On 01/28/2015 06:30 PM, Alexander Bokovoy wrote:
On Wed, 28 Jan 2015, Martin Babinsky wrote:
On 01/28/2015 03:37 PM, Simo Sorce wrote:
On Wed, 2015-01-28 at 14:53 +0100, Martin Babinsky wrote:
On 01/27/2015 05:21 PM, Martin Babinsky wrote:
This series of patches is related to
https://fedorahosted.org/freeipa/ticket/4795.
The attached patches attempt to address some of the defects
encountered
during running covscan on freeipa-master branch.
The complete list is here:
http://cov01.lab.eng.brq.redhat.com/covscanhub/task/16553/log/freeipa-4.1.99.201501270952GITc90286c-0.fc21/scan-results.html
These patches do not fix defects 1 to 22 which occur in a code
generated
by asn1c, defect 23 which is related to
https://fedorahosted.org/freeipa/ticket/4861, and defect 27 (dead
code).
Each patch contains a detailed description of a defect and a proposed
fix to address it.
Martin^3
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Attaching updated patches.
You are gratuitously removing empty lines in various patches.
They are there to make the code flow more readable, please do not remove
them.
Simo.
Attaching updated patches.
Patches look OK for me now. I need to test them in a clean install so
please don't commit them yet.
Some vim backup files crept into the previous attachment. Re-sending the
correct patchset.
--
Martin^3 Babinsky
From d28c0f925a0c96c6dc20abf8da3142799bbfc288 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:21:15 +0100
Subject: [PATCH 1/7] ipa-kdb: unexpected error code in 'ipa_kdb_audit_as_req'
triggers a message
This patch is related this defect reported by covscan on FreeIPA master:
"""
Error: DEADCODE (CWE-561):
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42: cond_const: Condition "error_code !=
-1765328353L", taking false branch. Now the value of "error_code" is equal to
-1765328353.
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42: cond_const: Condition
"error_code != -1765328360L", taking false branch. Now the value of
"error_code" is equal to -1765328360.
/daemons/ipa-kdb/ipa_kdb_audit_as.c:42:
cond_const: Condition "error_code != 0", taking false branch. Now the value of
"error_code" is equal to 0.
/daemons/ipa-kdb/ipa_kdb_audit_as.c:71:
intervals: When switching on "error_code", the value of "error_code" must be
in one of the following intervals: {[-1765328360,-1765328360],
[-1765328353,-1765328353], [0,0]}.
/daemons/ipa-kdb/ipa_kdb_audit_as.c:71:
dead_error_condition: The switch value "error_code" cannot reach the default
case.
/daemons/ipa-kdb/ipa_kdb_audit_as.c:123: dead_error_begin: Execution
cannot reach this statement: "default:".
"""
This patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795.
---
daemons/ipa-kdb/ipa_kdb_audit_as.c | 4 ++++
daemons/ipa-kdb/ipa_kdb_mspac.c | 3 ---
util/ipa_krb5.h | 2 ++
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_audit_as.c b/daemons/ipa-kdb/ipa_kdb_audit_as.c
index 52c165442bde61d3ce88843b122aae7fe0fae50b..5f59bf33a761905d69d2d3167a206766457796fb 100644
--- a/daemons/ipa-kdb/ipa_kdb_audit_as.c
+++ b/daemons/ipa-kdb/ipa_kdb_audit_as.c
@@ -20,6 +20,7 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <syslog.h>
#include "ipa_kdb.h"
#include "ipa_pwd.h"
@@ -121,6 +122,9 @@ void ipadb_audit_as_req(krb5_context kcontext,
client->mask |= KMASK_LAST_FAILED;
break;
default:
+ krb5_klog_syslog(LOG_ERR,
+ "File '%s' line %d: Got an unexpected value of "
+ "error_code: %d\n", __FILE__, __LINE__, error_code);
return;
}
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index a4500070760e83994c8155a12ee6414b5ebee9e0..22774e02309f0715b49545e0f6f21d599e7afe0a 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -54,9 +54,6 @@ struct ipadb_mspac {
time_t last_update;
};
-
-int krb5_klog_syslog(int, const char *, ...);
-
static char *user_pac_attrs[] = {
"objectClass",
"uid",
diff --git a/util/ipa_krb5.h b/util/ipa_krb5.h
index 7b877aa665dd6cb4e0c1cf9d8153319cc8f61a20..2153bd57142d1468031d0aa4b5d3f59ef5c890b5 100644
--- a/util/ipa_krb5.h
+++ b/util/ipa_krb5.h
@@ -30,6 +30,8 @@ struct keys_container {
#define KEYTAB_RET_OID "2.16.840.1.113730.3.8.10.2"
#define KEYTAB_GET_OID "2.16.840.1.113730.3.8.10.5"
+int krb5_klog_syslog(int, const char *, ...);
+
void
ipa_krb5_free_ktypes(krb5_context context, krb5_enctype *val);
--
2.1.0
From 679c2d16885ef48dc831c3975de6944de5790bd1 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:24:01 +0100
Subject: [PATCH 2/7] always get PAC for client principal if AS_REQ is true
This patch proposes a fix for the following defect reported by covscan in
FreeIPA master code:
"""
Error: DEADCODE (CWE-561):
/daemons/ipa-kdb/ipa_kdb_mspac.c:2013: assignment: Assigning: "client_entry" =
"NULL".
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077: null: At condition
"client_entry", the value of "client_entry" must be "NULL".
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077: dead_error_condition: The condition
"client_entry" cannot be true.
/daemons/ipa-kdb/ipa_kdb_mspac.c:2077:
dead_error_line: Execution cannot reach the expression "client_entry" inside
this statement: "kerr = ipadb_get_pac(contex...".
"""
This is a part of a series of patches related to
https://fedorahosted.org/freeipa/ticket/4795
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_mspac.c b/daemons/ipa-kdb/ipa_kdb_mspac.c
index 22774e02309f0715b49545e0f6f21d599e7afe0a..0f47d1f4bd536e24b9d46a35232ad558b33b4b26 100644
--- a/daemons/ipa-kdb/ipa_kdb_mspac.c
+++ b/daemons/ipa-kdb/ipa_kdb_mspac.c
@@ -2071,7 +2071,7 @@ krb5_error_code ipadb_sign_authdata(krb5_context context,
}
}
- kerr = ipadb_get_pac(context, client_entry ? client_entry : client, &pac);
+ kerr = ipadb_get_pac(context, client, &pac);
if (kerr != 0 && kerr != ENOENT) {
goto done;
}
--
2.1.0
From 9cf7e77475709f0cd592d0b4bebf39bc71f38ed4 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:25:14 +0100
Subject: [PATCH 3/7] ipa-kdb: more robust handling of principal
addition/editing
The patch addresses the following defect reported by covscan in FreeIPA
master:
"""
Error: FORWARD_NULL (CWE-476):
/daemons/ipa-kdb/ipa_kdb_principals.c:1886: assign_zero: Assigning:
"principal" = "NULL".
/daemons/ipa-kdb/ipa_kdb_principals.c:1929:
var_deref_model: Passing null pointer "principal" to "ipadb_entry_to_mods",
which dereferences it.
/daemons/ipa-kdb/ipa_kdb_principals.c:1491:9:
deref_parm_in_call: Function "ipadb_get_ldap_mod_str" dereferences
"principal".
