LCOV - code coverage report
Current view: top level - providers/krb5 - krb5_utils.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 148 280 52.9 %
Date: 2016-06-29 Functions: 5 8 62.5 %

          Line data    Source code
       1             : /*
       2             :     SSSD
       3             : 
       4             :     Kerberos 5 Backend Module -- Utilities
       5             : 
       6             :     Authors:
       7             :         Sumit Bose <sbose@redhat.com>
       8             : 
       9             :     Copyright (C) 2009 Red Hat
      10             : 
      11             :     This program is free software; you can redistribute it and/or modify
      12             :     it under the terms of the GNU General Public License as published by
      13             :     the Free Software Foundation; either version 3 of the License, or
      14             :     (at your option) any later version.
      15             : 
      16             :     This program is distributed in the hope that it will be useful,
      17             :     but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      19             :     GNU General Public License for more details.
      20             : 
      21             :     You should have received a copy of the GNU General Public License
      22             :     along with this program.  If not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : #include <string.h>
      25             : #include <stdlib.h>
      26             : #include <libgen.h>
      27             : 
      28             : #include "providers/krb5/krb5_utils.h"
      29             : #include "providers/krb5/krb5_ccache.h"
      30             : #include "providers/krb5/krb5_auth.h"
      31             : #include "src/util/find_uid.h"
      32             : #include "util/util.h"
      33             : 
      34           0 : errno_t find_or_guess_upn(TALLOC_CTX *mem_ctx, struct ldb_message *msg,
      35             :                           struct krb5_ctx *krb5_ctx,
      36             :                           struct sss_domain_info *dom, const char *user,
      37             :                           const char *user_dom, char **_upn)
      38             : {
      39           0 :     const char *upn = NULL;
      40             :     int ret;
      41             : 
      42           0 :     if (krb5_ctx == NULL || dom == NULL || user == NULL || _upn == NULL) {
      43           0 :         return EINVAL;
      44             :     }
      45             : 
      46           0 :     if (msg != NULL) {
      47           0 :         upn = ldb_msg_find_attr_as_string(msg, SYSDB_CANONICAL_UPN, NULL);
      48           0 :         if (upn != NULL) {
      49           0 :             ret = EOK;
      50           0 :             goto done;
      51             :         }
      52             : 
      53           0 :         upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
      54           0 :         if (upn != NULL) {
      55           0 :             ret = EOK;
      56           0 :             goto done;
      57             :         }
      58             :     }
      59             : 
      60           0 :     ret = krb5_get_simple_upn(mem_ctx, krb5_ctx, dom, user,
      61             :                               user_dom, _upn);
      62           0 :     if (ret != EOK) {
      63           0 :         DEBUG(SSSDBG_OP_FAILURE, "krb5_get_simple_upn failed.\n");
      64           0 :         return ret;
      65             :     }
      66             : 
      67             : done:
      68           0 :     if (ret == EOK && upn != NULL) {
      69           0 :         *_upn = talloc_strdup(mem_ctx, upn);
      70           0 :         if (*_upn == NULL) {
      71           0 :             DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
      72           0 :             return ENOMEM;
      73             :         }
      74             :     }
      75             : 
      76           0 :     return ret;
      77             : }
      78             : 
      79           0 : errno_t check_if_cached_upn_needs_update(struct sysdb_ctx *sysdb,
      80             :                                          struct sss_domain_info *domain,
      81             :                                          const char *user,
      82             :                                          const char *upn)
      83             : {
      84             :     TALLOC_CTX *tmp_ctx;
      85             :     int ret;
      86             :     int sret;
      87           0 :     const char *attrs[] = {SYSDB_UPN, SYSDB_CANONICAL_UPN, NULL};
      88             :     struct sysdb_attrs *new_attrs;
      89             :     struct ldb_result *res;
      90           0 :     bool in_transaction = false;
      91             :     const char *cached_upn;
      92             :     const char *cached_canonical_upn;
      93             : 
      94           0 :     if (sysdb == NULL || user == NULL || upn == NULL) {
      95           0 :         return EINVAL;
      96             :     }
      97             : 
      98           0 :     tmp_ctx = talloc_new(NULL);
      99           0 :     if (tmp_ctx == NULL) {
     100           0 :         DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
