From 46a34790cbb2743b823c51ad6627187ccb288d33 Mon Sep 17 00:00:00 2001
From: Matt Benjamin <mbenjamin@redhat.com>
Date: Fri, 11 Mar 2016 14:22:24 -0500
Subject: [PATCH] rgw_ldap:  merge cleanups

* match LDAPHelper op return codes to RGW (-POSIX)
* make temporary LDAP handle local (MT-safe)
* add required --encode and --ttype to usage
* use versioned encoding macros

Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
---
 src/rgw/rgw_ldap.h   | 15 ++++++++-------
 src/rgw/rgw_token.cc |  5 +++--
 src/rgw/rgw_token.h  |  4 ++++
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
index 62cff3cbde702..bf90d1a11596a 100644
--- a/src/rgw/rgw_ldap.h
+++ b/src/rgw/rgw_ldap.h
@@ -21,7 +21,7 @@ namespace rgw {
     std::string binddn;
     std::string searchdn;
     std::string memberattr;
-    LDAP *ldap, *tldap;
+    LDAP *ldap;
 
   public:
     LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
@@ -34,21 +34,23 @@ namespace rgw {
     int init() {
       int ret;
       ret = ldap_initialize(&ldap, uri.c_str());
-      return ret;
+      return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
     }
 
     int bind() {
-      return ldap_simple_bind_s(ldap, nullptr, nullptr);
+      int ret;
+      ret = ldap_simple_bind_s(ldap, nullptr, nullptr);
+      return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
     }
 
     int simple_bind(const char *dn, const std::string& pwd) {
+      LDAP* tldap;
       int ret = ldap_initialize(&tldap, uri.c_str());
       ret = ldap_simple_bind_s(tldap, dn, pwd.c_str());
       if (ret == LDAP_SUCCESS) {
 	ldap_unbind(tldap);
-	return 0;
       }
-      return -1;
+      return ret; // OpenLDAP client error space
     }
 
     int auth(const std::string uid, const std::string pwd) {
@@ -66,12 +68,11 @@ namespace rgw {
       if (ret == LDAP_SUCCESS) {
 	entry = ldap_first_entry(ldap, answer);
 	char *dn = ldap_get_dn(ldap, entry);
-	//std::cout << dn << std::endl;
 	ret = simple_bind(dn, pwd);
 	ldap_memfree(dn);
 	ldap_msgfree(answer);
       }
-      return ret;
+      return (ret == LDAP_SUCCESS) ? ret : -EACCES;
     }
 
     ~LDAPHelper() {
diff --git a/src/rgw/rgw_token.cc b/src/rgw/rgw_token.cc
index 95be3da8631a9..c4ae0f0cdfdb0 100644
--- a/src/rgw/rgw_token.cc
+++ b/src/rgw/rgw_token.cc
@@ -49,9 +49,10 @@ namespace {
 
 void usage()
 {
-  cout << "usage: radosgw-token [options...]" << std::endl;
-  cout << "\t(maybe exporting RGW_ACCESS_KEY_ID and RGW_SECRET_ACCESS_KEY)"
+  cout << "usage: radosgw-token --encode --ttype=<token type> [options...]" << std::endl;
+  cout << "\t(maybe exporting RGW_ACCESS_KEY_ID and RGW_SECRET_ACCESS_KEY)"    
        << std::endl;
+  cout << "\t <token type> := ad | ldap" << std::endl;
   cout << "\n";
   generic_client_usage();
 }
diff --git a/src/rgw/rgw_token.h b/src/rgw/rgw_token.h
index df10314801cf9..7dce9a9ef3ceb 100644
--- a/src/rgw/rgw_token.h
+++ b/src/rgw/rgw_token.h
@@ -93,23 +93,27 @@ namespace rgw {
     void encode(bufferlist& bl) const {
       uint32_t ver = version();
       string typestr{from_type(type)};
+      ENCODE_START(1, 1, bl);
       ::encode(type_name, bl);
       ::encode(ver, bl);
       ::encode(typestr, bl);
       ::encode(id, bl);
       ::encode(key, bl);
+      ENCODE_FINISH(bl);
     }
 
     void decode(bufferlist::iterator& bl) {
       string name;
       string typestr;
       uint32_t version;
+      DECODE_START(1, bl);
       ::decode(name, bl);
       ::decode(version, bl);
       ::decode(typestr, bl);
       type = to_type(typestr.c_str());
       ::decode(id, bl);
       ::decode(key, bl);
+      DECODE_FINISH(bl);
     }
 
     void dump(Formatter* f) const {
-- 
2.39.5