Menu
▾
▴
[Opensync-commits] r6010 - plugins/ldap-sync/src
|
From: <svn...@op...> - 2010-01-17 18:01:16
|
Author: scriptor Date: Sun Jan 17 19:01:05 2010 New Revision: 6010 URL: http://www.opensync.org/changeset/6010 Log: I have moved some error messages into separate functions. For readability's sake. Modified: plugins/ldap-sync/src/ldap_connect.c plugins/ldap-sync/src/ldap_debug.c plugins/ldap-sync/src/ldap_plugin.h Modified: plugins/ldap-sync/src/ldap_connect.c ============================================================================== --- plugins/ldap-sync/src/ldap_connect.c Thu Jan 14 21:57:04 2010 (r6009) +++ plugins/ldap-sync/src/ldap_connect.c Sun Jan 17 19:01:05 2010 (r6010) @@ -780,6 +780,222 @@ + +/** + * @brief This function tries and builds an appropriate error message + * when ldap_sasl_interactive_bind_s() has failed. + * + * @param sinkenv The object type specific environment. + * @param file The file of the source code where the error appeared. + * @param line The line in this file where the error appeared. + * @param ldap_errno The error code as returned by libldap / libldap60. + * @param passwd This is the password for those authentication mechanisms + * that use a password. + * @param tmp_authmech This is the SASL authentication mechanism, such as + * DIGEST-MD5, CRAM-MD5, GSSAPI or EXTERNAL. + * @param tmp_authcid This is the authentication identifier for those + * mechanisms that use such an identifier. + * @param error The libopensync error pointer. + * + * @returns TRUE when building the error message was successful, + * FALSE when building the error message itself has failed. + * In both cases the error pointer is being set: In the former + * case it is the LDAP error, in the latter case a programming + * error. + * + */ +osync_bool +ldap_plugin_report_sasl_authentication_error(sink_environment *sinkenv, const char *file, const int line, const int ldap_errno, const struct berval passwd, char *tmp_authmech, char *tmp_authcid, OSyncError **error) +{ + osync_trace(TRACE_ENTRY, "%s(%p, %p, %i, %i, %i, %p, %p, %p, %p)", __func__, (void *)sinkenv, (void *)file, line, ldap_errno, (int)passwd.bv_len, (void *)passwd.bv_val, (void *)tmp_authmech, (void *)tmp_authcid, (void *)error); + + + if (sinkenv == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: sinkenv = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + if (file == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: file = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + if (tmp_authmech == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: tmp_authmech = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + if (tmp_authcid == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: tmp_authcid = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + + + char *ldap_error = ldap_plugin_report_ldap_error(sinkenv, __FILE__, __LINE__, ldap_errno); + char *extra_error = NULL; + + + + if ( + (ldap_errno == LDAP_AUTH_METHOD_NOT_SUPPORTED) || + (ldap_errno == LDAP_AUTH_UNKNOWN) + ) + { + if (sinkenv->url && sinkenv->url[0]) { + ldap_plugin_list_libsasl2_mechanisms(sinkenv->url); + // Does not work: + // ldap_plugin_list_libldap_sasl_mechanisms(ctx, sinkenv, error); + } else if (sinkenv->servername && sinkenv->servername[0]) { + ldap_plugin_list_libsasl2_mechanisms(sinkenv->servername); + // Does not work: + // ldap_plugin_list_libldap_sasl_mechanisms(ctx, sinkenv, error); + } else { + ldap_plugin_printf("%s:%i: ERROR: Could not call ldap_plugin_list_sasl_libsasl2_mechanisms(), because both sinkenv->url and sinkenv->servername are NULL or empty.", __FILE__, __LINE__); + } + } // LDAP_AUTH_METHOD_NOT_SUPPORTED, LDAP_AUTH_UNKNOWN + else if (ldap_errno == LDAP_LOCAL_ERROR) { + if (ldap_error && ldap_error[0] && tmp_authmech && tmp_authmech[0]) { + if (!strcmp(tmp_authmech, "GSSAPI")) { + if (strstr(ldap_error, "Unspecified GSS failure")) { + /* + For "gss_accept_sec_context", see: + + krb5-1.6.3/src/lib/gssapi/mechglue/g_accept_sec_context.c + + */ + + if ( + strstr(ldap_error, "No credentials cache found") || + strstr(ldap_error, "Ticket expired") + ) + { + if (tmp_authcid && tmp_authcid[0]) { + ldap_plugin_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V %s\n", __FILE__, __LINE__, tmp_authcid); + + extra_error = g_strdup_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V %s\n", __FILE__, __LINE__, tmp_authcid); + } else { + ldap_plugin_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V ...