From 4f1ce08f55806e51a013e5a9824c23c5a65c5f48 Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 5 Sep 2011 09:54:46 +0200 Subject: Use sss_ldap_err2string() instead of ldap_err2string() sss_ldap_err2string() - function created https://fedorahosted.org/sssd/ticket/986 sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986 --- src/providers/ldap/sdap.c | 28 ++++++++++++------------ src/providers/ldap/sdap_async.c | 10 ++++----- src/providers/ldap/sdap_async_connection.c | 34 ++++++++++++++---------------- src/util/sss_ldap.c | 18 +++++++++++++--- src/util/sss_ldap.h | 4 ++++ 5 files changed, 54 insertions(+), 40 deletions(-) diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 237a1f230..f6547cfb1 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -107,7 +107,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed [%s], ignored.\n", - ldap_err2string(ret))); + sss_ldap_err2string(ret))); } attrs = sysdb_new_attrs(memctx); @@ -117,7 +117,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("ldap_get_dn failed: %d(%s)\n", - lerrno, ldap_err2string(lerrno))); + lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto fail; } @@ -165,7 +165,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("Entry has no attributes [%d(%s)]!?\n", - lerrno, ldap_err2string(lerrno))); + lerrno, sss_ldap_err2string(lerrno))); if (map) { ret = EINVAL; goto fail; @@ -204,7 +204,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno != LDAP_SUCCESS) { DEBUG(1, ("LDAP Library error: %d(%s)", - lerrno, ldap_err2string(lerrno))); + lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto fail; } @@ -236,7 +236,7 @@ int sdap_parse_entry(TALLOC_CTX *memctx, ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (lerrno) { DEBUG(1, ("LDAP Library error: %d(%s)", - lerrno, ldap_err2string(lerrno))); + lerrno, sss_ldap_err2string(lerrno))); ret = EIO; goto fail; } @@ -291,14 +291,14 @@ int sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh, ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); if (ret != LDAP_OPT_SUCCESS) { DEBUG(1, ("ldap_set_option failed [%s], ignored.\n", - ldap_err2string(ret))); + sss_ldap_err2string(ret))); } str = ldap_get_dn(sh->ldap, sm->msg); if (!str) { ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno); DEBUG(1, ("ldap_get_dn failed: %d(%s)\n", - lerrno, ldap_err2string(lerrno))); + lerrno, sss_ldap_err2string(lerrno))); return EIO; } @@ -340,7 +340,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, &ldap_opt_x_tls_require_cert); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -349,7 +349,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -358,7 +358,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -367,7 +367,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -376,7 +376,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -385,7 +385,7 @@ errno_t setup_tls_config(struct dp_option *basic_opts) if (tls_opt) { ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt); if (ret != LDAP_OPT_SUCCESS) { - DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret))); return EIO; } } @@ -748,7 +748,7 @@ int sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical, ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp); if (ret != LDAP_SUCCESS) { DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n", - ret, ldap_err2string(ret))); + ret, sss_ldap_err2string(ret))); } } else { DEBUG(3, ("Server does not support the requested control [%s].