URL: https://github.com/SSSD/sssd/pull/433
Title: #433: PAM: Multiple certificates on a Smartcard
lslebodn commented:
"""
>@lslebodn, I suggested to add the check to sss_authtok_get_type() because most
>of the other sss_authtok_* call do a similar check. I agree that the check is
>not strictly needed, but I think it will help to make the sss_authok component
>more reliable with a minimal effort.
But other function distinguish between NULL end empty password
e.g.
```
errno_t sss_authtok_get_password(struct sss_auth_token *tok,
const char **pwd, size_t *len)
{
if (!tok) {
return EFAULT;
}
switch (tok->type) {
case SSS_AUTHTOK_TYPE_EMPTY:
return ENOENT;
```
>About the check in pam_check_cert_send(). I guess I added it automatically to
>make sure to not dereference a NULL pointer without checking if it is possible
>at all at this point. Do you want me to remove it?
Yes please it is a dead code in `pam_check_cert_send`
"""
See the full comment at
https://github.com/SSSD/sssd/pull/433#issuecomment-343455545
_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
