error.c revision 1.1.1.1
1/* $OpenLDAP: pkg/ldap/libraries/libldap/error.c,v 1.76.2.3 2008/02/11 23:26:41 kurt Exp $ */ 2/* This work is part of OpenLDAP Software <http://www.openldap.org/>. 3 * 4 * Copyright 1998-2008 The OpenLDAP Foundation. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted only as authorized by the OpenLDAP 9 * Public License. 10 * 11 * A copy of this license is available in the file LICENSE in the 12 * top-level directory of the distribution or, alternatively, at 13 * <http://www.OpenLDAP.org/license.html>. 14 */ 15 16#include "portable.h" 17 18#include <stdio.h> 19 20#include <ac/stdlib.h> 21 22#include <ac/socket.h> 23#include <ac/string.h> 24#include <ac/time.h> 25 26#include "ldap-int.h" 27 28struct ldaperror { 29 int e_code; 30 char *e_reason; 31}; 32 33static struct ldaperror ldap_builtin_errlist[] = { 34 {LDAP_SUCCESS, N_("Success")}, 35 {LDAP_OPERATIONS_ERROR, N_("Operations error")}, 36 {LDAP_PROTOCOL_ERROR, N_("Protocol error")}, 37 {LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")}, 38 {LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")}, 39 {LDAP_COMPARE_FALSE, N_("Compare False")}, 40 {LDAP_COMPARE_TRUE, N_("Compare True")}, 41 {LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")}, 42 {LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")}, 43 {LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")}, 44 45 {LDAP_REFERRAL, N_("Referral")}, 46 {LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")}, 47 {LDAP_UNAVAILABLE_CRITICAL_EXTENSION, 48 N_("Critical extension is unavailable")}, 49 {LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")}, 50 {LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")}, 51 52 {LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")}, 53 {LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")}, 54 {LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")}, 55 {LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")}, 56 {LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")}, 57 {LDAP_INVALID_SYNTAX, N_("Invalid syntax")}, 58 59 {LDAP_NO_SUCH_OBJECT, N_("No such object")}, 60 {LDAP_ALIAS_PROBLEM, N_("Alias problem")}, 61 {LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")}, 62 {LDAP_IS_LEAF, N_("Entry is a leaf")}, 63 {LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")}, 64 65 {LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")}, 66 {LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")}, 67 {LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")}, 68 {LDAP_BUSY, N_("Server is busy")}, 69 {LDAP_UNAVAILABLE, N_("Server is unavailable")}, 70 {LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")}, 71 {LDAP_LOOP_DETECT, N_("Loop detected")}, 72 73 {LDAP_NAMING_VIOLATION, N_("Naming violation")}, 74 {LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")}, 75 {LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")}, 76 {LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")}, 77 {LDAP_ALREADY_EXISTS, N_("Already exists")}, 78 {LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")}, 79 {LDAP_RESULTS_TOO_LARGE, N_("Results too large")}, 80 {LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")}, 81 82 {LDAP_OTHER, N_("Other (e.g., implementation specific) error")}, 83 84 {LDAP_CANCELLED, N_("Cancelled")}, 85 {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")}, 86 {LDAP_TOO_LATE, N_("Too Late to Cancel")}, 87 {LDAP_CANNOT_CANCEL, N_("Cannot Cancel")}, 88 89 {LDAP_ASSERTION_FAILED, N_("Assertion Failed")}, 90 {LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")}, 91 92 {LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")}, 93 {LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")}, 94 95 {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")}, 96 {LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")}, 97 98 {LDAP_X_NO_OPERATION, N_("No Operation (X)")}, 99 100 {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")}, 101 {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")}, 