[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: smbk5pwd crash for missing symbol

Guillaume Rousse wrote:
> Love Hörnquist Åstrand a écrit :
>> 27 maj 2008 kl. 02.18 skrev Guillaume Rousse:
>>> I tried this approach (patch attached).
>>> Converting _kadm5_free_keys to hdb_free_keys is trivial, as the former
>>> is just a wrapper over the second.
>>> However, converting _kadm5_set_keys to hdb_generate_key_set_password
>>> is much more difficult. I first tried to inline all code from
>>> _kadm5_set_keys in smbk5pwd.c. However, gcc complains about "request
>>> for member ‘context’ in something not a structure or union" because it
>>> doesn't have any clue about the nature of kadm_context, which is a
>>> void ponter for smbk5pwd. Trying to cast it as a kadm5_server_context
>>> pointer fails, as this seems also to be a private heimdal structure...
>>> Given my lack of C knowledge, I'm a bit stuck there.
>> You can use the krb5_contex that is global in the module, just change
>> the code to use context instead of kadm5_context.
> Slightly better but I still can't access its members:
> smbk5pwd.c:416: error: dereferencing pointer to incomplete type

The kadm5_context.db field is already available as "db" in this module, there 
is no need to dereference anything else to get it.

Looking at your patch, exactly duplicating all of _kadm5_set_keys' behavior is 
the wrong approach. The hdb entry being operated on will not get written back 
to any DB using the hdb APIs, so 
hdb_entry_set_pw_change_time()/hdb_entry_set_password() will not accomplish 
anything. If you want to support those features you have to create appropriate 
Modify subops for them to attach to the Modification that's being assembled. 
That also means retrieving the appropriate AttributeDescriptions corresponding 
to whatever LDAP attribute Heimdal normally uses to store those fields. Note 
that Heimdal's hdb-ldap.c doesn't actually touch any of the HDB_extension 
fields in the HDB entry, so hdb_entry_set_password() is futile anyway.

> According to my understanding, kadm_context type is a pointer to an
> internally-defined krb5_context_data structure.
> Inlining private function is not straightforward, especially for dumb C
> programmers :)

It takes more than a basic understanding of C syntax to write code. You have 
to also take the time to understand the overall purpose of the code you're 
working with.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/