Fix #80 LDAP connection failures are silently swallowed

main
Jean-Baptiste Quenot 10 years ago
parent 0d6ba9a12e
commit bd58ee3c75
  1. 24
      ngx_http_auth_ldap_module.c

@ -1171,14 +1171,14 @@ ngx_http_auth_ldap_connection_established(ngx_http_auth_ldap_connection_t *c)
rc = ldap_init_fd(c->conn.connection->fd, LDAP_PROTO_EXT, (const char *) c->server->url.data, &c->ld); rc = ldap_init_fd(c->conn.connection->fd, LDAP_PROTO_EXT, (const char *) c->server->url.data, &c->ld);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, c->log, errno, "http_auth_ldap: ldap_init_fd() failed (%d: %s)", rc, ldap_err2string(rc)); ngx_log_error(NGX_LOG_ERR, c->log, errno, "http_auth_ldap: ldap_init_fd() failed (%d: %s)", rc, ldap_err2string(rc));
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
} }
rc = ldap_get_option(c->ld, LDAP_OPT_SOCKBUF, (void *) &sb); rc = ldap_get_option(c->ld, LDAP_OPT_SOCKBUF, (void *) &sb);
if (rc != LDAP_OPT_SUCCESS) { if (rc != LDAP_OPT_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: ldap_get_option() failed (%d: %s)", rc, ldap_err2string(rc)); ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_get_option() failed (%d: %s)", rc, ldap_err2string(rc));
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
} }
@ -1194,7 +1194,7 @@ ngx_http_auth_ldap_connection_established(ngx_http_auth_ldap_connection_t *c)
cred.bv_len = c->server->bind_dn_passwd.len; cred.bv_len = c->server->bind_dn_passwd.len;
rc = ldap_sasl_bind(c->ld, (const char *) c->server->bind_dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &c->msgid); rc = ldap_sasl_bind(c->ld, (const char *) c->server->bind_dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &c->msgid);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
@ -1221,7 +1221,7 @@ ngx_http_auth_ldap_ssl_handshake_handler(ngx_connection_t *conn)
return; return;
} }
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: SSL handshake failed"); ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: SSL handshake failed");
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
} }
@ -1233,7 +1233,7 @@ ngx_http_auth_ldap_ssl_handshake(ngx_http_auth_ldap_connection_t *c)
c->conn.connection->pool = c->pool; c->conn.connection->pool = c->pool;
rc = ngx_ssl_create_connection(c->ssl, c->conn.connection, NGX_SSL_BUFFER | NGX_SSL_CLIENT); rc = ngx_ssl_create_connection(c->ssl, c->conn.connection, NGX_SSL_BUFFER | NGX_SSL_CLIENT);
if (rc != NGX_OK) { if (rc != NGX_OK) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: SSL initialization failed"); ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: SSL initialization failed");
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
} }
@ -1302,13 +1302,13 @@ ngx_http_auth_ldap_read_handler(ngx_event_t *rev)
c = conn->data; c = conn->data;
if (c->ld == NULL) { if (c->ld == NULL) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: Could not connect"); ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: Could not connect");
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
} }
if (rev->timedout) { if (rev->timedout) {
ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "http_auth_ldap: Request timed out (state=%d)", c->state); ngx_log_error(NGX_LOG_ERR, c->log, NGX_ETIMEDOUT, "http_auth_ldap: Request timed out (state=%d)", c->state);
conn->timedout = 1; conn->timedout = 1;
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
@ -1319,7 +1319,7 @@ ngx_http_auth_ldap_read_handler(ngx_event_t *rev)
for (;;) { for (;;) {
rc = ldap_result(c->ld, LDAP_RES_ANY, 0, &timeout, &result); rc = ldap_result(c->ld, LDAP_RES_ANY, 0, &timeout, &result);
if (rc < 0) { if (rc < 0) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: ldap_result() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_result() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
return; return;
@ -1342,7 +1342,7 @@ ngx_http_auth_ldap_read_handler(ngx_event_t *rev)
error_code = LDAP_NO_RESULTS_RETURNED; error_code = LDAP_NO_RESULTS_RETURNED;
error_msg = NULL; error_msg = NULL;
} else if (rc != LDAP_SUCCESS) { } else if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: ldap_parse_result() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: ldap_parse_result() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ldap_msgfree(result); ldap_msgfree(result);
ngx_http_auth_ldap_close_connection(c); ngx_http_auth_ldap_close_connection(c);
@ -1360,7 +1360,7 @@ ngx_http_auth_ldap_read_handler(ngx_event_t *rev)
c->state = STATE_READY; c->state = STATE_READY;
ngx_http_auth_ldap_return_connection(c); ngx_http_auth_ldap_return_connection(c);
} else { } else {
ngx_log_error(NGX_LOG_INFO, c->log, 0, "http_auth_ldap: Initial bind failed (%d: %s [%s])", ngx_log_error(NGX_LOG_ERR, c->log, 0, "http_auth_ldap: Initial bind failed (%d: %s [%s])",
error_code, ldap_err2string(error_code), error_msg ? error_msg : "-"); error_code, ldap_err2string(error_code), error_msg ? error_msg : "-");
ldap_memfree(error_msg); ldap_memfree(error_msg);
ldap_msgfree(result); ldap_msgfree(result);
@ -1992,7 +1992,7 @@ ngx_http_auth_ldap_check_bind(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t *c
cred.bv_len = r->headers_in.passwd.len; cred.bv_len = r->headers_in.passwd.len;
rc = ldap_sasl_bind(ctx->c->ld, (const char *) ctx->dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &ctx->c->msgid); rc = ldap_sasl_bind(ctx->c->ld, (const char *) ctx->dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &ctx->c->msgid);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ctx->outcome = OUTCOME_ERROR; ctx->outcome = OUTCOME_ERROR;
ngx_http_auth_ldap_return_connection(ctx->c); ngx_http_auth_ldap_return_connection(ctx->c);
@ -2036,7 +2036,7 @@ ngx_http_auth_ldap_recover_bind(ngx_http_request_t *r, ngx_http_auth_ldap_ctx_t
cred.bv_len = ctx->server->bind_dn_passwd.len; cred.bv_len = ctx->server->bind_dn_passwd.len;
rc = ldap_sasl_bind(ctx->c->ld, (const char *) ctx->server->bind_dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &ctx->c->msgid); rc = ldap_sasl_bind(ctx->c->ld, (const char *) ctx->server->bind_dn.data, LDAP_SASL_SIMPLE, &cred, NULL, NULL, &ctx->c->msgid);
if (rc != LDAP_SUCCESS) { if (rc != LDAP_SUCCESS) {
ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)", ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "http_auth_ldap: ldap_sasl_bind() failed (%d: %s)",
rc, ldap_err2string(rc)); rc, ldap_err2string(rc));
ctx->outcome = OUTCOME_ERROR; ctx->outcome = OUTCOME_ERROR;
ngx_http_auth_ldap_return_connection(ctx->c); ngx_http_auth_ldap_return_connection(ctx->c);

Loading…
Cancel
Save