[389-commits] ldap/servers
Noriko Hosoi
nhosoi at fedoraproject.org
Wed Jan 26 01:13:56 UTC 2011
ldap/servers/plugins/chainingdb/cb.h | 2
ldap/servers/plugins/chainingdb/cb_add.c | 76 ++++++++++-----
ldap/servers/plugins/chainingdb/cb_bind.c | 62 +++++++-----
ldap/servers/plugins/chainingdb/cb_compare.c | 55 +++++++----
ldap/servers/plugins/chainingdb/cb_conn_stateless.c | 71 +++++++++-----
ldap/servers/plugins/chainingdb/cb_delete.c | 80 ++++++++++------
ldap/servers/plugins/chainingdb/cb_modify.c | 74 ++++++++++----
ldap/servers/plugins/chainingdb/cb_modrdn.c | 82 ++++++++++------
ldap/servers/plugins/chainingdb/cb_search.c | 99 ++++++++++++++------
ldap/servers/slapd/pw.c | 4
10 files changed, 404 insertions(+), 201 deletions(-)
New commits:
commit 7ece306092df8db2c51aeb637d69771f5dc77d02
Author: Noriko Hosoi <nhosoi at redhat.com>
Date: Tue Jan 25 15:34:15 2011 -0800
Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any error message in logs
https://bugzilla.redhat.com/show_bug.cgi?id=646381
Description: Chaning db plugin was terse not to reveal the config
error to end users as well as to prevent error log overflow by
every single error possibly caused by end users.
This patch returns this generic error text to end users:
ldap_add: Operations error (1)
additional info: database configuration error - \
please contact the system administrator
And more detailed messages are logged in the errors log. E.g.,
chaining database - Internal credentials decoding error;
password storage schemes do not match or encrypted password
is corrupted.
chaining database - cb_get_connection failed (49) Invalid credentials
Note: the messages are logged just once in the errors log.
diff --git a/ldap/servers/plugins/chainingdb/cb.h b/ldap/servers/plugins/chainingdb/cb.h
index d787c0c..80e991e 100644
--- a/ldap/servers/plugins/chainingdb/cb.h
+++ b/ldap/servers/plugins/chainingdb/cb.h
@@ -503,4 +503,6 @@ char* get_localhost_DNS();
/* this function is called when state of a backend changes */
void cb_be_state_change (void *handle, char *be_name, int old_be_state, int new_be_state);
+#define ENDUSERMSG "database configuration error - please contact the system administrator"
+
#endif
diff --git a/ldap/servers/plugins/chainingdb/cb_add.c b/ldap/servers/plugins/chainingdb/cb_add.c
index 720c48f..501865a 100644
--- a/ldap/servers/plugins/chainingdb/cb_add.c
+++ b/ldap/servers/plugins/chainingdb/cb_add.c
@@ -110,16 +110,24 @@ chaining_back_add ( Slapi_PBlock *pb )
}
/* Grab a connection handle */
- if ((rc = cb_get_connection(cb->pool,&ld,&cnx,NULL,&cnxerrbuf)) != LDAP_SUCCESS) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR,NULL,cnxerrbuf, 0, NULL);
- ldap_mods_free(mods,1);
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
+ rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
}
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
+ ldap_mods_free(mods, 1);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
- return -1;
+ return -1;
}
/* Control management */
@@ -149,12 +157,14 @@ chaining_back_add ( Slapi_PBlock *pb )
ldap_controls_free(ctrls);
if ( rc != LDAP_SUCCESS ) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "ldap_add_ext failed -- %s\n", ldap_err2string(rc) );
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(rc), 0, NULL);
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
ldap_mods_free(mods,1);
- return -1;
+ return -1;
}
/*
@@ -208,35 +218,53 @@ chaining_back_add ( Slapi_PBlock *pb )
parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg,
&error_msg, &referrals, &serverctrls, 1 );
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(parse_rc), 0, NULL);
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string(parse_rc));
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
ldap_mods_free(mods,1);
- slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&matched_msg);
slapi_ch_free((void **)&error_msg);
if (serverctrls)
- ldap_controls_free(serverctrls);
+ ldap_controls_free(serverctrls);
/* jarnou: free referrals */
- if (referrals)
- charray_free(referrals);
- return -1;
+ if (referrals)
+ charray_free(referrals);
+ return -1;
}
- if ( rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
struct berval ** refs = referrals2berval(referrals);
- cb_send_ldap_result( pb, rc, matched_msg, error_msg, 0, refs);
+ static int warned_rc = 0;
+ if (!warned_rc && error_msg) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
ldap_mods_free(mods,1);
slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&error_msg);
if (refs)
ber_bvecfree(refs);
if (referrals)
charray_free(referrals);
if (serverctrls)
- ldap_controls_free(serverctrls);
- return -1;
+ ldap_controls_free(serverctrls);
+ return -1;
}
ldap_mods_free(mods,1 );
diff --git a/ldap/servers/plugins/chainingdb/cb_bind.c b/ldap/servers/plugins/chainingdb/cb_bind.c
index 71d1ade..027791f 100644
--- a/ldap/servers/plugins/chainingdb/cb_bind.c
+++ b/ldap/servers/plugins/chainingdb/cb_bind.c
@@ -94,8 +94,8 @@ static int
cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
struct berval *creds, LDAPControl **reqctrls,
char **matcheddnp, char **errmsgp, struct berval ***refurlsp,
- LDAPControl ***resctrlsp , int * status) {
-
+ LDAPControl ***resctrlsp , int * status )
+{
int rc, msgid;
char **referrals;
struct timeval timeout_copy, *timeout;
@@ -112,10 +112,18 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
timeout_copy.tv_usec = pool->conn.bind_timeout.tv_usec;
PR_RWLock_Unlock(pool->rwl_config_lock);
- if (( rc = cb_get_connection( pool, &ld ,&cnx, NULL, &cnxerrbuf)) != LDAP_SUCCESS ) {
- *errmsgp=cnxerrbuf;
- goto release_and_return;
- }
+ rc = cb_get_connection(pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ *errmsgp = cnxerrbuf;
+ goto release_and_return;
+ }
/* Send the bind operation (need to retry on LDAP_SERVER_DOWN) */
@@ -171,8 +179,15 @@ cb_sasl_bind_once_s( cb_conn_pool *pool, char *dn, int method, char * mechanism,
*errmsgp=slapi_ch_strdup(errmsgp2);
if ( LDAP_SUCCESS != rc ) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
- "cb_sasl_bind_once_s failed (%s)\n",ldap_err2string(rc));
+ static int warned_bind_once = 0;
+ if (!warned_bind_once) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_sasl_bind_once_s failed (%s%s%s)\n",
+ matcheddnp?matcheddnp:"",
+ (matcheddnp&&(*matcheddnp!='\0'))?": ":"",
+ ldap_err2string(rc));
+ warned_bind_once = 1;
+ }
}
} else {
@@ -274,29 +289,30 @@ chainingdb_bind( Slapi_PBlock *pb ) {
bind_retry=cb->bind_retry;
PR_RWLock_Unlock(cb->rwl_config_lock);
- if ( LDAP_SUCCESS == (rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn,method,mechanism,
- creds,reqctrls,&matcheddn,&errmsg,&urls,&resctrls, &status))) {
- rc = status;
- allocated_errmsg = 1;
- } else
- if ( LDAP_USER_CANCELLED != rc ) {
- errmsg = ldap_err2string( rc );
+ rc = cb_sasl_bind_s(pb, cb->bind_pool, bind_retry, dn, method,
+ mechanism, creds, reqctrls, &matcheddn, &errmsg,
