summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/providers/ldap/sdap.c28
-rw-r--r--src/providers/ldap/sdap_async.c10
-rw-r--r--src/providers/ldap/sdap_async_connection.c34
-rw-r--r--src/util/sss_ldap.c18
-rw-r--r--src/util/sss_ldap.h4
5 files changed, 54 insertions, 40 deletions
diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c
index 237a1f230..f6547cfb1 100644
--- a/src/providers/ldap/sdap.c
+++ b/src/providers/ldap/sdap.c
@@ -107,7 +107,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (ret != LDAP_OPT_SUCCESS) {
DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
- ldap_err2string(ret)));
+ sss_ldap_err2string(ret)));
}
attrs = sysdb_new_attrs(memctx);
@@ -117,7 +117,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
if (!str) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
- lerrno, ldap_err2string(lerrno)));
+ lerrno, sss_ldap_err2string(lerrno)));
ret = EIO;
goto fail;
}
@@ -165,7 +165,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
if (!str) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
DEBUG(1, ("Entry has no attributes [%d(%s)]!?\n",
- lerrno, ldap_err2string(lerrno)));
+ lerrno, sss_ldap_err2string(lerrno)));
if (map) {
ret = EINVAL;
goto fail;
@@ -204,7 +204,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (lerrno != LDAP_SUCCESS) {
DEBUG(1, ("LDAP Library error: %d(%s)",
- lerrno, ldap_err2string(lerrno)));
+ lerrno, sss_ldap_err2string(lerrno)));
ret = EIO;
goto fail;
}
@@ -236,7 +236,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx,
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (lerrno) {
DEBUG(1, ("LDAP Library error: %d(%s)",
- lerrno, ldap_err2string(lerrno)));
+ lerrno, sss_ldap_err2string(lerrno)));
ret = EIO;
goto fail;
}
@@ -291,14 +291,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh,
ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
if (ret != LDAP_OPT_SUCCESS) {
DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
- ldap_err2string(ret)));
+ sss_ldap_err2string(ret)));
}
str = ldap_get_dn(sh->ldap, sm->msg);
if (!str) {
ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
- lerrno, ldap_err2string(lerrno)));
+ lerrno, sss_ldap_err2string(lerrno)));
return EIO;
}
@@ -340,7 +340,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
&ldap_opt_x_tls_require_cert);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -349,7 +349,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -358,7 +358,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -367,7 +367,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -376,7 +376,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -385,7 +385,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts)
if (tls_opt) {
ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt);
if (ret != LDAP_OPT_SUCCESS) {
- DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
return EIO;
}
}
@@ -748,7 +748,7 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp);
if (ret != LDAP_SUCCESS) {
DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n",
- ret, ldap_err2string(ret)));
+ ret, sss_ldap_err2string(ret)));
}
} else {
DEBUG(3, ("Server does not support the requested control [%s].\n", oid));
diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c
index 3b2849876..0192f08a4 100644
--- a/src/providers/ldap/sdap_async.c
+++ b/src/providers/ldap/sdap_async.c
@@ -580,7 +580,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op,
}
DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n",
- ldap_err2string(state->result), state->result, errmsg));
+ sss_ldap_err2string(state->result), state->result, errmsg));
if (state->result != LDAP_SUCCESS) {
if (errmsg) {
@@ -874,7 +874,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
ldap_control_free(page_control);
m_controls[0] = NULL;
