diff options
| author | Sumit Bose <sbose@redhat.com> | 2015-12-16 12:37:50 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2016-01-27 16:03:03 +0100 |
| commit | 45b0148fcce3fded5cea52b6fadd50114358ba25 (patch) | |
| tree | 123ae06965b814bb6bf15fff481bd988b14979b4 /daemons/ipa-kdb | |
| parent | 67c367d0db194d9afa56ecda34dafb46758d99b5 (diff) | |
| download | freeipa-45b0148fcce3fded5cea52b6fadd50114358ba25.tar.gz freeipa-45b0148fcce3fded5cea52b6fadd50114358ba25.tar.xz freeipa-45b0148fcce3fded5cea52b6fadd50114358ba25.zip | |
ipa-kdb: get_authz_data_types() make sure entry can be NULL
This function determines which type of authorization data should be
added to the Kerberos ticket. There are global default and it is
possible to configure this per service as well. The second argument is
the data base entry of a service. If no service is given it makes sense
to return the global defaults and most parts of get_authz_data_types()
handle this case well and this patch fixes the remain issue and adds a
test for this as well.
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'daemons/ipa-kdb')
| -rw-r--r-- | daemons/ipa-kdb/ipa_kdb_mspac.c | 2 | ||||
| -rw-r--r-- | daemons/ipa-kdb/tests/ipa_kdb_tests.c | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c index 8594309db..daa42e369 100644 --- a/daemons/ipa-kdb/ipa_kdb_mspac.c +++ b/daemons/ipa-kdb/ipa_kdb_mspac.c @@ -2005,7 +2005,7 @@ void get_authz_data_types(krb5_context context, krb5_db_entry *entry, service_specific = false; authz_data_type = authz_data_list[c]; sep = strchr(authz_data_list[c], ':'); - if (sep != NULL) { + if (sep != NULL && entry != NULL) { if (entry->princ == NULL) { krb5_klog_syslog(LOG_ERR, "Missing principal in database " "entry, no authorization data will " \ diff --git a/daemons/ipa-kdb/tests/ipa_kdb_tests.c b/daemons/ipa-kdb/tests/ipa_kdb_tests.c index 5bc89e234..3bd6e64f2 100644 --- a/daemons/ipa-kdb/tests/ipa_kdb_tests.c +++ b/daemons/ipa-kdb/tests/ipa_kdb_tests.c @@ -404,6 +404,14 @@ void test_get_authz_data_types(void **state) get_authz_data_types(test_ctx->krb5_ctx, entry, &with_pac, &with_pad); assert_true(with_pad == test_set[c].exp_with_pad); assert_true(with_pac == test_set[c].exp_with_pac); + + /* test if global default are returned if there is no server entry */ + if (test_set[c].authz_data == NULL && test_set[c].princ == NULL) { + get_authz_data_types(test_ctx->krb5_ctx, NULL, &with_pac, + &with_pad); + assert_true(with_pad == test_set[c].exp_with_pad); + assert_true(with_pac == test_set[c].exp_with_pac); + } } free(ied); |