2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4 * Copyright 1998-2006 The OpenLDAP Foundation.
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted only as authorized by the OpenLDAP
11 * A copy of this license is available in the file LICENSE in the
12 * top-level directory of the distribution or, alternatively, at
13 * <http://www.OpenLDAP.org/license.html>.
15 /* Portions Copyright (C) The Internet Society (1997)
16 * ASN.1 fragments are from RFC 2251; see RFC for full legal notices.
23 #include <ac/stdlib.h>
25 #include <ac/socket.h>
26 #include <ac/string.h>
36 static struct ldaperror ldap_builtin_errlist[] = {
37 {LDAP_SUCCESS, N_("Success")},
38 {LDAP_OPERATIONS_ERROR, N_("Operations error")},
39 {LDAP_PROTOCOL_ERROR, N_("Protocol error")},
40 {LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")},
41 {LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")},
42 {LDAP_COMPARE_FALSE, N_("Compare False")},
43 {LDAP_COMPARE_TRUE, N_("Compare True")},
44 {LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")},
45 {LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")},
46 {LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")},
48 {LDAP_REFERRAL, N_("Referral")},
49 {LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")},
50 {LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
51 N_("Critical extension is unavailable")},
52 {LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")},
53 {LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")},
55 {LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")},
56 {LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")},
57 {LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")},
58 {LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")},
59 {LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")},
60 {LDAP_INVALID_SYNTAX, N_("Invalid syntax")},
62 {LDAP_NO_SUCH_OBJECT, N_("No such object")},
63 {LDAP_ALIAS_PROBLEM, N_("Alias problem")},
64 {LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")},
65 {LDAP_IS_LEAF, N_("Entry is a leaf")},
66 {LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")},
68 {LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")},
69 {LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")},
70 {LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")},
71 {LDAP_BUSY, N_("Server is busy")},
72 {LDAP_UNAVAILABLE, N_("Server is unavailable")},
73 {LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")},
74 {LDAP_LOOP_DETECT, N_("Loop detected")},
76 {LDAP_NAMING_VIOLATION, N_("Naming violation")},
77 {LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")},
78 {LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")},
79 {LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")},
80 {LDAP_ALREADY_EXISTS, N_("Already exists")},
81 {LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")},
82 {LDAP_RESULTS_TOO_LARGE, N_("Results too large")},
83 {LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")},
85 {LDAP_OTHER, N_("Other (e.g., implementation specific) error")},
87 {LDAP_CANCELLED, N_("Cancelled")},
88 {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
89 {LDAP_TOO_LATE, N_("Too Late to Cancel")},
90 {LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
92 {LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
93 {LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")},
95 {LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
96 {LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")},
98 {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
99 {LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")},
101 {LDAP_X_NO_OPERATION, N_("No Operation (X)")},
103 {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")},
104 {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")},
105 {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")},
106 {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")},
107 {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")},
110 /* API ResultCodes */
111 {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")},
112 {LDAP_LOCAL_ERROR, N_("Local error")},
113 {LDAP_ENCODING_ERROR, N_("Encoding error")},
114 {LDAP_DECODING_ERROR, N_("Decoding error")},
115 {LDAP_TIMEOUT, N_("Timed out")},
116 {LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")},
117 {LDAP_FILTER_ERROR, N_("Bad search filter")},
118 {LDAP_USER_CANCELLED, N_("User cancelled operation")},
119 {LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")},
120 {LDAP_NO_MEMORY, N_("Out of memory")},
122 {LDAP_CONNECT_ERROR, N_("Connect error")},
123 {LDAP_NOT_SUPPORTED, N_("Not Supported")},
124 {LDAP_CONTROL_NOT_FOUND, N_("Control not found")},
125 {LDAP_NO_RESULTS_RETURNED, N_("No results returned")},
126 {LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")},
127 {LDAP_CLIENT_LOOP, N_("Client Loop")},
128 {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
133 static struct ldaperror *ldap_errlist = ldap_builtin_errlist;
135 void ldap_int_error_init( void ) {
138 static const struct ldaperror *
