From b054e7d8c43b024ee33e9343b4a15e124861f68c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Thu, 3 Aug 2017 00:09:43 +0200 Subject: [PATCH 54/93] HBAC: Fix tevent hierarchy in ipa_hbac_rule_info_send() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The first thing a _send() function should o is call `tevent_req_create()` in order to create both the state and the request and then use the state as context for temporary data. Also, `tevent_req_create()` should be only function returning NULL from the _send function, while all the other calls should goto immediate and return the proper error, as they have a valid request. Signed-off-by: Fabiano Fidêncio Reviewed-by: Pavel Březina Reviewed-by: Jakub Hrozek --- src/providers/ipa/ipa_hbac_rules.c | 39 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c index c860905cc5544100be22ef74379895b3adb94173..b8d45351994e7af1c31558238de8b5910a6ee943 100644 --- a/src/providers/ipa/ipa_hbac_rules.c +++ b/src/providers/ipa/ipa_hbac_rules.c @@ -60,35 +60,32 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, size_t i; struct tevent_req *req = NULL; struct ipa_hbac_rule_state *state; - TALLOC_CTX *tmp_ctx; const char *host_dn; char *host_dn_clean; char *host_group_clean; char *rule_filter; const char **memberof_list; + req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); + return NULL; + } + if (ipa_host == NULL) { + ret = EINVAL; DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n"); - return NULL; + goto immediate; } - tmp_ctx = talloc_new(mem_ctx); - if (tmp_ctx == NULL) return NULL; - ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n"); - goto error; + goto immediate; } - ret = sss_filter_sanitize(tmp_ctx, host_dn, &host_dn_clean); - if (ret != EOK) goto error; - - req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state); - if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n"); - goto error; - } + ret = sss_filter_sanitize(state, host_dn, &host_dn_clean); + if (ret != EOK) goto immediate; state->ev = ev; state->sh = sh; @@ -116,7 +113,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, state->attrs[13] = IPA_HOST_CATEGORY; state->attrs[14] = NULL; - rule_filter = talloc_asprintf(tmp_ctx, + rule_filter = talloc_asprintf(state, "(&(objectclass=%s)" "(%s=%s)(%s=%s)" "(|(%s=%s)(%s=%s)", @@ -132,12 +129,12 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, /* Add all parent groups of ipa_hostname to the filter */ ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF, - tmp_ctx, &memberof_list); + state, &memberof_list); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify.\n"); } if (ret == ENOENT) { /* This host is not a member of any hostgroups */ - memberof_list = talloc_array(tmp_ctx, const char *, 1); + memberof_list = talloc_array(state, const char *, 1); if (memberof_list == NULL) { ret = ENOMEM; goto immediate; @@ -146,7 +143,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, } for (i = 0; memberof_list[i]; i++) { - ret = sss_filter_sanitize(tmp_ctx, + ret = sss_filter_sanitize(state, memberof_list[i], &host_group_clean); if (ret != EOK) goto immediate; @@ -176,7 +173,6 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx, goto immediate; } - talloc_free(tmp_ctx); return req; immediate: @@ -186,12 +182,7 @@ immediate: tevent_req_error(req, ret); } tevent_req_post(req, ev); - talloc_free(tmp_ctx); return req; - -error: - talloc_free(tmp_ctx); - return NULL; } static errno_t -- 2.14.1