diff options
author | Pavel Filipenský <pfilipen@redhat.com> | 2021-10-21 15:01:48 +0200 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2021-11-03 08:36:00 +0000 |
commit | a8a0667263dc635d67da3ca3f48b46f71ca12289 (patch) | |
tree | 26994c9c5890aa246318a5d20f4fa99030bc53ed | |
parent | 5199eb14123b26b02d3a4d10d514b37688f9b580 (diff) | |
download | samba-a8a0667263dc635d67da3ca3f48b46f71ca12289.tar.gz |
s3:librpc: Improve calling of krb5_kt_end_seq_get()
Remove indentation with early return, best reviewed with
git show -b
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 3 08:36:00 UTC 2021 on sn-devel-184
-rw-r--r-- | source3/librpc/crypto/gse_krb5.c | 110 |
1 files changed, 59 insertions, 51 deletions
diff --git a/source3/librpc/crypto/gse_krb5.c b/source3/librpc/crypto/gse_krb5.c index 804247e784d..83741c914a3 100644 --- a/source3/librpc/crypto/gse_krb5.c +++ b/source3/librpc/crypto/gse_krb5.c @@ -37,9 +37,8 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) ZERO_STRUCT(kt_entry); ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor); - if (ret == KRB5_KT_END || ret == ENOENT ) { - /* no entries */ - return 0; + if (ret != 0) { + return ret; } ret = krb5_kt_next_entry(krbctx, keytab, &kt_entry, &kt_cursor); @@ -48,7 +47,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* we need to close and reopen enumeration because we modify * the keytab */ ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_end_seq_get() " "failed (%s)\n", error_message(ret))); goto out; @@ -56,7 +55,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* remove the entry */ ret = krb5_kt_remove_entry(krbctx, keytab, &kt_entry); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_remove_entry() " "failed (%s)\n", error_message(ret))); goto out; @@ -66,7 +65,7 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) /* now reopen */ ret = krb5_kt_start_seq_get(krbctx, keytab, &kt_cursor); - if (ret) { + if (ret != 0) { DEBUG(1, (__location__ ": krb5_kt_start_seq() failed " "(%s)\n", error_message(ret))); goto out; @@ -81,6 +80,12 @@ static krb5_error_code flush_keytab(krb5_context krbctx, krb5_keytab keytab) error_message(ret))); } + ret = krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor); + if (ret != 0) { + DEBUG(1, (__location__ ": krb5_kt_end_seq_get() " + "failed (%s)\n", error_message(ret))); + goto out; + } ret = 0; out: @@ -156,7 +161,7 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, krb5_keytab *keytab) { TALLOC_CTX *frame = talloc_stackframe(); - krb5_error_code ret; + krb5_error_code ret, ret2; const char *domain = lp_workgroup(); struct secrets_domain_info1 *info = NULL; const char *realm = NULL; @@ -198,55 +203,61 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, /* check if the keytab already has any entry */ ret = krb5_kt_start_seq_get(krbctx, *keytab, &kt_cursor); - if (ret != KRB5_KT_END && ret != ENOENT ) { - /* check if we have our special enctype used to hold - * the clear text password. If so, check it out so that - * we can verify if the keytab needs to be upgraded */ - while ((ret = krb5_kt_next_entry(krbctx, *keytab, - &kt_entry, &kt_cursor)) == 0) { - if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) == - CLEARTEXT_PRIV_ENCTYPE) { - break; - } - smb_krb5_kt_free_entry(krbctx, &kt_entry); - ZERO_STRUCT(kt_entry); - } + if (ret != 0) { + goto out; + } - if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) { - /* Error parsing keytab */ - DEBUG(1, (__location__ ": Failed to parse memory " - "keytab!\n")); - goto out; + /* check if we have our special enctype used to hold + * the clear text password. If so, check it out so that + * we can verify if the keytab needs to be upgraded */ + while ((ret = krb5_kt_next_entry(krbctx, *keytab, + &kt_entry, &kt_cursor)) == 0) { + if (smb_krb5_kt_get_enctype_from_entry(&kt_entry) == + CLEARTEXT_PRIV_ENCTYPE) { + break; } + smb_krb5_kt_free_entry(krbctx, &kt_entry); + ZERO_STRUCT(kt_entry); + } - if (ret == 0) { - /* found private entry, - * check if keytab is up to date */ + ret2 = krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); + if (ret2 != 0) { + ret = ret2; + DEBUG(1, (__location__ ": krb5_kt_end_seq_get() " + "failed (%s)\n", error_message(ret))); + goto out; + } - if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) && - (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)), - ct->data, ct->length) == 0)) { - /* keytab is already up to date, return */ - smb_krb5_kt_free_entry(krbctx, &kt_entry); - goto out; - } + if (ret != 0 && ret != KRB5_KT_END && ret != ENOENT ) { + /* Error parsing keytab */ + DEBUG(1, (__location__ ": Failed to parse memory " + "keytab!\n")); + goto out; + } + + if (ret == 0) { + /* found private entry, + * check if keytab is up to date */ + if ((ct->length == KRB5_KEY_LENGTH(KRB5_KT_KEY(&kt_entry))) && + (memcmp(KRB5_KEY_DATA(KRB5_KT_KEY(&kt_entry)), + ct->data, ct->length) == 0)) { + /* keytab is already up to date, return */ smb_krb5_kt_free_entry(krbctx, &kt_entry); - ZERO_STRUCT(kt_entry); + goto out; + } + smb_krb5_kt_free_entry(krbctx, &kt_entry); + ZERO_STRUCT(kt_entry); - /* flush keytab, we need to regen it */ - ret = flush_keytab(krbctx, *keytab); - if (ret) { - DEBUG(1, (__location__ ": Failed to flush " - "memory keytab!\n")); - goto out; - } - } - } - if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) { - krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); + /* flush keytab, we need to regen it */ + ret = flush_keytab(krbctx, *keytab); + if (ret) { + DEBUG(1, (__location__ ": Failed to flush " + "memory keytab!\n")); + goto out; + } } /* keytab is not up to date, fill it up */ @@ -321,9 +332,6 @@ static krb5_error_code fill_mem_keytab_from_secrets(krb5_context krbctx, ret = 0; out: - if (!all_zero((uint8_t *)&kt_cursor, sizeof(kt_cursor)) && *keytab) { - krb5_kt_end_seq_get(krbctx, *keytab, &kt_cursor); - } if (princ) { krb5_free_principal(krbctx, princ); @@ -533,7 +541,7 @@ static krb5_error_code fill_mem_keytab_from_dedicated_keytab(krb5_context krbctx krb5_kt_end_seq_get(krbctx, keytab, &kt_cursor); out: - + krb5_kt_close(krbctx, keytab); return ret; |