/daemons/ipa-kdb/ipa_kdb_principals.c:1174:5:
deref_parm_in_call: Function "strdup" dereferences "value"
"""
This is a part of series of patches related to
https://fedorahosted.org/freeipa/ticket/4795
---
daemons/ipa-kdb/ipa_kdb_principals.c | 70 ++++++++++++++++++++++++------------
1 file changed, 47 insertions(+), 23 deletions(-)
diff --git a/daemons/ipa-kdb/ipa_kdb_principals.c b/daemons/ipa-kdb/ipa_kdb_principals.c
index e158c236eab5c7c5a7c12664dbde5d51cc55406d..9d43ebc6695023db3d27882b9cff4c6d76120414 100644
--- a/daemons/ipa-kdb/ipa_kdb_principals.c
+++ b/daemons/ipa-kdb/ipa_kdb_principals.c
@@ -1474,10 +1474,38 @@ done:
return kerr;
}
+static krb5_error_code ipadb_principal_to_mods(krb5_context kcontext,
+ struct ipadb_mods *imods,
+ char *principal,
+ int mod_op)
+{
+ krb5_error_code kerr;
+
+ if (principal == NULL) {
+ kerr = EINVAL;
+ goto done;
+ }
+
+ kerr = ipadb_get_ldap_mod_str(imods, "krbPrincipalName",
+ principal, mod_op);
+ if (kerr) {
+ goto done;
+ }
+ kerr = ipadb_get_ldap_mod_str(imods, "ipaKrbPrincipalAlias",
+ principal, mod_op);
+ if (kerr) {
+ goto done;
+ }
+
+ kerr = 0;
+
+done:
+ return kerr;
+}
+
static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
struct ipadb_mods *imods,
krb5_db_entry *entry,
- char *principal,
int mod_op)
{
krb5_error_code kerr;
@@ -1486,20 +1514,6 @@ static krb5_error_code ipadb_entry_to_mods(krb5_context kcontext,
/* check each mask flag in order */
- /* KADM5_PRINCIPAL */
- if (entry->mask & KMASK_PRINCIPAL) {
- kerr = ipadb_get_ldap_mod_str(imods, "krbPrincipalName",
- principal, mod_op);
- if (kerr) {
- goto done;
- }
- kerr = ipadb_get_ldap_mod_str(imods, "ipaKrbPrincipalAlias",
- principal, mod_op);
- if (kerr) {
- goto done;
- }
- }
-
/* KADM5_PRINC_EXPIRE_TIME */
if (entry->mask & KMASK_PRINC_EXPIRE_TIME) {
kerr = ipadb_get_ldap_mod_time(imods,
@@ -1863,8 +1877,12 @@ static krb5_error_code ipadb_add_principal(krb5_context kcontext,
goto done;
}
- kerr = ipadb_entry_to_mods(kcontext, imods,
- entry, principal, LDAP_MOD_ADD);
+ kerr = ipadb_principal_to_mods(kcontext, imods, principal, LDAP_MOD_ADD);
+ if (kerr != 0) {
+ goto done;
+ }
+
+ kerr = ipadb_entry_to_mods(kcontext, imods, entry, LDAP_MOD_ADD);
if (kerr != 0) {
goto done;
}
@@ -1895,6 +1913,11 @@ static krb5_error_code ipadb_modify_principal(krb5_context kcontext,
return KRB5_KDB_DBNOTINITED;
}
+ kerr = new_ipadb_mods(&imods);
+ if (kerr) {
+ goto done;
+ }
+
ied = (struct ipadb_e_data *)entry->e_data;
if (!ied || !ied->entry_dn) {
kerr = krb5_unparse_name(kcontext, entry->princ, &principal);
@@ -1919,15 +1942,16 @@ static krb5_error_code ipadb_modify_principal(krb5_context kcontext,
kerr = KRB5_KDB_INTERNAL_ERROR;
goto done;
}
- }
- kerr = new_ipadb_mods(&imods);
- if (kerr) {
- goto done;
+ kerr = ipadb_principal_to_mods(kcontext, imods, principal,
+ LDAP_MOD_REPLACE);
+ if (kerr != 0) {
+ goto done;
+ }
+
}
- kerr = ipadb_entry_to_mods(kcontext, imods,
- entry, principal, LDAP_MOD_REPLACE);
+ kerr = ipadb_entry_to_mods(kcontext, imods, entry, LDAP_MOD_REPLACE);
if (kerr != 0) {
goto done;
}
--
2.1.0
From 0ae11ce017b30752c917893b3ecfa137bd421f99 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:26:14 +0100
Subject: [PATCH 4/7] OTP: failed search for the user of last token emits an
error message
This patch fixes the following defect reported by covscan:
"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c:119:
check_return: Calling "slapi_search_internal_get_entry" without checking
return value (as is done elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207:
example_assign: Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212:
example_checked: Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651:
example_assign: Example 3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653:
example_checked: Example 3 (cont.): "search_result" has its value checked in
"search_result != 0".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035:
example_assign: Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817:
example_assign: Example 5: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820:
example_checked: Example 5 (cont.): "ret" has its value checked in "ret ==
10".
"""
this patch is a part of a series related to
https://fedorahosted.org/freeipa/ticket/4795
---
.../ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
index 233813745795344f31a7dcf1931cf74a09f1e552..a085a3a328a19e4c49bbc7ad6220564b59488e12 100644
--- a/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
+++ b/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c
@@ -111,13 +111,19 @@ static bool is_pwd_enabled(const char *user_dn)
Slapi_Entry *entry = NULL;
uint32_t authtypes;
Slapi_DN *sdn;
+ int search_result = 0;
sdn = slapi_sdn_new_dn_byval(user_dn);
if (sdn == NULL)
return false;
- slapi_search_internal_get_entry(sdn, attrs, &entry,
- otp_config_plugin_id(otp_config));
+ search_result = slapi_search_internal_get_entry(sdn, attrs, &entry,
+ otp_config_plugin_id(otp_config));
+ if (search_result != LDAP_SUCCESS) {
+ LOG_TRACE("File '%s' line %d: Unable to access LDAP entry '%s'. "
+ "Perhaps it doesn't exist? Error code: %d\n", __FILE__,
+ __LINE__, slapi_sdn_get_dn(sdn), search_result);
+ }
slapi_sdn_free(&sdn);
if (entry == NULL)
return false;
--
2.1.0
From a61818ae4bd9912486b016b09dbdc8643a509b44 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:27:19 +0100
Subject: [PATCH 5/7] ipa-pwd-extop: added an informational comment about
intentional fallthrough
This patch is related to this defect reported by covscan in FreeIPA code:
"""
Error: MISSING_BREAK (CWE-484):
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:631: unterminated_case: The
case for value "2" is not terminated by a 'break' statement.
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:638: fallthrough: The above
case falls through to this one.
"""
Added a comment informing about intentional falltrough in this place, so that
future generations reading the code don't get confused.
The patch is the part of a series related to
https://fedorahosted.org/freeipa/ticket/4795
---
daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
index 84eff17013d2742d1b5e5c4ea5f4e22ee290d785..1c6838052356d47db404f9ecc10139e02e1b50f9 100644
--- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
+++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c
@@ -635,6 +635,8 @@ static int ipapwd_pre_mod(Slapi_PBlock *pb)
is_smb = 0;
is_ipant = 0;
+ /* After examining the output of covscan, we think that this
+ * fallthrough is intentional.*/
case LDAP_MOD_ADD:
if (!lmod->mod_bvalues ||
!lmod->mod_bvalues[0]) {
--
2.1.0
From 49384b404d4341f24eb24dbfd85b79d230434fda Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:28:01 +0100
Subject: [PATCH 6/7] ipa-uuid: emit a message when unexpected mod type is
encountered
This patch is related to the following defect reported by covscan of FreeIPA
master code:
"""
Error: DEADCODE (CWE-561): /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 1", taking false branch. Now the value of
"modtype" is equal to 1.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:796:
cond_const: Condition "modtype != 4", taking false branch. Now the value of
"modtype" is equal to 4.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:941:
equality_cond: Jumping to case "1".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:957: equality_cond: Jumping to
case "4".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: intervals: When
switching on "modtype", the value of "modtype" must be in one of the following
intervals: {[1,1], [4,4]}.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:940: dead_error_condition: The
switch value "modtype" cannot reach the default case.
