sssd/backport-Make-sure-invalid-krb5-context-is-not-used.patch

From bdfb92012d6dec2999469d483ba67d6c2521a078 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 21 Nov 2024 09:23:36 +0100
Subject: [PATCH] ldap_child: make sure invalid krb5 context is not used -
 2.9.4

Resolves: https://github.com/SSSD/sssd/issues/7715
---
 src/util/sss_krb5.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
index 3f57e5b268f..0b83142ddfc 100644
--- a/src/util/sss_krb5.c
+++ b/src/util/sss_krb5.c
@@ -140,6 +140,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
 
     kerr = sss_krb5_init_context(&krb_ctx);
     if (kerr) {
+        krb_ctx = NULL;
         error_message = "Failed to init Kerberos context";
         ret = EFAULT;
         goto done;
@@ -269,7 +270,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,
     }
 
 done:
-    if (ret != EOK) {
+    if (ret != EOK && krb_ctx != NULL) {
         DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read keytab [%s]: %s\n",
               sss_printable_keytab_name(krb_ctx, keytab_name),
               (error_message ? error_message : sss_strerror(ret)));
ldap_child: make sure invalid krb5 context is not used 2024-12-05 15:28:34 +08:00			`From bdfb92012d6dec2999469d483ba67d6c2521a078 Mon Sep 17 00:00:00 2001`
			`From: Sumit Bose <sbose@redhat.com>`
			`Date: Thu, 21 Nov 2024 09:23:36 +0100`
			`Subject: [PATCH] ldap_child: make sure invalid krb5 context is not used -`
			`2.9.4`

			`Resolves: https://github.com/SSSD/sssd/issues/7715`
			`---`
			`src/util/sss_krb5.c \| 3 ++-`
			`1 file changed, 2 insertions(+), 1 deletion(-)`

			`diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c`
			`index 3f57e5b268f..0b83142ddfc 100644`
			`--- a/src/util/sss_krb5.c`
			`+++ b/src/util/sss_krb5.c`
			`@@ -140,6 +140,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,`

			`kerr = sss_krb5_init_context(&krb_ctx);`
			`if (kerr) {`
			`+ krb_ctx = NULL;`
			`error_message = "Failed to init Kerberos context";`
			`ret = EFAULT;`
			`goto done;`
			`@@ -269,7 +270,7 @@ errno_t select_principal_from_keytab(TALLOC_CTX *mem_ctx,`
			`}`

			`done:`
			`- if (ret != EOK) {`
			`+ if (ret != EOK && krb_ctx != NULL) {`
			`DEBUG(SSSDBG_FATAL_FAILURE, "Failed to read keytab [%s]: %s\n",`
			`sss_printable_keytab_name(krb_ctx, keytab_name),`
			`(error_message ? error_message : sss_strerror(ret)));`