mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-22 23:23:30 -06:00
ipa-rmkeytab: Check return value of krb5_kt_(start|end)_seq_get
The return value of functions managing the cursor in the keytab were not checked or reported in a consistent way. This should assure a reasonable error message in case something goes wrong. https://pagure.io/freeipa/issue/8658 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
90eef4f565
commit
f3f9672d52
@ -35,6 +35,7 @@
|
||||
#define PRINCIPAL_ERROR 4
|
||||
#define NOT_FOUND 5
|
||||
#define REMOVE_ERROR 6
|
||||
#define CURSOR_ERROR 7
|
||||
|
||||
int
|
||||
remove_principal(krb5_context context, krb5_keytab ktid, const char *principal, int debug)
|
||||
@ -119,6 +120,12 @@ remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debu
|
||||
bool realm_found = false;
|
||||
|
||||
krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor);
|
||||
if (krberr) {
|
||||
fprintf(stderr, _("Failed to set cursor '%1$s'\n"),
|
||||
error_message(krberr));
|
||||
rval = CURSOR_ERROR;
|
||||
goto done;
|
||||
}
|
||||
memset(&entry, 0, sizeof(entry));
|
||||
while (krb5_kt_next_entry(context, ktid, &entry, &kt_cursor) == 0) {
|
||||
krberr = krb5_unparse_name(context, entry.principal, &entry_princ_s);
|
||||
@ -134,7 +141,13 @@ remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debu
|
||||
|
||||
/* keytab entries are locked when looping. Temporarily suspend
|
||||
* the looping. */
|
||||
krb5_kt_end_seq_get(context, ktid, &kt_cursor);
|
||||
krberr = krb5_kt_end_seq_get(context, ktid, &kt_cursor);
|
||||
if (krberr) {
|
||||
fprintf(stderr, _("Failed to set cursor '%1$s'\n"),
|
||||
error_message(krberr));
|
||||
rval = CURSOR_ERROR;
|
||||
goto done;
|
||||
}
|
||||
|
||||
if (strstr(entry_princ_s, realm) != NULL) {
|
||||
realm_found = true;
|
||||
@ -143,6 +156,12 @@ remove_realm(krb5_context context, krb5_keytab ktid, const char *realm, int debu
|
||||
goto done;
|
||||
/* Have to reset the cursor */
|
||||
krberr = krb5_kt_start_seq_get(context, ktid, &kt_cursor);
|
||||
if (krberr) {
|
||||
fprintf(stderr, _("Failed to set cursor '%1$s'\n"),
|
||||
error_message(krberr));
|
||||
rval = CURSOR_ERROR;
|
||||
goto done;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -241,9 +260,9 @@ main(int argc, const char **argv)
|
||||
}
|
||||
krberr = krb5_kt_start_seq_get(context, ktid, &cursor);
|
||||
if (krberr) {
|
||||
fprintf(stderr, _("Failed to open keytab '%1$s': %2$s\n"), keytab,
|
||||
fprintf(stderr, _("Failed to set cursor '%1$s'\n"),
|
||||
error_message(krberr));
|
||||
rval = KEYTAB_ERROR;
|
||||
rval = CURSOR_ERROR;
|
||||
goto cleanup;
|
||||
}
|
||||
krb5_kt_end_seq_get(context, ktid, &cursor);
|
||||
|
@ -87,3 +87,5 @@ The exit status is 0 on success, nonzero on error.
|
||||
5 Principal name or realm not found in keytab
|
||||
|
||||
6 Unable to remove principal from keytab
|
||||
|
||||
7 Failed to set cursor
|
||||
|
Loading…
Reference in New Issue
Block a user