# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1265113211 0
# Node ID b09202d1186e270b1713ecf5ebe0db7e109d305f
# Parent 77c307d01300ca1ca42325ce307d2688f5b0058c
CA-34857: add support for lw5.3 error codes
Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxx>
diff -r 77c307d01300 -r b09202d1186e ocaml/auth/extauth_plugin_ADlikewise.ml
--- a/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Feb 02 12:20:11 2010 +0000
+++ b/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Feb 02 12:20:11 2010 +0000
@@ -188,24 +188,24 @@
| Parse_likewise.Failure (code,errmsg) -> begin
debug "Likewise raised an error for cmd %s: (%i) %s"
debug_cmd code errmsg;
match code with
- | 32775 -> (* no such user *)
- raise Not_found
(*Subject_cannot_be_resolved*)
- | 32779 -> (* no such group *)
- raise Not_found
(*Subject_cannot_be_resolved*)
- | 32784 -> (* The authentication request could
not be handled *)
- raise (Auth_signature.Auth_failure
errmsg)
- | 32814 -> (* authentication failed *)
- raise (Auth_signature.Auth_failure
errmsg)
- | 32823 -> (* authentication failed: The user
account is disabled *)
- raise (Auth_signature.Auth_failure
errmsg)
- | 32838 -> (* no such user or group *)
- raise Not_found
(*Subject_cannot_be_resolved*)
+ | 40008 (* no such user *)
+ | 40012 (* no such group *)
+ | 40071 (* no such user, group or domain
object *)
+ -> raise Not_found
(*Subject_cannot_be_resolved*)
+
+ | 40047 (* empty password, The call to
kerberos 5 failed *)
+ | 40022 (* The password is incorrect for the
given username *)
+ | 40056 (* The user account is disabled *)
+ | 40017 (* The authentication request could
not be handled *)
+ -> raise (Auth_signature.Auth_failure
errmsg)
+
+ | 524326 (* error joining AD domain *)
| 524359 -> (* error joining AD domain *)
raise
(Auth_signature.Auth_service_error errmsg)
- | 32885 (* lsass server not responding *)
- | 32888 (* domain is offline (probably
/etc/resolv.conf doesn't point to AD's DNS server) *)
- | _ ->
- raise
(Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg)) (*
general Likewise error *)
+
+ | 40118 (* lsass server not responding *)
+ | _ -> (* general Likewise error *)
+ raise
(Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg))
end
end
)
@@ -313,7 +313,7 @@
(* looks up list of users*)
let subject_name = get_full_subject_name _subject_name in (*
append domain if necessary *)
likewise_get_sid_byname subject_name
"/opt/likewise/bin/lw-find-user-by-name"
- with Not_found ->
+ with _ ->
(* append domain if necessary, lw-find-group-by-name only
accepts nt-format names *)
let subject_name = get_full_subject_name ~use_nt_format:true
(convert_upn_to_nt_username _subject_name) in
(* looks up list of groups*)
@@ -581,43 +581,19 @@
() (* OK, return unit*)
with (*ERROR, we didn't join the AD domain*)
-
- (* 1. with wrong password: returns in STDOUT *)
- (* [root@localhost /]# domainjoin-cli --minimal join --ignore-pam
--ignore-ssh "xendt.net" "Administrator" "xenroot3"
- FAILURE
- 524359
- The call to Kerberos 5 failed
- *)
- (* 2. with wrong administrator name: returns in STDOUT *)
- (* [root@localhost /]# domainjoin-cli --minimal join --ignore-pam
--ignore-ssh "xendt.net" "Administrator3" "xenroot"
- FAILURE
- 524359
- The call to Kerberos 5 failed
- *)
- (* 3. with a non-administrator user: returns in STDOUT*)
- (* [root@localhost /]# domainjoin-cli --minimal join --ignore-pam
--ignore-ssh "xendt.net" "user1" "xenR00t"
- FAILURE
- 524359
- Permission denied
- *)
- (* 4. with wrong domain: retursn in STDOUT *)
- (* [root@localhost /]# domainjoin-cli --minimal join --ignore-pam
--ignore-ssh "xendt.net2" "Administrator" "xenroot"
- FAILURE
- 524359
- Failed to lookup the domain controller for given domain
- *)
|Auth_signature.Auth_service_error errmsg ->
(*errors in stdout, let's bubble them up, making them as
user-friendly as possible *)
debug "Error enabling external authentication for domain %s and
user %s: %s" domain user errmsg;
- if has_substr errmsg "The call to Kerberos 5 failed"
- then begin (* this seems to be a user/password wrong error... *)
+ if has_substr errmsg "0x9C56" (* The password is incorrect for
the given username *)
+ or has_substr errmsg "0x9C84" (* The user account is
invalid *)
+ then begin
raise (Auth_signature.Auth_service_error "The username
or password is wrong.")
- end
- else if has_substr errmsg "Permission denied"
- then begin (* this seems to be a non-admin user error... *)
- raise (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to join a domain.")
end
- else if has_substr errmsg "Failed to lookup the domain
controller for given domain"
+ else if has_substr errmsg "0x5 " (* Unknown error *)
+ then begin (* this seems to be a
not-enough-permission-to-join-the-domain error *)
+ raise (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to join the domain.")
+ end
+ else if has_substr errmsg "0x9CAC" (* Failed to lookup the
domain controller for given domain. *)
then begin (* this seems to be a wrong domain controller name
error... *)
raise (Auth_signature.Auth_service_error "Failed to
lookup the domain controller for given domain.")
end
@@ -665,15 +641,13 @@
| Auth_signature.Auth_service_error errmsg ->
(* errors in stdout, let's bubble them up, making them as
user-friendly as possible *)
debug "Internal Likewise error when disabling external
authentication: %s" errmsg;
- if has_substr errmsg "The call to Kerberos 5 failed"
- then begin (* this seems to be a user/password wrong error... *)
+
+ if has_substr errmsg "0x9C56" (* The password is incorrect for the given
username *)
+ or has_substr errmsg "0x9C84" (* The user account is invalid *)
+ then begin
Some (Auth_signature.Auth_service_error "The username
or password is wrong.")
- end
- else if has_substr errmsg "Permission denied"
- then begin (* this seems to be a non-admin invalid user
error... *)
- Some (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to disable the machine account in
the Active Directory database.")
end
- else if has_substr errmsg "code 400A"
+ else if has_substr errmsg "0x400A" (* Unkown error *)
then begin (* this seems to be a non-admin valid user error...
*)
Some (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to disable the machine account in
the Active Directory database.")
end
1 file changed, 30 insertions(+), 56 deletions(-)
ocaml/auth/extauth_plugin_ADlikewise.ml | 86 ++++++++++---------------------
xen-api.hg-3.patch
Description: Text Data
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
|
Home