[TRAFODION-1794]: Log authentication Information

Added code to log LDAP connection errors into the associated log4cxx file.
For authentications that occur in mxosrvr, events are logged into the master
executor log.  For standalone utilities such as ldapcheck, events are logged
into a separate file with names: dbsecurity_<hostname>_<pid>.log.

This code was donated to the Trafodion team and it originally logged events
into a repository table and/or a stdout log.  This change will log
authentication details into the standard log4cxx logs.  Session information is
being logged into repository tables which describe connection attributes but
detailed LDAP errors will be only put in the logs.

The ldapcheck utility has been instrumented to log errors in the logs directory
previously, errors were not logged.  This will be needed when TRAFODION-1787
is implemented.

The files authEvent.h and authEvents.cpp replace existing files called
ld_globals.h and ld_port.cpp.


Project: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-trafodion/commit/7bab8387
Tree: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/tree/7bab8387
Diff: http://git-wip-us.apache.org/repos/asf/incubator-trafodion/diff/7bab8387

Branch: refs/heads/master
Commit: 7bab83873b519ec8be7d4ce67a2aea74889c6081
Parents: 057ae46
Author: Roberta Marton <rmarton@edev07.esgyn.local>
Authored: Wed Sep 14 17:24:55 2016 +0000
Committer: Roberta Marton <rmarton@edev07.esgyn.local>
Committed: Wed Sep 14 17:24:55 2016 +0000

----------------------------------------------------------------------
 core/dbsecurity/auth/Makefile                   |  22 +-
 core/dbsecurity/auth/depend.mk                  |   8 +-
 core/dbsecurity/auth/inc/auth.h                 |  11 +
 core/dbsecurity/auth/inc/authEvents.h           |  89 +++++
 core/dbsecurity/auth/inc/ld_globals.h           |  48 ---
 core/dbsecurity/auth/src/authEvents.cpp         | 134 ++++++++
 core/dbsecurity/auth/src/dbUserAuth.cpp         | 333 ++++++++++++-------
 core/dbsecurity/auth/src/ld_port.cpp            | 201 -----------
 core/dbsecurity/auth/src/ldapcheck.cpp          | 228 ++++---------
 core/dbsecurity/auth/src/ldapconfignode.cpp     | 195 ++++++-----
 core/dbsecurity/macros.gmk                      |   8 +-
 core/sqf/conf/log4cxx.trafodion.auth.config     |  49 +++
 .../export/include/common/evl_sqlog_eventnum.h  |   3 +-
 13 files changed, 678 insertions(+), 651 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/Makefile
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/Makefile b/core/dbsecurity/auth/Makefile
index f916a94..acb26f6 100644
--- a/core/dbsecurity/auth/Makefile
+++ b/core/dbsecurity/auth/Makefile
@@ -27,6 +27,7 @@ include $(MY_SQROOT)/macros.gmk #top level
 include ../macros.gmk
 
 #OUTDIR        = .
+
 RM     = /bin/rm
 CP     = /bin/cp
 DBG_FLAGS      = $(DBG_FLGS)  
@@ -37,8 +38,10 @@ all: $(LIBEXPDIR)/libsqauth.so $(BINEXPDIR)/ldapconfigcheck 
$(BINEXPDIR)/ldapche
 #Source files required to build the library
 
 OBJS   = $(OUTDIR)/dbUserAuth.o \
-         $(OUTDIR)/ldapconfignode.o $(OUTDIR)/ld_port.o \
+         $(OUTDIR)/ldapconfignode.o \
+         $(OUTDIR)/authEvents.o \
          $(OUTDIR)/ldapconfigfile.o  \
+         $(OUTDIR)/CommonLogger.o  \
          $(OUTDIR)/token.o  \
          $(OUTDIR)/tokenkey.o \
          $(OUTDIR)/verssqauth.o
@@ -50,16 +53,10 @@ OBJS2       = \
 
 OBJS3  = \
          $(OUTDIR)/ldapconfignode.o \
+         $(OUTDIR)/authEvents.o \
          $(OUTDIR)/versldapcheck.o \
          $(OUTDIR)/ldapcheck.o \
-         $(OUTDIR)/ldapconfigfile.o  
-
-OBJS4  = \
-         $(OUTDIR)/ldapconfignode.o \
-         $(OUTDIR)/dbUserAuth.o \
-         $(OUTDIR)/dbuserauthcheck.o \
-         $(OUTDIR)/token.o  \
-         $(OUTDIR)/tokenkey.o \
+         $(OUTDIR)/CommonLogger.o  \
          $(OUTDIR)/ldapconfigfile.o  
 
 
@@ -70,10 +67,11 @@ INCLUDES    = -I. -I./inc -I ../shared/inc \
                -I $(MY_SQROOT)/../sql/export \
                -I $(MY_SQROOT)/../sql/porting_layer \
                -I $(MY_SQROOT)/export/include \
+               -I $(MY_SQROOT)/commonLogger \
                -I ../../sql/common
 
 
-LINK_OPTIONS   = -L$(LIBEXPDIR) -lldap -lssl -llber
+LINK_OPTIONS   = -L$(LIBEXPDIR) -lldap -lssl -llber -llog4cxx
 LINK_OPTIONS   += $(LNK_FLGS) 
 
 COMMON_LIBS =  -ltdm_sqlcli -larkcmp_dll  
@@ -93,9 +91,6 @@ $(BINEXPDIR)/ldapconfigcheck: $(OBJS2)
 $(BINEXPDIR)/ldapcheck:        $(OBJS3)
        $(CXX) -fPIC $(DBG_FLAGS) $(GCCMODEXX) -o $@ $(INCLUDES) 
$(LINK_OPTIONS) $(OBJS3)
 
-$(BINEXPDIR)/dbuserauthcheck:  $(OBJS4)
-       $(CXX) -fPIC $(DBG_FLAGS) $(GCCMODEXX) -o $@ $(INCLUDES) 
$(LINK_OPTIONS) $(COMMON_LIBS) $(OBJS4)
-
 
 
 clean:
@@ -105,7 +100,6 @@ clean:
        $(RM) -f  $(LIBEXPDIR)/libsqauth.so
        $(RM) -f  $(INCEXPDIR)/dbUserAuth.h 
        $(RM) -f  $(INCEXPDIR)/auth.h 
-       $(RM) -f  $(BINEXPDIR)/dbuserauthcheck
        $(RM) -f  $(BINEXPDIR)/ldapcheck
        $(RM) -f  $(BINEXPDIR)/ldapconfigcheck
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/depend.mk
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/depend.mk b/core/dbsecurity/auth/depend.mk
index cc9d766..8657c33 100644
--- a/core/dbsecurity/auth/depend.mk
+++ b/core/dbsecurity/auth/depend.mk
@@ -38,12 +38,14 @@ $(OUTDIR)/dbUserAuth.o: inc/auth.h
 $(OUTDIR)/dbUserAuth.o: inc/token.h
 $(OUTDIR)/dbUserAuth.o: inc/tokenkey.h
 $(OUTDIR)/dbUserAuth.o: inc/ldapconfignode.h
-$(OUTDIR)/dbUserAuth.o: inc/ld_globals.h
+$(OUTDIR)/dbUserAuth.o: inc/authEvents.h
 
 $(OUTDIR)/ldapconfignode.o: inc/ldapconfignode.h
-$(OUTDIR)/ldapconfignode.o: inc/ld_globals.h
+$(OUTDIR)/ldapconfignode.o: inc/authEvents.h
 
-$(OUTDIR)/ld_port.o: inc/ld_globals.h
+$(OUTDIR)/authEvents.o: inc/authEvents.h
+
+$(OUTDIR)/ldapcheck.o: inc/authEvents.h
 
 $(OUTDIR)/token.o: inc/token.h
 $(OUTDIR)/token.o: inc/tokenkey.h

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/inc/auth.h
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/inc/auth.h b/core/dbsecurity/auth/inc/auth.h
index 2b51371..68d9b42 100644
--- a/core/dbsecurity/auth/inc/auth.h
+++ b/core/dbsecurity/auth/inc/auth.h
@@ -49,6 +49,17 @@ enum UA_Status{
    UA_STATUS_PARAM5 = 5
 };
 
+enum AUTH_OUTCOME{
+  AUTH_OK = 0,
+  AUTH_NOT_REGISTERED = 1,
+  AUTH_MD_NOT_AVAILABLE = 2,
+  AUTH_USER_INVALID = 3,
+  AUTH_TYPE_INCORRECT = 4,
+  AUTH_NO_PASSWORD = 5,
+  AUTH_REJECTED = 6,
+  AUTH_FAILED = 7
+};
+
 // Define a struct to populate the fields needed by authentication audit
 
