[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-API] [PATCH] CA-38729: split {en, dis}able extauth exceptions to simplify translations in xencenter



# HG changeset patch
# User Marcus Granado <marcus.granado@xxxxxxxxxx>
# Date 1268143881 0
# Node ID f3605f44da34bd90b4e2cb06384f694923013e70
# Parent  d7ad0f363e97e685b42fdee3a60044b2473570e0
CA-38729: split {en,dis}able extauth exceptions to simplify translations in 
xencenter

Signed-off-by: Marcus Granado <marcus.granado@xxxxxxxxxxxxx>

diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/OMakefile
--- a/ocaml/auth/OMakefile      Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/OMakefile      Tue Mar 09 14:11:21 2010 +0000
@@ -1,5 +1,5 @@
 OTHER_CLIBS = -cclib -lpam
-OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../xapi 
+OCAMLINCLUDES += ../autogen ../idl/ocaml_backend ../idl ../xapi 
 
 StaticCLibrary(auth_stubs, xa_auth xa_auth_stubs)
 OCamlLibraryClib(pam, pam, auth_stubs)
@@ -9,7 +9,7 @@
        OCAML_CLIBS += auth_stubs
 
        OCamlProgram(testauth, testauth)
-       OCamlProgram(testauthx, testauthx authx auth_signature)
+       OCamlProgram(testauthx, testauthx authx auth_signature 
../idl/api_errors)
 
 .PHONY: clean
 clean:
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/auth_signature.ml
--- a/ocaml/auth/auth_signature.ml      Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/auth_signature.ml      Tue Mar 09 14:11:21 2010 +0000
@@ -22,8 +22,17 @@
 *)
 
 exception Auth_failure of string
-exception Auth_service_error of string
+type auth_service_error_tag = 
E_GENERIC|E_LOOKUP|E_DENIED|E_CREDENTIALS|E_UNAVAILABLE
+exception Auth_service_error of auth_service_error_tag * string
 exception Subject_cannot_be_resolved
+
+let suffix_of_tag errtag =
+       match errtag with
+               | E_GENERIC -> ""
+               | E_LOOKUP -> Api_errors.auth_suffix_domain_lookup_failed
+               | E_DENIED -> Api_errors.auth_suffix_permission_denied
+               | E_CREDENTIALS -> Api_errors.auth_suffix_wrong_credentials
+               | E_UNAVAILABLE -> Api_errors.auth_suffix_unavailable
 
 (* required fields in subject.other_config *)
 let subject_information_field_subject_name = "subject-name"
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/authx.ml
--- a/ocaml/auth/authx.ml       Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/authx.ml       Tue Mar 09 14:11:21 2010 +0000
@@ -45,7 +45,7 @@
                with e -> begin
                        let errmsg = Printf.sprintf "[%s]: %s" debug_cmd 
(Printexc.to_string e) in
                        debug "Error executing cmd %s" errmsg;
-                       raise (Auth_signature.Auth_service_error errmsg)
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,errmsg))
                end
        in
        let output_lines = Stringext.String.split '\n' output_str in
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/auth/extauth_plugin_ADlikewise.ml
--- a/ocaml/auth/extauth_plugin_ADlikewise.ml   Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/auth/extauth_plugin_ADlikewise.ml   Tue Mar 09 14:11:21 2010 +0000
@@ -116,7 +116,7 @@
                with e -> begin
                        (* in_string is usually the password or other sensitive 
param, so never write it to debug or exn *)
                        debug "Error writing to stdin for cmd %s: %s" debug_cmd 
(ExnHelper.string_of_exn e);
-                       raise (Auth_signature.Auth_service_error 
(ExnHelper.string_of_exn e))
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,ExnHelper.string_of_exn e))
                end
                end;
          )
@@ -169,13 +169,13 @@
                        debug "Error likewise for cmd %s: %s" debug_cmd msg;
                        (* CA-27772: return user-friendly error messages when 
Likewise crashes *)
                        let msg = user_friendly_error_msg in
-                       raise (Auth_signature.Auth_service_error msg)
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,msg))
                | e -> (* unknown error *)
                begin
                        debug "Parse_likewise error for cmd %s: %s" debug_cmd 
(ExnHelper.string_of_exn e);
                        (* CA-27772: return user-friendly error messages when 
Likewise crashes *)
                        let msg = user_friendly_error_msg in
-                       raise (Auth_signature.Auth_service_error msg 
(*(ExnHelper.string_of_exn e)*))
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,msg (*(ExnHelper.string_of_exn e)*)))
                end
        in
 
@@ -201,11 +201,11 @@
 
                                | 524326    (* error joining AD domain *)
                                | 524359 -> (* error joining AD domain *)
-                                       raise 
(Auth_signature.Auth_service_error errmsg)
+                                       raise 
(Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,errmsg))
 
                                | 40118 (* lsass server not responding *)
                                | _ ->  (* general Likewise error *)
-                                       raise 
(Auth_signature.Auth_service_error (Printf.sprintf "(%i) %s" code errmsg))
+                                       raise 
(Auth_signature.Auth_service_error (Auth_signature.E_GENERIC,(Printf.sprintf 
"(%i) %s" code errmsg)))
                end
        end       
 )
@@ -285,7 +285,7 @@
                (* this should not have happend, likewise didn't return an SID 
field!! *)
                let msg = (Printf.sprintf "Likewise didn't return an SID field 
for gid %s" gid) in
                debug "Error likewise_get_sid_bygid for gid %s: %s" gid msg;
-               raise (Auth_signature.Auth_service_error msg) (* general 
Likewise error *)
+               raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,msg)) (* general Likewise error *)
        end
 
 let likewise_get_sid_byname _subject_name cmd = 
@@ -298,7 +298,7 @@
                (* this should not have happend, likewise didn't return an SID 
field!! *)
                let msg = (Printf.sprintf "Likewise didn't return an SID field 
for user %s" subject_name) in
                debug "Error likewise_get_sid_byname for subject name %s: %s" 
subject_name msg;
-               raise (Auth_signature.Auth_service_error msg) (* general 
Likewise error *)
+               raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,msg)) (* general Likewise error *)
        end
 
 (* subject_id get_subject_identifier(string subject_name)
@@ -522,7 +522,7 @@
                        && (List.mem_assoc "pass" config_params)
                ) 
        then begin
-               raise (Auth_signature.Auth_service_error "enable requires two 
config params: user and pass.")
+               raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,"enable requires two config params: user and pass."))
        end
        
        else (* we have all the required parameters *)
@@ -539,7 +539,7 @@
                        let _domain = List.assoc "domain" config_params in
                        if service_name <> _domain 
                        then 
-                               raise (Auth_signature.Auth_service_error "if 
present, config:domain must match service-name.")
+                               raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,"if present, config:domain must match service-name."))
                        else 
                                service_name
                end
@@ -562,7 +562,7 @@
                begin
                        let errmsg = (Printf.sprintf "External authentication 
server not available after %i query tests" max_tries) in
                        debug "%s" errmsg;
-                       raise (Auth_signature.Auth_service_error errmsg)
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_UNAVAILABLE,errmsg))
                end;
 
                (* OK SUCCESS, likewise has joined the AD domain successfully *)
@@ -581,25 +581,25 @@
                () (* OK, return unit*)
 
