# HG changeset patch # User Marcus Granado <[email protected]> # Date 1268143881 0 # Node ID f3605f44da34bd90b4e2cb06384f694923013e70 # Parent d7ad0f363e97e685b42fdee3a60044b2473570e0 CA-38729: split {en,dis}able extauth exceptions to simplify translations in xencenter
Signed-off-by: Marcus Granado <[email protected]> diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/OMakefile --- a/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000 @@ -1,5 +1,5 @@ OTHER_CLIBS = -cclib -lpam -OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../xapi +OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../idl ../xapi StaticCLibrary(auth_stubs, xa_auth xa_auth_stubs) OCamlLibraryClib(pam, pam, auth_stubs) @@ -9,7 +9,7 @@ OCAML_CLIBS += auth_stubs OCamlProgram(testauth, testauth) - OCamlProgram(testauthx, testauthx authx auth_signature) + OCamlProgram(testauthx, testauthx authx auth_signature ../idl/api_errors) .PHONY: clean clean: diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/auth_signature.ml --- a/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000 @@ -22,8 +22,17 @@ *) exception Auth_failure of string -exception Auth_service_error of string +type auth_service_error_tag = E_GENERIC|E_LOOKUP|E_DENIED|E_CREDENTIALS|E_UNAVAILABLE +exception Auth_service_error of auth_service_error_tag * string exception Subject_cannot_be_resolved + +let suffix_of_tag errtag = + match errtag with + | E_GENERIC -> "" + | E_LOOKUP -> Api_errors.auth_suffix_domain_lookup_failed + | E_DENIED -> Api_errors.auth_suffix_permission_denied + | E_CREDENTIALS -> Api_errors.auth_suffix_wrong_credentials + | E_UNAVAILABLE -> Api_errors.auth_suffix_unavailable (* required fields in subject.other_config *) let subject_information_field_subject_name = "subject-name" diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/authx.ml --- a/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000 @@ -45,7 +45,7 @@ with e -> begin let errmsg = Printf.sprintf "[%s]: %s" debug_cmd (Printexc.to_string e) in debug "Error executing cmd %s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) end in let output_lines = Stringext.String.split '\n' output_str in diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/extauth_plugin_ADlikewise.ml --- a/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000 @@ -116,7 +116,7 @@ with e -> begin (* in_string is usually the password or other sensitive param, so never write it to debug or exn *) debug "Error writing to stdin for cmd %s: %s" debug_cmd (ExnHelper.string_of_exn e); - raise (Auth_signature.Auth_service_error (ExnHelper.string_of_exn e)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,ExnHelper.string_of_exn e)) end end; ) @@ -169,13 +169,13 @@ debug "Error likewise for cmd %s: %s" debug_cmd msg; (* CA-27772: return user-friendly error messages when Likewise crashes *) let msg = user_friendly_error_msg in - raise (Auth_signature.Auth_service_error msg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) | e -> (* unknown error *) begin debug "Parse_likewise error for cmd %s: %s" debug_cmd (ExnHelper.string_of_exn e); (* CA-27772: return user-friendly error messages when Likewise crashes *) let msg = user_friendly_error_msg in - raise (Auth_signature.Auth_service_error msg (*(ExnHelper.string_of_exn e)*)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg (*(ExnHelper.string_of_exn e)*))) end in @@ -201,11 +201,11 @@ | 524326 (* error joining AD domain *) | 524359 -> (* error joining AD domain *) - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) | 40118 (* lsass server not responding *) | _ -> (* general Likewise error *) - raise (Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,(Printf.sprintf "(%i) %s" code errmsg))) end end ) @@ -285,7 +285,7 @@ (* this should not have happend, likewise didn't return an SID field!! *) let msg = (Printf.sprintf "Likewise didn't return an SID field for gid %s" gid) in debug "Error likewise_get_sid_bygid for gid %s: %s" gid msg; - raise (Auth_signature.Auth_service_error msg) (* general Likewise error *) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) (* general Likewise error *) end let likewise_get_sid_byname _subject_name cmd = @@ -298,7 +298,7 @@ (* this should not have happend, likewise didn't return an SID field!! *) let msg = (Printf.sprintf "Likewise didn't return an SID field for user %s" subject_name) in debug "Error likewise_get_sid_byname for subject name %s: %s" subject_name msg; - raise (Auth_signature.Auth_service_error msg) (* general Likewise error *) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) (* general Likewise error *) end (* subject_id get_subject_identifier(string subject_name) @@ -522,7 +522,7 @@ && (List.mem_assoc "pass" config_params) ) then begin - raise (Auth_signature.Auth_service_error "enable requires two config params: user and pass.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,"enable requires two config params: user and pass.")) end else (* we have all the required parameters *) @@ -539,7 +539,7 @@ let _domain = List.assoc "domain" config_params in if service_name <> _domain then - raise (Auth_signature.Auth_service_error "if present, config:domain must match service-name.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,"if present, config:domain must match service-name.")) else service_name end @@ -562,7 +562,7 @@ begin let errmsg = (Printf.sprintf "External authentication server not available after %i query tests" max_tries) in debug "%s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_UNAVAILABLE,errmsg)) end; (* OK SUCCESS, likewise has joined the AD domain successfully *) @@ -581,25 +581,25 @@ () (* OK, return unit*) with (*ERROR, we didn't join the AD domain*) - |Auth_signature.Auth_service_error errmsg -> + |Auth_signature.Auth_service_error (errtag,errmsg) as e -> (*errors in stdout, let's bubble them up, making them as user-friendly as possible *) debug "Error enabling external authentication for domain %s and user %s: %s" domain user errmsg; if has_substr errmsg "0x9C56" (* The password is incorrect for the given username *) or has_substr errmsg "0x9C84" (* The user account is invalid *) then begin - raise (Auth_signature.Auth_service_error "The username or password is wrong.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_CREDENTIALS,"The username or password is wrong.")) end else if has_substr errmsg "(0x5)" (* Unknown error *) then begin (* this seems to be a not-enough-permission-to-join-the-domain error *) - raise (Auth_signature.Auth_service_error "Permission denied. The user has no administrator rights to join the domain.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_DENIED,"Permission denied. The user has no rights to join the domain or to modify the machine account in the Active Directory database.")) end else if has_substr errmsg "0x9CAC" (* Failed to lookup the domain controller for given domain. *) or has_substr errmsg "0x251E" (* DNS_ERROR_BAD_PACKET *) then begin (* this seems to be a wrong domain controller name error... *) - raise (Auth_signature.Auth_service_error "Failed to lookup the domain controller for given domain.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_LOOKUP,"Failed to lookup the domain controller for given domain.")) end else begin (* general Likewise error *) - raise (Auth_signature.Auth_service_error errmsg) + raise e end (* unit on_disable() @@ -639,22 +639,22 @@ None (* no failure observed in likewise *) with - | Auth_signature.Auth_service_error errmsg -> + | Auth_signature.Auth_service_error (errtag,errmsg) as e -> (* errors in stdout, let's bubble them up, making them as user-friendly as possible *) debug "Internal Likewise error when disabling external authentication: %s" errmsg; if has_substr errmsg "0x9C56" (* The password is incorrect for the given username *) or has_substr errmsg "0x9C84" (* The user account is invalid *) then begin - Some (Auth_signature.Auth_service_error "The username or password is wrong.") + Some (Auth_signature.Auth_service_error (Auth_signature.E_CREDENTIALS,"The username or password was wrong and did not disable the machine account in the Active Directory database.")) end else if has_substr errmsg "0x400A" (* Unkown error *) or has_substr errmsg "(0xD)" (* ERROR_INVALID_DATA *) then begin (* this seems to be a non-admin valid user error... *) - Some (Auth_signature.Auth_service_error "Permission denied. The user has no administrator rights to disable the machine account in the Active Directory database.") + Some (Auth_signature.Auth_service_error (Auth_signature.E_DENIED,"Permission denied. The user has no rights to disable the machine account in the Active Directory database.")) end else begin (* general Likewise error *) - Some (Auth_signature.Auth_service_error errmsg) + Some e end | e -> (* unexpected error disabling likewise *) ( @@ -714,7 +714,7 @@ begin let errmsg = (Printf.sprintf "External authentication server not available after %i query tests" max_tries) in debug "%s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) end; () diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/api_errors.ml --- a/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000 @@ -342,11 +342,29 @@ let auth_already_enabled = "AUTH_ALREADY_ENABLED" let auth_unknown_type = "AUTH_UNKNOWN_TYPE" let auth_is_disabled = "AUTH_IS_DISABLED" +let auth_suffix_wrong_credentials = "_WRONG_CREDENTIALS" +let auth_suffix_permission_denied = "_PERMISSION_DENIED" +let auth_suffix_domain_lookup_failed = "_DOMAIN_LOOKUP_FAILED" +let auth_suffix_unavailable = "_UNAVAILABLE" let auth_enable_failed = "AUTH_ENABLE_FAILED" +let auth_enable_failed_wrong_credentials = auth_enable_failed^auth_suffix_wrong_credentials +let auth_enable_failed_permission_denied = auth_enable_failed^auth_suffix_permission_denied +let auth_enable_failed_domain_lookup_failed = auth_enable_failed^auth_suffix_domain_lookup_failed +let auth_enable_failed_unavailable = auth_enable_failed^auth_suffix_unavailable let auth_disable_failed = "AUTH_DISABLE_FAILED" +let auth_disable_failed_wrong_credentials = auth_disable_failed^auth_suffix_wrong_credentials +let auth_disable_failed_permission_denied = auth_disable_failed^auth_suffix_permission_denied let pool_auth_already_enabled = "POOL_AUTH_ALREADY_ENABLED" -let pool_auth_enable_failed = "POOL_AUTH_ENABLE_FAILED" -let pool_auth_disable_failed = "POOL_AUTH_DISABLE_FAILED" +let pool_auth_prefix = "POOL_" +let pool_auth_enable_failed = pool_auth_prefix^auth_enable_failed +let pool_auth_enable_failed_wrong_credentials = pool_auth_enable_failed^auth_suffix_wrong_credentials +let pool_auth_enable_failed_permission_denied = pool_auth_enable_failed^auth_suffix_permission_denied +let pool_auth_enable_failed_domain_lookup_failed = pool_auth_enable_failed^auth_suffix_domain_lookup_failed +let pool_auth_enable_failed_unavailable = pool_auth_enable_failed^auth_suffix_unavailable +let pool_auth_enable_failed_duplicate_hostname = pool_auth_enable_failed^"_DUPLICATE_HOSTNAME" +let pool_auth_disable_failed = pool_auth_prefix^auth_disable_failed +let pool_auth_disable_failed_wrong_credentials = pool_auth_disable_failed^auth_suffix_wrong_credentials +let pool_auth_disable_failed_permission_denied = pool_auth_disable_failed^auth_suffix_permission_denied let subject_cannot_be_resolved = "SUBJECT_CANNOT_BE_RESOLVED" let auth_service_error = "AUTH_SERVICE_ERROR" let subject_already_exists = "SUBJECT_ALREADY_EXISTS" diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/datamodel.ml --- a/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000 @@ -537,6 +537,21 @@ ~doc:"External authentication is disabled, unable to resolve subject name." (); error Api_errors.auth_enable_failed ["message"] ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_wrong_credentials ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_permission_denied ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_domain_lookup_failed ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_unavailable ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_disable_failed ["message"] + ~doc:"The host failed to disable external authentication." (); + error Api_errors.auth_disable_failed_wrong_credentials ["message"] + ~doc:"The host failed to disable external authentication." (); + error Api_errors.auth_disable_failed_permission_denied ["message"] + ~doc:"The host failed to disable external authentication." (); + (* Pool errors *) error Api_errors.pool_joining_host_cannot_contain_shared_SRs [] @@ -567,7 +582,21 @@ ~doc:"External authentication in this pool is already enabled for at least one host." (); error Api_errors.pool_auth_enable_failed ["host";"message"] ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_wrong_credentials ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_permission_denied ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_domain_lookup_failed ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_unavailable ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_duplicate_hostname ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); error Api_errors.pool_auth_disable_failed ["host";"message"] + ~doc:"The pool failed to disable the external authentication of at least one host." (); + error Api_errors.pool_auth_disable_failed_wrong_credentials ["host";"message"] + ~doc:"The pool failed to disable the external authentication of at least one host." (); + error Api_errors.pool_auth_disable_failed_permission_denied ["host";"message"] ~doc:"The pool failed to disable the external authentication of at least one host." (); (* External directory service *) diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi.ml --- a/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000 @@ -680,7 +680,7 @@ ", host_external_auth_service_name="^service_name^ ", error="^ (match !last_error with None -> "timeout" | Some e -> (match e with - | Auth_signature.Auth_service_error errmsg -> errmsg (* this is the expected error msg *) + | Auth_signature.Auth_service_error (errtag,errmsg) -> errmsg (* this is the expected error msg *) | e -> (ExnHelper.string_of_exn e) (* unknown error msg *) )) ); diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_auth.ml --- a/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000 @@ -28,7 +28,7 @@ | Not_found | Auth_signature.Subject_cannot_be_resolved -> raise (Api_errors.Server_error(Api_errors.subject_cannot_be_resolved, [])) - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (errtag,msg) -> raise (Api_errors.Server_error(Api_errors.auth_service_error, [msg])) | e -> raise (Api_errors.Server_error(Api_errors.auth_service_error, [ExnHelper.string_of_exn e])) diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_host.ml --- a/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000 @@ -1079,12 +1079,12 @@ debug "Failed while enabling unknown external authentication type %s for service name %s in host %s" msg service_name host_name_label; raise (Api_errors.Server_error(Api_errors.auth_unknown_type, [msg])) end - | Auth_signature.Auth_service_error msg -> (* plugin returned some error *) + | Auth_signature.Auth_service_error (errtag,msg) -> (* plugin returned some error *) (* we rollback to the original xapi configuration *) Db.Host.set_external_auth_type ~__context ~self:host ~value:current_auth_type; Db.Host.set_external_auth_service_name ~__context ~self:host ~value:current_service_name; debug "Failed while enabling external authentication type %s for service name %s in host %s" msg service_name host_name_label; - raise (Api_errors.Server_error(Api_errors.auth_enable_failed, [msg])) + raise (Api_errors.Server_error(Api_errors.auth_enable_failed^(Auth_signature.suffix_of_tag errtag), [msg])) | e -> (* unknown failure, just-enabled plugin might be in an inconsistent state *) begin (* we rollback to the original xapi configuration *) @@ -1130,10 +1130,10 @@ (Ext_auth.d()).on_disable config; None (* OK, on_disable succeeded *) with - | Auth_signature.Auth_service_error msg as e -> + | Auth_signature.Auth_service_error (errtag,msg) as e -> begin debug "Failed while calling on_disable event of external authentication plugin in host %s: %s" host_name_label msg; - Some (Api_errors.Server_error(Api_errors.auth_disable_failed, [msg])) + Some (Api_errors.Server_error(Api_errors.auth_disable_failed^(Auth_signature.suffix_of_tag errtag), [msg])) end | e -> (*absorb any exception*) begin diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_pool.ml --- a/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000 @@ -1089,7 +1089,7 @@ then begin let errmsg = "At least two hosts in the pool have the same hostname" in debug "%s" errmsg; - raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, + raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed_duplicate_hostname, [(Ref.string_of (List.hd hosts));errmsg])) end else @@ -1152,10 +1152,10 @@ match err_of_e with | "" -> (* generic unknown exception *) raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);string_of_e])) - | "AUTH_UNKNOWN_TYPE" -> + | err_of_e when err_of_e=Api_errors.auth_unknown_type -> raise (Api_errors.Server_error(Api_errors.auth_unknown_type, [msg_of_e])) - | "AUTH_ENABLE_FAILED" -> - raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);msg_of_e])) + | err_of_e when Stringext.String.startswith Api_errors.auth_enable_failed err_of_e -> + raise (Api_errors.Server_error(Api_errors.pool_auth_prefix^err_of_e, [(Ref.string_of failed_host);msg_of_e])) | _ -> (* Api_errors.Server_error *) raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);string_of_e])) end @@ -1183,30 +1183,34 @@ try (* forward the call to the host in the pool *) call_fn_on_host ~__context (Client.Host.disable_external_auth ~config) host; (* no failed host to add to the filtered list, just visit next host *) - (host,"") + (host,"","") with | Api_errors.Server_error (err,[host_msg]) as e -> begin let msg = (Printf.sprintf "%s: %s" (Db.Host.get_name_label ~__context ~self:host) host_msg) in debug "Failed to disable the external authentication of pool in host %s" msg; (* no exception should be raised here, we want to visit every host in hosts *) - (host,msg) + (host,err,msg) end | e-> (* add failed host to the filtered list and visit next host *) let msg = (Printf.sprintf "%s: %s" (Db.Host.get_name_label ~__context ~self:host) (ExnHelper.string_of_exn e)) in debug "Failed to disable the external authentication of pool in host %s" msg; (* no exception should be raised here, we want to visit every host in hosts *) - (host,msg) + (host,"err",msg) ) hosts in - let failedhosts_list = List.filter (fun (host,msg) -> msg<>"") host_msgs_list in + let failedhosts_list = List.filter (fun (host,err,msg) -> err<>"") host_msgs_list in if (List.length failedhosts_list > 0) then begin (* FAILED *) - match List.hd failedhosts_list with (host,msg) -> + match List.hd failedhosts_list with (host,err,msg) -> debug "Failed to disable the external authentication of at least one host in the pool"; - raise (Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of host);msg])); + if Stringext.String.startswith Api_errors.auth_disable_failed err + then (* tagged exception *) + raise (Api_errors.Server_error(Api_errors.pool_auth_prefix^err, [(Ref.string_of host);msg])) + else (* generic exception *) + raise (Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of host);msg])); end else begin (* OK *) debug "The external authentication of all hosts in the pool was disabled successfully"; diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_session.ml --- a/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000 @@ -430,7 +430,7 @@ (* subject info caching problems in likewise) and closes the user's session *) let subject_suspended = (try is_subject_suspended subject_identifier - with (Auth_signature.Auth_service_error msg) -> + with (Auth_signature.Auth_service_error (errtag,msg)) -> begin debug "Failed to find if user %s (subject_id %s, from %s) is suspended: %s" uname subject_identifier (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg @@ -457,7 +457,7 @@ debug "%s" msg; thread_delay_and_raise_error uname msg end - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (errtag,msg) -> begin debug "Failed to obtain the group membership closure for user %s (subject_id %s, from %s): %s" uname subject_identifier (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg @@ -536,7 +536,7 @@ thread_delay_and_raise_error uname msg end | Auth_signature.Auth_failure msg - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (_,msg) -> begin debug "A function failed to catch this exception for user %s from %s during external authentication: %s" uname (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg 11 files changed, 105 insertions(+), 45 deletions(-) ocaml/auth/OMakefile | 4 +-- ocaml/auth/auth_signature.ml | 11 +++++++- ocaml/auth/authx.ml | 2 - ocaml/auth/extauth_plugin_ADlikewise.ml | 40 +++++++++++++++---------------- ocaml/idl/api_errors.ml | 22 +++++++++++++++-- ocaml/idl/datamodel.ml | 29 ++++++++++++++++++++++ ocaml/xapi/xapi.ml | 2 - ocaml/xapi/xapi_auth.ml | 2 - ocaml/xapi/xapi_host.ml | 8 +++--- ocaml/xapi/xapi_pool.ml | 24 ++++++++++-------- ocaml/xapi/xapi_session.ml | 6 ++--