\n", __FILE__, __LINE__); + + extra_error = g_strdup_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V ...\n", __FILE__, __LINE__); + } + } + } + } + } + } + + + // Give hint about empty password only for authentication mechanisms + // other than EXTERNAL and GSSAPI + if (passwd.bv_len == 0 && strcmp(tmp_authmech, "EXTERNAL") && strcmp(tmp_authmech, "GSSAPI")) { + if (ldap_error == NULL) { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" with an empty password, using \"%s\" as authentication mechanism. Maybe the LDAP server does not allow an anonymous bind.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech); + } else { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" with an empty password, using \"%s\" as authentication mechanism. Maybe the LDAP server does not allow an anonymous bind: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error); + } + } else { + if (ldap_error == NULL) { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech); + } else { + if (extra_error && extra_error[0]) { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism: \"%s\". %s", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error, extra_error); + } else { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error); + } + } + } + + + + + osync_trace(TRACE_EXIT, "%s", __func__); + return TRUE; + + +error: + if (!osync_error_is_set(error)) + osync_error_set(error, OSYNC_ERROR_GENERIC, "Unknown reason.\n"); + + osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); + return FALSE; +} + + + +/** + * @brief This function tries and builds an appropriate error message + * when ldap_sasl_interactive_bind_s() has failed. + * + * @param sinkenv The object type specific environment. + * @param file The file of the source code where the error appeared. + * @param line The line in this file where the error appeared. + * @param ldap_errno The error code as returned by libldap / libldap60. + * @param binddn This is the distinguished name the user has tried to + * authenticate with when doing the simple bind. + * @param passwd This is the password for the simple bind. + * @param error The libopensync error pointer. + * + * @returns TRUE when building the error message was successful, + * FALSE when building the error message itself has failed. + * In both cases the error pointer is being set: In the former + * case it is the LDAP error, in the latter case a programming + * error. + * + */ +osync_bool +ldap_plugin_report_simple_authentication_error(sink_environment *sinkenv, const char *file, const int line, const int ldap_errno, const char *binddn, const struct berval passwd, OSyncError **error) +{ + osync_trace(TRACE_ENTRY, "%s(%p, %p, %i, %i, %p, %i, %p, %p)", __func__, (void *)sinkenv, (void *)file, line, ldap_errno, (void *)binddn, (int)passwd.bv_len, passwd.bv_val, (void *)error); + + + if (sinkenv == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: sinkenv = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + if (file == NULL) { + osync_error_set(error, OSYNC_ERROR_GENERIC, "%s:%i: ERROR: file = NULL. Returning.\n", __FILE__, __LINE__); + goto error; + } + + char *ldap_error = ldap_plugin_report_ldap_error(sinkenv, file, line, ldap_errno); + + if (passwd.bv_len == 0) { + if (ldap_error == NULL) { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\" with an empty password. Maybe the LDAP server does not allow anonymous binds.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn); + } else { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\" with an empty password. Maybe the LDAP server does not allow anonymous binds: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn, ldap_error); + } + } else { + if (ldap_error == NULL) { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\".", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn); + } else { + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\": \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn, ldap_error); + } + } + + + osync_trace(TRACE_EXIT, "%s", __func__); + return TRUE; + + +error: + if (!osync_error_is_set(error)) + osync_error_set(error, OSYNC_ERROR_GENERIC, "Unknown reason.