On 01/27/2015 05:21 PM, Martin Babinsky wrote:
This series of patches is related to
https://fedorahosted.org/freeipa/ticket/4795.

The attached patches attempt to address some of the defects encountered
during running covscan on freeipa-master branch.

The complete list is here:
http://cov01.lab.eng.brq.redhat.com/covscanhub/task/16553/log/freeipa-4.1.99.201501270952GITc90286c-0.fc21/scan-results.html


These patches do not fix defects 1 to 22 which occur in a code generated
by asn1c, defect 23 which is related to
https://fedorahosted.org/freeipa/ticket/4861, and defect 27 (dead code).

Each patch contains a detailed description of a defect and a proposed
fix to address it.

Martin^3


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel


Attaching updated patches.

--
Martin^3 Babinsky
From 90ef7bedadd01338cdcf70f181a13607180c3356 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 14:22:15 +0100
Subject: [PATCH 1/7] added warning message after default: branch

This patch is related this defect reported by covscan on FreeIPA master:

"""
Error: DEADCODE (CWE-561):
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42: cond_const: Condition "error_code !=
-1765328353L", taking false branch. Now the value of "error_code" is equal to
-1765328353.  
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42: cond_const: Condition
"error_code != -1765328360L", taking false branch. Now the value of
"error_code" is equal to -1765328360.  
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42:
cond_const: Condition "error_code != 0", taking false branch. Now the value of
"error_code" is equal to 0.  
/daemons/ipa-kdb/ipa_kdb_audit_as.c:71:
intervals: When switching on "error_code", the value of "error_code" must be
in one of the following intervals: {[-1765328360,-1765328360],
[-1765328353,-1765328353], [0,0]}.  
/daemons/ipa-kdb/ipa_kdb_audit_as.c:71:
dead_error_condition: The switch value "error_code" cannot reach the default
case.  
/daemons/ipa-kdb/ipa_kdb_audit_as.c:123: dead_error_begin: Execution
cannot reach this statement: "default:".
"""

This patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795.

---
 daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++++
 daemons/ipa-kdb/ipa_kdb_mspac.c    | 3 ---
 util/ipa_krb5.h                    | 2 ++
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
index 52c165442bde61d3ce88843b122aae7fe0fae50b..5f59bf33a761905d69d2d3167a206766457796fb 100644
--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
@@ -20,6 +20,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
+#include <syslog.h>
 #include "ipa_kdb.h"
 #include "ipa_pwd.h"
 
@@ -121,6 +122,9 @@ void ipadb_audit_as_req(krb5_context kcontext,
         client->mask |= KMASK_LAST_FAILED;
         break;
     default:
+        krb5_klog_syslog(LOG_ERR,
+                         "File '%s' line %d: Got an unexpected value of "
+                         "error_code: %d\n", __FILE__, __LINE__, error_code);
         return;
     }
 
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index a4500070760e83994c8155a12ee6414b5ebee9e0..22774e02309f0715b49545e0f6f21d599e7afe0a 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -54,9 +54,6 @@ struct ipadb_mspac {
     time_t last_update;
 };
 
-
-int krb5_klog_syslog(int, const char *, ...);
-
 static char *user_pac_attrs[] = {
     "objectClass",
     "uid",
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
index 7b877aa665dd6cb4e0c1cf9d8153319cc8f61a20..2153bd57142d1468031d0aa4b5d3f59ef5c890b5 100644
--- a/util/ipa_krb5.h
+++ b/util/ipa_krb5.h
@@ -30,6 +30,8 @@ struct keys_container {
 #define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
 #define KEYTAB_GET_OID "2.16.840.1.113730.3.8.10.5"
 
+int krb5_klog_syslog(int, const char *, ...);
+
 void
 ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
 
-- 
2.1.0

From 463d521c6a1872e2a00c33163936cd985066a027 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 27 Jan 2015 13:15:43 +0100
Subject: [PATCH 2/7] proposed fix for a defect reported in 'ipa_kdb_mspac.c'

This patch proposes a fix for the following defect reported by covscan in
FreeIPA master code:

"""
Error: DEADCODE (CWE-561):
/daemons/ipa-kdb/ipa_kdb_mspac.c:2013: assignment: Assigning: "client_entry" =
"NULL".  
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077: null: At condition
"client_entry", the value of "client_entry" must be "NULL".
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077: dead_error_condition: The condition
"client_entry" cannot be true.  
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077:
dead_error_line: Execution cannot reach the expression "client_entry" inside
this statement: "kerr = ipadb_get_pac(contex...".
"""

After consultation with Simo we deciced to remove the condition from line 2074
entirely since in this branch of code 'client' seems to be always NULL (see
code between lines 2019 and 2077).