\n", oid)); diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 3b2849876..0192f08a4 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -580,7 +580,7 @@ static void sdap_exop_modify_passwd_done(struct sdap_op *op, } DEBUG(3, ("ldap_extended_operation result: %s(%d), %s\n", - ldap_err2string(state->result), state->result, errmsg)); + sss_ldap_err2string(state->result), state->result, errmsg)); if (state->result != LDAP_SUCCESS) { if (errmsg) { @@ -874,7 +874,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req) ldap_control_free(page_control); m_controls[0] = NULL; if (lret != LDAP_SUCCESS) { - DEBUG(3, ("ldap_search_ext failed: %s\n", ldap_err2string(lret))); + DEBUG(3, ("ldap_search_ext failed: %s\n", sss_ldap_err2string(lret))); if (lret == LDAP_SERVER_DOWN) { ret = ETIMEDOUT; optret = ldap_get_option(state->sh->ldap, @@ -887,7 +887,7 @@ static errno_t sdap_get_generic_step(struct tevent_req *req) } else { sss_log(SSS_LOG_ERR, "LDAP connection error, %s", - ldap_err2string(lret)); + sss_ldap_err2string(lret)); } } @@ -973,11 +973,11 @@ static void sdap_get_generic_done(struct sdap_op *op, } DEBUG(6, ("Search result: %s(%d), %s\n", - ldap_err2string(result), result, errmsg)); + sss_ldap_err2string(result), result, errmsg)); if (result != LDAP_SUCCESS && result != LDAP_NO_SUCH_OBJECT) { DEBUG(2, ("Unexpected result from ldap: %s(%d), %s\n", - ldap_err2string(result), result, errmsg)); + sss_ldap_err2string(result), result, errmsg)); } ldap_memfree(errmsg); diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c index c02307814..5ce0bb4b5 100644 --- a/src/providers/ldap/sdap_async_connection.c +++ b/src/providers/ldap/sdap_async_connection.c @@ -29,8 +29,6 @@ #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/ldap_common.h" -#define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D - errno_t deref_string_to_val(const char *str, int *val) { if (strcasecmp(str, "never") == 0) { @@ -283,14 +281,14 @@ static void sdap_sys_connect_done(struct tevent_req *subreq) (void*)&errmsg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", - ldap_err2string(lret), + sss_ldap_err2string(lret), errmsg)); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); ldap_memfree(errmsg); } else { DEBUG(3, ("ldap_start_tls failed: [%s]\n", - ldap_err2string(lret))); + sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } @@ -351,7 +349,7 @@ static void sdap_connect_done(struct sdap_op *op, } DEBUG(3, ("START TLS result: %s(%d), %s\n", - ldap_err2string(state->result), state->result, errmsg)); + sss_ldap_err2string(state->result), state->result, errmsg)); ldap_memfree(errmsg); if (ldap_tls_inplace(state->sh->ldap)) { @@ -369,14 +367,14 @@ static void sdap_connect_done(struct sdap_op *op, (void*)&tlserr); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", - ldap_err2string(ret), + sss_ldap_err2string(ret), tlserr)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", tlserr); ldap_memfree(tlserr); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", - ldap_err2string(ret))); + sss_ldap_err2string(ret))); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); } @@ -474,7 +472,7 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx, ret = LDAP_LOCAL_ERROR; } else { DEBUG(1, ("ldap_bind failed (%d)[%s]\n", - ldap_err, ldap_err2string(ldap_err))); + ldap_err, sss_ldap_err2string(ldap_err))); ret = ldap_err; } goto fail; @@ -590,7 +588,7 @@ static void simple_bind_done(struct sdap_op *op, } DEBUG(3, ("Bind result: %s(%d), %s\n", - ldap_err2string(state->result), state->result, errmsg)); + sss_ldap_err2string(state->result), state->result, errmsg)); ret = LDAP_SUCCESS; done: @@ -669,7 +667,7 @@ static struct tevent_req *sasl_bind_send(TALLOC_CTX *memctx, state->result = ret; if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_sasl_bind failed (%d)[%s]\n", - ret, ldap_err2string(ret))); + ret, sss_ldap_err2string(ret))); goto fail; } @@ -1554,11 +1552,11 @@ static int synchronous_tls_setup(LDAP *ldap) optret = ldap_get_option(ldap, SDAP_DIAGNOSTIC_MESSAGE, (void*)&errmsg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_start_tls failed: [%s] [%s]\n", - ldap_err2string(lret), errmsg)); + sss_ldap_err2string(lret), errmsg)); sss_log(SSS_LOG_ERR, "Could