git.sur5r.net Git - openldap/blob - libraries/libldap/error.c

   1 /* $OpenLDAP$ */
   2 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
   3  *
   4  * Copyright 1998-2018 The OpenLDAP Foundation.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted only as authorized by the OpenLDAP
   9  * Public License.
  10  *
  11  * A copy of this license is available in the file LICENSE in the
  12  * top-level directory of the distribution or, alternatively, at
  13  * <http://www.OpenLDAP.org/license.html>.
  14  */
  15
  16 #include "portable.h"
  17
  18 #include <stdio.h>
  19
  20 #include <ac/stdlib.h>
  21
  22 #include <ac/socket.h>
  23 #include <ac/string.h>
  24 #include <ac/time.h>
  25
  26 #include "ldap-int.h"
  27
  28 void ldap_int_error_init( void ) {
  29 }
  30
  31 char *
  32 ldap_err2string( int err )
  33 {
  34         char *m;
  35
  36         Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 );
  37
  38         switch ( err ) {
  39 #       define C(code, message) case code: m = message; break
  40
  41         /* LDAPv3 (RFC 4511) codes */
  42         C(LDAP_SUCCESS,                                 N_("Success"));
  43         C(LDAP_OPERATIONS_ERROR,                N_("Operations error"));
  44         C(LDAP_PROTOCOL_ERROR,                  N_("Protocol error"));
  45         C(LDAP_TIMELIMIT_EXCEEDED,              N_("Time limit exceeded"));
  46         C(LDAP_SIZELIMIT_EXCEEDED,              N_("Size limit exceeded"));
  47         C(LDAP_COMPARE_FALSE,                   N_("Compare False"));
  48         C(LDAP_COMPARE_TRUE,                    N_("Compare True"));
  49         C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported"));
  50         C(LDAP_STRONG_AUTH_REQUIRED,    N_("Strong(er) authentication required"));
  51
  52         C(LDAP_REFERRAL,                                N_("Referral"));
  53         C(LDAP_ADMINLIMIT_EXCEEDED,             N_("Administrative limit exceeded"));
  54         C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
  55                                                                         N_("Critical extension is unavailable"));
  56         C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required"));
  57         C(LDAP_SASL_BIND_IN_PROGRESS,   N_("SASL bind in progress"));
  58
  59         C(LDAP_NO_SUCH_ATTRIBUTE,               N_("No such attribute"));
  60         C(LDAP_UNDEFINED_TYPE,                  N_("Undefined attribute type"));
  61         C(LDAP_INAPPROPRIATE_MATCHING,  N_("Inappropriate matching"));
  62         C(LDAP_CONSTRAINT_VIOLATION,    N_("Constraint violation"));
  63         C(LDAP_TYPE_OR_VALUE_EXISTS,    N_("Type or value exists"));
  64         C(LDAP_INVALID_SYNTAX,                  N_("Invalid syntax"));
  65
  66         C(LDAP_NO_SUCH_OBJECT,                  N_("No such object"));
  67         C(LDAP_ALIAS_PROBLEM,                   N_("Alias problem"));
  68         C(LDAP_INVALID_DN_SYNTAX,               N_("Invalid DN syntax"));
  69
  70         C(LDAP_ALIAS_DEREF_PROBLEM,             N_("Alias dereferencing problem"));
  71
  72         C(LDAP_INAPPROPRIATE_AUTH,              N_("Inappropriate authentication"));
  73         C(LDAP_INVALID_CREDENTIALS,     N_("Invalid credentials"));
  74         C(LDAP_INSUFFICIENT_ACCESS,     N_("Insufficient access"));
  75         C(LDAP_BUSY,                                    N_("Server is busy"));
  76         C(LDAP_UNAVAILABLE,                     N_("Server is unavailable"));
  77         C(LDAP_UNWILLING_TO_PERFORM,    N_("Server is unwilling to perform"));
  78         C(LDAP_LOOP_DETECT,                     N_("Loop detected"));
  79
  80         C(LDAP_NAMING_VIOLATION,                N_("Naming violation"));
  81         C(LDAP_OBJECT_CLASS_VIOLATION,  N_("Object class violation"));
  82         C(LDAP_NOT_ALLOWED_ON_NONLEAF,  N_("Operation not allowed on non-leaf"));
  83         C(LDAP_NOT_ALLOWED_ON_RDN,              N_("Operation not allowed on RDN"));
  84         C(LDAP_ALREADY_EXISTS,                  N_("Already exists"));