        with (*ERROR, we didn't join the AD domain*)
-       |Auth_signature.Auth_service_error errmsg ->
+       |Auth_signature.Auth_service_error (errtag,errmsg) as e ->
                (*errors in stdout, let's bubble them up, making them as 
user-friendly as possible *)
                debug "Error enabling external authentication for domain %s and 
user %s: %s" domain user errmsg;
                if has_substr errmsg "0x9C56" (* The password is incorrect for 
the given username *)
                        or has_substr errmsg "0x9C84" (* The user account is 
invalid *)
                then begin
-                       raise (Auth_signature.Auth_service_error "The username 
or password is wrong.")
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_CREDENTIALS,"The username or password is wrong."))
                end
                else if has_substr errmsg "(0x5)" (* Unknown error *)
                then begin (* this seems to be a 
not-enough-permission-to-join-the-domain error *)
-                       raise (Auth_signature.Auth_service_error "Permission 
denied. The user has no administrator rights to join the domain.")
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_DENIED,"Permission denied. The user has no rights to join the 
domain or to modify the machine account in the Active Directory database."))
                end
                else if has_substr errmsg "0x9CAC" (* Failed to lookup the 
domain controller for given domain. *)
                        or has_substr errmsg "0x251E" (* DNS_ERROR_BAD_PACKET *)
                then begin (* this seems to be a wrong domain controller name 
error... *)
-                       raise (Auth_signature.Auth_service_error "Failed to 
lookup the domain controller for given domain.")
+                       raise (Auth_signature.Auth_service_error 
(Auth_signature.E_LOOKUP,"Failed to lookup the domain controller for given 
domain."))
                end
                else begin (* general Likewise error *)
-                       raise (Auth_signature.Auth_service_error errmsg) 
+                       raise e
                end
 
 (* unit on_disable()
@@ -639,22 +639,22 @@
                None (* no failure observed in likewise *)
 
        with 
-       | Auth_signature.Auth_service_error errmsg ->
+       | Auth_signature.Auth_service_error (errtag,errmsg) as e ->
                (* errors in stdout, let's bubble them up, making them as 
user-friendly as possible *)
                debug "Internal Likewise error when disabling external 
authentication: %s" errmsg;
 
     if has_substr errmsg "0x9C56" (* The password is incorrect for the given 
username *)
       or has_substr errmsg "0x9C84" (* The user account is invalid *)
     then begin
-                       Some (Auth_signature.Auth_service_error "The username 
or password is wrong.")
+                       Some (Auth_signature.Auth_service_error 
(Auth_signature.E_CREDENTIALS,"The username or password was wrong and did not 
disable the machine account in the Active Directory database."))
                end
                else if has_substr errmsg "0x400A" (* Unkown error *)
                        or has_substr errmsg "(0xD)" (* ERROR_INVALID_DATA *)
                then begin (* this seems to be a non-admin valid user error... 
*)
-                       Some (Auth_signature.Auth_service_error "Permission 
denied. The user has no administrator rights to disable the machine account in 
the Active Directory database.")
+                       Some (Auth_signature.Auth_service_error 
(Auth_signature.E_DENIED,"Permission denied. The user has no rights to disable 
the machine account in the Active Directory database."))
                end
                else begin (* general Likewise error *)
-                       Some (Auth_signature.Auth_service_error errmsg) 
+                       Some e
                end
        | e -> (* unexpected error disabling likewise *)
                ( 
@@ -714,7 +714,7 @@
        begin
                let errmsg = (Printf.sprintf "External authentication server 
not available after %i query tests" max_tries) in
                debug "%s" errmsg;
-               raise (Auth_signature.Auth_service_error errmsg)
+               raise (Auth_signature.Auth_service_error 
(Auth_signature.E_GENERIC,errmsg))
        end;
        ()
 
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/api_errors.ml
--- a/ocaml/idl/api_errors.ml   Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/idl/api_errors.ml   Tue Mar 09 14:11:21 2010 +0000
@@ -342,11 +342,29 @@
 let auth_already_enabled = "AUTH_ALREADY_ENABLED"
 let auth_unknown_type = "AUTH_UNKNOWN_TYPE"
 let auth_is_disabled = "AUTH_IS_DISABLED"
+let auth_suffix_wrong_credentials = "_WRONG_CREDENTIALS"
+let auth_suffix_permission_denied = "_PERMISSION_DENIED"
+let auth_suffix_domain_lookup_failed = "_DOMAIN_LOOKUP_FAILED"
+let auth_suffix_unavailable = "_UNAVAILABLE"
 let auth_enable_failed = "AUTH_ENABLE_FAILED"
+let auth_enable_failed_wrong_credentials = 
auth_enable_failed^auth_suffix_wrong_credentials
+let auth_enable_failed_permission_denied = 
auth_enable_failed^auth_suffix_permission_denied
+let auth_enable_failed_domain_lookup_failed = 
auth_enable_failed^auth_suffix_domain_lookup_failed
+let auth_enable_failed_unavailable = auth_enable_failed^auth_suffix_unavailable
 let auth_disable_failed = "AUTH_DISABLE_FAILED"
+let auth_disable_failed_wrong_credentials = 
auth_disable_failed^auth_suffix_wrong_credentials
+let auth_disable_failed_permission_denied = 
auth_disable_failed^auth_suffix_permission_denied
 let pool_auth_already_enabled = "POOL_AUTH_ALREADY_ENABLED"
-let pool_auth_enable_failed = "POOL_AUTH_ENABLE_FAILED"
-let pool_auth_disable_failed = "POOL_AUTH_DISABLE_FAILED"
+let pool_auth_prefix = "POOL_"
+let pool_auth_enable_failed = pool_auth_prefix^auth_enable_failed
+let pool_auth_enable_failed_wrong_credentials = 
pool_auth_enable_failed^auth_suffix_wrong_credentials
+let pool_auth_enable_failed_permission_denied = 
pool_auth_enable_failed^auth_suffix_permission_denied
+let pool_auth_enable_failed_domain_lookup_failed = 
pool_auth_enable_failed^auth_suffix_domain_lookup_failed
+let pool_auth_enable_failed_unavailable = 
pool_auth_enable_failed^auth_suffix_unavailable
+let pool_auth_enable_failed_duplicate_hostname = 
pool_auth_enable_failed^"_DUPLICATE_HOSTNAME"
+let pool_auth_disable_failed = pool_auth_prefix^auth_disable_failed
+let pool_auth_disable_failed_wrong_credentials = 
pool_auth_disable_failed^auth_suffix_wrong_credentials
+let pool_auth_disable_failed_permission_denied = 
pool_auth_disable_failed^auth_suffix_permission_denied
 let subject_cannot_be_resolved = "SUBJECT_CANNOT_BE_RESOLVED"
 let auth_service_error = "AUTH_SERVICE_ERROR"
 let subject_already_exists = "SUBJECT_ALREADY_EXISTS"
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/idl/datamodel.ml
--- a/ocaml/idl/datamodel.ml    Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/idl/datamodel.ml    Tue Mar 09 14:11:21 2010 +0000
@@ -537,6 +537,21 @@
     ~doc:"External authentication is disabled, unable to resolve subject 
name." ();
   error Api_errors.auth_enable_failed ["message"]
     ~doc:"The host failed to enable external authentication." ();
+  error Api_errors.auth_enable_failed_wrong_credentials ["message"]
+    ~doc:"The host failed to enable external authentication." ();
+  error Api_errors.auth_enable_failed_permission_denied ["message"]
+    ~doc:"The host failed to enable external authentication." ();
+  error Api_errors.auth_enable_failed_domain_lookup_failed ["message"]
+    ~doc:"The host failed to enable external authentication." ();
+  error Api_errors.auth_enable_failed_unavailable ["message"]
+    ~doc:"The host failed to enable external authentication." ();
+  error Api_errors.auth_disable_failed ["message"]
+    ~doc:"The host failed to disable external authentication." ();
+  error Api_errors.auth_disable_failed_wrong_credentials ["message"]
+    ~doc:"The host failed to disable external authentication." ();
+  error Api_errors.auth_disable_failed_permission_denied ["message"]
+    ~doc:"The host failed to disable external authentication." ();
+
 
