From: Kurt Zeilenga Date: Sun, 6 Nov 2005 22:43:23 +0000 (+0000) Subject: Improve SASL error handling X-Git-Tag: OPENLDAP_REL_ENG_2_2_MP~84 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=4f63434511690204a65ca4b5be38b4100bd70626;p=openldap Improve SASL error handling --- diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c index ebaa7a3391..548f365952 100644 --- a/libraries/libldap/cyrus.c +++ b/libraries/libldap/cyrus.c @@ -455,6 +455,15 @@ sasl_err2ldap( int saslerr ) { int rc; + /* map SASL errors to LDAP API errors returned by: + * sasl_client_new() + * SASL_OK, SASL_NOMECH, SASL_NOMEM + * sasl_client_start() + * SASL_OK, SASL_NOMECH, SASL_NOMEM, SASL_INTERACT + * sasl_client_step() + * SASL_OK, SASL_INTERACT, SASL_BADPROT, SASL_BADSERV + */ + switch (saslerr) { case SASL_CONTINUE: rc = LDAP_MORE_RESULTS_TO_RETURN; @@ -465,21 +474,29 @@ sasl_err2ldap( int saslerr ) case SASL_OK: rc = LDAP_SUCCESS; break; - case SASL_FAIL: - rc = LDAP_LOCAL_ERROR; - break; case SASL_NOMEM: rc = LDAP_NO_MEMORY; break; case SASL_NOMECH: rc = LDAP_AUTH_UNKNOWN; break; + case SASL_BADPROT: + rc = LDAP_DECODING_ERROR; + break; + case SASL_BADSERV: + rc = LDAP_AUTH_UNKNOWN; + break; + + /* other codes */ case SASL_BADAUTH: rc = LDAP_AUTH_UNKNOWN; break; case SASL_NOAUTHZ: rc = LDAP_PARAM_ERROR; break; + case SASL_FAIL: + rc = LDAP_LOCAL_ERROR; + break; case SASL_TOOWEAK: case SASL_ENCRYPT: rc = LDAP_AUTH_UNKNOWN; diff --git a/libraries/libldap/error.c b/libraries/libldap/error.c index 529a3e2eea..b1482eb93e 100644 --- a/libraries/libldap/error.c +++ b/libraries/libldap/error.c @@ -98,6 +98,13 @@ static struct ldaperror ldap_builtin_errlist[] = { {LDAP_X_NO_OPERATION, N_("No Operation (X)")}, + {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")}, + {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")}, + {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")}, + {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")}, + {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")}, + + /* API ResultCodes */ {LDAP_SERVER_DOWN, N_("Can't contact LDAP server")}, {LDAP_LOCAL_ERROR, N_("Local error")}, @@ -118,12 +125,6 @@ static struct ldaperror ldap_builtin_errlist[] = { {LDAP_CLIENT_LOOP, N_("Client Loop")}, {LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")}, - {LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")}, - {LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")}, - {LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")}, - {LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")}, - {LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")}, - {0, NULL} }; diff --git a/servers/slapd/sasl.c b/servers/slapd/sasl.c index 394c0a0871..58f8a96342 100644 --- a/servers/slapd/sasl.c +++ b/servers/slapd/sasl.c @@ -833,6 +833,18 @@ slap_sasl_err2ldap( int saslerr ) { int rc; + /* map SASL errors to LDAP resultCode returned by: + * sasl_server_new() + * SASL_OK, SASL_NOMEM + * sasl_server_step() + * SASL_OK, SASL_CONTINUE, SASL_TRANS, SASL_BADPARAM, SASL_BADPROT, + * ... + * sasl_server_start() + * + SASL_NOMECH + * sasl_setprop() + * SASL_OK, SASL_BADPARAM + */ + switch (saslerr) { case SASL_OK: rc = LDAP_SUCCESS; @@ -841,8 +853,6 @@ slap_sasl_err2ldap( int saslerr ) rc = LDAP_SASL_BIND_IN_PROGRESS; break; case SASL_FAIL: - rc = LDAP_OTHER; - break; case SASL_NOMEM: rc = LDAP_OTHER; break; @@ -850,6 +860,9 @@ slap_sasl_err2ldap( int saslerr ) rc = LDAP_AUTH_METHOD_NOT_SUPPORTED; break; case SASL_BADAUTH: + case SASL_NOUSER: + case SASL_TRANS: + case SASL_EXPIRED: rc = LDAP_INVALID_CREDENTIALS; break; case SASL_NOAUTHZ: @@ -859,6 +872,13 @@ slap_sasl_err2ldap( int saslerr ) case SASL_ENCRYPT: rc = LDAP_INAPPROPRIATE_AUTH; break; + case SASL_UNAVAIL: + case SASL_TRYAGAIN: + rc = LDAP_UNAVAILABLE; + break; + case SASL_DISABLED: + rc = LDAP_UNWILLING_TO_PERFORM; + break; default: rc = LDAP_OTHER; break;