From: Greg Hudson Date: Thu, 12 Jun 2025 21:15:24 +0000 (-0400) Subject: Remove libkdb_ldap null argument checks X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1434%2Fhead;p=thirdparty%2Fkrb5.git Remove libkdb_ldap null argument checks libkdb_ldap contains some spotty null argument pointer checks, which is not the project's practice outside of the GSSAPI. Remove them. Also remove krb5_ldap_delete_krbcontainer(), which became unused after commit 0269810b1aec6c554fb746433f045d59fd34ab3a. --- diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h index 549f8ce94b..675bceaefb 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h @@ -41,7 +41,4 @@ krb5_ldap_read_krbcontainer_dn(krb5_context, char **); krb5_error_code krb5_ldap_create_krbcontainer(krb5_context, const char *); -krb5_error_code -krb5_ldap_delete_krbcontainer(krb5_context, const char *); - #endif diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c index 90b90183be..423cd0d84b 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c @@ -1163,11 +1163,6 @@ krb5_ldap_get_reference_count(krb5_context context, char *dn, char *refattr, krb5_ldap_server_handle *ldap_server_handle = NULL; LDAPMessage *result = NULL; - if (dn == NULL || refattr == NULL) { - st = EINVAL; - goto cleanup; - } - SETUP_CONTEXT(); if (ld == NULL) { GET_HANDLE(); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c index 838583a1f9..1aa194709f 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c @@ -146,7 +146,7 @@ krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy) krb5_clear_error_message(context); /* validate the input parameters */ - if (policy == NULL || policy->name == NULL) + if (policy->name == NULL) return EINVAL; SETUP_CONTEXT(); @@ -200,7 +200,7 @@ krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy) krb5_clear_error_message(context); /* validate the input parameters */ - if (policy == NULL || policy->name == NULL) + if (policy->name == NULL) return EINVAL; SETUP_CONTEXT(); @@ -296,10 +296,6 @@ krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name, /* Clear the global error string */ krb5_clear_error_message(context); - /* validate the input parameters */ - if (pol_dn == NULL) - return EINVAL; - *policy = NULL; SETUP_CONTEXT(); GET_HANDLE(); @@ -347,12 +343,6 @@ krb5_ldap_get_password_policy(krb5_context context, char *name, /* Clear the global error string */ krb5_clear_error_message(context); - /* validate the input parameters */ - if (name == NULL) { - st = EINVAL; - goto cleanup; - } - st = krb5_ldap_name_to_policydn(context, name, &policy_dn); if (st != 0) goto cleanup; @@ -379,10 +369,6 @@ krb5_ldap_delete_password_policy(krb5_context context, char *policy) /* Clear the global error string */ krb5_clear_error_message(context); - /* validate the input parameters */ - if (policy == NULL) - return EINVAL; - SETUP_CONTEXT(); GET_HANDLE(); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c index c9c8cbd1f2..57f0b80666 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c @@ -218,12 +218,6 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm) SETUP_CONTEXT (); - if (lrealm == NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Realm information not available")); - goto cleanup; - } - if ((st=krb5_ldap_read_realm_params(context, lrealm, &rparam, &mask)) != 0) goto cleanup; @@ -357,11 +351,6 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams, if (mask == 0) return 0; - if (rparams == NULL) { - st = EINVAL; - return st; - } - SETUP_CONTEXT (); /* Check validity of arguments */ @@ -484,12 +473,6 @@ krb5_ldap_create_krbcontainer(krb5_context context, const char *dn) /* get ldap handle */ GET_HANDLE (); - if (dn == NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Kerberos Container information is missing")); - goto cleanup; - } - strval[0] = "krbContainer"; strval[1] = NULL; if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0) @@ -529,46 +512,6 @@ cleanup: return(st); } -/* - * Delete the Kerberos container in the Directory - */ - -krb5_error_code -krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn) -{ - LDAP *ld=NULL; - krb5_error_code st=0; - kdb5_dal_handle *dal_handle=NULL; - krb5_ldap_context *ldap_context=NULL; - krb5_ldap_server_handle *ldap_server_handle=NULL; - - SETUP_CONTEXT (); - - /* get ldap handle */ - GET_HANDLE (); - - if (dn == NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Kerberos Container information is missing")); - goto cleanup; - } - - /* delete the kerberos container */ - if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) { - int ost = st; - st = translate_ldap_error (st, OP_ADD); - k5_setmsg(context, st, _("Kerberos Container delete FAILED: %s"), - ldap_err2string(ost)); - goto cleanup; - } - -cleanup: - - krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle); - return(st); -} - - /* * Create Realm in eDirectory. This is used by kdb5_util */ @@ -593,15 +536,10 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams, SETUP_CONTEXT (); /* Check input validity ... */ - if (ldap_context->container_dn == NULL || - rparams == NULL || - rparams->realm_name == NULL || - ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || - ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) || - 0) { - st = EINVAL; - return st; - } + if (ldap_context->container_dn == NULL || rparams->realm_name == NULL || + ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) || + ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL)) + return EINVAL; /* get ldap handle */ GET_HANDLE (); @@ -729,10 +667,8 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm, SETUP_CONTEXT (); /* validate the input parameter */ - if (lrealm == NULL || ldap_context->container_dn == NULL) { - st = EINVAL; - goto cleanup; - } + if (ldap_context->container_dn == NULL) + return EINVAL; /* get ldap handle */ GET_HANDLE (); diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c index 52f09497eb..a093add43a 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c @@ -61,11 +61,8 @@ krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy, krb5_ldap_server_handle *ldap_server_handle=NULL; /* validate the input parameters */ - if (policy == NULL || policy->policy == NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Ticket Policy Name missing")); - goto cleanup; - } + if (policy->policy == NULL) + return EINVAL; SETUP_CONTEXT(); GET_HANDLE(); @@ -137,11 +134,8 @@ krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy, krb5_ldap_server_handle *ldap_server_handle=NULL; /* validate the input parameters */ - if (policy == NULL || policy->policy==NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Ticket Policy Name missing")); - goto cleanup; - } + if (policy->policy == NULL) + return EINVAL; SETUP_CONTEXT(); GET_HANDLE(); @@ -213,13 +207,6 @@ krb5_ldap_read_policy(krb5_context context, char *policyname, krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; - /* validate the input parameters */ - if (policyname == NULL || policy == NULL) { - st = EINVAL; - k5_setmsg(context, st, _("Ticket Policy Object information missing")); - goto cleanup; - } - SETUP_CONTEXT(); GET_HANDLE(); @@ -306,13 +293,6 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname) krb5_ldap_context *ldap_context=NULL; krb5_ldap_server_handle *ldap_server_handle=NULL; - if (policyname == NULL) { - st = EINVAL; - k5_prependmsg(context, st, _("Ticket Policy Object DN missing")); - goto cleanup; - } - - SETUP_CONTEXT(); GET_HANDLE(); diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py index 14d57923fd..afc683cb9b 100755 --- a/src/tests/t_kdb.py +++ b/src/tests/t_kdb.py @@ -632,6 +632,5 @@ realm.run([kdb5_ldap_util, 'destroy', '-f']) # * Out-of-memory error conditions # * Handling of failures from slapd (including krb5_retry_get_ldap_handle) # * Handling of servers which don't support mod-increment -# * krb5_ldap_delete_krbcontainer (only happens if krb5_ldap_create fails) success('LDAP and DB2 KDB tests')