Menu
▾
▴
sblim-commit
|
From: Michael Chase-S. <mc...@us...> - 2012-08-08 20:35:37
|
Update of /cvsroot/sblim/sfcb
In directory vz-cvs-3.sog:/tmp/cvs-serv17683
Modified Files:
ChangeLog Makefile.am NEWS cimXmlRequest.c cimXmlRequest.h
httpAdapter.c sfcBasicPAMAuthentication.c
Log Message:
[ 3555395 ] Additional auth lib return codes
Index: cimXmlRequest.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/cimXmlRequest.c,v
retrieving revision 1.74
retrieving revision 1.75
diff -u -d -r1.74 -r1.75
--- cimXmlRequest.c 21 Jun 2012 16:46:59 -0000 1.74
+++ cimXmlRequest.c 8 Aug 2012 20:35:35 -0000 1.75
@@ -352,7 +352,7 @@
#ifdef ALLOW_UPDATE_EXPIRED_PW
static char *
-getErrExpiredSegment()
+getErrExpiredSegment(char * type)
{
char* msg = sfcb_snprintf("<ERROR CODE=\"2\" \
DESCRIPTION=\"User Account Expired\">\n\
@@ -360,10 +360,10 @@
<PROPERTY NAME=\"ErrorType\" TYPE=\"uint16\">\
<VALUE>1</VALUE></PROPERTY>\n\
<PROPERTY NAME=\"OtherErrorType\" TYPE=\"string\">\
-<VALUE>Password Expired</VALUE></PROPERTY>\n\
+<VALUE>%s</VALUE></PROPERTY>\n\
<PROPERTY NAME=\"ProbableCause\" TYPE=\"uint16\">\
<VALUE>117</VALUE></PROPERTY>\n\
-</INSTANCE>\n</ERROR>\n");
+</INSTANCE>\n</ERROR>\n",type);
return msg;
}
@@ -2731,7 +2731,7 @@
return rs;
}
-RespSegments handleCimXmlRequest(CimXmlRequestContext * ctx, int flags)
+RespSegments handleCimXmlRequest(CimXmlRequestContext * ctx, int flags, char *more)
{
RespSegments rs;
RequestHdr hdr;
@@ -2786,9 +2786,9 @@
}
else { /* expired user tried to invoke non-UpdatePassword request */
if (hdr.methodCall) {
- rs = methodErrResponse(&hdr, getErrExpiredSegment());
+ rs = methodErrResponse(&hdr, getErrExpiredSegment(more));
} else {
- rs = iMethodErrResponse(&hdr, getErrExpiredSegment());
+ rs = iMethodErrResponse(&hdr, getErrExpiredSegment(more));
}
}
}
Index: ChangeLog
===================================================================
RCS file: /cvsroot/sblim/sfcb/ChangeLog,v
retrieving revision 1.796
retrieving revision 1.797
diff -u -d -r1.796 -r1.797
--- ChangeLog 29 Jul 2012 22:41:16 -0000 1.796
+++ ChangeLog 8 Aug 2012 20:35:35 -0000 1.797
@@ -1,3 +1,8 @@
+2012-08-08 Michael Chase-Salerno <br...@li...>
+
+ * httpAdapter.c, cimXmlRequest.c, cimXmlRequest.h, sfcBasicPAMAuthentication.c
+ [ 3555395 ] Additional auth lib return codes
+
2012-07-29 Dave Heller <hel...@us...>
* sfcb.init-none.in, sfcb.init-redhat.in, sfcb.init-suse.in:
@@ -11,7 +16,7 @@
2012-07-19 Michael Chase-Salerno <br...@li...>
* brokerUpc.c, indCIMXMLExport.c, indCIMXMLHandler.c, interopProvider.c,
-support.c, support.h:
+ support.c, support.h:
[ 3539006 ] Possible indication deadlock
2012-07-10 Michael Chase-Salerno <br...@li...>
Index: sfcBasicPAMAuthentication.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/sfcBasicPAMAuthentication.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -d -r1.5 -r1.6
--- sfcBasicPAMAuthentication.c 12 Mar 2012 22:30:52 -0000 1.5
+++ sfcBasicPAMAuthentication.c 8 Aug 2012 20:35:35 -0000 1.6
@@ -33,6 +33,7 @@
char* clientIp;
void* authHandle;
const char* role;
+ char* ErrorDetail;
};
typedef struct auth_extras AuthExtras;
@@ -88,7 +89,19 @@
retval = 1;
}
else if (rc == PAM_NEW_AUTHTOK_REQD || rc == PAM_ACCT_EXPIRED) {
- retval = -1;
+ retval = -1; // Only valid if sfcb is built with --enable-expired-pw-update
+ }
+ else if (rc == PAM_AUTHINFO_UNAVAIL ) {
+ retval = -2; // Temporary server error