 typedef struct client_info

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/inc/authEvents.h
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/inc/authEvents.h 
b/core/dbsecurity/auth/inc/authEvents.h
new file mode 100644
index 0000000..8c4cefa
--- /dev/null
+++ b/core/dbsecurity/auth/inc/authEvents.h
@@ -0,0 +1,89 @@
+//******************************************************************************
+// @@@ START COPYRIGHT @@@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+// @@@ END COPYRIGHT @@@
+//******************************************************************************
+#ifndef INCLUDE_AUTHEVENT_H
+#define INCLUDE_AUTHEVENT_H  1
+#include "common/evl_sqlog_eventnum.h"
+#include "CommonLogger.h"
+#include <string>
+#include <vector>
+
+// From a web search, the log message max length is a bit over 8000 bytes.
+// For DBSecurity don't believe any messages will be more than 1M
+#define MAX_EVENT_MSG_SIZE 1024
+
+// The ported code had the caller sending in the filename and line number
+// for certain events.  This has not been implemented at this time.
+struct AuthEvent
+{
+  DB_SECURITY_EVENTID eventID_;
+  std::string         eventText_;
+  logLevel            severity_;
+  std::string         filename_;
+  int32_t             lineNumber_;
+  std::string         callerName_;
+
+  AuthEvent ()
+  : eventID_ (DBS_GENERIC_ERROR),
+    severity_ (LL_INFO),
+    lineNumber_ (0),
+    callerName_ ("??")
+  {}
+
+  AuthEvent (
+    DB_SECURITY_EVENTID eventID,
+    std::string         eventText,
+    logLevel            severity)
+  : eventID_ (eventID),
+    eventText_ (eventText),
+    severity_ (severity),
+    lineNumber_(0),
+    callerName_ ("??")
+  {}
+
+  DB_SECURITY_EVENTID getEventID () { return eventID_; }
+  logLevel getSeverity() { return severity_; }
+  int32_t getLineNum() { return lineNumber_; }
+  std::string getEventText() { return eventText_; }
+  std::string getFilename() { return filename_; }
+  std::string getCallerName() { return callerName_; }
+
+  void setCallerName (std::string callerName) { callerName_ = callerName; }
+  void setLineNumber(int32_t lineNumber) { lineNumber_ = lineNumber; }
+  void setFilename(std::string filename) { filename_ = filename; }
+
+  static std::string formatEventText( const char * eventText );
+
+  void logAuthEvent ();
+
+};
+
+extern std::vector<AuthEvent> authEvents;
+
+void authInitEventLog();
+
+void insertAuthEvent(
+  DB_SECURITY_EVENTID eventID,
+  const char * eventText,
+  logLevel severity);
+
+#endif 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/inc/ld_globals.h
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/inc/ld_globals.h 
b/core/dbsecurity/auth/inc/ld_globals.h
deleted file mode 100644
index 4bd5a22..0000000
--- a/core/dbsecurity/auth/inc/ld_globals.h
+++ /dev/null
@@ -1,48 +0,0 @@
-//******************************************************************************
-// @@@ START COPYRIGHT @@@
-//
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-//
-// @@@ END COPYRIGHT @@@
-//******************************************************************************
-#ifndef INCLUDE_LD_GLOBALS_H
-#define INCLUDE_LD_GLOBALS_H  1
-#include "common/evl_sqlog_eventnum.h"
-#include <string>
-
-struct AuthEvents
-{
-DB_SECURITY_EVENTID eventID;
-std::string         eventText;
-std::string         filename;
-int32_t             lineNumber;
-};
-
-void clearAuthEvents();
-
-size_t getAuthEventCount();
-
-const AuthEvents & getAuthEvent(size_t index);
-
-void logAuthEvent(
-   DB_SECURITY_EVENTID eventID,
-   const char *        msg,
-   const std::string & file_name, 
-   int32_t             line_number); 
-
-#endif 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/src/authEvents.cpp
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/src/authEvents.cpp 
b/core/dbsecurity/auth/src/authEvents.cpp
new file mode 100644
index 0000000..19cd90c
--- /dev/null
+++ b/core/dbsecurity/auth/src/authEvents.cpp
@@ -0,0 +1,134 @@
+// @@@ START COPYRIGHT @@@
+//
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+//
+// @@@ END COPYRIGHT @@@
+
+#include "authEvents.h"
+#include <sys/time.h>
+#include <str.h>
+#include <unistd.h> 
+#include <stdio.h>
+#include <iostream>
+#include "seabed/ms.h"
+#include "seabed/fserr.h"
+
+static std::string AUTH_COMPONENT = "DBSECURITY";
+std::vector<AuthEvent> authEvents;
+
+// ****************************************************************************
+// function: insertAuthEvent
+//
+// This function inserts an AuthEvent into the current list of authEvents
+//
+// DB_SECUITY_EVENTID - is the event ID to insert 
+//    see: $MY_SQROOT/log4cxx.trafodion.auth.config/evl_sqlog_eventnum.h
+// eventText - text to insert
+// severity - severity of the event
+// ****************************************************************************
+void insertAuthEvent(
+  DB_SECURITY_EVENTID eventID,
+  const char * eventText,
+  logLevel severity)
+{
+  AuthEvent authEvent(eventID,
+                      AuthEvent::formatEventText(eventText),
+                      severity);
+  authEvents.push_back(authEvent);
+}
+
+// ****************************************************************************
+// function authInitEventLog()
+//
+// This function create a new log in $MY_SQROOT/logs directory with the 
+// following name dbsecurity_<host>_<pid>.log
+//
+// It is called for standalone executables (e.g. ldapcheck) to log issues
+// When users are authenticated during client authentication (mxosrvr), it
+//   is assumed that the event log has already been initialized.
+//
+// ****************************************************************************
+void authInitEventLog()
+{
+  // Log4cxx logging
+  int my_nid = 1;
+
+  // get my pid
+  my_nid = getpid();
+  char my_hostname[HOST_NAME_MAX+1];
+  Int32  result;
+
+  // who am I?
+  if (gethostname(my_hostname,HOST_NAME_MAX) != 0)
+    strcpy(my_hostname, "unknown");
+
+  int log_name_suffix_len = strlen(my_hostname) + 32;
+  char log_name_suffix[log_name_suffix_len];
+  snprintf( log_name_suffix, log_name_suffix_len, "_%s_%d.log", my_hostname, 
my_nid );
+  
CommonLogger::instance().initLog4cxx("log4cxx.trafodion.auth.config",log_name_suffix);
+}
+
+// ****************************************************************************
+// method: AuthEvent::formatEventText
+//
+// This method formats event text into a message that can be added to the 
+//   cxx log.
+//
+//  eventText - the text to be logged
+// ****************************************************************************
+std::string AuthEvent::formatEventText( const char * eventText )
+{
+  // Format the timestamp
+   char tbuff[24] = {0};
+   struct tm *stm;
+
+   time_t now = time(0);
+   stm = gmtime(&now);
+   strftime(tbuff, sizeof(tbuff), "%Y-%m-%d %H:%M:%S %Z", stm);
+
+   // Format the event message, with the timestamp at the beginning.
+   char eventMessage[MAX_EVENT_MSG_SIZE];
+   snprintf(eventMessage, MAX_EVENT_MSG_SIZE, "%s (pid=%d) %s", tbuff, 
getpid(), eventText);
+
+   std::string newMessage(eventMessage);
+   return newMessage;
+}
+
+// ****************************************************************************
+// method: AuthEvent::logAuthEvent
+//
+// This method writes the AuthEvent to the cxx log
+//
+// ****************************************************************************
+void AuthEvent::logAuthEvent()
+{
+    int my_nid = 0; //gethostid()? 
+    int my_pid = getpid();
+    int my_cpu = 0;
+  
+    // Log4cxx logging
+    char buf[MAX_EVENT_MSG_SIZE];
+    snprintf(buf, MAX_EVENT_MSG_SIZE, "Node Number: %u, CPU: %u, PIN: %u ,,,, 
Message: %s", 
+            my_nid, my_cpu, my_pid, eventText_.c_str());
+    
+    // strip off final new line before logging
+    int32_t lastPos = strlen(buf) -1;
+    if (buf [lastPos] == '\n')
+      buf[lastPos] = '.';
+    CommonLogger::log(AUTH_COMPONENT, severity_, buf);
+} 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/src/dbUserAuth.cpp
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/src/dbUserAuth.cpp 
b/core/dbsecurity/auth/src/dbUserAuth.cpp
index cf021f5..3ab2dbe 100644
--- a/core/dbsecurity/auth/src/dbUserAuth.cpp
+++ b/core/dbsecurity/auth/src/dbUserAuth.cpp
@@ -48,7 +48,7 @@
 #include <sys/resource.h>
 #endif
 
-#include "ld_globals.h"
+#include "authEvents.h"
 #include "ldapconfignode.h"
 
 #include "common/evl_sqlog_eventnum.h"
@@ -102,7 +102,6 @@ static LDAuthStatus executeLDAPAuthentication(
    const char *                    username,
    const char *                    password,
    LDAPConfigNode::LDAPConfigType  configType,
-   bool &                          errorsLogged,
    PERFORMANCE_INFO &              performanceInfo);
 
 inline static const UserCacheContents * fetchFromCacheByUsername(const char * 
username);
@@ -124,14 +123,14 @@ static int32_t fetchFromAUTHSTable(
    int64_t        & redefTime);
  
 
-static void logAuthenticationErrors(int nodeID);
+static void logAuthenticationErrors();
 
 static void logAuthenticationOutcome(
    const string   & external_user_name,
    const string   & internal_user_name,
    const int32_t    user_id,
    ClientContents & clientInfo,
-   const string   & outcome);
+   const AUTH_OUTCOME    outcome);
                                     
 static void logAuthenticationRetries(
    int          nodeID,
@@ -1072,19 +1071,21 @@ static void authenticateUser(
 
    self.bb.isAuthenticated = false;
 
-long retCode;
-bool isValid;
-AuthConfigType authType;
-USERS_INFO usersInfo;
+   long retCode;
+   bool isValid;
+   AuthConfigType authType;
+   USERS_INFO usersInfo;
 
-//
-// First step; is the user registered.  If not, no sense bothering the
-// LDAP server.
-//
+   char eventMsg[MAX_EVENT_MSG_SIZE];
+   
+   //
+   // First step; is the user registered.  If not, no sense bothering the
+   // LDAP server.
+   //
    memset(usersInfo.databaseUsername,' ',sizeof(usersInfo.databaseUsername));
    strcpy(usersInfo.externalUsername,externalUsername);
    
-int64_t startTime = JULIANTIMESTAMP();
+   int64_t startTime = JULIANTIMESTAMP();
 
    retCode = fetchFromAUTHSTable(externalUsername,usersInfo.databaseUsername,
                                  usersInfo.sessionUserID,isValid,
@@ -1093,13 +1094,13 @@ int64_t startTime = JULIANTIMESTAMP();
    performanceInfo.sqlUserTime = JULIANTIMESTAMP() - startTime;
    if (retCode != 0)
    {
-// LCOV_EXCL_START
       authenticationInfo.error = self.bb.error = ZFIL_ERR_SECVIOL;
       // Error 100 (NOT FOUND) means user isn't a registered SQ user.
       // For now this is an error, in the future there could be an
       // option to auto-register users.
       if (retCode == 100)
          self.bb.errorDetail = UA_STATUS_ERR_INVALID;
+
       else//ACH Should we log other SQL errors here?
          self.bb.errorDetail = UA_STATUS_ERR_SYSTEM;
 