\n"); + + osync_trace(TRACE_EXIT_ERROR, "%s: %s", __func__, osync_error_print(error)); + return FALSE; +} + + + + + + + + + /** * @brief Binds with the LDAP server. * @@ -875,23 +1091,10 @@ ldap_errno = ldap_sasl_bind_s(sinkenv->ld, binddn, LDAP_SASL_SIMPLE, &passwd, NULL, NULL, NULL); if (ldap_errno != LDAP_SUCCESS) { - char *ldap_error = ldap_plugin_report_ldap_error(sinkenv, __FILE__, __LINE__, ldap_errno); - - if (passwd.bv_len == 0) { - if (ldap_error == NULL) { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\" with an empty password. Maybe the LDAP server does not allow anonymous binds.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn); - } else { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\" with an empty password. Maybe the LDAP server does not allow anonymous binds: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn, ldap_error); - } - - } else { - if (ldap_error == NULL) { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\".", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn); - } else { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and bind with \"%s\" as \"%s\": \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, binddn, ldap_error); - } - } - + ldap_plugin_report_simple_authentication_error(sinkenv, __FILE__, __LINE__, ldap_errno, binddn, passwd, error); + if (!osync_error_is_set(error)) + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: ERROR: ldap_sasl_bind_s() has failed (ldap_errno = %i).\n", __FILE__, __LINE__, ldap_errno); + rv = FALSE; goto out1; } @@ -922,7 +1125,7 @@ } if (tmp_authmech[0] == 0) { - osync_trace(TRACE_ERROR, "%s:%i: WARNING: tmp_authmech is a empty string. Setting it to \"SIMPLE\".", __FILE__, __LINE__); + osync_trace(TRACE_ERROR, "%s:%i: WARNING: tmp_authmech is an empty string. Setting it to \"SIMPLE\".", __FILE__, __LINE__); g_free(tmp_authmech); tmp_authmech = g_strdup("SIMPLE"); @@ -1000,86 +1203,13 @@ if (ldap_errno != LDAP_SUCCESS) { + ldap_plugin_report_sasl_authentication_error(sinkenv, __FILE__, __LINE__, ldap_errno, passwd, tmp_authmech, tmp_authcid, error); - char *ldap_error = ldap_plugin_report_ldap_error(sinkenv, __FILE__, __LINE__, ldap_errno); - char *extra_error = NULL; - - - ldap_plugin_printf("%s:%i: ERROR: ldap_errno = %i", __FILE__, __LINE__, ldap_errno); - - if ( - (ldap_errno == LDAP_AUTH_METHOD_NOT_SUPPORTED) || - (ldap_errno == LDAP_AUTH_UNKNOWN) - ) { - - if (sinkenv->url && sinkenv->url[0]) { - ldap_plugin_list_libsasl2_mechanisms(sinkenv->url); - // Does not work: - // ldap_plugin_list_libldap_sasl_mechanisms(ctx, sinkenv, error); - } else if (sinkenv->servername && sinkenv->servername[0]) { - ldap_plugin_list_libsasl2_mechanisms(sinkenv->servername); - // Does not work: - // ldap_plugin_list_libldap_sasl_mechanisms(ctx, sinkenv, error); - } else { - ldap_plugin_printf("%s:%i: ERROR: Could not call ldap_plugin_list_sasl_libsasl2_mechanisms(), because both sinkenv->url and sinkenv->servername are NULL or empty.", __FILE__, __LINE__); - } - } // LDAP_AUTH_METHOD_NOT_SUPPORTED, LDAP_AUTH_UNKNOWN - else if (ldap_errno == LDAP_LOCAL_ERROR) { - if (ldap_error && ldap_error[0] && tmp_authmech && tmp_authmech[0]) { - if (!strcmp(tmp_authmech, "GSSAPI")) { - if (strstr(ldap_error, "Unspecified GSS failure")) { - /* - For "gss_accept_sec_context", see: - - /root/rpmbuild/SOURCES/krb5-1.6.3/src/lib/gssapi/mechglue/g_accept_sec_context.c - - */ - - if ( - strstr(ldap_error, "No credentials cache found") || - strstr(ldap_error, "Ticket expired") - ) - { - if (tmp_authcid && tmp_authcid[0]) { - ldap_plugin_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V %s\n", __FILE__, __LINE__, tmp_authcid); - - extra_error = g_strdup_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V %s\n", __FILE__, __LINE__, tmp_authcid); - } else { - ldap_plugin_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V ...\n", __FILE__, __LINE__); - - extra_error = g_strdup_printf("%s:%i: You might have to retrieve a new \"ticket-granting ticket\": kinit -V ...