not start TLS. %s", errmsg); ldap_memfree(errmsg); } else { - DEBUG(3, ("ldap_start_tls failed: [%s]\n", ldap_err2string(lret))); + DEBUG(3, ("ldap_start_tls failed: [%s]\n", sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS. " "Check for certificate issues."); } @@ -1576,12 +1574,12 @@ static int synchronous_tls_setup(LDAP *ldap) 0); if (lret != LDAP_SUCCESS) { DEBUG(2, ("ldap_parse_result failed (%d) [%d][%s]\n", msgid, lret, - ldap_err2string(lret))); + sss_ldap_err2string(lret))); return lret; } DEBUG(3, ("START TLS result: %s(%d), %s\n", - ldap_err2string(ldaperr), ldaperr, errmsg)); + sss_ldap_err2string(ldaperr), ldaperr, errmsg)); ldap_memfree(errmsg); if (ldap_tls_inplace(ldap)) { @@ -1595,12 +1593,12 @@ static int synchronous_tls_setup(LDAP *ldap) optret = ldap_get_option(ldap, SDAP_DIAGNOSTIC_MESSAGE, (void*)&errmsg); if (optret == LDAP_SUCCESS) { DEBUG(3, ("ldap_install_tls failed: [%s] [%s]\n", - ldap_err2string(lret), errmsg)); + sss_ldap_err2string(lret), errmsg)); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. %s", errmsg); ldap_memfree(errmsg); } else { DEBUG(3, ("ldap_install_tls failed: [%s]\n", - ldap_err2string(lret))); + sss_ldap_err2string(lret))); sss_log(SSS_LOG_ERR, "Could not start TLS encryption. " "Check for certificate issues."); } @@ -1670,7 +1668,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, request_controls, NULL, NULL); if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_sasl_bind_s failed (%d)[%s]\n", ret, - ldap_err2string(ret))); + sss_ldap_err2string(ret))); } } else { sasl_bind_state = talloc_zero(tmp_ctx, struct sasl_bind_state); @@ -1688,7 +1686,7 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request, sasl_bind_state); if (ret != LDAP_SUCCESS) { DEBUG(1, ("ldap_sasl_interactive_bind_s failed (%d)[%s]\n", ret, - ldap_err2string(ret))); + sss_ldap_err2string(ret))); } } diff --git a/src/util/sss_ldap.c b/src/util/sss_ldap.c index 785a4482a..84288a903 100644 --- a/src/util/sss_ldap.c +++ b/src/util/sss_ldap.c @@ -28,7 +28,19 @@ #include "config.h" #include "util/sss_ldap.h" +#include "util/util.h" +const char* sss_ldap_err2string(int err) +{ + static const char *password_expired = "Password expired"; + + switch (err) { + case LDAP_X_SSSD_PASSWORD_EXPIRED: + return password_expired; + default: + return ldap_err2string(err); + } +} int sss_ldap_control_create(const char *oid, int iscritical, struct berval *value, int dupval, @@ -357,7 +369,7 @@ fail: if (ret == LDAP_SUCCESS) { tevent_req_done(req); } else { - DEBUG(1, ("ldap_initialize failed [%s].\n", ldap_err2string(ret))); + DEBUG(1, ("ldap_initialize failed [%s].\n", sss_ldap_err2string(ret))); if (ret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); } else { @@ -392,7 +404,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) lret = ldap_init_fd(state->sd, LDAP_PROTO_TCP, state->uri, &state->ldap); if (lret != LDAP_SUCCESS) { - DEBUG(1, ("ldap_init_fd failed: %s\n", ldap_err2string(lret))); + DEBUG(1, ("ldap_init_fd failed: %s\n", sss_ldap_err2string(lret))); close(state->sd); if (lret == LDAP_SERVER_DOWN) { tevent_req_error(req, ETIMEDOUT); @@ -409,7 +421,7 @@ static void sss_ldap_init_sys_connect_done(struct tevent_req *subreq) DEBUG(5, ("TLS/SSL already in place.\n")); } else { DEBUG(1, ("ldap_install_tls failed: %s\n", - ldap_err2string(lret))); + sss_ldap_err2string(lret))); tevent_req_error(req, EIO); return; diff --git a/src/util/sss_ldap.h b/src/util/sss_ldap.h index 985a903cb..599559604 100644 --- a/src/util/sss_ldap.h +++ b/src/util/sss_ldap.h @@ -28,6 +28,10 @@ #include #include "util/util.h" +#define LDAP_X_SSSD_PASSWORD_EXPIRED 0x555D + +const char* sss_ldap_err2string(int err); + int sss_ldap_control_create(const char *oid, int iscritical, struct berval *value, int dupval, LDAPControl **ctrlp); -- cgit