error.c revision 1.2
1/*	$NetBSD: error.c,v 1.2 2020/08/11 13:15:37 christos Exp $	*/
2
3/* $OpenLDAP$ */
4/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
5 *
6 * Copyright 1998-2020 The OpenLDAP Foundation.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted only as authorized by the OpenLDAP
11 * Public License.
12 *
13 * A copy of this license is available in the file LICENSE in the
14 * top-level directory of the distribution or, alternatively, at
15 * <http://www.OpenLDAP.org/license.html>.
16 */
17
18#include <sys/cdefs.h>
19__RCSID("$NetBSD: error.c,v 1.2 2020/08/11 13:15:37 christos Exp $");
20
21#include "portable.h"
22
23#include <stdio.h>
24
25#include <ac/stdlib.h>
26
27#include <ac/socket.h>
28#include <ac/string.h>
29#include <ac/time.h>
30
31#include "ldap-int.h"
32
33void ldap_int_error_init( void ) {
34}
35
36char *
37ldap_err2string( int err )
38{
39	char *m;
40
41	Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
42
43	switch ( err ) {
44#	define C(code, message) case code: m = message; break
45
46	/* LDAPv3 (RFC 4511) codes */
47	C(LDAP_SUCCESS,					N_("Success"));
48	C(LDAP_OPERATIONS_ERROR, 		N_("Operations error"));
49	C(LDAP_PROTOCOL_ERROR, 			N_("Protocol error"));
50	C(LDAP_TIMELIMIT_EXCEEDED,		N_("Time limit exceeded"));
51	C(LDAP_SIZELIMIT_EXCEEDED, 		N_("Size limit exceeded"));
52	C(LDAP_COMPARE_FALSE, 			N_("Compare False"));
53	C(LDAP_COMPARE_TRUE, 			N_("Compare True"));
54	C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported"));
55	C(LDAP_STRONG_AUTH_REQUIRED,	N_("Strong(er) authentication required"));
56
57	C(LDAP_REFERRAL,				N_("Referral"));
58	C(LDAP_ADMINLIMIT_EXCEEDED,		N_("Administrative limit exceeded"));
59	C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
60									N_("Critical extension is unavailable"));
61	C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required"));
62	C(LDAP_SASL_BIND_IN_PROGRESS,	N_("SASL bind in progress"));
63
64	C(LDAP_NO_SUCH_ATTRIBUTE, 		N_("No such attribute"));
65	C(LDAP_UNDEFINED_TYPE, 			N_("Undefined attribute type"));
66	C(LDAP_INAPPROPRIATE_MATCHING, 	N_("Inappropriate matching"));
67	C(LDAP_CONSTRAINT_VIOLATION, 	N_("Constraint violation"));
68	C(LDAP_TYPE_OR_VALUE_EXISTS, 	N_("Type or value exists"));
69	C(LDAP_INVALID_SYNTAX, 			N_("Invalid syntax"));
70
71	C(LDAP_NO_SUCH_OBJECT, 			N_("No such object"));
72	C(LDAP_ALIAS_PROBLEM, 			N_("Alias problem"));
73	C(LDAP_INVALID_DN_SYNTAX,		N_("Invalid DN syntax"));
74
75	C(LDAP_ALIAS_DEREF_PROBLEM,	 	N_("Alias dereferencing problem"));
76
77	C(LDAP_INAPPROPRIATE_AUTH, 		N_("Inappropriate authentication"));
78	C(LDAP_INVALID_CREDENTIALS, 	N_("Invalid credentials"));
79	C(LDAP_INSUFFICIENT_ACCESS, 	N_("Insufficient access"));
80	C(LDAP_BUSY, 					N_("Server is busy"));
81	C(LDAP_UNAVAILABLE, 			N_("Server is unavailable"));
82	C(LDAP_UNWILLING_TO_PERFORM, 	N_("Server is unwilling to perform"));
83	C(LDAP_LOOP_DETECT, 			N_("Loop detected"));
84
85	C(LDAP_NAMING_VIOLATION, 		N_("Naming violation"));
86	C(LDAP_OBJECT_CLASS_VIOLATION, 	N_("Object class violation"));
87	C(LDAP_NOT_ALLOWED_ON_NONLEAF, 	N_("Operation not allowed on non-leaf"));
88	C(LDAP_NOT_ALLOWED_ON_RDN,	 	N_("Operation not allowed on RDN"));
89	C(LDAP_ALREADY_EXISTS, 			N_("Already exists"));
90	C(LDAP_NO_OBJECT_CLASS_MODS, 	N_("Cannot modify object class"));
91
92	C(LDAP_AFFECTS_MULTIPLE_DSAS,	N_("Operation affects multiple DSAs"));
93
94	/* Virtual List View draft */
95	C(LDAP_VLV_ERROR,				N_("Virtual List View error"));
96
97	C(LDAP_OTHER, N_("Other (e.g., implementation specific) error"));
98
99	/* LDAPv2 (RFC 1777) codes */
100	C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received"));
101	C(LDAP_IS_LEAF, 				N_("Entry is a leaf"));
102
103	/* Connection-less LDAP (CLDAP - RFC 1798) code */
104	C(LDAP_RESULTS_TOO_LARGE,		N_("Results too large"));
105
106	/* Cancel Operation (RFC 3909) codes */
107	C(LDAP_CANCELLED,				N_("Cancelled"));
108	C(LDAP_NO_SUCH_OPERATION,		N_("No Operation to Cancel"));
109	C(LDAP_TOO_LATE,				N_("Too Late to Cancel"));
110	C(LDAP_CANNOT_CANCEL,			N_("Cannot Cancel"));
111
112	/* Assert Control (RFC 4528 and old internet-draft) codes */
113	C(LDAP_ASSERTION_FAILED,		N_("Assertion Failed"));
114	C(LDAP_X_ASSERTION_FAILED,		N_("Assertion Failed (X)"));
115
116	/* Proxied Authorization Control (RFC 4370 and I-D) codes */
117	C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied"));
118	C(LDAP_X_PROXY_AUTHZ_FAILURE,	N_("Proxy Authorization Failure (X)"));
119
120	/* Content Sync Operation (RFC 4533 and I-D) codes */
121	C(LDAP_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required"));
122	C(LDAP_X_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required (X)"));
123
124	/* No-Op Control (draft-zeilenga-ldap-noop) code */
125	C(LDAP_X_NO_OPERATION,			N_("No Operation (X)"));
126
127	/* Client Update Protocol (RFC 3928) codes */
128	C(LDAP_CUP_RESOURCES_EXHAUSTED,	N_("LCUP Resources Exhausted"));
129	C(LDAP_CUP_SECURITY_VIOLATION,	N_("LCUP Security Violation"));
130	C(LDAP_CUP_INVALID_DATA,		N_("LCUP Invalid Data"));
131	C(LDAP_CUP_UNSUPPORTED_SCHEME,	N_("LCUP Unsupported Scheme"));
132	C(LDAP_CUP_RELOAD_REQUIRED,		N_("LCUP Reload Required"));
133
134#ifdef LDAP_X_TXN
135	/* Codes related to LDAP Transactions (draft-zeilenga-ldap-txn) */
136	C(LDAP_X_TXN_SPECIFY_OKAY,		N_("TXN specify okay"));
137	C(LDAP_X_TXN_ID_INVALID,		N_("TXN ID is invalid"));
138#endif
139
140	/* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */
141	C(LDAP_SERVER_DOWN,				N_("Can't contact LDAP server"));
142	C(LDAP_LOCAL_ERROR,				N_("Local error"));
143	C(LDAP_ENCODING_ERROR,			N_("Encoding error"));
144	C(LDAP_DECODING_ERROR,			N_("Decoding error"));
145	C(LDAP_TIMEOUT,					N_("Timed out"));
146	C(LDAP_AUTH_UNKNOWN,			N_("Unknown authentication method"));
147	C(LDAP_FILTER_ERROR,			N_("Bad search filter"));
148	C(LDAP_USER_CANCELLED,			N_("User cancelled operation"));
149	C(LDAP_PARAM_ERROR,				N_("Bad parameter to an ldap routine"));
150	C(LDAP_NO_MEMORY,				N_("Out of memory"));
151	C(LDAP_CONNECT_ERROR,			N_("Connect error"));
152	C(LDAP_NOT_SUPPORTED,			N_("Not Supported"));
153	C(LDAP_CONTROL_NOT_FOUND,		N_("Control not found"));
154	C(LDAP_NO_RESULTS_RETURNED,		N_("No results returned"));
155	C(LDAP_MORE_RESULTS_TO_RETURN,	N_("More results to return"));