     101           0 :         return ENOMEM;
     102             :     }
     103             : 
     104           0 :     ret = sysdb_get_user_attr(tmp_ctx, domain, user, attrs, &res);
     105           0 :     if (ret != EOK) {
     106           0 :         DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_user_attr failed.\n");
     107           0 :         goto done;
     108             :     }
     109             : 
     110           0 :     if (res->count != 1) {
     111           0 :         DEBUG(SSSDBG_OP_FAILURE, "[%d] user objects for name [%s] found, " \
     112             :                                   "expected 1.\n", res->count, user);
     113           0 :         ret = EINVAL;
     114           0 :         goto done;
     115             :     }
     116             : 
     117           0 :     cached_upn = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_UPN, NULL);
     118             : 
     119           0 :     if (cached_upn != NULL && strcmp(cached_upn, upn) == 0) {
     120           0 :         DEBUG(SSSDBG_TRACE_ALL, "Cached UPN and new one match, "
     121             :                                  "nothing to do.\n");
     122           0 :         ret = EOK;
     123           0 :         goto done;
     124             :     }
     125             : 
     126           0 :     cached_canonical_upn = ldb_msg_find_attr_as_string(res->msgs[0],
     127             :                                                        SYSDB_CANONICAL_UPN,
     128             :                                                        NULL);
     129             : 
     130           0 :     if (cached_canonical_upn != NULL
     131           0 :             && strcmp(cached_canonical_upn, upn) == 0) {
     132           0 :         DEBUG(SSSDBG_TRACE_ALL, "Cached canonical UPN and new one match, "
     133             :                                  "nothing to do.\n");
     134           0 :         ret = EOK;
     135           0 :         goto done;
     136             :     }
     137             : 
     138           0 :     DEBUG(SSSDBG_TRACE_LIBS, "Replacing canonical UPN [%s] with [%s] " \
     139             :                               "for user [%s].\n",
     140             :                               cached_canonical_upn == NULL ?
     141             :                                                  "empty" : cached_canonical_upn,
     142             :                               upn, user);
     143             : 
     144           0 :     new_attrs = sysdb_new_attrs(tmp_ctx);
     145           0 :     if (new_attrs == NULL) {
     146           0 :         DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
     147           0 :         ret = ENOMEM;
     148           0 :         goto done;
     149             :     }
     150             : 
     151           0 :     ret = sysdb_attrs_add_string(new_attrs, SYSDB_CANONICAL_UPN, upn);
     152           0 :     if (ret != EOK) {
     153           0 :         DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string failed.\n");
     154           0 :         goto done;
     155             :     }
     156             : 
     157           0 :     ret = sysdb_transaction_start(sysdb);
     158           0 :     if (ret != EOK) {
     159           0 :         DEBUG(SSSDBG_OP_FAILURE,
     160             :               "Error %d starting transaction (%s)\n", ret, strerror(ret));
     161           0 :         goto done;
     162             :     }
     163           0 :     in_transaction = true;
     164             : 
     165           0 :     ret = sysdb_set_entry_attr(sysdb, res->msgs[0]->dn, new_attrs,
     166             :                                cached_canonical_upn == NULL ? SYSDB_MOD_ADD :
     167             :                                                               SYSDB_MOD_REP);
     168           0 :     if (ret != EOK) {
     169           0 :         DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed [%d][%s].\n",
     170             :                                   ret, strerror(ret));
     171           0 :         goto done;
     172             :     }
     173             : 
     174           0 :     ret = sysdb_transaction_commit(sysdb);
     175           0 :     if (ret != EOK) {
     176           0 :         DEBUG(SSSDBG_OP_FAILURE, "Failed to commit transaction!\n");
     177           0 :         goto done;
     178             :     }
     179           0 :     in_transaction = false;
     180             : 
     181           0 :     ret = EOK;
     182             : 
     183             : done:
     184           0 :     if (in_transaction) {
     185           0 :         sret = sysdb_transaction_cancel(sysdb);
     186           0 :         if (sret != EOK) {
     187           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
     188             :         }
     189             :     }
     190             : 
     191           0 :     talloc_free(tmp_ctx);
     192             : 
     193           0 :     return ret;
     194             : }
     195             : 
     196             : #define S_EXP_UID "{uid}"
     197             : #define L_EXP_UID (sizeof(S_EXP_UID) - 1)
     198             : #define S_EXP_USERID "{USERID}"