# HG changeset patch # User Marcus Granado <[email protected]> # Date 1268143881 0 # Node ID f3605f44da34bd90b4e2cb06384f694923013e70 # Parent d7ad0f363e97e685b42fdee3a60044b2473570e0 CA-38729: split {en,dis}able extauth exceptions to simplify translations in xencenter Signed-off-by: Marcus Granado <[email protected]> diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/OMakefile --- a/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/OMakefile Tue Mar 09 14:11:21 2010 +0000 @@ -1,5 +1,5 @@ OTHER_CLIBS = -cclib -lpam -OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../xapi +OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../idl ../xapi StaticCLibrary(auth_stubs, xa_auth xa_auth_stubs) OCamlLibraryClib(pam, pam, auth_stubs) @@ -9,7 +9,7 @@ OCAML_CLIBS += auth_stubs OCamlProgram(testauth, testauth) - OCamlProgram(testauthx, testauthx authx auth_signature) + OCamlProgram(testauthx, testauthx authx auth_signature ../idl/api_errors) .PHONY: clean clean: diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/auth_signature.ml --- a/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/auth_signature.ml Tue Mar 09 14:11:21 2010 +0000 @@ -22,8 +22,17 @@ *) exception Auth_failure of string -exception Auth_service_error of string +type auth_service_error_tag = E_GENERIC|E_LOOKUP|E_DENIED|E_CREDENTIALS|E_UNAVAILABLE +exception Auth_service_error of auth_service_error_tag * string exception Subject_cannot_be_resolved + +let suffix_of_tag errtag = + match errtag with + | E_GENERIC -> "" + | E_LOOKUP -> Api_errors.auth_suffix_domain_lookup_failed + | E_DENIED -> Api_errors.auth_suffix_permission_denied + | E_CREDENTIALS -> Api_errors.auth_suffix_wrong_credentials + | E_UNAVAILABLE -> Api_errors.auth_suffix_unavailable (* required fields in subject.other_config *) let subject_information_field_subject_name = "subject-name" diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/authx.ml --- a/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/authx.ml Tue Mar 09 14:11:21 2010 +0000 @@ -45,7 +45,7 @@ with e -> begin let errmsg = Printf.sprintf "[%s]: %s" debug_cmd (Printexc.to_string e) in debug "Error executing cmd %s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) end in let output_lines = Stringext.String.split '\n' output_str in diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/extauth_plugin_ADlikewise.ml --- a/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/auth/extauth_plugin_ADlikewise.ml Tue Mar 09 14:11:21 2010 +0000 @@ -116,7 +116,7 @@ with e -> begin (* in_string is usually the password or other sensitive param, so never write it to debug or exn *) debug "Error writing to stdin for cmd %s: %s" debug_cmd (ExnHelper.string_of_exn e); - raise (Auth_signature.Auth_service_error (ExnHelper.string_of_exn e)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,ExnHelper.string_of_exn e)) end end; ) @@ -169,13 +169,13 @@ debug "Error likewise for cmd %s: %s" debug_cmd msg; (* CA-27772: return user-friendly error messages when Likewise crashes *) let msg = user_friendly_error_msg in - raise (Auth_signature.Auth_service_error msg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) | e -> (* unknown error *) begin debug "Parse_likewise error for cmd %s: %s" debug_cmd (ExnHelper.string_of_exn e); (* CA-27772: return user-friendly error messages when Likewise crashes *) let msg = user_friendly_error_msg in - raise (Auth_signature.Auth_service_error msg (*(ExnHelper.string_of_exn e)*)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg (*(ExnHelper.string_of_exn e)*))) end in @@ -201,11 +201,11 @@ | 524326 (* error joining AD domain *) | 524359 -> (* error joining AD domain *) - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) | 40118 (* lsass server not responding *) | _ -> (* general Likewise error *) - raise (Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg)) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,(Printf.sprintf "(%i) %s" code errmsg))) end end ) @@ -285,7 +285,7 @@ (* this should not have happend, likewise didn't return an SID field!! *) let msg = (Printf.sprintf "Likewise didn't return an SID field for gid %s" gid) in debug "Error likewise_get_sid_bygid for gid %s: %s" gid msg; - raise (Auth_signature.Auth_service_error msg) (* general Likewise error *) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) (* general Likewise error *) end let likewise_get_sid_byname _subject_name cmd = @@ -298,7 +298,7 @@ (* this should not have happend, likewise didn't return an SID field!! *) let msg = (Printf.sprintf "Likewise didn't return an SID field for user %s" subject_name) in debug "Error likewise_get_sid_byname for subject name %s: %s" subject_name msg; - raise (Auth_signature.Auth_service_error msg) (* general Likewise error *) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,msg)) (* general Likewise error *) end (* subject_id get_subject_identifier(string subject_name) @@ -522,7 +522,7 @@ && (List.mem_assoc "pass" config_params) ) then begin - raise (Auth_signature.Auth_service_error "enable requires two config params: user and pass.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,"enable requires two config params: user and pass.")) end else (* we have all the required parameters *) @@ -539,7 +539,7 @@ let _domain = List.assoc "domain" config_params in if service_name <> _domain then - raise (Auth_signature.Auth_service_error "if present, config:domain must match service-name.