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:1031: dead_error_begin:
Execution cannot reach this statement: "default:".
"""
The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795
---
daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
index 2b07de45b63dab36a0b7167e3583e88ebd07f6f7..93da0f15b8acfc02beddf4e884a735897a7513fe 100644
--- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
+++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c
@@ -1030,6 +1030,8 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype)
default:
/* never reached, just silence compiler */
+ LOG_TRACE("File '%s' line %d: Got unexpected value of modtype:"
+ "%d\n", __FILE__, __LINE__, modtype);
break;
}
--
2.1.0
From 874f959b5872c749e73c3fa00d6a1d183955fc6c Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabi...@redhat.com>
Date: Wed, 28 Jan 2015 16:28:50 +0100
Subject: [PATCH 7/7] OTP: emit a log message when LDAP entry for config record
is not found
This patch proposes a fix to the following defect found by covscan of FreeIPA
master code:
"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/libotp/otp_config.c:239: check_return: Calling
"slapi_search_internal_get_entry" without checking return value (as is done
elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign:
Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked:
Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example
3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked:
Example 3 (cont.): "search_result" has its value checked in "search_result !=
0". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign:
Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5:
Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn,
NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5
(cont.): "ret" has its value checked in "ret == 10".
"""
The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795
---
daemons/ipa-slapi-plugins/libotp/Makefile.am | 4 +++-
daemons/ipa-slapi-plugins/libotp/otp_config.c | 11 ++++++++++-
2 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/daemons/ipa-slapi-plugins/libotp/Makefile.am b/daemons/ipa-slapi-plugins/libotp/Makefile.am
index 4428f6bdc38a4e4ec224d1fa70744d8381f7e0b1..71b9c19f40379ba6c61858984f9de0253020e00d 100644
--- a/daemons/ipa-slapi-plugins/libotp/Makefile.am
+++ b/daemons/ipa-slapi-plugins/libotp/Makefile.am
@@ -1,5 +1,7 @@
MAINTAINERCLEANFILES = *~ Makefile.in
-AM_CPPFLAGS = -I/usr/include/dirsrv
+PLUGIN_COMMON_DIR = ../common
+AM_CPPFLAGS = -I/usr/include/dirsrv \
+ -I$(PLUGIN_COMMON_DIR)
noinst_LTLIBRARIES = libhotp.la libotp.la
libhotp_la_SOURCES = hotp.c hotp.h
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_config.c b/daemons/ipa-slapi-plugins/libotp/otp_config.c
index ac2cfc72aa9f72af8eb5b5c565650325ac8bf714..685b2d9d259db3cc3d542cc5e86e184dee6d1737 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_config.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_config.c
@@ -38,6 +38,7 @@
* END COPYRIGHT BLOCK **/
#include "otp_config.h"
+#include "util.h"
#include <pratom.h>
#include <plstr.h>
@@ -214,6 +215,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
struct otp_config *cfg = NULL;
void *node = NULL;
+ int search_result = 0;
cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
cfg->plugin_id = plugin_id;
@@ -236,7 +238,14 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
cfg->records = rec;
/* Load the specified entry. */
- slapi_search_internal_get_entry(rec->sdn, NULL, &entry, plugin_id);
+ search_result = slapi_search_internal_get_entry(rec->sdn,
+ NULL, &entry, plugin_id);
+ if (search_result != LDAP_SUCCESS) {
+ LOG_TRACE("File '%s' line %d: Unable to access LDAP entry "
+ "'%s'. Perhaps it doesn't exist? "
+ "Error code: %d\n", __FILE__, __LINE__,
+ slapi_sdn_get_dn(rec->sdn), search_result);
+ }
update(cfg, rec->sdn, entry);
slapi_entry_free(entry);
}
--
2.1.0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
