URL:
https://github.com/SSSD/sssd/pull/958
Title: #958: ldap_child: do not try PKINIT
sumit-bose commented:
"""
Hi @alexey-tikhonov,
I agree with your general precaution with 3rd party libraries. But I think we can make
exceptions e.g. for libkrb5 when we have the confidence or the confirmation from
developers that it is expected that functions that free data all handle NULL. Having
explicitly mention this in the documentation is preferred, of course, but even then it is
only documentation and the implementation might have issues nonetheless.
Would do you think if we e.g. explicitly state in
https://docs.pagure.org/SSSD.sssd/developers/coding_style.html or even somewhere in the
code that it can be safely assumed that "krb5 functions that free data all handle
NULL" (
https://github.com/SSSD/sssd/pull/883#discussion_r325748177) and that it is a
bug in libkrb5 if it is not the case? Or as an alternative add configure checks where we
call the krb5_*_free() calls we use with NULL to make sure it is safe?
Please note, I see libkrb5 here as an example, we can do this with other libraries as
well. But I think adding NULL checks before free calls make the code less readable
(although only a little bit) and should be avoided.
bye,
Sumit
"""
See the full comment at
https://github.com/SSSD/sssd/pull/958#issuecomment-565372718