  85         C(LDAP_NO_OBJECT_CLASS_MODS,    N_("Cannot modify object class"));
  86
  87         C(LDAP_AFFECTS_MULTIPLE_DSAS,   N_("Operation affects multiple DSAs"));
  88
  89         /* Virtual List View draft */
  90         C(LDAP_VLV_ERROR,                               N_("Virtual List View error"));
  91
  92         C(LDAP_OTHER, N_("Other (e.g., implementation specific) error"));
  93
  94         /* LDAPv2 (RFC 1777) codes */
  95         C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received"));
  96         C(LDAP_IS_LEAF,                                 N_("Entry is a leaf"));
  97
  98         /* Connection-less LDAP (CLDAP - RFC 1798) code */
  99         C(LDAP_RESULTS_TOO_LARGE,               N_("Results too large"));
 100
 101         /* Cancel Operation (RFC 3909) codes */
 102         C(LDAP_CANCELLED,                               N_("Cancelled"));
 103         C(LDAP_NO_SUCH_OPERATION,               N_("No Operation to Cancel"));
 104         C(LDAP_TOO_LATE,                                N_("Too Late to Cancel"));
 105         C(LDAP_CANNOT_CANCEL,                   N_("Cannot Cancel"));
 106
 107         /* Assert Control (RFC 4528 and old internet-draft) codes */
 108         C(LDAP_ASSERTION_FAILED,                N_("Assertion Failed"));
 109         C(LDAP_X_ASSERTION_FAILED,              N_("Assertion Failed (X)"));
 110
 111         /* Proxied Authorization Control (RFC 4370 and I-D) codes */
 112         C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied"));
 113         C(LDAP_X_PROXY_AUTHZ_FAILURE,   N_("Proxy Authorization Failure (X)"));
 114
 115         /* Content Sync Operation (RFC 4533 and I-D) codes */
 116         C(LDAP_SYNC_REFRESH_REQUIRED,   N_("Content Sync Refresh Required"));
 117         C(LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)"));
 118
 119         /* No-Op Control (draft-zeilenga-ldap-noop) code */
 120         C(LDAP_X_NO_OPERATION,                  N_("No Operation (X)"));
 121
 122         /* Client Update Protocol (RFC 3928) codes */
 123         C(LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted"));
 124         C(LDAP_CUP_SECURITY_VIOLATION,  N_("LCUP Security Violation"));
 125         C(LDAP_CUP_INVALID_DATA,                N_("LCUP Invalid Data"));
 126         C(LDAP_CUP_UNSUPPORTED_SCHEME,  N_("LCUP Unsupported Scheme"));
 127         C(LDAP_CUP_RELOAD_REQUIRED,             N_("LCUP Reload Required"));
 128
 129 #ifdef LDAP_X_TXN
 130         /* Codes related to LDAP Transactions (draft-zeilenga-ldap-txn) */
 131         C(LDAP_X_TXN_SPECIFY_OKAY,              N_("TXN specify okay"));
 132         C(LDAP_X_TXN_ID_INVALID,                N_("TXN ID is invalid"));
 133 #endif
 134
 135         /* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */
 136         C(LDAP_SERVER_DOWN,                             N_("Can't contact LDAP server"));
 137         C(LDAP_LOCAL_ERROR,                             N_("Local error"));
 138         C(LDAP_ENCODING_ERROR,                  N_("Encoding error"));
 139         C(LDAP_DECODING_ERROR,                  N_("Decoding error"));
 140         C(LDAP_TIMEOUT,                                 N_("Timed out"));
 141         C(LDAP_AUTH_UNKNOWN,                    N_("Unknown authentication method"));
 142         C(LDAP_FILTER_ERROR,                    N_("Bad search filter"));
 143         C(LDAP_USER_CANCELLED,                  N_("User cancelled operation"));
 144         C(LDAP_PARAM_ERROR,                             N_("Bad parameter to an ldap routine"));
 145         C(LDAP_NO_MEMORY,                               N_("Out of memory"));
 146         C(LDAP_CONNECT_ERROR,                   N_("Connect error"));
 147         C(LDAP_NOT_SUPPORTED,                   N_("Not Supported"));
 148         C(LDAP_CONTROL_NOT_FOUND,               N_("Control not found"));
 149         C(LDAP_NO_RESULTS_RETURNED,             N_("No results returned"));
 150         C(LDAP_MORE_RESULTS_TO_RETURN,  N_("More results to return"));
