diff options
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c | 14 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c | 32 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c | 5 | ||||
-rw-r--r-- | daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c | 17 | ||||
-rw-r--r-- | ipa-client/config.c | 4 | ||||
-rw-r--r-- | ipa-client/ipa-join.c | 6 |
6 files changed, 63 insertions, 15 deletions
diff --git a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c index 161a73177..5d276de53 100644 --- a/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c +++ b/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c @@ -155,7 +155,7 @@ ipa_join(Slapi_PBlock *pb) errMesg = "Kerberos realm is not set.\n"; LOG_FATAL("%s", errMesg); rc = LDAP_OPERATIONS_ERROR; - goto done; + goto free_and_return; } /* Get Bind DN */ @@ -234,7 +234,11 @@ ipa_join(Slapi_PBlock *pb) */ is_root = slapi_dn_isroot(bindDN); - slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root); + if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* In order to perform the access control check, * we need to select a backend (even though @@ -242,7 +246,11 @@ ipa_join(Slapi_PBlock *pb) */ sdn = slapi_sdn_new_dn_byval(bindDN); be = slapi_be_select(sdn); - slapi_pblock_set(pb, SLAPI_BACKEND, be); + if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* Access Strategy: * If the user has WRITE-ONLY access, a new keytab is set on the entry. diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c index 9a1ca2b3f..f1da29321 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c @@ -265,7 +265,11 @@ parse_req_done: "using the bind DN instead.\n"); } - slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn ); + if (slapi_pblock_set( pb, SLAPI_ORIGINAL_TARGET, dn )) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* Now we have the DN, look for the entry */ ret = ipapwd_getEntry(dn, &targetEntry, attrlist); @@ -292,7 +296,11 @@ parse_req_done: */ is_root = slapi_dn_isroot(bindDN); - slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root); + if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* In order to perform the access control check, we need to select a * backend (even though we don't actually need it otherwise). @@ -306,7 +314,11 @@ parse_req_done: rc = LDAP_OPERATIONS_ERROR; goto free_and_return; } - slapi_pblock_set(pb, SLAPI_BACKEND, be); + if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } } ret = slapi_access_allowed( pb, targetEntry, "krbPrincipalKey", NULL, SLAPI_ACL_WRITE ); @@ -613,13 +625,21 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) */ is_root = slapi_dn_isroot(bindDN); - slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root); + if (slapi_pblock_set(pb, SLAPI_REQUESTOR_ISROOT, &is_root)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* In order to perform the access control check, * we need to select a backend (even though * we don't actually need it otherwise). */ - slapi_pblock_set(pb, SLAPI_BACKEND, be); + if (slapi_pblock_set(pb, SLAPI_BACKEND, be)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + goto free_and_return; + } /* Access Strategy: * If the user has WRITE-ONLY access, a new keytab is set on the entry. @@ -869,7 +889,7 @@ static int ipapwd_setkeytab(Slapi_PBlock *pb, struct ipapwd_krbcfg *krbcfg) slapi_mods_free(&smods); goto free_and_return; } - + evals[0] = slapi_value_new_string(bindDN); slapi_mods_add_mod_values(smods, LDAP_MOD_ADD, "enrolledBy", evals); } else { diff --git a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c index fc0a68418..2b1c7d1e3 100644 --- a/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c +++ b/daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd_prepost.c @@ -766,7 +766,10 @@ done: /* put back a, possibly modified, set of mods */ if (smods) { mods = slapi_mods_get_ldapmods_passout(smods); - slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods); + if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + rc = LDAP_OPERATIONS_ERROR; + } slapi_mods_free(&smods); } diff --git a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c index 5cd65b318..3249ce4a1 100644 --- a/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c +++ b/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c @@ -277,7 +277,7 @@ ipauuid_internal_preop_init(Slapi_PBlock *pb) (void *) ipauuid_add_pre_op) != 0) { status = EFAIL; } - + return status; } @@ -1111,8 +1111,14 @@ static int ipauuid_pre_op(Slapi_PBlock *pb, int modtype) slapi_entry_set_sdn(e, sdn); /* reset the target DN since we've changed it. */ - slapi_pblock_set(pb, SLAPI_ADD_TARGET, - (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e))); + if (slapi_pblock_set(pb, SLAPI_ADD_TARGET, + (char*)slapi_sdn_get_ndn(slapi_entry_get_sdn_const(e)))) { + LOG_FATAL("slapi_block_set failed!\n"); + ret = LDAP_OPERATIONS_ERROR; + slapi_rdn_free(&rdn); + slapi_sdn_free(&sdn); + goto done; + } } slapi_rdn_free(&rdn); slapi_sdn_free(&sdn); @@ -1164,7 +1170,10 @@ done: if (smods != NULL) { /* Put the updated mods back into place. */ mods = slapi_mods_get_ldapmods_passout(smods); - slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods); + if (slapi_pblock_set(pb, SLAPI_MODIFY_MODS, mods)) { + LOG_FATAL("slapi_pblock_set failed!\n"); + ret = LDAP_OPERATIONS_ERROR; + } slapi_mods_free(&smods); } diff --git a/ipa-client/config.c b/ipa-client/config.c index 0ee8f4465..493d74020 100644 --- a/ipa-client/config.c +++ b/ipa-client/config.c @@ -64,6 +64,10 @@ read_config_file(const char *filename) } left = st.st_size; data = malloc(st.st_size + 1); + if (data == NULL) { + fprintf(stderr, _("out of memory\n")); + return NULL; + } dest = data; while (left != 0) { ssize_t res; diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c index b66c4299a..21c087b68 100644 --- a/ipa-client/ipa-join.c +++ b/ipa-client/ipa-join.c @@ -139,6 +139,10 @@ callRPC(xmlrpc_env * const envP, XMLRPC_ASSERT(xmlrpc_value_type(paramArrayP) == XMLRPC_TYPE_ARRAY); curlXportParmsP = malloc(sizeof(*curlXportParmsP)); + if (curlXportParmsP == NULL) { + xmlrpc_env_set_fault(envP, XMLRPC_INTERNAL_ERROR, _("Out of memory!")); + return; + } memset(curlXportParmsP, 0, sizeof(*curlXportParmsP)); /* Have curl do SSL certificate validation */ @@ -930,7 +934,7 @@ join(const char *server, const char *hostname, const char *bindpw, const char *k rval = 5; goto cleanup; } - + krberr = krb5_cc_get_principal(krbctx, ccache, &uprinc); if (krberr) { fprintf(stderr, _("Unable to join host: Kerberos User Principal " |