X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=libraries%2Flibldap%2Ferror.c;h=250f2b9f1adef00c3b5018396d4b91074dc84fc9;hb=ae471f78c32d7531c729aa88116b8b413cc200bf;hp=4fe8f855c62d49a7963ba2912a127b1c668a9534;hpb=a9d6d0c6a13f26cab4df22dceb9885f0fd786323;p=openldap
diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c
index 4fe8f855c6..250f2b9f1a 100644
--- a/libraries/libldap/error.c
+++ b/libraries/libldap/error.c
@@ -1,7 +1,23 @@
+/* $OpenLDAP$ */
+/* This work is part of OpenLDAP Software .
+ *
+ * Copyright 1998-2008 The OpenLDAP Foundation.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted only as authorized by the OpenLDAP
+ * Public License.
+ *
+ * A copy of this license is available in the file LICENSE in the
+ * top-level directory of the distribution or, alternatively, at
+ * .
+ */
+
#include "portable.h"
#include
-#include
+
+#include
#include
#include
@@ -11,158 +27,393 @@
struct ldaperror {
int e_code;
- char *e_reason;
+ char *e_reason;
};
-static struct ldaperror ldap_errlist[] = {
- {LDAP_SUCCESS, "Success" },
- {LDAP_OPERATIONS_ERROR, "Operations error" },
- {LDAP_PROTOCOL_ERROR, "Protocol error" },
- {LDAP_TIMELIMIT_EXCEEDED, "Timelimit exceeded" },
- {LDAP_SIZELIMIT_EXCEEDED, "Sizelimit exceeded" },
- {LDAP_COMPARE_FALSE, "Compare false" },
- {LDAP_COMPARE_TRUE, "Compare true" },
- {LDAP_STRONG_AUTH_NOT_SUPPORTED, "Strong authentication not supported" },
- {LDAP_STRONG_AUTH_REQUIRED, "Strong authentication required" },
- {LDAP_PARTIAL_RESULTS, "Partial results and referral received" },
- {LDAP_NO_SUCH_ATTRIBUTE, "No such attribute" },
- {LDAP_UNDEFINED_TYPE, "Undefined attribute type" },
- {LDAP_INAPPROPRIATE_MATCHING, "Inappropriate matching" },
- {LDAP_CONSTRAINT_VIOLATION, "Constraint violation" },
- {LDAP_TYPE_OR_VALUE_EXISTS, "Type or value exists" },
- {LDAP_INVALID_SYNTAX, "Invalid syntax" },
- {LDAP_NO_SUCH_OBJECT, "No such object" },
- {LDAP_ALIAS_PROBLEM, "Alias problem" },
- {LDAP_INVALID_DN_SYNTAX, "Invalid DN syntax" },
- {LDAP_IS_LEAF, "Object is a leaf" },
- {LDAP_ALIAS_DEREF_PROBLEM, "Alias dereferencing problem" },
- {LDAP_INAPPROPRIATE_AUTH, "Inappropriate authentication" },
- {LDAP_INVALID_CREDENTIALS, "Invalid credentials" },
- {LDAP_INSUFFICIENT_ACCESS, "Insufficient access" },
- {LDAP_BUSY, "DSA is busy" },
- {LDAP_UNAVAILABLE, "DSA is unavailable" },
- {LDAP_UNWILLING_TO_PERFORM, "DSA is unwilling to perform" },
- {LDAP_LOOP_DETECT, "Loop detected" },
- {LDAP_NAMING_VIOLATION, "Naming violation" },
- {LDAP_OBJECT_CLASS_VIOLATION, "Object class violation" },
- {LDAP_NOT_ALLOWED_ON_NONLEAF, "Operation not allowed on nonleaf" },
- {LDAP_NOT_ALLOWED_ON_RDN, "Operation not allowed on RDN" },
- {LDAP_ALREADY_EXISTS, "Already exists" },
- {LDAP_NO_OBJECT_CLASS_MODS, "Cannot modify object class" },
- {LDAP_RESULTS_TOO_LARGE, "Results too large" },
- {LDAP_OTHER, "Unknown error" },
- {LDAP_SERVER_DOWN, "Can't contact LDAP server" },
- {LDAP_LOCAL_ERROR, "Local error" },
- {LDAP_ENCODING_ERROR, "Encoding error" },
- {LDAP_DECODING_ERROR, "Decoding error" },
- {LDAP_TIMEOUT, "Timed out" },
- {LDAP_AUTH_UNKNOWN, "Unknown authentication method" },
- {LDAP_FILTER_ERROR, "Bad search filter" },
- {LDAP_USER_CANCELLED, "User cancelled operation" },
- {LDAP_PARAM_ERROR, "Bad parameter to an ldap routine" },
- {LDAP_NO_MEMORY, "Out of memory" },
- {-1, 0 }
+static struct ldaperror ldap_builtin_errlist[] = {
+ {LDAP_SUCCESS, N_("Success")},
+ {LDAP_OPERATIONS_ERROR, N_("Operations error")},
+ {LDAP_PROTOCOL_ERROR, N_("Protocol error")},
+ {LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")},
+ {LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")},
+ {LDAP_COMPARE_FALSE, N_("Compare False")},
+ {LDAP_COMPARE_TRUE, N_("Compare True")},
+ {LDAP_STRONG_AUTH_NOT_SUPPORTED, N_("Authentication method not supported")},
+ {LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")},
+ {LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")},
+
+ {LDAP_REFERRAL, N_("Referral")},
+ {LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")},