+ &urls, &resctrls, &status);
+ if ( LDAP_SUCCESS == rc ) {
+ rc = status;
+ allocated_errmsg = 1;
+ } else if ( LDAP_USER_CANCELLED != rc ) {
+ errmsg = ldap_err2string( rc );
if (rc == LDAP_TIMEOUT) {
- cb_ping_farm(cb,NULL,0);
+ cb_ping_farm(cb,NULL,0);
}
- rc = LDAP_OPERATIONS_ERROR;
+ rc = LDAP_OPERATIONS_ERROR;
}
- if ( rc != LDAP_USER_CANCELLED ) { /* not abandoned */
- if ( resctrls != NULL ) {
- slapi_pblock_set( pb, SLAPI_RESCONTROLS, resctrls );
+ if ( rc != LDAP_USER_CANCELLED ) { /* not abandoned */
+ if ( resctrls != NULL ) {
+ slapi_pblock_set( pb, SLAPI_RESCONTROLS, resctrls );
freectrls=0;
- }
+ }
if ( rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, rc, matcheddn, errmsg, 0, urls );
+ cb_send_ldap_result( pb, rc, matcheddn, errmsg, 0, urls );
}
- }
+ }
if ( urls != NULL ) {
cb_free_bervals( urls );
diff --git a/ldap/servers/plugins/chainingdb/cb_compare.c b/ldap/servers/plugins/chainingdb/cb_compare.c
index 57235fc..ccbc175 100644
--- a/ldap/servers/plugins/chainingdb/cb_compare.c
+++ b/ldap/servers/plugins/chainingdb/cb_compare.c
@@ -111,15 +111,22 @@ chaining_back_compare ( Slapi_PBlock *pb )
/*
* Grab a connection handle
*/
-
- if ((rc = cb_get_connection(cb->pool,&ld,&cnx,NULL,&cnxerrbuf)) != LDAP_SUCCESS) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
- }
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
- return 1;
+ rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
+ return 1;
}
/*
@@ -195,20 +202,28 @@ chaining_back_compare ( Slapi_PBlock *pb )
default:
matched_msg=error_msg=NULL;
parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg,
- &error_msg, &referrals, &serverctrls, 1 );
- if ( parse_rc != LDAP_SUCCESS ) {
-
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(parse_rc), 0, NULL);
+ &error_msg, &referrals, &serverctrls, 1 );
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string(parse_rc));
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
if (serverctrls)
- ldap_controls_free(serverctrls);
+ ldap_controls_free(serverctrls);
/* jarnou: free referrals */
- if (referrals)
- charray_free(referrals);
- return 1;
+ if (referrals)
+ charray_free(referrals);
+ return 1;
}
switch ( rc ) {
diff --git a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
index a3dfe36..d84d657 100644
--- a/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
+++ b/ldap/servers/plugins/chainingdb/cb_conn_stateless.c
@@ -151,8 +151,13 @@ void cb_close_conn_pool(cb_conn_pool * pool) {
* NOTE : if maxtime NULL, use operation timeout
*/
-int cb_get_connection(cb_conn_pool * pool, LDAP ** lld, cb_outgoing_conn ** cc,struct timeval * maxtime, char **errmsg) {
-
+int
+cb_get_connection(cb_conn_pool * pool,
+ LDAP ** lld,
+ cb_outgoing_conn ** cc,
+ struct timeval * maxtime,
+ char **errmsg)
+{
int rc=LDAP_SUCCESS; /* optimistic */
cb_outgoing_conn *conn=NULL;
cb_outgoing_conn *connprev=NULL;
@@ -213,13 +218,17 @@ int cb_get_connection(cb_conn_pool * pool, LDAP ** lld, cb_outgoing_conn ** cc,s
/* For stupid admins */
if (maxconnections <=0) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
- "<== cb_get_connection error (no connection available)\n");
+ static int warned_maxconn = 0;
+ if (!warned_maxconn) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "<== cb_get_connection error (no connection available)\n");
+ warned_maxconn = 1;
+ }
if ( errmsg ) {
- *errmsg = PR_smprintf(error1, "no connection available");
+ *errmsg = slapi_ch_smprintf("%s", ENDUSERMSG);
}
return LDAP_CONNECT_ERROR;
- }
+ }
if (maxtime) {
if (maxtime->tv_sec != 0) {
@@ -324,13 +333,17 @@ int cb_get_connection(cb_conn_pool * pool, LDAP ** lld, cb_outgoing_conn ** cc,s
*/
/* No need to lock. url can't be changed dynamically */
- if ((ld=slapi_ldap_init(hostname,port,secure,isMultiThread))== NULL) {
- if (cb_debug_on()) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
- "Can't contact server <%s> port <%d>.\n", hostname, port);
+ ld = slapi_ldap_init(hostname, port, secure, isMultiThread);
+ if (NULL == ld) {
+ static int warned_init = 0;
+ if (!warned_init) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "Can't contact server <%s> port <%d>.\n",
+ hostname, port );
+ warned_init = 1;
}
if ( errmsg ) {
- *errmsg = PR_smprintf(error1,"unknown reason");
+ *errmsg = slapi_ch_smprintf("%s", ENDUSERMSG);
}
rc = LDAP_CONNECT_ERROR;
goto unlock_and_return;
@@ -363,11 +376,18 @@ int cb_get_connection(cb_conn_pool * pool, LDAP ** lld, cb_outgoing_conn ** cc,s
/* Pb occured in decryption: stop now, binding will fail */
if ( ret == -1 )
{
- if (cb_debug_on()) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
- "Internal credentials decoding error\n.");
+ static int warned_pw = 0;
+ if (!warned_pw) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "Internal credentials decoding error; "
+ "password storage schemes do not match or "
+ "encrypted password is corrupted.\n");
+ warned_pw = 1;
+ }
+ if ( errmsg ) {
+ *errmsg = slapi_ch_smprintf("%s", ENDUSERMSG);
}
- rc = LDAP_LOCAL_ERROR;
+ rc = LDAP_INVALID_CREDENTIALS;
goto unlock_and_return;
}
@@ -378,26 +398,33 @@ int cb_get_connection(cb_conn_pool * pool, LDAP ** lld, cb_outgoing_conn ** cc,s
if ( ret == 0 ) slapi_ch_free_string(&plain); /* free plain only if it has been duplicated */
if ( rc == LDAP_TIMEOUT ) {
- if (cb_debug_on()) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
- "Can't bind to server <%s> port <%d>. (%s)\n",
- hostname, port, "time-out expired");
+ static int warned_bind_timeout = 0;
+ if (!warned_bind_timeout) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "Can't bind to server <%s> port <%d>. (%s)\n",
+ hostname, port, "time-out expired");
+ warned_bind_timeout = 1;
+ }
+ if ( errmsg ) {
+ *errmsg = slapi_ch_smprintf("%s", ENDUSERMSG);
}
rc = LDAP_CONNECT_ERROR;
goto unlock_and_return;
} else if ( rc != LDAP_SUCCESS ) {
prerr=PR_GetError();
- if (cb_debug_on()) {
- slapi_log_error( SLAPI_LOG_PLUGIN, CB_PLUGIN_SUBSYSTEM,
+ static int warned_bind_err = 0;
+ if (!warned_bind_err) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
"Can't bind to server <%s> port <%d>. "
"(LDAP error %d - %s; "
SLAPI_COMPONENT_NAME_NSPR " error %d - %s)\n",
hostname, port, rc,
ldap_err2string(rc),
prerr, slapd_pr_strerror(prerr));
+ warned_bind_err = 1;
}
if ( errmsg ) {
- *errmsg = PR_smprintf(error2, ldap_err2string(rc));
+ *errmsg = slapi_ch_smprintf("%s", ENDUSERMSG);
}
rc = LDAP_CONNECT_ERROR;
goto unlock_and_return;
diff --git a/ldap/servers/plugins/chainingdb/cb_delete.c b/ldap/servers/plugins/chainingdb/cb_delete.c
index dcca630..992f606 100644
--- a/ldap/servers/plugins/chainingdb/cb_delete.c
+++ b/ldap/servers/plugins/chainingdb/cb_delete.c
@@ -105,15 +105,22 @@ chaining_back_delete ( Slapi_PBlock *pb )
/*
* Grab a connection handle
*/
-
- if ((rc = cb_get_connection(cb->pool,&ld,&cnx,NULL,&cnxerrbuf)) != LDAP_SUCCESS) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
- }
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
- return -1;
+ rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
+ return -1;
}
/*
@@ -188,35 +195,52 @@ chaining_back_delete ( Slapi_PBlock *pb )
default:
matched_msg=error_msg=NULL;
parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg,
- &error_msg, &referrals, &serverctrls, 1 );
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(parse_rc), 0, NULL);
+ &error_msg, &referrals, &serverctrls, 1 );
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string(parse_rc) );
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
- if (serverctrls)
- ldap_controls_free(serverctrls);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
+ if (serverctrls)
+ ldap_controls_free(serverctrls);
/* jarnou: free referrals */
- if (referrals)
- charray_free(referrals);
- return -1;
+ if (referrals)
+ charray_free(referrals);
+ return -1;
}
- if ( rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
struct berval ** refs = referrals2berval(referrals);
-
- cb_send_ldap_result( pb, rc, matched_msg, error_msg, 0, refs);
+ static int warned_rc = 0;
+ if (!warned_rc && error_msg) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
if (refs)
ber_bvecfree(refs);
if (referrals)
charray_free(referrals);
- if (serverctrls)
- ldap_controls_free(serverctrls);
- return -1;
+ if (serverctrls)
+ ldap_controls_free(serverctrls);
+ return -1;
}
cb_release_op_connection(cb->pool,ld,0);
diff --git a/ldap/servers/plugins/chainingdb/cb_modify.c b/ldap/servers/plugins/chainingdb/cb_modify.c
index 8b50f6e..f0b4e44 100644
--- a/ldap/servers/plugins/chainingdb/cb_modify.c
+++ b/ldap/servers/plugins/chainingdb/cb_modify.c
@@ -114,14 +114,22 @@ chaining_back_modify ( Slapi_PBlock *pb )
/* Grab a connection handle */
- if ((rc = cb_get_connection(cb->pool,&ld,&cnx,NULL,&cnxerrbuf)) != LDAP_SUCCESS) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
- }
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
- return -1;
+ rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
+ return -1;
}
/* Control management */
@@ -197,34 +205,52 @@ chaining_back_modify ( Slapi_PBlock *pb )
matched_msg=error_msg=NULL;
serverctrls=NULL;
parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg,
- &error_msg, &referrals, &serverctrls, 1 );
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(parse_rc), 0, NULL);
+ &error_msg, &referrals, &serverctrls, 1 );
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string(parse_rc));
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
if (serverctrls)
- ldap_controls_free(serverctrls);
+ ldap_controls_free(serverctrls);
/* jarnou: free referrals */
- if (referrals)
- charray_free(referrals);
- return -1;
+ if (referrals)
+ charray_free(referrals);
+ return -1;
}
- if ( rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
struct berval ** refs = referrals2berval(referrals);
- cb_send_ldap_result( pb, rc, matched_msg, error_msg, 0, refs);
+ static int warned_rc = 0;
+ if (!warned_rc && error_msg) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
if (refs)
ber_bvecfree(refs);
if (referrals)
charray_free(referrals);
if (serverctrls)
- ldap_controls_free(serverctrls);
- return -1;
+ ldap_controls_free(serverctrls);
+ return -1;
}
cb_release_op_connection(cb->pool,ld,0);
diff --git a/ldap/servers/plugins/chainingdb/cb_modrdn.c b/ldap/servers/plugins/chainingdb/cb_modrdn.c
index aa0bcac..2efff02 100644
--- a/ldap/servers/plugins/chainingdb/cb_modrdn.c
+++ b/ldap/servers/plugins/chainingdb/cb_modrdn.c