156	C(LDAP_CLIENT_LOOP,				N_("Client Loop"));
157	C(LDAP_REFERRAL_LIMIT_EXCEEDED,	N_("Referral Limit Exceeded"));
158	C(LDAP_X_CONNECTING,			N_("Connecting (X)"));
159#	undef C
160
161	default:
162		m = (LDAP_API_ERROR(err) ? N_("Unknown API error")
163			 : LDAP_E_ERROR(err) ? N_("Unknown (extension) error")
164			 : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error")
165			 : N_("Unknown error"));
166		break;
167	}
168
169	return _(m);
170}
171
172/* deprecated */
173void
174ldap_perror( LDAP *ld, LDAP_CONST char *str )
175{
176    int i;
177
178	assert( ld != NULL );
179	assert( LDAP_VALID( ld ) );
180	assert( str != NULL );
181
182	fprintf( stderr, "%s: %s (%d)\n",
183		str ? str : "ldap_perror",
184		ldap_err2string( ld->ld_errno ),
185		ld->ld_errno );
186
187	if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
188		fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
189	}
190
191	if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
192		fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
193	}
194
195	if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
196		fprintf( stderr, _("\treferrals:\n") );
197		for (i=0; ld->ld_referrals[i]; i++) {
198			fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
199		}
200	}
201
202	fflush( stderr );
203}
204
205/* deprecated */
206int
207ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
208{
209	int rc, err;
210
211	rc = ldap_parse_result( ld, r, &err,
212		NULL, NULL, NULL, NULL, freeit );
213
214	return err != LDAP_SUCCESS ? err : rc;
215}
216
217/*
218 * Parse LDAPResult Messages:
219 *
220 *   LDAPResult ::= SEQUENCE {
221 *     resultCode      ENUMERATED,
222 *     matchedDN       LDAPDN,
223 *     errorMessage    LDAPString,
224 *     referral        [3] Referral OPTIONAL }
225 *
226 * including Bind results:
227 *
228 *   BindResponse ::= [APPLICATION 1] SEQUENCE {
229 *     COMPONENTS OF LDAPResult,
230 *     serverSaslCreds  [7] OCTET STRING OPTIONAL }
231 *
232 * and ExtendedOp results:
233 *
234 *   ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
235 *     COMPONENTS OF LDAPResult,
236 *     responseName     [10] LDAPOID OPTIONAL,
237 *     response         [11] OCTET STRING OPTIONAL }
238 *
239 */
240int
241ldap_parse_result(
242	LDAP			*ld,
243	LDAPMessage		*r,
244	int				*errcodep,
245	char			**matcheddnp,
246	char			**errmsgp,
247	char			***referralsp,
248	LDAPControl		***serverctrls,
249	int				freeit )
250{
251	LDAPMessage	*lm;
252	ber_int_t errcode = LDAP_SUCCESS;
253
254	ber_tag_t tag;
255	BerElement	*ber;
256
257	Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
258
259	assert( ld != NULL );
260	assert( LDAP_VALID( ld ) );
261	assert( r != NULL );
262
263	if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
264	if(matcheddnp != NULL) *matcheddnp = NULL;
265	if(errmsgp != NULL) *errmsgp = NULL;
266	if(referralsp != NULL) *referralsp = NULL;
267	if(serverctrls != NULL) *serverctrls = NULL;
268
269	LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
270	/* Find the result, last msg in chain... */
271	lm = r->lm_chain_tail;
272	/* FIXME: either this is not possible (assert?)
