freeipa.git/daemons/ipa-slapi-plugins/ipa-otp-lasttoken, branch kdc-fixes FreeIPA patches OTP: failed search for the user of last token emits an error message 2015-01-30T10:02:16+00:00 Martin Babinsky mbabinsk@redhat.com 2015-01-28T15:26:14+00:00 d800ac867baf7335e0c4b55b945b4c06d4c0567e This patch fixes the following defect reported by covscan: """ Error: CHECKED_RETURN (CWE-252): /daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c:119: check_return: Calling "slapi_search_internal_get_entry" without checking return value (as is done elsewhere 14 out of 16 times). /daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402: example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL, &config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc = slapi_search_internal_get_entry(sdn, NULL, &config_entry, ipaenrollment_plugin_id)) != 0". /daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign: Example 2: Assigning: "ret" = return value from "slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())". /daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked: Example 2 (cont.): "ret" has its value checked in "ret". /daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example 3: Assigning: "search_result" = return value from "slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)". /daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked: Example 3 (cont.): "search_result" has its value checked in "search_result != 0". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign: Example 4: Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target, ipapwd_plugin_id)". /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039: example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0". /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5: Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())". /daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5 (cont.): "ret" has its value checked in "ret == 10". """ this patch is a part of a series related to https://fedorahosted.org/freeipa/ticket/4795 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
This patch fixes the following defect reported by covscan:

"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c:119:
check_return: Calling "slapi_search_internal_get_entry" without checking
return value (as is done elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207:
example_assign: Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212:
example_checked: Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651:
example_assign: Example 3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653:
example_checked: Example 3 (cont.): "search_result" has its value checked in
"search_result != 0".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035:
example_assign: Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817:
example_assign: Example 5: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820:
example_checked: Example 5 (cont.): "ret" has its value checked in "ret ==
10".
"""

this patch is a part of a series related to
https://fedorahosted.org/freeipa/ticket/4795

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Enable last token deletion when password auth type is configured 2014-12-03T07:48:56+00:00 Nathaniel McCallum npmccallum@redhat.com 2014-11-11T17:05:23+00:00 08f8acd88c1858000f5a15c3838e1bfd78551c55 Also, ensure that the last token check only executes on DNs/entries that are tokens. This resolves a large performance issue where a query was being performed to load all the user's tokens on every del/mod operation. https://fedorahosted.org/freeipa/ticket/4697 https://fedorahosted.org/freeipa/ticket/4719 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
Also, ensure that the last token check only executes on DNs/entries that
are tokens. This resolves a large performance issue where a query was
being performed to load all the user's tokens on every del/mod operation.

https://fedorahosted.org/freeipa/ticket/4697
https://fedorahosted.org/freeipa/ticket/4719

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Preliminary refactoring of libotp files 2014-12-03T07:48:56+00:00 Nathaniel McCallum npmccallum@redhat.com 2014-11-11T01:58:20+00:00 bdccb0c721283f17a48423ab562ab5515ecd7f8e There are no major changes in this commit other than changing filenames and symbols to have consistent namespaces. This prepares for larger changes to come in subsequent commits. Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> 
There are no major changes in this commit other than changing filenames
and symbols to have consistent namespaces. This prepares for larger
changes to come in subsequent commits.

Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
Remove redefinition of LOG from ipa-otp-lasttoken 2014-11-25T08:23:24+00:00 Jan Cholasta jcholast@redhat.com 2014-11-10T17:20:18+00:00 313da898bb5e88ab6507322fae137af50b1b0f7e https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
https://fedorahosted.org/freeipa/ticket/4713

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Fix various bugs in ipa-opt-counter and ipa-otp-lasttoken 2014-11-05T14:28:27+00:00 Jan Cholasta jcholast@redhat.com 2014-11-05T08:50:26+00:00 9062dcada48d378f7c46759607aff03c17b11163 Fixes a wrong sizeof argument and unchecked return values. https://fedorahosted.org/freeipa/ticket/4651 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
Fixes a wrong sizeof argument and unchecked return values.

https://fedorahosted.org/freeipa/ticket/4651

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Configure IPA OTP Last Token plugin on upgrade 2014-10-20T08:18:47+00:00 Nathaniel McCallum npmccallum@redhat.com 2014-10-17T17:02:58+00:00 68825e7ac6e074ee62bc3787a718ae78ef29a88e Reviewed-By: Martin Kosek <mkosek@redhat.com> 
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Add OTP last token plugin 2014-02-21T09:26:02+00:00 Nathaniel McCallum npmccallum@redhat.com 2013-12-16T21:19:08+00:00 49038cda9fcddf75e04d1e36df3707432b96fb6d This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> 
This plugin prevents the deletion or deactivation of the last
valid token for a user. This prevents the user from migrating
back to single factor authentication once OTP has been enabled.

Thanks to Mark Reynolds for helping me with this patch.

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>