# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1268143881 0
# Node ID f3605f44da34bd90b4e2cb06384f694923013e70
# Parent d7ad0f363e97e685b42fdee3a60044b2473570e0
CA-38729: split {en,dis}able extauth exceptions to simplify translations in
xencenter
Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/OMakefile
--- a/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000
@@ -1,5 +1,5 @@
OTHER_CLIBS = -cclib -lpam
-OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../xapi
+OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../idl ../xapi
StaticCLibrary(auth_stubs, xa_auth xa_auth_stubs)
OCamlLibraryClib(pam, pam, auth_stubs)
@@ -9,7 +9,7 @@
OCAML_CLIBS += auth_stubs
OCamlProgram(testauth, testauth)
- OCamlProgram(testauthx, testauthx authx auth_signature)
+ OCamlProgram(testauthx, testauthx authx auth_signature
../idl/api_errors)
.PHONY: clean
clean:
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/auth_signature.ml
--- a/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000
@@ -22,8 +22,17 @@
*)
exception Auth_failure of string
-exception Auth_service_error of string
+type auth_service_error_tag =
E_GENERIC|E_LOOKUP|E_DENIED|E_CREDENTIALS|E_UNAVAILABLE
+exception Auth_service_error of auth_service_error_tag * string
exception Subject_cannot_be_resolved
+
+let suffix_of_tag errtag =
+ match errtag with
+ | E_GENERIC -> ""
+ | E_LOOKUP -> Api_errors.auth_suffix_domain_lookup_failed
+ | E_DENIED -> Api_errors.auth_suffix_permission_denied
+ | E_CREDENTIALS -> Api_errors.auth_suffix_wrong_credentials
+ | E_UNAVAILABLE -> Api_errors.auth_suffix_unavailable
(* required fields in subject.other_config *)
let subject_information_field_subject_name = "subject-name"
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/authx.ml
--- a/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000
@@ -45,7 +45,7 @@
with e -> begin
let errmsg = Printf.sprintf "[%s]: %s" debug_cmd
(Printexc.to_string e) in
debug "Error executing cmd %s" errmsg;
- raise (Auth_signature.Auth_service_error errmsg)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,errmsg))
end
in
let output_lines = Stringext.String.split '\n' output_str in
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/extauth_plugin_ADlikewise.ml
--- a/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000
@@ -116,7 +116,7 @@
with e -> begin
(* in_string is usually the password or other sensitive
param, so never write it to debug or exn *)
debug "Error writing to stdin for cmd %s: %s" debug_cmd
(ExnHelper.string_of_exn e);
- raise (Auth_signature.Auth_service_error
(ExnHelper.string_of_exn e))
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,ExnHelper.string_of_exn e))
end
end;
)
@@ -169,13 +169,13 @@
debug "Error likewise for cmd %s: %s" debug_cmd msg;
(* CA-27772: return user-friendly error messages when
Likewise crashes *)
let msg = user_friendly_error_msg in
- raise (Auth_signature.Auth_service_error msg)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,msg))
| e -> (* unknown error *)
begin
debug "Parse_likewise error for cmd %s: %s" debug_cmd
(ExnHelper.string_of_exn e);
(* CA-27772: return user-friendly error messages when
Likewise crashes *)
let msg = user_friendly_error_msg in
- raise (Auth_signature.Auth_service_error msg
(*(ExnHelper.string_of_exn e)*))
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,msg (*(ExnHelper.string_of_exn e)*)))
end
in
@@ -201,11 +201,11 @@
| 524326 (* error joining AD domain *)
| 524359 -> (* error joining AD domain *)
- raise
(Auth_signature.Auth_service_error errmsg)
+ raise
(Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg))
| 40118 (* lsass server not responding *)
| _ -> (* general Likewise error *)
- raise
(Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg))
+ raise
(Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,(Printf.sprintf
"(%i) %s" code errmsg)))
end
end
)
@@ -285,7 +285,7 @@
(* this should not have happend, likewise didn't return an SID
field!! *)
let msg = (Printf.sprintf "Likewise didn't return an SID field
for gid %s" gid) in
debug "Error likewise_get_sid_bygid for gid %s: %s" gid msg;
- raise (Auth_signature.Auth_service_error msg) (* general
Likewise error *)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,msg)) (* general Likewise error *)
end
let likewise_get_sid_byname _subject_name cmd =
@@ -298,7 +298,7 @@
(* this should not have happend, likewise didn't return an SID
field!! *)
let msg = (Printf.sprintf "Likewise didn't return an SID field
for user %s" subject_name) in
debug "Error likewise_get_sid_byname for subject name %s: %s"
subject_name msg;
- raise (Auth_signature.Auth_service_error msg) (* general
Likewise error *)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,msg)) (* general Likewise error *)
end
(* subject_id get_subject_identifier(string subject_name)
@@ -522,7 +522,7 @@
&& (List.mem_assoc "pass" config_params)
)
then begin
- raise (Auth_signature.Auth_service_error "enable requires two
config params: user and pass.")