     199             : #define L_EXP_USERID (sizeof(S_EXP_USERID) - 1)
     200             : #define S_EXP_EUID "{euid}"
     201             : #define L_EXP_EUID (sizeof(S_EXP_EUID) - 1)
     202             : #define S_EXP_USERNAME "{username}"
     203             : #define L_EXP_USERNAME (sizeof(S_EXP_USERNAME) - 1)
     204             : 
     205             : static errno_t
     206           4 : check_ccache_re(const char *filename, pcre *illegal_re)
     207             : {
     208             :     errno_t ret;
     209             : 
     210           4 :     ret = pcre_exec(illegal_re, NULL, filename, strlen(filename),
     211             :                     0, 0, NULL, 0);
     212           4 :     if (ret == 0) {
     213           4 :         DEBUG(SSSDBG_OP_FAILURE,
     214             :               "Illegal pattern in ccache directory name [%s].\n", filename);
     215           4 :         return EINVAL;
     216           0 :     } else if (ret == PCRE_ERROR_NOMATCH) {
     217           0 :         DEBUG(SSSDBG_TRACE_LIBS,
     218             :               "Ccache directory name [%s] does not contain "
     219             :                "illegal patterns.\n", filename);
     220           0 :         return EOK;
     221             :     }
     222             : 
     223           0 :     DEBUG(SSSDBG_CRIT_FAILURE, "pcre_exec failed [%d].\n", ret);
     224           0 :     return EFAULT;
     225             : }
     226             : 
     227          41 : char *expand_ccname_template(TALLOC_CTX *mem_ctx, struct krb5child_req *kr,
     228             :                              const char *template, pcre *illegal_re,
     229             :                              bool file_mode, bool case_sensitive)
     230             : {
     231             :     char *copy;
     232             :     char *p;
     233             :     char *n;
     234          41 :     char *result = NULL;
     235             :     char *dummy;
     236             :     char *name;
     237          41 :     char *res = NULL;
     238             :     const char *cache_dir_tmpl;
     239          41 :     TALLOC_CTX *tmp_ctx = NULL;
     240             :     char action;
     241             :     bool rerun;
     242             :     int ret;
     243             : 
     244          41 :     if (template == NULL) {
     245           1 :         DEBUG(SSSDBG_CRIT_FAILURE, "Missing template.\n");
     246           1 :         return NULL;
     247             :     }
     248             : 
     249          40 :     tmp_ctx = talloc_new(NULL);
     250          40 :     if (!tmp_ctx) return NULL;
     251             : 
     252          40 :     copy = talloc_strdup(tmp_ctx, template);
     253          40 :     if (copy == NULL) {
     254           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
     255           0 :         goto done;
     256             :     }
     257             : 
     258          40 :     result = talloc_strdup(tmp_ctx, "");
     259          40 :     if (result == NULL) {
     260           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
     261           0 :         goto done;
     262             :     }
     263             : 
     264          40 :     p = copy;
     265         114 :     while ( (n = strchr(p, '%')) != NULL) {
     266          41 :         *n = '\0';
     267          41 :         n++;
     268          41 :         if ( *n == '\0' ) {
     269           0 :             DEBUG(SSSDBG_CRIT_FAILURE,
     270             :                   "format error, single %% at the end of the template.\n");
     271           0 :             goto done;
     272             :         }
     273             : 
     274          41 :         rerun = true;
     275          41 :         action = *n;
     276         120 :         while (rerun) {
     277          45 :             rerun = false;
     278          45 :             switch (action) {
     279             :             case 'u':
     280           9 :                 if (kr->pd->user == NULL) {
     281           0 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     282             :                           "Cannot expand user name template "
     283             :                               "because user name is empty.\n");
     284           0 :                     goto done;
     285             :                 }
     286           9 :                 name = sss_get_cased_name(tmp_ctx, kr->pd->user,
     287             :                                           case_sensitive);
     288           9 :                 if (!name) {
     289           0 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     290             :                           "sss_get_cased_name failed\n");
     291           0 :                     goto done;
     292             :                 }
     293             : 
     294           9 :                 result = talloc_asprintf_append(result, "%s%s", p,
     295             :                                                 name);
     296           9 :                 break;
     297             :             case 'U':
     298           7 :                 if (kr->uid <= 0) {
     299           0 :                     DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand uid template "
