1/* $NetBSD: error.c,v 1.3 2021/08/14 16:14:55 christos Exp $ */ 2 3/* $OpenLDAP$ */ 4/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 5 * 6 * Copyright 1998-2021 The OpenLDAP Foundation. 7 * All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted only as authorized by the OpenLDAP 11 * Public License. 12 * 13 * A copy of this license is available in the file LICENSE in the 14 * top-level directory of the distribution or, alternatively, at 15 * <http://www.OpenLDAP.org/license.html>. 16 */ 17 18#include <sys/cdefs.h> 19__RCSID("$NetBSD: error.c,v 1.3 2021/08/14 16:14:55 christos Exp $"); 20 21#include "portable.h" 22 23#include <stdio.h> 24 25#include <ac/stdlib.h> 26 27#include <ac/socket.h> 28#include <ac/string.h> 29#include <ac/time.h> 30 31#include "ldap-int.h" 32 33void ldap_int_error_init( void ) { 34} 35 36char * 37ldap_err2string( int err ) 38{ 39 char *m; 40 41 Debug0( LDAP_DEBUG_TRACE, "ldap_err2string\n" ); 42 43 switch ( err ) { 44# define C(code, message) case code: m = message; break 45 46 /* LDAPv3 (RFC 4511) codes */ 47 C(LDAP_SUCCESS, N_("Success")); 48 C(LDAP_OPERATIONS_ERROR, N_("Operations error")); 49 C(LDAP_PROTOCOL_ERROR, N_("Protocol error")); 50 C(LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")); 51 C(LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")); 52 C(LDAP_COMPARE_FALSE, N_("Compare False")); 53 C(LDAP_COMPARE_TRUE, N_("Compare True")); 54 C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported")); 55 C(LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")); 56 57 C(LDAP_REFERRAL, N_("Referral")); 58 C(LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")); 59 C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION, 60 N_("Critical extension is unavailable")); 61 C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required")); 62 C(LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")); 63 64 C(LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")); 65 C(LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")); 66 C(LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")); 67 C(LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")); 68 C(LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")); 69 C(LDAP_INVALID_SYNTAX, N_("Invalid syntax")); 70 71 C(LDAP_NO_SUCH_OBJECT, N_("No such object")); 72 C(LDAP_ALIAS_PROBLEM, N_("Alias problem")); 73 C(LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")); 74 75 C(LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")); 76 77 C(LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")); 78 C(LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")); 79 C(LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")); 80 C(LDAP_BUSY, N_("Server is busy")); 81 C(LDAP_UNAVAILABLE, N_("Server is unavailable")); 82 C(LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")); 83 C(LDAP_LOOP_DETECT, N_("Loop detected")); 84 85 C(LDAP_NAMING_VIOLATION, N_("Naming violation")); 86 C(LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")); 87 C(LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")); 88 C(LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")); 89 C(LDAP_ALREADY_EXISTS, N_("Already exists")); 90 C(LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")); 91 92 C(LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")); 93 94 /* Virtual List View draft */ 95 C(LDAP_VLV_ERROR, N_("Virtual List View error")); 96 97 C(LDAP_OTHER, N_("Other (e.g., implementation specific) error")); 98 99 /* LDAPv2 (RFC 1777) codes */ 100 C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")); 101 C(LDAP_IS_LEAF, N_("Entry is a leaf")); 102 103 /* Connection-less LDAP (CLDAP - RFC 1798) code */ 104 C(LDAP_RESULTS_TOO_LARGE, N_("Results too large")); 105 106 /* Cancel Operation (RFC 3909) codes */ 107 C(LDAP_CANCELLED, N_("Cancelled")); 108 C(LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")); 109 C(LDAP_TOO_LATE, N_("Too Late to Cancel")); 110 C(LDAP_CANNOT_CANCEL, N_("Cannot Cancel")); 111 112 /* Assert Control (RFC 4528 and old internet-draft) codes */ 113 C(LDAP_ASSERTION_FAILED, N_("Assertion Failed")); 114 C(LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")); 115 116 /* Proxied Authorization Control (RFC 4370 and I-D) codes */ 117 C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")); 118 C(LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")); 119 120 /* Content Sync Operation (RFC 4533 and I-D) codes */ 121 C(LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")); 122 C(LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")); 123 124 /* No-Op Control (draft-zeilenga-ldap-noop) code */ 125 C(LDAP_X_NO_OPERATION, N_("No Operation (X)")); 126 127 /* Client Update Protocol (RFC 3928) codes */ 128 C(LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")); 129 C(LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")); 130 C(LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")); 131 C(LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")); 132 C(LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")); 133 134 C(LDAP_TXN_SPECIFY_OKAY, N_("TXN specify okay")); 135 C(LDAP_TXN_ID_INVALID, N_("TXN ID is invalid")); 136 137 /* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */ 138 C(LDAP_SERVER_DOWN, N_("Can't contact LDAP server")); 139 C(LDAP_LOCAL_ERROR, N_("Local error")); 140 C(LDAP_ENCODING_ERROR, N_("Encoding error")); 141 C(LDAP_DECODING_ERROR, N_("Decoding error")); 142 C(LDAP_TIMEOUT, N_("Timed out")); 143 C(LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")); 144 C(LDAP_FILTER_ERROR, N_("Bad search filter")); 145 C(LDAP_USER_CANCELLED, N_("User cancelled operation")); 146 C(LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")); 147 C(LDAP_NO_MEMORY, N_("Out of memory")); 148 C(LDAP_CONNECT_ERROR, N_("Connect error")); 149 C(LDAP_NOT_SUPPORTED, N_("Not Supported")); 150 C(LDAP_CONTROL_NOT_FOUND, N_("Control not found")); 151 C(LDAP_NO_RESULTS_RETURNED, N_("No results returned")); 152 C(LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")); 153 C(LDAP_CLIENT_LOOP, N_("Client Loop")); 154 C(LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")); 155 C(LDAP_X_CONNECTING, N_("Connecting (X)")); 156# undef C 157 158 default: 159 m = (LDAP_API_ERROR(err) ? N_("Unknown API error") 160 : LDAP_E_ERROR(err) ? N_("Unknown (extension) error") 161 : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error") 162 : N_("Unknown error")); 163 break; 164 } 165 166 return _(m); 167} 168 169/* deprecated */ 170void 171ldap_perror( LDAP *ld, LDAP_CONST char *str ) 172{ 173 int i; 174 175 assert( ld != NULL ); 176 assert( LDAP_VALID( ld ) ); 177 assert( str != NULL ); 178 179 fprintf( stderr, "%s: %s (%d)\n", 180 str ? str : "ldap_perror", 181 ldap_err2string( ld->ld_errno ), 182 ld->ld_errno ); 183 184 if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) { 185 fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched ); 186 } 187 188 if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) { 189 fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error ); 190 } 191 192 if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) { 193 fprintf( stderr, _("\treferrals:\n") ); 194 for (i=0; ld->ld_referrals[i]; i++) { 195 fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] ); 196 } 197 } 198 199 fflush( stderr ); 200} 201 202/* deprecated */ 203int 204ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit ) 205{ 206 int rc, err; 207 208 rc = ldap_parse_result( ld, r, &err, 209 NULL, NULL, NULL, NULL, freeit ); 210 211 return err != LDAP_SUCCESS ? err : rc; 212} 213 214/* 215 * Parse LDAPResult Messages: 216 * 217 * LDAPResult ::= SEQUENCE { 218 * resultCode ENUMERATED, 219 * matchedDN LDAPDN, 220 * errorMessage LDAPString, 221 * referral [3] Referral OPTIONAL } 222 * 223 * including Bind results: 224 * 225 * BindResponse ::= [APPLICATION 1] SEQUENCE { 226 * COMPONENTS OF LDAPResult, 227 * serverSaslCreds [7] OCTET STRING OPTIONAL } 228 * 229 * and ExtendedOp results: 230 * 231 * ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 232 * COMPONENTS OF LDAPResult, 233 * responseName [10] LDAPOID OPTIONAL, 234 * response [11] OCTET STRING OPTIONAL } 235 * 236 */ 237int 238ldap_parse_result( 239 LDAP *ld, 240 LDAPMessage *r, 241 int *errcodep, 242 char **matcheddnp, 243 char **errmsgp, 244 char ***referralsp, 245 LDAPControl ***serverctrls, 246 int freeit ) 247{ 248 LDAPMessage *lm; 249 ber_int_t errcode = LDAP_SUCCESS; 250 251 ber_tag_t tag; 252 BerElement *ber; 253 254 Debug0( LDAP_DEBUG_TRACE, "ldap_parse_result\n" ); 255 256 assert( ld != NULL ); 257 assert( LDAP_VALID( ld ) ); 258 assert( r != NULL ); 259 260 if(errcodep != NULL) *errcodep = LDAP_SUCCESS; 261 if(matcheddnp != NULL) *matcheddnp = NULL; 262 if(errmsgp != NULL) *errmsgp = NULL; 263 if(referralsp != NULL) *referralsp = NULL; 264 if(serverctrls != NULL) *serverctrls = NULL; 265 266 LDAP_MUTEX_LOCK( &ld->ld_res_mutex ); 267 /* Find the result, last msg in chain... */ 268 lm = r->lm_chain_tail; 269 /* FIXME: either this is not possible (assert?) 270 * or it should be handled */ 271 if ( lm != NULL ) { 272 switch ( lm->lm_msgtype ) { 273 case LDAP_RES_SEARCH_ENTRY: 274 case LDAP_RES_SEARCH_REFERENCE: 275 case LDAP_RES_INTERMEDIATE: 276 lm = NULL; 277 break; 278 279 default: 280 break; 281 } 282 } 283 284 if( lm == NULL ) { 285 errcode = ld->ld_errno = LDAP_NO_RESULTS_RETURNED; 286 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex ); 287 goto done; 288 } 289 290 if ( ld->ld_error ) { 291 LDAP_FREE( ld->ld_error ); 292 ld->ld_error = NULL; 293 } 294 if ( ld->ld_matched ) { 295 LDAP_FREE( ld->ld_matched ); 296 ld->ld_matched = NULL; 297 } 298 if ( ld->ld_referrals ) { 299 LDAP_VFREE( ld->ld_referrals ); 300 ld->ld_referrals = NULL; 301 } 302 303 /* parse results */ 304 305 ber = ber_dup( lm->lm_ber ); 306 307 if ( ld->ld_version < LDAP_VERSION2 ) { 308 tag = ber_scanf( ber, "{iA}", 309 &ld->ld_errno, &ld->ld_error ); 310 311 } else { 312 ber_len_t len; 313 314 tag = ber_scanf( ber, "{iAA" /*}*/, 315 &ld->ld_errno, &ld->ld_matched, &ld->ld_error ); 316 317 if( tag != LBER_ERROR ) { 318 /* peek for referrals */ 319 if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) { 320 tag = ber_scanf( ber, "v", &ld->ld_referrals ); 321 } 322 } 323 324 /* need to clean out misc items */ 325 if( tag != LBER_ERROR ) { 326 if( lm->lm_msgtype == LDAP_RES_BIND ) { 327 /* look for sasl result credentials */ 328 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) { 329 /* skip 'em */ 330 tag = ber_scanf( ber, "x" ); 331 } 332 333 } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) { 334 /* look for exop result oid or value */ 335 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) { 336 /* skip 'em */ 337 tag = ber_scanf( ber, "x" ); 338 } 339 340 if ( tag != LBER_ERROR && 341 ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE ) 342 { 343 /* skip 'em */ 344 tag = ber_scanf( ber, "x" ); 345 } 346 } 347 } 348 349 if( tag != LBER_ERROR ) { 350 int rc = ldap_pvt_get_controls( ber, serverctrls ); 351 352 if( rc != LDAP_SUCCESS ) { 353 tag = LBER_ERROR; 354 } 355 } 356 357 if( tag != LBER_ERROR ) { 358 tag = ber_scanf( ber, /*{*/"}" ); 359 } 360 } 361 362 if ( tag == LBER_ERROR ) { 363 ld->ld_errno = errcode = LDAP_DECODING_ERROR; 364 } 365 366 if( ber != NULL ) { 367 ber_free( ber, 0 ); 368 } 369 370 /* return */ 371 if( errcodep != NULL ) { 372 *errcodep = ld->ld_errno; 373 } 374 if ( errcode == LDAP_SUCCESS ) { 375 if( matcheddnp != NULL ) { 376 if ( ld->ld_matched ) 377 { 378 *matcheddnp = LDAP_STRDUP( ld->ld_matched ); 379 } 380 } 381 if( errmsgp != NULL ) { 382 if ( ld->ld_error ) 383 { 384 *errmsgp = LDAP_STRDUP( ld->ld_error ); 385 } 386 } 387 388 if( referralsp != NULL) { 389 *referralsp = ldap_value_dup( ld->ld_referrals ); 390 } 391 } 392 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex ); 393 394done: 395 if ( freeit ) { 396 ldap_msgfree( r ); 397 } 398 399 return errcode; 400} 401