102 {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")}, 103 {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")}, 104 {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")}, 105 106#ifdef LDAP_X_TXN 107 {LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")}, 108 {LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")}, 109#endif 110 111 /* API ResultCodes */ 112 {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")}, 113 {LDAP_LOCAL_ERROR, N_("Local error")}, 114 {LDAP_ENCODING_ERROR, N_("Encoding error")}, 115 {LDAP_DECODING_ERROR, N_("Decoding error")}, 116 {LDAP_TIMEOUT, N_("Timed out")}, 117 {LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")}, 118 {LDAP_FILTER_ERROR, N_("Bad search filter")}, 119 {LDAP_USER_CANCELLED, N_("User cancelled operation")}, 120 {LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")}, 121 {LDAP_NO_MEMORY, N_("Out of memory")}, 122 123 {LDAP_CONNECT_ERROR, N_("Connect error")}, 124 {LDAP_NOT_SUPPORTED, N_("Not Supported")}, 125 {LDAP_CONTROL_NOT_FOUND, N_("Control not found")}, 126 {LDAP_NO_RESULTS_RETURNED, N_("No results returned")}, 127 {LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")}, 128 {LDAP_CLIENT_LOOP, N_("Client Loop")}, 129 {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")}, 130 131 {0, NULL} 132}; 133 134static struct ldaperror *ldap_errlist = ldap_builtin_errlist; 135 136void ldap_int_error_init( void ) { 137} 138 139static const struct ldaperror * 140ldap_int_error( int err ) 141{ 142 int i; 143 144 /* XXYYZ: O(n) search instead of O(1) lookup */ 145 for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) { 146 if ( err == ldap_errlist[i].e_code ) { 147 return &ldap_errlist[i]; 148 } 149 } 150 151 return NULL; 152} 153 154char * 155ldap_err2string( int err ) 156{ 157 const struct ldaperror *e; 158 159 Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); 160 161 e = ldap_int_error( err ); 162 163 if (e) { 164 return e->e_reason; 165 166 } else if ( LDAP_API_ERROR(err) ) { 167 return _("Unknown API error"); 168 169 } else if ( LDAP_E_ERROR(err) ) { 170 return _("Unknown (extension) error"); 171 172 } else if ( LDAP_X_ERROR(err) ) { 173 return _("Unknown (private extension) error"); 174 } 175 176 return _("Unknown error"); 177} 178 179/* deprecated */ 180void 181ldap_perror( LDAP *ld, LDAP_CONST char *str ) 182{ 183 int i; 184 const struct ldaperror *e; 185 Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 ); 186 187 assert( ld != NULL ); 188 assert( LDAP_VALID( ld ) ); 189 assert( str != NULL ); 190 191 e = ldap_int_error( ld->ld_errno ); 192 193 fprintf( stderr, "%s: %s (%d)\n", 194 str ? str : "ldap_perror", 195 e ? _(e->e_reason) : _("unknown result code"), 196 ld->ld_errno ); 197 198 if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) { 199 fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched ); 200 } 201 202 if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) { 203 fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error ); 204 } 205 206 if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) { 207 fprintf( stderr, _("\treferrals:\n") ); 208 for (i=0; ld->ld_referrals[i]; i++) { 209 fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] ); 210 } 211 } 212 213 fflush( stderr ); 214} 215 216/* deprecated */ 217int 218ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit ) 219{ 220 int rc, err; 221 222 rc = ldap_parse_result( ld, r, &err, 223 NULL, NULL, NULL, NULL, freeit ); 224 225 return err != LDAP_SUCCESS ? err : rc; 226} 227 228/* 229 * Parse LDAPResult Messages: 230 * 231 * LDAPResult ::= SEQUENCE { 232 * resultCode ENUMERATED, 233 * matchedDN LDAPDN, 234 * errorMessage LDAPString, 235 * referral [3] Referral OPTIONAL } 236 * 237 * including Bind results: 238 * 239 * BindResponse ::= [APPLICATION 1] SEQUENCE { 240 * COMPONENTS OF LDAPResult, 241 * serverSaslCreds [7] OCTET STRING OPTIONAL } 242 * 243 * and ExtendedOp results: 244 * 245 * ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 246 * COMPONENTS OF LDAPResult, 247 * responseName [10] LDAPOID OPTIONAL, 248 * response [11] OCTET STRING OPTIONAL } 249 * 250 */ 251int 252ldap_parse_result( 253 LDAP *ld, 254 LDAPMessage *r, 255 int *errcodep, 256 char **matcheddnp, 257 char **errmsgp, 258 char ***referralsp, 259 LDAPControl ***serverctrls, 260 int freeit ) 261{ 262 LDAPMessage *lm; 263 ber_int_t errcode = LDAP_SUCCESS; 264 265 ber_tag_t tag; 266 BerElement *ber; 267 268 Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 ); 269 270 assert( ld != NULL ); 271 assert( LDAP_VALID( ld ) ); 272 assert( r != NULL ); 273 274 if(errcodep != NULL) *errcodep = LDAP_SUCCESS; 275 if(matcheddnp != NULL) *matcheddnp = NULL; 276 if(errmsgp != NULL) *errmsgp = NULL; 277 if(referralsp != NULL) *referralsp = NULL; 278 if(serverctrls != NULL) *serverctrls = NULL; 279 280#ifdef LDAP_R_COMPILE 281 ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex ); 282#endif 283 /* Find the result, last msg in chain... */ 284 lm = r->lm_chain_tail; 285 /* FIXME: either this is not possible (assert?) 286 * or it should be handled */ 287 if ( lm != NULL ) { 288 switch ( lm->lm_msgtype ) { 289 case LDAP_RES_SEARCH_ENTRY: 290 case LDAP_RES_SEARCH_REFERENCE: 291 case LDAP_RES_INTERMEDIATE: 292 lm = NULL; 293 break; 294 295 default: 296 break; 297 } 298 } 299 300 if( lm == NULL ) { 301 ld->ld_errno = LDAP_NO_RESULTS_RETURNED; 302#ifdef LDAP_R_COMPILE 303 ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); 304#endif 305 return ld->ld_errno; 306 } 307 308 if ( ld->ld_error ) { 309 LDAP_FREE( ld->ld_error ); 310 ld->ld_error = NULL; 311 } 312 if ( ld->ld_matched ) { 313 LDAP_FREE( ld->ld_matched ); 314 ld->ld_matched = NULL; 315 } 316 if ( ld->ld_referrals ) { 317 LDAP_VFREE( ld->ld_referrals ); 318 ld->ld_referrals = NULL; 319 } 320 321 /* parse results */ 322 323 ber = ber_dup( lm->lm_ber ); 324 325 if ( ld->ld_version < LDAP_VERSION2 ) { 326 tag = ber_scanf( ber, "{iA}", 327 &ld->ld_errno, &ld->ld_error ); 328 329 } else { 330 ber_len_t len; 331 332 tag = ber_scanf( ber, "{iAA" /*}*/, 333 &ld->ld_errno, &ld->ld_matched, &ld->ld_error ); 334 335 if( tag != LBER_ERROR ) { 336 /* peek for referrals */ 337 if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) { 338 tag = ber_scanf( ber, "v", &ld->ld_referrals ); 339 } 340 } 341 342 /* need to clean out misc items */ 343 if( tag != LBER_ERROR ) { 344 if( lm->lm_msgtype == LDAP_RES_BIND ) { 345 /* look for sasl result creditials */ 346 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) { 347 /* skip 'em */ 348 tag = ber_scanf( ber, "x" ); 349 } 350 351 } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) { 352 /* look for exop result oid or value */ 353 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) { 354 /* skip 'em */ 355 tag = ber_scanf( ber, "x" ); 356 } 357 358 if ( tag != LBER_ERROR && 359 ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE ) 360 { 361 /* skip 'em */ 362 tag = ber_scanf( ber, "x" ); 363 } 364 } 365 } 366 367 if( tag != LBER_ERROR ) { 368 int rc = ldap_pvt_get_controls( ber, serverctrls ); 369 370 if( rc != LDAP_SUCCESS ) { 371 tag = LBER_ERROR; 372 } 373 } 374 375 if( tag != LBER_ERROR ) { 376 tag = ber_scanf( ber, /*{*/"}" ); 377 } 378 } 379 380 if ( tag == LBER_ERROR ) { 381 ld->ld_errno = errcode = LDAP_DECODING_ERROR; 382 } 383 384 if( ber != NULL ) { 385 ber_free( ber, 0 ); 386 } 387 388 /* return */ 389 if( errcodep != NULL ) { 390 *errcodep = ld->ld_errno; 391 } 392 if ( errcode == LDAP_SUCCESS ) { 393 if( matcheddnp != NULL ) { 394 if ( ld->ld_matched ) 395 { 396 *matcheddnp = LDAP_STRDUP( ld->ld_matched ); 397 } 398 } 399 if( errmsgp != NULL ) { 400 if ( ld->ld_error ) 401 { 402 *errmsgp = LDAP_STRDUP( ld->ld_error ); 403 } 404 } 405 406 if( referralsp != NULL) { 407 *referralsp = ldap_value_dup( ld->ld_referrals ); 408 } 409 } 410 411 if ( freeit ) { 412 ldap_msgfree( r ); 413 } 414#ifdef LDAP_R_COMPILE 415 ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex ); 416#endif 417 418 return( errcode ); 419} 420