@@ -620,6 +620,9 @@ nsdb_start_tls(LDAP *ld, const char *certfile, unsigned int *ldap_err)
ldap_get_option(ld, LDAP_OPT_DIAGNOSTIC_MESSAGE, (void *)&msg);
xlog(D_GENERAL, "%s: %s", __func__, msg);
ldap_memfree(msg);
+
+ if (rc == LDAP_CONNECT_ERROR)
+ return FEDFS_ERR_NSDB_AUTH;
goto out_ldap_err;
}
@@ -612,8 +612,8 @@ nfsref_add_nfs_fedfs(const char *junct_path, char **argv, int optind)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- xlog(L_ERROR, "Failed to authenticate to NSDB %s:%u",
- nsdbname, nsdbport);
+ xlog(L_ERROR, "Failed to establish secure connection to "
+ "NSDB %s:%u", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -187,8 +187,8 @@ nfsref_remove_delete_fsn(const char *junct_path)
nsdb_hostname(host), nsdb_port(host));
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- xlog(L_ERROR, "Failed to authenticate to NSDB %s:%u",
- nsdb_hostname(host), nsdb_port(host));
+ xlog(L_ERROR, "Failed to establish secure connection "
+ "to NSDB %s:%u", nsdb_hostname(host), nsdb_port(host));
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -262,8 +262,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -265,8 +265,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish security connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -242,8 +242,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -224,8 +224,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -226,8 +226,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -199,8 +199,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -219,8 +219,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -289,8 +289,8 @@ again:
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
fprintf(stderr, "Failed to bind to NSDB %s:%u: %s\n",
@@ -181,8 +181,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
fprintf(stderr, "Failed to bind to NSDB %s:%u: %s\n",
@@ -194,8 +194,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -349,8 +349,8 @@ again:
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
fprintf(stderr, "Failed to bind to NSDB %s:%u: %s\n",
@@ -194,8 +194,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -235,8 +235,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
@@ -202,8 +202,8 @@ main(int argc, char **argv)
nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_AUTH:
- fprintf(stderr, "Failed to authenticate to NSDB %s:%u\n",
- nsdbname, nsdbport);
+ fprintf(stderr, "Failed to establish secure connection "
+ "to NSDB %s:%u\n", nsdbname, nsdbport);
goto out_free;
case FEDFS_ERR_NSDB_LDAP_VAL:
switch (ldap_err) {
Have nsdb_open_nsdb() return the correct error when START_TLS fails to authenticate the NSDB or establish a secure connection. Callers were displaying a confusing error message in this case. Signed-off-by: Chuck Lever <chuck.lever@oracle.com> --- src/libnsdb/ldap.c | 3 +++ src/nfsref/add.c | 4 ++-- src/nfsref/remove.c | 4 ++-- src/nsdbc/nsdb-annotate.c | 4 ++-- src/nsdbc/nsdb-create-fsl.c | 4 ++-- src/nsdbc/nsdb-create-fsn.c | 4 ++-- src/nsdbc/nsdb-delete-fsl.c | 4 ++-- src/nsdbc/nsdb-delete-fsn.c | 4 ++-- src/nsdbc/nsdb-delete-nsdb.c | 4 ++-- src/nsdbc/nsdb-describe.c | 4 ++-- src/nsdbc/nsdb-list.c | 4 ++-- src/nsdbc/nsdb-nces.c | 4 ++-- src/nsdbc/nsdb-remove-nci.c | 4 ++-- src/nsdbc/nsdb-resolve-fsn.c | 4 ++-- src/nsdbc/nsdb-simple-nce.c | 4 ++-- src/nsdbc/nsdb-update-fsl.c | 4 ++-- src/nsdbc/nsdb-update-nci.c | 4 ++-- 17 files changed, 35 insertions(+), 32 deletions(-)