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,"enable requires two config params: user and pass."))
end
else (* we have all the required parameters *)
@@ -539,7 +539,7 @@
let _domain = List.assoc "domain" config_params in
if service_name <> _domain
then
- raise (Auth_signature.Auth_service_error "if
present, config:domain must match service-name.")
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,"if present, config:domain must match service-name."))
else
service_name
end
@@ -562,7 +562,7 @@
begin
let errmsg = (Printf.sprintf "External authentication
server not available after %i query tests" max_tries) in
debug "%s" errmsg;
- raise (Auth_signature.Auth_service_error errmsg)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_UNAVAILABLE,errmsg))
end;
(* OK SUCCESS, likewise has joined the AD domain successfully *)
@@ -581,25 +581,25 @@
() (* OK, return unit*)
with (*ERROR, we didn't join the AD domain*)
- |Auth_signature.Auth_service_error errmsg ->
+ |Auth_signature.Auth_service_error (errtag,errmsg) as e ->
(*errors in stdout, let's bubble them up, making them as
user-friendly as possible *)
debug "Error enabling external authentication for domain %s and
user %s: %s" domain user errmsg;
if has_substr errmsg "0x9C56" (* The password is incorrect for
the given username *)
or has_substr errmsg "0x9C84" (* The user account is
invalid *)
then begin
- raise (Auth_signature.Auth_service_error "The username
or password is wrong.")
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_CREDENTIALS,"The username or password is wrong."))
end
else if has_substr errmsg "(0x5)" (* Unknown error *)
then begin (* this seems to be a
not-enough-permission-to-join-the-domain error *)
- raise (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to join the domain.")
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_DENIED,"Permission denied. The user has no rights to join the
domain or to modify the machine account in the Active Directory database."))
end
else if has_substr errmsg "0x9CAC" (* Failed to lookup the
domain controller for given domain. *)
or has_substr errmsg "0x251E" (* DNS_ERROR_BAD_PACKET *)
then begin (* this seems to be a wrong domain controller name
error... *)
- raise (Auth_signature.Auth_service_error "Failed to
lookup the domain controller for given domain.")
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_LOOKUP,"Failed to lookup the domain controller for given
domain."))
end
else begin (* general Likewise error *)
- raise (Auth_signature.Auth_service_error errmsg)
+ raise e
end
(* unit on_disable()
@@ -639,22 +639,22 @@
None (* no failure observed in likewise *)
with
- | Auth_signature.Auth_service_error errmsg ->
+ | Auth_signature.Auth_service_error (errtag,errmsg) as e ->
(* errors in stdout, let's bubble them up, making them as
user-friendly as possible *)
debug "Internal Likewise error when disabling external
authentication: %s" errmsg;
if has_substr errmsg "0x9C56" (* The password is incorrect for the given
username *)
or has_substr errmsg "0x9C84" (* The user account is invalid *)
then begin
- Some (Auth_signature.Auth_service_error "The username
or password is wrong.")
+ Some (Auth_signature.Auth_service_error
(Auth_signature.E_CREDENTIALS,"The username or password was wrong and did not
disable the machine account in the Active Directory database."))
end
else if has_substr errmsg "0x400A" (* Unkown error *)
or has_substr errmsg "(0xD)" (* ERROR_INVALID_DATA *)
then begin (* this seems to be a non-admin valid user error...
*)
- Some (Auth_signature.Auth_service_error "Permission
denied. The user has no administrator rights to disable the machine account in
the Active Directory database.")
+ Some (Auth_signature.Auth_service_error
(Auth_signature.E_DENIED,"Permission denied. The user has no rights to disable
the machine account in the Active Directory database."))
end
else begin (* general Likewise error *)
- Some (Auth_signature.Auth_service_error errmsg)
+ Some e
end
| e -> (* unexpected error disabling likewise *)
(
@@ -714,7 +714,7 @@
begin
let errmsg = (Printf.sprintf "External authentication server
not available after %i query tests" max_tries) in
debug "%s" errmsg;
- raise (Auth_signature.Auth_service_error errmsg)
+ raise (Auth_signature.Auth_service_error
(Auth_signature.E_GENERIC,errmsg))
end;
()
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/api_errors.ml
--- a/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000
@@ -342,11 +342,29 @@
let auth_already_enabled = "AUTH_ALREADY_ENABLED"
let auth_unknown_type = "AUTH_UNKNOWN_TYPE"
let auth_is_disabled = "AUTH_IS_DISABLED"
+let auth_suffix_wrong_credentials = "_WRONG_CREDENTIALS"
+let auth_suffix_permission_denied = "_PERMISSION_DENIED"
+let auth_suffix_domain_lookup_failed = "_DOMAIN_LOOKUP_FAILED"
+let auth_suffix_unavailable = "_UNAVAILABLE"
let auth_enable_failed = "AUTH_ENABLE_FAILED"
+let auth_enable_failed_wrong_credentials =
auth_enable_failed^auth_suffix_wrong_credentials
+let auth_enable_failed_permission_denied =
auth_enable_failed^auth_suffix_permission_denied
+let auth_enable_failed_domain_lookup_failed =
auth_enable_failed^auth_suffix_domain_lookup_failed
+let auth_enable_failed_unavailable = auth_enable_failed^auth_suffix_unavailable
let auth_disable_failed = "AUTH_DISABLE_FAILED"
+let auth_disable_failed_wrong_credentials =
auth_disable_failed^auth_suffix_wrong_credentials
+let auth_disable_failed_permission_denied =
auth_disable_failed^auth_suffix_permission_denied
let pool_auth_already_enabled = "POOL_AUTH_ALREADY_ENABLED"
-let pool_auth_enable_failed = "POOL_AUTH_ENABLE_FAILED"
-let pool_auth_disable_failed = "POOL_AUTH_DISABLE_FAILED"
+let pool_auth_prefix = "POOL_"
+let pool_auth_enable_failed = pool_auth_prefix^auth_enable_failed
+let pool_auth_enable_failed_wrong_credentials =
pool_auth_enable_failed^auth_suffix_wrong_credentials
+let pool_auth_enable_failed_permission_denied =
pool_auth_enable_failed^auth_suffix_permission_denied
+let pool_auth_enable_failed_domain_lookup_failed =
pool_auth_enable_failed^auth_suffix_domain_lookup_failed
+let pool_auth_enable_failed_unavailable =
pool_auth_enable_failed^auth_suffix_unavailable
+let pool_auth_enable_failed_duplicate_hostname =
pool_auth_enable_failed^"_DUPLICATE_HOSTNAME"
+let pool_auth_disable_failed = pool_auth_prefix^auth_disable_failed
+let pool_auth_disable_failed_wrong_credentials =
pool_auth_disable_failed^auth_suffix_wrong_credentials
+let pool_auth_disable_failed_permission_denied =
pool_auth_disable_failed^auth_suffix_permission_denied
let subject_cannot_be_resolved = "SUBJECT_CANNOT_BE_RESOLVED"
let auth_service_error = "AUTH_SERVICE_ERROR"
let subject_already_exists = "SUBJECT_ALREADY_EXISTS"
