From 10de5bfc2ae13a13265815b4172e994d913d0926 Mon Sep 17 00:00:00 2001 From: Christoph Heiss Date: Thu, 10 Aug 2023 14:37:05 +0200 Subject: [PATCH] ldap: handle errors explicitly everywhere instead of simply `die`ing Most codepaths already have explicit error handling (by the means of checking the return value), which is essential dead code due to setting `onerror`. As LDAP errors might get presented to users due to upcoming changes, the error location should not be present in these error messages, thus switch to explicit handling. Only two calls were missing such explicit handling of errors, so these are amended as appropriate. Further, some `die`s were missing newlines at the end of the message, which - again - would cause the error location to be included. Signed-off-by: Christoph Heiss --- src/PVE/LDAP.pm | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/PVE/LDAP.pm b/src/PVE/LDAP.pm index 342c352..16a0a8e 100644 --- a/src/PVE/LDAP.pm +++ b/src/PVE/LDAP.pm @@ -22,7 +22,6 @@ sub ldap_connect { scheme => $scheme, port => $port, timeout => 10, - onerror => 'die', ); my $hosts = []; @@ -41,7 +40,8 @@ sub ldap_connect { my $ldap = Net::LDAP->new($hosts, %ldap_opts) || die "$@\n"; if ($start_tls) { - $ldap->start_tls(%$opts); + my $res = $ldap->start_tls(%$opts); + die $res->error . "\n" if $res->code; } return $ldap; @@ -73,6 +73,7 @@ sub get_user_dn { filter => "$attr=$name", attrs => ['dn'] ); + die $result->error . "\n" if $result->code; return undef if !$result->entries; my @entries = $result->entries; return $entries[0]->dn; @@ -93,7 +94,7 @@ sub auth_user_dn { if ($code) { return undef if $noerr; - die $err; + die "$err\n"; } return 1; @@ -184,7 +185,7 @@ sub query_users { $err = "LDAP user query unsuccessful" if !$err; } - die $err if $err; + die "$err\n" if $err; return $users; } @@ -265,7 +266,7 @@ sub query_groups { $err = "LDAP group query unsuccessful" if !$err; } - die $err if $err; + die "$err\n" if $err; return $groups; } -- 2.39.5