+ {LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
+ N_("Critical extension is unavailable")},
+ {LDAP_CONFIDENTIALITY_REQUIRED, N_("Confidentiality required")},
+ {LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")},
+
+ {LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")},
+ {LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")},
+ {LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")},
+ {LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")},
+ {LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")},
+ {LDAP_INVALID_SYNTAX, N_("Invalid syntax")},
+
+ {LDAP_NO_SUCH_OBJECT, N_("No such object")},
+ {LDAP_ALIAS_PROBLEM, N_("Alias problem")},
+ {LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")},
+ {LDAP_IS_LEAF, N_("Entry is a leaf")},
+ {LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")},
+
+ {LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")},
+ {LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")},
+ {LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")},
+ {LDAP_BUSY, N_("Server is busy")},
+ {LDAP_UNAVAILABLE, N_("Server is unavailable")},
+ {LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")},
+ {LDAP_LOOP_DETECT, N_("Loop detected")},
+
+ {LDAP_NAMING_VIOLATION, N_("Naming violation")},
+ {LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")},
+ {LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")},
+ {LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")},
+ {LDAP_ALREADY_EXISTS, N_("Already exists")},
+ {LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")},
+ {LDAP_RESULTS_TOO_LARGE, N_("Results too large")},
+ {LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")},
+
+ {LDAP_OTHER, N_("Other (e.g., implementation specific) error")},
+
+ {LDAP_CANCELLED, N_("Cancelled")},
+ {LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")},
+ {LDAP_TOO_LATE, N_("Too Late to Cancel")},
+ {LDAP_CANNOT_CANCEL, N_("Cannot Cancel")},
+
+ {LDAP_ASSERTION_FAILED, N_("Assertion Failed")},
+ {LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")},
+
+ {LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")},
+ {LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")},
+
+ {LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")},
+ {LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")},
+
+ {LDAP_X_NO_OPERATION, N_("No Operation (X)")},
+
+ {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")},
+ {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")},
+ {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")},
+ {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")},
+ {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")},
+
+#ifdef LDAP_X_TXN
+ {LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")},
+ {LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")},
+#endif
+
+ /* API ResultCodes */
+ {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")},
+ {LDAP_LOCAL_ERROR, N_("Local error")},
+ {LDAP_ENCODING_ERROR, N_("Encoding error")},
+ {LDAP_DECODING_ERROR, N_("Decoding error")},
+ {LDAP_TIMEOUT, N_("Timed out")},
+ {LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")},
+ {LDAP_FILTER_ERROR, N_("Bad search filter")},
+ {LDAP_USER_CANCELLED, N_("User cancelled operation")},
+ {LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")},
+ {LDAP_NO_MEMORY, N_("Out of memory")},
+
+ {LDAP_CONNECT_ERROR, N_("Connect error")},
+ {LDAP_NOT_SUPPORTED, N_("Not Supported")},
+ {LDAP_CONTROL_NOT_FOUND, N_("Control not found")},
+ {LDAP_NO_RESULTS_RETURNED, N_("No results returned")},
+ {LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")},
+ {LDAP_CLIENT_LOOP, N_("Client Loop")},
+ {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")},
+
+ {0, NULL}
};
-char *
-ldap_err2string( int err )
+static struct ldaperror *ldap_errlist = ldap_builtin_errlist;
+
+void ldap_int_error_init( void ) {
+}
+
+static const struct ldaperror *
+ldap_int_error( int err )
{
int i;
+ /* XXYYZ: O(n) search instead of O(1) lookup */
+ for ( i=0; ldap_errlist[i].e_reason != NULL; i++ ) {