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/datamodel.ml
--- a/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000
@@ -537,6 +537,21 @@
~doc:"External authentication is disabled, unable to resolve subject
name." ();
error Api_errors.auth_enable_failed ["message"]
~doc:"The host failed to enable external authentication." ();
+ error Api_errors.auth_enable_failed_wrong_credentials ["message"]
+ ~doc:"The host failed to enable external authentication." ();
+ error Api_errors.auth_enable_failed_permission_denied ["message"]
+ ~doc:"The host failed to enable external authentication." ();
+ error Api_errors.auth_enable_failed_domain_lookup_failed ["message"]
+ ~doc:"The host failed to enable external authentication." ();
+ error Api_errors.auth_enable_failed_unavailable ["message"]
+ ~doc:"The host failed to enable external authentication." ();
+ error Api_errors.auth_disable_failed ["message"]
+ ~doc:"The host failed to disable external authentication." ();
+ error Api_errors.auth_disable_failed_wrong_credentials ["message"]
+ ~doc:"The host failed to disable external authentication." ();
+ error Api_errors.auth_disable_failed_permission_denied ["message"]
+ ~doc:"The host failed to disable external authentication." ();
+
(* Pool errors *)
error Api_errors.pool_joining_host_cannot_contain_shared_SRs []
@@ -567,7 +582,21 @@
~doc:"External authentication in this pool is already enabled for at least
one host." ();
error Api_errors.pool_auth_enable_failed ["host";"message"]
~doc:"The pool failed to enable external authentication." ();
+ error Api_errors.pool_auth_enable_failed_wrong_credentials ["host";"message"]
+ ~doc:"The pool failed to enable external authentication." ();
+ error Api_errors.pool_auth_enable_failed_permission_denied ["host";"message"]
+ ~doc:"The pool failed to enable external authentication." ();
+ error Api_errors.pool_auth_enable_failed_domain_lookup_failed
["host";"message"]
+ ~doc:"The pool failed to enable external authentication." ();
+ error Api_errors.pool_auth_enable_failed_unavailable ["host";"message"]
+ ~doc:"The pool failed to enable external authentication." ();
+ error Api_errors.pool_auth_enable_failed_duplicate_hostname
["host";"message"]
+ ~doc:"The pool failed to enable external authentication." ();
error Api_errors.pool_auth_disable_failed ["host";"message"]
+ ~doc:"The pool failed to disable the external authentication of at least
one host." ();
+ error Api_errors.pool_auth_disable_failed_wrong_credentials
["host";"message"]
+ ~doc:"The pool failed to disable the external authentication of at least
one host." ();
+ error Api_errors.pool_auth_disable_failed_permission_denied
["host";"message"]
~doc:"The pool failed to disable the external authentication of at least
one host." ();
(* External directory service *)
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi.ml
--- a/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000
@@ -680,7 +680,7 @@
", host_external_auth_service_name="^service_name^
", error="^ (match !last_error with None -> "timeout" | Some e
->
(match e with
- | Auth_signature.Auth_service_error errmsg -> errmsg (* this
is the expected error msg *)
+ | Auth_signature.Auth_service_error (errtag,errmsg) ->
errmsg (* this is the expected error msg *)
| e -> (ExnHelper.string_of_exn e) (* unknown error msg *)
))
);
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_auth.ml
--- a/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000
@@ -28,7 +28,7 @@
| Not_found
| Auth_signature.Subject_cannot_be_resolved ->
raise
(Api_errors.Server_error(Api_errors.subject_cannot_be_resolved, []))
- | Auth_signature.Auth_service_error msg ->
+ | Auth_signature.Auth_service_error (errtag,msg) ->
raise
(Api_errors.Server_error(Api_errors.auth_service_error, [msg]))
| e ->
raise
(Api_errors.Server_error(Api_errors.auth_service_error,
[ExnHelper.string_of_exn e]))
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_host.ml
--- a/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000
@@ -1079,12 +1079,12 @@
debug "Failed while enabling unknown external
authentication type %s for service name %s in host %s" msg service_name
host_name_label;
raise
(Api_errors.Server_error(Api_errors.auth_unknown_type, [msg]))
end
- | Auth_signature.Auth_service_error msg -> (* plugin returned
some error *)
+ | Auth_signature.Auth_service_error (errtag,msg) -> (* plugin
returned some error *)
(* we rollback to the original xapi
configuration *)
Db.Host.set_external_auth_type ~__context
~self:host ~value:current_auth_type;
Db.Host.set_external_auth_service_name
~__context ~self:host ~value:current_service_name;
debug "Failed while enabling external
authentication type %s for service name %s in host %s" msg service_name
host_name_label;
- raise
(Api_errors.Server_error(Api_errors.auth_enable_failed, [msg]))
+ raise
(Api_errors.Server_error(Api_errors.auth_enable_failed^(Auth_signature.suffix_of_tag
errtag), [msg]))
| e -> (* unknown failure, just-enabled plugin might be in an
inconsistent state *)
begin
(* we rollback to the original xapi
configuration *)
@@ -1130,10 +1130,10 @@
(Ext_auth.d()).on_disable config;
None (* OK, on_disable succeeded *)
with
- | Auth_signature.Auth_service_error msg as e ->
+ | Auth_signature.Auth_service_error (errtag,msg) as e ->
begin
debug "Failed while calling on_disable event of
external authentication plugin in host %s: %s" host_name_label msg;
- Some
(Api_errors.Server_error(Api_errors.auth_disable_failed, [msg]))
+ Some
(Api_errors.Server_error(Api_errors.auth_disable_failed^(Auth_signature.suffix_of_tag
errtag), [msg]))
end
| e -> (*absorb any exception*)
begin
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_pool.ml
--- a/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000
@@ -1089,7 +1089,7 @@
then begin
let errmsg = "At least two hosts in the pool have the same
hostname" in
debug "%s" errmsg;
- raise
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed,
+ raise
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed_duplicate_hostname,
[(Ref.string_of (List.hd hosts));errmsg]))
end
else
@@ -1152,10 +1152,10 @@
match err_of_e with
| "" -> (* generic unknown exception *)
raise
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of
failed_host);string_of_e]))
- | "AUTH_UNKNOWN_TYPE" ->
+ | err_of_e when err_of_e=Api_errors.auth_unknown_type ->
raise
(Api_errors.Server_error(Api_errors.auth_unknown_type, [msg_of_e]))
- | "AUTH_ENABLE_FAILED" ->
- raise
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of
failed_host);msg_of_e]))
+ | err_of_e when Stringext.String.startswith
Api_errors.auth_enable_failed err_of_e ->
+ raise
(Api_errors.Server_error(Api_errors.pool_auth_prefix^err_of_e, [(Ref.string_of
failed_host);msg_of_e]))
| _ -> (* Api_errors.Server_error *)
raise
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of
failed_host);string_of_e]))
end
@@ -1183,30 +1183,34 @@
try (* forward the call to the host in the pool *)
call_fn_on_host ~__context
(Client.Host.disable_external_auth ~config) host;
(* no failed host to add to the filtered list,
just visit next host *)
- (host,"")
+ (host,"","")
with
| Api_errors.Server_error (err,[host_msg]) as e -> begin