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,"if present, config:domain must match service-name.")) else service_name end @@ -562,7 +562,7 @@ begin let errmsg = (Printf.sprintf "External authentication server not available after %i query tests" max_tries) in debug "%s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_UNAVAILABLE,errmsg)) end; (* OK SUCCESS, likewise has joined the AD domain successfully *) @@ -581,25 +581,25 @@ () (* OK, return unit*) with (*ERROR, we didn't join the AD domain*) - |Auth_signature.Auth_service_error errmsg -> + |Auth_signature.Auth_service_error (errtag,errmsg) as e -> (*errors in stdout, let's bubble them up, making them as user-friendly as possible *) debug "Error enabling external authentication for domain %s and user %s: %s" domain user errmsg; if has_substr errmsg "0x9C56" (* The password is incorrect for the given username *) or has_substr errmsg "0x9C84" (* The user account is invalid *) then begin - raise (Auth_signature.Auth_service_error "The username or password is wrong.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_CREDENTIALS,"The username or password is wrong.")) end else if has_substr errmsg "(0x5)" (* Unknown error *) then begin (* this seems to be a not-enough-permission-to-join-the-domain error *) - raise (Auth_signature.Auth_service_error "Permission denied. The user has no administrator rights to join the domain.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_DENIED,"Permission denied. The user has no rights to join the domain or to modify the machine account in the Active Directory database.")) end else if has_substr errmsg "0x9CAC" (* Failed to lookup the domain controller for given domain. *) or has_substr errmsg "0x251E" (* DNS_ERROR_BAD_PACKET *) then begin (* this seems to be a wrong domain controller name error... *) - raise (Auth_signature.Auth_service_error "Failed to lookup the domain controller for given domain.") + raise (Auth_signature.Auth_service_error (Auth_signature.E_LOOKUP,"Failed to lookup the domain controller for given domain.")) end else begin (* general Likewise error *) - raise (Auth_signature.Auth_service_error errmsg) + raise e end (* unit on_disable() @@ -639,22 +639,22 @@ None (* no failure observed in likewise *) with - | Auth_signature.Auth_service_error errmsg -> + | Auth_signature.Auth_service_error (errtag,errmsg) as e -> (* errors in stdout, let's bubble them up, making them as user-friendly as possible *) debug "Internal Likewise error when disabling external authentication: %s" errmsg; if has_substr errmsg "0x9C56" (* The password is incorrect for the given username *) or has_substr errmsg "0x9C84" (* The user account is invalid *) then begin - Some (Auth_signature.Auth_service_error "The username or password is wrong.") + Some (Auth_signature.Auth_service_error (Auth_signature.E_CREDENTIALS,"The username or password was wrong and did not disable the machine account in the Active Directory database.")) end else if has_substr errmsg "0x400A" (* Unkown error *) or has_substr errmsg "(0xD)" (* ERROR_INVALID_DATA *) then begin (* this seems to be a non-admin valid user error... *) - Some (Auth_signature.Auth_service_error "Permission denied. The user has no administrator rights to disable the machine account in the Active Directory database.") + Some (Auth_signature.Auth_service_error (Auth_signature.E_DENIED,"Permission denied. The user has no rights to disable the machine account in the Active Directory database.")) end else begin (* general Likewise error *) - Some (Auth_signature.Auth_service_error errmsg) + Some e end | e -> (* unexpected error disabling likewise *) ( @@ -714,7 +714,7 @@ begin let errmsg = (Printf.sprintf "External authentication server not available after %i query tests" max_tries) in debug "%s" errmsg; - raise (Auth_signature.Auth_service_error errmsg) + raise (Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg)) end; () diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/api_errors.ml --- a/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/idl/api_errors.ml Tue Mar 09 14:11:21 2010 +0000 @@ -342,11 +342,29 @@ let auth_already_enabled = "AUTH_ALREADY_ENABLED" let auth_unknown_type = "AUTH_UNKNOWN_TYPE" let auth_is_disabled = "AUTH_IS_DISABLED" +let auth_suffix_wrong_credentials = "_WRONG_CREDENTIALS" +let auth_suffix_permission_denied = "_PERMISSION_DENIED" +let auth_suffix_domain_lookup_failed = "_DOMAIN_LOOKUP_FAILED" +let auth_suffix_unavailable = "_UNAVAILABLE" let auth_enable_failed = "AUTH_ENABLE_FAILED" +let auth_enable_failed_wrong_credentials = auth_enable_failed^auth_suffix_wrong_credentials +let auth_enable_failed_permission_denied = auth_enable_failed^auth_suffix_permission_denied +let auth_enable_failed_domain_lookup_failed = auth_enable_failed^auth_suffix_domain_lookup_failed +let auth_enable_failed_unavailable = auth_enable_failed^auth_suffix_unavailable let auth_disable_failed = "AUTH_DISABLE_FAILED" +let auth_disable_failed_wrong_credentials = auth_disable_failed^auth_suffix_wrong_credentials +let auth_disable_failed_permission_denied = auth_disable_failed^auth_suffix_permission_denied let pool_auth_already_enabled = "POOL_AUTH_ALREADY_ENABLED" -let pool_auth_enable_failed = "POOL_AUTH_ENABLE_FAILED" -let pool_auth_disable_failed = "POOL_AUTH_DISABLE_FAILED" +let pool_auth_prefix = "POOL_" +let pool_auth_enable_failed = pool_auth_prefix^auth_enable_failed +let pool_auth_enable_failed_wrong_credentials = pool_auth_enable_failed^auth_suffix_wrong_credentials +let pool_auth_enable_failed_permission_denied = pool_auth_enable_failed^auth_suffix_permission_denied +let pool_auth_enable_failed_domain_lookup_failed = pool_auth_enable_failed^auth_suffix_domain_lookup_failed +let pool_auth_enable_failed_unavailable = pool_auth_enable_failed^auth_suffix_unavailable +let pool_auth_enable_failed_duplicate_hostname = pool_auth_enable_failed^"_DUPLICATE_HOSTNAME" +let pool_auth_disable_failed = pool_auth_prefix^auth_disable_failed +let pool_auth_disable_failed_wrong_credentials = pool_auth_disable_failed^auth_suffix_wrong_credentials +let pool_auth_disable_failed_permission_denied = pool_auth_disable_failed^auth_suffix_permission_denied let subject_cannot_be_resolved = "SUBJECT_CANNOT_BE_RESOLVED" let auth_service_error = "AUTH_SERVICE_ERROR" let subject_already_exists = "SUBJECT_ALREADY_EXISTS" diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/datamodel.ml --- a/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/idl/datamodel.ml Tue Mar 09 14:11:21 2010 +0000 @@ -537,6 +537,21 @@ ~doc:"External authentication is disabled, unable to resolve subject name." (); error Api_errors.auth_enable_failed ["message"] ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_wrong_credentials ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_permission_denied ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_domain_lookup_failed ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_enable_failed_unavailable ["message"] + ~doc:"The host failed to enable external authentication." (); + error Api_errors.auth_disable_failed ["message"] + ~doc:"The host failed to disable external authentication." (); + error Api_errors.auth_disable_failed_wrong_credentials ["message"] + ~doc:"The host failed to disable external authentication." (); + error Api_errors.auth_disable_failed_permission_denied ["message"] + ~doc:"The host failed to disable external authentication." (); + (* Pool errors *) error Api_errors.pool_joining_host_cannot_contain_shared_SRs [] @@ -567,7 +582,21 @@ ~doc:"External authentication in this pool is already enabled for at least one host." (); error Api_errors.pool_auth_enable_failed ["host";"message"] ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_wrong_credentials ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_permission_denied ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_domain_lookup_failed ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_unavailable ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); + error Api_errors.pool_auth_enable_failed_duplicate_hostname ["host";"message"] + ~doc:"The pool failed to enable external authentication." (); error Api_errors.pool_auth_disable_failed ["host";"message"] + ~doc:"The pool failed to disable the external authentication of at least one host." (); + error Api_errors.pool_auth_disable_failed_wrong_credentials ["host";"message"] + ~doc:"The pool failed to disable the external authentication of at least one host." (); + error Api_errors.pool_auth_disable_failed_permission_denied ["host";"message"] ~doc:"The pool failed to disable the external authentication of at least one host." (); (* External directory service *) diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi.ml --- a/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi.ml Tue Mar 09 14:11:21 2010 +0000 @@ -680,7 +680,7 @@ ", host_external_auth_service_name="^service_name^ ", error="^ (match !last_error with None -> "timeout" | Some e -> (match e with - | Auth_signature.Auth_service_error errmsg -> errmsg (* this is the expected error msg *) + | Auth_signature.Auth_service_error (errtag,errmsg) -> errmsg (* this is the expected error msg *) | e -> (ExnHelper.string_of_exn e) (* unknown error msg *) )) ); diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_auth.ml --- a/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_auth.ml Tue Mar 09 14:11:21 2010 +0000 @@ -28,7 +28,7 @@ | Not_found | Auth_signature.Subject_cannot_be_resolved -> raise (Api_errors.Server_error(Api_errors.subject_cannot_be_resolved, [])) - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (errtag,msg) -> raise (Api_errors.Server_error(Api_errors.auth_service_error, [msg])) | e -> raise (Api_errors.Server_error(Api_errors.auth_service_error, [ExnHelper.string_of_exn e])) diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_host.ml --- a/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_host.ml Tue Mar 09 14:11:21 2010 +0000 @@ -1079,12 +1079,12 @@ debug "Failed while enabling unknown external authentication type %s for service name %s in host %s" msg service_name host_name_label; raise (Api_errors.Server_error(Api_errors.auth_unknown_type, [msg])) end - | Auth_signature.Auth_service_error msg -> (* plugin returned some error *) + | Auth_signature.Auth_service_error (errtag,msg) -> (* plugin returned some error *) (* we rollback to the original xapi configuration *) Db.Host.set_external_auth_type ~__context ~self:host ~value:current_auth_type; Db.Host.set_external_auth_service_name ~__context ~self:host ~value:current_service_name; debug "Failed while enabling external authentication type %s for service name %s in host %s" msg service_name host_name_label; - raise (Api_errors.Server_error(Api_errors.auth_enable_failed, [msg])) + raise (Api_errors.Server_error(Api_errors.auth_enable_failed^(Auth_signature.suffix_of_tag