[PATCH] Improved logging facility for ADS
Alexander Bokovoy
a.bokovoy at sam-solutions.net
Tue Dec 18 08:50:06 GMT 2001
Attached patch improves logging for ADS mode when GSS API errors
were returned and wrongly recognized as LDAP errors. This patch
improves situation by returning extended information and providing
a facility for resolving GSS API numeric errors to displayable strings.
Patch is against HEAD.
--
/ Alexander Bokovoy
$ cat /proc/identity >~/.signature
`Senior software developer and analyst for SaM-Solutions Ltd.`
---
Nov 21 20:58:58 alconost kernel: VFS: Busy inodes after unmount.
Self-destruct in 5 seconds. Have a nice day...
-------------- next part --------------
diff -ur samba-3.0/source/include/ads.h samba-ads/source/include/ads.h
--- samba-3.0/source/include/ads.h Mon Dec 10 16:53:10 2001
+++ samba-ads/source/include/ads.h Tue Dec 18 18:10:18 2001
@@ -17,6 +17,16 @@
char *user_name;
} ADS_STRUCT;
+typedef struct {
+ /* Type of error returned by ads_connect: */
+ /* True corresponds GSS API, False - LDAP */
+ int error_type;
+ /* For error_type = False rc describes LDAP error */
+ int rc;
+ /* For error_type = True rc and minor_status describe GSS API error */
+ /* Where rc represents major_status of GSS API error */
+ int minor_status;
+} ADS_RETURN_CODE;
/* time between reconnect attempts */
#define ADS_RECONNECT_TIME 5
diff -ur samba-3.0/source/libads/ads_struct.c samba-ads/source/libads/ads_struct.c
--- samba-3.0/source/libads/ads_struct.c Thu Dec 13 13:53:55 2001
+++ samba-ads/source/libads/ads_struct.c Tue Dec 18 18:18:46 2001
@@ -157,3 +157,29 @@
}
}
+
+static void ads_display_status_helper(char *m, OM_uint32 code, int type)
+{
+ int maj_stat, min_stat;
+ gss_buffer_desc msg;
+ int msg_ctx;
+
+ msg_ctx = 0;
+ while (1) {
+ maj_stat = gss_display_status(&min_stat, code,
+ type, GSS_C_NULL_OID,
+ &msg_ctx, &msg);
+ DEBUG(1, ("GSS-API error %s: %s\n", m,
+ (char *)msg.value));
+ (void) gss_release_buffer(&min_stat, &msg);
+
+ if (!msg_ctx)
+ break;
+ }
+}
+
+void ads_display_status(char * msg, int maj_stat,int min_stat)
+{
+ ads_display_status_helper(msg, maj_stat, GSS_C_GSS_CODE);
+ ads_display_status_helper(msg, min_stat, GSS_C_MECH_CODE);
+}
diff -ur samba-3.0/source/libads/ldap.c samba-ads/source/libads/ldap.c
--- samba-3.0/source/libads/ldap.c Tue Dec 18 11:31:30 2001
+++ samba-ads/source/libads/ldap.c Tue Dec 18 18:11:45 2001
@@ -38,20 +38,24 @@
/*
connect to the LDAP server
*/
-int ads_connect(ADS_STRUCT *ads)
+ADS_RETURN_CODE ads_connect(ADS_STRUCT *ads)
{
int version = LDAP_VERSION3;
- int rc;
+ ADS_RETURN_CODE rc;
+
+ rc.error_type = False;
ads->last_attempt = time(NULL);
ads->ld = ldap_open(ads->ldap_server, ads->ldap_port);
if (!ads->ld) {
- return LDAP_SERVER_DOWN;
+ rc.rc = LDAP_SERVER_DOWN;
+ return rc;
}
if (!ads_server_info(ads)) {
DEBUG(1,("Failed to get ldap server info\n"));
- return LDAP_SERVER_DOWN;
+ rc.rc = LDAP_SERVER_DOWN;
+ return rc;
}
ldap_set_option(ads->ld, LDAP_OPT_PROTOCOL_VERSION, &version);
diff -ur samba-3.0/source/libads/sasl.c samba-ads/source/libads/sasl.c
--- samba-3.0/source/libads/sasl.c Sat Dec 8 13:18:56 2001
+++ samba-ads/source/libads/sasl.c Tue Dec 18 18:25:39 2001
@@ -53,9 +53,9 @@
this routine is much less fragile
see RFC2078 for details
*/
-int ads_sasl_gssapi_bind(ADS_STRUCT *ads)
+ADS_RETURN_CODE ads_sasl_gssapi_bind(ADS_STRUCT *ads)
{
- int rc, minor_status;
+ int minor_status;
gss_name_t serv_name;
gss_buffer_desc input_name;
gss_ctx_id_t context_handle;
@@ -69,13 +69,15 @@
uint8 *p;
uint32 max_msg_size;
char *sname;
+ ADS_RETURN_CODE rc;
asprintf(&sname, "ldap@%s.%s", ads->ldap_server_name, ads->realm);
input_name.value = sname;
input_name.length = strlen(input_name.value);
- rc = gss_import_name(&minor_status,&input_name,gss_nt_service_name, &serv_name);
+ rc.rc = gss_import_name(&minor_status,&input_name,gss_nt_service_name, &serv_name);
+ rc.error_type = False;
free(sname);
@@ -103,12 +105,17 @@
gss_release_buffer(&minor_status, &input_token);
}
- if (gss_rc && gss_rc != GSS_S_CONTINUE_NEEDED) goto failed;
