On (04/08/16 11:03), Jakub Hrozek wrote:
On Wed, Aug 03, 2016 at 06:08:44PM +0200, Lukas Slebodnik wrote:
> On (03/08/16 18:05), Jakub Hrozek wrote:
> >Hi,
> >
> >these two patches add error handling to the code. The first prevents
> >operating on ldb_message if retrieving the message fails. I only tested
> >an SSH login with a UPN to make sure we actually hit this codepath. I
> >don't like the deep indendation nesting, so I welcome suggestions how to
> >fix the code better.
> >
> >The second just checks a return value.
>
> >From a27529da7c03a27f8d87c624e4b6660fd5b22edf Mon Sep 17 00:00:00 2001
> >From: Jakub Hrozek <jhrozek(a)redhat.com>
> >Date: Wed, 3 Aug 2016 18:03:59 +0200
> >Subject: [PATCH 2/2] IPA: Check the return value of sss_parse_internal_fqname
> >
> >---
> > src/providers/ipa/ipa_subdomains_id.c | 6 ++++++
> > 1 file changed, 6 insertions(+)
> >
> >diff --git a/src/providers/ipa/ipa_subdomains_id.c
b/src/providers/ipa/ipa_subdomains_id.c
> >index
76fdaa8a1213069bd6b45e0b69b6cdb0d034d721..886813dc648f04c8fadd234524fce94455f31ee4 100644
> >--- a/src/providers/ipa/ipa_subdomains_id.c
> >+++ b/src/providers/ipa/ipa_subdomains_id.c
> >@@ -509,6 +509,12 @@ static void ipa_get_subdom_acct_connected(struct tevent_req
*subreq)
> > } else {
> > ret = sss_parse_internal_fqname(req_input, state->filter,
> > &shortname, NULL);
> >+ if (ret != EOK) {
> >+ DEBUG(SSSDBG_CRIT_FAILURE,
> >+ "Cannot parse internal name [%s]: %d\n",
> >+ state->filter, ret);
> >+ }
> >+
> We should either fail or use less verbose debug_level.
Of cours,we need to fail. See the new patches.
From 1e67ab6596ac73d12c97abc5feebe2ee1fca6a3f Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Wed, 3 Aug 2016 17:43:14 +0200
Subject: [PATCH 1/2] PAM: Do not act on ldb_message in case of a failure
---
src/responder/pam/pamsrv_cmd.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
ACK
From 31273617f97973332d8b265dcb01679025d16cbd Mon Sep 17 00:00:00
2001
From: Jakub Hrozek <jhrozek(a)redhat.com>
Date: Wed, 3 Aug 2016 18:03:59 +0200
Subject: [PATCH 2/2] IPA: Check the return value of sss_parse_internal_fqname
We should fail the request if sss_parse_internal_fqname() fails.
---
src/providers/ipa/ipa_subdomains_id.c | 8 ++++++++
1 file changed, 8 insertions(+)
ACK
http://sssd-ci.duckdns.org/logs/job/51/06/summary.html
LS