if (NULL != subjConfirmData) {
if (!SAMLCheckTimeAttr(subjConfirmData, "NotBefore", true) ||
!SAMLCheckTimeAttr(subjConfirmData, "NotOnOrAfter", false)) {
- Debug("%s: subjConfirmData time check failed\n", __FUNCTION__);
+ Warning("%s: subjConfirmData time check failed\n", __FUNCTION__);
continue;
}
* greater than the clock skew range is bad.
*/
if (diff > clockSkewAdjustment) {
- Debug("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n",
- __FUNCTION__, timeStr.c_str(), (int) diff,
- notBefore ? "is not yet valid" : "has expired");
+ Warning("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n",
+ __FUNCTION__, timeStr.c_str(), (int) diff,
+ notBefore ? "is not yet valid" : "has expired");
return false;
}
DOMElement *sigElem = SAMLFindChildByName(doc->getDocumentElement(),
"ds:Signature");
if (NULL == sigElem) {
- Debug("%s: No top level signature found.\n", __FUNCTION__);
+ Warning("%s: No top level signature found.\n", __FUNCTION__);
return false;
}
auto_ptr<DSIGKeyInfoX509> keyInfo = SAMLFindKey(secEnv, sigElem);
if (keyInfo.get() == NULL) {
- Debug("%s: No X509 data found as part of the signature.\n",
+ Warning("%s: No X509 data found as part of the signature.\n",
__FUNCTION__);
return false;
}
if (keyInfo->getCertificateListSize() == 0) {
- Debug("%s: No X509 certificates found in the signature\n", __FUNCTION__);
+ Warning("%s: No X509 certificates found in the signature\n",
+ __FUNCTION__);
return false;
}
}
if (!sig->verify()) {
- Debug("%s: Signature check failed: %s.\n", __FUNCTION__,
- SAMLStringWrapper(sig->getErrMsgs()).c_str());
+ Warning("%s: Signature check failed: %s.\n", __FUNCTION__,
+ SAMLStringWrapper(sig->getErrMsgs()).c_str());
return false;
}
* greater than the clock skew range is bad.
*/
if (diff > gClockSkewAdjustment) {
- g_debug("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n",
- __FUNCTION__, timeAttr, (int) diff,
- notBefore ? "is not yet valid" : "has expired");
+ g_warning("%s: FAILED SAML assertion (timeStamp %s, delta %d) %s.\n",
+ __FUNCTION__, timeAttr, (int) diff,
+ notBefore ? "is not yet valid" : "has expired");
retVal = FALSE;
goto done;
}
/*
* No username, no mapped certs, no chance.
*/
- Debug("%s: no mapping entries or userName\n", __FUNCTION__);
+ Warning("%s: no mapping entries or userName\n", __FUNCTION__);
err = VGAUTH_E_AUTHENTICATION_DENIED;
goto done;
}
* Subject went unmatched, so fail.
*/
if (NULL == queryUserName) {
- Debug("%s: no matching cert and subject found in mapping file\n",
- __FUNCTION__);
+ Warning("%s: no matching cert and subject found in mapping file\n",
+ __FUNCTION__);
err = VGAUTH_E_AUTHENTICATION_DENIED;
goto done;
}
* to allow for cleanup.
*/
if (!UsercheckUserExists(queryUserName)) {
- Debug("%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName);
+ Warning("%s: User '%s' doesn't exist\n", __FUNCTION__, queryUserName);
err = VGAUTH_E_AUTHENTICATION_DENIED;
goto done;
}
*/
if (numTrusted == 0) {
err = VGAUTH_E_AUTHENTICATION_DENIED;
- Debug("%s: No trusted certs in chain\n", __FUNCTION__);
+ Warning("%s: No trusted certs in chain\n", __FUNCTION__);
goto done;
}
projects / thirdparty / open-vm-tools.git / commitdiff
