e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Copyright (C) 2011 Red Hat
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher This program is free software; you can redistribute it and/or modify
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher it under the terms of the GNU General Public License as published by
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher the Free Software Foundation; either version 3 of the License, or
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher (at your option) any later version.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher This program is distributed in the hope that it will be useful,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher GNU General Public License for more details.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher You should have received a copy of the GNU General Public License
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#include "providers/ipa/ipa_hbac_private.h"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherreplace_attribute_name(const char *old_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i = 0; i < count; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_replace_name(list[i], old_name, new_name);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_replace_name failed.\n");
3d8a87081a6cd197acbd355b5a39111669ec2aa6Jakub Hrozekcreate_empty_grouplist(struct hbac_request_element *el)
3d8a87081a6cd197acbd355b5a39111669ec2aa6Jakub Hrozek el->groups = talloc_array(el, const char *, 1);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/********************************************
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * Functions for handling conversion to the *
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * HBAC evaluator format *
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ********************************************/
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* First create an array of rules */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher new_rules = talloc_array(tmp_ctx, struct hbac_rule *,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Create each rule one at a time */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i = 0; i < hbac_ctx->rule_count ; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = hbac_attrs_to_rule(new_rules, hbac_ctx, i, &(new_rules[i]));
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct rules\n");
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Create the eval request */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = hbac_ctx_to_eval_request(tmp_ctx, hbac_ctx, &new_request);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct eval request\n");
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher *rules = talloc_steal(mem_ctx, new_rules);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher *request = talloc_steal(mem_ctx, new_request);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher new_rule = talloc_zero(mem_ctx, struct hbac_rule);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_el(hbac_ctx->rules[idx],
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CONF_SETTINGS, "rule has no name, assuming '(none)'.\n");
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher new_rule->name = talloc_strdup(new_rule, "(none)");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Processing rule [%s]\n", new_rule->name);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_bool(hbac_ctx->rules[idx], IPA_ENABLED_FLAG,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_string(hbac_ctx->rules[idx],
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (strcasecmp(rule_type, IPA_HBAC_ALLOW) != 0) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Rule [%s] is not an ALLOW rule\n", new_rule->name);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the users */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = hbac_user_attrs_to_rule(new_rule, hbac_ctx->be_ctx->domain,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse users for rule [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the services */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = hbac_service_attrs_to_rule(new_rule, hbac_ctx->be_ctx->domain,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not parse services for rule [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the target hosts */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = hbac_thost_attrs_to_rule(new_rule, hbac_ctx->be_ctx->domain,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not parse target hosts for rule [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the source hosts */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = hbac_shost_attrs_to_rule(new_rule, hbac_ctx->be_ctx->domain,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Could not parse source hosts for rule [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_get_category(struct sysdb_attrs *attrs,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_string_array(attrs, category_attr,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i = 0; categories[i]; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (strcasecmp("all", categories[i]) == 0) {
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Category is set to 'all'.\n");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_ALL, "Unsupported user category [%s].\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_user_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **user_element);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_service_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **svc_element);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_host_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **host_element);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_ctx_to_eval_request(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sss_domain_info *domain = hbac_ctx->be_ctx->domain;
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher eval_req = talloc_zero(tmp_ctx, struct hbac_eval_req);
94a66f84bd3c28fcabffeb84c682dccf89d89c2bSumit Bose /* Get user the user name and groups,
94a66f84bd3c28fcabffeb84c682dccf89d89c2bSumit Bose * take care of subdomain users as well */
db18dda869bc6c52a41797b2066cf121cf10f49cPavel Reichl user_dom = find_domain_by_name(domain, pd->domain, true);
db18dda869bc6c52a41797b2066cf121cf10f49cPavel Reichl DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_name failed.\n");
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek ret = hbac_eval_user_element(eval_req, user_dom, pd->user,
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek ret = hbac_eval_user_element(eval_req, domain, pd->user,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the PAM service and service groups */
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek ret = hbac_eval_service_element(eval_req, domain, pd->service,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Get the source host */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (pd->rhost == NULL || pd->rhost[0] == '\0') {
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher /* If we haven't been passed an rhost,
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher * the rhost is unknown. This will fail
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher * to match any rule requiring the
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher * source host.
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek ret = hbac_eval_host_element(eval_req, domain, rhost,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* The target host is always the current machine */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher thost = dp_opt_get_cstring(hbac_ctx->ipa_options, IPA_HOSTNAME);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Missing ipa_hostname, this should never happen.\n");
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek ret = hbac_eval_host_element(eval_req, domain, thost,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher *request = talloc_steal(mem_ctx, eval_req);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_user_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **user_element)
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher users = talloc_zero(tmp_ctx, struct hbac_request_element);
0ad1bcec60a2ec67a602e0ad1888f859d6009d54Sumit Bose ret = sss_parse_internal_fqname(tmp_ctx, username, &shortname, NULL);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek ipa_groups_basedn = ldb_dn_new_fmt(tmp_ctx, sysdb_ctx_get_ldb(domain->sysdb),
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* +1 because there will be a RDN preceding the base DN */
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek exp_comp = ldb_dn_get_comp_num(ipa_groups_basedn) + 1;
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek * Get all the groups the user is a member of.
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek * This includes both POSIX and non-POSIX groups.
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek ret = sysdb_initgroups(tmp_ctx, domain, username, &res);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek "sysdb_asq_search failed [%d]: %s\n", ret, sss_strerror(ret));
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* This should not happen at this point */
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* The first item is the user entry */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "No groups for [%s]\n", users->name);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek "[%u] groups for [%s]\n", res->count - 1, username);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* This also includes the sentinel, b/c we'll skip the user entry below */
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek users->groups = talloc_array(users, const char *, res->count);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* Start counting from 1 to exclude the user entry */
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek /* Only groups from the IPA domain can be referenced from HBAC rules. To
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek * avoid evaluating groups which might even have the same name, but come
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek * from a trusted domain, we first copy the DN to a temporary one..
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek if (ldb_dn_get_comp_num(res->msgs[i]->dn) != exp_comp
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek "Skipping non-IPA group %s\n",
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek fqgroupname = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek "Skipping malformed entry [%s]\n",
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek ret = sss_parse_internal_fqname(tmp_ctx, fqgroupname,
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Malformed name %s, skipping!\n", fqgroupname);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek users->groups[num_groups] = talloc_steal(users->groups, shortname);
c92e49144978ad3b6c9fffa8803ebdad8f6f5b18Jakub Hrozek DEBUG(SSSDBG_TRACE_LIBS, "Added group [%s] for user [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Shrink the array memory */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher users->groups = talloc_realloc(users, users->groups, const char *,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher *user_element = talloc_steal(mem_ctx, users);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_service_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **svc_element)
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL };
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher svc = talloc_zero(tmp_ctx, struct hbac_request_element);
e2ac9be4f293b96f3c8992f1171e44bc1da5cfcaMichal Zidek svc_dn = sysdb_custom_dn(tmp_ctx, domain, svc->name, HBAC_SERVICES_SUBDIR);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher /* Look up the service to get its originalMemberOf entries */
64d8e2df816323a004bf6e7e9d05ba373b9e033dJakub Hrozek ret = sysdb_search_entry(tmp_ctx, domain->sysdb, svc_dn,
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher /* We won't be able to identify any groups
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * This rule will only match the name or
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * a service category of ALL
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher /* Service is not a member of any groups
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * This rule will only match the name or
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * a service category of ALL
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher svc->groups = talloc_array(svc, const char *, el->num_values + 1);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher for (i = j = 0; i < el->num_values; i++) {
64d8e2df816323a004bf6e7e9d05ba373b9e033dJakub Hrozek ret = get_ipa_servicegroupname(tmp_ctx, domain->sysdb,
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek if (ret != EOK && ret != ERR_UNEXPECTED_ENTRY_TYPE) {
6dff95bdfe437afc0b62b5270d0d84140981c786Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Skipping malformed entry [%s]\n",
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek /* ERR_UNEXPECTED_ENTRY_TYPE means we had a memberOf entry that wasn't a
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * service group. We'll just ignore those (could be
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher svc->groups[j] = talloc_steal(svc->groups, name);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher *svc_element = talloc_steal(mem_ctx, svc);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_eval_host_element(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher struct hbac_request_element **host_element)
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher const char *memberof_attrs[] = { SYSDB_ORIG_MEMBEROF, NULL };
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher host = talloc_zero(tmp_ctx, struct hbac_request_element);
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher /* We don't know the host (probably an rhost)
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher * So we can't determine it's groups either.
e2ac9be4f293b96f3c8992f1171e44bc1da5cfcaMichal Zidek host_dn = sysdb_custom_dn(tmp_ctx, domain, host->name, HBAC_HOSTS_SUBDIR);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher /* Look up the host to get its originalMemberOf entries */
64d8e2df816323a004bf6e7e9d05ba373b9e033dJakub Hrozek ret = sysdb_search_entry(tmp_ctx, domain->sysdb, host_dn,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher /* We won't be able to identify any groups
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher * This rule will only match the name or
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher * a host category of ALL
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "More than one result for a BASE search!\n");
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher el = ldb_msg_find_element(msgs[0], SYSDB_ORIG_MEMBEROF);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher /* Host is not a member of any groups
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher * This rule will only match the name or
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher * a host category of ALL
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher host->groups = talloc_array(host, const char *, el->num_values + 1);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher for (i = j = 0; i < el->num_values; i++) {
ee164913f9c12a557044eb469f4498b9be9a8f50Fabiano Fidêncio ret = ipa_common_get_hostgroupname(tmp_ctx, domain->sysdb,
c41ae115bfa808d04e729dcbd759d8aae8387ce7Jakub Hrozek if (ret != EOK && ret != ERR_UNEXPECTED_ENTRY_TYPE) {
6dff95bdfe437afc0b62b5270d0d84140981c786Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Skipping malformed entry [%s]\n",
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek /* ERR_UNEXPECTED_ENTRY_TYPE means we had a memberOf entry that wasn't a
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher * host group. We'll just ignore those (could be
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher host->groups[j] = talloc_steal(host->groups, name);
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher *host_element = talloc_steal(mem_ctx, host);
e17e37cd0e2109e7f1bd4ae48edfc8cca85b3f93Fabiano Fidênciohbac_get_attrs_to_get_cached_rules(TALLOC_CTX *mem_ctx)
e17e37cd0e2109e7f1bd4ae48edfc8cca85b3f93Fabiano Fidêncio const char **attrs = talloc_zero_array(mem_ctx, const char *, 16);
e17e37cd0e2109e7f1bd4ae48edfc8cca85b3f93Fabiano Fidêncio DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array() failed\n");