On 05/27/2010 10:14 AM, Jakub Hrozek wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/27/2010 12:04 PM, Jakub Hrozek wrote: >> This one is bigger, still looking, but wanted to give acks to the >> trivial ones in case another patch depends on them. > > I think we should explicitly initialize the "ret" variable to some error > condition in places that proxy out. It seems that at least > _nss_ldap_initgroups_dyn() does not return anything if it fails (I > tested a directory server with no groups) resulting in checking a random > value: > > - -- > [sssd[be[proxy]]] [get_initgr_groups_process] (2): proxy -> > initgroups_dyn failed (-26406780)[Unknown error 18446744073683144836] > - -- > > This is not an issue brought in by this patch, just something I noticed > while testing, but it probably makes sense to squash in
I'd prefer not to include that in this patch. As best I can tell, it's only an issue in the NSS proxy routines, not PAM. We should not be initializing ret, we should be guaranteeing that it is always returned with an appropriate value. If we initialize it, we're potentially hiding an error. That's a much bigger task and deserves its own ticket (please open one) and patch. If you have no other issues with this patch, I will push it as-is. -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