@@ -1107,17 +1108,16 @@ int64_t startTime = JULIANTIMESTAMP();
       
       logAuthenticationOutcome(usersInfo.externalUsername,
                                usersInfo.databaseUsername,
-                               usersInfo.sessionUserID,clientInfo,"F ");
+                               usersInfo.sessionUserID,clientInfo,
+                               (retCode = 100) ? AUTH_NOT_REGISTERED : 
AUTH_MD_NOT_AVAILABLE);
       return;
-// LCOV_EXCL_STOP
    }
 
-//
-// User is registered, but is the account still valid?  Users can be
-// marked offline by ALTER USER command or possibly in the future when
-// we detect a registered user is no longer defined on the directory server.
-//
-
+   //
+   // User is registered, but is the account still valid?  Users can be
+   // marked offline by ALTER USER command or possibly in the future when
+   // we detect a registered user is no longer defined on the directory server.
+   //
    if (!isValid)
    {
       authenticationInfo.error = self.bb.error = ZFIL_ERR_SECVIOL;
@@ -1125,15 +1125,15 @@ int64_t startTime = JULIANTIMESTAMP();
 
       logAuthenticationOutcome(usersInfo.externalUsername,
                                usersInfo.databaseUsername,
-                               usersInfo.sessionUserID,clientInfo,"F ");
+                               
usersInfo.sessionUserID,clientInfo,AUTH_USER_INVALID);
       return;
    }
    
-//
-// User is registered and valid, but is the authentication type recognized?  
-// If not, reject the authentication.
-//
-//ACH not in metadata currently.
+   //
+   // User is registered and valid, but is the authentication type recognized? 
 
+   // If not, reject the authentication.
+   //
+   //ACH not in metadata currently.
 /*
    if (authType == AuthUnknownConfiguration)
    {
@@ -1142,13 +1142,13 @@ int64_t startTime = JULIANTIMESTAMP();
 
       logAuthenticationOutcome(usersInfo.externalUsername,
                                usersInfo.databaseUsername,
-                               usersInfo.sessionUserID,clientInfo,"F ");
+                               
usersInfo.sessionUserID,clientInfo,AUTH_USER_INVALID);
       return;
    }
 */      
-//
-// Let's check on the credentials first.
-//
+   //
+   // Let's check on the credentials first.
+   //
    if (strlen(password) == 0)
    {
       // zero len password is a non-auth bind in LDAP, so we treat it
@@ -1157,46 +1157,33 @@ int64_t startTime = JULIANTIMESTAMP();
       authenticationInfo.errorDetail = self.bb.errorDetail = 
UA_STATUS_ERR_INVALID;
       logAuthenticationOutcome(usersInfo.externalUsername,
                                usersInfo.databaseUsername,
-                               usersInfo.sessionUserID,clientInfo,"F ");
+                               
usersInfo.sessionUserID,clientInfo,AUTH_NO_PASSWORD);
       return;
    }
 
-LDAuthStatus authStatus = LDAuthSuccessful;
-bool errorsLogged = false;
+   LDAuthStatus authStatus = LDAuthSuccessful;
    
-//
-// Next step, see if the user is defined on the LDAP server.
-//
+   //
+   // Next step, see if the user is defined on the LDAP server.
+   //
 
-//ACH For now, only support primary configuration   
+   //ACH For now, only support primary configuration   
    authStatus = executeLDAPAuthentication(self,usersInfo.externalUsername,
                                           password,
                                           LDAPConfigNode::PrimaryConfiguration,
-                                          errorsLogged,
                                           performanceInfo);
    
-// We log errors encountered in LDAP authentication to the repository.  
-// We can't log within the LDAP authentication module since other clients
-// don't include the necessary libraries.  executeLDAPAuthentication() may  
-// have already logged the internal error(s); if not, log them now.            
           
-   if (!errorsLogged)
-   {
-      logAuthenticationErrors(self.nodeID); 
-      errorsLogged = true;
-   }
 
-// We log retries regardless of whether the authentication succeeded 
-// or failed.  Logging the retries for failed authentications shows
-// problem was not transient.  Logging retries when the 
-// authentication was successful allows operations to be aware of 
-// potential problems.
-   logAuthenticationRetries(self.nodeID,externalUsername);
-
-//
-// If all is well, save all the relevant user data in our container.
-//
+   //
+   // If all is well, save all the relevant user data in our container.
+   //
    if (authStatus == LDAuthSuccessful)
    {
+      // Logging retries when the authentication was successful allows 
+      // operations to be aware of potential problems.
+      // Retries are logged later for unsuccessful authentications.
+      logAuthenticationRetries(self.nodeID,externalUsername);
+
       // Strings returned from SQL could have trailing blanks and nulls
       // Remove all trailing blanks so callers have an accurate length
       // for comparison.
@@ -1205,7 +1192,8 @@ bool errorsLogged = false;
       
strcpy(authenticationInfo.usersInfo.databaseUsername,usersInfo.databaseUsername);
       strcpy(authenticationInfo.usersInfo.externalUsername,externalUsername);
       usersInfo.effectiveUserID = usersInfo.sessionUserID;      
-   // Copy USERS_INFO fields.  Class, = operator, byte copy
+
+      // Copy USERS_INFO fields.  Class, = operator, byte copy
       authenticationInfo.usersInfo.effectiveUserID = 
usersInfo.effectiveUserID; 
       authenticationInfo.usersInfo.sessionUserID = usersInfo.sessionUserID; 
       authenticationInfo.usersInfo.redefTime = usersInfo.redefTime; 
@@ -1222,21 +1210,22 @@ bool errorsLogged = false;
       strcpy(self.bb.usersInfo.databaseUsername,usersInfo.databaseUsername);
       strcpy(self.bb.usersInfo.externalUsername,externalUsername);
       self.bb.isAuthenticated = true;
-      // Log the successful authentication to the audit log repository.
+
+      // Log the successful authentication to the log repository.
       logAuthenticationOutcome(externalUsername,usersInfo.databaseUsername,
-                               usersInfo.sessionUserID,clientInfo,"S ");
+                               usersInfo.sessionUserID,clientInfo,AUTH_OK);
 
       return;
    }
 
-//
-// Rejected!
-//
-// Either the provided password does not match the one stored on the LDAP 
-// server or we had internal problems with the server.
-//
-// No soup for you.
-//
+   //
+   // Rejected!
+   //
+   // Either the provided password does not match the one stored on the LDAP 
+   // server or we had internal problems with the server.
+   //
+   // No soup for you.
+   //
 
    authenticationInfo.error = ZFIL_ERR_SECVIOL; 
    self.bb.error = ZFIL_ERR_SECVIOL;
@@ -1248,9 +1237,12 @@ bool errorsLogged = false;
    }
    authenticationInfo.errorDetail = self.bb.errorDetail; 
 
-// Log the failed authentication to the audit log repository.
+   // Log the failed authentication to the log repository.
    logAuthenticationOutcome(externalUsername,usersInfo.databaseUsername,
-                            usersInfo.sessionUserID,clientInfo,"F ");
+                            usersInfo.sessionUserID,clientInfo,
+                           (authStatus = LDAuthRejected) ? AUTH_REJECTED : 
AUTH_FAILED);
+   // Log any events generated
+   logAuthenticationErrors();
 
 }
 //************************** End of authenticateUser 
***************************
@@ -1321,7 +1313,7 @@ UserCacheContents userInfo;
 // *                                                                           
*
 // *  <self>                          DBUserAuthContents &            In/Out   
*
 // *    is a reference to a DBUserAuthContents object.  Results of the         
*
-// *  authentication are stored here.                                          
*
+// *    authentication are stored here.                                        
*
 // *                                                                           
*
 // *  <username>                      const char *                    In       
*
 // *    is the username.  Username must be  defined on LDAP server.            
*
@@ -1332,10 +1324,6 @@ UserCacheContents userInfo;
 // *  <configType>                    LDAPConfigNode::LDAPConfigType  In       
*
 // *    is the LDAP configuration to use, either primary or secondary.         
*
 // *                                                                           
*
-// *  <errorsLogged>                  bool &                          In       
*
-// *    passes back true if an internal error was logged to the repository,    
*
-// *  otherwise false.                                                         
*
-// *                                                                           
*
 // 
*****************************************************************************
 
 static LDAuthStatus executeLDAPAuthentication(
@@ -1343,41 +1331,43 @@ static LDAuthStatus executeLDAPAuthentication(
    const char *                    username,
    const char *                    password,
    LDAPConfigNode::LDAPConfigType  configType,
-   bool &                          errorsLogged,
    PERFORMANCE_INFO &              performanceInfo)
 
 {
 
    LDAPConfigNode::ClearRetryCounts();
-   clearAuthEvents();
-   errorsLogged = false;
+   authEvents.clear();
    
-//
-// First get a search connection for the specified configuration. 
-// If we can't get a search connection, could be network problem or a
-// bad configuration.  Either way, tough luck for the user.
-//
-
-int64_t startTime = JULIANTIMESTAMP();
-LDAPConfigNode *searchNode = LDAPConfigNode::GetLDAPConnection(configType,
+   //
+   // First get a search connection for the specified configuration. 
+   // If we can't get a search connection, could be network problem or a
+   // bad configuration.  Either way, tough luck for the user.
+   //
+
+   int64_t startTime = JULIANTIMESTAMP();
+   LDAPConfigNode *searchNode = LDAPConfigNode::GetLDAPConnection(configType,
                                                                
SearchConnection);
 
    performanceInfo.searchConnectionTime = JULIANTIMESTAMP() - startTime;
 
+   char eventMsg[MAX_EVENT_MSG_SIZE];
+
    if (searchNode == NULL)
    {
-// LCOV_EXCL_START
       self.bb.error = ZFIL_ERR_SECVIOL;
       self.bb.errorDetail = UA_STATUS_ERR_SYSTEM;
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE,
+               "Failed to get LDAP connection for user %s",username);
+      insertAuthEvent(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg, LL_ERROR);
+
       return LDAuthResourceFailure;
-// LCOV_EXCL_STOP
    }
 
-string userDN = "";       // User DN, used to bind to LDAP serer
+   string userDN = "";       // User DN, used to bind to LDAP serer
 
    startTime = JULIANTIMESTAMP();
 
