[SSSD] [sssd PR#433][comment] PAM: Multiple certificates on a Smartcard

Wed, 08 Nov 2017 04:31:47 -0800 

  URL: https://github.com/SSSD/sssd/pull/433
Title: #433: PAM: Multiple certificates on a Smartcard

fidencio commented:
"""
So, code-wise I have just a few nitpicks related to the new patches. Feel free 
to pick up the changes or ignore them if you don't think they're valid:
```
[ffidenci@pessoa sssd]$ cat 
0001-fixup-pam-filter-certificates-in-the-responder-not-i.patch 
From b881194ae06e4e835f84d5bfbdf2924e5b2b7b15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <[email protected]>
Date: Wed, 8 Nov 2017 12:26:23 +0100
Subject: [PATCH] fixup! pam: filter certificates in the responder not in the
 child

---
 src/responder/pam/pamsrv_p11.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
index 6386954ae..c2eccb1f3 100644
--- a/src/responder/pam/pamsrv_p11.c
+++ b/src/responder/pam/pamsrv_p11.c
@@ -157,7 +157,7 @@ errno_t p11_refresh_certmap_ctx(struct pam_ctx *pctx,
         /* Try to add default matching rule */
         ret = sss_certmap_add_rule(sss_certmap_ctx, SSS_CERTMAP_MIN_PRIO,
                                    CERT_AUTH_DEFAULT_MATCHING_RULE, NULL, 
NULL);
-        if (ret != 0) {
+        if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "Failed to add default matching rule.\n");
         }
@@ -176,7 +176,7 @@ errno_t p11_refresh_certmap_ctx(struct pam_ctx *pctx,
                                    certmap_list[c]->match_rule,
                                    certmap_list[c]->map_rule,
                                    certmap_list[c]->domains);
-        if (ret != 0) {
+        if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "sss_certmap_add_rule failed for rule [%s] "
                   "with error [%d][%s], skipping. "
@@ -463,7 +463,7 @@ static errno_t parse_p11_child_response(TALLOC_CTX 
*mem_ctx, uint8_t *buf,
         }
 
         ret = sss_certmap_match_cert(sss_certmap_ctx, der, der_size);
-        if (ret == 0) {
+        if (ret == EOK) {
             DLIST_ADD(cert_list, cert_auth_info);
         } else {
             DEBUG(SSSDBG_TRACE_LIBS,
-- 
2.13.6
```

Covscan came up without any issues and I'm just waiting for the results of the 
downstream tests to ACK the patches.
"""

See the full comment at 
https://github.com/SSSD/sssd/pull/433#issuecomment-342803822

_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to