/* $OpenLDAP$ */ /* This work is part of OpenLDAP Software . * * Copyright 1998-2007 The OpenLDAP Foundation. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted only as authorized by the OpenLDAP * Public License. * * A copy of this license is available in the file LICENSE in the * top-level directory of the distribution or, alternatively, at * . */ #include "portable.h" #include #include #include #include #include #include "ldap-int.h" struct ldaperror { int e_code; char *e_reason; }; static struct ldaperror ldap_builtin_errlist[] = { {LDAP_SUCCESS, N_("Success")}, {LDAP_OPERATIONS_ERROR, N_("Operations error")}, {LDAP_PROTOCOL_ERROR, N_("Protocol error")}, {LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")}, {LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")}, {LDAP_COMPARE_FALSE, N_("Compare False")}, {LDAP_COMPARE_TRUE, N_("Compare True")}, {LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")}, {LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")}, {LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")}, {LDAP_REFERRAL, N_("Referral")}, {LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")}, {LDAP_UNAVAILABLE_CRITICAL_EXTENSION, N_("Critical extension is unavailable")}, {LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")}, {LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")}, {LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")}, {LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")}, {LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")}, {LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")}, {LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")}, {LDAP_INVALID_SYNTAX, N_("Invalid syntax")}, {LDAP_NO_SUCH_OBJECT, N_("No such object")}, {LDAP_ALIAS_PROBLEM, N_("Alias problem")}, {LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")}, {LDAP_IS_LEAF, N_("Entry is a leaf")}, {LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")}, {LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")}, {LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")}, {LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")}, {LDAP_BUSY, N_("Server is busy")}, {LDAP_UNAVAILABLE, N_("Server is unavailable")}, {LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")}, {LDAP_LOOP_DETECT, N_("Loop detected")}, {LDAP_NAMING_VIOLATION, N_("Naming violation")}, {LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")}, {LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")}, {LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")}, {LDAP_ALREADY_EXISTS, N_("Already exists")}, {LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")}, {LDAP_RESULTS_TOO_LARGE, N_("Results too large")}, {LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")}, {LDAP_OTHER, N_("Other (e.g., implementation specific) error")}, {LDAP_CANCELLED, N_("Cancelled")}, {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")}, {LDAP_TOO_LATE, N_("Too Late to Cancel")}, {LDAP_CANNOT_CANCEL, N_("Cannot Cancel")}, {LDAP_ASSERTION_FAILED, N_("Assertion Failed")}, {LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")}, {LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")}, {LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")}, {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")}, {LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")}, {LDAP_X_NO_OPERATION, N_("No Operation (X)")}, {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")}, {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")}, {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")}, {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")}, {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")}, #ifdef LDAP_X_TXN {LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")}, {LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")}, #endif /* API ResultCodes */ {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")}, {LDAP_LOCAL_ERROR, N_("Local error")}, {LDAP_ENCODING_ERROR, N_("Encoding error")}, {LDAP_DECODING_ERROR, N_("Decoding error")}, {LDAP_TIMEOUT, N_("Timed out")}, {LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")}, {LDAP_FILTER_ERROR, N_("Bad search filter")}, {LDAP_USER_CANCELLED, N_("User cancelled operation")}, {LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")}, {LDAP_NO_MEMORY, N_("Out of memory")}, {LDAP_CONNECT_ERROR, N_("Connect error")}, {LDAP_NOT_SUPPORTED, N_("Not Supported")}, {LDAP_CONTROL_NOT_FOUND, N_("Control not found")}, {LDAP_NO_RESULTS_RETURNED, N_("No results returned")}, {LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")}, {LDAP_CLIENT_LOOP, N_("Client Loop")}, {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")}, {0, NULL} }; static struct ldaperror *ldap_errlist = ldap_builtin_errlist; void ldap_int_error_init( void ) { } static const struct ldaperror * ldap_int_error( int err ) { int i; /* XXYYZ: O(n) search instead of O(1) lookup */ for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) { if ( err == ldap_errlist[i].e_code ) { return &ldap_errlist[i]; } } return NULL; } char * ldap_err2string( int