+ if (gss_rc && gss_rc != GSS_S_CONTINUE_NEEDED) {
+ rc.minor_status = minor_status;
+ rc.rc = gss_rc;
+ rc.error_type = True;
+ goto failed;
+ }
cred.bv_val = output_token.value;
cred.bv_len = output_token.length;
- rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL,
+ rc.rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL,
&scred);
if (output_token.value) {
@@ -152,7 +159,7 @@
output_token.length = strlen(ads->bind_path) + 8;
- gss_rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
+ rc.rc = gss_wrap(&minor_status, context_handle,0,GSS_C_QOP_DEFAULT,
&output_token, &conf_state,
&input_token);
@@ -161,22 +168,24 @@
cred.bv_val = input_token.value;
cred.bv_len = input_token.length;
- rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL,
+ rc.rc = ldap_sasl_bind_s(ads->ld, NULL, "GSSAPI", &cred, NULL, NULL,
&scred);
gss_release_buffer(&minor_status, &input_token);
- return rc;
failed:
- return gss_rc;
+ return rc;
}
-int ads_sasl_bind(ADS_STRUCT *ads)
+ADS_RETURN_CODE ads_sasl_bind(ADS_STRUCT *ads)
{
#if USE_CYRUS_SASL
- return ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL,
+ ADS_RETURN_CODE rc;
+ rc.error_type = False;
+ rc.rc = ldap_sasl_interactive_bind_s(ads->ld, NULL, NULL, NULL, NULL,
LDAP_SASL_QUIET,
sasl_interact, NULL);
+ return rc;
#else
return ads_sasl_gssapi_bind(ads);
#endif
diff -ur samba-3.0/source/nsswitch/winbindd_ads.c samba-ads/source/nsswitch/winbindd_ads.c
--- samba-3.0/source/nsswitch/winbindd_ads.c Wed Dec 12 11:41:50 2001
+++ samba-ads/source/nsswitch/winbindd_ads.c Tue Dec 18 18:30:31 2001
@@ -33,7 +33,8 @@
const char *exp,
const char **attrs, void **res)
{
- int rc = -1, rc2;
+ int rc = -1;
+ ADS_RETURN_CODE rc2;
int count = 3;
if (!ads->ld &&
@@ -59,9 +60,15 @@
}
ads->ld = NULL;
rc2 = ads_connect(ads);
- if (rc2) {
- DEBUG(1,("ads_search_retry: failed to reconnect (%s)\n", ads_errstr(rc)));
- return rc2;
+ if (rc2.rc) {
+ DEBUG(1,("ads_search_retry: failed to reconnect:\n"));
+ if(rc2.error_type)
+ ads_display_status("", rc2.rc, rc2.minor_status);
+ else
+ DEBUG(1,("LDAP error: %s\n", ads_errstr(rc2.rc)));
+
+ ads_destroy(&ads);
+ return rc2.rc;
}
}
DEBUG(1,("ads reopen failed after error %s\n", ads_errstr(rc)));
@@ -92,7 +99,7 @@
static ADS_STRUCT *ads_cached_connection(struct winbindd_domain *domain)
{
ADS_STRUCT *ads;
- int rc;
+ ADS_RETURN_CODE rc;
char *ccache;
if (domain->private) {
@@ -115,8 +122,13 @@
ads->password = secrets_fetch_machine_password();
rc = ads_connect(ads);
- if (rc) {
- DEBUG(1,("ads_connect for domain %s failed: %s\n", domain->name, ads_errstr(rc)));
+ if (rc.rc) {
+ DEBUG(1,("ads_connect for domain %s failed:\n", domain->name));
+ if(rc.error_type)
+ ads_display_status("", rc.rc, rc.minor_status);
+ else
+ DEBUG(1,("LDAP error: %s\n", ads_errstr(rc.rc)));
+
ads_destroy(&ads);
return NULL;
}
diff -ur samba-3.0/source/script/mkproto.awk samba-ads/source/script/mkproto.awk
--- samba-3.0/source/script/mkproto.awk Thu Nov 29 14:05:10 2001
+++ samba-ads/source/script/mkproto.awk Tue Dec 18 18:24:25 2001
@@ -122,7 +122,7 @@
gotstart = 1;
}
- if( $0 ~ /^ADS_STRUCT|^DATA_BLOB|^ASN1_DATA|^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
+ if( $0 ~ /^ADS_STRUCT|^ADS_RETURN_CODE|^DATA_BLOB|^ASN1_DATA|^TDB_CONTEXT|^TDB_DATA|^smb_ucs2_t|^TALLOC_CTX|^hash_element|^NT_DEVICEMODE|^enum.*\(|^NT_USER_TOKEN|^SAM_ACCOUNT/ ) {
gotstart = 1;
}
diff -ur samba-3.0/source/utils/net_ads.c samba-ads/source/utils/net_ads.c
--- samba-3.0/source/utils/net_ads.c Tue Dec 18 11:32:32 2001
+++ samba-ads/source/utils/net_ads.c Tue Dec 18 18:30:49 2001
@@ -68,7 +68,7 @@
static ADS_STRUCT *ads_startup(void)
{
ADS_STRUCT *ads;
- int rc;
+ ADS_RETURN_CODE rc;
extern char *opt_password;
extern char *opt_user_name;
@@ -88,8 +88,11 @@
ads->user_name = strdup(opt_user_name);
rc = ads_connect(ads);
- if (rc) {
- d_printf("ads_connect: %s\n", ads_errstr(rc));
+ if (rc.rc) {
+ if(rc.error_type)
+ ads_display_status("ads_connect", rc.rc, rc.minor_status);
+ else
+ d_printf("ads_connect: %s\n", ads_errstr(rc.rc));
return NULL;
}
return ads;
More information about the samba-technical
mailing list