mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-27 03:20:22 +08:00
420 lines
11 KiB
C
420 lines
11 KiB
C
/* $OpenLDAP$ */
|
|
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
*
|
|
* Copyright 1998-2009 The OpenLDAP Foundation.
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted only as authorized by the OpenLDAP
|
|
* Public License.
|
|
*
|
|
* A copy of this license is available in the file LICENSE in the
|
|
* top-level directory of the distribution or, alternatively, at
|
|
* <http://www.OpenLDAP.org/license.html>.
|
|
*/
|
|
|
|
#include "portable.h"
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <ac/stdlib.h>
|
|
|
|
#include <ac/socket.h>
|
|
#include <ac/string.h>
|
|
#include <ac/time.h>
|
|
|
|
#include "ldap-int.h"
|
|
|
|
struct ldaperror {
|
|
int e_code;
|
|
char *e_reason;
|
|
};
|
|
|
|
static struct ldaperror ldap_builtin_errlist[] = {
|
|
{LDAP_SUCCESS, N_("Success")},
|
|
{LDAP_OPERATIONS_ERROR, N_("Operations error")},
|
|
{LDAP_PROTOCOL_ERROR, N_("Protocol error")},
|
|
{LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")},
|
|
{LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")},
|
|
{LDAP_COMPARE_FALSE, N_("Compare False")},
|
|
{LDAP_COMPARE_TRUE, N_("Compare True")},
|
|
{LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")},
|
|
{LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")},
|
|
{LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")},
|
|
|
|
{LDAP_REFERRAL, N_("Referral")},
|
|
{LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")},
|
|
{LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
|
|
N_("Critical extension is unavailable")},
|
|
{LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")},
|
|
{LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")},
|
|
|
|
{LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")},
|
|
{LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")},
|
|
{LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")},
|
|
{LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")},
|
|
{LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")},
|
|
{LDAP_INVALID_SYNTAX, N_("Invalid syntax")},
|
|
|
|
{LDAP_NO_SUCH_OBJECT, N_("No such object")},
|
|
{LDAP_ALIAS_PROBLEM, N_("Alias problem")},
|
|
{LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")},
|
|
{LDAP_IS_LEAF, N_("Entry is a leaf")},
|
|
{LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")},
|
|
|
|
{LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")},
|
|
{LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")},
|
|
{LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")},
|
|
{LDAP_BUSY, N_("Server is busy")},
|
|
{LDAP_UNAVAILABLE, N_("Server is unavailable")},
|
|
{LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")},
|
|
{LDAP_LOOP_DETECT, N_("Loop detected")},
|
|
|
|
{LDAP_NAMING_VIOLATION, N_("Naming violation")},
|
|
{LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")},
|
|
{LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")},
|
|
{LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")},
|
|
{LDAP_ALREADY_EXISTS, N_("Already exists")},
|
|
{LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")},
|
|
{LDAP_RESULTS_TOO_LARGE, N_("Results too large")},
|
|
{LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")},
|
|
|
|
{LDAP_OTHER, N_("Other (e.g., implementation specific) error")},
|
|
|
|
{LDAP_CANCELLED, N_("Cancelled")},
|
|
{LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
|
|
{LDAP_TOO_LATE, N_("Too Late to Cancel")},
|
|
{LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
|
|
|
|
{LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
|
|
{LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")},
|
|
|
|
{LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
|
|
{LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")},
|
|
|
|
{LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
|
|
{LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")},
|
|
|
|
{LDAP_X_NO_OPERATION, N_("No Operation (X)")},
|
|
|
|
{LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")},
|
|
{LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")},
|
|
{LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")},
|
|
{LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")},
|
|
{LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")},
|
|
|
|
#ifdef LDAP_X_TXN
|
|
{LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")},
|
|
{LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")},
|
|
#endif
|
|
|
|
/* API ResultCodes */
|
|
{LDAP_SERVER_DOWN, N_("Can't contact LDAP server")},
|
|
{LDAP_LOCAL_ERROR, N_("Local error")},
|
|
{LDAP_ENCODING_ERROR, N_("Encoding error")},
|
|
{LDAP_DECODING_ERROR, N_("Decoding error")},
|
|
{LDAP_TIMEOUT, N_("Timed out")},
|
|
{LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")},
|
|
{LDAP_FILTER_ERROR, N_("Bad search filter")},
|
|
{LDAP_USER_CANCELLED, N_("User cancelled operation")},
|
|
{LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")},
|
|
{LDAP_NO_MEMORY, N_("Out of memory")},
|
|
|
|
{LDAP_CONNECT_ERROR, N_("Connect error")},
|
|
{LDAP_NOT_SUPPORTED, N_("Not Supported")},
|
|
{LDAP_CONTROL_NOT_FOUND, N_("Control not found")},
|
|
{LDAP_NO_RESULTS_RETURNED, N_("No results returned")},
|
|
{LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")},
|
|
{LDAP_CLIENT_LOOP, N_("Client Loop")},
|
|
{LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
|
|
|
|
{0, NULL}
|
|
};
|
|
|
|
static struct ldaperror *ldap_errlist = ldap_builtin_errlist;
|
|
|
|
void ldap_int_error_init( void ) {
|
|
}
|
|
|
|
static const struct ldaperror *
|
|
ldap_int_error( int err )
|
|
{
|
|
int i;
|
|
|
|
/* XXYYZ: O(n) search instead of O(1) lookup */
|
|
for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) {
|
|
if ( err == ldap_errlist[i].e_code ) {
|
|
return &ldap_errlist[i];
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
char *
|
|
ldap_err2string( int err )
|
|
{
|
|
const struct ldaperror *e;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
|
|
|
|
e = ldap_int_error( err );
|
|
|
|
if (e) {
|
|
return e->e_reason;
|
|
|
|
} else if ( LDAP_API_ERROR(err) ) {
|
|
return _("Unknown API error");
|
|
|
|
} else if ( LDAP_E_ERROR(err) ) {
|
|
return _("Unknown (extension) error");
|
|
|
|
} else if ( LDAP_X_ERROR(err) ) {
|
|
return _("Unknown (private extension) error");
|
|
}
|
|
|
|
return _("Unknown error");
|
|
}
|
|
|
|
/* deprecated */
|
|
void
|
|
ldap_perror( LDAP *ld, LDAP_CONST char *str )
|
|
{
|
|
int i;
|
|
const struct ldaperror *e;
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 );
|
|
|
|
assert( ld != NULL );
|
|
assert( LDAP_VALID( ld ) );
|
|
assert( str != NULL );
|
|
|
|
e = ldap_int_error( ld->ld_errno );
|
|
|
|
fprintf( stderr, "%s: %s (%d)\n",
|
|
str ? str : "ldap_perror",
|
|
e ? _(e->e_reason) : _("unknown result code"),
|
|
ld->ld_errno );
|
|
|
|
if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
|
|
fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
|
|
}
|
|
|
|
if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
|
|
fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
|
|
}
|
|
|
|
if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
|
|
fprintf( stderr, _("\treferrals:\n") );
|
|
for (i=0; ld->ld_referrals[i]; i++) {
|
|
fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
|
|
}
|
|
}
|
|
|
|
fflush( stderr );
|
|
}
|
|
|
|
/* deprecated */
|
|
int
|
|
ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
|
|
{
|
|
int rc, err;
|
|
|
|
rc = ldap_parse_result( ld, r, &err,
|
|
NULL, NULL, NULL, NULL, freeit );
|
|
|
|
return err != LDAP_SUCCESS ? err : rc;
|
|
}
|
|
|
|
/*
|
|
* Parse LDAPResult Messages:
|
|
*
|
|
* LDAPResult ::= SEQUENCE {
|
|
* resultCode ENUMERATED,
|
|
* matchedDN LDAPDN,
|
|
* errorMessage LDAPString,
|
|
* referral [3] Referral OPTIONAL }
|
|
*
|
|
* including Bind results:
|
|
*
|
|
* BindResponse ::= [APPLICATION 1] SEQUENCE {
|
|
* COMPONENTS OF LDAPResult,
|
|
* serverSaslCreds [7] OCTET STRING OPTIONAL }
|
|
*
|
|
* and ExtendedOp results:
|
|
*
|
|
* ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
|
|
* COMPONENTS OF LDAPResult,
|
|
* responseName [10] LDAPOID OPTIONAL,
|
|
* response [11] OCTET STRING OPTIONAL }
|
|
*
|
|
*/
|
|
int
|
|
ldap_parse_result(
|
|
LDAP *ld,
|
|
LDAPMessage *r,
|
|
int *errcodep,
|
|
char **matcheddnp,
|
|
char **errmsgp,
|
|
char ***referralsp,
|
|
LDAPControl ***serverctrls,
|
|
int freeit )
|
|
{
|
|
LDAPMessage *lm;
|
|
ber_int_t errcode = LDAP_SUCCESS;
|
|
|
|
ber_tag_t tag;
|
|
BerElement *ber;
|
|
|
|
Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
|
|
|
|
assert( ld != NULL );
|
|
assert( LDAP_VALID( ld ) );
|
|
assert( r != NULL );
|
|
|
|
if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
|
|
if(matcheddnp != NULL) *matcheddnp = NULL;
|
|
if(errmsgp != NULL) *errmsgp = NULL;
|
|
if(referralsp != NULL) *referralsp = NULL;
|
|
if(serverctrls != NULL) *serverctrls = NULL;
|
|
|
|
#ifdef LDAP_R_COMPILE
|
|
ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
|
|
#endif
|
|
/* Find the result, last msg in chain... */
|
|
lm = r->lm_chain_tail;
|
|
/* FIXME: either this is not possible (assert?)
|
|
* or it should be handled */
|
|
if ( lm != NULL ) {
|
|
switch ( lm->lm_msgtype ) {
|
|
case LDAP_RES_SEARCH_ENTRY:
|
|
case LDAP_RES_SEARCH_REFERENCE:
|
|
case LDAP_RES_INTERMEDIATE:
|
|
lm = NULL;
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
if( lm == NULL ) {
|
|
ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
|
|
#ifdef LDAP_R_COMPILE
|
|
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
|
|
#endif
|
|
return ld->ld_errno;
|
|
}
|
|
|
|
if ( ld->ld_error ) {
|
|
LDAP_FREE( ld->ld_error );
|
|
ld->ld_error = NULL;
|
|
}
|
|
if ( ld->ld_matched ) {
|
|
LDAP_FREE( ld->ld_matched );
|
|
ld->ld_matched = NULL;
|
|
}
|
|
if ( ld->ld_referrals ) {
|
|
LDAP_VFREE( ld->ld_referrals );
|
|
ld->ld_referrals = NULL;
|
|
}
|
|
|
|
/* parse results */
|
|
|
|
ber = ber_dup( lm->lm_ber );
|
|
|
|
if ( ld->ld_version < LDAP_VERSION2 ) {
|
|
tag = ber_scanf( ber, "{iA}",
|
|
&ld->ld_errno, &ld->ld_error );
|
|
|
|
} else {
|
|
ber_len_t len;
|
|
|
|
tag = ber_scanf( ber, "{iAA" /*}*/,
|
|
&ld->ld_errno, &ld->ld_matched, &ld->ld_error );
|
|
|
|
if( tag != LBER_ERROR ) {
|
|
/* peek for referrals */
|
|
if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
|
|
tag = ber_scanf( ber, "v", &ld->ld_referrals );
|
|
}
|
|
}
|
|
|
|
/* need to clean out misc items */
|
|
if( tag != LBER_ERROR ) {
|
|
if( lm->lm_msgtype == LDAP_RES_BIND ) {
|
|
/* look for sasl result creditials */
|
|
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
|
|
/* skip 'em */
|
|
tag = ber_scanf( ber, "x" );
|
|
}
|
|
|
|
} else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
|
|
/* look for exop result oid or value */
|
|
if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
|
|
/* skip 'em */
|
|
tag = ber_scanf( ber, "x" );
|
|
}
|
|
|
|
if ( tag != LBER_ERROR &&
|
|
ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
|
|
{
|
|
/* skip 'em */
|
|
tag = ber_scanf( ber, "x" );
|
|
}
|
|
}
|
|
}
|
|
|
|
if( tag != LBER_ERROR ) {
|
|
int rc = ldap_pvt_get_controls( ber, serverctrls );
|
|
|
|
if( rc != LDAP_SUCCESS ) {
|
|
tag = LBER_ERROR;
|
|
}
|
|
}
|
|
|
|
if( tag != LBER_ERROR ) {
|
|
tag = ber_scanf( ber, /*{*/"}" );
|
|
}
|
|
}
|
|
|
|
if ( tag == LBER_ERROR ) {
|
|
ld->ld_errno = errcode = LDAP_DECODING_ERROR;
|
|
}
|
|
|
|
if( ber != NULL ) {
|
|
ber_free( ber, 0 );
|
|
}
|
|
|
|
/* return */
|
|
if( errcodep != NULL ) {
|
|
*errcodep = ld->ld_errno;
|
|
}
|
|
if ( errcode == LDAP_SUCCESS ) {
|
|
if( matcheddnp != NULL ) {
|
|
if ( ld->ld_matched )
|
|
{
|
|
*matcheddnp = LDAP_STRDUP( ld->ld_matched );
|
|
}
|
|
}
|
|
if( errmsgp != NULL ) {
|
|
if ( ld->ld_error )
|
|
{
|
|
*errmsgp = LDAP_STRDUP( ld->ld_error );
|
|
}
|
|
}
|
|
|
|
if( referralsp != NULL) {
|
|
*referralsp = ldap_value_dup( ld->ld_referrals );
|
|
}
|
|
}
|
|
|
|
if ( freeit ) {
|
|
ldap_msgfree( r );
|
|
}
|
|
#ifdef LDAP_R_COMPILE
|
|
ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
|
|
#endif
|
|
|
|
return( errcode );
|
|
}
|