On Wed, 2011-03-30 at 15:41 +0200, Jan Zelený wrote: > Stephen Gallagher <sgall...@redhat.com> wrote: > > If SDAP_SASL_AUTHID is specified, then ONLY this auth ID is allowable. > > If the keytab doesn't contain it, we need to fail. > > > > If SDAP_SASL_REALM is specified, then only the REALM portion is > > mandatory (if we have no entries for this realm in the keytab, we need > > to fail). > > Yep, that's basically what I thought. In the new patch these conditions > should > be met > > > And for the code review: > > > > Nack. > > If the talloc_strdup() or talloc_asprintf() fails to create the return > > values in select_principal_from_keytab(), this should be an ENOMEM > > failure. We should not proceed with a value of NULL. > > I suspected so. Corrected.
Nack. You still have unchecked talloc_strdup() calls in this patch in select_principal_from_keytab(). Otherwise I think this looks good.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