-LDSearchStatus searchStatus = searchNode->lookupUser(username,userDN);
+   LDSearchStatus searchStatus = searchNode->lookupUser(username,userDN);
                                                      
    performanceInfo.searchTime = JULIANTIMESTAMP() - startTime; 
                                                        
@@ -1385,30 +1375,34 @@ LDSearchStatus searchStatus = 
searchNode->lookupUser(username,userDN);
    {
       self.bb.error = ZFIL_ERR_SECVIOL;
       self.bb.errorDetail = UA_STATUS_ERR_INVALID;
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE,
+               "Failed LDAP search for user %s",username);
+      insertAuthEvent(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg, LL_ERROR);
 
       return LDAuthRejected;
    }
 
    if (searchStatus != LDSearchFound)
    {
-// LCOV_EXCL_START
       self.bb.error = ZFIL_ERR_SECVIOL;
       self.bb.errorDetail = UA_STATUS_ERR_SYSTEM;
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE,
+               "Failed LDAP search for user %s",username);
+      insertAuthEvent(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg, LL_ERROR);
       return LDAuthResourceFailure;
-// LCOV_EXCL_STOP
    }
 
-// (searchStatus == LDSearchFound)
-// ACH: Should we compare UUIDOnLDAP and dsUUID and give "not registered"
-//       (or some other) error if they don't match?
+   // (searchStatus == LDSearchFound)
+   // ACH: Should we compare UUIDOnLDAP and dsUUID and give "not registered"
+   //       (or some other) error if they don't match?
 
-//
-// User is defined here and there.  But is their password correct?
-// Let's get an authentication connection to check on the password
-//
+   //
+   // User is defined here and there.  But is their password correct?
+   // Let's get an authentication connection to check on the password
+   //
    startTime = JULIANTIMESTAMP();
 
-LDAPConfigNode *authNode = LDAPConfigNode::GetLDAPConnection(configType,
+   LDAPConfigNode *authNode = LDAPConfigNode::GetLDAPConnection(configType,
                                                              
AuthenticationConnection);
 
    performanceInfo.authenticationConnectionTime = JULIANTIMESTAMP() - 
startTime;
@@ -1417,15 +1411,18 @@ LDAPConfigNode *authNode = 
LDAPConfigNode::GetLDAPConnection(configType,
    {
       self.bb.error = ZFIL_ERR_SECVIOL;
       self.bb.errorDetail = UA_STATUS_ERR_SYSTEM;
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE,
+               "Failed LDAP search on password for user %s",username);
+      insertAuthEvent(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg, LL_ERROR);
       return LDAuthResourceFailure;
    }
 
-//
-// Non-blank password, a user we know about, let's validate that password!
-//
+   //
+   // Non-blank password, a user we know about, let's validate that password!
+   //
    startTime = JULIANTIMESTAMP();
 
-LDAuthStatus authStatus = authNode->authenticateUser(userDN.c_str(),password);
+   LDAuthStatus authStatus = 
authNode->authenticateUser(userDN.c_str(),password);
                                      
    performanceInfo.authenticationTime = JULIANTIMESTAMP() - startTime;
                                           
@@ -1792,22 +1789,25 @@ size_t cacheCount = userCache.size();
 // *                                                                           
*
 // * Function: logAuthenticationErrors                                         
*
 // *                                                                           
*
-// *    Logs resource failure errors encountered during authentication.        
*
+// * Logs resource failure errors encountered during authentication.           
*
 // * Resource failure errors include problems with the                         
*
 // * configuration in .traf_authrntication_config, network issues,             
*
 // * LDAP server issues, or coding blunders.                                   
*
 // *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Parameters:                                                              
*
-// *                                                                           
*
-// *  <nodeID>                        int                             In       
*
-// *    is the ID of the node we are running on.                               
*
+// * Resource failures have already been inserted into authEvents structure    
*
 // *                                                                           
*
 // 
*****************************************************************************
-static void logAuthenticationErrors(int nodeID)
+static void logAuthenticationErrors()
 
 {
+   size_t errorCount = authEvents.size();
+
+   for (size_t i = 0; i < errorCount; i++)
+   {
+     AuthEvent authEvent = authEvents[i];
+     authEvent.setCallerName("mxosrvr");
+     authEvent.logAuthEvent();
+   }
 }
 //************************ End of logAuthenticationErrors 
**********************
 
@@ -1837,13 +1837,74 @@ static void logAuthenticationErrors(int nodeID)
 // *                                                                           
*
 // 
*****************************************************************************
 static void logAuthenticationOutcome(
-   const string   & external_user_name,
-   const string   & internal_user_name,
-   const int32_t    user_id,
-   ClientContents & clientInfo,
-   const string   & outcome)
+   const string       & external_user_name,
+   const string       & internal_user_name,
+   const int32_t        user_id,
+   ClientContents     & clientInfo,
+   const AUTH_OUTCOME   outcome)
    
 {
+   string internalUser("??");
+   if (user_id > 0) 
+     internalUser = internal_user_name; 
+   logLevel severity = LL_INFO;
+
+   // Currently this code has hard coded error messages in many places, this
+   // need to be fixed in order to allow errors to be reported in different 
+   // languages.
+   string outcomeDesc;
+   switch (outcome)
+   {
+      case AUTH_OK:
+         outcomeDesc = "Authentication successful";
+         severity = LL_INFO;
+         break;
+      case AUTH_NOT_REGISTERED:
+         outcomeDesc = "User not registered";
+         break;
+      case AUTH_MD_NOT_AVAILABLE:
+         outcomeDesc = "Unexpected error occurred looking up user in database";
+         severity = LL_INFO;
+         break;
+      case AUTH_USER_INVALID:
+         outcomeDesc = "User is not valid";
+         severity = LL_INFO;
+         break;
+      case AUTH_TYPE_INCORRECT:
+         outcomeDesc = "Unexpected authorization type detected";
+         severity = LL_INFO;
+         break;
+      case AUTH_NO_PASSWORD:
+         outcomeDesc = "Invalid password";
+         severity = LL_INFO;
+         break;
+      case AUTH_REJECTED:
+         outcomeDesc = "Invalid username or password";
+         severity = LL_INFO;
+         break;
+      case AUTH_FAILED:
+         outcomeDesc = "Unexpected error returned from LDAP";
+         severity = LL_ERROR;
+         break;
+      default:
+         severity = LL_ERROR;
+         outcomeDesc = "Unexpected error occurred";
+    }
+   
+   char buf[MAX_EVENT_MSG_SIZE];
+   snprintf(buf, MAX_EVENT_MSG_SIZE,
+                "Outcome -> externalUser: %s, "
+                "databaseUser: %s, userID: %u, "
+                "clientName: %s, clientUserName: %s, "
+                "result: %d (%s)",
+                external_user_name.c_str(), 
+                internalUser.c_str(), user_id,
+                clientInfo.clientName, clientInfo.clientUserName,
+                outcome, outcomeDesc.c_str());
+   std::string msg(buf);
+   AuthEvent authEvent (DBS_AUTHENTICATION_ATTEMPT,msg, severity); 
+   authEvent.setCallerName("mxosrvr");
+   authEvent.logAuthEvent();
 }
 //*********************** End of logAuthenticationOutcome 
**********************
 
@@ -1873,6 +1934,40 @@ static void logAuthenticationRetries(
    const char * username)
 
 {
+   size_t bindRetryCount = LDAPConfigNode::GetBindRetryCount();
+   size_t searchRetryCount = LDAPConfigNode::GetSearchRetryCount();
+
+   // If there were no retries, there is nothing to log.  
+   if (bindRetryCount == 0 && searchRetryCount == 0)
+      return;
+      
+   char buf[MAX_EVENT_MSG_SIZE];
+
+   // Log if the search (name lookup) operation had to be retried.          
+   if (searchRetryCount > 0)
+   { 
+      snprintf(buf,MAX_EVENT_MSG_SIZE,
+               "Authentication for user %s required %d search retries. ",
+              username,searchRetryCount);
+       
+      std::string msg(buf);
+      AuthEvent authEvent (DBS_AUTH_RETRY_SEARCH, msg, LL_INFO);
+      authEvent.setCallerName("mxosrvr");
+      authEvent.logAuthEvent();
+   }
+   
+   // Log if the bind (password authentication) operation had to be retried.   
       
+   if (bindRetryCount > 0)
+   { 
+      snprintf(buf,MAX_EVENT_MSG_SIZE,
+               "Authentication for user %s required %d bind retries. ",
+              username,bindRetryCount);
+       
+      std::string msg(buf);
+      AuthEvent authEvent (DBS_AUTH_RETRY_BIND, msg, LL_INFO);
+      authEvent.setCallerName("mxosrvr");
+      authEvent.logAuthEvent();
+   }
 }
 //*********************** End of logAuthenticationRetries 
**********************
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/src/ld_port.cpp
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/src/ld_port.cpp 
b/core/dbsecurity/auth/src/ld_port.cpp
deleted file mode 100644
index d8047df..0000000
--- a/core/dbsecurity/auth/src/ld_port.cpp
+++ /dev/null
@@ -1,201 +0,0 @@
-//******************************************************************************
-// @@@ START COPYRIGHT @@@
-//
-// Licensed to the Apache Software Foundation (ASF) under one
-// or more contributor license agreements.  See the NOTICE file
-// distributed with this work for additional information
-// regarding copyright ownership.  The ASF licenses this file
-// to you under the Apache License, Version 2.0 (the
-// "License"); you may not use this file except in compliance
-// with the License.  You may obtain a copy of the License at
-//
-//   http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing,
-// software distributed under the License is distributed on an
-// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-// KIND, either express or implied.  See the License for the
-// specific language governing permissions and limitations
-// under the License.
-//
-// @@@ END COPYRIGHT @@@
-//******************************************************************************
-#include <stdio.h>  
-#include <string.h> 
-#include <stdlib.h>
-#include <sys/types.h>
-#include <unistd.h>
-#include <time.h>
-#include <vector>
-#include "ld_globals.h"
-
-// LCOV_EXCL_START
-  
-
-// ACH:    
-//   This function prints to stdout when there is a problem in 
-//   handling the connection to the LDAP server for user authorization
-//   or to verify a user exists on the LDAP server.    This may be
-//   due to network problems or a misconfiguration in the .sqldapconfig
-//   file.    When using the internal development tool sqlci, this output
-//   will go to the user's screen.   For customer tools (HPDM or HPDCI) 
-//   stdout gets redirected to a file, so this will be saved in the
-//   log file on the node.    This can be very handy for diagnosing 
-//   connection & configuration problems.
-//
-//   A suggestion has also been made that the CLI code which ends up calling
-//   the user authentication code as well as DDL code like Register User could
-//   check first that the LDAP configuration needed is at least present.  This
-//   would allow for better error reporting, for example, in cases where REMOTE
-//   AUTHENTICATION is specified but the remote connection is not configured in
-//   the .sqldapconfig file.
-//   
-//
-
-std::vector<AuthEvents> authEvents;
-
-// 
*****************************************************************************
-// *                                                                           
*
-// * Function: clearAuthEvents                                                 
*
-// *                                                                           
*
-// *    Clears all entries from the authentication events vector.              
*
-// *                                                                           
*
-// 
*****************************************************************************
-void clearAuthEvents()
-
-{
-
-   authEvents.clear();
-   
-}
-//************************* End of clearAuthEvents 
*****************************
-
-
-// 
*****************************************************************************
-// *                                                                           
*
-// * Function: getAuthEventCount                                               
*
-// *                                                                           
*
-// *    Returns the number of entries in the authentication events vector.     
*
-// *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Returns:  size_t                                                         
*
-// *                                                                           
*
-// 
*****************************************************************************
-size_t getAuthEventCount()
-
-{
-
-   return authEvents.size();
-   
-}
-//************************ End of getAuthEventCount 
****************************
-
-
-
-
-
-// 
*****************************************************************************
-// *                                                                           
*
-// * Function: getAuthEvent                                                    
*
-// *                                                                           
*
-// *    Returns the AuthEvent entry specified by index.                        
*
-// *                                                                           
*
-// *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Parameter:                                                               
*
-// *                                                                           
*
-// *  <index>                   size_t                                 In      
*
-// *    is an index into the AuthEvents vector.  The index is not validated;   
*
-// *  if the index is too large an error will result.                          
*
-// *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Returns:  const AuthEvents &                                             
*
-// *                                                                           
*
-// 
*****************************************************************************
-const AuthEvents & getAuthEvent(size_t index)
-
-{
-
-   return authEvents[index];
-   
-}
-//*************************** End of getAuthEvent 
******************************
-
-
-
-
-// 
*****************************************************************************
-// *                                                                           
*
-// * Function: logAuthEvent                                                    
*
-// *                                                                           
*
-// *    Logs an authentication event (mostly resource errors) to standard out  
*
-// *  and stores the event data in a vector for later retrieval.  (To be       
*
-// *  written to the instance repository in non-Live Feed cases.)              
*
-// *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Parameter:                                                               
*
-// *                                                                           
*
-// *  <eventID>                 DB_SECURITY_EVENTID                    In      
*
-// *    is the event ID associated with the authentication event.              
*
-// *                                                                           
*
-// *  <msg>                     const char *                           In      
*
-// *    is the text associated with the authentication event.                  
*
-// *                                                                           
*
-// *  <filename>                const std::string &                    In      
*
-// *    is the filename where the error/event was detected.                    
*
-// *                                                                           
*
-// *  <lineNumber>              int32_t                                In      
*
-// *    is the line number where the error/event was detected.                 
*
-// *                                                                           
*
-// *                                                                           
*
-// 
*****************************************************************************
-void logAuthEvent(
-   DB_SECURITY_EVENTID eventID,
-   const char *        msg,
-   const std::string & filename, 
-   int32_t             lineNumber) 
-    
-{
-
-// Format the timestamp
-
-char tbuff[24] = {0};
-struct tm *stm;
-
-   time_t now = time(0);
-   stm = gmtime(&now);
-   strftime(tbuff, sizeof(tbuff), "%Y-%m-%d %H:%M:%S %Z", stm);
-   
-// Format the event message, with the timestamp at the beginning.
-   
-char eventMessage[5100];
-
-   sprintf(eventMessage,
-           "%s (pid=%d) Error detected while establishing LDAP connection: 
%s\n",
-          tbuff, getpid(), msg); 
-
-// Write the event message to the stdout file.          
-   printf(eventMessage);
-   
-// We only store the first 5000 characters of the message.  The TEXT column
-// is limited to 5000 characters in the EVENT_TEXT_TABLE table.
-   if (strlen(eventMessage) > 5000)
-      eventMessage[5000] = 0;
-   
-AuthEvents authEvent;
-
-   authEvent.eventID = eventID;
-   authEvent.eventText = eventMessage;
-   authEvent.filename = filename;
-   authEvent.lineNumber = lineNumber;
-   authEvents.push_back(authEvent);       
-           
-} 
-//*************************** End of logAuthEvent 
******************************
-// LCOV_EXCL_STOP  
-
-

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/src/ldapcheck.cpp
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/src/ldapcheck.cpp 
b/core/dbsecurity/auth/src/ldapcheck.cpp
index 192ba50..3b965be 100755
--- a/core/dbsecurity/auth/src/ldapcheck.cpp
+++ b/core/dbsecurity/auth/src/ldapcheck.cpp
@@ -30,6 +30,7 @@
 //                                                                             
*
 
//******************************************************************************
 #include "ldapconfignode.h"
+#include "authEvents.h"
 
 #include <stdio.h>
 #include <string.h>
@@ -43,19 +44,9 @@
 #include <unistd.h>
 #include <time.h>
 #include <vector>
-#include "common/evl_sqlog_eventnum.h"
 
-using namespace std;
 
-struct AuthEvents
-{
-DB_SECURITY_EVENTID eventID;
-std::string         eventText;
-std::string         filename;
-int32_t             lineNumber;
-};
-
-std::vector<AuthEvents> authEvents;
+using namespace std;
 
 enum Operation {
    Authenticate = 2,
@@ -86,12 +77,6 @@ void doCanaryCheck(
    bool                           verbose,
    int &                          exitCode);   
    
-void logAuthEvent(
-   DB_SECURITY_EVENTID eventID,
-   const char *        msg,
-   const std::string & filename, 
-   int32_t             lineNumber);
-   
 LDSearchStatus lookupLDAPUser(
    const char *                    username,          
    LDAPConfigNode::LDAPConfigType  configType,        
@@ -99,7 +84,7 @@ LDSearchStatus lookupLDAPUser(
    
 void printTime();        
       
-void reportAuthenticationErrors();
+void reportAuthenticationErrors(bool displayErrors);
 
 void reportRetries(Operation operation);
     
@@ -261,8 +246,10 @@ LDAPAuthResult rc = 
authenticateLDAPUser(username,password,configType,
    if (verbose)
    {
       reportRetries(Authenticate);
-      reportAuthenticationErrors(); 
+      reportAuthenticationErrors(true); 
    }
+   else
+      reportAuthenticationErrors(false);
 
 }
 //*************************** End of doAuthenticate 
****************************
@@ -294,14 +281,13 @@ void doCanaryCheck(
    int &                          exitCode)   
    
 {
-
    exitCode = 0;
    
-char searchHostName[256];
+   char searchHostName[256];
 
    searchHostName[0] = 0;
    
-LDSearchStatus searchStatus = 
lookupLDAPUser(username,configType,searchHostName);
+   LDSearchStatus searchStatus = 
lookupLDAPUser(username,configType,searchHostName);
 
    if (verbose)
       cout << "Search host name: " << searchHostName << endl;
@@ -330,10 +316,12 @@ LDSearchStatus searchStatus = 
lookupLDAPUser(username,configType,searchHostName)
    }
    
    if (verbose)
-   {
+      {
       reportRetries(Lookup);
-      reportAuthenticationErrors(); 
+      reportAuthenticationErrors(true); 
    }
+   else
+      reportAuthenticationErrors(false);
 
 }
 //*************************** End of doCanaryCheck 
*****************************
@@ -341,72 +329,6 @@ LDSearchStatus searchStatus = 
lookupLDAPUser(username,configType,searchHostName)
 
 // 
*****************************************************************************
 // *                                                                           
*
-// * Function: logAuthEvent                                                    
*
-// *                                                                           
*
-// *    Stores an authentication event (mostly resource errors) in a vector    
*
-// *  for later retrieval.                                                     
*
-// *                                                                           
*
-// *    The function signature must exactly match the same function in         
*
-// *  ld_port.cpp.                                                             
*
-// *                                                                           
*
-// 
*****************************************************************************
-// *                                                                           
*
-// *  Parameter:                                                               
*
-// *                                                                           
*
-// *  <eventID>                 DB_SECURITY_EVENTID                    In      
*
-// *    is the event ID associated with the authentication event.              
*
-// *                                                                           
*
-// *  <msg>                     const char *                           In      
*
-// *    is the text associated with the authentication event.                  
*
-// *                                                                           
*
-// *  <filename>                const std::string &                    In      
*
-// *    is the filename where the error/event was detected.                    
*
-// *                                                                           
*
-// *  <lineNumber>              int32_t                                In      
*
-// *    is the line number where the error/event was detected.                 
*
-// *                                                                           
*
-// 
*****************************************************************************
-void logAuthEvent(
-   DB_SECURITY_EVENTID eventID,
-   const char *        msg,
-   const std::string & filename, 
-   int32_t             lineNumber)
-   
-{ 
-
-// Format the timestamp
-
-char tbuff[24] = {0};
-struct tm *stm;
-
-   time_t now = time(0);
-   stm = gmtime(&now);
-   strftime(tbuff, sizeof(tbuff), "%Y-%m-%d %H:%M:%S %Z", stm);
-   
-// Format the event message, with the timestamp at the beginning.
-   
-char eventMessage[5100];
-
-   sprintf(eventMessage,
-           "%s (pid=%d) Error detected while establishing LDAP connection: 
%s\n",
-           tbuff,getpid(),msg); 
-
-AuthEvents authEvent;
-
-   authEvent.eventID = eventID;
-   authEvent.eventText = eventMessage;
-   authEvent.filename = filename;
-   authEvent.lineNumber = lineNumber;
-   authEvents.push_back(authEvent);       
-
-} 
-//**************************** End of logAuthEvent 
*****************************
-
-
-
-
-// 
*****************************************************************************
-// *                                                                           
*
 // * Function: lookupLDAPUser                                                  
*
 // *                                                                           
*
 // *    Determines if the username is defined on an LDAP server in the         
*
@@ -501,41 +423,30 @@ void printUsage()
 
 
 // 
*****************************************************************************
-// *                                                                           
*
-// * Function: reportAuthenticationErrors                                      
*
-// *                                                                           
*
-// *    Displays any resource errors encountered during authentication.        
*
-// *                                                                           
*
+// Function: reportAuthenticationErrors
+//                                    
+//    Logs and optionally displays any resource errors encountered during LDAP 
+//    checking.
 // 
*****************************************************************************
-void reportAuthenticationErrors()
-
+void reportAuthenticationErrors(bool displayErrors)
 {
-
-size_t errorCount = authEvents.size();
-
-// 
*****************************************************************************
-// *                                                                           
*
-// *    Walk the list of errors encountered during the attempt to authenticate 
*
-// * the username and password, and for each error, display the event ID and   
*
-// * text along with the file and line number where the error was detected.    
*
-// *                                                                           
*
-// * If there is more than one error, number the errors.                       
*
-// *                                                                           
*
-// 
*****************************************************************************
-
-   for (size_t index = 0; index < errorCount; index++)
-   {
-      if (errorCount > 1)
-         cout << "Error #" << index + 1 << endl;
-   
-      const AuthEvents &authEvent = authEvents[index];
-      
-      cout << "Filename: " << authEvent.filename << 
-              " Line number: " << authEvent.lineNumber << endl;  
-      cout << "Event ID: " << authEvent.eventID << endl;
-      cout << authEvent.eventText << endl;
-   }
-
+  if (authEvents.size() > 0)
+    authInitEventLog();
+
+  //  Walk the list of errors encountered during the attempt to authenticate
+  //  the username, or username and password, and for each error, log the 
event 
+  //  ID and text. If displayErrors is true and logLevel is above the error 
+  //  level, send message to standard out.
+  std::string callerName ("ldapcheck");
+
+  for (size_t i = 0; i < authEvents.size(); i++)
+  {
+     AuthEvent authEvent = authEvents[i];
+     authEvent.setCallerName(callerName);
+     authEvent.logAuthEvent();
+     if (displayErrors)  
+       cout  << "ERROR: " << authEvent.getEventText().c_str() << endl;
+  }
 }
 //********************** End of reportAuthenticationErrors 
*********************
 
@@ -638,12 +549,8 @@ termios tty;
 int main(int argc,char *argv[])
 
 {
-
-//
-// ldapcheck needs a username.  If not supplied, issue an error
-// and print usage information. 
-//
-
+   // ldapcheck needs a username.  If not supplied, issue an error
+   // and print usage information. 
    if (argc <= 1)
    {
       cout << "Username required to check LDAP" << endl;
@@ -651,37 +558,31 @@ int main(int argc,char *argv[])
       exit(1);
    }
    
-//
-// Help!
-//
-   
+   // Help!
    if (strcmp(argv[1],"-h") == 0 || strcmp(argv[1],"--help") == 0)
    {
       printUsage();
       exit(0);
    } 
    
-enum Options {
-   Primary = 1,
-   Secondary = 0,
-   Platform = 2};
+   enum Options {
+      Primary = 1,
+      Secondary = 0,
+      Platform = 2};
    
-int c;
-int optionFlag = Primary;
-int verbose = 0;
-string password;
-char username[129];
-bool usernameSpecified = false;
-bool passwordSpecified = false;
-int loopCount = 1;
-int delayTime = 0;
-bool looping = false;
-
-//
-// Walk the list of options.  Username and password are required, although
-// the password can be left blank and prompted for.
-//
-     
+   int c;
+   int optionFlag = Primary;
+   int verbose = 0;
+   string password;
+   char username[129];
+   bool usernameSpecified = false;
+   bool passwordSpecified = false;
+   int loopCount = 1;
+   int delayTime = 0;
+   bool looping = false;
+
+   // Walk the list of options.  Username and password are required, although
+   // the password can be left blank and prompted for.
    while (true)
    {
       static struct option long_options[] =
@@ -784,7 +685,7 @@ bool looping = false;
       }
    }
  
-// If there are any remaining command line arguments, report an error
+   // If there are any remaining command line arguments, report an error
    if (optind < argc)
    {
       cout << "Unrecognized text" << endl; 
@@ -795,7 +696,7 @@ bool looping = false;
       exit(1);
    }
    
-// Verify a username was supplied, or we have nothing to do
+   // Verify a username was supplied, or we have nothing to do
    if (!usernameSpecified)
    {
       cout << "Username required" << endl;
@@ -803,7 +704,7 @@ bool looping = false;
       exit(1);   
    }
    
-LDAPConfigNode::LDAPConfigType configType = 
LDAPConfigNode::PrimaryConfiguration;
+   LDAPConfigNode::LDAPConfigType configType = 
LDAPConfigNode::PrimaryConfiguration;
 
    switch (optionFlag)
    {
@@ -820,9 +721,11 @@ LDAPConfigNode::LDAPConfigType configType = 
LDAPConfigNode::PrimaryConfiguration
          configType = LDAPConfigNode::PrimaryConfiguration;
    }    
 
-// If no password is supplied, we just perform a name lookup.  This was 
-// added to provide a canary check for the LDAP server without having to 
-// supply a valid password.   
+
+
+   // If no password is supplied, we just perform a name lookup.  This was 
+   // added to provide a canary check for the LDAP server without having to 
+   // supply a valid password.   
    if (!passwordSpecified)
    {
       int exitCode = 0;
@@ -834,7 +737,7 @@ LDAPConfigNode::LDAPConfigType configType = 
LDAPConfigNode::PrimaryConfiguration
          if (loopCount > 0)
             sleep(delayTime);
       }
-      //
+
       // For the LDAP Canary check mode of ldapcheck, we return one of 
       // three exit codes to be used by a health check:
       //
@@ -842,13 +745,10 @@ LDAPConfigNode::LDAPConfigType configType = 
LDAPConfigNode::PrimaryConfiguration
       // 1) LDAP configuration and server(s) good, retries occurred 
       // 2) Could not communicate with LDAP server(s).  Check LDAP 
configuration or server(s).
       // 3) User was not defined in LDAP
-      //
       exit(exitCode);
    }
             
-//
-// We have a username and password.  Let's authenticate!
-//
+   // We have a username and password.  Let's authenticate!
    while (loopCount--)
    {
       if (verbose && looping)

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/auth/src/ldapconfignode.cpp
----------------------------------------------------------------------
diff --git a/core/dbsecurity/auth/src/ldapconfignode.cpp 
b/core/dbsecurity/auth/src/ldapconfignode.cpp
index eda2cdb..c439ccf 100644
--- a/core/dbsecurity/auth/src/ldapconfignode.cpp
+++ b/core/dbsecurity/auth/src/ldapconfignode.cpp
@@ -1,4 +1,3 @@
-//******************************************************************************
 // @@@ START COPYRIGHT @@@
 //
 // Licensed to the Apache Software Foundation (ASF) under one
@@ -25,11 +24,12 @@
 //                    from the header files slip into the coverage count
 
 
-
+#include "authEvents.h"
 #include "ldapconfignode.h" 
 #include "ldapconfigfile.h"
 #include <sys/stat.h>
 
+
 // These defines affect openLDAP header files and must appear before s
 // those includes.
 
@@ -66,7 +66,6 @@
 #include <ctime>
 #include <netdb.h>
 
-#include "ld_globals.h"
 #include "common/evl_sqlog_eventnum.h"
 
 // LCOV_EXCL_STOP
@@ -83,11 +82,7 @@ enum NodeState {
 
 enum LDAP_VERSIONS { LDAP_VERSION_2 = 2, LDAP_VERSION_3 = 3};
 
-
-// define max size this module uses for an EMS message
-#define EMS_MSG_SIZE 500
-
-#define LOG_AUTH_EVENT(eventID,eventText) 
logAuthEvent(eventID,eventText,__FILE__,__LINE__)
+#define INSERT_EVENT(eventID,eventText) 
insertAuthEvent(eventID,eventText,LL_ERROR)
 
 static size_t numBindRetries = 0;
 static size_t numSearchRetries = 0;
@@ -783,7 +778,7 @@ LDAuthStatus LDAPConfigNode::authenticateUser(
 
 int LDAPError = LDAP_SUCCESS;
 LD_Status status = LD_STATUS_OK;
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
    LDAuthStatus authStatus = bindUser(self,username,password,true,LDAPError);
                                                  
@@ -834,12 +829,12 @@ int retry_count = self.host_->LDAPConfig_->retryCount;
 //  
 
    if (self.host_->LDAPConfig_->retryCount)
-      sprintf(emsMsg, "Failed to authenticate LDAP user %s after %d retries\n",
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Failed to authenticate LDAP user 
%s after %d retries\n",
               username,self.host_->LDAPConfig_->retryCount);
    else
-      sprintf(emsMsg, "Failed to authenticate LDAP user %s\n",username);
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Failed to authenticate LDAP user 
%s\n",username);
 
-   LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,emsMsg);
+   INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,eventMsg);
    return LDAuthResourceFailure;
 
 }
@@ -902,7 +897,7 @@ bool LDAPConfigNode::initialize(char * hostName)
 // connection and setup the rest of the node.
    if (!selfCheck(self,false))
    {
-      LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
initialize");
+      INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
initialize");
       return false;
    }   
 
@@ -956,16 +951,16 @@ int retry_count = self.host_->LDAPConfig_->retryCount;
          return true;
    } 
    
