From 782ad366390e1672ebe3584b2c88f58d757e38b3 Mon Sep 17 00:00:00 2001
From: Martin Babinsky <mbabinsk@redhat.com>
Date: Wed, 28 Jan 2015 16:28:50 +0100
Subject: OTP: emit a log message when LDAP entry for config record is not
 found

This patch proposes a fix to the following defect found by covscan of FreeIPA
master code:

"""
Error: CHECKED_RETURN (CWE-252):
/daemons/ipa-slapi-plugins/libotp/otp_config.c:239: check_return: Calling
"slapi_search_internal_get_entry" without checking return value (as is done
elsewhere 14 out of 16 times).
/daemons/ipa-slapi-plugins/ipa-enrollment/ipa_enrollment.c:402:
example_checked: Example 1: "slapi_search_internal_get_entry(sdn, NULL,
&config_entry, ipaenrollment_plugin_id)" has its value checked in "(rc =
slapi_search_internal_get_entry(sdn, NULL, &config_entry,
ipaenrollment_plugin_id)) != 0".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:207: example_assign:
Example 2: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(sdn, NULL, &config_entry, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-lockout/ipa_lockout.c:212: example_checked:
Example 2 (cont.): "ret" has its value checked in "ret".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:651: example_assign: Example
3: Assigning: "search_result" = return value from
"slapi_search_internal_get_entry(sdn, attrlist, e2, ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/common.c:653: example_checked:
Example 3 (cont.): "search_result" has its value checked in "search_result !=
0".  /daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1035: example_assign:
Example 4: Assigning: "ret" = return value from
"slapi_search_internal_get_entry(tmp_dn, NULL, &pwdop->pwdata.target,
ipapwd_plugin_id)".
/daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c:1039:
example_checked: Example 4 (cont.): "ret" has its value checked in "ret != 0".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:817: example_assign: Example 5:
Assigning: "ret" = return value from "slapi_search_internal_get_entry(tmp_dn,
NULL, &e, getPluginID())".
/daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c:820: example_checked: Example 5
(cont.): "ret" has its value checked in "ret == 10".
"""

The patch is a part of series related to
https://fedorahosted.org/freeipa/ticket/4795

Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 daemons/ipa-slapi-plugins/libotp/Makefile.am  |  4 +++-
 daemons/ipa-slapi-plugins/libotp/otp_config.c | 11 ++++++++++-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/daemons/ipa-slapi-plugins/libotp/Makefile.am b/daemons/ipa-slapi-plugins/libotp/Makefile.am
index 4428f6bdc..71b9c19f4 100644
--- a/daemons/ipa-slapi-plugins/libotp/Makefile.am
+++ b/daemons/ipa-slapi-plugins/libotp/Makefile.am
@@ -1,5 +1,7 @@
 MAINTAINERCLEANFILES = *~ Makefile.in
-AM_CPPFLAGS = -I/usr/include/dirsrv
+PLUGIN_COMMON_DIR = ../common
+AM_CPPFLAGS = -I/usr/include/dirsrv		\
+	-I$(PLUGIN_COMMON_DIR)
 
 noinst_LTLIBRARIES = libhotp.la libotp.la
 libhotp_la_SOURCES = hotp.c hotp.h
diff --git a/daemons/ipa-slapi-plugins/libotp/otp_config.c b/daemons/ipa-slapi-plugins/libotp/otp_config.c
index ac2cfc72a..685b2d9d2 100644
--- a/daemons/ipa-slapi-plugins/libotp/otp_config.c
+++ b/daemons/ipa-slapi-plugins/libotp/otp_config.c
@@ -38,6 +38,7 @@
  * END COPYRIGHT BLOCK **/
 
 #include "otp_config.h"
+#include "util.h"
 
 #include <pratom.h>
 #include <plstr.h>
@@ -214,6 +215,7 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
 
     struct otp_config *cfg = NULL;
     void *node = NULL;
+    int search_result = 0;
 
     cfg = (typeof(cfg)) slapi_ch_calloc(1, sizeof(*cfg));
     cfg->plugin_id = plugin_id;
@@ -236,7 +238,14 @@ struct otp_config *otp_config_init(Slapi_ComponentId *plugin_id)
             cfg->records = rec;
 
             /* Load the specified entry. */
-            slapi_search_internal_get_entry(rec->sdn, NULL, &entry, plugin_id);
+            search_result = slapi_search_internal_get_entry(rec->sdn,
+                    NULL, &entry, plugin_id);
+            if (search_result != LDAP_SUCCESS) {
+                LOG_TRACE("File '%s' line %d: Unable to access LDAP entry "
+                        "'%s'. Perhaps it doesn't exist? "
+                        "Error code: %d\n", __FILE__, __LINE__,
+                        slapi_sdn_get_dn(rec->sdn), search_result);
+            }
             update(cfg, rec->sdn, entry);
             slapi_entry_free(entry);
         }
-- 
cgit