     300             :                               "because uid is invalid.\n");
     301           0 :                     goto done;
     302             :                 }
     303           7 :                 result = talloc_asprintf_append(result, "%s%"SPRIuid, p,
     304             :                                                 kr->uid);
     305           7 :                 break;
     306             :             case 'p':
     307           2 :                 if (kr->upn == NULL) {
     308           0 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     309             :                           "Cannot expand user principal name template "
     310             :                               "because upn is empty.\n");
     311           0 :                     goto done;
     312             :                 }
     313           2 :                 result = talloc_asprintf_append(result, "%s%s", p, kr->upn);
     314           2 :                 break;
     315             :             case '%':
     316           2 :                 result = talloc_asprintf_append(result, "%s%%", p);
     317           2 :                 break;
     318             :             case 'r':
     319           2 :                 dummy = dp_opt_get_string(kr->krb5_ctx->opts, KRB5_REALM);
     320           2 :                 if (dummy == NULL) {
     321           0 :                     DEBUG(SSSDBG_CRIT_FAILURE, "Missing kerberos realm.\n");
     322           0 :                     goto done;
     323             :                 }
     324           2 :                 result = talloc_asprintf_append(result, "%s%s", p, dummy);
     325           2 :                 break;
     326             :             case 'h':
     327           2 :                 if (kr->homedir == NULL) {
     328           0 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     329             :                           "Cannot expand home directory template "
     330             :                               "because the path is not available.\n");
     331           0 :                     goto done;
     332             :                 }
     333           2 :                 result = talloc_asprintf_append(result, "%s%s", p, kr->homedir);
     334           2 :                 break;
     335             :             case 'd':
     336          12 :                 if (file_mode) {
     337          11 :                     cache_dir_tmpl = dp_opt_get_string(kr->krb5_ctx->opts,
     338             :                                                        KRB5_CCACHEDIR);
     339          11 :                     if (cache_dir_tmpl == NULL) {
     340           0 :                         DEBUG(SSSDBG_CRIT_FAILURE,
     341             :                               "Missing credential cache directory.\n");
     342           0 :                         goto done;
     343             :                     }
     344             : 
     345          11 :                     dummy = expand_ccname_template(tmp_ctx, kr, cache_dir_tmpl,
     346             :                                                    illegal_re, false, case_sensitive);
     347          11 :                     if (dummy == NULL) {
     348           3 :                         DEBUG(SSSDBG_CRIT_FAILURE,
     349             :                               "Expanding credential cache directory "
     350             :                                   "template failed.\n");
     351           3 :                         goto done;
     352             :                     }
     353           8 :                     result = talloc_asprintf_append(result, "%s%s", p, dummy);
     354           8 :                     talloc_zfree(dummy);
     355             :                 } else {
     356           1 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     357             :                           "'%%d' is not allowed in this template.\n");
     358           1 :                     goto done;
     359             :                 }
     360           8 :                 break;
     361             :             case 'P':
     362           2 :                 if (!file_mode) {
     363           1 :                     DEBUG(SSSDBG_CRIT_FAILURE,
     364             :                           "'%%P' is not allowed in this template.\n");
     365           1 :                     goto done;
     366             :                 }
     367           1 :                 if (kr->pd->cli_pid == 0) {
     368           0 :                     DEBUG(SSSDBG_CRIT_FAILURE, "Cannot expand PID template "
     369             :                               "because PID is not available.\n");
     370           0 :                     goto done;
     371             :                 }
     372           1 :                 result = talloc_asprintf_append(result, "%s%d", p,
     373           1 :                                                 kr->pd->cli_pid);
     374           1 :                 break;
     375             : 
     376             :             /* Additional syntax from krb5.conf default_ccache_name */
     377             :             case '{':
     378           5 :                 if (strncmp(n , S_EXP_UID, L_EXP_UID) == 0) {