 151         C(LDAP_CLIENT_LOOP,                             N_("Client Loop"));
 152         C(LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded"));
 153         C(LDAP_X_CONNECTING,                    N_("Connecting (X)"));
 154 #       undef C
 155
 156         default:
 157                 m = (LDAP_API_ERROR(err) ? N_("Unknown API error")
 158                          : LDAP_E_ERROR(err) ? N_("Unknown (extension) error")
 159                          : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error")
 160                          : N_("Unknown error"));
 161                 break;
 162         }
 163
 164         return _(m);
 165 }
 166
 167 /* deprecated */
 168 void
 169 ldap_perror( LDAP *ld, LDAP_CONST char *str )
 170 {
 171     int i;
 172
 173         assert( ld != NULL );
 174         assert( LDAP_VALID( ld ) );
 175         assert( str != NULL );
 176
 177         fprintf( stderr, "%s: %s (%d)\n",
 178                 str ? str : "ldap_perror",
 179                 ldap_err2string( ld->ld_errno ),
 180                 ld->ld_errno );
 181
 182         if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
 183                 fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
 184         }
 185
 186         if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
 187                 fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
 188         }
 189
 190         if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
 191                 fprintf( stderr, _("\treferrals:\n") );
 192                 for (i=0; ld->ld_referrals[i]; i++) {
 193                         fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
 194                 }
 195         }
 196
 197         fflush( stderr );
 198 }
 199
 200 /* deprecated */
 201 int
 202 ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
 203 {
 204         int rc, err;
 205
 206         rc = ldap_parse_result( ld, r, &err,
 207                 NULL, NULL, NULL, NULL, freeit );
 208
 209         return err != LDAP_SUCCESS ? err : rc;
 210 }
 211
 212 /*
 213  * Parse LDAPResult Messages:
 214  *
 215  *   LDAPResult ::= SEQUENCE {
 216  *     resultCode      ENUMERATED,
 217  *     matchedDN       LDAPDN,
 218  *     errorMessage    LDAPString,
 219  *     referral        [3] Referral OPTIONAL }
 220  *
 221  * including Bind results:
 222  *
 223  *   BindResponse ::= [APPLICATION 1] SEQUENCE {
 224  *     COMPONENTS OF LDAPResult,
 225  *     serverSaslCreds  [7] OCTET STRING OPTIONAL }
 226  *
 227  * and ExtendedOp results:
 228  *
 229  *   ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
 230  *     COMPONENTS OF LDAPResult,
 231  *     responseName     [10] LDAPOID OPTIONAL,
 232  *     response         [11] OCTET STRING OPTIONAL }
 233  *
 234  */
 235 int
 236 ldap_parse_result(
 237         LDAP                    *ld,
 238         LDAPMessage             *r,
 239         int                             *errcodep,
 240         char                    **matcheddnp,
 241         char                    **errmsgp,
 242         char                    ***referralsp,
 243         LDAPControl             ***serverctrls,
 244         int                             freeit )
 245 {
 246         LDAPMessage     *lm;
 247         ber_int_t errcode = LDAP_SUCCESS;
 248
 249         ber_tag_t tag;
 250         BerElement      *ber;
 251
 252         Debug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 );
 253
 254         assert( ld != NULL );
 255         assert( LDAP_VALID( ld ) );
 256         assert( r != NULL );
 257
 258         if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
 259         if(matcheddnp != NULL) *matcheddnp = NULL;
 260         if(errmsgp != NULL) *errmsgp = NULL;
 261         if(referralsp != NULL) *referralsp = NULL;
 262         if(serverctrls != NULL) *serverctrls = NULL;
 263
 264         LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
 265         /* Find the result, last msg in chain... */
 266         lm = r->lm_chain_tail;
 267         /* FIXME: either this is not possible (assert?)