@@ -139,15 +139,22 @@ chaining_back_modrdn ( Slapi_PBlock *pb )
/*
* Grab a connection handle
*/
-
- if ((rc = cb_get_connection(cb->pool,&ld,&cnx,NULL,&cnxerrbuf)) != LDAP_SUCCESS) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL, cnxerrbuf, 0, NULL);
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
- }
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
- return -1;
+ rc = cb_get_connection(cb->pool, &ld, &cnx, NULL, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
+ return -1;
}
/*
@@ -223,36 +230,53 @@ chaining_back_modrdn ( Slapi_PBlock *pb )
default:
matched_msg=error_msg=NULL;
parse_rc = ldap_parse_result( ld, res, &rc, &matched_msg,
- &error_msg, &referrals, &serverctrls, 1 );
-
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
- ldap_err2string(parse_rc), 0, NULL);
+ &error_msg, &referrals, &serverctrls, 1 );
+
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string(parse_rc));
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(parse_rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
- if (serverctrls)
- ldap_controls_free(serverctrls);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
+ if (serverctrls)
+ ldap_controls_free(serverctrls);
/* jarnou: free referrals */
- if (referrals)
- charray_free(referrals);
- return -1;
+ if (referrals)
+ charray_free(referrals);
+ return -1;
}
- if ( rc != LDAP_SUCCESS ) {
+ if ( rc != LDAP_SUCCESS ) {
struct berval ** refs = referrals2berval(referrals);
-
- cb_send_ldap_result( pb, rc, matched_msg, error_msg, 0, refs);
+ static int warned_rc = 0;
+ if (!warned_rc && error_msg) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, refs);
cb_release_op_connection(cb->pool,ld,CB_LDAP_CONN_ERROR(rc));
- slapi_ch_free((void **)&matched_msg);
- slapi_ch_free((void **)&error_msg);
+ slapi_ch_free((void **)&matched_msg);
+ slapi_ch_free((void **)&error_msg);
if (refs)
ber_bvecfree(refs);
if (referrals)
charray_free(referrals);
- if (serverctrls)
- ldap_controls_free(serverctrls);
- return -1;
+ if (serverctrls)
+ ldap_controls_free(serverctrls);
+ return -1;
}
cb_release_op_connection(cb->pool,ld,0);
diff --git a/ldap/servers/plugins/chainingdb/cb_search.c b/ldap/servers/plugins/chainingdb/cb_search.c
index e2f2579..e5d56ff 100644
--- a/ldap/servers/plugins/chainingdb/cb_search.c
+++ b/ldap/servers/plugins/chainingdb/cb_search.c
@@ -214,18 +214,25 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb )
}
/* Grab a connection handle */
-
- if ( LDAP_SUCCESS != (rc = cb_get_connection(cb->pool,&ld,&cnx,&timeout,&cnxerrbuf))) {
- if (rc == LDAP_TIMELIMIT_EXCEEDED)
- cb_send_ldap_result( pb, rc, NULL,cnxerrbuf, 0, NULL);
- else
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,cnxerrbuf, 0, NULL);
-
- if (cnxerrbuf) {
- PR_smprintf_free(cnxerrbuf);
+ rc = cb_get_connection(cb->pool, &ld, &cnx, &timeout, &cnxerrbuf);
+ if (LDAP_SUCCESS != rc) {
+ static int warned_get_conn = 0;
+ if (!warned_get_conn) {
+ slapi_log_error(SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "cb_get_connection failed (%d) %s\n",
+ rc, ldap_err2string(rc));
+ warned_get_conn = 1;
+ }
+ if (rc == LDAP_TIMELIMIT_EXCEEDED) {
+ cb_send_ldap_result(pb, rc, NULL, cnxerrbuf, 0, NULL);
+ } else {
+ cb_send_ldap_result(pb, LDAP_OPERATIONS_ERROR, NULL,
+ cnxerrbuf, 0, NULL);
}
- /* ping the farm. If the farm is unreachable, we increment the counter */
- cb_ping_farm(cb,NULL,0);
+ slapi_ch_free_string(&cnxerrbuf);
+ /* ping the farm.