errtag), [msg])) | e -> (* unknown failure, just-enabled plugin might be in an inconsistent state *) begin (* we rollback to the original xapi configuration *) @@ -1130,10 +1130,10 @@ (Ext_auth.d()).on_disable config; None (* OK, on_disable succeeded *) with - | Auth_signature.Auth_service_error msg as e -> + | Auth_signature.Auth_service_error (errtag,msg) as e -> begin debug "Failed while calling on_disable event of external authentication plugin in host %s: %s" host_name_label msg; - Some (Api_errors.Server_error(Api_errors.auth_disable_failed, [msg])) + Some (Api_errors.Server_error(Api_errors.auth_disable_failed^(Auth_signature.suffix_of_tag errtag), [msg])) end | e -> (*absorb any exception*) begin diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_pool.ml --- a/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_pool.ml Tue Mar 09 14:11:21 2010 +0000 @@ -1089,7 +1089,7 @@ then begin let errmsg = "At least two hosts in the pool have the same hostname" in debug "%s" errmsg; - raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, + raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed_duplicate_hostname, [(Ref.string_of (List.hd hosts));errmsg])) end else @@ -1152,10 +1152,10 @@ match err_of_e with | "" -> (* generic unknown exception *) raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);string_of_e])) - | "AUTH_UNKNOWN_TYPE" -> + | err_of_e when err_of_e=Api_errors.auth_unknown_type -> raise (Api_errors.Server_error(Api_errors.auth_unknown_type, [msg_of_e])) - | "AUTH_ENABLE_FAILED" -> - raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);msg_of_e])) + | err_of_e when Stringext.String.startswith Api_errors.auth_enable_failed err_of_e -> + raise (Api_errors.Server_error(Api_errors.pool_auth_prefix^err_of_e, [(Ref.string_of failed_host);msg_of_e])) | _ -> (* Api_errors.Server_error *) raise (Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of failed_host);string_of_e])) end @@ -1183,30 +1183,34 @@ try (* forward the call to the host in the pool *) call_fn_on_host ~__context (Client.Host.disable_external_auth ~config) host; (* no failed host to add to the filtered list, just visit next host *) - (host,"") + (host,"","") with | Api_errors.Server_error (err,[host_msg]) as e -> begin let msg = (Printf.sprintf "%s: %s" (Db.Host.get_name_label ~__context ~self:host) host_msg) in debug "Failed to disable the external authentication of pool in host %s" msg; (* no exception should be raised here, we want to visit every host in hosts *) - (host,msg) + (host,err,msg) end | e-> (* add failed host to the filtered list and visit next host *) let msg = (Printf.sprintf "%s: %s" (Db.Host.get_name_label ~__context ~self:host) (ExnHelper.string_of_exn e)) in debug "Failed to disable the external authentication of pool in host %s" msg; (* no exception should be raised here, we want to visit every host in hosts *) - (host,msg) + (host,"err",msg) ) hosts in - let failedhosts_list = List.filter (fun (host,msg) -> msg<>"") host_msgs_list in + let failedhosts_list = List.filter (fun (host,err,msg) -> err<>"") host_msgs_list in if (List.length failedhosts_list > 0) then begin (* FAILED *) - match List.hd failedhosts_list with (host,msg) -> + match List.hd failedhosts_list with (host,err,msg) -> debug "Failed to disable the external authentication of at least one host in the pool"; - raise (Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of host);msg])); + if Stringext.String.startswith Api_errors.auth_disable_failed err + then (* tagged exception *) + raise (Api_errors.Server_error(Api_errors.pool_auth_prefix^err, [(Ref.string_of host);msg])) + else (* generic exception *) + raise (Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of host);msg])); end else begin (* OK *) debug "The external authentication of all hosts in the pool was disabled successfully"; diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_session.ml --- a/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000 +++ b/ocaml/xapi/xapi_session.ml Tue Mar 09 14:11:21 2010 +0000 @@ -430,7 +430,7 @@ (* subject info caching problems in likewise) and closes the user's session *) let subject_suspended = (try is_subject_suspended subject_identifier - with (Auth_signature.Auth_service_error msg) -> + with (Auth_signature.Auth_service_error (errtag,msg)) -> begin debug "Failed to find if user %s (subject_id %s, from %s) is suspended: %s" uname subject_identifier (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg @@ -457,7 +457,7 @@ debug "%s" msg; thread_delay_and_raise_error uname msg end - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (errtag,msg) -> begin debug "Failed to obtain the group membership closure for user %s (subject_id %s, from %s): %s" uname subject_identifier (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg @@ -536,7 +536,7 @@ thread_delay_and_raise_error uname msg end | Auth_signature.Auth_failure msg - | Auth_signature.Auth_service_error msg -> + | Auth_signature.Auth_service_error (_,msg) -> begin debug "A function failed to catch this exception for user %s from %s during external authentication: %s" uname (Context.get_origin __context) msg; thread_delay_and_raise_error uname msg
_______________________________________________ xen-api mailing list [email protected] http://lists.xensource.com/mailman/listinfo/xen-api
