gssapi: default pam_gssapi_services to NULL in domain section and coverity fixes

[pbrezina]

We need to distinguish when the option is not set in domain section and when
it is is explicitly disabled. Now if it is not set, domain->gssapi_services
is NULL and we'll use value from the pam section.

Without this change, the value in the pam section is ignored.

[alexey-tikhonov]

Is this addon to #5367?

[pbrezina]

Yes.

[pbrezina]

I also included fix for coverity warnings.

[alexey-tikhonov]

Hi,

there is a compilation warning:

../src/sss_client/pam_sss_gss.c:339:5: warning: ‘reply’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  339 |     free(reply);
      |     ^~~~~~~~~~~
../src/sss_client/pam_sss_gss.c:328:14: note: ‘reply’ was declared here
  328 |     uint8_t *reply;
      |              ^~~~~
../src/sss_client/pam_sss_gss.c:270:11: warning: ‘reply_len’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  270 |     upn = malloc(reply_len * sizeof(char));
      |           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/sss_client/pam_sss_gss.c:327:12: note: ‘reply_len’ was declared here
  327 |     size_t reply_len;
      |            ^~~~~~~~~

That's false positive but I think still better to suppress.

Otherwise ACK for the 2nd patch ("fix coverity issues").

[pbrezina]

I do not see this warning, but a fix is squashed to the second patch.

[sumit-bose]

Hi,

thanks for the patches, Coverity does not complain about the resource leaks anymore and my tests for the pam_gssapi_services config option went well. I just added an in-line comment.

bye,
Sumit

[pbrezina]

Thanks, I added NULL initialization.

[sumit-bose]

Hi,

thanks, ACK.

bye,
Sumit

[pbrezina]

Pushed PR: #5453

• master
  • 111b8b4 - pam_sss_gssapi: fix coverity issues
  • cc17362 - gssapi: default pam_gssapi_services to NULL in domain section