if (lret != LDAP_SUCCESS) {
- DEBUG(3, ("ldap_search_ext failed: %s\n", ldap_err2string(lret)));
+ DEBUG(3, ("ldap_search_ext failed: %s\n", sss_ldap_err2string(lret)));
if (lret == LDAP_SERVER_DOWN) {
ret = ETIMEDOUT;
optret = ldap_get_option(state->sh->ldap,
@@ -887,7 +887,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req)
}
else {
sss_log(SSS_LOG_ERR, "LDAP connection error, %s",
- ldap_err2string(lret));
+ sss_ldap_err2string(lret));
}
}
@@ -973,11 +973,11 @@ static void sdap_get_generic_done(struct sdap_op *op,
}
DEBUG(6, ("Search result: %s(%d), %s\n",
- ldap_err2string(result), result, errmsg));
+ sss_ldap_err2string(result), result, errmsg));
if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) {
DEBUG(2, ("Unexpected result from ldap: %s(%d), %s\n",
- ldap_err2string(result), result, errmsg));
+ sss_ldap_err2string(result), result, errmsg));
}
ldap_memfree(errmsg);
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index c02307814..5ce0bb4b5 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -29,8 +29,6 @@
#include "providers/ldap/sdap_async_private.h"
#include "providers/ldap/ldap_common.h"
-#define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
-
errno_t deref_string_to_val(const char *str, int *val)
{
if (strcasecmp(str, "never") == 0) {
@@ -283,14 +281,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
(void*)&errmsg);
if (optret == LDAP_SUCCESS) {
DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
- ldap_err2string(lret),
+ sss_ldap_err2string(lret),
errmsg));
sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
ldap_memfree(errmsg);
}
else {
DEBUG(3, ("ldap_start_tls failed: [%s]\n",
- ldap_err2string(lret)));
+ sss_ldap_err2string(lret)));
sss_log(SSS_LOG_ERR, "Could not start TLS. "
"Check for certificate issues.");
}
@@ -351,7 +349,7 @@ static void sdap_connect_done(struct sdap_op *op,
}
DEBUG(3, ("START TLS result: %s(%d), %s\n",
- ldap_err2string(state->result), state->result, errmsg));
+ sss_ldap_err2string(state->result), state->result, errmsg));
ldap_memfree(errmsg);
if (ldap_tls_inplace(state->sh->ldap)) {
@@ -369,14 +367,14 @@ static void sdap_connect_done(struct sdap_op *op,
(void*)&tlserr);
if (optret == LDAP_SUCCESS) {
DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
- ldap_err2string(ret),
+ sss_ldap_err2string(ret),
tlserr));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr);
ldap_memfree(tlserr);
}
else {
DEBUG(3, ("ldap_install_tls failed: [%s]\n",
- ldap_err2string(ret)));
+ sss_ldap_err2string(ret)));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
"Check for certificate issues.");
}
@@ -474,7 +472,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
ret = LDAP_LOCAL_ERROR;
} else {
DEBUG(1, ("ldap_bind failed (%d)[%s]\n",
- ldap_err, ldap_err2string(ldap_err)));
+ ldap_err, sss_ldap_err2string(ldap_err)));
ret = ldap_err;
}
goto fail;
@@ -590,7 +588,7 @@ static void simple_bind_done(struct sdap_op *op,
}
DEBUG(3, ("Bind result: %s(%d), %s\n",
- ldap_err2string(state->result), state->result, errmsg));
+ sss_ldap_err2string(state->result), state->result, errmsg));
ret = LDAP_SUCCESS;
done:
@@ -669,7 +667,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx,
state->result = ret;
if (ret != LDAP_SUCCESS) {
DEBUG(1, ("ldap_sasl_bind failed (%d)[%s]\n",
- ret, ldap_err2string(ret)));
+ ret, sss_ldap_err2string(ret)));
goto fail;
}
@@ -1554,11 +1552,11 @@ static int synchronous_tls_setup(LDAP *ldap)
optret = ldap_get_option(ldap, SDAP_DIAGNOSTIC_MESSAGE, (void*)&errmsg);
if (optret == LDAP_SUCCESS) {
DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n",
- ldap_err2string(lret), errmsg));
+ sss_ldap_err2string(lret), errmsg));
sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg);
ldap_memfree(errmsg);