+ * If the farm is unreachable, we increment the counter */
+ cb_ping_farm(cb, NULL, 0);
return 1;
}
@@ -358,17 +365,34 @@ chainingdb_build_candidate_list ( Slapi_PBlock *pb )
error_msg=NULL;
referrals=NULL;
serverctrls=NULL;
- parse_rc=ldap_parse_result(ld,res,&rc,&matched_msg,
+ parse_rc=ldap_parse_result(ld,res,&rc,&matched_msg,
&error_msg,&referrals, &serverctrls, 0 );
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result(pb,parse_rc,
- matched_msg,error_msg,0,NULL);
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc && error_msg) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, parse_rc, NULL,
+ ENDUSERMSG, 0, NULL );
rc=-1;
- } else
- if ( rc != LDAP_SUCCESS ) {
- slapi_ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg );
- cb_send_ldap_result( pb, rc, matched_msg,
- error_msg,0,NULL);
+ } else if ( rc != LDAP_SUCCESS ) {
+ static int warned_rc = 0;
+ if (!warned_rc) {
+ slapi_ldap_get_lderrno( ctx->ld,
+ &matched_msg, &error_msg );
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, NULL, ENDUSERMSG, 0, NULL);
/* BEWARE: matched_msg and error_msg points */
/* to ld fields. */
matched_msg=NULL;
@@ -689,25 +713,42 @@ chainingdb_next_search_entry ( Slapi_PBlock *pb )
case LDAP_RES_SEARCH_RESULT:
- /* Parse the final result received from the server. Note the last
- * argument is a non-zero value, which indicates that the
- * LDAPMessage structure will be freed when done.
+ /* Parse the final result received from the server. Note the last
+ * argument is a non-zero value, which indicates that the
+ * LDAPMessage structure will be freed when done.
*/
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_SET,NULL);
slapi_pblock_set( pb, SLAPI_SEARCH_RESULT_ENTRY,NULL);
- parse_rc = ldap_parse_result( ctx->ld, res,
+ parse_rc = ldap_parse_result( ctx->ld, res,
&rc,&matched_msg,&error_msg, &referrals, &serverctrls, 1 );
- if ( parse_rc != LDAP_SUCCESS ) {
- cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, matched_msg,
- ldap_err2string( parse_rc ), 0, NULL);
-
+ if ( parse_rc != LDAP_SUCCESS ) {
+ static int warned_parse_rc = 0;
+ if (!warned_parse_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ ldap_err2string( parse_rc ));
+ warned_parse_rc = 1;
+ }
+ cb_send_ldap_result( pb, LDAP_OPERATIONS_ERROR, NULL,
+ ENDUSERMSG, 0, NULL );
retcode=-1;
} else
if ( rc != LDAP_SUCCESS ) {
+ static int warned_rc = 0;
slapi_ldap_get_lderrno( ctx->ld, &matched_msg, &error_msg );
- cb_send_ldap_result( pb, rc, matched_msg, NULL, 0, NULL);
+ if (!warned_rc) {
+ slapi_log_error( SLAPI_LOG_FATAL, CB_PLUGIN_SUBSYSTEM,
+ "%s%s%s\n",
+ matched_msg?matched_msg:"",
+ (matched_msg&&(*matched_msg!='\0'))?": ":"",
+ error_msg );
+ warned_rc = 1;
+ }
+ cb_send_ldap_result( pb, rc, matched_msg, ENDUSERMSG, 0, NULL );
/* BEWARE: Don't free matched_msg && error_msg */
/* Points to the ld fields */
diff --git a/ldap/servers/slapd/pw.c b/ldap/servers/slapd/pw.c
index 22f818e..bcef4ff 100644
--- a/ldap/servers/slapd/pw.c
+++ b/ldap/servers/slapd/pw.c
@@ -457,7 +457,7 @@ pw_rever_decode(char *cipher, char **plain, const char * attr_name)
if ( pwsp->pws_dec != NULL )
{
/* check that the prefix of the cipher is the same name
- as the schema name */
+ as the scheme name */
prefixOK = checkPrefix(cipher, pwsp->pws_name, &encrypt);
if ( prefixOK == -1 )
{
@@ -468,7 +468,7 @@ pw_rever_decode(char *cipher, char **plain, const char * attr_name)
}
else if ( prefixOK == 1 )
{
- /* schema names are different */
+ /* scheme names are different */
ret_code = -1;
goto free_and_return;
}
More information about the 389-commits
mailing list