This is a part of a series of patches related to
https://fedorahosted.org/freeipa/ticket/4795
---
 daemons/ipa-kdb/ipa_kdb_mspac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 22774e02309f0715b49545e0f6f21d599e7afe0a..0f47d1f4bd536e24b9d46a35232ad558b33b4b26 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -2071,7 +2071,7 @@ krb5_error_code ipadb_sign_authdata(krb5_context context,
             }
         }
 
-        kerr = ipadb_get_pac(context, client_entry ? client_entry : client, &pac);
+        kerr = ipadb_get_pac(context, client, &pac);
         if (kerr != 0 && kerr != ENOENT) {
             goto done;
         }
-- 
2.1.0

From 3778c4f29a4924923ed7b159c540694c8272b55f Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 14:25:15 +0100
Subject: [PATCH 3/7] proposed fix for a defect reported in 'ipa_kdb_principals.c'

The patch addresses the following defect reported by covscan in FreeIPA
master:

"""
Error: FORWARD_NULL (CWE-476): 
/daemons/ipa-kdb/ipa_kdb_principals.c:1886: assign_zero: Assigning:
"principal" = "NULL".  
/daemons/ipa-kdb/ipa_kdb_principals.c:1929:
var_deref_model: Passing null pointer "principal" to "ipadb_entry_to_mods",
which dereferences it.  
/daemons/ipa-kdb/ipa_kdb_principals.c:1491:9:
deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences
"principal".  
/daemons/ipa-kdb/ipa_kdb_principals.c:1174:5:
deref_parm_in_call: Function "strdup" dereferences "value"
"""

This is a part of series of patches related to
https://fedorahosted.org/freeipa/ticket/4795

---
 daemons/ipa-kdb/ipa_kdb_principals.c | 72 +++++++++++++++++++++++-------------
 1 file changed, 47 insertions(+), 25 deletions(-)

diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index e158c236eab5c7c5a7c12664dbde5d51cc55406d..901504d9ba9a36a2262c11f41fb009d0c73ce015 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1474,10 +1474,38 @@ done:
     return kerr;
 }
 
+static krb5_error_code ipadb_principal_to_mods(krb5_context kcontext,
+                                               struct ipadb_mods *imods,
+                                               char *principal,
+                                               int mod_op)
+{
+    krb5_error_code kerr;
+
+    if (principal == NULL) {
+       kerr = EINVAL;
+       goto done;
+    }
+
+    kerr = ipadb_get_ldap_mod_str(imods, "krbPrincipalName",
+                                  principal, mod_op);
+    if (kerr) {
+        goto done;
+    }
+    kerr = ipadb_get_ldap_mod_str(imods, "ipaKrbPrincipalAlias",
+                                  principal, mod_op);
+    if (kerr) {
+        goto done;
+    }
+
+    kerr = 0;
+
+done:
+    return kerr;
+}
+
 static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
                                            struct ipadb_mods *imods,
                                            krb5_db_entry *entry,
-                                           char *principal,
                                            int mod_op)
 {
     krb5_error_code kerr;
@@ -1486,20 +1514,6 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
 
     /* check each mask flag in order */
 
-    /* KADM5_PRINCIPAL */
-    if (entry->mask & KMASK_PRINCIPAL) {
-        kerr = ipadb_get_ldap_mod_str(imods, "krbPrincipalName",
-                                      principal, mod_op);
-        if (kerr) {
-            goto done;
-        }
-        kerr = ipadb_get_ldap_mod_str(imods, "ipaKrbPrincipalAlias",
-                                      principal, mod_op);
-        if (kerr) {
-            goto done;
-        }
-    }
-
     /* KADM5_PRINC_EXPIRE_TIME */
     if (entry->mask & KMASK_PRINC_EXPIRE_TIME) {
         kerr = ipadb_get_ldap_mod_time(imods,
@@ -1863,8 +1877,12 @@ static krb5_error_code ipadb_add_principal(krb5_context kcontext,
         goto done;
     }
 
-    kerr = ipadb_entry_to_mods(kcontext, imods,
-                               entry, principal, LDAP_MOD_ADD);
+    kerr = ipadb_principal_to_mods(kcontext, imods, principal, LDAP_MOD_ADD);
+    if (kerr != 0) {
+        goto done;
+    }
+
+    kerr = ipadb_entry_to_mods(kcontext, imods, entry, LDAP_MOD_ADD);
     if (kerr != 0) {
         goto done;
     }
@@ -1895,18 +1913,21 @@ static krb5_error_code ipadb_modify_principal(krb5_context kcontext,
         return KRB5_KDB_DBNOTINITED;
     }
 
+    kerr = new_ipadb_mods(&imods);
+    if (kerr) {
+        goto done;
+    }
+
     ied = (struct ipadb_e_data *)entry->e_data;
     if (!ied || !ied->entry_dn) {
         kerr = krb5_unparse_name(kcontext, entry->princ, &principal);
         if (kerr != 0) {
             goto done;
         }
-
         kerr = ipadb_fetch_principals(ipactx, 0, principal, &res);
         if (kerr != 0) {
             goto done;
         }
-
         /* FIXME: no alias allowed for now, should we allow modifies
          * by alias name ? */
         kerr = ipadb_find_principal(kcontext, 0, res, &principal, &lentry);
@@ -1919,15 +1940,16 @@ static krb5_error_code ipadb_modify_principal(krb5_context kcontext,
             kerr = KRB5_KDB_INTERNAL_ERROR;
             goto done;
         }
-    }
 
-    kerr = new_ipadb_mods(&imods);
-    if (kerr) {
-        goto done;
+        kerr = ipadb_principal_to_mods(kcontext, imods, principal,
+                                       LDAP_MOD_REPLACE);
+        if (kerr != 0) {
+            goto done;
+        }
+
     }
 
-    kerr = ipadb_entry_to_mods(kcontext, imods,
-                               entry, principal, LDAP_MOD_REPLACE);
+    kerr = ipadb_entry_to_mods(kcontext, imods, entry, LDAP_MOD_REPLACE);
     if (kerr != 0) {
         goto done;
     }
-- 
2.1.0

From 500c7aa94aefaf1ad2f5f11c87ed267970e1878b Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 14:26:53 +0100
Subject: [PATCH 4/7] proposed fix for a defect reported in
 'ipa_otp_lasttoken.c'

This patch fixes the following defect reported by covscan:

"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c:119:
check_return: Calling "slapi_search_internal_get_entry" without checking
return value (as is done elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207:
example_assign: Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212:
example_checked: Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651:
example_assign: Example 3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653:
example_checked: Example 3 (cont.): "search_result" has its value checked in
"search_result != 0".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035:
example_assign: Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817:
example_assign: Example 5: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820:
example_checked: Example 5 (cont.): "ret" has its value checked in "ret ==
10".
"""

this patch is a part of a series related to
https://fedorahosted.org/freeipa/ticket/4795

---
 .../ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c    | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
index 233813745795344f31a7dcf1931cf74a09f1e552..a085a3a328a19e4c49bbc7ad6220564b59488e12 100644
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
@@ -111,13 +111,19 @@ static bool is_pwd_enabled(const char *user_dn)
     Slapi_Entry *entry = NULL;
     uint32_t authtypes;
     Slapi_DN *sdn;
+    int search_result = 0;
 
     sdn = slapi_sdn_new_dn_byval(user_dn);
     if (sdn == NULL)
         return false;
 
-    slapi_search_internal_get_entry(sdn, attrs, &entry,
-                                    otp_config_plugin_id(otp_config));
+    search_result = slapi_search_internal_get_entry(sdn, attrs, &entry,
+            otp_config_plugin_id(otp_config));
+    if (search_result != LDAP_SUCCESS) {
+        LOG_TRACE("File '%s' line %d: Unable to access LDAP entry '%s'. "
+                "Perhaps it doesn't exist? Error code: %d\n", __FILE__,
+                __LINE__, slapi_sdn_get_dn(sdn), search_result);
+    }
     slapi_sdn_free(&sdn);
     if (entry == NULL)
         return false;
-- 
2.1.0

From 8be1346f57a25fd963c5ef62573ec21d83cf370c Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Tue, 27 Jan 2015 15:47:50 +0100
Subject: [PATCH 5/7] added an informational comment about intentional
 fallthrough

This patch is related to this defect reported by covscan in FreeIPA code:

"""
Error: MISSING_BREAK (CWE-484):
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:631: unterminated_case: The
case for value "2" is not terminated by a 'break' statement.
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:638: fallthrough: The above
case falls through to this one.
"""

Added a comment informing about intentional falltrough in this place, so that
future generations reading the code don't get confused.

