krb5 commit: Remove libkdb_ldap null argument checks
ghudson at mit.edu
ghudson at mit.edu
Tue Jun 17 16:28:21 EDT 2025
https://github.com/krb5/krb5/commit/bb7929a74ad10589a1b2037a5b5bc5368ebdd938
commit bb7929a74ad10589a1b2037a5b5bc5368ebdd938
Author: Greg Hudson <ghudson at mit.edu>
Date: Thu Jun 12 17:15:24 2025 -0400
Remove libkdb_ldap null argument checks
libkdb_ldap contains some spotty null argument pointer checks, which
is not the project's practice outside of the GSSAPI. Remove them.
Also remove krb5_ldap_delete_krbcontainer(), which became unused after
commit 0269810b1aec6c554fb746433f045d59fd34ab3a.
.../kdb/ldap/libkdb_ldap/ldap_krbcontainer.h | 3 -
src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c | 5 --
src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c | 18 +----
src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c | 76 ++--------------------
src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c | 28 ++------
src/tests/t_kdb.py | 1 -
6 files changed, 12 insertions(+), 119 deletions(-)
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
index 549f8ce94..675bceaef 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_krbcontainer.h
@@ -41,7 +41,4 @@ krb5_ldap_read_krbcontainer_dn(krb5_context, char **);
krb5_error_code
krb5_ldap_create_krbcontainer(krb5_context, const char *);
-krb5_error_code
-krb5_ldap_delete_krbcontainer(krb5_context, const char *);
-
#endif
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
index 90b90183b..423cd0d84 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c
@@ -1163,11 +1163,6 @@ krb5_ldap_get_reference_count(krb5_context context, char *dn, char *refattr,
krb5_ldap_server_handle *ldap_server_handle = NULL;
LDAPMessage *result = NULL;
- if (dn == NULL || refattr == NULL) {
- st = EINVAL;
- goto cleanup;
- }
-
SETUP_CONTEXT();
if (ld == NULL) {
GET_HANDLE();
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
index 838583a1f..1aa194709 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c
@@ -146,7 +146,7 @@ krb5_ldap_create_password_policy(krb5_context context, osa_policy_ent_t policy)
krb5_clear_error_message(context);
/* validate the input parameters */
- if (policy == NULL || policy->name == NULL)
+ if (policy->name == NULL)
return EINVAL;
SETUP_CONTEXT();
@@ -200,7 +200,7 @@ krb5_ldap_put_password_policy(krb5_context context, osa_policy_ent_t policy)
krb5_clear_error_message(context);
/* validate the input parameters */
- if (policy == NULL || policy->name == NULL)
+ if (policy->name == NULL)
return EINVAL;
SETUP_CONTEXT();
@@ -296,10 +296,6 @@ krb5_ldap_get_password_policy_from_dn(krb5_context context, char *pol_name,
/* Clear the global error string */
krb5_clear_error_message(context);
- /* validate the input parameters */
- if (pol_dn == NULL)
- return EINVAL;
-
*policy = NULL;
SETUP_CONTEXT();
GET_HANDLE();
@@ -347,12 +343,6 @@ krb5_ldap_get_password_policy(krb5_context context, char *name,
/* Clear the global error string */
krb5_clear_error_message(context);
- /* validate the input parameters */
- if (name == NULL) {
- st = EINVAL;
- goto cleanup;
- }
-
st = krb5_ldap_name_to_policydn(context, name, &policy_dn);
if (st != 0)
goto cleanup;
@@ -379,10 +369,6 @@ krb5_ldap_delete_password_policy(krb5_context context, char *policy)
/* Clear the global error string */
krb5_clear_error_message(context);
- /* validate the input parameters */
- if (policy == NULL)
- return EINVAL;
-
SETUP_CONTEXT();
GET_HANDLE();
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
index c9c8cbd1f..57f0b8066 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_realm.c
@@ -218,12 +218,6 @@ krb5_ldap_delete_realm (krb5_context context, char *lrealm)
SETUP_CONTEXT ();
- if (lrealm == NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Realm information not available"));
- goto cleanup;
- }
-
if ((st=krb5_ldap_read_realm_params(context, lrealm, &rparam, &mask)) != 0)
goto cleanup;
@@ -357,11 +351,6 @@ krb5_ldap_modify_realm(krb5_context context, krb5_ldap_realm_params *rparams,
if (mask == 0)
return 0;
- if (rparams == NULL) {
- st = EINVAL;
- return st;
- }
-
SETUP_CONTEXT ();
/* Check validity of arguments */
@@ -484,12 +473,6 @@ krb5_ldap_create_krbcontainer(krb5_context context, const char *dn)
/* get ldap handle */
GET_HANDLE ();
- if (dn == NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Kerberos Container information is missing"));
- goto cleanup;
