[SSSD] [PATCH] KRB5: Return error when principal selection fails

Jakub Hrozek Tue, 23 Oct 2012 06:23:39 -0700

The bug was causing segfaults in the ldap_child if the keytab was
misconfigured.


https://fedorahosted.org/sssd/ticket/1594

>From 2dc7858d558538e2c4648eac15fad53727d55400 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Tue, 23 Oct 2012 15:12:45 +0200
Subject: [PATCH] KRB5: Return error when principal selection fails

The ldap_child would return a NULL ccache but the error code would still
indicate success.

https://fedorahosted.org/sssd/ticket/1594
---
 src/providers/ldap/ldap_child.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
index 
e0529dbc4cdcc8ef92f6a8a390dace72df225d03..f35d946720078762da51748ef509d483af5e26f5
 100644
--- a/src/providers/ldap/ldap_child.c
+++ b/src/providers/ldap/ldap_child.c
@@ -242,7 +242,10 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX 
*memctx,
 
         ret = select_principal_from_keytab(memctx, hostname, realm_name,
                 keytab_name, &full_princ, NULL, NULL);
-        if (ret) goto done;
+        if (ret) {
+            krberr = KRB5_KT_IOERR;
+            goto done;
+        }
     }
     if (!full_princ) {
         krberr = KRB5KRB_ERR_GENERIC;
-- 
1.7.12.1

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] [PATCH] KRB5: Return error when principal selection fails

Reply via email to