1 /* $NetBSD: error.c,v 1.3 2021/08/14 16:14:55 christos Exp $ */
2
3 /* $OpenLDAP$ */
4 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 *
6 * Copyright 1998-2021 The OpenLDAP Foundation.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
11 * Public License.
12 *
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
16 */
17
18 #include <sys/cdefs.h>
19 __RCSID("$NetBSD: error.c,v 1.3 2021/08/14 16:14:55 christos Exp $");
20
21 #include "portable.h"
22
23 #include <stdio.h>
24
25 #include <ac/stdlib.h>
26
27 #include <ac/socket.h>
28 #include <ac/string.h>
29 #include <ac/time.h>
30
31 #include "ldap-int.h"
32
ldap_int_error_init(void)33 void ldap_int_error_init( void ) {
34 }
35
36 char *
ldap_err2string(int err)37 ldap_err2string( int err )
38 {
39 char *m;
40
41 Debug0( LDAP_DEBUG_TRACE, "ldap_err2string\n" );
42
43 switch ( err ) {
44 # define C(code, message) case code: m = message; break
45
46 /* LDAPv3 (RFC 4511) codes */
47 C(LDAP_SUCCESS, N_("Success"));
48 C(LDAP_OPERATIONS_ERROR, N_("Operations error"));
49 C(LDAP_PROTOCOL_ERROR, N_("Protocol error"));
50 C(LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded"));
51 C(LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded"));
52 C(LDAP_COMPARE_FALSE, N_("Compare False"));
53 C(LDAP_COMPARE_TRUE, N_("Compare True"));
54 C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported"));
55 C(LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required"));
56
57 C(LDAP_REFERRAL, N_("Referral"));
58 C(LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded"));
59 C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
60 N_("Critical extension is unavailable"));
61 C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required"));
62 C(LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress"));
63
64 C(LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute"));
65 C(LDAP_UNDEFINED_TYPE, N_("Undefined attribute type"));
66 C(LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching"));
67 C(LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation"));
68 C(LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists"));
69 C(LDAP_INVALID_SYNTAX, N_("Invalid syntax"));
70
71 C(LDAP_NO_SUCH_OBJECT, N_("No such object"));
72 C(LDAP_ALIAS_PROBLEM, N_("Alias problem"));
73 C(LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax"));
74
75 C(LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem"));
76
77 C(LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication"));
78 C(LDAP_INVALID_CREDENTIALS, N_("Invalid credentials"));
79 C(LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access"));
80 C(LDAP_BUSY, N_("Server is busy"));
81 C(LDAP_UNAVAILABLE, N_("Server is unavailable"));
82 C(LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform"));
83 C(LDAP_LOOP_DETECT, N_("Loop detected"));
84
85 C(LDAP_NAMING_VIOLATION, N_("Naming violation"));
86 C(LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation"));
87 C(LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf"));
88 C(LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN"));
89 C(LDAP_ALREADY_EXISTS, N_("Already exists"));
90 C(LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class"));
91
92 C(LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs"));
93
94 /* Virtual List View draft */
95 C(LDAP_VLV_ERROR, N_("Virtual List View error"));
96
97 C(LDAP_OTHER, N_("Other (e.g., implementation specific) error"));
98
99 /* LDAPv2 (RFC 1777) codes */
100 C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received"));
101 C(LDAP_IS_LEAF, N_("Entry is a leaf"));
102
103 /* Connection-less LDAP (CLDAP - RFC 1798) code */
104 C(LDAP_RESULTS_TOO_LARGE, N_("Results too large"));
105
106 /* Cancel Operation (RFC 3909) codes */
107 C(LDAP_CANCELLED, N_("Cancelled"));
108 C(LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel"));
109 C(LDAP_TOO_LATE, N_("Too Late to Cancel"));
110 C(LDAP_CANNOT_CANCEL, N_("Cannot Cancel"));
111
112 /* Assert Control (RFC 4528 and old internet-draft) codes */
113 C(LDAP_ASSERTION_FAILED, N_("Assertion Failed"));
114 C(LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)"));
115
116 /* Proxied Authorization Control (RFC 4370 and I-D) codes */
117 C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied"));
118 C(LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)"));
119
120 /* Content Sync Operation (RFC 4533 and I-D) codes */
121 C(LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required"));
122 C(LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)"));
123
124 /* No-Op Control (draft-zeilenga-ldap-noop) code */
125 C(LDAP_X_NO_OPERATION, N_("No Operation (X)"));
126
127 /* Client Update Protocol (RFC 3928) codes */
128 C(LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted"));
129 C(LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation"));
130 C(LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data"));
131 C(LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme"));
132 C(LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required"));
133
134 C(LDAP_TXN_SPECIFY_OKAY, N_("TXN specify okay"));
135 C(LDAP_TXN_ID_INVALID, N_("TXN ID is invalid"));
136
137 /* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */
138 C(LDAP_SERVER_DOWN, N_("Can't contact LDAP server"));
139 C(LDAP_LOCAL_ERROR, N_("Local error"));
140 C(LDAP_ENCODING_ERROR, N_("Encoding error"));
141 C(LDAP_DECODING_ERROR, N_("Decoding error"));
142 C(LDAP_TIMEOUT, N_("Timed out"));
143 C(LDAP_AUTH_UNKNOWN, N_("Unknown authentication method"));
144 C(LDAP_FILTER_ERROR, N_("Bad search filter"));
145 C(LDAP_USER_CANCELLED, N_("User cancelled operation"));
146 C(LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine"));
147 C(LDAP_NO_MEMORY, N_("Out of memory"));
148 C(LDAP_CONNECT_ERROR, N_("Connect error"));
149 C(LDAP_NOT_SUPPORTED, N_("Not Supported"));
150 C(LDAP_CONTROL_NOT_FOUND, N_("Control not found"));
151 C(LDAP_NO_RESULTS_RETURNED, N_("No results returned"));
152 C(LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return"));
153 C(LDAP_CLIENT_LOOP, N_("Client Loop"));
154 C(LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded"));
155 C(LDAP_X_CONNECTING, N_("Connecting (X)"));
156 # undef C
157
158 default:
159 m = (LDAP_API_ERROR(err) ? N_("Unknown API error")
160 : LDAP_E_ERROR(err) ? N_("Unknown (extension) error")
161 : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error")
162 : N_("Unknown error"));
163 break;
164 }
165
166 return _(m);
167 }
168
169 /* deprecated */
170 void
ldap_perror(LDAP * ld,LDAP_CONST char * str)171 ldap_perror( LDAP *ld, LDAP_CONST char *str )
172 {
173 int i;
174
175 assert( ld != NULL );
176 assert( LDAP_VALID( ld ) );
177 assert( str != NULL );
178
179 fprintf( stderr, "%s: %s (%d)\n",
180 str ? str : "ldap_perror",
181 ldap_err2string( ld->ld_errno ),
182 ld->ld_errno );
183
184 if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
185 fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
186 }
187
188 if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
189 fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
190 }
191
192 if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
193 fprintf( stderr, _("\treferrals:\n") );
194 for (i=0; ld->ld_referrals[i]; i++) {
195 fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
196 }
197 }
198
199 fflush( stderr );
200 }
201
202 /* deprecated */
203 int
ldap_result2error(LDAP * ld,LDAPMessage * r,int freeit)204 ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
205 {
206 int rc, err;
207
208 rc = ldap_parse_result( ld, r, &err,
209 NULL, NULL, NULL, NULL, freeit );
210
211 return err != LDAP_SUCCESS ? err : rc;
212 }
213
214 /*
215 * Parse LDAPResult Messages:
216 *
217 * LDAPResult ::= SEQUENCE {
218 * resultCode ENUMERATED,
219 * matchedDN LDAPDN,
220 * errorMessage LDAPString,
221 * referral [3] Referral OPTIONAL }
222 *
223 * including Bind results:
224 *
225 * BindResponse ::= [APPLICATION 1] SEQUENCE {
226 * COMPONENTS OF LDAPResult,
227 * serverSaslCreds [7] OCTET STRING OPTIONAL }
228 *
229 * and ExtendedOp results:
230 *
231 * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
232 * COMPONENTS OF LDAPResult,
233 * responseName [10] LDAPOID OPTIONAL,
234 * response [11] OCTET STRING OPTIONAL }
235 *
236 */
237 int
ldap_parse_result(LDAP * ld,LDAPMessage * r,int * errcodep,char ** matcheddnp,char ** errmsgp,char *** referralsp,LDAPControl *** serverctrls,int freeit)238 ldap_parse_result(
239 LDAP *ld,
240 LDAPMessage *r,
241 int *errcodep,
242 char **matcheddnp,
243 char **errmsgp,
244 char ***referralsp,
245 LDAPControl ***serverctrls,
246 int freeit )
247 {
248 LDAPMessage *lm;
249 ber_int_t errcode = LDAP_SUCCESS;
250
251 ber_tag_t tag;
252 BerElement *ber;
253
254 Debug0( LDAP_DEBUG_TRACE, "ldap_parse_result\n" );
255
256 assert( ld != NULL );
257 assert( LDAP_VALID( ld ) );
258 assert( r != NULL );
259
260 if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
261 if(matcheddnp != NULL) *matcheddnp = NULL;
262 if(errmsgp != NULL) *errmsgp = NULL;
263 if(referralsp != NULL) *referralsp = NULL;
264 if(serverctrls != NULL) *serverctrls = NULL;
265
266 LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
267 /* Find the result, last msg in chain... */
268 lm = r->lm_chain_tail;
269 /* FIXME: either this is not possible (assert?)
270 * or it should be handled */
271 if ( lm != NULL ) {
272 switch ( lm->lm_msgtype ) {
273 case LDAP_RES_SEARCH_ENTRY:
274 case LDAP_RES_SEARCH_REFERENCE:
275 case LDAP_RES_INTERMEDIATE:
276 lm = NULL;
277 break;
278
279 default:
280 break;
281 }
282 }
283
284 if( lm == NULL ) {
285 errcode = ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
286 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
287 goto done;
288 }
289
290 if ( ld->ld_error ) {
291 LDAP_FREE( ld->ld_error );
292 ld->ld_error = NULL;
293 }
294 if ( ld->ld_matched ) {
295 LDAP_FREE( ld->ld_matched );
296 ld->ld_matched = NULL;
297 }
298 if ( ld->ld_referrals ) {
299 LDAP_VFREE( ld->ld_referrals );
300 ld->ld_referrals = NULL;
301 }
302
303 /* parse results */
304
305 ber = ber_dup( lm->lm_ber );
306
307 if ( ld->ld_version < LDAP_VERSION2 ) {
308 tag = ber_scanf( ber, "{iA}",
309 &ld->ld_errno, &ld->ld_error );
310
311 } else {
312 ber_len_t len;
313
314 tag = ber_scanf( ber, "{iAA" /*}*/,
315 &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
316
317 if( tag != LBER_ERROR ) {
318 /* peek for referrals */
319 if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
320 tag = ber_scanf( ber, "v", &ld->ld_referrals );
321 }
322 }
323
324 /* need to clean out misc items */
325 if( tag != LBER_ERROR ) {
326 if( lm->lm_msgtype == LDAP_RES_BIND ) {
327 /* look for sasl result credentials */
328 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
329 /* skip 'em */
330 tag = ber_scanf( ber, "x" );
331 }
332
333 } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
334 /* look for exop result oid or value */
335 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
336 /* skip 'em */
337 tag = ber_scanf( ber, "x" );
338 }
339
340 if ( tag != LBER_ERROR &&
341 ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
342 {
343 /* skip 'em */
344 tag = ber_scanf( ber, "x" );
345 }
346 }
347 }
348
349 if( tag != LBER_ERROR ) {
350 int rc = ldap_pvt_get_controls( ber, serverctrls );
351
352 if( rc != LDAP_SUCCESS ) {
353 tag = LBER_ERROR;
354 }
355 }
356
357 if( tag != LBER_ERROR ) {
358 tag = ber_scanf( ber, /*{*/"}" );
359 }
360 }
361
362 if ( tag == LBER_ERROR ) {
363 ld->ld_errno = errcode = LDAP_DECODING_ERROR;
364 }
365
366 if( ber != NULL ) {
367 ber_free( ber, 0 );
368 }
369
370 /* return */
371 if( errcodep != NULL ) {
372 *errcodep = ld->ld_errno;
373 }
374 if ( errcode == LDAP_SUCCESS ) {
375 if( matcheddnp != NULL ) {
376 if ( ld->ld_matched )
377 {
378 *matcheddnp = LDAP_STRDUP( ld->ld_matched );
379 }
380 }
381 if( errmsgp != NULL ) {
382 if ( ld->ld_error )
383 {
384 *errmsgp = LDAP_STRDUP( ld->ld_error );
385 }
386 }
387
388 if( referralsp != NULL) {
389 *referralsp = ldap_value_dup( ld->ld_referrals );
390 }
391 }
392 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
393
394 done:
395 if ( freeit ) {
396 ldap_msgfree( r );
397 }
398
399 return errcode;
400 }
401