Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-19 Thread Petr Viktorin

On 02/18/2014 09:02 PM, Alexander Bokovoy wrote:

On Tue, 12 Nov 2013, Nathaniel McCallum wrote:

https://fedorahosted.org/freeipa/ticket/3779


ACK


Pushed to master: b769d1c18678b5eede7505dec7938f6836070044


--
PetrĀ³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-19 Thread Simo Sorce
On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:
 diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
 index
 934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c926cb765b435c0fbdfac
  100644
 --- a/util/ipa_krb5.c
 +++ b/util/ipa_krb5.c
 @@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys,
 int num_keys)
  {
  int i;
  
 +if (keys == NULL)
 +return;
 +
  for (i = 0; i  num_keys; i++) {
  /* try to wipe key from memory,
   * hopefully the compiler will not optimize it away */
 -- 

This part is useless and can be dropped.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-19 Thread Alexander Bokovoy

On Wed, 19 Feb 2014, Simo Sorce wrote:

On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:

diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index
934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c926cb765b435c0fbdfac
 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys,
int num_keys)
 {
 int i;

+if (keys == NULL)
+return;
+
 for (i = 0; i  num_keys; i++) {
 /* try to wipe key from memory,
  * hopefully the compiler will not optimize it away */
--


This part is useless and can be dropped.

If ever num_key is not 0 and yet keys == NULL, we'll get crash in the
line

   if (keys[i].key_data_length[0]) {

because there are no checks at all before that.

--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-19 Thread Simo Sorce
On Wed, 2014-02-19 at 08:19 -0500, Simo Sorce wrote:
 On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:
  diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
  index
  934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c926cb765b435c0fbdfac
   100644
  --- a/util/ipa_krb5.c
  +++ b/util/ipa_krb5.c
  @@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys,
  int num_keys)
   {
   int i;
   
  +if (keys == NULL)
  +return;
  +
   for (i = 0; i  num_keys; i++) {
   /* try to wipe key from memory,
* hopefully the compiler will not optimize it away */
  -- 
 
 This part is useless and can be dropped.

Sigh, too late ...

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-19 Thread Simo Sorce
On Wed, 2014-02-19 at 15:24 +0200, Alexander Bokovoy wrote:
 On Wed, 19 Feb 2014, Simo Sorce wrote:
 On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:
  diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
  index
  934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c926cb765b435c0fbdfac
   100644
  --- a/util/ipa_krb5.c
  +++ b/util/ipa_krb5.c
  @@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys,
  int num_keys)
   {
   int i;
 
  +if (keys == NULL)
  +return;
  +
   for (i = 0; i  num_keys; i++) {
   /* try to wipe key from memory,
* hopefully the compiler will not optimize it away */
  --
 
 This part is useless and can be dropped.
 If ever num_key is not 0 and yet keys == NULL, we'll get crash in the
 line
 
 if (keys[i].key_data_length[0]) {
 
 because there are no checks at all before that.

If num_keys do not reflect the number of keys in the structure at all
times you have bigger problems.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-18 Thread Nathaniel McCallum
On Tue, 2013-11-12 at 10:59 -0500, Nathaniel McCallum wrote:
 https://fedorahosted.org/freeipa/ticket/3779

This patch still needs a reviewer. It is very small.

Nathaniel

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Re: [Freeipa-devel] [PATCH 0025] Add support to ipa-kdb for keyless principals

2014-02-18 Thread Alexander Bokovoy

On Tue, 12 Nov 2013, Nathaniel McCallum wrote:

https://fedorahosted.org/freeipa/ticket/3779





From 8806c71c1925b697103fb21df4f937a7a05be74c Mon Sep 17 00:00:00 2001

From: Nathaniel McCallum nathan...@themccallums.org
Date: Tue, 12 Nov 2013 10:52:51 -0500
Subject: [PATCH] Add support to ipa-kdb for keyless principals

https://fedorahosted.org/freeipa/ticket/3779
---
daemons/ipa-kdb/ipa_kdb_principals.c | 18 ++
util/ipa_krb5.c  |  3 +++
2 files changed, 21 insertions(+)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c 
b/daemons/ipa-kdb/ipa_kdb_principals.c
index 
38059d29f36bca387b7ba95250d44259c1681cda..08b240910c6ddef31dda7bc6ca07efd39ea703c5
 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1266,8 +1266,26 @@ static krb5_error_code 
ipadb_get_ldap_mod_key_data(struct ipadb_mods *imods,
{
krb5_error_code kerr;
struct berval *bval = NULL;
+LDAPMod *mod;
int ret;

+/* If the key data is empty, remove all keys. */
+if (n_key_data == 0 || key_data == NULL) {
+kerr = ipadb_mods_new(imods, mod);
+if (kerr != 0)
+return kerr;
+
+mod-mod_op = LDAP_MOD_DELETE;
+mod-mod_bvalues = NULL;
+mod-mod_type = strdup(krbPrincipalKey);
+if (mod-mod_type == NULL) {
+ipadb_mods_free_tip(imods);
+return ENOMEM;
+}
+
+return 0;
+}
+
ret = ber_encode_krb5_key_data(key_data, n_key_data, mkvno, bval);
if (ret != 0) {
kerr = ret;
diff --git a/util/ipa_krb5.c b/util/ipa_krb5.c
index 
934fd27d80cdd846f4de631b2dd587b0ad0f325c..cc84f9920a7b105c926cb765b435c0fbdfac
 100644
--- a/util/ipa_krb5.c
+++ b/util/ipa_krb5.c
@@ -296,6 +296,9 @@ void ipa_krb5_free_key_data(krb5_key_data *keys, int 
num_keys)
{
int i;

+if (keys == NULL)
+return;
+
for (i = 0; i  num_keys; i++) {
/* try to wipe key from memory,
 * hopefully the compiler will not optimize it away */
--
1.8.4.2


ACK

--
/ Alexander Bokovoy

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel