Use common error facility instead of sdap_result

Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
author: Simo Sorce <simo@redhat.com> 2013-02-26 16:25:07 -0500
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-03-19 14:07:41 +0100
commit: 233a3c6c48972b177e60d6ef4cecfacd3cf31659 (patch)
tree: e67d6eaed705d8c76173af0c06b49072224460be /src/providers/ipa
parent: 4f2e932acd5266e9d4e3f55966baafbdbd2ae210 (diff)
download: sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.gz
sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.xz
sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.zip
2 files changed, 27 insertions, 31 deletions
diff --git a/src/providers/ipa/ipa_auth.c b/src/providers/ipa/ipa_auth.c
index 2a033db94..5cb3d402e 100644
--- a/src/providers/ipa/ipa_auth.c
+++ b/src/providers/ipa/ipa_auth.c
@@ -36,7 +36,6 @@ struct get_password_migration_flag_state {
     struct tevent_context *ev;
     struct sdap_id_op *sdap_op;
     struct sdap_id_ctx *sdap_id_ctx;
-    enum sdap_result result;
     struct fo_server *srv;
     char *ipa_realm;
     bool password_migration;
@@ -68,7 +67,6 @@ static struct tevent_req *get_password_migration_flag_send(TALLOC_CTX *memctx,
 
     state->ev = ev;
     state->sdap_id_ctx = sdap_id_ctx;
-    state->result = SDAP_ERROR;
     state->srv = NULL;
     state->password_migration = false;
     state->ipa_realm = ipa_realm;
@@ -393,26 +391,30 @@ static void ipa_auth_ldap_done(struct tevent_req *req)
     struct be_ctx *be_ctx = be_req_get_be_ctx(state->be_req);
     int ret;
     int dp_err = DP_ERR_FATAL;
-    enum sdap_result result;
 
-    ret = sdap_auth_recv(req, state, &result, NULL);
+    ret = sdap_auth_recv(req, state, NULL);
     talloc_zfree(req);
-    if (ret != EOK) {
-        DEBUG(SSSDBG_OP_FAILURE, ("auth_send request failed.\n"));
-        state->pd->pam_status = PAM_SYSTEM_ERR;
-        dp_err = DP_ERR_OK;
-        goto done;
-    }
+    switch (ret) {
+    case EOK:
+        break;
 
+    case ERR_AUTH_DENIED:
+    case ERR_AUTH_FAILED:
+    case ERR_PASSWORD_EXPIRED:
 /* TODO: do we need to handle expired passwords? */
-    if (result != SDAP_AUTH_SUCCESS) {
         DEBUG(SSSDBG_MINOR_FAILURE, ("LDAP authentication failed, "
                                      "Password migration not possible.\n"));
         state->pd->pam_status = PAM_CRED_INSUFFICIENT;
         dp_err = DP_ERR_OK;
         goto done;
+    default:
+        DEBUG(SSSDBG_OP_FAILURE, ("auth_send request failed.\n"));
+        state->pd->pam_status = PAM_SYSTEM_ERR;
+        dp_err = DP_ERR_OK;
+        goto done;
     }
 
+
     DEBUG(SSSDBG_TRACE_FUNC, ("LDAP authentication succeded, "
                               "trying Kerberos authentication again.\n"));
 
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
index bcf966cfd..7e5d0c143 100644
--- a/src/providers/ipa/ipa_s2n_exop.c
+++ b/src/providers/ipa/ipa_s2n_exop.c
@@ -52,7 +52,6 @@ struct ipa_s2n_exop_state {
 
     struct sdap_op *op;
 
-    int result;
     char *retoid;
     struct berval *retdata;
 };
@@ -75,7 +74,6 @@ static struct tevent_req *ipa_s2n_exop_send(TALLOC_CTX *mem_ctx,
     if (!req) return NULL;
 
     state->sh = sh;
-    state->result = LDAP_OPERATIONS_ERROR;
     state->retoid = NULL;
     state->retdata = NULL;
 