139 ldap_int_error( int err )
143 /* XXYYZ: O(n) search instead of O(1) lookup */
144 for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) {
145 if ( err == ldap_errlist[i].e_code ) {
146 return &ldap_errlist[i];
154 ldap_err2string( int err )
156 const struct ldaperror *e;
158 Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
160 e = ldap_int_error( err );
165 } else if ( LDAP_API_ERROR(err) ) {
166 return _("Unknown API error");
168 } else if ( LDAP_E_ERROR(err) ) {
169 return _("Unknown (extension) error");
171 } else if ( LDAP_X_ERROR(err) ) {
172 return _("Unknown (private extension) error");
175 return _("Unknown error");
180 ldap_perror( LDAP *ld, LDAP_CONST char *str )
183 const struct ldaperror *e;
184 Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 );
186 assert( ld != NULL );
187 assert( LDAP_VALID( ld ) );
188 assert( str != NULL );
190 e = ldap_int_error( ld->ld_errno );
192 fprintf( stderr, "%s: %s (%d)\n",
193 str ? str : "ldap_perror",
194 e ? _(e->e_reason) : _("unknown result code"),
197 if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
198 fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
201 if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
202 fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
205 if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
206 fprintf( stderr, _("\treferrals:\n") );
207 for (i=0; ld->ld_referrals[i]; i++) {
208 fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
217 ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
221 rc = ldap_parse_result( ld, r, &err,
222 NULL, NULL, NULL, NULL, freeit );
224 return err != LDAP_SUCCESS ? err : rc;
228 * Parse LDAPResult Messages:
230 * LDAPResult ::= SEQUENCE {
231 * resultCode ENUMERATED,
233 * errorMessage LDAPString,
234 * referral [3] Referral OPTIONAL }
236 * including Bind results:
238 * BindResponse ::= [APPLICATION 1] SEQUENCE {
239 * COMPONENTS OF LDAPResult,
240 * serverSaslCreds [7] OCTET STRING OPTIONAL }
242 * and ExtendedOp results:
244 * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
245 * COMPONENTS OF LDAPResult,
246 * responseName [10] LDAPOID OPTIONAL,
247 * response [11] OCTET STRING OPTIONAL }
258 LDAPControl ***serverctrls,
262 ber_int_t errcode = LDAP_SUCCESS;
267 Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
269 assert( ld != NULL );
270 assert( LDAP_VALID( ld ) );
273 if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
274 if(matcheddnp != NULL) *matcheddnp = NULL;
275 if(errmsgp != NULL) *errmsgp = NULL;
276 if(referralsp != NULL) *referralsp = NULL;
277 if(serverctrls != NULL) *serverctrls = NULL;
279 #ifdef LDAP_R_COMPILE
280 ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
282 /* Find the result, last msg in chain... */
283 lm = r->lm_chain_tail;
284 /* FIXME: either this is not possible (assert?)
285 * or it should be handled */
287 switch ( lm->lm_msgtype ) {
288 case LDAP_RES_SEARCH_ENTRY:
289 case LDAP_RES_SEARCH_REFERENCE:
290 case LDAP_RES_INTERMEDIATE:
300 ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
301 #ifdef LDAP_R_COMPILE
302 ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
307 if ( ld->ld_error ) {
308 LDAP_FREE( ld->ld_error );
311 if ( ld->ld_matched ) {
312 LDAP_FREE( ld->ld_matched );
313 ld->ld_matched = NULL;
315 if ( ld->ld_referrals ) {
316 LDAP_VFREE( ld->ld_referrals );
317 ld->ld_referrals = NULL;
322 ber = ber_dup( lm->lm_ber );
324 if ( ld->ld_version < LDAP_VERSION2 ) {
325 tag = ber_scanf( ber, "{iA}",
326 &ld->ld_errno, &ld->ld_error );
331 tag = ber_scanf( ber, "{iAA" /*}*/,
332 &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
334 if( tag != LBER_ERROR ) {
335 /* peek for referrals */
336 if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
337 tag = ber_scanf( ber, "v", &ld->ld_referrals );
341 /* need to clean out misc items */
342 if( tag != LBER_ERROR ) {
343 if( lm->lm_msgtype == LDAP_RES_BIND ) {
344 /* look for sasl result creditials */
345 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
347 tag = ber_scanf( ber, "x" );
350 } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
351 /* look for exop result oid or value */
352 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
354 tag = ber_scanf( ber, "x" );
357 if ( tag != LBER_ERROR &&
358 ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
361 tag = ber_scanf( ber, "x" );
366 if( tag != LBER_ERROR ) {
367 int rc = ldap_pvt_get_controls( ber, serverctrls );
369 if( rc != LDAP_SUCCESS ) {
374 if( tag != LBER_ERROR ) {
375 tag = ber_scanf( ber, /*{*/"}" );
379 if ( tag == LBER_ERROR ) {
380 ld->ld_errno = errcode = LDAP_DECODING_ERROR;
388 if( errcodep != NULL ) {
389 *errcodep = ld->ld_errno;
391 if ( errcode == LDAP_SUCCESS ) {
392 if( matcheddnp != NULL ) {
393 if ( ld->ld_matched )
395 *matcheddnp = LDAP_STRDUP( ld->ld_matched );
398 if( errmsgp != NULL ) {
401 *errmsgp = LDAP_STRDUP( ld->ld_error );
405 if( referralsp != NULL) {
406 *referralsp = ldap_value_dup( ld->ld_referrals );
413 #ifdef LDAP_R_COMPILE
414 ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );