Context Navigation

← Previous Changeset
Next Changeset →

Changeset 8877

Timestamp:

06/09/11 17:31:53 (2 years ago)

Author:

sampson

Message:

Windows client: error reporting, symbolic links fixing

Location:

branches/windows-client/src/client/windows/client-service

Files:

: 4 modified

cert.c (modified) (20 diffs)
dokan-interface.c (modified) (3 diffs)
fs.c (modified) (3 diffs)
ldap-support.c (modified) (10 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/windows-client/src/client/windows/client-service/cert.c

r8870	r8877
38	38	}
39	39
	40	#define report_cert_error(msg) _report_cert_error(msg, __func__)
	41
40	42	/* certificate error reporting */
41		static void ~~report_cert_error(char *messag~~e)
	43	static void _report_cert_error(char message, char fn_name)
42	44	{
43	45	/* debug the message */
44		DbgPrint(" %s~~\n"~~, message);
	46	DbgPrint(" %s: %s\n", fn_name, message);
45	47
46	48	/* write to Event Log */
…	…
72	74
73	75
74		static int get_proxy_auth_ex_data_~~idx(void~~)
	76	static int get_proxy_auth_ex_data_cred()
75	77	{
76	78	static volatile int idx = -1;
…	…
80	82	if (idx < 0)
81	83	{
82		idx = X509_STORE_CTX_get_ex_new_index(0,
83		"for verify callback",
84		NULL,NULL,NULL);
	84	idx = X509_STORE_CTX_get_ex_new_index(0, "credentials", NULL, NULL,
	85	NULL);
	86	}
	87	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
	88	}
	89
	90	return idx;
	91	}
	92
	93	static int get_proxy_auth_ex_data_userid()
	94	{
	95	static volatile int idx = -1;
	96	if (idx < 0)
	97	{
	98	CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE);
	99	if (idx < 0)
	100	{
	101	idx = X509_STORE_CTX_get_ex_new_index(0, "userid",
	102	NULL, NULL, NULL);
85	103	}
86	104	CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE);
…	…
144	162	static int verify_callback(int ok, X509_STORE_CTX *ctx)
145	163	{
	164	char *userid;
146	165	X509 *xs;
147	166	PROXY_CERT_INFO_EXTENSION *pci;
148	167	char *credstr;
149	168	PVFS_credentials *credentials;
	169	char error_msg[256];
150	170	int ret;
151	171
…	…
157	177	if (xs->ex_flags & EXFLAG_PROXY)
158	178	{
	179	/* get userid for error logging */
	180	userid = (char *) X509_STORE_CTX_get_ex_data(ctx,
	181	get_proxy_auth_ex_data_userid());
	182
	183	/* get credentials in {UID}/{GID} form from cert policy */
159	184	pci = (PROXY_CERT_INFO_EXTENSION *)
160	185	X509_get_ext_d2i(xs, NID_proxyCertInfo, NULL, NULL);
…	…
164	189	credstr = (char *) pci->proxyPolicy->policy->data;
165	190	credentials = (PVFS_credentials *) X509_STORE_CTX_get_ex_data(
166		ctx, get_proxy_auth_ex_data_~~idx~~());
	191	ctx, get_proxy_auth_ex_data_cred());
167	192	ret = parse_credentials(credstr, &credentials->uid,
168	193	&credentials->gid);
169	194	if (ret != 0)
170	195	{
171		DbgPrint(" verify_callback: could not parse credential string: %s\n", credstr);
	196	_snprintf(error_msg, sizeof(error_msg), "User %s: proxy "
	197	"certificate contains invalid credential policy",
	198	userid);
	199	report_cert_error(error_msg);
172	200	ok = 0;
173	201	}
…	…
175	203	else
176	204	{
177		DbgPrint(" verify_callback: could not load policy\n");
	205	_snprintf(error_msg, sizeof(error_msg), "User %s: proxy "
	206	"certificate contains no credential policy",
	207	userid);
	208	report_cert_error(error_msg);
178	209	ok = 0;
179	210	}
…	…
187	218
188	219	/* verify certificate */
189		static unsigned long verify_cert(X509 *cert,
	220	static unsigned long verify_cert(char *userid,
	221	X509 *cert,
190	222	X509 *ca_cert,
191	223	STACK_OF(X509) *chain,
…	…
196	228	int ret, verify_flag = 0;
197	229	int (save_verify_cb)(int ok, X509_STORE_CTX ctx);
	230	char error_msg[256];
198	231
199	232	/* add CA cert to trusted store */
…	…
230	263	save_verify_cb = ctx->verify_cb;
231	264	X509_STORE_CTX_set_verify_cb(ctx, verify_callback);
232		X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_idx(), credentials);
	265	X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_cred(), credentials);
	266	X509_STORE_CTX_set_ex_data(ctx, get_proxy_auth_ex_data_userid(), userid);
233	267	X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_ALLOW_PROXY_CERTS);
234	268
…	…
245	279	if (verify_flag && ret == OPENSSL_CERT_ERROR && ctx->error != 0)
246	280	{
247		DbgPrint(" verify_cert: %s\n",
	281	_snprintf(error_msg, sizeof(error_msg), "User %s: proxy certificate "
	282	"verification error: %s", userid,
248	283	X509_verify_cert_error_string(ctx->error));
	284	report_cert_error(error_msg);
249	285	}
250	286
…	…
288	324	STACK_OF(X509) *chain = NULL;
289	325	int ret;
290		unsigned long err;
291		char errstr[256];
	326	unsigned long err, err_flag = FALSE;
	327	size_t err_size;
	328	char error_msg[256], errstr[256];
292	329
293	330	DbgPrint(" get_cert_credentials: enter\n");
…	…
304	341	if ((strlen(goptions->cert_dir_prefix) + strlen(userid) + 8) > MAX_PATH)
305	342	{
306		DbgPrint(" get_cert_credentials: user %s: path to cert too long\n", userid);
	343	_snprintf(error_msg, sizeof(error_msg), "User %s: path to certificate "
	344	"too long", userid);
	345	report_cert_error(error_msg);
307	346	return -1;
308	347	}
…	…
324	363	else
325	364	{
326		DbgPrint(" get_cert_credentials: user %s: could not locate profile dir: %d\n", userid,
327		ret);
	365	_snprintf(error_msg, sizeof(error_msg), "User %s: could not locate "
	366	"profile directory: %d", userid, ret);
	367	report_cert_error(error_msg);
328	368	return ret;
329	369	}
…	…
331	371	if (strlen(cert_dir) + 7 > MAX_PATH)
332	372	{
333		DbgPrint(" get_cert_credentials: user %s: profile dir too long\n", userid);
	373	_snprintf(error_msg, sizeof(error_msg), "User %s: profile directory too "
	374	"long", userid);
	375	report_cert_error(error_msg);
334	376	return -1;
335	377	}
…	…
344	386	if (h_find == INVALID_HANDLE_VALUE)
345	387	{
346		DbgPrint(" get_cert_credentials: user %s: no certificates\n", userid);
	388	_snprintf(error_msg, sizeof(error_msg), "User %s: no certificates in %s",
	389	userid, cert_dir);
	390	report_cert_error(error_msg);
347	391	ret = -1;
348	392	goto get_cert_credentials_exit;
…	…
367	411	if (ret != 0)
368	412	{
369		DbgPrint(" get_cert_credentials: error loading cert %s: %d\n",
370		cert_path, ret);
	413	_snprintf(error_msg, sizeof(error_msg), "Error loading cert %s. See "
	414	"subsequent log messages for details", cert_path);
	415	report_cert_error(error_msg);
371	416	}
372	417	} while (ret == 0 && FindNextFile(h_find, &find_data));
…	…
377	422	if (cert == NULL)
378	423	{
379		DbgPrint(" get_cert_credentials: missing or invalid cert.0\n");
	424	_snprintf(error_msg, sizeof(error_msg), "Missing or invalid %scert.0. See "
	425	"subsequent log messages for details", cert_dir);
	426	report_cert_error(error_msg);
380	427	ret = OPENSSL_CERT_ERROR;
381	428	}
…	…
388	435	if (ret != 0)
389	436	{
390		DbgPrint(" get_cert_credentials: error loading CA cert %s: %d\n",
391		goptions->ca_path, ret);
	437	_snprintf(error_msg, sizeof(error_msg), "User %s: error loading CA "
	438	"certificate %s. See subsequent log messages for details",
	439	userid, goptions->ca_path);
	440	report_cert_error(error_msg);
392	441	goto get_cert_credentials_exit;
393	442	}
394	443
395	444	/* read and cache credentials from certificate */
396		ret = verify_cert(cert, ca_cert, chain, credentials);
	445	ret = verify_cert(userid, cert, ca_cert, chain, credentials);
397	446
398	447	if (ret == 0)
…	…
406	455	if (ret == OPENSSL_CERT_ERROR)
407	456	{
408		while ((err = ERR_get_error()) != 0)
409		{
410		ERR_error_string_n(err, errstr, 256);
411		DbgPrint(" get_cert_credentials: %s\n", errstr);
412		}
	457	_snprintf(error_msg, sizeof(error_msg), "User %s: certificate "
	458	"errors:\n", userid);
	459	err_size = 255 - strlen(error_msg);
	460	/* use err_size for remaining buffer size */
	461	while ((err = ERR_get_error()) != 0 && err_size > 0)
	462	{
	463	err_flag = TRUE;
	464	ERR_error_string_n(err, errstr, 256);
	465	strncat(error_msg, errstr, err_size);
	466	err_size = 255 - strlen(error_msg);
	467	strncat(error_msg, "\n", err_size);
	468	err_size = 255 - strlen(error_msg);
	469	}
	470	if (err_flag)
	471	report_cert_error(error_msg);
413	472	}
414	473

branches/windows-client/src/client/windows/client-service/dokan-interface.c

r8858	r8877
1200	1200	}
1201	1201
	1202	/* free attribute buffers that are allocated with fs_getattr */
	1203	#define FREE_ATTR_BUFS(attr) do { \
	1204	if (attr.dist_name != NULL) \
	1205	free(attr.dist_name); \
	1206	if (attr.dist_params != NULL) \
	1207	free(attr.dist_params); \
	1208	if (attr.link_target != NULL) \
	1209	free(attr.link_target); \
	1210	} while (0)
	1211
1202	1212
1203	1213	static int __stdcall
…	…
1229	1239
1230	1240	if (ret == 0)
1231		{
	1241	{
1232	1242	strcpy(info, " ");
1233	1243	/* convert to Windows attributes */
…	…
1284	1294	HandleFileInformation->nFileSizeLow = (attr.size & 0xFFFFFFFFLL);
1285	1295
	1296	FREE_ATTR_BUFS(attr);
1286	1297	}
1287	1298

branches/windows-client/src/client/windows/client-service/fs.c

r8870	r8877
158	158	{
159	159	struct PVFS_sys_mntent *mntent = fs_get_mntent(0);
	160	char *real_path;
160	161	PVFS_sysresp_lookup resp;
161		int ret;
162
163		ret = PVFS_sys_lookup(mntent->fs_id, fs_path, credentials, &resp,
164		TRUE, NULL);
	162	PVFS_sysresp_getattr resp_getattr;
	163	PVFS_fs_id fs_id;
	164	int ret, link_flag;
	165
	166	real_path = strdup(fs_path);
	167	do
	168	{
	169	link_flag = FALSE;
	170
	171	/* lookup the given path on the FS */
	172	ret = PVFS_sys_lookup(mntent->fs_id, real_path, credentials, &resp,
	173	FALSE, NULL);
	174	if (ret != 0)
	175	break;
	176
	177	/* check if it's a link */
	178	memset(&resp_getattr, 0, sizeof(resp_getattr));
	179	ret = PVFS_sys_getattr(resp.ref, PVFS_ATTR_SYS_LNK_TARGET, credentials,
	180	&resp_getattr, NULL);
	181	if (ret != 0)
	182	break;
	183
	184	if (resp_getattr.attr.link_target != NULL)
	185	{
	186	link_flag = TRUE;
	187	/* get file name */
	188	free(real_path);
	189	real_path = (char *) malloc(PVFS_NAME_MAX);
	190	ret = PVFS_util_resolve(resp_getattr.attr.link_target, &fs_id,
	191	real_path, PVFS_NAME_MAX);
	192	/* free attr buffer */
	193	free(resp_getattr.attr.link_target);
	194	}
	195	} while (link_flag);
	196
	197	free(real_path);
	198
165	199	if (ret == 0)
166	200	*handle = resp.ref.handle;
…	…
358	392	{
359	393	struct PVFS_sys_mntent *mntent = fs_get_mntent(0);
360		int ret;
	394	char *real_path;
	395	int ret, link_flag;
	396	PVFS_fs_id fs_id;
361	397	PVFS_sysresp_lookup resp_lookup;
362	398	PVFS_sysresp_getattr resp_getattr;
…	…
367	403
368	404	/* lookup file */
369		ret = PVFS_sys_lookup(mntent->fs_id, fs_path, credentials, &resp_lookup,
370		TRUE, NULL);
371		if (ret != 0)
372		goto fs_getattr_exit;
373
374		/* read all attributes */
375		ret = PVFS_sys_getattr(resp_lookup.ref, PVFS_ATTR_SYS_ALL_NOHINT,
	405	real_path = strdup(fs_path);
	406	do {
	407	link_flag = FALSE;
	408
	409	ret = PVFS_sys_lookup(mntent->fs_id, real_path, credentials, &resp_lookup,
	410	FALSE, NULL);
	411	if (ret != 0)
	412	break;
	413
	414	/* read all attributes */
	415	memset(&resp_getattr, 0, sizeof(resp_getattr));
	416	ret = PVFS_sys_getattr(resp_lookup.ref, PVFS_ATTR_SYS_ALL_NOHINT,
376	417	credentials, &resp_getattr, NULL);
	418	if (ret != 0)
	419	break;
	420
	421	/* get attributes for link target */
	422	if (resp_getattr.attr.link_target != NULL)
	423	{
	424	link_flag = TRUE;
	425	/* get file name */
	426	free(real_path);
	427	real_path = (char *) malloc(PVFS_NAME_MAX);
	428	ret = PVFS_util_resolve(resp_getattr.attr.link_target, &fs_id,
	429	real_path, PVFS_NAME_MAX);
	430	/* free attr buffers */
	431	free(resp_getattr.attr.link_target);
	432	if (resp_getattr.attr.dist_name != NULL)
	433	free(resp_getattr.attr.dist_name);
	434	if (resp_getattr.attr.dist_params != NULL)
	435	free(resp_getattr.attr.dist_params);
	436	}
	437	} while (link_flag);
	438
	439	free(real_path);
	440
377	441	if (ret != 0)
378	442	goto fs_getattr_exit;

branches/windows-client/src/client/windows/client-service/ldap-support.c

r8856	r8877
18	18	extern PORANGEFS_OPTIONS goptions;
19	19
	20	#define report_ldap_error(msg) _report_ldap_error(msg, __func__)
	21
	22	static void _report_ldap_error(char message, char fn_name)
	23	{
	24	/* debug the message */
	25	DbgPrint(" %s: %s\n", fn_name, message);
	26
	27	/* write to Event Log */
	28	report_error_event(message, FALSE);
	29	}
	30
20	31	/* initialize LDAP SSL */
21	32	int PVFS_ldap_init()
…	…
59	70	int version, ret = -1, bind_ret = 0;
60	71	char bind_dn, password, filter[384],
61		attrs[3], attr_name, **values;
	72	attrs[3], attr_name, **values,
	73	error_msg[256];
62	74	LDAPMessage results, entry;
63	75	BerElement *ptr;
…	…
71	83	if (ld == NULL)
72	84	{
73		DbgPrint(" get_ldap_credentials: ldapssl_init failed\n");
	85	_snprintf(error_msg, sizeof(error_msg), "User %s: could not initialize "
	86	"LDAP", userid);
	87	report_ldap_error(error_msg);
74	88	goto get_ldap_credentials_exit;
75	89	}
…	…
94	108	if (bind_ret != 0)
95	109	{
96		DbgPrint(" get_ldap_credentials: bind failed: %s (%d)\n",
97		ldap_err2string(bind_ret), bind_ret);
	110	_snprintf(error_msg, sizeof(error_msg), "User %s: could not bind to "
	111	"LDAP server: %s (%d)", userid, ldap_err2string(bind_ret), bind_ret);
	112	report_ldap_error(error_msg);
98	113	goto get_ldap_credentials_exit;
99	114	}
…	…
150	165	else
151	166	{
152		DbgPrint(" get_ldap_credentials: %s: not a number "
153		"(%s)\n", attr_name, values[0]);
	167	_snprintf(error_msg, sizeof(error_msg), "User %s: "
	168	"LDAP attribute %s: not a number (%s)", userid,
	169	attr_name, values[0]);
	170	report_ldap_error(error_msg);
154	171	ret = -1;
155	172	}
…	…
159	176	else
160	177	{
161		DbgPrint(" get_ldap_credentials: %s: no values\n", attr_name);
	178	_snprintf(error_msg, sizeof(error_msg), "User %s: no "
	179	"values for LDAP attribute %s", userid, attr_name);
	180	report_ldap_error(error_msg);
162	181	ret = -1;
163	182	}
…	…
172	191	{
173	192	ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &ret);
174		DbgPrint(" get_ldap_credentials: no entries: %s (%d)\n",
175		ldap_err2string(ret), ret);
	193	_snprintf(error_msg, sizeof(error_msg), "User %s: no LDAP "
	194	"entries", userid);
	195	report_ldap_error(error_msg);
176	196	ret = -1;
177	197	}
…	…
181	201	else
182	202	{
183		DbgPrint(" get_ldap_credentials: no results\n");
	203	_snprintf(error_msg, sizeof(error_msg), "User %s: no LDAP "
	204	"results", userid);
	205	report_ldap_error(error_msg);
184	206	ret = -1;
185	207	}
…	…
187	209	else
188	210	{
189		DbgPrint(" get_ldap_credentials: search: %s (%d)\n",
190		ldap_err2string(ret), ret);
	211	_snprintf(error_msg, sizeof(error_msg), "User %s: LDAP search error: "
	212	"%s (%d)", userid, ldap_err2string(ret), ret);
	213	report_ldap_error(error_msg);
191	214	}
192	215
…	…
196	219	if (ret == 0 && (credentials->uid == -1 \|\| credentials->gid == -1))
197	220	{
198		DbgPrint(" ldap_get_credentials: credentials not found\n");
	221	_snprintf(error_msg, sizeof(error_msg), "User %s: LDAP credentials "
	222	"not found", userid);
	223	report_ldap_error(error_msg);
199	224	ret = -1;
200	225	}

Download in other formats: