From fde6ab61a611cfea5f15534dd405d5658bc0c879 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Aug 26 2011 20:54:12 +0000
Subject: HBAC: Use of hostgroups for targethost or sourcehost was broken


We were trying to look up the wrong attribute for the name of the
hostgroup.

---

diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 4e753f3..dd82f28 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -257,7 +257,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
     errno_t ret;
     TALLOC_CTX *tmp_ctx;
     struct hbac_rule_element *new_hosts;
-    const char *attrs[] = { IPA_HOST_FQDN, NULL };
+    const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL };
     struct ldb_message_element *el;
     size_t num_hosts = 0;
     size_t num_hostgroups = 0;
@@ -351,7 +351,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
                                                IPA_HOST_FQDN,
                                                NULL);
             if (name == NULL) {
-                DEBUG(1, ("Attribute is missing!\n"));
+                DEBUG(1, ("FQDN is missing!\n"));
                 ret = EFAULT;
                 goto done;
             }
@@ -384,9 +384,9 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
                 }
 
                 /* Original DN matched a single group. Get the groupname */
-                name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
+                name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
                 if (name == NULL) {
-                    DEBUG(1, ("Attribute is missing!\n"));
+                    DEBUG(1, ("Hostgroup name is missing!\n"));
                     ret = EFAULT;
                     goto done;
                 }