let msg = (Printf.sprintf "%s: %s"
(Db.Host.get_name_label ~__context
~self:host) host_msg) in
debug "Failed to disable the external
authentication of pool in host %s" msg;
(* no exception should be raised here, we want
to visit every host in hosts *)
- (host,msg)
+ (host,err,msg)
end
| e-> (* add failed host to the filtered list and visit
next host *)
let msg = (Printf.sprintf "%s: %s"
(Db.Host.get_name_label ~__context
~self:host) (ExnHelper.string_of_exn e)) in
debug "Failed to disable the external
authentication of pool in host %s" msg;
(* no exception should be raised here, we want
to visit every host in hosts *)
- (host,msg)
+ (host,"err",msg)
)
hosts
in
- let failedhosts_list = List.filter (fun (host,msg) -> msg<>"")
host_msgs_list in
+ let failedhosts_list = List.filter (fun (host,err,msg) -> err<>"")
host_msgs_list in
if (List.length failedhosts_list > 0)
then begin (* FAILED *)
- match List.hd failedhosts_list with (host,msg) ->
+ match List.hd failedhosts_list with (host,err,msg) ->
debug "Failed to disable the external authentication of at
least one host in the pool";
- raise
(Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of
host);msg]));
+ if Stringext.String.startswith Api_errors.auth_disable_failed
err
+ then (* tagged exception *)
+ raise
(Api_errors.Server_error(Api_errors.pool_auth_prefix^err, [(Ref.string_of
host);msg]))
+ else (* generic exception *)
+ raise
(Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of
host);msg]));
end
else begin (* OK *)
debug "The external authentication of all hosts in the pool was
disabled successfully";
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_session.ml
--- a/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000
@@ -430,7 +430,7 @@
(* subject info caching problems in
likewise) and closes the user's session *)
let subject_suspended = (try
is_subject_suspended
subject_identifier
- with (Auth_signature.Auth_service_error
msg) ->
+ with (Auth_signature.Auth_service_error
(errtag,msg)) ->
begin
debug "Failed to find
if user %s (subject_id %s, from %s) is suspended: %s" uname subject_identifier
(Context.get_origin __context) msg;
thread_delay_and_raise_error uname msg
@@ -457,7 +457,7 @@
debug "%s" msg;
thread_delay_and_raise_error uname msg
end
- |
Auth_signature.Auth_service_error msg ->
+ |
Auth_signature.Auth_service_error (errtag,msg) ->
begin
debug "Failed
to obtain the group membership closure for user %s (subject_id %s, from %s):
%s" uname subject_identifier (Context.get_origin __context) msg;
thread_delay_and_raise_error uname msg
@@ -536,7 +536,7 @@
thread_delay_and_raise_error uname msg
end
| Auth_signature.Auth_failure msg
- | Auth_signature.Auth_service_error msg
->
+ | Auth_signature.Auth_service_error
(_,msg) ->
begin
debug "A function
failed to catch this exception for user %s from %s during external
authentication: %s" uname (Context.get_origin __context) msg;
thread_delay_and_raise_error uname msg
11 files changed, 105 insertions(+), 45 deletions(-)
ocaml/auth/OMakefile | 4 +--
ocaml/auth/auth_signature.ml | 11 +++++++-
ocaml/auth/authx.ml | 2 -
ocaml/auth/extauth_plugin_ADlikewise.ml | 40 +++++++++++++++----------------
ocaml/idl/api_errors.ml | 22 +++++++++++++++--
ocaml/idl/datamodel.ml | 29 ++++++++++++++++++++++
ocaml/xapi/xapi.ml | 2 -
ocaml/xapi/xapi_auth.ml | 2 -
ocaml/xapi/xapi_host.ml | 8 +++---
ocaml/xapi/xapi_pool.ml | 24 ++++++++++--------
ocaml/xapi/xapi_session.ml | 6 ++--
xen-api.hg.patch
Description: Text Data
_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api
|
Home