     379           1 :                     action = 'U';
     380           1 :                     n += L_EXP_UID - 1;
     381           1 :                     rerun = true;
     382           1 :                     continue;
     383           4 :                 } else if (strncmp(n , S_EXP_USERID, L_EXP_USERID) == 0) {
     384           1 :                     action = 'U';
     385           1 :                     n += L_EXP_USERID - 1;
     386           1 :                     rerun = true;
     387           1 :                     continue;
     388           3 :                 } else if (strncmp(n , S_EXP_EUID, L_EXP_EUID) == 0) {
     389             :                     /* SSSD does not distinguish between uid and euid,
     390             :                      * so we treat both the same way */
     391           1 :                     action = 'U';
     392           1 :                     n += L_EXP_EUID - 1;
     393           1 :                     rerun = true;
     394           1 :                     continue;
     395           2 :                 } else if (strncmp(n , S_EXP_USERNAME, L_EXP_USERNAME) == 0) {
     396           1 :                     action = 'u';
     397           1 :                     n += L_EXP_USERNAME - 1;
     398           1 :                     rerun = true;
     399           1 :                     continue;
     400             :                 } else {
     401             :                     /* ignore any expansion variable we do not understand and
     402             :                      * let libkrb5 hndle it or fail */
     403           1 :                     name = n;
     404           1 :                     n = strchr(name, '}');
     405           1 :                     if (!n) {
     406           0 :                         DEBUG(SSSDBG_CRIT_FAILURE,
     407             :                               "Invalid substitution sequence in cache "
     408             :                               "template. Missing closing '}' in [%s].\n",
     409             :                               template);
     410           0 :                         goto done;
     411             :                     }
     412           1 :                     result = talloc_asprintf_append(result, "%s%%%.*s", p,
     413           1 :                                                     (int)(n - name + 1), name);
     414             :                 }
     415           1 :                 break;
     416             :             default:
     417           2 :                 DEBUG(SSSDBG_CRIT_FAILURE,
     418             :                       "format error, unknown template [%%%c].\n", *n);
     419           2 :                 goto done;
     420             :             }
     421             :         }
     422             : 
     423          34 :         if (result == NULL) {
     424           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
     425           0 :             goto done;
     426             :         }
     427             : 
     428          34 :         p = n + 1;
     429             :     }
     430             : 
     431          33 :     result = talloc_asprintf_append(result, "%s", p);
     432          33 :     if (result == NULL) {
     433           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf_append failed.\n");
     434           0 :         goto done;
     435             :     }
     436             : 
     437          33 :     if (illegal_re != NULL) {
     438           4 :         ret = check_ccache_re(result, illegal_re);
     439           4 :         if (ret != EOK) {
     440           4 :             goto done;
     441             :         }
     442             :     }
     443             : 
     444          29 :     res = talloc_move(mem_ctx, &result);
     445             : done:
     446          40 :     talloc_zfree(tmp_ctx);
     447          40 :     return res;
     448             : }
     449             : 
     450           0 : errno_t get_domain_or_subdomain(struct be_ctx *be_ctx,
     451             :                                 char *domain_name,
     452             :                                 struct sss_domain_info **dom)
     453             : {
     454             : 
     455           0 :     if (domain_name != NULL &&
     456           0 :         strcasecmp(domain_name, be_ctx->domain->name) != 0) {
     457           0 :         *dom = find_domain_by_name(be_ctx->domain, domain_name, true);
     458           0 :         if (*dom == NULL) {
     459           0 :             DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_name failed.\n");
     460           0 :             return ENOMEM;
     461             :         }
     462             :     } else {
     463           0 :         *dom = be_ctx->domain;
     464             :     }
     465             : 
     466           0 :     return EOK;
     467             : }
     468             : 
     469          12 : static errno_t split_tuple(TALLOC_CTX *mem_ctx, const char *tuple,
     470             :                            const char **_first, const char **_second)
     471             : {
     472             :     errno_t ret;
     473             :     char **list;
     474             :     int n;
     475             : 