+ if ( err == ldap_errlist[i].e_code ) {
+ return &ldap_errlist[i];
+ }
+ }
+
+ return NULL;
+}
+
+char *
+ldap_err2string( int err )
+{
+ const struct ldaperror *e;
+
Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
- for ( i = 0; ldap_errlist[i].e_code != -1; i++ ) {
- if ( err == ldap_errlist[i].e_code )
- return( ldap_errlist[i].e_reason );
+ e = ldap_int_error( err );
+
+ if (e) {
+ return e->e_reason;
+
+ } else if ( LDAP_API_ERROR(err) ) {
+ return _("Unknown API error");
+
+ } else if ( LDAP_E_ERROR(err) ) {
+ return _("Unknown (extension) error");
+
+ } else if ( LDAP_X_ERROR(err) ) {
+ return _("Unknown (private extension) error");
}
- return( "Unknown error" );
+ return _("Unknown error");
}
+/* deprecated */
void
-ldap_perror( LDAP *ld, char *s )
+ldap_perror( LDAP *ld, LDAP_CONST char *str )
{
-#ifdef LDAP_LIBUI
- int i;
-
+ int i;
+ const struct ldaperror *e;
Debug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 );
- if ( ld == NULL ) {
- perror( s );
- return;
- }
-
- for ( i = 0; ldap_errlist[i].e_code != -1; i++ ) {
- if ( ld->ld_errno == ldap_errlist[i].e_code ) {
- fprintf( stderr, "%s: %s\n", s,
- ldap_errlist[i].e_reason );
- if ( ld->ld_matched != NULL && *ld->ld_matched != '\0' )
- fprintf( stderr, "%s: matched: %s\n", s,
- ld->ld_matched );
- if ( ld->ld_error != NULL && *ld->ld_error != '\0' )
- fprintf( stderr, "%s: additional info: %s\n",
- s, ld->ld_error );
- fflush( stderr );
- return;
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( str != NULL );
+
+ e = ldap_int_error( ld->ld_errno );
+
+ fprintf( stderr, "%s: %s (%d)\n",
+ str ? str : "ldap_perror",
+ e ? _(e->e_reason) : _("unknown result code"),
+ ld->ld_errno );
+
+ if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
+ fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
+ }
+
+ if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
+ fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
+ }
+
+ if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
+ fprintf( stderr, _("\treferrals:\n") );
+ for (i=0; ld->ld_referrals[i]; i++) {
+ fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
}
}
- fprintf( stderr, "%s: Not an LDAP errno %d\n", s, ld->ld_errno );
fflush( stderr );
-#endif /* !LDAP_LIBUI */
}
+/* deprecated */
int
ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
+{
+ int rc, err;
+
+ rc = ldap_parse_result( ld, r, &err,
+ NULL, NULL, NULL, NULL, freeit );
+
+ return err != LDAP_SUCCESS ? err : rc;
+}
+
+/*
+ * Parse LDAPResult Messages:
+ *
+ * LDAPResult ::= SEQUENCE {
+ * resultCode ENUMERATED,
+ * matchedDN LDAPDN,
+ * errorMessage LDAPString,
+ * referral [3] Referral OPTIONAL }
+ *
+ * including Bind results:
+ *
+ * BindResponse ::= [APPLICATION 1] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * serverSaslCreds [7] OCTET STRING OPTIONAL }
+ *
+ * and ExtendedOp results:
+ *
+ * ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
+ * COMPONENTS OF LDAPResult,
+ * responseName [10] LDAPOID OPTIONAL,
+ * response [11] OCTET STRING OPTIONAL }
+ *
+ */
+int
+ldap_parse_result(
+ LDAP *ld,
+ LDAPMessage *r,
+ int *errcodep,
+ char **matcheddnp,
+ char **errmsgp,
+ char ***referralsp,
+ LDAPControl ***serverctrls,
+ int freeit )
{
LDAPMessage *lm;
- BerElement ber;
- long along;
- unsigned long rc;
+ ber_int_t errcode = LDAP_SUCCESS;
- Debug( LDAP_DEBUG_TRACE, "ldap_result2error\n", 0, 0, 0 );
+ ber_tag_t tag;
+ BerElement *ber;
- if ( r == NULLMSG )
- return( LDAP_PARAM_ERROR );
+ Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
+
+ assert( ld != NULL );
+ assert( LDAP_VALID( ld ) );
+ assert( r != NULL );
+
+ if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
+ if(matcheddnp != NULL) *matcheddnp = NULL;
+ if(errmsgp != NULL) *errmsgp = NULL;
+ if(referralsp != NULL) *referralsp = NULL;
+ if(serverctrls != NULL) *serverctrls = NULL;
+
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_lock( &ld->ld_res_mutex );
+#endif
+ /* Find the result, last msg in chain... */
+ lm = r->lm_chain_tail;
+ /* FIXME: either this is not possible (assert?)
