diff options
Diffstat (limited to 'src/responder')
-rw-r--r-- | src/responder/pam/pamsrv_cmd.c | 43 |
1 files changed, 21 insertions, 22 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c index 4c035683..07fa96ab 100644 --- a/src/responder/pam/pamsrv_cmd.c +++ b/src/responder/pam/pamsrv_cmd.c @@ -519,30 +519,33 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) goto done; } - /* We need two values from the config object: - * - default SELinux user in case no other is available - * - the order for fetched usermaps - */ - for (i = 0; i < config->num_elements; i++) { - if (strcasecmp(config->elements[i].name, SYSDB_SELINUX_DEFAULT_USER) == 0) { - default_user = (const char *)config->elements[i].values[0].data; - } else if (strcasecmp(config->elements[i].name, SYSDB_SELINUX_DEFAULT_ORDER) == 0) { - tmp_str = (char *)config->elements[i].values[0].data; - len = config->elements[i].values[0].length; - order = talloc_strdup(tmp_ctx, tmp_str); - if (order == NULL) { - goto done; - } - } + default_user = ldb_msg_find_attr_as_string(config, + SYSDB_SELINUX_DEFAULT_USER, + NULL); + if (!default_user || default_user[0] == '\0') { + /* Skip creating the maps altogether if there is no default + * or empty default + */ + ret = EOK; + goto done; } - if (default_user == NULL || order == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("No default SELinux user " - "or map order given!\n")); + tmp_str = ldb_msg_find_attr_as_string(config, + SYSDB_SELINUX_DEFAULT_ORDER, + NULL); + if (tmp_str == NULL) { + DEBUG(SSSDBG_OP_FAILURE, ("No map order given!\n")); ret = EINVAL; goto done; } + order = talloc_strdup(tmp_ctx, tmp_str); + if (order == NULL) { + ret = ENOMEM; + goto done; + } + len = strlen(order); + /* The "order" string contains one or more SELinux user records * separated by $. Now we need to create an array of string from * this one string. First find out how many elements in the array @@ -577,10 +580,6 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq) &usermaps); if (ret != EOK && ret != ENOENT) { goto done; - } else if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, ("No maps defined on the server\n")); - ret = EOK; - goto done; } /* If no maps match, we'll use the default SELinux user from the |