Skip to content

Commit

Permalink
krb5: make prompter and pre-auth debug message less irritating
Browse files Browse the repository at this point in the history
Resolves: #7152
  • Loading branch information
sumit-bose committed Mar 15, 2024
1 parent 25ac4c1 commit 584b152
Showing 1 changed file with 8 additions and 4 deletions.
12 changes: 8 additions & 4 deletions src/providers/krb5/krb5_child.c
Original file line number Diff line number Diff line change
Expand Up @@ -1346,7 +1346,7 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
}

DEBUG(SSSDBG_TRACE_ALL,
"sss_krb5_prompter name [%s] banner [%s] num_prompts [%d] EINVAL.\n",
"sss_krb5_prompter name [%s] banner [%s] num_prompts [%d].\n",
name, banner, num_prompts);

if (num_prompts != 0) {
Expand All @@ -1355,7 +1355,10 @@ static krb5_error_code sss_krb5_prompter(krb5_context context, void *data,
prompts[c].prompt);
}

DEBUG(SSSDBG_FUNC_DATA, "Prompter interface isn't used for password prompts by SSSD.\n");
DEBUG(SSSDBG_FUNC_DATA,

Check failure on line 1358 in src/providers/krb5/krb5_child.c

View workflow job for this annotation

GitHub Actions / covscan

RESOURCE_LEAK (CWE-772)

:Error: RESOURCE_LEAK (CWE-772): sssd-pr7243/src/providers/krb5/krb5_child.c:1358: alloc_fn: Storage is returned from allocation function "krb5_get_error_message". sssd-pr7243/src/providers/krb5/krb5_child.c:1358: noescape: Assuming resource "krb5_get_error_message(context, -1765328254)" is not freed or pointed-to as ellipsis argument to "sss_debug_fn". sssd-pr7243/src/providers/krb5/krb5_child.c:1358: leaked_storage: Failing to save or free storage allocated by "krb5_get_error_message(context, -1765328254)" leaks it. # 1356| } # 1357| # 1358|-> DEBUG(SSSDBG_FUNC_DATA, # 1359| "Prompter interface isn't used for prompting by SSSD." # 1360| "Error [%ld/%s] is expected.\n", KRB5_LIBOS_CANTREADPWD,
"Prompter interface isn't used for prompting by SSSD."
"Error [%ld/%s] is expected.\n", KRB5_LIBOS_CANTREADPWD,
krb5_get_error_message(context, KRB5_LIBOS_CANTREADPWD));
return KRB5_LIBOS_CANTREADPWD;
}

Expand Down Expand Up @@ -2824,8 +2827,9 @@ static errno_t tgt_req_child(struct krb5_req *kr)
* should now know which authentication methods are available to
* update the password. */
DEBUG(SSSDBG_TRACE_FUNC,
"krb5_get_init_creds_password returned [%d] during pre-auth, "
"ignored.\n", kerr);
"krb5_get_init_creds_password returned [%d] while collecting "
"available authentication types, errors are expected "
"and ignored.\n", kerr);
ret = pam_add_prompting(kr);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "pam_add_prompting failed.\n");
Expand Down

0 comments on commit 584b152

Please sign in to comment.