- }
-
strval[0] = "krbContainer";
strval[1] = NULL;
if ((st=krb5_add_str_mem_ldap_mod(&mods, "objectclass", LDAP_MOD_ADD, strval)) != 0)
@@ -529,46 +512,6 @@ cleanup:
return(st);
}
-/*
- * Delete the Kerberos container in the Directory
- */
-
-krb5_error_code
-krb5_ldap_delete_krbcontainer(krb5_context context, const char *dn)
-{
- LDAP *ld=NULL;
- krb5_error_code st=0;
- kdb5_dal_handle *dal_handle=NULL;
- krb5_ldap_context *ldap_context=NULL;
- krb5_ldap_server_handle *ldap_server_handle=NULL;
-
- SETUP_CONTEXT ();
-
- /* get ldap handle */
- GET_HANDLE ();
-
- if (dn == NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Kerberos Container information is missing"));
- goto cleanup;
- }
-
- /* delete the kerberos container */
- if ((st = ldap_delete_ext_s(ld, dn, NULL, NULL)) != LDAP_SUCCESS) {
- int ost = st;
- st = translate_ldap_error (st, OP_ADD);
- k5_setmsg(context, st, _("Kerberos Container delete FAILED: %s"),
- ldap_err2string(ost));
- goto cleanup;
- }
-
-cleanup:
-
- krb5_ldap_put_handle_to_pool(ldap_context, ldap_server_handle);
- return(st);
-}
-
-
/*
* Create Realm in eDirectory. This is used by kdb5_util
*/
@@ -593,15 +536,10 @@ krb5_ldap_create_realm(krb5_context context, krb5_ldap_realm_params *rparams,
SETUP_CONTEXT ();
/* Check input validity ... */
- if (ldap_context->container_dn == NULL ||
- rparams == NULL ||
- rparams->realm_name == NULL ||
- ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
- ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL) ||
- 0) {
- st = EINVAL;
- return st;
- }
+ if (ldap_context->container_dn == NULL || rparams->realm_name == NULL ||
+ ((mask & LDAP_REALM_SUBTREE) && rparams->subtree == NULL) ||
+ ((mask & LDAP_REALM_CONTREF) && rparams->containerref == NULL))
+ return EINVAL;
/* get ldap handle */
GET_HANDLE ();
@@ -729,10 +667,8 @@ krb5_ldap_read_realm_params(krb5_context context, char *lrealm,
SETUP_CONTEXT ();
/* validate the input parameter */
- if (lrealm == NULL || ldap_context->container_dn == NULL) {
- st = EINVAL;
- goto cleanup;
- }
+ if (ldap_context->container_dn == NULL)
+ return EINVAL;
/* get ldap handle */
GET_HANDLE ();
diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
index 52f09497e..a093add43 100644
--- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
+++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_tkt_policy.c
@@ -61,11 +61,8 @@ krb5_ldap_create_policy(krb5_context context, krb5_ldap_policy_params *policy,
krb5_ldap_server_handle *ldap_server_handle=NULL;
/* validate the input parameters */
- if (policy == NULL || policy->policy == NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Ticket Policy Name missing"));
- goto cleanup;
- }
+ if (policy->policy == NULL)
+ return EINVAL;
SETUP_CONTEXT();
GET_HANDLE();
@@ -137,11 +134,8 @@ krb5_ldap_modify_policy(krb5_context context, krb5_ldap_policy_params *policy,
krb5_ldap_server_handle *ldap_server_handle=NULL;
/* validate the input parameters */
- if (policy == NULL || policy->policy==NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Ticket Policy Name missing"));
- goto cleanup;
- }
+ if (policy->policy == NULL)
+ return EINVAL;
SETUP_CONTEXT();
GET_HANDLE();
@@ -213,13 +207,6 @@ krb5_ldap_read_policy(krb5_context context, char *policyname,
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
- /* validate the input parameters */
- if (policyname == NULL || policy == NULL) {
- st = EINVAL;
- k5_setmsg(context, st, _("Ticket Policy Object information missing"));
- goto cleanup;
- }
-
SETUP_CONTEXT();
GET_HANDLE();
@@ -306,13 +293,6 @@ krb5_ldap_delete_policy(krb5_context context, char *policyname)
krb5_ldap_context *ldap_context=NULL;
krb5_ldap_server_handle *ldap_server_handle=NULL;
- if (policyname == NULL) {
- st = EINVAL;
- k5_prependmsg(context, st, _("Ticket Policy Object DN missing"));
- goto cleanup;
- }
-
-
SETUP_CONTEXT();
GET_HANDLE();
diff --git a/src/tests/t_kdb.py b/src/tests/t_kdb.py
index 14d57923f..afc683cb9 100755
--- a/src/tests/t_kdb.py
+++ b/src/tests/t_kdb.py
@@ -632,6 +632,5 @@ realm.run([kdb5_ldap_util, 'destroy', '-f'])
# * Out-of-memory error conditions
# * Handling of failures from slapd (including krb5_retry_get_ldap_handle)
# * Handling of servers which don't support mod-increment
-# * krb5_ldap_delete_krbcontainer (only happens if krb5_ldap_create fails)
success('LDAP and DB2 KDB tests')
More information about the cvs-krb5
mailing list