summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/pam/pamsrv_cmd.c43
1 files changed, 21 insertions, 22 deletions
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
index 4c035683..07fa96ab 100644
--- a/src/responder/pam/pamsrv_cmd.c
+++ b/src/responder/pam/pamsrv_cmd.c
@@ -519,30 +519,33 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq)
goto done;
}
- /* We need two values from the config object:
- * - default SELinux user in case no other is available
- * - the order for fetched usermaps
- */
- for (i = 0; i < config->num_elements; i++) {
- if (strcasecmp(config->elements[i].name, SYSDB_SELINUX_DEFAULT_USER) == 0) {
- default_user = (const char *)config->elements[i].values[0].data;
- } else if (strcasecmp(config->elements[i].name, SYSDB_SELINUX_DEFAULT_ORDER) == 0) {
- tmp_str = (char *)config->elements[i].values[0].data;
- len = config->elements[i].values[0].length;
- order = talloc_strdup(tmp_ctx, tmp_str);
- if (order == NULL) {
- goto done;
- }
- }
+ default_user = ldb_msg_find_attr_as_string(config,
+ SYSDB_SELINUX_DEFAULT_USER,
+ NULL);
+ if (!default_user || default_user[0] == '\0') {
+ /* Skip creating the maps altogether if there is no default
+ * or empty default
+ */
+ ret = EOK;
+ goto done;
}
- if (default_user == NULL || order == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("No default SELinux user "
- "or map order given!\n"));
+ tmp_str = ldb_msg_find_attr_as_string(config,
+ SYSDB_SELINUX_DEFAULT_ORDER,
+ NULL);
+ if (tmp_str == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("No map order given!\n"));
ret = EINVAL;
goto done;
}
+ order = talloc_strdup(tmp_ctx, tmp_str);
+ if (order == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+ len = strlen(order);
+
/* The "order" string contains one or more SELinux user records
* separated by $. Now we need to create an array of string from
* this one string. First find out how many elements in the array
@@ -577,10 +580,6 @@ static errno_t process_selinux_mappings(struct pam_auth_req *preq)
&usermaps);
if (ret != EOK && ret != ENOENT) {
goto done;
- } else if (ret == ENOENT) {
- DEBUG(SSSDBG_TRACE_FUNC, ("No maps defined on the server\n"));
- ret = EOK;
- goto done;
}
/* If no maps match, we'll use the default SELinux user from the