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
    if (self.host_->LDAPConfig_->retryCount > 0)
-      sprintf(emsMsg,"Unable to establish initial LDAP connection after %d 
retries, error %d\n",
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Unable to establish initial LDAP 
connection after %d retries, error %d\n",
               self.host_->LDAPConfig_->retryCount,retCode);
    else
-      sprintf(emsMsg,"Unable to establish initial LDAP connection, error %d\n",
+      snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Unable to establish initial LDAP 
connection, error %d\n",
               retCode);
 
-   LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg);
+   INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg);
    
    return false;
    
@@ -1011,7 +1006,7 @@ LDSearchStatus LDAPConfigNode::lookupUser(
 {
 
 int rc = 0;
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
 LDSearchStatus searchStatus = searchUser(self,inputName,userDN);
                                                  
@@ -1062,12 +1057,12 @@ int retry_count = self.host_->LDAPConfig_->retryCount;
 //  
 
    if (self.host_->LDAPConfig_->retryCount > 0)
-      sprintf(emsMsg, "Failed to search for LDAP user %s after %d retries\n",
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Failed to search for LDAP user 
%s after %d retries\n",
               inputName,self.host_->LDAPConfig_->retryCount);
    else
-      sprintf(emsMsg, "Failed to search for LDAP user %s\n",inputName);
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Failed to search for LDAP user 
%s\n",inputName);
    
-   LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg);
+   INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg);
    return LDSearchResourceFailure;
 
 }
@@ -1105,24 +1100,24 @@ static void addExcludedHostName(
 
 {
 
-char emsMsg[EMS_MSG_SIZE];
+   char eventMsg[MAX_EVENT_MSG_SIZE];
 
-// If the size of the excluded host list is being limited, clear out 
-// older excluded hosts to make room for the newest entry.
+   // If the size of the excluded host list is being limited, clear out 
+   // older excluded hosts to make room for the newest entry.
    if (self.host_->LDAPConfig_->maxExcludeListSize > 0)
       while (self.host_->excludedHostNames.size() >= 
self.host_->LDAPConfig_->maxExcludeListSize)
       {
-         sprintf(emsMsg,"Exclude list full, LDAP server %s removed from 
exclude list\n",
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Exclude list full, LDAP 
server %s removed from exclude list\n",
                  self.host_->excludedHostNames[0].c_str());
-         LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,emsMsg); 
+         INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,eventMsg); 
          
          
self.host_->excludedHostNames.erase(self.host_->excludedHostNames.begin());
       }
           
    self.host_->excludedHostNames.push_back(hostName);
    
-   sprintf(emsMsg,"LDAP server %s added to exclude list\n",hostName);
-   LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,emsMsg); 
+   snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "LDAP server %s added to exclude 
list\n",hostName);
+   INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,eventMsg); 
    
 }
 //************************ End of addExcludedHostName 
**************************
@@ -1179,7 +1174,7 @@ int rc, msgid, err;
 struct timeval timeout;
 LDAP *ld;
 LDAPMessage *result;  
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
 int parserc;
 LDAPControl **psrvctrls = NULL;
@@ -1193,7 +1188,7 @@ bool isInitialized = reconnect;
    {
       if (!selfCheck(self,isInitialized))
       {
-         LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
bindUser");
+         INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
bindUser");
       
          return LDAuthResourceFailure;
       }
@@ -1217,17 +1212,17 @@ bool isInitialized = reconnect;
             LD_Status status = initConnection(self,NULL,true);
             if (status != LD_STATUS_OK)
             {
-               LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"LDAP Auth Error 
in bindUser; unable to connect to server");
+               INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"LDAP Auth Error in 
bindUser; unable to connect to server");
                return LDAuthResourceFailure;
             }
             reconnect = false;
             continue;            
          }
-         sprintf(emsMsg, "LDAP Auth Error in bindUser; error code: %ld, ", 
(long) LDAPError);
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP Auth Error in bindUser; 
error code: %ld, ", (long) LDAPError);
          errorTextString = ldap_err2string(LDAPError);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg,"\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,emsMsg);
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg,"\n");
+         INSERT_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,eventMsg);
          return LDAuthResourceFailure;
 // LCOV_EXCL_STOP 
       }
@@ -1248,7 +1243,7 @@ bool isInitialized = reconnect;
             if (status != LD_STATUS_OK)
             {
 // LCOV_EXCL_START 
-               LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"LDAP Auth Error 
in bindUser; unable to connect to server");
+               INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"LDAP Auth Error in 
bindUser; unable to connect to server");
                return LDAuthResourceFailure;
 // LCOV_EXCL_STOP 
             }
@@ -1256,11 +1251,11 @@ bool isInitialized = reconnect;
             continue;
          }
          ldap_get_option(ld, LDAP_OPT_ERROR_NUMBER, &err);
-         sprintf(emsMsg, "LDAP Auth Error in bindUser; error code: %ld, ", 
(long)err);
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP Auth Error in bindUser; 
error code: %ld, ", (long)err);
          errorTextString = ldap_err2string(err);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg, "\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,emsMsg);
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg, "\n");
+         INSERT_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,eventMsg);
          LDAPError = err;
          return LDAuthResourceFailure;
       }
@@ -1274,13 +1269,13 @@ bool isInitialized = reconnect;
          char *p = ldap_err2string(parserc);
          if (p != NULL)
          {
-            strcpy(emsMsg, "LDAP Auth Error in bindUser; Failed to get bind 
result: ");
-            strncat(emsMsg, p, (EMS_MSG_SIZE - (strlen(emsMsg)+4)) );
-            strcat(emsMsg, "\n");
+            strcpy(eventMsg, "LDAP Auth Error in bindUser; Failed to get bind 
result: ");
+            strncat(eventMsg, p, (MAX_EVENT_MSG_SIZE - (strlen(eventMsg)+4)) );
+            strcat(eventMsg, "\n");
          }
          else
-            strcpy(emsMsg, "LDAP Auth Error in bindUser; Failed to get bind 
result.\n");
-         LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,emsMsg);
+            strcpy(eventMsg, "LDAP Auth Error in bindUser; Failed to get bind 
result.\n");
+         INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,eventMsg);
          LDAPError = parserc;
          return LDAuthResourceFailure;
 // LCOV_EXCL_STOP 
@@ -1341,11 +1336,11 @@ bool isInitialized = reconnect;
             break;
          default:
 // LCOV_EXCL_START 
-            sprintf(emsMsg, "LDAP Auth Error in bindUser; error code: %ld, ", 
(long)rc);
+            snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP Auth Error in 
bindUser; error code: %ld, ", (long)rc);
             errorTextString = ldap_err2string(rc);
-            strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - 
(strlen(emsMsg)+4)));
-            strcat(emsMsg, "\n"); 
-            LOG_AUTH_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,emsMsg);
+            strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+            strcat(eventMsg, "\n"); 
+            INSERT_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,eventMsg);
             LDAPError = rc;
             return LDAuthResourceFailure;
             break; 
@@ -1511,7 +1506,7 @@ static LD_Status connectToURL(
 int version;
 int debug = 0;
 int rc;
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 char *errorTextString; 
 
 LDAP *ld = NULL;
@@ -1522,11 +1517,11 @@ struct timeval tv;
    if (rc != LDAP_SUCCESS)
    {
 // LCOV_EXCL_START 
-      sprintf(emsMsg, "ldap_initialize failed for LDAP server %s. Error: %d, 
",url.lud_host, rc);
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "ldap_initialize failed for LDAP 
server %s. Error: %d, ",url.lud_host, rc);
       errorTextString = ldap_err2string(rc);
-      strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-      strcat(emsMsg, "\n");    
-      LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg); 
+      strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+      strcat(eventMsg, "\n");    
+      INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg); 
       return LD_STATUS_RESOURCE_FAILURE;
 // LCOV_EXCL_STOP 
    }
@@ -1534,8 +1529,8 @@ struct timeval tv;
    if (ld == NULL)
    {
 // LCOV_EXCL_START 
-      sprintf(emsMsg, "Failed to initialize the connection to LDAP server %s.  
Error: ld is NULL", url.lud_host);
-      LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg); 
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Failed to initialize the 
connection to LDAP server %s.  Error: ld is NULL", url.lud_host);
+      INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg); 
       return LD_STATUS_RESOURCE_FAILURE;
 // LCOV_EXCL_STOP 
    }
@@ -1611,11 +1606,11 @@ int ldapderef = LDAP_DEREF_ALWAYS;
       rc = ldap_set_option(ld,LDAP_OPT_X_TLS_REQUIRE_CERT,&demand);
       if (rc != LDAP_SUCCESS)
       {
-         sprintf(emsMsg, "Require TLS certificate failed for LDAP server %s.  
Error: %d, ", url.lud_host, rc);
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Require TLS certificate 
failed for LDAP server %s.  Error: %d, ", url.lud_host, rc);
          errorTextString = ldap_err2string(rc);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg, "\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg); 
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg, "\n");
+         INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg); 
          return LD_STATUS_RESOURCE_FAILURE;
       }
       