 268          * or it should be handled */
 269         if ( lm != NULL ) {
 270                 switch ( lm->lm_msgtype ) {
 271                 case LDAP_RES_SEARCH_ENTRY:
 272                 case LDAP_RES_SEARCH_REFERENCE:
 273                 case LDAP_RES_INTERMEDIATE:
 274                         lm = NULL;
 275                         break;
 276
 277                 default:
 278                         break;
 279                 }
 280         }
 281
 282         if( lm == NULL ) {
 283                 errcode = ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
 284                 LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
 285             goto done;
 286         }
 287
 288         if ( ld->ld_error ) {
 289                 LDAP_FREE( ld->ld_error );
 290                 ld->ld_error = NULL;
 291         }
 292         if ( ld->ld_matched ) {
 293                 LDAP_FREE( ld->ld_matched );
 294                 ld->ld_matched = NULL;
 295         }
 296         if ( ld->ld_referrals ) {
 297                 LDAP_VFREE( ld->ld_referrals );
 298                 ld->ld_referrals = NULL;
 299         }
 300
 301         /* parse results */
 302
 303         ber = ber_dup( lm->lm_ber );
 304
 305         if ( ld->ld_version < LDAP_VERSION2 ) {
 306                 tag = ber_scanf( ber, "{iA}",
 307                         &ld->ld_errno, &ld->ld_error );
 308
 309         } else {
 310                 ber_len_t len;
 311
 312                 tag = ber_scanf( ber, "{iAA" /*}*/,
 313                         &ld->ld_errno, &ld->ld_matched, &ld->ld_error );
 314
 315                 if( tag != LBER_ERROR ) {
 316                         /* peek for referrals */
 317                         if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
 318                                 tag = ber_scanf( ber, "v", &ld->ld_referrals );
 319                         }
 320                 }
 321
 322                 /* need to clean out misc items */
 323                 if( tag != LBER_ERROR ) {
 324                         if( lm->lm_msgtype == LDAP_RES_BIND ) {
 325                                 /* look for sasl result credentials */
 326                                 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
 327                                         /* skip 'em */
 328                                         tag = ber_scanf( ber, "x" );
 329                                 }
 330
 331                         } else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
 332                                 /* look for exop result oid or value */
 333                                 if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
 334                                         /* skip 'em */
 335                                         tag = ber_scanf( ber, "x" );
 336                                 }
 337
 338                                 if ( tag != LBER_ERROR &&
 339                                         ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
 340                                 {
 341                                         /* skip 'em */
 342                                         tag = ber_scanf( ber, "x" );
 343                                 }
 344                         }
 345                 }
 346
 347                 if( tag != LBER_ERROR ) {
 348                         int rc = ldap_pvt_get_controls( ber, serverctrls );
 349
 350                         if( rc != LDAP_SUCCESS ) {
 351                                 tag = LBER_ERROR;
 352                         }
 353                 }
 354
 355                 if( tag != LBER_ERROR ) {
 356                         tag = ber_scanf( ber, /*{*/"}" );
 357                 }
 358         }
 359
 360         if ( tag == LBER_ERROR ) {
 361                 ld->ld_errno = errcode = LDAP_DECODING_ERROR;
 362         }
 363
 364         if( ber != NULL ) {
 365                 ber_free( ber, 0 );
 366         }
 367
 368         /* return */
 369         if( errcodep != NULL ) {
 370                 *errcodep = ld->ld_errno;
 371         }
 372         if ( errcode == LDAP_SUCCESS ) {
 373                 if( matcheddnp != NULL ) {
 374                         if ( ld->ld_matched )
 375                         {
 376                                 *matcheddnp = LDAP_STRDUP( ld->ld_matched );
 377                         }
 378                 }
 379                 if( errmsgp != NULL ) {
 380                         if ( ld->ld_error )
 381                         {
 382                                 *errmsgp = LDAP_STRDUP( ld->ld_error );
 383                         }
 384                 }
 385
 386                 if( referralsp != NULL) {
 387                         *referralsp = ldap_value_dup( ld->ld_referrals );
 388                 }
 389         }
 390         LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
 391
 392 done:
 393         if ( freeit ) {
 394                 ldap_msgfree( r );
 395         }
 396
 397         return errcode;
 398 }