[SSSD] Re: [PATCH] LDAP: Do not print "null" in the DEBUG message

Tue, 08 Mar 2016 09:15:11 -0800 

On Tue, Mar 08, 2016 at 09:34:29AM +0100, Lukas Slebodnik wrote:
> On (25/02/16 11:06), Jakub Hrozek wrote:
> >On Wed, Feb 24, 2016 at 06:05:11PM +0100, Lukas Slebodnik wrote:
> >> On (24/02/16 16:43), Jakub Hrozek wrote:
> >> >We don't know the group name at that point yet, so better not print
> >> >"null" in the debug message..
> >> 
> >> >From ffdc00755a9fbaeb54f781956a0025719e532b11 Mon Sep 17 00:00:00 2001
> >> >From: Jakub Hrozek <jhro...@redhat.com>
> >> >Date: Tue, 26 Jan 2016 16:29:08 +0100
> >> >Subject: [PATCH] LDAP: Do not print "null" in the DEBUG message
> >> >
> >> >---
> >> > src/providers/ldap/sdap_async_groups.c | 3 +--
> >> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >> >
> >> >diff --git a/src/providers/ldap/sdap_async_groups.c 
> >> >b/src/providers/ldap/sdap_async_groups.c
> >> >index 
> >> >5bb267fa5331c73cb6b9b86ab21f25fcd3b0df4f..b972863a17e543361c5544382cf8ebbdde91672c
> >> > 100644
> >> >--- a/src/providers/ldap/sdap_async_groups.c
> >> >+++ b/src/providers/ldap/sdap_async_groups.c
> >> >@@ -538,8 +538,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
> >> >             goto done;
> >> >         }
> >> >     } else if (ret == ENOENT) {
> >> >-        DEBUG(SSSDBG_TRACE_ALL, "objectSID: not available for group 
> >> >[%s].\n",
> >> >-                                 group_name);
> >> >+        DEBUG(SSSDBG_TRACE_ALL, "objectSID: not available for group.\n");
> >> >         sid_str = NULL;
> >> >     } else {
> >> >         DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify objectSID: 
> >> > [%s]\n",
> >> 
> >> 
> >> Could we move " sdap_get_group_primary_name(..., &group_name)"
> >> before "sdap_attrs_get_sid_str"?
> >
> >No, because we need to know the object domain first to format the name
> >properly and in order to find the correct domain, we need to know the
> >SID. See 970c5afb Maybe we should add a comment to that function, too,
> >so that someone doesn't try to 'optimize' it in future..
> Ahh, I missed that we might need different domain for
> sdap_get_group_primary_name.
> 
> But there is a question. Do we really need this trace debug message?
> IMHO it's confusing debug message with ldap provider.

Dunno, we can remove it as well. I'm fine either way, but printing NULL
is potentionally dangerous.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org

Reply via email to