+ * or it should be handled */
+ if ( lm != NULL ) {
+ switch ( lm->lm_msgtype ) {
+ case LDAP_RES_SEARCH_ENTRY:
+ case LDAP_RES_SEARCH_REFERENCE:
+ case LDAP_RES_INTERMEDIATE:
+ lm = NULL;
+ break;
+
+ default:
+ break;
+ }
+ }
- for ( lm = r; lm->lm_chain != NULL; lm = lm->lm_chain )
- ; /* NULL */
+ if( lm == NULL ) {
+ ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
+ return ld->ld_errno;
+ }
if ( ld->ld_error ) {
- free( ld->ld_error );
+ LDAP_FREE( ld->ld_error );
ld->ld_error = NULL;
}
if ( ld->ld_matched ) {
- free( ld->ld_matched );
+ LDAP_FREE( ld->ld_matched );
ld->ld_matched = NULL;
}
+ if ( ld->ld_referrals ) {
+ LDAP_VFREE( ld->ld_referrals );
+ ld->ld_referrals = NULL;
+ }
+
+ /* parse results */
+
+ ber = ber_dup( lm->lm_ber );
+
+ if ( ld->ld_version < LDAP_VERSION2 ) {
+ tag = ber_scanf( ber, "{iA}",
+ &ld->ld_errno, &ld->ld_error );
- ber = *(lm->lm_ber);
- if ( ld->ld_version == LDAP_VERSION2 ) {
- rc = ber_scanf( &ber, "{iaa}", &along, &ld->ld_matched,
- &ld->ld_error );
} else {
- rc = ber_scanf( &ber, "{ia}", &along, &ld->ld_error );
+ ber_len_t len;
+
+ tag = ber_scanf( ber, "{iAA" /*}*/,
+ &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
+
+ if( tag != LBER_ERROR ) {
+ /* peek for referrals */
+ if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
+ tag = ber_scanf( ber, "v", &ld->ld_referrals );
+ }
+ }
+
+ /* need to clean out misc items */
+ if( tag != LBER_ERROR ) {
+ if( lm->lm_msgtype == LDAP_RES_BIND ) {
+ /* look for sasl result creditials */
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+
+ } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
+ /* look for exop result oid or value */
+ if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+
+ if ( tag != LBER_ERROR &&
+ ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
+ {
+ /* skip 'em */
+ tag = ber_scanf( ber, "x" );
+ }
+ }
+ }
+
+ if( tag != LBER_ERROR ) {
+ int rc = ldap_pvt_get_controls( ber, serverctrls );
+
+ if( rc != LDAP_SUCCESS ) {
+ tag = LBER_ERROR;
+ }
+ }
+
+ if( tag != LBER_ERROR ) {
+ tag = ber_scanf( ber, /*{*/"}" );
+ }
}
- if ( rc == LBER_ERROR ) {
- ld->ld_errno = LDAP_DECODING_ERROR;
- } else {
- ld->ld_errno = (int) along;
+
+ if ( tag == LBER_ERROR ) {
+ ld->ld_errno = errcode = LDAP_DECODING_ERROR;
}
- if ( freeit )
- ldap_msgfree( r );
+ if( ber != NULL ) {
+ ber_free( ber, 0 );
+ }
- return( ld->ld_errno );
-}
+ /* return */
+ if( errcodep != NULL ) {
+ *errcodep = ld->ld_errno;
+ }
+ if ( errcode == LDAP_SUCCESS ) {
+ if( matcheddnp != NULL ) {
+ if ( ld->ld_matched )
+ {
+ *matcheddnp = LDAP_STRDUP( ld->ld_matched );
+ }
+ }
+ if( errmsgp != NULL ) {
+ if ( ld->ld_error )
+ {
+ *errmsgp = LDAP_STRDUP( ld->ld_error );
+ }
+ }
+
+ if( referralsp != NULL) {
+ *referralsp = ldap_value_dup( ld->ld_referrals );
+ }
+ }
+ if ( freeit ) {
+ ldap_msgfree( r );
+ }
+#ifdef LDAP_R_COMPILE
+ ldap_pvt_thread_mutex_unlock( &ld->ld_res_mutex );
+#endif
-int
-ldap_get_lderrno(LDAP *ld, char **matched, char **msg)
-{
- if ( matched )
- *matched = ld->ld_matched;
- if ( msg )
- *msg = NULL;
- return( ld->ld_errno );
+ return( errcode );
}