On 03/07/2016 03:26 PM, Petr Cech wrote:
On 03/07/2016 01:11 PM, Pavel Březina wrote:
Hi,
see comments inline.
errno_t sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs)
{
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn;
char *filter;
int ret;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_TMPL_CUSTOM_SUBTREE,
SUDORULE_SUBDIR, domain->name);
if (!dn) {
DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
ret = ENOMEM;
goto fail;
}
filter = talloc_asprintf(tmp_ctx, "(&%s%s)", SUDO_ALL_FILTER,
sub_filter);
You also need to add case where sub_filter is NULL.
Thank you Pavel for comments. I have little question:
If sub_filter equal to NULL is given then
filter = (&(objectClass=sudoRule))
No it's not. Passing NULL pointer to asprintf results in undefined
behaviour. The filter will be either (&(objectClass=sudoRule)(null)) or
it will crash depending on implementation.
The desire is to have (objectClass=sudoRule) filter in sub_filter is NULL.
and that means that we can find all the rules.
Is it wrong?
if (!filter) {
DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
ret = ENOMEM;
goto fail;
}
DEBUG(SSSDBG_TRACE_INTERNAL,
"Search sudo rules with filter: %s\n", filter);
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
