Skip to content

[autobackport: sssd-2-9] ipa: check for empty trusts in ipa_get_trust_type()#8257

Merged
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8254-to-sssd-2-9
Dec 2, 2025
Merged

[autobackport: sssd-2-9] ipa: check for empty trusts in ipa_get_trust_type()#8257
alexey-tikhonov merged 1 commit intoSSSD:sssd-2-9from
sssd-bot:SSSD-sssd-backport-pr8254-to-sssd-2-9

Conversation

@sssd-bot
Copy link
Contributor

@sssd-bot sssd-bot commented Dec 2, 2025

This is an automatic backport of PR#8254 ipa: check for empty trusts in ipa_get_trust_type() to branch sssd-2-9, created by @sumit-bose.

Please make sure this backport is correct.

Note

The commits were cherry-picked without conflicts.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr8254-to-sssd-2-9
git checkout SSSD-sssd-backport-pr8254-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr8254-to-sssd-2-9 --force

Original commits
d865ac3 - ipa: check for empty trusts in ipa_get_trust_type()

Backported commits

  • 4c77584 - ipa: check for empty trusts in ipa_get_trust_type()

Original Pull Request Body

Similar as ipa_get_ad_id_ctx() or ipa_get_ipa_id_ctx() ipa_get_trust_type() should be aware that the 'trusts' member of 'server_mode' might be NULL.

@sumit-bose
ipa: check for empty trusts in ipa_get_trust_type()
4c77584 
Similar as ipa_get_ad_id_ctx() or ipa_get_ipa_id_ctx()
ipa_get_trust_type() should be aware that the 'trusts' member of
'server_mode' might be NULL.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
(cherry picked from commit d865ac3)
gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 2, 2025
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a crucial fix in ipa_get_trust_type() by adding a null check for the iter pointer. This prevents a potential null pointer dereference, enhancing the robustness and stability of the function. The change correctly handles cases where no matching trust is found, returning IPA_TRUST_UNKNOWN instead of accessing an invalid memory location.

@alexey-tikhonov
Copy link
Member

alexey-tikhonov commented Dec 2, 2025

FAILED tests/test_access_control_simple.py::test_access_control_simple__permits_user_login_based_on_group (samba) is a known issue not introduced by this PR.

@alexey-tikhonov alexey-tikhonov added no-backport This should go to target branch only. Accepted labels Dec 2, 2025
@sssd-bot
Copy link
Contributor Author

sssd-bot commented Dec 2, 2025

The pull request was accepted by @alexey-tikhonov with the following PR CI status:

🟢 CodeQL (success)
🟢 rpm-build:centos-stream-9-x86_64:upstream (success)
🟢 Analyze (target) / cppcheck (success)
🟢 Build / make-distcheck (success)
🟢 ci / prepare (success)
🔴 ci / system (centos-9) (failure)
🟢 Static code analysis / codeql (success)
🟢 Static code analysis / pre-commit (success)
🟢 Static code analysis / python-system-tests (success)

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

@alexey-tikhonov alexey-tikhonov merged commit 85af57c into SSSD:sssd-2-9 Dec 2, 2025
12 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov alexey-tikhonov approved these changes

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@alexey-tikhonov alexey-tikhonov

Labels

Accepted no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sssd-bot @alexey-tikhonov @sumit-bose