DRILL-5873: (C++ Client) Improve SASL error reporting. This closes #992
Project: http://git-wip-us.apache.org/repos/asf/drill/repo Commit: http://git-wip-us.apache.org/repos/asf/drill/commit/d2e3dd95 Tree: http://git-wip-us.apache.org/repos/asf/drill/tree/d2e3dd95 Diff: http://git-wip-us.apache.org/repos/asf/drill/diff/d2e3dd95 Branch: refs/heads/master Commit: d2e3dd95a55ffadc0ac2f1e90c4ba6fd43346d8b Parents: a447dc5 Author: Parth Chandra <[email protected]> Authored: Fri Oct 13 11:00:31 2017 -0700 Committer: Parth Chandra <[email protected]> Committed: Fri Oct 20 16:52:34 2017 -0700 ---------------------------------------------------------------------- .../native/client/src/clientlib/drillClientImpl.cpp | 14 ++++++++++---- .../client/src/clientlib/saslAuthenticatorImpl.cpp | 13 +++++++++++++ .../client/src/clientlib/saslAuthenticatorImpl.hpp | 7 +++++++ contrib/native/client/src/clientlib/utils.cpp | 4 ++-- 4 files changed, 32 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/drill/blob/d2e3dd95/contrib/native/client/src/clientlib/drillClientImpl.cpp ---------------------------------------------------------------------- diff --git a/contrib/native/client/src/clientlib/drillClientImpl.cpp b/contrib/native/client/src/clientlib/drillClientImpl.cpp index 9fdd725..4a915a4 100644 --- a/contrib/native/client/src/clientlib/drillClientImpl.cpp +++ b/contrib/native/client/src/clientlib/drillClientImpl.cpp @@ -675,8 +675,11 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti // Check the negotiated SSF value and change the handlers. if(m_encryptionCtxt.isEncryptionReqd()) { if(SASL_OK != m_saslAuthenticator->verifyAndUpdateSaslProps()) { - logMsg << m_encryptionCtxt << "]. Negotiated Parameter is invalid." - << " Error: " << m_saslResultCode; + logMsg << m_encryptionCtxt + << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName() + << ", Error: " << m_saslResultCode + << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode); + logMsg << "]. Negotiated Parameter is invalid."; DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;) return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str()); } @@ -696,11 +699,14 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti m_io_service.reset(); return CONN_SUCCESS; } else { - logMsg << m_encryptionCtxt << ", Error: " << m_saslResultCode; + logMsg << m_encryptionCtxt + << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName() + << ", Error: " << m_saslResultCode + << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode); + logMsg << "]. Check connection parameters?"; DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;) // shuts down socket as well - logMsg << "]. Check connection parameters?"; return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str()); } } http://git-wip-us.apache.org/repos/asf/drill/blob/d2e3dd95/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp ---------------------------------------------------------------------- diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp index 9057a37..c03cb6c 100644 --- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp +++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp @@ -147,6 +147,7 @@ int SaslAuthenticatorImpl::init(const std::vector<std::string>& mechanisms, exec } // clientNeedsAuthentication() cannot be false if the code above picks an authMechanism assert (authMechanismToUse.empty() || DrillClientImpl::clientNeedsAuthentication(m_pUserProperties)); + m_authMechanismName = authMechanismToUse; if (authMechanismToUse.empty()) return SASL_NOMECH; // check if requested mechanism is supported by server @@ -318,5 +319,17 @@ int SaslAuthenticatorImpl::unwrap(const char* dataToUnWrap, const int& dataToUnW return sasl_decode(m_pConnection, dataToUnWrap, dataToUnWrapLen, output, &unWrappedLen); } +const char* SaslAuthenticatorImpl::getErrorMessage(int errorCode) { + switch (errorCode) { + case SASL_NOMECH: + return "No mechanism found that meets requested properties "; + default: + return sasl_errdetail(m_pConnection); + } +} + + const std::string &SaslAuthenticatorImpl::getAuthMechanismName() const { + return m_authMechanismName; + } } /* namespace Drill */ http://git-wip-us.apache.org/repos/asf/drill/blob/d2e3dd95/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp ---------------------------------------------------------------------- diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp index cc5bb17..bf61e9d 100644 --- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp +++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp @@ -55,6 +55,10 @@ public: int unwrap(const char* dataToUnWrap, const int& dataToUnWrapLen, const char** output, uint32_t& unWrappedLen); + const std::string &getAuthMechanismName() const; + + const char *getErrorMessage(int errorCode); + private: static const std::map<std::string, std::string> MECHANISM_MAPPING; @@ -67,11 +71,14 @@ private: std::string m_username; sasl_secret_t *m_ppwdSecret; EncryptionContext *m_pEncryptCtxt; + std::string m_authMechanismName; // used for debugging/error messages +private: static int passwordCallback(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret); static int userNameCallback(void *context, int id, const char **result, unsigned int *len); + void setSecurityProps() const; }; http://git-wip-us.apache.org/repos/asf/drill/blob/d2e3dd95/contrib/native/client/src/clientlib/utils.cpp ---------------------------------------------------------------------- diff --git a/contrib/native/client/src/clientlib/utils.cpp b/contrib/native/client/src/clientlib/utils.cpp index 137be65..ff9729c 100644 --- a/contrib/native/client/src/clientlib/utils.cpp +++ b/contrib/native/client/src/clientlib/utils.cpp @@ -156,8 +156,8 @@ void EncryptionContext::reset() { std::ostream& operator<<(std::ostream &contextStream, const EncryptionContext& context) { contextStream << " Encryption: " << (context.isEncryptionReqd() ? "enabled" : "disabled"); - contextStream << " ,MaxWrappedSize: " << context.getMaxWrappedSize(); - contextStream << " ,WrapSizeLimit: " << context.getWrapSizeLimit(); + contextStream << ", MaxWrappedSize: " << context.getMaxWrappedSize(); + contextStream << ", WrapSizeLimit: " << context.getWrapSizeLimit(); return contextStream; }