err ) { const struct ldaperror *e; Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); e = ldap_int_error( err ); if (e) { return e->e_reason; } else if ( LDAP_API_ERROR(err) ) { return _("Unknown API error"); } else if ( LDAP_E_ERROR(err) ) { return _("Unknown (extension) error"); } else if ( LDAP_X_ERROR(err) ) { return _("Unknown (private extension) error"); } return _("Unknown error"); } /* deprecated */ void ldap_perror( LDAP *ld, LDAP_CONST char *str ) { int i; const struct ldaperror *e; Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( str != NULL ); e = ldap_int_error( ld->ld_errno ); fprintf( stderr, "%s: %s (%d)\n", str ? str : "ldap_perror", e ? _(e->e_reason) : _("unknown result code"), ld->ld_errno ); if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) { fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched ); } if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) { fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error ); } if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) { fprintf( stderr, _("\treferrals:\n") ); for (i=0; ld->ld_referrals[i]; i++) { fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] ); } } fflush( stderr ); } /* deprecated */ int ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit ) { int rc, err; rc = ldap_parse_result( ld, r, &err, NULL, NULL, NULL, NULL, freeit ); return err != LDAP_SUCCESS ? err : rc; } /* * Parse LDAPResult Messages: * * LDAPResult ::= SEQUENCE { * resultCode ENUMERATED, * matchedDN LDAPDN, * errorMessage LDAPString, * referral [3] Referral OPTIONAL } * * including Bind results: * * BindResponse ::= [APPLICATION 1] SEQUENCE { * COMPONENTS OF LDAPResult, * serverSaslCreds [7] OCTET STRING OPTIONAL } * * and ExtendedOp results: * * ExtendedResponse ::= [APPLICATION 24] SEQUENCE { * COMPONENTS OF LDAPResult, * responseName [10] LDAPOID OPTIONAL, * response [11] OCTET STRING OPTIONAL } * */ int ldap_parse_result( LDAP *ld, LDAPMessage *r, int *errcodep, char **matcheddnp, char **errmsgp, char ***referralsp, LDAPControl ***serverctrls, int freeit ) { LDAPMessage *lm; ber_int_t errcode = LDAP_SUCCESS; ber_tag_t tag; BerElement *ber; Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 ); assert( ld != NULL ); assert( LDAP_VALID( ld ) ); assert( r != NULL ); if(errcodep != NULL) *errcodep = LDAP_SUCCESS; if(matcheddnp != NULL) *matcheddnp = NULL; if(errmsgp != NULL) *errmsgp = NULL; if(referralsp != NULL) *referralsp = NULL; if(serverctrls != NULL) *serverctrls = NULL; #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex ); #endif /* Find the result, last msg in chain... */ lm = r->lm_chain_tail; /* FIXME: either this is not possible (assert?) * or it should be handled */ if ( lm != NULL ) { switch ( lm->lm_msgtype ) { case LDAP_RES_SEARCH_ENTRY: case LDAP_RES_SEARCH_REFERENCE: case LDAP_RES_INTERMEDIATE: lm = NULL; break; default: break; } } if( lm == NULL ) { ld->ld_errno = LDAP_NO_RESULTS_RETURNED; #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); #endif return ld->ld_errno; } if ( ld->ld_error ) { LDAP_FREE( ld->ld_error ); ld->ld_error = NULL; } if ( ld->ld_matched ) { LDAP_FREE( ld->ld_matched ); ld->ld_matched = NULL; } if ( ld->ld_referrals ) { LDAP_VFREE( ld->ld_referrals ); ld->ld_referrals = NULL; } /* parse results */ ber = ber_dup( lm->lm_ber ); if ( ld->ld_version < LDAP_VERSION2 ) { tag = ber_scanf( ber, "{iA}", &ld->ld_errno, &ld->ld_error ); } else { ber_len_t len; tag = ber_scanf( ber, "{iAA" /*}*/, &ld->ld_errno, &ld->ld_matched, &ld->ld_error ); if( tag != LBER_ERROR ) { /* peek for referrals */ if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) { tag = ber_scanf( ber, "v", &ld->ld_referrals ); } } /* need to clean out misc items */ if( tag != LBER_ERROR ) { if( lm->lm_msgtype == LDAP_RES_BIND ) { /* look for sasl result creditials */ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) { /* skip 'em */ tag = ber_scanf( ber, "x" ); } } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) { /* look for exop result oid or value */ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) { /* skip 'em */ tag = ber_scanf( ber, "x" ); } if ( tag != LBER_ERROR && ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE ) { /* skip 'em */ tag = ber_scanf( ber, "x" ); } } } if( tag != LBER_ERROR ) { int rc = ldap_pvt_get_controls( ber, serverctrls ); if( rc != LDAP_SUCCESS ) { tag = LBER_ERROR; } } if( tag != LBER_ERROR ) { tag = ber_scanf( ber, /*{*/"}" ); } } if ( tag == LBER_ERROR ) { ld->ld_errno = errcode = LDAP_DECODING_ERROR; } if( ber != NULL ) { ber_free( ber, 0 ); } /* return */ if( errcodep != NULL ) { *errcodep = ld->ld_errno; } if ( errcode == LDAP_SUCCESS ) { if( matcheddnp != NULL ) { if ( ld->ld_matched ) { *matcheddnp = LDAP_STRDUP( ld->ld_matched ); } } if( errmsgp != NULL ) { if ( ld->ld_error ) { *errmsgp = LDAP_STRDUP( ld->ld_error ); } } if( referralsp != NULL) { *referralsp = ldap_value_dup( ld->ld_referrals ); } } if ( freeit ) { ldap_msgfree( r ); } #ifdef LDAP_R_COMPILE ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); #endif return( errcode ); }