| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
According to the documentation in localauth_plugin.h "aname will be
considered authorized if at least one module returns 0 and all other
modules return KRB5_PLUGIN_NO_HANDLE." So it is safe to always return
KRB5_PLUGIN_NO_HANDLE because a different plugin has to return 0 to
allow access to the given principal.
Resolves https://fedorahosted.org/sssd/ticket/2788
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Error: FORWARD_NULL (CWE-476): [#def1]
sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:111: assign_zero: Assigning: "pwd.pw_name" = "NULL".
sssd-1.12.90/src/krb5_plugin/sssd_krb5_localauth_plugin.c:142: var_deref_model: Passing null pointer "pwd.pw_name" to "strdup", which dereferences it.
140| }
141|
142|-> str = strdup(pwd.pw_name);
143| if (str == NULL) {
144| ret = ENOMEM;
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The MIT Kerberos localauth pluing interface defines two different calls.
The first checks if a given Kerberos principal relates to a given name
of a local user (userok). The implementation lets SSSD resolve the
principal and the user name and if the returned user entries both have
the same UID success is returned.
The second translates a given Kerberos principal to a local user name
(a2l). Here SSSD is only called once to resolve the principal and the
user name is returned.
Resolves https://fedorahosted.org/sssd/ticket/1835
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
This patch adds everything what is needed to build the MIT Kerberos
localauth plugin if the used version of MIT Kerberos supports it. It
does not implement the plugin.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
