4c80037896
(cherry picked from commitfa4807ec45) (cherry picked from commit323dbdee02) (cherry picked from commit7e532024f0)
133 lines
4.5 KiB
Diff
133 lines
4.5 KiB
Diff
From b054e7d8c43b024ee33e9343b4a15e124861f68c Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
Date: Thu, 3 Aug 2017 00:09:43 +0200
|
|
Subject: [PATCH 54/93] HBAC: Fix tevent hierarchy in ipa_hbac_rule_info_send()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
The first thing a _send() function should o is call
|
|
`tevent_req_create()` in order to create both the state and the request
|
|
and then use the state as context for temporary data.
|
|
|
|
Also, `tevent_req_create()` should be only function returning NULL from
|
|
the _send function, while all the other calls should goto immediate and
|
|
return the proper error, as they have a valid request.
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
---
|
|
src/providers/ipa/ipa_hbac_rules.c | 39 +++++++++++++++-----------------------
|
|
1 file changed, 15 insertions(+), 24 deletions(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_hbac_rules.c b/src/providers/ipa/ipa_hbac_rules.c
|
|
index c860905cc5544100be22ef74379895b3adb94173..b8d45351994e7af1c31558238de8b5910a6ee943 100644
|
|
--- a/src/providers/ipa/ipa_hbac_rules.c
|
|
+++ b/src/providers/ipa/ipa_hbac_rules.c
|
|
@@ -60,35 +60,32 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
|
|
size_t i;
|
|
struct tevent_req *req = NULL;
|
|
struct ipa_hbac_rule_state *state;
|
|
- TALLOC_CTX *tmp_ctx;
|
|
const char *host_dn;
|
|
char *host_dn_clean;
|
|
char *host_group_clean;
|
|
char *rule_filter;
|
|
const char **memberof_list;
|
|
|
|
+ req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state);
|
|
+ if (req == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
if (ipa_host == NULL) {
|
|
+ ret = EINVAL;
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n");
|
|
- return NULL;
|
|
+ goto immediate;
|
|
}
|
|
|
|
- tmp_ctx = talloc_new(mem_ctx);
|
|
- if (tmp_ctx == NULL) return NULL;
|
|
-
|
|
ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n");
|
|
- goto error;
|
|
+ goto immediate;
|
|
}
|
|
|
|
- ret = sss_filter_sanitize(tmp_ctx, host_dn, &host_dn_clean);
|
|
- if (ret != EOK) goto error;
|
|
-
|
|
- req = tevent_req_create(mem_ctx, &state, struct ipa_hbac_rule_state);
|
|
- if (req == NULL) {
|
|
- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
|
|
- goto error;
|
|
- }
|
|
+ ret = sss_filter_sanitize(state, host_dn, &host_dn_clean);
|
|
+ if (ret != EOK) goto immediate;
|
|
|
|
state->ev = ev;
|
|
state->sh = sh;
|
|
@@ -116,7 +113,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
|
|
state->attrs[13] = IPA_HOST_CATEGORY;
|
|
state->attrs[14] = NULL;
|
|
|
|
- rule_filter = talloc_asprintf(tmp_ctx,
|
|
+ rule_filter = talloc_asprintf(state,
|
|
"(&(objectclass=%s)"
|
|
"(%s=%s)(%s=%s)"
|
|
"(|(%s=%s)(%s=%s)",
|
|
@@ -132,12 +129,12 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
|
|
|
|
/* Add all parent groups of ipa_hostname to the filter */
|
|
ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF,
|
|
- tmp_ctx, &memberof_list);
|
|
+ state, &memberof_list);
|
|
if (ret != EOK && ret != ENOENT) {
|
|
DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify.\n");
|
|
} if (ret == ENOENT) {
|
|
/* This host is not a member of any hostgroups */
|
|
- memberof_list = talloc_array(tmp_ctx, const char *, 1);
|
|
+ memberof_list = talloc_array(state, const char *, 1);
|
|
if (memberof_list == NULL) {
|
|
ret = ENOMEM;
|
|
goto immediate;
|
|
@@ -146,7 +143,7 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
|
|
}
|
|
|
|
for (i = 0; memberof_list[i]; i++) {
|
|
- ret = sss_filter_sanitize(tmp_ctx,
|
|
+ ret = sss_filter_sanitize(state,
|
|
memberof_list[i],
|
|
&host_group_clean);
|
|
if (ret != EOK) goto immediate;
|
|
@@ -176,7 +173,6 @@ ipa_hbac_rule_info_send(TALLOC_CTX *mem_ctx,
|
|
goto immediate;
|
|
}
|
|
|
|
- talloc_free(tmp_ctx);
|
|
return req;
|
|
|
|
immediate:
|
|
@@ -186,12 +182,7 @@ immediate:
|
|
tevent_req_error(req, ret);
|
|
}
|
|
tevent_req_post(req, ev);
|
|
- talloc_free(tmp_ctx);
|
|
return req;
|
|
-
|
|
-error:
|
|
- talloc_free(tmp_ctx);
|
|
- return NULL;
|
|
}
|
|
|
|
static errno_t
|
|
--
|
|
2.14.1
|
|
|