux mappings\n", hbac_dn));
generated by cgit (git 2.34.1) at 2025-03-04 05:06:19 +0000