     476          12 :     ret = split_on_separator(mem_ctx, tuple, ':', true, true, &list, &n);
     477             : 
     478          12 :     if (ret != EOK) {
     479           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
     480             :               "split_on_separator failed - %s:[%d]\n",
     481             :               sss_strerror(ret), ret);
     482           0 :         goto done;
     483          12 :     } else if (n != 2) {
     484           6 :         DEBUG(SSSDBG_MINOR_FAILURE,
     485             :               "split_on_separator failed - Expected format is: "
     486             :               "'username:primary' but got: '%s'.\n", tuple);
     487           6 :         ret = EINVAL;
     488           6 :         goto done;
     489             :     }
     490             : 
     491           6 :     *_first = list[0];
     492           6 :     *_second = list[1];
     493             : 
     494             : done:
     495          12 :     return ret;
     496             : }
     497             : 
     498             : static errno_t
     499           8 : fill_name_to_primary_map(TALLOC_CTX *mem_ctx, char **map,
     500             :                          struct map_id_name_to_krb_primary *name_to_primary,
     501             :                          size_t size)
     502             : {
     503             :     int i;
     504             :     errno_t ret;
     505             : 
     506          14 :     for (i = 0; i < size; i++) {
     507          24 :         ret = split_tuple(mem_ctx, map[i],
     508          12 :                           &name_to_primary[i].id_name,
     509          12 :                           &name_to_primary[i].krb_primary);
     510          12 :         if (ret != EOK) {
     511           6 :             DEBUG(SSSDBG_MINOR_FAILURE,
     512             :                   "split_tuple failed - %s:[%d]\n", sss_strerror(ret), ret);
     513           6 :             goto done;
     514             :         }
     515             :     }
     516             : 
     517           2 :     ret = EOK;
     518             : 
     519             : done:
     520           8 :     return ret;
     521             : }
     522             : 
     523             : errno_t
     524          12 : parse_krb5_map_user(TALLOC_CTX *mem_ctx, const char *krb5_map_user,
     525             :                     struct map_id_name_to_krb_primary **_name_to_primary)
     526             : {
     527             :     int size;
     528             :     char **map;
     529             :     errno_t ret;
     530             :     TALLOC_CTX *tmp_ctx;
     531             :     struct map_id_name_to_krb_primary *name_to_primary;
     532             : 
     533          12 :     tmp_ctx = talloc_new(NULL);
     534          12 :     if (tmp_ctx == NULL) {
     535           0 :         ret = ENOMEM;
     536           0 :         goto done;
     537             :     }
     538             : 
     539          12 :     if (krb5_map_user == NULL || strlen(krb5_map_user) == 0) {
     540           2 :         DEBUG(SSSDBG_FUNC_DATA, "Warning: krb5_map_user is empty!\n");
     541           2 :         size = 0;
     542             :     } else {
     543          10 :         ret = split_on_separator(tmp_ctx, krb5_map_user, ',', true, true,
     544             :                                  &map, &size);
     545          10 :         if (ret != EOK) {
     546           0 :             DEBUG(SSSDBG_OP_FAILURE, "Failed to parse krb5_map_user!\n");
     547           0 :             goto done;
     548             :         }
     549             :     }
     550             : 
     551          12 :     name_to_primary = talloc_zero_array(tmp_ctx,
     552             :                                         struct map_id_name_to_krb_primary,
     553             :                                         size + 1);
     554          12 :     if (name_to_primary == NULL) {
     555           0 :         ret = ENOMEM;
     556           0 :         goto done;
     557             :     }
     558             :     /* sentinel */
     559          12 :     name_to_primary[size].id_name = NULL;
     560          12 :     name_to_primary[size].krb_primary = NULL;
     561             : 
     562          12 :     if (size > 0) {
     563           8 :         ret = fill_name_to_primary_map(name_to_primary, map, name_to_primary,
     564             :                                        size);
     565           8 :         if (ret != EOK) {
     566           6 :             DEBUG(SSSDBG_MINOR_FAILURE,
     567             :                   "fill_name_to_primary_map failed: %s:[%d]\n",
     568             :                   sss_strerror(ret), ret);
     569           6 :             goto done;
     570             :         }
     571             :     }
     572             : 
     573           6 :     ret = EOK;
     574             : 
     575             : done:
     576          12 :     if (ret == EOK) {
     577           6 :         *_name_to_primary = talloc_steal(mem_ctx, name_to_primary);
     578             :     }
     579          12 :     talloc_free(tmp_ctx);
     580          12 :     return ret;
     581             : }

Generated by: LCOV version 1.10