URL: https://github.com/freeipa/freeipa/pull/5595 Author: rcritten Title: #5595: [Backport][ipa-4-9] ipa-kdb: do not use OpenLDAP functions with NULL LDAP context Action: opened
PR body: """ This PR was opened automatically because PR #5581 was pushed to master and backport to ipa-4-9 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5595/head:pr5595 git checkout pr5595
From 6c586830c00962c057e694a4b6dd4f8a1b8c174a Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Fri, 19 Feb 2021 15:37:47 +0200 Subject: [PATCH 1/5] ipa-kdb: do not use OpenLDAP functions with NULL LDAP context Calling to ipadb_get_connection() will remove LDAP context if any error happens. This means upper layers must always verify that LDAP context exists after such calls. ipadb_get_user_auth() may re-read global configuration and that may fail and cause IPA context to have NULL LDAP context. Fixes: https://pagure.io/freeipa/issue/8681 Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- daemons/ipa-kdb/ipa_kdb.c | 1 + daemons/ipa-kdb/ipa_kdb_mspac.c | 32 +++++++++++++++------------- daemons/ipa-kdb/ipa_kdb_principals.c | 26 ++++++++++++++++------ 3 files changed, 37 insertions(+), 22 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb.c b/daemons/ipa-kdb/ipa_kdb.c index 43ba955ac76..6e1e3e3513a 100644 --- a/daemons/ipa-kdb/ipa_kdb.c +++ b/daemons/ipa-kdb/ipa_kdb.c @@ -57,6 +57,7 @@ static void ipadb_context_free(krb5_context kcontext, /* ldap free lcontext */ if ((*ctx)->lcontext) { ldap_unbind_ext_s((*ctx)->lcontext, NULL, NULL); + (*ctx)->lcontext = NULL; } free((*ctx)->supp_encs); free((*ctx)->def_encs); diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 31f61712942..81a8fd48365 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -418,7 +418,6 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, krb5_timestamp authtime, struct netr_SamInfo3 *info3) { - LDAP *lcontext = ipactx->lcontext; LDAPDerefRes *deref_results = NULL; struct dom_sid sid; gid_t prigid = -1; @@ -435,7 +434,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, bool is_idobject = false; krb5_principal princ; - ret = ipadb_ldap_attr_to_strlist(lcontext, lentry, "objectClass", + ret = ipadb_ldap_attr_to_strlist(ipactx->lcontext, lentry, "objectClass", &objectclasses); if (ret == 0 && objectclasses != NULL) { for (c = 0; objectclasses[c] != NULL; c++) { @@ -472,13 +471,14 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, } if (is_host) { - ret = ipadb_ldap_attr_to_str(lcontext, lentry, "fqdn", &strres); + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "fqdn", &strres); if (ret) { /* fqdn is mandatory for hosts */ return ret; } } else if (is_service) { - ret = ipadb_ldap_attr_to_str(lcontext, lentry, "krbCanonicalName", &strres); + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, + "krbCanonicalName", &strres); if (ret) { /* krbCanonicalName is mandatory for services */ return ret; @@ -498,7 +498,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ENOENT; } } else { - ret = ipadb_ldap_attr_to_str(lcontext, lentry, "uid", &strres); + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "uid", &strres); if (ret) { /* uid is mandatory */ return ret; @@ -511,7 +511,8 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, if (is_host || is_service) { prigid = 515; /* Well known RID for domain computers group */ } else { - ret = ipadb_ldap_attr_to_int(lcontext, lentry, "gidNumber", &intres); + ret = ipadb_ldap_attr_to_int(ipactx->lcontext, lentry, + "gidNumber", &intres); if (ret) { /* gidNumber is mandatory */ return ret; @@ -544,7 +545,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, info3->base.kickoff_time = INT64_MAX; #endif - ret = ipadb_ldap_attr_to_time_t(lcontext, lentry, + ret = ipadb_ldap_attr_to_time_t(ipactx->lcontext, lentry, "krbLastPwdChange", &timeres); switch (ret) { case 0: @@ -562,7 +563,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, info3->base.allow_password_change = info3->base.last_password_change; info3->base.force_password_change = INT64_MAX; - ret = ipadb_ldap_attr_to_str(lcontext, lentry, "cn", &strres); + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "cn", &strres); switch (ret) { case 0: info3->base.full_name.string = talloc_strdup(memctx, strres); @@ -575,7 +576,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ret; } - ret = ipadb_ldap_attr_to_str(lcontext, lentry, + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTLogonScript", &strres); switch (ret) { case 0: @@ -589,7 +590,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ret; } - ret = ipadb_ldap_attr_to_str(lcontext, lentry, + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTProfilePath", &strres); switch (ret) { case 0: @@ -603,7 +604,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ret; } - ret = ipadb_ldap_attr_to_str(lcontext, lentry, + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTHomeDirectory", &strres); switch (ret) { case 0: @@ -617,7 +618,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, return ret; } - ret = ipadb_ldap_attr_to_str(lcontext, lentry, + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTHomeDirectoryDrive", &strres); switch (ret) { case 0: @@ -648,7 +649,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, info3->base.rid = 515; } } else { - ret = ipadb_ldap_attr_to_str(lcontext, lentry, + ret = ipadb_ldap_attr_to_str(ipactx->lcontext, lentry, "ipaNTSecurityIdentifier", &strres); if (ret) { /* SID is mandatory */ @@ -665,7 +666,7 @@ static krb5_error_code ipadb_fill_info3(struct ipadb_context *ipactx, } } - ret = ipadb_ldap_deref_results(lcontext, lentry, &deref_results); + ret = ipadb_ldap_deref_results(ipactx->lcontext, lentry, &deref_results); switch (ret) { LDAPDerefRes *dres; LDAPDerefVal *dval; @@ -2511,7 +2512,7 @@ static void ipadb_free_sid_blacklists(char ***sid_blocklist_incoming, char ***si krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) { struct ipadb_adtrusts *t; - LDAP *lc = ipactx->lcontext; + LDAP *lc = NULL; char *attrs[] = { "cn", "ipaNTTrustPartner", "ipaNTFlatName", "ipaNTTrustedDomainSID", "ipaNTSIDBlacklistIncoming", "ipaNTSIDBlacklistOutgoing", "ipaNTAdditionalSuffixes", NULL }; @@ -2545,6 +2546,7 @@ krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) goto done; } + lc = ipactx->lcontext; for (le = ldap_first_entry(lc, res); le; le = ldap_next_entry(lc, le)) { dnstr = ldap_get_dn(lc, le); diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index d1fa5157899..cf1b4f53e36 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -333,6 +333,11 @@ static enum ipadb_user_auth ipadb_get_user_auth(struct ipadb_context *ipactx, if (gcfg != NULL) gua = gcfg->user_auth; + /* lcontext == NULL means ipadb_get_global_config() failed to load + * global config and cleared the ipactx */ + if (ipactx->lcontext == NULL) + return IPADB_USER_AUTH_NONE; + /* Get the user's user_auth settings if not disabled. */ if ((gua & IPADB_USER_AUTH_DISABLED) == 0) ipadb_parse_user_auth(ipactx->lcontext, lentry, &ua); @@ -607,8 +612,16 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, free(entry); return KRB5_KDB_DBNOTINITED; } - lcontext = ipactx->lcontext; - if (!lcontext) { + + entry->magic = KRB5_KDB_MAGIC_NUMBER; + entry->len = KRB5_KDB_V1_BASE_LENGTH; + + /* Get User Auth configuration. */ + ua = ipadb_get_user_auth(ipactx, lentry); + + /* ipadb_get_user_auth() calls into ipadb_get_global_config() + * and that might fail, causing lcontext to become NULL */ + if (!ipactx->lcontext) { krb5_klog_syslog(LOG_INFO, "No LDAP connection in ipadb_parse_ldap_entry(); retrying...