diff options
author | Russ Allbery <eagle@eyrie.org> | 2014-06-15 22:22:33 -0700 |
---|---|---|
committer | Russ Allbery <rra@stanford.edu> | 2014-06-16 10:59:36 -0700 |
commit | 7d20cb5098c5521cf41e97d8b90d80f9f25b1ea2 (patch) | |
tree | 25d9cd5c0b6af24cbda83900b2e95e0f1e25e78b /server | |
parent | 80e573ce2e42373ecc44c4db4912458826161d33 (diff) |
Handle additional krb5_aname_to_localname failure codes
MIT Kerberos returns a different "no translation" error code than
Heimdal. Handle both without an error message and without aborting
the ACL check.
Also constify a parameter to the ACL functions to aid with the
test suite.
Change-Id: I56096d98fe8475eeaec40affb42f8f8afab87ef0
Reviewed-on: https://gerrit.stanford.edu/1504
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
Diffstat (limited to 'server')
-rw-r--r-- | server/config.c | 22 | ||||
-rw-r--r-- | server/internal.h | 2 |
2 files changed, 17 insertions, 7 deletions
diff --git a/server/config.c b/server/config.c index 91c06ca..a1b5b6a 100644 --- a/server/config.c +++ b/server/config.c @@ -9,6 +9,7 @@ * Copyright 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2012, 2014 * The Board of Trustees of the Leland Stanford Junior University * Copyright 2008 Carnegie Mellon University + * Copyright 2014 IN2P3 Computing Centre - CNRS * * See LICENSE for licensing terms. */ @@ -935,14 +936,23 @@ user_to_localname(const char *user, char **localname) goto fail; } code = krb5_aname_to_localname(ctx, princ, sizeof(buffer), buffer); - if (code != 0 && code != KRB5_LNAME_NOTRANS) { + + /* + * Distinguish between no result with no error, a result (where we want to + * make a copy), and an error. Then free memory and return. + */ + switch (code) { + case KRB5_LNAME_NOTRANS: + case KRB5_NO_LOCALNAME: + /* No result. Do nothing. */ + break; + case 0: + *localname = xstrdup(buffer); + break; + default: warn_krb5(ctx, code, "conversion of %s to local name failed", user); goto fail; } - - /* If there was a result, make a copy. Then clean up and return. */ - if (code == 0) - *localname = xstrdup(buffer); krb5_free_principal(ctx, princ); krb5_free_context(ctx); return true; @@ -1207,7 +1217,7 @@ server_config_free(struct config *config) * otherwise. */ bool -server_config_acl_permit(struct rule *rule, const char *user) +server_config_acl_permit(const struct rule *rule, const char *user) { char **acls = rule->acls; size_t i; diff --git a/server/internal.h b/server/internal.h index 0db8582..622fc8d 100644 --- a/server/internal.h +++ b/server/internal.h @@ -129,7 +129,7 @@ void server_log_command(struct iovec **, struct rule *, const char *user); /* Configuration file functions. */ struct config *server_config_load(const char *file); void server_config_free(struct config *); -bool server_config_acl_permit(struct rule *, const char *user); +bool server_config_acl_permit(const struct rule *, const char *user); void server_config_set_gput_file(char *file); /* Running commands. */ |