Hi,

there was an issue reported yesterday on #freeipa
(https://fedorahosted.org/freeipa/ticket/3011). It is easy to reproduce
'kdb5_util dump' just core dumps. The attached patch adds a parameter
check to the call where the core dump occured and fixes the reason why
the parameter was invalid.

Please note that 'kdb5_util dump' will return 'kdb5_util: error
performing Kerberos version 5 release 1.8 dump (Plugin does not support
the operation)' with the patch applied, because
ipadb_iterate_pwd_policy() is not implemented.
From 30dca9cf940487bd6907308ef8f4e2394556e08d Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 21 Aug 2012 12:48:29 +0200
Subject: [PATCH] ipadb_iterate(): handle match_entry == NULL

If match_entry == NULL all principals should be iterated.

Additionally this patch adds a check in ipadb_filter_escape() to make
sure that the input is not NULL.

Fixes: https://fedorahosted.org/freeipa/ticket/3011
---
 daemons/ipa-kdb/ipa_kdb_common.c     | 4 ++++
 daemons/ipa-kdb/ipa_kdb_principals.c | 6 ++++++
 2 Dateien geändert, 10 Zeilen hinzugefügt(+)

diff --git a/daemons/ipa-kdb/ipa_kdb_common.c b/daemons/ipa-kdb/ipa_kdb_common.c
index 
6f5ac1d74f04c03bccdb19187a34d07b9784fa59..71df9634c4e25378494b165db9a9381f2b8fc206
 100644
--- a/daemons/ipa-kdb/ipa_kdb_common.c
+++ b/daemons/ipa-kdb/ipa_kdb_common.c
@@ -30,6 +30,10 @@ char *ipadb_filter_escape(const char *input, bool star)
     size_t i = 0;
     size_t j = 0;
 
+    if (!input) {
+        return NULL;
+    }
+
     /* Assume the worst-case. */
     output = malloc(strlen(input) * 3 + 1);
     if (!output) {
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c 
b/daemons/ipa-kdb/ipa_kdb_principals.c
index 
6f8b296fa4cb19cbfe5c37536316d6f0e7f83b9c..62155816201f705b7828c861915bf63c6b00177b
 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1879,6 +1879,12 @@ krb5_error_code ipadb_iterate(krb5_context kcontext,
         return KRB5_KDB_DBNOTINITED;
     }
 
+    /* If no match_entry is given iterate through all krb princs like the db2
+     * or ldap plugin */
+    if (match_entry == NULL) {
+        match_entry = "*";
+    }
+
     /* fetch list of principal matching filter */
     kerr = ipadb_fetch_principals(ipactx, 0, match_entry, &res);
     if (kerr != 0) {
-- 
1.7.11.4

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to