273	 * or it should be handled */
274	if ( lm != NULL ) {
275		switch ( lm->lm_msgtype ) {
276		case LDAP_RES_SEARCH_ENTRY:
277		case LDAP_RES_SEARCH_REFERENCE:
278		case LDAP_RES_INTERMEDIATE:
279			lm = NULL;
280			break;
281
282		default:
283			break;
284		}
285	}
286
287	if( lm == NULL ) {
288		errcode = ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
289		LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
290	    goto done;
291	}
292
293	if ( ld->ld_error ) {
294		LDAP_FREE( ld->ld_error );
295		ld->ld_error = NULL;
296	}
297	if ( ld->ld_matched ) {
298		LDAP_FREE( ld->ld_matched );
299		ld->ld_matched = NULL;
300	}
301	if ( ld->ld_referrals ) {
302		LDAP_VFREE( ld->ld_referrals );
303		ld->ld_referrals = NULL;
304	}
305
306	/* parse results */
307
308	ber = ber_dup( lm->lm_ber );
309
310	if ( ld->ld_version < LDAP_VERSION2 ) {
311		tag = ber_scanf( ber, "{iA}",
312			&ld->ld_errno, &ld->ld_error );
313
314	} else {
315		ber_len_t len;
316
317		tag = ber_scanf( ber, "{iAA" /*}*/,
318			&ld->ld_errno, &ld->ld_matched, &ld->ld_error );
319
320		if( tag != LBER_ERROR ) {
321			/* peek for referrals */
322			if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
323				tag = ber_scanf( ber, "v", &ld->ld_referrals );
324			}
325		}
326
327		/* need to clean out misc items */
328		if( tag != LBER_ERROR ) {
329			if( lm->lm_msgtype == LDAP_RES_BIND ) {
330				/* look for sasl result creditials */
331				if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
332					/* skip 'em */
333					tag = ber_scanf( ber, "x" );
334				}
335
336			} else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
337				/* look for exop result oid or value */
338				if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
339					/* skip 'em */
340					tag = ber_scanf( ber, "x" );
341				}
342
343				if ( tag != LBER_ERROR &&
344					ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
345				{
346					/* skip 'em */
347					tag = ber_scanf( ber, "x" );
348				}
349			}
350		}
351
352		if( tag != LBER_ERROR ) {
353			int rc = ldap_pvt_get_controls( ber, serverctrls );
354
355			if( rc != LDAP_SUCCESS ) {
356				tag = LBER_ERROR;
357			}
358		}
359
360		if( tag != LBER_ERROR ) {
361			tag = ber_scanf( ber, /*{*/"}" );
362		}
363	}
364
365	if ( tag == LBER_ERROR ) {
366		ld->ld_errno = errcode = LDAP_DECODING_ERROR;
367	}
368
369	if( ber != NULL ) {
370		ber_free( ber, 0 );
371	}
372
373	/* return */
374	if( errcodep != NULL ) {
375		*errcodep = ld->ld_errno;
376	}
377	if ( errcode == LDAP_SUCCESS ) {
378		if( matcheddnp != NULL ) {
379			if ( ld->ld_matched )
380			{
381				*matcheddnp = LDAP_STRDUP( ld->ld_matched );
382			}
383		}
384		if( errmsgp != NULL ) {
385			if ( ld->ld_error )
386			{
387				*errmsgp = LDAP_STRDUP( ld->ld_error );
388			}
389		}
390
391		if( referralsp != NULL) {
392			*referralsp = ldap_value_dup( ld->ld_referrals );
393		}
394	}
395	LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
396
397done:
398	if ( freeit ) {
399		ldap_msgfree( r );
400	}
401
402	return errcode;
403}
404