\n"); ret = ipadb_get_connection(ipactx); @@ -620,11 +633,10 @@ static krb5_error_code ipadb_parse_ldap_entry(krb5_context kcontext, } } - entry->magic = KRB5_KDB_MAGIC_NUMBER; - entry->len = KRB5_KDB_V1_BASE_LENGTH; - - /* Get User Auth configuration. */ - ua = ipadb_get_user_auth(ipactx, lentry); + /* If any code below would result in invalidating ipactx->lcontext, + * lcontext must be updated with the new ipactx->lcontext value. + * We rely on the fact that none of LDAP-parsing helpers does it. */ + lcontext = ipactx->lcontext; /* ignore mask for now */ From 673b71c9fb9398e4201fc606342173c35de0282b Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Tue, 23 Feb 2021 10:06:25 +0200 Subject: [PATCH 2/5] ipa-kdb: fix compiler warnings There are few fields in KDB structures that have 'conflicting' types but need to be compared. They come from MIT Kerberos and we have no choice here. In the same way, SID structures have own requirements. Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++-- daemons/ipa-kdb/ipa_kdb_mspac.c | 6 +++--- daemons/ipa-kdb/ipa_kdb_principals.c | 6 +++--- daemons/ipa-kdb/ipa_kdb_pwdpolicy.c | 2 +- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c index ed48ea758e7..ec2046bfe0c 100644 --- a/daemons/ipa-kdb/ipa_kdb_audit_as.c +++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c @@ -112,13 +112,13 @@ void ipadb_audit_as_req(krb5_context kcontext, if (krb5_ts_after(krb5_ts_incr(client->last_failed, ied->pol->lockout_duration), authtime) && - (client->fail_auth_count >= ied->pol->max_fail && + (client->fail_auth_count >= (krb5_kvno) ied->pol->max_fail && ied->pol->max_fail != 0)) { /* client already locked, nothing more to do */ break; } if (ied->pol->max_fail == 0 || - client->fail_auth_count < ied->pol->max_fail) { + client->fail_auth_count < (krb5_kvno) ied->pol->max_fail) { /* let's increase the fail counter */ client->fail_auth_count++; client->mask |= KMASK_FAIL_AUTH_COUNT; diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 81a8fd48365..9691b14f647 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -148,9 +148,9 @@ int string_to_sid(const char *str, struct dom_sid *sid) char *dom_sid_string(TALLOC_CTX *memctx, const struct dom_sid *dom_sid) { - size_t c; + int8_t c; size_t len; - int ofs; + size_t ofs; uint32_t ia; char *buf; @@ -2612,7 +2612,7 @@ krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) t[n].upn_suffixes_len = NULL; if (t[n].upn_suffixes != NULL) { - size_t len = 0; + int len = 0; for (; t[n].upn_suffixes[len] != NULL; len++); diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c index cf1b4f53e36..0a98ff054ab 100644 --- a/daemons/ipa-kdb/ipa_kdb_principals.c +++ b/daemons/ipa-kdb/ipa_kdb_principals.c @@ -494,7 +494,7 @@ static krb5_error_code ipadb_get_ldap_auth_ind(krb5_context kcontext, l = len; for (i = 0; i < count; i++) { ret = snprintf(ap, l, "%s ", authinds[i]); - if (ret <= 0 || ret > l) { + if (ret <= 0 || ret > (int) l) { ret = ENOMEM; goto cleanup; } @@ -2086,7 +2086,7 @@ static krb5_error_code ipadb_get_ldap_mod_auth_ind(krb5_context kcontext, char *s = NULL; size_t ai_size = 0; int cnt = 0; - int i = 0; + size_t i = 0; ret = krb5_dbe_get_string(kcontext, entry, "require_auth", &ais); if (ret) { @@ -2467,7 +2467,7 @@ static krb5_error_code ipadb_entry_default_attrs(struct ipadb_mods *imods) { krb5_error_code kerr; LDAPMod *m = NULL; - int i; + size_t i; kerr = ipadb_mods_new(imods, &m); if (kerr) { diff --git a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c index 4965e6d7f74..6f21ef86734 100644 --- a/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_pwdpolicy.c @@ -361,7 +361,7 @@ krb5_error_code ipadb_check_policy_as(krb5_context kcontext, } if (ied->pol->max_fail == 0 || - client->fail_auth_count < ied->pol->max_fail) { + client->fail_auth_count < (krb5_kvno) ied->pol->max_fail) { /* still within allowed failures range */ return 0; } From 3711e5a10c2c49addd13901a302ea3beb0fce518 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Wed, 24 Feb 2021 20:51:40 +0200 Subject: [PATCH 3/5] ipa-kdb: add missing prototypes On Fedora 33 GCC defaults to -Wmissing-prototypes and emits warnings about function prototypes missing. If -Werror is specified, this breaks compilation. We also default to -Werror=implicit-function-declaration Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- daemons/ipa-kdb/ipa_kdb_kdcpolicy.c | 4 ++++ daemons/ipa-kdb/ipa_kdb_mspac.c | 20 ++++++++++++-------- daemons/ipa-kdb/ipa_kdb_mspac_private.h | 4 ++++ 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c index a89f8bbda4f..aa61a2d1b17 100644 --- a/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c +++ b/daemons/ipa-kdb/ipa_kdb_kdcpolicy.c @@ -14,6 +14,10 @@ #define ONE_DAY_SECONDS (24 * 60 * 60) #define JITTER_WINDOW_SECONDS (1 * 60 * 60) +krb5_error_code kdcpolicy_ipakdb_initvt(krb5_context context, + int maj_ver, int min_ver, + krb5_plugin_vtable vtable); + static void jitter(krb5_deltat baseline, krb5_deltat *lifetime_out) { diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 9691b14f647..47b12a16f33 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -2408,9 +2408,10 @@ void ipadb_mspac_struct_free(struct ipadb_mspac **mspac) *mspac = NULL; } -krb5_error_code ipadb_adtrusts_fill_sid_blacklist(char **source_sid_blacklist, - struct dom_sid **result_sids, - int *result_length) +static krb5_error_code +ipadb_adtrusts_fill_sid_blacklist(char **source_sid_blacklist, + struct dom_sid **result_sids, + int *result_length) { int len, i; char **source; @@ -2441,9 +2442,10 @@ krb5_error_code ipadb_adtrusts_fill_sid_blacklist(char **source_sid_blacklist, return 0; } -krb5_error_code ipadb_adtrusts_fill_sid_blacklists(struct ipadb_adtrusts *adtrust, - char **sid_blocklist_incoming, - char **sid_blocklist_outgoing) +static krb5_error_code +ipadb_adtrusts_fill_sid_blacklists(struct ipadb_adtrusts *adtrust, + char **sid_blocklist_incoming, + char **sid_blocklist_outgoing) { krb5_error_code kerr; @@ -2464,7 +2466,8 @@ krb5_error_code ipadb_adtrusts_fill_sid_blacklists(struct ipadb_adtrusts *adtrus return 0; } -krb5_error_code ipadb_mspac_check_trusted_domains(struct ipadb_context *ipactx) +static krb5_error_code +ipadb_mspac_check_trusted_domains(struct ipadb_context *ipactx) { char *attrs[] = { NULL }; char *filter = "(objectclass=ipaNTTrustedDomain)"; @@ -2509,7 +2512,8 @@ static void ipadb_free_sid_blacklists(char ***sid_blocklist_incoming, char ***si } } -krb5_error_code ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) +static krb5_error_code +ipadb_mspac_get_trusted_domains(struct ipadb_context *ipactx) { struct ipadb_adtrusts *t; LDAP *lc = NULL; diff --git a/daemons/ipa-kdb/ipa_kdb_mspac_private.h b/daemons/ipa-kdb/ipa_kdb_mspac_private.h index d23a14a0bec..8c8a3a00111 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac_private.h +++ b/daemons/ipa-kdb/ipa_kdb_mspac_private.h @@ -53,3 +53,7 @@ struct ipadb_adtrusts { int string_to_sid(const char *str, struct dom_sid *sid); char *dom_sid_string(TALLOC_CTX *memctx, const struct dom_sid *dom_sid); +krb5_error_code filter_logon_info(krb5_context context, TALLOC_CTX *memctx, + krb5_data realm, struct PAC_LOGON_INFO_CTR *info); +void get_authz_data_types(krb5_context context, krb5_db_entry *entry, + bool *_with_pac, bool *_with_pad); \ No newline at end of file From 84b048368a31bcfdc6e5e23eb451607099b18e00 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Wed, 24 Feb 2021 20:52:15 +0200 Subject: [PATCH 4/5] ipa-kdb: reformat ipa_kdb_certauth Add prototype to the exported function Replace few tabs by spaces and mark static code as static. Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- daemons/ipa-kdb/ipa_kdb_certauth.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/daemons/ipa-kdb/ipa_kdb_certauth.c b/daemons/ipa-kdb/ipa_kdb_certauth.c index bc6b26578dc..3a3060c9200 100644 --- a/daemons/ipa-kdb/ipa_kdb_certauth.c +++ b/daemons/ipa-kdb/ipa_kdb_certauth.c @@ -71,10 +71,13 @@ struct krb5_certauth_moddata_st { time_t valid_until; }; -void ipa_certmap_debug(void *private, - const char *file, long line, - const char *function, - const char *format, ...) +krb5_error_code certauth_ipakdb_initvt(krb5_context context, + int maj_ver, int min_ver, + krb5_plugin_vtable vtable); + +static void ipa_certmap_debug(void *private, const char *file, long line, + const char *function, + const char *format, ...) { va_list ap; char str[255] = { 0 }; @@ -354,12 +357,12 @@ static krb5_error_code ipa_certauth_authorize(krb5_context context, * so there is nothing more to add here. */ auth_inds = calloc(2, sizeof(char *)); if (auth_inds != NULL) { - ret = asprintf(&auth_inds[0], "pkinit"); - if (ret != -1) { + ret = asprintf(&auth_inds[0], "pkinit"); + if (ret != -1) { auth_inds[1] = NULL; *authinds_out = auth_inds; - } else { - free(auth_inds); + } else { + free(auth_inds); } } @@ -404,12 +407,12 @@ static void ipa_certauth_free_indicator(krb5_context context, size_t i = 0; if ((authinds == NULL) || (moddata == NULL)) { - return; + return; } for(i=0; authinds[i]; i++) { - free(authinds[i]); - authinds[i] = NULL; + free(authinds[i]); + authinds[i] = NULL; } free(authinds); From 6524175a77d44b89b97b24289fdec7ae7f9204b5 Mon Sep 17 00:00:00 2001 From: Alexander Bokovoy <aboko...@redhat.com> Date: Wed, 24 Feb 2021 20:55:41 +0200 Subject: [PATCH 5/5] ipa-kdb: mark test functions as static No need to define missing prototypes to single use test functions. Signed-off-by: Alexander Bokovoy <aboko...@redhat.com> --- daemons/ipa-kdb/tests/ipa_kdb_tests.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c index 2a174ce6b60..0b51ffb96e9 100644 --- a/daemons/ipa-kdb/tests/ipa_kdb_tests.c +++ b/daemons/ipa-kdb/tests/ipa_kdb_tests.c @@ -181,7 +181,7 @@ extern krb5_error_code filter_logon_info(krb5_context context, krb5_data realm, struct PAC_LOGON_INFO_CTR *info); -void test_filter_logon_info(void **state) +static void test_filter_logon_info(void **state) { krb5_error_code kerr; krb5_data realm = {KV5M_DATA, REALM_LEN, REALM}; @@ -316,10 +316,7 @@ void test_filter_logon_info(void **state) } -extern void get_authz_data_types(krb5_context context, krb5_db_entry *entry, - bool *with_pac, bool *with_pad); - -void test_get_authz_data_types(void **state) +static void test_get_authz_data_types(void **state) { bool with_pac; bool with_pad; @@ -437,7 +434,7 @@ void test_get_authz_data_types(void **state) krb5_free_principal(test_ctx->krb5_ctx, non_nfs_princ); } -void test_string_to_sid(void **state) +static void test_string_to_sid(void **state) { int ret; struct dom_sid sid; @@ -469,7 +466,7 @@ void test_string_to_sid(void **state) assert_memory_equal(&exp_sid, &sid, sizeof(struct dom_sid)); } -void test_dom_sid_string(void **state) +static void test_dom_sid_string(void **state) { struct test_ctx *test_ctx; char *str_sid; @@ -495,7 +492,7 @@ void test_dom_sid_string(void **state) } -void test_check_trusted_realms(void **state) +static void test_check_trusted_realms(void **state) { struct test_ctx *test_ctx; krb5_error_code kerr = 0;
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
