On Tue, 2013-07-23 at 18:19 +0800, Dennis Lan (dlan) wrote: > On Tue, Jul 23, 2013 at 5:44 PM, Ian Kent <raven@xxxxxxxxxx> wrote: > > On Mon, 2013-07-22 at 22:59 +0800, Lan Yixun (dlan) wrote: > >> From: "Lan Yixun (dlan)" <dennis.yxun@xxxxxxxxx> > >> > >> this patch instroduce a compatible layer between Heimdal and MTT Krb5. > >> And I slightly rework the original patch to make it more readable. > >> > >> --- > >> Upstream Discussion: > >> http://thread.gmane.org/gmane.linux.kernel.autofs/4203 > >> > >> Gentoo Bugs: > >> https://bugs.gentoo.org/show_bug.cgi?id=210762 > >> > >> Signed-off-by: Lan Yixun (dlan) <dennis.yxun@xxxxxxxxx> > >> --- > >> aclocal.m4 | 7 +++++++ > >> modules/cyrus-sasl.c | 35 ++++++++++++++++++++++++++++++----- > >> 2 files changed, 37 insertions(+), 5 deletions(-) > >> > >> diff --git a/aclocal.m4 b/aclocal.m4 > >> index c5de159..7a8b03c 100644 > >> --- a/aclocal.m4 > >> +++ b/aclocal.m4 > >> @@ -299,6 +299,13 @@ else > >> HAVE_KRB5=1 > >> KRB5_LIBS=`$KRB5_CONFIG --libs` > >> KRB5_FLAGS=`$KRB5_CONFIG --cflags` > >> + > >> + SAVE_CFLAGS=$CFLAGS > >> + SAVE_LIBS=$LIBS > >> + CFLAGS="$CFLAGS $KRB5_FLAGS" > >> + LIBS="$LIBS $KRB5_LIBS" > >> + > >> + AC_CHECK_FUNCS([krb5_principal_get_realm]) > >> fi]) > >> > >> dnl -------------------------------------------------------------------------- > >> diff --git a/modules/cyrus-sasl.c b/modules/cyrus-sasl.c > >> index 68f9242..6115f90 100644 > >> --- a/modules/cyrus-sasl.c > >> +++ b/modules/cyrus-sasl.c > >> @@ -64,6 +64,31 @@ > >> #endif > >> #endif > >> > >> +#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM > >> +void _krb5_princ_realm(krb5_context context, krb5_const_principal princ, > >> + const char **realm, int *len) > >> +{ > >> + *realm = krb5_principal_get_realm(context, princ); > >> + *len = strlen(*realm); > > > > So krb5_principal_get_realm() never fails, or does it return NULL, what > > about strlen(NULL) .... SEGV. > > > >> +} > >> +#else > >> +void _krb5_princ_realm(krb5_context context, krb5_const_principal princ, > >> + const char **realm, int *len) > >> +{ > >> + const krb5_data *data; > >> + > >> + data = krb5_princ_realm(context, princ); > >> + if (data) { > >> + *realm = data->data; > >> + *len = data->length; > >> + } else { > >> + *realm = NULL; > >> + *len = 0; > >> + } > >> +} > >> +#endif > >> + > >> + > >> /* > >> * Once a krb5 credentials cache is setup, we need to set the KRB5CCNAME > >> * environment variable so that the library knows where to find it. > >> @@ -379,7 +404,8 @@ sasl_do_kinit(unsigned logopt, struct lookup_context *ctxt) > >> krb5_principal tgs_princ, krb5_client_princ; > >> krb5_creds my_creds; > >> char *tgs_name; > >> - int status; > >> + const char *realm_name; > >> + int status, realm_length; > >> > >> if (ctxt->kinit_done) > >> return 0; > >> @@ -450,12 +476,11 @@ sasl_do_kinit(unsigned logopt, struct lookup_context *ctxt) > >> } > >> > >> /* setup a principal for the ticket granting service */ > >> + _krb5_princ_realm(ctxt->krb5ctxt, krb5_client_princ, &realm_name, &realm_length); > >> ret = krb5_build_principal_ext(ctxt->krb5ctxt, &tgs_princ, > >> - krb5_princ_realm(ctxt->krb5ctxt, krb5_client_princ)->length, > >> - krb5_princ_realm(ctxt->krb5ctxt, krb5_client_princ)->data, > >> + realm_length, realm_name, > >> strlen(KRB5_TGS_NAME), KRB5_TGS_NAME, > >> - krb5_princ_realm(ctxt->krb5ctxt, krb5_client_princ)->length, > >> - krb5_princ_realm(ctxt->krb5ctxt, krb5_client_princ)->data, > >> + realm_length, realm_name, > >> 0); > >> if (ret) { > >> error(logopt, > > > > > HI Ian: > As I looking into the code (krb5_principal_get_realm) which provided > by heimdal, there is no grantee that *realm will always be valid > (does't do internal check, and does't return "" empty string if fail). > But, as my knowledge here, I guess we should already grantee that > *realm is valid before calling this function, > It won't hurt if we add add a check here, so how about this? > > *len = (*realm == NULL) ? 0 : strlen(*realm); Yeah, so we should be able to be sure it will always never return "". That's probably a fair assumption ... although maybe *realm should be initialized to NULL on entry to avoid odd arch specific initialization issues. > > Dennis -- To unsubscribe from this list: send the line "unsubscribe autofs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
