[Freeipa-devel] [PATCH 155] ipa-kdb: get_authz_data_types() make sure entry can be NULL
Petr Spacek
pspacek at redhat.com
Wed Jan 6 12:37:18 UTC 2016
On 6.1.2016 12:15, Sumit Bose wrote:
> Hi,
>
> this patch fixes and issue found by Simo when he called
> get_authz_data_types() with the second argument being NULL.
> This function determines which type of authorization data should be
> added to the Kerberos ticket. There are global default and it is
> possible to configure this per service as well. The second argument is
> the data base entry of a service. If no service is given it makes sens
> to return the global defaults and most parts of get_authz_data_types()
> handle this case well and this patch fixes the remain issue and adds a
> test for this as well.
>
> Please note that currently get_authz_data_types() is used in a code path
> where the service entry is expected to be not NULL and it turned out
> that in Simo's case it will be non-NULL as well. Nevertheless the patch
> makes the code more robust and makes the future use of
> get_authz_data_types() more safe.
>
> bye,
> Sumit
Nitpick without looking at the code:
It would be good to include the text above (or a variant of it) in the commit
message. The person doing software archaeology some years from now will
appreciate it :-)
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list