   (* Pool errors *)
   error Api_errors.pool_joining_host_cannot_contain_shared_SRs []
@@ -567,7 +582,21 @@
     ~doc:"External authentication in this pool is already enabled for at least 
one host." ();
   error Api_errors.pool_auth_enable_failed ["host";"message"]
     ~doc:"The pool failed to enable external authentication." ();
+  error Api_errors.pool_auth_enable_failed_wrong_credentials ["host";"message"]
+    ~doc:"The pool failed to enable external authentication." ();
+  error Api_errors.pool_auth_enable_failed_permission_denied ["host";"message"]
+    ~doc:"The pool failed to enable external authentication." ();
+  error Api_errors.pool_auth_enable_failed_domain_lookup_failed 
["host";"message"]
+    ~doc:"The pool failed to enable external authentication." ();
+  error Api_errors.pool_auth_enable_failed_unavailable ["host";"message"]
+    ~doc:"The pool failed to enable external authentication." ();
+  error Api_errors.pool_auth_enable_failed_duplicate_hostname 
["host";"message"]
+    ~doc:"The pool failed to enable external authentication." ();
   error Api_errors.pool_auth_disable_failed ["host";"message"]
+    ~doc:"The pool failed to disable the external authentication of at least 
one host." ();
+  error Api_errors.pool_auth_disable_failed_wrong_credentials 
["host";"message"]
+    ~doc:"The pool failed to disable the external authentication of at least 
one host." ();
+  error Api_errors.pool_auth_disable_failed_permission_denied 
["host";"message"]
     ~doc:"The pool failed to disable the external authentication of at least 
one host." ();
 
   (* External directory service *)
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi.ml
--- a/ocaml/xapi/xapi.ml        Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi.ml        Tue Mar 09 14:11:21 2010 +0000
@@ -680,7 +680,7 @@
                 ", host_external_auth_service_name="^service_name^
                 ", error="^ (match !last_error with None -> "timeout" | Some e 
->
                 (match e with 
-                  | Auth_signature.Auth_service_error errmsg -> errmsg (* this 
is the expected error msg *)
+                  | Auth_signature.Auth_service_error (errtag,errmsg) -> 
errmsg (* this is the expected error msg *)
                   | e ->  (ExnHelper.string_of_exn e) (* unknown error msg *)
                 ))
             );
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_auth.ml
--- a/ocaml/xapi/xapi_auth.ml   Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_auth.ml   Tue Mar 09 14:11:21 2010 +0000
@@ -28,7 +28,7 @@
                | Not_found 
                | Auth_signature.Subject_cannot_be_resolved ->
                        raise 
(Api_errors.Server_error(Api_errors.subject_cannot_be_resolved, []))
-               | Auth_signature.Auth_service_error msg ->
+               | Auth_signature.Auth_service_error (errtag,msg) ->
                        raise 
(Api_errors.Server_error(Api_errors.auth_service_error, [msg]))
                | e -> 
                        raise 
(Api_errors.Server_error(Api_errors.auth_service_error, 
[ExnHelper.string_of_exn e]))
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_host.ml
--- a/ocaml/xapi/xapi_host.ml   Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_host.ml   Tue Mar 09 14:11:21 2010 +0000
@@ -1079,12 +1079,12 @@
                                debug "Failed while enabling unknown external 
authentication type %s for service name %s in host %s" msg service_name 
host_name_label;
                                raise 
(Api_errors.Server_error(Api_errors.auth_unknown_type, [msg]))
                        end
-               | Auth_signature.Auth_service_error msg -> (* plugin returned 
some error *)
+               | Auth_signature.Auth_service_error (errtag,msg) -> (* plugin 
returned some error *)
                                (* we rollback to the original xapi 
configuration *)
                                Db.Host.set_external_auth_type ~__context 
~self:host ~value:current_auth_type;
                                Db.Host.set_external_auth_service_name 
~__context ~self:host ~value:current_service_name;
                                debug "Failed while enabling external 
authentication type %s for service name %s in host %s" msg service_name 
host_name_label;
-                       raise 
(Api_errors.Server_error(Api_errors.auth_enable_failed, [msg]))
+                       raise 
(Api_errors.Server_error(Api_errors.auth_enable_failed^(Auth_signature.suffix_of_tag
 errtag), [msg]))
                | e -> (* unknown failure, just-enabled plugin might be in an 
inconsistent state *)
                        begin
                                (* we rollback to the original xapi 
configuration *)
@@ -1130,10 +1130,10 @@
                        (Ext_auth.d()).on_disable config;
                        None (* OK, on_disable succeeded *)
                with 
-               | Auth_signature.Auth_service_error msg as e ->
+               | Auth_signature.Auth_service_error (errtag,msg) as e ->
                        begin
                                debug "Failed while calling on_disable event of 
external authentication plugin in host %s: %s" host_name_label msg;
-                               Some 
(Api_errors.Server_error(Api_errors.auth_disable_failed, [msg]))
+                               Some 
(Api_errors.Server_error(Api_errors.auth_disable_failed^(Auth_signature.suffix_of_tag
 errtag), [msg]))
                        end
                | e -> (*absorb any exception*)
                        begin
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_pool.ml
--- a/ocaml/xapi/xapi_pool.ml   Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_pool.ml   Tue Mar 09 14:11:21 2010 +0000
@@ -1089,7 +1089,7 @@
        then begin
                let errmsg = "At least two hosts in the pool have the same 
hostname" in
                debug "%s" errmsg;
-               raise 
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed,
+               raise 
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed_duplicate_hostname,
                        [(Ref.string_of (List.hd hosts));errmsg]))
        end
        else
@@ -1152,10 +1152,10 @@
                match err_of_e with 
                        | "" -> (* generic unknown exception *)
                                raise 
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of 
failed_host);string_of_e]))
-                       | "AUTH_UNKNOWN_TYPE" ->
+                       | err_of_e when err_of_e=Api_errors.auth_unknown_type ->
                                raise 
(Api_errors.Server_error(Api_errors.auth_unknown_type, [msg_of_e]))
-                       | "AUTH_ENABLE_FAILED" ->
-                               raise 
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of 
failed_host);msg_of_e]))
+                       | err_of_e when Stringext.String.startswith 
Api_errors.auth_enable_failed err_of_e ->
+                               raise 
(Api_errors.Server_error(Api_errors.pool_auth_prefix^err_of_e, [(Ref.string_of 
failed_host);msg_of_e]))
                        | _ -> (* Api_errors.Server_error *)
                                raise 
(Api_errors.Server_error(Api_errors.pool_auth_enable_failed, [(Ref.string_of 
failed_host);string_of_e]))
        end
@@ -1183,30 +1183,34 @@
                        try     (* forward the call to the host in the pool *)
                                call_fn_on_host ~__context 
(Client.Host.disable_external_auth ~config) host;
                                (* no failed host to add to the filtered list, 
just visit next host *)
-                               (host,"")
+                               (host,"","")
                        with 
                        | Api_errors.Server_error (err,[host_msg]) as e -> begin
                                let msg = (Printf.sprintf "%s: %s" 
                                        (Db.Host.get_name_label ~__context 
~self:host) host_msg) in
                                debug "Failed to disable the external 
authentication of pool in host %s" msg;
                                (* no exception should be raised here, we want 
to visit every host in hosts *)
-                               (host,msg)
+                               (host,err,msg)
                                end
                        | e-> (* add failed host to the filtered list and visit 
next host *)
                                let msg = (Printf.sprintf "%s: %s" 
                                        (Db.Host.get_name_label ~__context 
~self:host) (ExnHelper.string_of_exn e)) in
                                debug "Failed to disable the external 
authentication of pool in host %s" msg;
                                (* no exception should be raised here, we want 
to visit every host in hosts *)
-                               (host,msg)
+                               (host,"err",msg)
                        ) 
                hosts
        in
-       let failedhosts_list = List.filter (fun (host,msg) -> msg<>"") 
host_msgs_list in 
+       let failedhosts_list = List.filter (fun (host,err,msg) -> err<>"") 
host_msgs_list in 
        if (List.length failedhosts_list > 0)
        then begin (* FAILED *)
-               match List.hd failedhosts_list with (host,msg) ->
+               match List.hd failedhosts_list with (host,err,msg) ->
                debug "Failed to disable the external authentication of at 
least one host in the pool";
-               raise 
(Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of 
host);msg]));
+               if Stringext.String.startswith Api_errors.auth_disable_failed 
err
+               then (* tagged exception *)
+                       raise 
(Api_errors.Server_error(Api_errors.pool_auth_prefix^err, [(Ref.string_of 
host);msg]))
+               else (* generic exception *)
+                       raise 
(Api_errors.Server_error(Api_errors.pool_auth_disable_failed, [(Ref.string_of 
host);msg]));
        end
        else begin (* OK *)
                debug "The external authentication of all hosts in the pool was 
disabled successfully";
diff -r d7ad0f363e97 -r f3605f44da34 ocaml/xapi/xapi_session.ml
--- a/ocaml/xapi/xapi_session.ml        Tue Mar 09 14:11:21 2010 +0000
+++ b/ocaml/xapi/xapi_session.ml        Tue Mar 09 14:11:21 2010 +0000
@@ -430,7 +430,7 @@
                                        (* subject info caching problems in 
likewise) and closes the user's session *)
                                        let subject_suspended = (try
                                                is_subject_suspended 
subject_identifier
-                                       with (Auth_signature.Auth_service_error 
msg) ->
+                                       with (Auth_signature.Auth_service_error 
(errtag,msg)) ->
                                                begin
                                                        debug "Failed to find 
if user %s (subject_id %s, from %s) is suspended: %s" uname subject_identifier 
(Context.get_origin __context) msg;
                                                        
thread_delay_and_raise_error uname msg
@@ -457,7 +457,7 @@
                                                                debug "%s" msg;
                                                                
thread_delay_and_raise_error uname msg
                                                        end
-                                               | 
Auth_signature.Auth_service_error msg ->
+                                               | 
Auth_signature.Auth_service_error (errtag,msg) ->
                                                        begin
                                                                debug "Failed 
to obtain the group membership closure for user %s (subject_id %s, from %s): 
%s" uname subject_identifier (Context.get_origin __context) msg;
                                                                
thread_delay_and_raise_error uname msg
@@ -536,7 +536,7 @@
                                                        
thread_delay_and_raise_error uname msg
                                                end
                                        | Auth_signature.Auth_failure msg 
-                                       | Auth_signature.Auth_service_error msg 
->
+                                       | Auth_signature.Auth_service_error 
(_,msg) ->
                                                begin
                                                        debug "A function 
failed to catch this exception for user %s from %s during external 
authentication: %s" uname (Context.get_origin __context) msg;
                                                        
thread_delay_and_raise_error uname msg
11 files changed, 105 insertions(+), 45 deletions(-)
ocaml/auth/OMakefile                    |    4 +--
ocaml/auth/auth_signature.ml            |   11 +++++++-
ocaml/auth/authx.ml                     |    2 -
ocaml/auth/extauth_plugin_ADlikewise.ml |   40 +++++++++++++++----------------
ocaml/idl/api_errors.ml                 |   22 +++++++++++++++--
ocaml/idl/datamodel.ml                  |   29 ++++++++++++++++++++++
ocaml/xapi/xapi.ml                      |    2 -
ocaml/xapi/xapi_auth.ml                 |    2 -
ocaml/xapi/xapi_host.ml                 |    8 +++---
ocaml/xapi/xapi_pool.ml                 |   24 ++++++++++--------
ocaml/xapi/xapi_session.ml              |    6 ++--


Attachment: xen-api.hg.patch
Description: Text Data

_______________________________________________
xen-api mailing list
xen-api@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/mailman/listinfo/xen-api

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.