\n", __FILE__, __LINE__); - } - } - } - } - } - } - - - // Give hint about empty password only for authentication mechanisms - // other than EXTERNAL - if (passwd.bv_len == 0 && strcmp(tmp_authmech, "EXTERNAL")) { - if (ldap_error == NULL) { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" with an empty password, using \"%s\" as authentication mechanism. Maybe the LDAP server does not allow an anonymous bind.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech); - } else { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" with an empty password, using \"%s\" as authentication mechanism. Maybe the LDAP server does not allow an anonymous bind: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error); - } - } else { - if (ldap_error == NULL) { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism.", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech); - } else { - if (extra_error && extra_error[0]) { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism: \"%s\". %s", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error, extra_error); - } else { - osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: Unable to connect and sasl bind with \"%s\" as \"%s\" using \"%s\" as authentication mechanism: \"%s\"", __FILE__, __LINE__, sinkenv->url ? sinkenv->url : sinkenv->servername, sinkenv->authcid, tmp_authmech, ldap_error); - } - } - } + if (!osync_error_is_set(error)) + osync_error_set(error, OSYNC_ERROR_NO_CONNECTION, "%s:%i: ERROR: ldap_sasl_interactive_bind_s() has failed. ldap_errno = %i\n", __FILE__, __LINE__, ldap_errno); rv = FALSE; goto out1; - - } // if (ldap_errno != LDAP_SUCCESS) @@ -4619,7 +4749,7 @@ osync_trace(TRACE_INTERNAL, "%s(): OK. Value of keyattribute is identical to the identifier: \"%s\".", __func__, entry->id); identical = TRUE; } else { - osync_trace(TRACE_ERROR, "%s:%i: WARNING: Value of keyattribute (\"%s\"):\n\n\t\"%s\" \n\nconflicts with identifier:\n\n\t\"%s\".\n\nTrying to enforce correct one.", __FILE__, __LINE__, mod->mod_type, mod->mod_bvalues[0]->bv_val, entry->id); + osync_trace(TRACE_ERROR, "%s:%i: WARNING: Value of keyattribute (\"%s\"):\n\n\t\"%s\" \n\nconflicts with identifier:\n\n\t\"%s\".\n\nTrying to enforce correct one: \"%s\".\n\n", __FILE__, __LINE__, mod->mod_type, mod->mod_bvalues[0]->bv_val, entry->id, entry->id); g_free(mod->mod_bvalues[0]->bv_val); mod->mod_bvalues[0]->bv_val = g_strdup(entry->id); mod->mod_bvalues[0]->bv_len = strlen(entry->id); Modified: plugins/ldap-sync/src/ldap_debug.c ============================================================================== --- plugins/ldap-sync/src/ldap_debug.c Thu Jan 14 21:57:04 2010 (r6009) +++ plugins/ldap-sync/src/ldap_debug.c Sun Jan 17 19:01:05 2010 (r6010) @@ -600,6 +600,13 @@ + + + + + + + #ifdef DEBUG_fastsync /** * @brief translate_changetype Modified: plugins/ldap-sync/src/ldap_plugin.h ============================================================================== --- plugins/ldap-sync/src/ldap_plugin.h Thu Jan 14 21:57:04 2010 (r6009) +++ plugins/ldap-sync/src/ldap_plugin.h Sun Jan 17 19:01:05 2010 (r6010) @@ -530,6 +530,8 @@ osync_bool ldap_plugin_get_sinkenv(OSyncContext *ctx, OSyncObjTypeSink *sink, void *userdata, sink_environment **sinkenv, OSyncError **error); char *ldap_plugin_hash_append(OSyncContext *ctx, char *hash, const sink_environment *sinkenv, const ldap_entry *entry, OSyncError **error); osync_bool ldap_plugin_makebind(OSyncContext *ctx, sink_environment *sinkenv, OSyncError **error); +osync_bool ldap_plugin_report_sasl_authentication_error(sink_environment *sinkenv, const char *file, const int line, const int ldap_errno, const struct berval passwd, char *tmp_authmech, char *tmp_authcid, OSyncError **error); +osync_bool ldap_plugin_report_simple_authentication_error(sink_environment *sinkenv, const char *file, const int line, const int ldap_errno, const char *binddn, const struct berval passwd, OSyncError **error); osync_bool ldap_plugin_rewrite_ldap_entry(ldap_entry *entry, GList *modifications, OSyncError **error); osync_bool ldap_plugin_set_ldap_protocol (OSyncContext *ctx, sink_environment *sinkenv, OSyncError **error); |