@@ -85,6 +83,7 @@ static struct tevent_req *ipa_s2n_exop_send(TALLOC_CTX *mem_ctx,
                                   bv, NULL, NULL, &msgid);
     if (ret == -1 || msgid == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE, ("ldap_extended_operation failed\n"));
+        ret = ERR_NETWORK_IO;
         goto fail;
     }
     DEBUG(SSSDBG_TRACE_INTERNAL, ("ldap_extended_operation sent, msgid = %d\n", msgid));
@@ -94,13 +93,14 @@ static struct tevent_req *ipa_s2n_exop_send(TALLOC_CTX *mem_ctx,
                       &state->op);
     if (ret) {
         DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to set up operation!\n"));
+        ret = ERR_INTERNAL;
         goto fail;
     }
 
     return req;
 
 fail:
-    tevent_req_error(req, EIO);
+    tevent_req_error(req, ret);
     tevent_req_post(req, ev);
     return req;
 }
@@ -116,6 +116,7 @@ static void ipa_s2n_exop_done(struct sdap_op *op,
     char *errmsg = NULL;
     char *retoid = NULL;
     struct berval *retdata = NULL;
+    int result;
 
     if (error) {
         tevent_req_error(req, error);
@@ -123,19 +124,19 @@ static void ipa_s2n_exop_done(struct sdap_op *op,
     }
 
     ret = ldap_parse_result(state->sh->ldap, reply->msg,
-                            &state->result, &errmsg, NULL, NULL,
+                            &result, &errmsg, NULL, NULL,
                             NULL, 0);
     if (ret != LDAP_SUCCESS) {
         DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_result failed (%d)\n", state->op->msgid));
-        ret = EIO;
+        ret = ERR_NETWORK_IO;
         goto done;
     }
 
     DEBUG(SSSDBG_TRACE_FUNC, ("ldap_extended_operation result: %s(%d), %s\n",
-            sss_ldap_err2string(state->result), state->result, errmsg));
+            sss_ldap_err2string(result), result, errmsg));
 
-    if (state->result != LDAP_SUCCESS) {
-        ret = EIO;
+    if (result != LDAP_SUCCESS) {
+        ret = ERR_NETWORK_IO;
         goto done;
     }
 
@@ -143,7 +144,7 @@ static void ipa_s2n_exop_done(struct sdap_op *op,
                                       &retoid, &retdata, 0);
     if (ret != LDAP_SUCCESS) {
         DEBUG(SSSDBG_OP_FAILURE, ("ldap_parse_extendend_result failed (%d)\n", ret));
-        ret = EIO;
+        ret = ERR_NETWORK_IO;
         goto done;
     }
 
@@ -183,21 +184,15 @@ done:
 }
 
 static int ipa_s2n_exop_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
-                             enum sdap_result *result, char **retoid,
-                             struct berval **retdata)
+                             char **retoid, struct berval **retdata)
 {
     struct ipa_s2n_exop_state *state = tevent_req_data(req,
                                                     struct ipa_s2n_exop_state);
 
     TEVENT_REQ_RETURN_ON_ERROR(req);
 
-    if (state->result == LDAP_SUCCESS) {
-        *result = SDAP_SUCCESS;
-        *retoid = talloc_steal(mem_ctx, state->retoid);
-        *retdata = talloc_steal(mem_ctx, state->retdata);
-    } else {
-        *result = SDAP_ERROR;
-    }
+    *retoid = talloc_steal(mem_ctx, state->retoid);
+    *retdata = talloc_steal(mem_ctx, state->retdata);
 
     return EOK;
 }
@@ -583,7 +578,6 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
     struct ipa_s2n_get_user_state *state = tevent_req_data(req,
                                                 struct ipa_s2n_get_user_state);
     int ret;
-    enum sdap_result result;
     char *retoid = NULL;
     struct berval *retdata = NULL;
     struct resp_attrs *attrs = NULL;
@@ -595,7 +589,7 @@ static void ipa_s2n_get_user_done(struct tevent_req *subreq)
     char *realm;
     char *upn;
 
-    ret = ipa_s2n_exop_recv(subreq, state, &result, &retoid, &retdata);
+    ret = ipa_s2n_exop_recv(subreq, state, &retoid, &retdata);
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("s2n exop request failed.\n"));
author	Simo Sorce <simo@redhat.com>	2013-02-26 16:25:07 -0500
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-03-19 14:07:41 +0100
commit	233a3c6c48972b177e60d6ef4cecfacd3cf31659 (patch)
tree	e67d6eaed705d8c76173af0c06b49072224460be /src/providers/ipa
parent	4f2e932acd5266e9d4e3f55966baafbdbd2ae210 (diff)
download	sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.gz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.tar.xz sssd-233a3c6c48972b177e60d6ef4cecfacd3cf31659.zip