+ if (extras) {
+ extras->ErrorDetail="PAM info unavailable.";
+ }
+ }
+ else if (rc == PAM_SERVICE_ERR ) {
+ retval = -3; // Permanent server error
+ if (extras) {
+ extras->ErrorDetail="PAM server unreachable.";
+ }
}
else {
retval = 0;
Index: cimXmlRequest.h
===================================================================
RCS file: /cvsroot/sblim/sfcb/cimXmlRequest.h,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- cimXmlRequest.h 12 Mar 2012 22:30:52 -0000 1.8
+++ cimXmlRequest.h 8 Aug 2012 20:35:35 -0000 1.9
@@ -61,7 +61,7 @@
int operation;
} CimXmlRequestContext;
-extern RespSegments handleCimXmlRequest(CimXmlRequestContext * ctx, int flags);
+extern RespSegments handleCimXmlRequest(CimXmlRequestContext * ctx, int flags, char * type);
extern int cleanupCimXmlRequest(RespSegments * rs);
#ifdef ALLOW_UPDATE_EXPIRED_PW
Index: Makefile.am
===================================================================
RCS file: /cvsroot/sblim/sfcb/Makefile.am,v
retrieving revision 1.118
retrieving revision 1.119
diff -u -d -r1.118 -r1.119
--- Makefile.am 13 Jun 2012 21:21:09 -0000 1.118
+++ Makefile.am 8 Aug 2012 20:35:35 -0000 1.119
@@ -429,10 +429,10 @@
sfcbdump_SOURCES=sfcbdump.c
sfcbinst2mof_SOURCES=sfcbinst2mof.c
-sfcbinst2mof_LDADD = -lsfcFileRepository
+sfcbinst2mof_LDADD = -lsfcFileRepository -lsfcBrokerCore -lsfcUtil
classSchema2c_SOURCES=classSchema2c.c
-classSchema2c_LDADD=-lsfcBrokerCore
+classSchema2c_LDADD=-lsfcBrokerCore -lsfcUtil
classSchema2c_DEPENDENCIES=libsfcBrokerCore.la
sfcbsem_SOURCES=sfcbsem.c
Index: httpAdapter.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/httpAdapter.c,v
retrieving revision 1.107
retrieving revision 1.108
diff -u -d -r1.107 -r1.108
--- httpAdapter.c 13 Apr 2012 16:16:20 -0000 1.107
+++ httpAdapter.c 8 Aug 2012 20:35:35 -0000 1.108
@@ -111,6 +111,8 @@
#define AUTH_PASS 1
#define AUTH_FAIL 0
#define AUTH_EXPIRED -1
+#define AUTH_SERVTEMP -2
+#define AUTH_SERVPERM -3
static key_t httpProcSemKey;
static key_t httpWorkSemKey;
@@ -140,9 +142,10 @@
char* clientIp;
void* authHandle;
const char* role;
+ char* ErrorDetail;
};
typedef struct auth_extras AuthExtras;
-AuthExtras extras = {NULL, NULL, NULL, NULL};
+AuthExtras extras = {NULL, NULL, NULL, NULL, NULL};
void releaseAuthHandle() {
if (extras.release) {
@@ -272,6 +275,8 @@
if (ret == AUTH_PASS) ret = AUTH_PASS;
else if (ret == AUTH_EXPIRED) ret = AUTH_EXPIRED;
+ else if (ret == AUTH_SERVTEMP) ret = AUTH_SERVTEMP;
+ else if (ret == AUTH_SERVPERM) ret = AUTH_SERVPERM;
else ret = AUTH_FAIL;
}
@@ -554,7 +559,7 @@
static char cach[] = {"Cache-Control: no-cache\r\n"};
static char op[] = {"CIMOperation: MethodResponse\r\n"};
static char tenc[] = {"Transfer-encoding: chunked\r\n"};
- static char trls[] = {"Trailer: CIMError, CIMStatusCode, CIMStatusCodeDescription\r\n"};
+ static char trls[] = {"Trailer: CIMError, CIMStatusCode, CIMStatusCodeDescription, SFCBErrorDetail\r\n"};
static char cclose[] = "Connection: close\r\n";
_SFCB_ENTER(TRACE_HTTPDAEMON, "writeChunkHeaders");
@@ -965,6 +970,9 @@
int authorized = 0;
int barc = 0;
+ // Reserve space for the additional headers
+ char * more=calloc(300,sizeof(char));
+
#ifdef HAVE_UDS
if (!discardInput && doUdsAuth) {
struct sockaddr_un sun;
@@ -996,24 +1004,47 @@
// fprintf(stderr, "client is: %s\n", ipstr);
barc = baValidate(inBuf.authorization,&inBuf.principal);
+ if (extras.ErrorDetail) {
+ snprintf(more,256,"SFCBErrorDetail: %s\r\n",extras.ErrorDetail);
+ }
#ifdef ALLOW_UPDATE_EXPIRED_PW
- if (barc == AUTH_EXPIRED) {
- hcrFlags |= HCR_EXPIRED_PW;
- }
- else if (barc == AUTH_PASS) {
- hcrFlags = 0; /* clear flags so non-expired user doesn't update pw */
- }
- else if (barc == AUTH_FAIL) {
+ if (barc == AUTH_EXPIRED) {
+ hcrFlags |= HCR_EXPIRED_PW;
+ // Add the error detail to the CIM_Error instance
+ if (extras.ErrorDetail) {
+ snprintf(more,256,"%s",extras.ErrorDetail);
+ } else {
+ snprintf(more,256,"%s","Expired Password");
+ }
+ } else if (barc == AUTH_PASS) {
#else
- if (barc != AUTH_PASS) {
+ if (barc == AUTH_EXPIRED) {
+ strcat(more,"WWW-Authenticate: Basic realm=\"cimom\"\r\n");
+ genError(conn_fd, &inBuf, 401, "Unauthorized", more);
+ /* we continue to parse headers and empty the socket
+ to be graceful with the client */
+ discardInput=1;
+ } else if (barc == AUTH_PASS) {
#endif
- char more[]="WWW-Authenticate: Basic realm=\"cimom\"\r\n";
- genError(conn_fd, &inBuf, 401, "Unauthorized", more);
- /* we continue to parse headers and empty the socket
- to be graceful with the client */
- discardInput=1;
- }
- }
+ hcrFlags = 0; /* clear flags so non-expired user doesn't update pw */
+ } else if (barc == AUTH_SERVPERM) {
+ genError(conn_fd, &inBuf, 500, "Server Error", more);
+ /* we continue to parse headers and empty the socket
+ to be graceful with the client */
+ discardInput=1;
+ } else if (barc == AUTH_SERVTEMP) {
+ genError(conn_fd, &inBuf, 503, "Service Unavailable", more);
+ /* we continue to parse headers and empty the socket
+ to be graceful with the client */
+ discardInput=1;
+ } else if (barc == AUTH_FAIL) {
+ strcat(more,"WWW-Authenticate: Basic realm=\"cimom\"\r\n");
+ genError(conn_fd, &inBuf, 401, "Unauthorized", more);
+ /* we continue to parse headers and empty the socket
+ to be graceful with the client */
+ discardInput=1;
+ }
+ } // if (inBuf.authorization) {
#if defined USE_SSL
else if (sfcbSSLMode && ccVerifyMode != CC_VERIFY_IGNORE) {
@@ -1031,6 +1062,10 @@
_SFCB_TRACE(1, ("--- exiting after missing content length."));
commClose(conn_fd);
freeBuffer(&inBuf);
+ if (more) {
+ free(more);
+ more=NULL;
+ }
exit(1);
}
@@ -1043,12 +1078,20 @@
genError(conn_fd, &inBuf, 400, "Bad Request", NULL);
_SFCB_TRACE(1, ("--- exiting after request timeout."));
commClose(conn_fd);
+ if (more) {
+ free(more);
+ more=NULL;
+ }
exit(1);
}
if (discardInput) {
releaseAuthHandle();
free(hdr);
freeBuffer(&inBuf);
+ if (more) {
+ free(more);
+ more=NULL;
+ }
_SFCB_RETURN(discardInput-1);
}
@@ -1087,11 +1130,15 @@
}
#endif
- response = handleCimXmlRequest(&ctx, hcrFlags);
+ response = handleCimXmlRequest(&ctx, hcrFlags,more);
}
else {
response = nullResponse;
}
+ if (more) {
+ free(more);
+ more=NULL;
+ }
free(hdr);
_SFCB_TRACE(1, ("--- Generate http response"));
Index: NEWS
===================================================================
RCS file: /cvsroot/sblim/sfcb/NEWS,v
retrieving revision 1.711
retrieving revision 1.712
diff -u -d -r1.711 -r1.712
--- NEWS 29 Jul 2012 22:41:16 -0000 1.711
+++ NEWS 8 Aug 2012 20:35:35 -0000 1.712
@@ -2,6 +2,7 @@
=================
New features:
- 3538858 custom routine to log indInst objinfo
+- 3555395 Additional auth lib return codes
Bugs fixed:
- 3539569 Leaks in interopProvider
|
Thanks for helping keep SourceForge clean.
X