DRILL-5873: (C++ Client) Improve SASL error reporting.

This closes #992

4 files changed, 32 insertions, 6 deletions

diff --git a/contrib/native/client/src/clientlib/drillClientImpl.cpp b/contrib/native/client/src/clientlib/drillClientImpl.cpp
index 9fdd72547..4a915a4bd 100644
--- a/contrib/native/client/src/clientlib/drillClientImpl.cpp
+++ b/contrib/native/client/src/clientlib/drillClientImpl.cpp
@@ -675,8 +675,11 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti
         // Check the negotiated SSF value and change the handlers.
         if(m_encryptionCtxt.isEncryptionReqd()) {
             if(SASL_OK != m_saslAuthenticator->verifyAndUpdateSaslProps()) {
-                logMsg << m_encryptionCtxt << "]. Negotiated Parameter is invalid."
-                       << " Error: " << m_saslResultCode;
+                logMsg << m_encryptionCtxt
+                       << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName()
+                       << ", Error: " << m_saslResultCode
+                       << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode);
+                logMsg << "]. Negotiated Parameter is invalid.";
                 DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;)
                 return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str());
             }
@@ -696,11 +699,14 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti
         m_io_service.reset();
         return CONN_SUCCESS;
     } else {
-        logMsg << m_encryptionCtxt << ", Error: " << m_saslResultCode;
+        logMsg << m_encryptionCtxt
+               << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName()
+               << ", Error: " << m_saslResultCode
+               << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode);
+        logMsg << "]. Check connection parameters?";
         DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;)
 
         // shuts down socket as well
-        logMsg << "]. Check connection parameters?";
         return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str());
     }
 }
diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp
index 9057a372f..c03cb6c0b 100644
--- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp
+++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp
@@ -147,6 +147,7 @@ int SaslAuthenticatorImpl::init(const std::vector<std::string>& mechanisms, exec
     }
     // clientNeedsAuthentication() cannot be false if the code above picks an authMechanism
     assert (authMechanismToUse.empty() || DrillClientImpl::clientNeedsAuthentication(m_pUserProperties));
+    m_authMechanismName = authMechanismToUse;
     if (authMechanismToUse.empty()) return SASL_NOMECH;
 
     // check if requested mechanism is supported by server
@@ -318,5 +319,17 @@ int SaslAuthenticatorImpl::unwrap(const char* dataToUnWrap, const int& dataToUnW
     return sasl_decode(m_pConnection, dataToUnWrap, dataToUnWrapLen, output, &unWrappedLen);
 }
 
+const char* SaslAuthenticatorImpl::getErrorMessage(int errorCode) {
+    switch (errorCode) {
+        case SASL_NOMECH:
+            return "No mechanism found that meets requested properties ";
+        default:
+            return sasl_errdetail(m_pConnection);
+    }
+}
+
+    const std::string &SaslAuthenticatorImpl::getAuthMechanismName() const {
+        return m_authMechanismName;
+    }
 
 } /* namespace Drill */
diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp
index cc5bb1732..bf61e9dc8 100644
--- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp
+++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp
@@ -55,6 +55,10 @@ public:
 
     int unwrap(const char* dataToUnWrap, const int& dataToUnWrapLen, const char** output, uint32_t& unWrappedLen);
 
+    const std::string &getAuthMechanismName() const;
+
+    const char *getErrorMessage(int errorCode);
+
 private:
 
     static const std::map<std::string, std::string> MECHANISM_MAPPING;
@@ -67,11 +71,14 @@ private:
     std::string m_username;
     sasl_secret_t *m_ppwdSecret;
     EncryptionContext *m_pEncryptCtxt;
+    std::string m_authMechanismName; // used for debugging/error messages
 
+private:
     static int passwordCallback(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret);
 
     static int userNameCallback(void *context, int id, const char **result, unsigned int *len);
 
+
     void setSecurityProps() const;
 };
 
diff --git a/contrib/native/client/src/clientlib/utils.cpp b/contrib/native/client/src/clientlib/utils.cpp
index 137be6521..ff9729c60 100644
--- a/contrib/native/client/src/clientlib/utils.cpp
+++ b/contrib/native/client/src/clientlib/utils.cpp
@@ -156,8 +156,8 @@ void EncryptionContext::reset() {
 
 std::ostream& operator<<(std::ostream &contextStream, const EncryptionContext& context) {
     contextStream << " Encryption: " << (context.isEncryptionReqd() ? "enabled" : "disabled");
-    contextStream << " ,MaxWrappedSize: " << context.getMaxWrappedSize();
-    contextStream << " ,WrapSizeLimit: " << context.getWrapSizeLimit();
+    contextStream << ", MaxWrappedSize: " << context.getMaxWrappedSize();
+    contextStream << ", WrapSizeLimit: " << context.getWrapSizeLimit();
     return contextStream;
 }