confd: fix check for group membership

Checking if a user is an administratr we cannot rely solely on the return value of sr_get_items() but also ensure at least one group matches the search criteria. Fixes #469 Signed-off-by: Joachim Wiberg <troglobit@gmail.com>
kernelkit · Jun 3, 2024 · 50e068e · 50e068e
1 parent 2218901
commit 50e068e
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/src/confd/src/ietf-system.c b/src/confd/src/ietf-system.c
@@ -1180,7 +1180,8 @@ static int change_nacm(sr_session_ctx_t *session, uint32_t sub_id, const char *m
 					continue; /* not found, this is OK */
 
 				/* At least one group grants full administrator permissions */
-				is_admin = true;
+				if (rule_count > 0)
+					is_admin = true;
 
 				sr_free_values(rules, rule_count);
 			}