@@ -1623,11 +1618,11 @@ int ldapderef = LDAP_DEREF_ALWAYS;
                            config.TLS_CACERTFilename.c_str());
       if (rc != LDAP_SUCCESS)
       {
-         sprintf(emsMsg, "Set TLS certificate file failed for LDAP server %s.  
Error: %d, ", url.lud_host, rc);
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Set TLS certificate file 
failed for LDAP server %s.  Error: %d, ", url.lud_host, rc);
          errorTextString = ldap_err2string(rc);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg, "\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg); 
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg, "\n");
+         INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg); 
          return LD_STATUS_RESOURCE_FAILURE;
       }
    }   
@@ -1638,11 +1633,11 @@ int ldapderef = LDAP_DEREF_ALWAYS;
       rc = ldap_start_tls_s (ld, NULL, NULL);
       if (rc != LDAP_SUCCESS)
       {
-         sprintf(emsMsg, "StartTLS failed for LDAP server %s.  Error: %d, ", 
url.lud_host, rc);
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "StartTLS failed for LDAP 
server %s.  Error: %d, ", url.lud_host, rc);
          errorTextString = ldap_err2string(rc);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg, "\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,emsMsg); 
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg, "\n");
+         INSERT_EVENT(DBS_NO_LDAP_SEARCH_CONNECTION,eventMsg); 
          return LD_STATUS_RESOURCE_FAILURE;
       }
    }
@@ -1665,12 +1660,12 @@ LDAuthStatus authStatus;
       if (authStatus != LDAuthSuccessful) 
       {
 // LCOV_EXCL_START 
-         sprintf(emsMsg,"Initial bind failed for LDAP server %s. Error: %d, ", 
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "Initial bind failed for LDAP 
server %s. Error: %d, ", 
                  url.lud_host,LDAPError);
          errorTextString = ldap_err2string(LDAPError);
-         strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-         strcat(emsMsg, "\n");
-         LOG_AUTH_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,emsMsg);  
+         strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+         strcat(eventMsg, "\n");
+         INSERT_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,eventMsg);  
          return LD_STATUS_RESOURCE_FAILURE;
 // LCOV_EXCL_STOP  
       }
@@ -1688,11 +1683,11 @@ LDAuthStatus authStatus;
    if (authStatus != LDAuthSuccessful) 
    {
 // LCOV_EXCL_START 
-      sprintf(emsMsg, "Initial bind with search user failed for LDAP server 
%s. Error: %d, ", url.lud_host, LDAPError);
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "Initial bind with search user 
failed for LDAP server %s. Error: %d, ", url.lud_host, LDAPError);
       errorTextString = ldap_err2string(LDAPError);
-      strncat(emsMsg, errorTextString, (EMS_MSG_SIZE - (strlen(emsMsg)+4)));
-      strcat(emsMsg, "\n");
-      LOG_AUTH_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,emsMsg);  
+      strncat(eventMsg, errorTextString, (MAX_EVENT_MSG_SIZE - 
(strlen(eventMsg)+4)));
+      strcat(eventMsg, "\n");
+      INSERT_EVENT(DBS_NO_LDAP_AUTH_CONNECTION,eventMsg);  
       return LD_STATUS_RESOURCE_FAILURE;
 // LCOV_EXCL_STOP 
    }
@@ -1982,7 +1977,7 @@ inline static void logConfigFileError(
    
 {
 
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
    switch (fileCode)
    {
@@ -1991,52 +1986,52 @@ char emsMsg[EMS_MSG_SIZE];
          break;
       case LDAPConfigFile_NoFileProvided:
       case LDAPConfigFile_FileNotFound:
-         sprintf(emsMsg, "****** .traf_authentication_config file not 
found\n");
+         snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "****** 
.traf_authentication_config file not found\n");
          break;
       case LDAPConfigFile_BadAttributeName:
-         sprintf(emsMsg,"****** Unrecognized attribute in 
.traf_authentication_config configuration file.  Line %d %s",
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Unrecognized attribute 
in .traf_authentication_config configuration file.  Line %d %s",
                  lastLineNumber,lastLine.c_str());
          break;
       case LDAPConfigFile_MissingValue:
-         sprintf(emsMsg,"****** Missing required value in 
.traf_authentication_config configuration file.  Line %d %s",
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Missing required value 
in .traf_authentication_config configuration file.  Line %d %s",
                  lastLineNumber,lastLine.c_str());
          break;
       case LDAPConfigFile_ValueOutofRange:
-         sprintf(emsMsg,"****** Value out of range in 
.traf_authentication_config configuration file.  Line %d %s",
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Value out of range in 
.traf_authentication_config configuration file.  Line %d %s",
                  lastLineNumber,lastLine.c_str());
          break;
       case LDAPConfigFile_CantOpenFile:
-         sprintf(emsMsg,"****** Unable to open .traf_authentication_config 
configuration file");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Unable to open 
.traf_authentication_config configuration file");
          break;
       case LDAPConfigFile_CantReadFile:
-         sprintf(emsMsg,"****** Unable to read .traf_authentication_config 
configuration file");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Unable to read 
.traf_authentication_config configuration file");
          break;
       case LDAPConfigFile_MissingCACERTFilename:
-         sprintf(emsMsg,"****** TLS requested but no TLS CACERTFilename was 
provided");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** TLS requested but no 
TLS CACERTFilename was provided");
          break;
       case LDAPConfigFile_MissingHostName:
-         sprintf(emsMsg,"****** Missing host name in 
.traf_authentication_config");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Missing host name in 
.traf_authentication_config");
          break;
       case LDAPConfigFile_MissingUniqueIdentifier:
-         sprintf(emsMsg,"****** Missing unique identifier in 
.traf_authentication_config");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Missing unique 
identifier in .traf_authentication_config");
          break;
       case LDAPConfigFile_MissingSection:
-         sprintf(emsMsg,"****** Missing directory server configuration in 
.traf_authentication_config");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Missing directory 
server configuration in .traf_authentication_config");
          break;
       case LDAPConfigFile_ParseError:
-         sprintf(emsMsg,"****** Internal error parsing 
.traf_authentication_config");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Internal error parsing 
.traf_authentication_config");
          break;
       case LDAPConfigFile_CantOpenLDAPRC:
-         sprintf(emsMsg,"****** Unable to open .ldaprc to determine TLS 
CACERTFilename");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Unable to open .ldaprc 
to determine TLS CACERTFilename");
          break;
       case LDAPConfigFile_MissingLDAPRC:
-         sprintf(emsMsg,"****** Missing .ldaprc and TLS_CACERTFilename not 
provided; cannot determine TLS CACERT filename");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Missing .ldaprc and 
TLS_CACERTFilename not provided; cannot determine TLS CACERT filename");
          break;
       default:
-         sprintf(emsMsg,"****** Error parsing .traf_authentication_config 
configuration file");
+         snprintf(eventMsg, MAX_EVENT_MSG_SIZE, "****** Error parsing 
.traf_authentication_config configuration file");
    }
 
-   LOG_AUTH_EVENT(DBS_AUTH_CONFIG,emsMsg); 
+   INSERT_EVENT(DBS_AUTH_CONFIG,eventMsg); 
 
 }
 //************************** End of logConfigFileError 
*************************
@@ -2301,7 +2296,7 @@ char *attrs[3];
 char *attr, **vals;
 BerElement *ptr = 0;
 char createTimestamp[16];
-char emsMsg[EMS_MSG_SIZE];
+char eventMsg[MAX_EVENT_MSG_SIZE];
 
 // Use "createTimestamp" as our "unique ID" for the user on the LDAP server.
    strcpy(createTimestamp, "createTimestamp");
@@ -2339,7 +2334,7 @@ int reconnect = 1;
    {
       if (!selfCheck(self,true))
       {
-         LOG_AUTH_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
searchUserByDN");
+         INSERT_EVENT(DBS_UNKNOWN_AUTH_STATUS_ERROR,"Self check failed in 
searchUserByDN");
       
          return LDSearchResourceFailure;
       }
@@ -2380,8 +2375,8 @@ int reconnect = 1;
          // resource failure error so we will retry per configuration settings.
          if (status != LD_STATUS_OK)
          {
-            sprintf(emsMsg, "LDAP search error.   Unable to connect to 
server\n");  
-            LOG_AUTH_EVENT(DBS_LDAP_SEARCH_ERROR,emsMsg);
+            snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP search error.   
Unable to connect to server\n");  
+            INSERT_EVENT(DBS_LDAP_SEARCH_ERROR,eventMsg);
             return LDSearchResourceFailure;
          }
          reconnect--;
@@ -2391,9 +2386,9 @@ int reconnect = 1;
       // For all other search errors, report an error and return a resource 
       // failure (LDAP server or network problem) so we will retry per
       // configuration settings.   
-      sprintf(emsMsg, "LDAP search error.  Error code: %d, %s\n", 
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP search error.  Error code: 
%d, %s\n", 
                       rc, ldap_err2string(rc)); 
-      LOG_AUTH_EVENT(DBS_LDAP_SEARCH_ERROR,emsMsg);
+      INSERT_EVENT(DBS_LDAP_SEARCH_ERROR,eventMsg);
       return LDSearchResourceFailure;
    }
    
@@ -2431,8 +2426,8 @@ int numberFound = ldap_count_entries(ld,res);
          ldap_msgfree(res);
 
       // log error message
-      sprintf(emsMsg, "LDAP search error.   Attribute %s does not exist in the 
entry %s", attrs[0], userDN.c_str());  
-      LOG_AUTH_EVENT(DBS_LDAP_SEARCH_ERROR,emsMsg);
+      snprintf(eventMsg,  MAX_EVENT_MSG_SIZE, "LDAP search error.   Attribute 
%s does not exist in the entry %s", attrs[0], userDN.c_str());  
+      INSERT_EVENT(DBS_LDAP_SEARCH_ERROR,eventMsg);
       return LDSearchResourceFailure;
    }
 

http://git-wip-us.apache.org/repos/asf/incubator-trafodion/blob/7bab8387/core/dbsecurity/macros.gmk
----------------------------------------------------------------------
diff --git a/core/dbsecurity/macros.gmk b/core/dbsecurity/macros.gmk
index 63a97b3..948a86a 100644
--- a/core/dbsecurity/macros.gmk
+++ b/core/dbsecurity/macros.gmk
@@ -43,7 +43,13 @@ CXXFLAGS     += $(DEFINES) $(CXXWARN) -std=c++0x $(GCCMODEXX)
 
 
 # Modules in current directory
-$(OUTDIR)/%.o: src/%.cpp
+$(OUTDIR)/%.o: src/%.cpp 
+#      echo " *****FLAGS::: $(CXX) *****"
+       @if [ -d "$(OUTDIR)" ]; then x=1; else mkdir -p "$(OUTDIR)"; fi
+       $(CXX) $(CXXFLAGS) $(INCLUDES) -c -fPIC -o $@ $<
+
+# Modules in logging directory
+$(OUTDIR)/%.o: $(MY_SQROOT)/commonLogger/CommonLogger.cpp
 #      echo " *****FLAGS::: $(CXX) *****"
        @if [ -d "$(OUTDIR)" ]; then x=1; else mkdir -p "$(OUTDIR)"; fi
        $(CXX) $(CXXFLAGS) $(INCLUDES) -c -fPIC -o $@ $<


Reply via email to