} else {
- DEBUG(3, ("ldap_start_tls failed: [%s]\n", ldap_err2string(lret)));
+ DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret)));
sss_log(SSS_LOG_ERR, "Could not start TLS. "
"Check for certificate issues.");
}
@@ -1576,12 +1574,12 @@ static int synchronous_tls_setup(LDAP *ldap)
0);
if (lret != LDAP_SUCCESS) {
DEBUG(2, ("ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret,
- ldap_err2string(lret)));
+ sss_ldap_err2string(lret)));
return lret;
}
DEBUG(3, ("START TLS result: %s(%d), %s\n",
- ldap_err2string(ldaperr), ldaperr, errmsg));
+ sss_ldap_err2string(ldaperr), ldaperr, errmsg));
ldap_memfree(errmsg);
if (ldap_tls_inplace(ldap)) {
@@ -1595,12 +1593,12 @@ static int synchronous_tls_setup(LDAP *ldap)
optret = ldap_get_option(ldap, SDAP_DIAGNOSTIC_MESSAGE, (void*)&errmsg);
if (optret == LDAP_SUCCESS) {
DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n",
- ldap_err2string(lret), errmsg));
+ sss_ldap_err2string(lret), errmsg));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg);
ldap_memfree(errmsg);
} else {
DEBUG(3, ("ldap_install_tls failed: [%s]\n",
- ldap_err2string(lret)));
+ sss_ldap_err2string(lret)));
sss_log(SSS_LOG_ERR, "Could not start TLS encryption. "
"Check for certificate issues.");
}
@@ -1670,7 +1668,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
request_controls, NULL, NULL);
if (ret != LDAP_SUCCESS) {
DEBUG(1, ("ldap_sasl_bind_s failed (%d)[%s]\n", ret,
- ldap_err2string(ret)));
+ sss_ldap_err2string(ret)));
}
} else {
sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state);
@@ -1688,7 +1686,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
sasl_bind_state);
if (ret != LDAP_SUCCESS) {
DEBUG(1, ("ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret,
- ldap_err2string(ret)));
+ sss_ldap_err2string(ret)));
}
}
diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c
index 785a4482a..84288a903 100644
--- a/src/util/sss_ldap.c
+++ b/src/util/sss_ldap.c
@@ -28,7 +28,19 @@
#include "config.h"
#include "util/sss_ldap.h"
+#include "util/util.h"
+const char* sss_ldap_err2string(int err)
+{
+ static const char *password_expired = "Password expired";
+
+ switch (err) {
+ case LDAP_X_SSSD_PASSWORD_EXPIRED:
+ return password_expired;
+ default:
+ return ldap_err2string(err);
+ }
+}
int sss_ldap_control_create(const char *oid, int iscritical,
struct berval *value, int dupval,
@@ -357,7 +369,7 @@ fail:
if (ret == LDAP_SUCCESS) {
tevent_req_done(req);
} else {
- DEBUG(1, ("ldap_initialize failed [%s].\n", ldap_err2string(ret)));
+ DEBUG(1, ("ldap_initialize failed [%s].\n", sss_ldap_err2string(ret)));
if (ret == LDAP_SERVER_DOWN) {
tevent_req_error(req, ETIMEDOUT);
} else {
@@ -392,7 +404,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
lret = ldap_init_fd(state->sd, LDAP_PROTO_TCP, state->uri, &state->ldap);
if (lret != LDAP_SUCCESS) {
- DEBUG(1, ("ldap_init_fd failed: %s\n", ldap_err2string(lret)));
+ DEBUG(1, ("ldap_init_fd failed: %s\n", sss_ldap_err2string(lret)));
close(state->sd);
if (lret == LDAP_SERVER_DOWN) {
tevent_req_error(req, ETIMEDOUT);
@@ -409,7 +421,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq)
DEBUG(5, ("TLS/SSL already in place.\n"));
} else {
DEBUG(1, ("ldap_install_tls failed: %s\n",
- ldap_err2string(lret)));
+ sss_ldap_err2string(lret)));
tevent_req_error(req, EIO);
return;
diff --git a/src/util/sss_ldap.h b/src/util/sss_ldap.h
index 985a903cb..599559604 100644
--- a/src/util/sss_ldap.h
+++ b/src/util/sss_ldap.h
@@ -28,6 +28,10 @@
#include <tevent.h>
#include "util/util.h"
+#define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D
+
+const char* sss_ldap_err2string(int err);
+
int sss_ldap_control_create(const char *oid, int iscritical,
struct berval *value, int dupval,
LDAPControl **ctrlp);