URL: https://github.com/SSSD/sssd/pull/137
Title: #137: Initial pkinit support

lslebodn commented:
"""
On (09/02/17 02:50), sumit-bose wrote:
>Thank you for running the tests, the valgirind issue was the same as the last 
>coverity warning.
>

The function get_pkinit_identity is defined inside following ifdef
`#ifdef HAVE_KRB5_GET_INIT_CREDS_OPT_SET_RESPONDER`

but it is used without this `ifdef`. This feature is not available
on el6 and therefore there is a compilation error:
```
src/providers/krb5/krb5_child.c: In function 'get_and_save_tgt':
src/providers/krb5/krb5_child.c:1493: error: implicit declaration of function
'get_pkinit_identity'
src/providers/krb5/krb5_child.c: In function 'changepw_child':
```

There is also a warning:
```
Error: UNUSED_VALUE (CWE-563): [#def6]
sssd-1.15.1/src/responder/pam/pamsrv_cmd.c:742: returned_value: Assigning value 
from "pam_check_user_done(preq, ret)" to "ret" here, but that stored value is 
not used.
#  740|           preq->cert_auth_local = true;
#  741|           ret = check_cert(cctx, cctx->ev, pctx, preq, pd);
#  742|->         ret = pam_check_user_done(preq, ret);
#  743|           return;
#  744|       }
```


We should at least log a message.

LS

"""

See the full comment at 
https://github.com/SSSD/sssd/pull/137#issuecomment-278978626
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

Reply via email to