On Wed, Aug 03, 2016 at 06:08:44PM +0200, Lukas Slebodnik wrote:
On (03/08/16 18:05), Jakub Hrozek wrote:
>Hi,
>
>these two patches add error handling to the code. The first prevents
>operating on ldb_message if retrieving the message fails. I only tested
>an SSH login with a UPN to make sure we actually hit this codepath. I
>don't like the deep indendation nesting, so I welcome suggestions how to
>fix the code better.
>
>The second just checks a return value.
>From a27529da7c03a27f8d87c624e4b6660fd5b22edf Mon Sep 17 00:00:00 2001
>From: Jakub Hrozek <jhrozek(a)redhat.com>
>Date: Wed, 3 Aug 2016 18:03:59 +0200
>Subject: [PATCH 2/2] IPA: Check the return value of sss_parse_internal_fqname
>
>---
> src/providers/ipa/ipa_subdomains_id.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
>diff --git a/src/providers/ipa/ipa_subdomains_id.c
b/src/providers/ipa/ipa_subdomains_id.c
>index
76fdaa8a1213069bd6b45e0b69b6cdb0d034d721..886813dc648f04c8fadd234524fce94455f31ee4 100644
>--- a/src/providers/ipa/ipa_subdomains_id.c
>+++ b/src/providers/ipa/ipa_subdomains_id.c
>@@ -509,6 +509,12 @@ static void ipa_get_subdom_acct_connected(struct tevent_req
*subreq)
> } else {
> ret = sss_parse_internal_fqname(req_input, state->filter,
> &shortname, NULL);
>+ if (ret != EOK) {
>+ DEBUG(SSSDBG_CRIT_FAILURE,
>+ "Cannot parse internal name [%s]: %d\n",
>+ state->filter, ret);
>+ }
>+
We should either fail or use less verbose debug_level.
Of cours,we need to fail. See the new patches.