diff options
author | Parth Chandra <parthc@apache.org> | 2017-10-13 11:00:31 -0700 |
---|---|---|
committer | Parth Chandra <parthc@apache.org> | 2017-10-20 16:52:34 -0700 |
commit | d2e3dd95a55ffadc0ac2f1e90c4ba6fd43346d8b (patch) | |
tree | 23361c422db827960d73fba97eff8dfec027d231 /contrib | |
parent | a447dc5ec732b95c035761bc3b056acbaf4f7da1 (diff) |
DRILL-5873: (C++ Client) Improve SASL error reporting.
This closes #992
Diffstat (limited to 'contrib')
4 files changed, 32 insertions, 6 deletions
diff --git a/contrib/native/client/src/clientlib/drillClientImpl.cpp b/contrib/native/client/src/clientlib/drillClientImpl.cpp index 9fdd72547..4a915a4bd 100644 --- a/contrib/native/client/src/clientlib/drillClientImpl.cpp +++ b/contrib/native/client/src/clientlib/drillClientImpl.cpp @@ -675,8 +675,11 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti // Check the negotiated SSF value and change the handlers. if(m_encryptionCtxt.isEncryptionReqd()) { if(SASL_OK != m_saslAuthenticator->verifyAndUpdateSaslProps()) { - logMsg << m_encryptionCtxt << "]. Negotiated Parameter is invalid." - << " Error: " << m_saslResultCode; + logMsg << m_encryptionCtxt + << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName() + << ", Error: " << m_saslResultCode + << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode); + logMsg << "]. Negotiated Parameter is invalid."; DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;) return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str()); } @@ -696,11 +699,14 @@ connectionStatus_t DrillClientImpl::handleAuthentication(const DrillUserProperti m_io_service.reset(); return CONN_SUCCESS; } else { - logMsg << m_encryptionCtxt << ", Error: " << m_saslResultCode; + logMsg << m_encryptionCtxt + << ", Mechanism: " << m_saslAuthenticator->getAuthMechanismName() + << ", Error: " << m_saslResultCode + << ", Cause: " << m_saslAuthenticator->getErrorMessage(m_saslResultCode); + logMsg << "]. Check connection parameters?"; DRILL_MT_LOG(DRILL_LOG(LOG_DEBUG) << logMsg.str() << std::endl;) // shuts down socket as well - logMsg << "]. Check connection parameters?"; return handleConnError(CONN_AUTH_FAILED, logMsg.str().c_str()); } } diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp index 9057a372f..c03cb6c0b 100644 --- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp +++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.cpp @@ -147,6 +147,7 @@ int SaslAuthenticatorImpl::init(const std::vector<std::string>& mechanisms, exec } // clientNeedsAuthentication() cannot be false if the code above picks an authMechanism assert (authMechanismToUse.empty() || DrillClientImpl::clientNeedsAuthentication(m_pUserProperties)); + m_authMechanismName = authMechanismToUse; if (authMechanismToUse.empty()) return SASL_NOMECH; // check if requested mechanism is supported by server @@ -318,5 +319,17 @@ int SaslAuthenticatorImpl::unwrap(const char* dataToUnWrap, const int& dataToUnW return sasl_decode(m_pConnection, dataToUnWrap, dataToUnWrapLen, output, &unWrappedLen); } +const char* SaslAuthenticatorImpl::getErrorMessage(int errorCode) { + switch (errorCode) { + case SASL_NOMECH: + return "No mechanism found that meets requested properties "; + default: + return sasl_errdetail(m_pConnection); + } +} + + const std::string &SaslAuthenticatorImpl::getAuthMechanismName() const { + return m_authMechanismName; + } } /* namespace Drill */ diff --git a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp index cc5bb1732..bf61e9dc8 100644 --- a/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp +++ b/contrib/native/client/src/clientlib/saslAuthenticatorImpl.hpp @@ -55,6 +55,10 @@ public: int unwrap(const char* dataToUnWrap, const int& dataToUnWrapLen, const char** output, uint32_t& unWrappedLen); + const std::string &getAuthMechanismName() const; + + const char *getErrorMessage(int errorCode); + private: static const std::map<std::string, std::string> MECHANISM_MAPPING; @@ -67,11 +71,14 @@ private: std::string m_username; sasl_secret_t *m_ppwdSecret; EncryptionContext *m_pEncryptCtxt; + std::string m_authMechanismName; // used for debugging/error messages +private: static int passwordCallback(sasl_conn_t *conn, void *context, int id, sasl_secret_t **psecret); static int userNameCallback(void *context, int id, const char **result, unsigned int *len); + void setSecurityProps() const; }; diff --git a/contrib/native/client/src/clientlib/utils.cpp b/contrib/native/client/src/clientlib/utils.cpp index 137be6521..ff9729c60 100644 --- a/contrib/native/client/src/clientlib/utils.cpp +++ b/contrib/native/client/src/clientlib/utils.cpp @@ -156,8 +156,8 @@ void EncryptionContext::reset() { std::ostream& operator<<(std::ostream &contextStream, const EncryptionContext& context) { contextStream << " Encryption: " << (context.isEncryptionReqd() ? "enabled" : "disabled"); - contextStream << " ,MaxWrappedSize: " << context.getMaxWrappedSize(); - contextStream << " ,WrapSizeLimit: " << context.getWrapSizeLimit(); + contextStream << ", MaxWrappedSize: " << context.getMaxWrappedSize(); + contextStream << ", WrapSizeLimit: " << context.getWrapSizeLimit(); return contextStream; } |