sssd.git/src/krb5_plugin, branch sssctl Unnamed repository; edit this file 'description' to name the repository. localauth plugin: change return code of sss_an2ln 2017-08-28T19:50:33+00:00 Sumit Bose sbose@redhat.com 2017-08-23T15:06:20+00:00 3f94a979eebd1c9496b49b4e07b7823550dec97e It is expected that the an2ln plugin function returns KRB5_LNAME_NOTRANS to indicate that no mapping can be determined and other an2ln methods can be tried. Currently SSSD's localauth plugin returns KRB5_PLUGIN_NO_HANDLE which sould only be used for the userok plugin function. Resolves https://pagure.io/SSSD/sssd/issue/3459 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
It is expected that the an2ln plugin function returns KRB5_LNAME_NOTRANS
to indicate that no mapping can be determined and other an2ln methods
can be tried. Currently SSSD's localauth plugin returns
KRB5_PLUGIN_NO_HANDLE which sould only be used for the userok plugin
function.

Resolves https://pagure.io/SSSD/sssd/issue/3459

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
KRB5_LOCATOR: add env variable to disable plugin 2017-04-11T15:21:23+00:00 Sumit Bose sbose@redhat.com 2016-11-17T09:55:43+00:00 1193f20a8267e506d863b27c74870c86c085902b If the new environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value SSSD's krb5 locator plugin is disabled. The variable is needed because there is currently no other way than removing the plugin completely to disable it. For a use-case see e.g. https://bugzilla.redhat.com/show_bug.cgi?id=1072939. Resolves: https://pagure.io/SSSD/sssd/issue/3359 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
If the new environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any
value SSSD's krb5 locator plugin is disabled. The variable is needed
because there is currently no other way than removing the plugin
completely to disable it. For a use-case see e.g.
https://bugzilla.redhat.com/show_bug.cgi?id=1072939.

Resolves:
https://pagure.io/SSSD/sssd/issue/3359

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
localauth: make plugin non-authoritative on failures 2016-07-06T17:12:04+00:00 Sumit Bose sbose@redhat.com 2016-07-04T13:52:00+00:00 2ca45dfa0144fea08bd360dafded57bc90111e68 According to the documentation in localauth_plugin.h "aname will be considered authorized if at least one module returns 0 and all other modules return KRB5_PLUGIN_NO_HANDLE." So it is safe to always return KRB5_PLUGIN_NO_HANDLE because a different plugin has to return 0 to allow access to the given principal. Resolves https://fedorahosted.org/sssd/ticket/2788 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
According to the documentation in localauth_plugin.h "aname will be
considered authorized if at least one module returns 0 and all other
modules return KRB5_PLUGIN_NO_HANDLE." So it is safe to always return
KRB5_PLUGIN_NO_HANDLE because a different plugin has to return 0 to
allow access to the given principal.

Resolves https://fedorahosted.org/sssd/ticket/2788

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
localauth plugin: fix coverity warning 2015-05-26T08:36:13+00:00 Pavel Reichl preichl@redhat.com 2015-05-21T14:19:59+00:00 cc98e19b424861c2a7fd91e0d657d82c1dbf3059 Error: FORWARD_NULL (CWE-476): [#def1] sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:111: assign_zero: Assigning: "pwd.pw_name" = "NULL". sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:142: var_deref_model: Passing null pointer "pwd.pw_name" to "strdup", which dereferences it. 140| } 141| 142|-> str = strdup(pwd.pw_name); 143| if (str == NULL) { 144| ret = ENOMEM; Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Error: FORWARD_NULL (CWE-476): [#def1]
sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:111: assign_zero: Assigning: "pwd.pw_name" = "NULL".
sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:142: var_deref_model: Passing null pointer "pwd.pw_name" to "strdup", which dereferences it.
  140|       }
  141|
  142|->     str = strdup(pwd.pw_name);
  143|       if (str == NULL) {
  144|           ret = ENOMEM;

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Remove useless assignment to function parameter 2015-03-02T14:29:17+00:00 Lukas Slebodnik lslebodn@redhat.com 2014-02-26T17:19:59+00:00 cac22be9e58abdcf6c3bf66190fba0f7cb6f490e Reported by: cppcheck void free_fun(struct info *info) free(info->name); free(info); info = NULL; ^^^^^^^^^^^ Assignment to function parameter has no effect outside the function. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Reported by: cppcheck

void free_fun(struct info *info)
     free(info->name);
     free(info);
     info = NULL;
     ^^^^^^^^^^^
Assignment to function parameter has no effect outside the function.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Implement MIT Kerberos localauth plugin 2014-09-02T08:39:42+00:00 Sumit Bose sbose@redhat.com 2014-07-17T19:08:20+00:00 6b5044001e4b0a0caf971a2cf5f27674e0d270f4 The MIT Kerberos localauth pluing interface defines two different calls. The first checks if a given Kerberos principal relates to a given name of a local user (userok). The implementation lets SSSD resolve the principal and the user name and if the returned user entries both have the same UID success is returned. The second translates a given Kerberos principal to a local user name (a2l). Here SSSD is only called once to resolve the principal and the user name is returned. Resolves https://fedorahosted.org/sssd/ticket/1835 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The MIT Kerberos localauth pluing interface defines two different calls.

The first checks if a given Kerberos principal relates to a given name
of a local user (userok). The implementation lets SSSD resolve the
principal and the user name and if the returned user entries both have
the same UID success is returned.

The second translates a given Kerberos principal to a local user name
(a2l). Here SSSD is only called once to resolve the principal and the
user name is returned.

Resolves https://fedorahosted.org/sssd/ticket/1835

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Add conditional build for MIT Kerberos localauth plugin 2014-09-02T08:39:24+00:00 Sumit Bose sbose@redhat.com 2014-07-16T19:43:30+00:00 8a5e793a0576250da80371e53aa3e7eba15cdb63 This patch adds everything what is needed to build the MIT Kerberos localauth plugin if the used version of MIT Kerberos supports it. It does not implement the plugin. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch adds everything what is needed to build the MIT Kerberos
localauth plugin if the used version of MIT Kerberos supports it. It
does not implement the plugin.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Move DEBUG macro body to debug_fn 2014-02-12T21:30:44+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2013-10-10T10:16:36+00:00 fb0332565892bc10998ca98b567d4dde2213844d Move DEBUG macro body to the debug_fn function, adding "function" argument to the latter. Rename "debug_fn" in sssd_krb5_locator_plugin.c to "plugin_debug_fn" to remove conflict with the sssd debug_fn. Replace DEBUG_MSG macro usage with debug_fn function usage. Remove DEBUG_MSG macro along with tests. The above makes the total size of binaries drop by 20% for the standard Fedora build and by 44% for a build configured according to Debian packaging script. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Move DEBUG macro body to the debug_fn function, adding "function"
argument to the latter.
Rename "debug_fn" in sssd_krb5_locator_plugin.c to "plugin_debug_fn" to
remove conflict with the sssd debug_fn.
Replace DEBUG_MSG macro usage with debug_fn function usage.
Remove DEBUG_MSG macro along with tests.

The above makes the total size of binaries drop by 20% for the standard
Fedora build and by 44% for a build configured according to Debian
packaging script.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix formating of variables with type: long 2013-09-11T17:44:53+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-07-13T13:25:47+00:00 57cd3443dcb7c073c5a00a9f2c3c3a3030ae2d3e 






KRB5_LOCATOR: Print the filename that couldn't be opened
2012-07-06T15:44:45+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-06-27T23:43:08+00:00

71062d4494bbe9c24358e21fa3a40ae747eae0f6