The patch is the part of a series related to
https://fedorahosted.org/freeipa/ticket/4795
---
 daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
index 84eff17013d2742d1b5e5c4ea5f4e22ee290d785..4231f387f5440cdad0e81b76922a926edd955880 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
@@ -634,7 +634,8 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb)
                 is_krb = 0;
                 is_smb = 0;
                 is_ipant = 0;
-
+                /* After examining the output of covscan, we think that this
+                 * fallthrough is intentional.*/
             case LDAP_MOD_ADD:
                 if (!lmod->mod_bvalues ||
                     !lmod->mod_bvalues[0]) {
-- 
2.1.0

From 8b56477e3f7de44b88836c7cbb9975c0565adb67 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 14:32:53 +0100
Subject: [PATCH 6/7] added a debug message to 'ipa_uuid.c'

This patch is related to the following defect reported by covscan of FreeIPA
master code:

"""
Error: DEADCODE (CWE-561): /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 1", taking false branch. Now the value of
"modtype" is equal to 1.  
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 4", taking false branch. Now the value of
"modtype" is equal to 4.  
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:941:
equality_cond: Jumping to case "1".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:957: equality_cond: Jumping to
case "4".  
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: intervals: When
switching on "modtype", the value of "modtype" must be in one of the following
intervals: {[1,1], [4,4]}.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: dead_error_condition: The
switch value "modtype" cannot reach the default case.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:1031: dead_error_begin:
Execution cannot reach this statement: "default:".
"""

The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795

---
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index 2b07de45b63dab36a0b7167e3583e88ebd07f6f7..0fcdd1033b8d936fbe4ccb923a3078f7abc53059 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -1027,9 +1027,10 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
 
             slapi_mod_free(&next_mod);
             break;
-
         default:
             /* never reached, just silence compiler */
+            LOG_TRACE("File '%s' line %d: Got unexpected value of modtype:"
+                      "%d\n", __FILE__, __LINE__, modtype);
             break;
         }
 
-- 
2.1.0

From aaed440cc20ae53f08fd00d492f76d955b346e2b Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 14:33:55 +0100
Subject: [PATCH 7/7] proposed fix for a defect found in 'otp_config.c'

This patch proposes a fix to the following defect found by covscan of FreeIPA
master code:

"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/libotp/otp_config.c:239: check_return: Calling
"slapi_search_internal_get_entry" without checking return value (as is done
elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign:
Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked:
Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example
3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked:
Example 3 (cont.): "search_result" has its value checked in "search_result !=
0".  /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign:
Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".  
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5:
Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn,
NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5
(cont.): "ret" has its value checked in "ret == 10".
"""

The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795

---
 daemons/ipa-slapi-plugins/libotp/Makefile.am  |  4 +++-
 daemons/ipa-slapi-plugins/libotp/otp_config.c | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/libotp/Makefile.am b/daemons/ipa-slapi-plugins/libotp/Makefile.am
index 4428f6bdc38a4e4ec224d1fa70744d8381f7e0b1..71b9c19f40379ba6c61858984f9de0253020e00d 100644
--- a/daemons/ipa-slapi-plugins/libotp/Makefile.am
+++ b/daemons/ipa-slapi-plugins/libotp/Makefile.am
@@ -1,5 +1,7 @@
 MAINTAINERCLEANFILES = *~ Makefile.in
-AM_CPPFLAGS = -I/usr/include/dirsrv
+PLUGIN_COMMON_DIR = ../common
+AM_CPPFLAGS = -I/usr/include/dirsrv		\
+	-I$(PLUGIN_COMMON_DIR)
 
 noinst_LTLIBRARIES = libhotp.la libotp.la
 libhotp_la_SOURCES = hotp.c hotp.h
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_config.c b/daemons/ipa-slapi-plugins/libotp/otp_config.c
index ac2cfc72aa9f72af8eb5b5c565650325ac8bf714..f72c0edc68526fc8e98b5de0b0b104abcf21e305 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_config.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_config.c
@@ -38,6 +38,7 @@
  * END COPYRIGHT BLOCK **/
 
 #include "otp_config.h"
+#include "util.h"
 
 #include <pratom.h>
 #include <plstr.h>
@@ -214,6 +215,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
 
     struct otp_config *cfg = NULL;
     void *node = NULL;
+    int search_result = 0;
 
     cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
     cfg->plugin_id = plugin_id;
@@ -236,7 +238,14 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
             cfg->records = rec;
 
             /* Load the specified entry. */
-            slapi_search_internal_get_entry(rec->sdn, NULL, &entry, plugin_id);
+            search_result = slapi_search_internal_get_entry(rec->sdn,
+                    NULL, &entry, plugin_id);
+            if (search_result != LDAP_SUCCESS) {
+                LOG_TRACE("File '%s' line %d: Unable to access LDAP entry"
+                        "'%s'. Perhaps it doesn't exist?"
+                        "Error code: %d\n", __FILE__, __LINE__,
+                        slapi_sdn_get_dn(rec->sdn), search_result);
+            }
             update(cfg, rec->sdn, entry);
             slapi_entry_free(entry);
         }
-- 
2.1.0

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to