diff options
author | Matt A. Tobin <email@mattatobin.com> | 2019-11-03 13:17:15 -0500 |
---|---|---|
committer | Matt A. Tobin <email@mattatobin.com> | 2019-11-03 13:17:15 -0500 |
commit | 6513e41cb75e64384f35470d59ad6a4f88092e82 (patch) | |
tree | 969c588ab5703c74ece39a7da0be5faf3d868cef /ldap/c-sdk/libldap/error.c | |
parent | 2d4aca6d0036937afadfb93359d31fe3b4eabf84 (diff) | |
download | UXP-6513e41cb75e64384f35470d59ad6a4f88092e82.tar UXP-6513e41cb75e64384f35470d59ad6a4f88092e82.tar.gz UXP-6513e41cb75e64384f35470d59ad6a4f88092e82.tar.lz UXP-6513e41cb75e64384f35470d59ad6a4f88092e82.tar.xz UXP-6513e41cb75e64384f35470d59ad6a4f88092e82.zip |
Issue #1258 - Part 2: Use binoc-central version of ldap
Diffstat (limited to 'ldap/c-sdk/libldap/error.c')
-rw-r--r-- | ldap/c-sdk/libldap/error.c | 490 |
1 files changed, 490 insertions, 0 deletions
diff --git a/ldap/c-sdk/libldap/error.c b/ldap/c-sdk/libldap/error.c new file mode 100644 index 000000000..82cbb56cb --- /dev/null +++ b/ldap/c-sdk/libldap/error.c @@ -0,0 +1,490 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is Mozilla Communicator client code, released + * March 31, 1998. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1998-1999 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either of the GNU General Public License Version 2 or later (the "GPL"), + * or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ +#include "ldap-int.h" + +struct ldaperror { + int e_code; + char *e_reason; +}; + +static struct ldaperror ldap_errlist[] = { + { LDAP_SUCCESS, "Success" }, + { LDAP_OPERATIONS_ERROR, "Operations error" }, + { LDAP_PROTOCOL_ERROR, "Protocol error" }, + { LDAP_TIMELIMIT_EXCEEDED, "Timelimit exceeded" }, + { LDAP_SIZELIMIT_EXCEEDED, "Sizelimit exceeded" }, + { LDAP_COMPARE_FALSE, "Compare false" }, + { LDAP_COMPARE_TRUE, "Compare true" }, + { LDAP_STRONG_AUTH_NOT_SUPPORTED, "Authentication method not supported" }, + { LDAP_STRONG_AUTH_REQUIRED, "Strong authentication required" }, + { LDAP_PARTIAL_RESULTS, "Partial results and referral received" }, + { LDAP_REFERRAL, "Referral received" }, + { LDAP_ADMINLIMIT_EXCEEDED, "Administrative limit exceeded" }, + { LDAP_UNAVAILABLE_CRITICAL_EXTENSION, "Unavailable critical extension" }, + { LDAP_CONFIDENTIALITY_REQUIRED, "Confidentiality required" }, + { LDAP_SASL_BIND_IN_PROGRESS, "SASL bind in progress" }, + + { LDAP_NO_SUCH_ATTRIBUTE, "No such attribute" }, + { LDAP_UNDEFINED_TYPE, "Undefined attribute type" }, + { LDAP_INAPPROPRIATE_MATCHING, "Inappropriate matching" }, + { LDAP_CONSTRAINT_VIOLATION, "Constraint violation" }, + { LDAP_TYPE_OR_VALUE_EXISTS, "Type or value exists" }, + { LDAP_INVALID_SYNTAX, "Invalid syntax" }, + + { LDAP_NO_SUCH_OBJECT, "No such object" }, + { LDAP_ALIAS_PROBLEM, "Alias problem" }, + { LDAP_INVALID_DN_SYNTAX, "Invalid DN syntax" }, + { LDAP_IS_LEAF, "Object is a leaf" }, + { LDAP_ALIAS_DEREF_PROBLEM, "Alias dereferencing problem" }, + + { LDAP_INAPPROPRIATE_AUTH, "Inappropriate authentication" }, + { LDAP_INVALID_CREDENTIALS, "Invalid credentials" }, + { LDAP_INSUFFICIENT_ACCESS, "Insufficient access" }, + { LDAP_BUSY, "DSA is busy" }, + { LDAP_UNAVAILABLE, "DSA is unavailable" }, + { LDAP_UNWILLING_TO_PERFORM, "DSA is unwilling to perform" }, + { LDAP_LOOP_DETECT, "Loop detected" }, + { LDAP_SORT_CONTROL_MISSING, "Sort Control is missing" }, + { LDAP_INDEX_RANGE_ERROR, "Search results exceed the range specified by the offsets" }, + + { LDAP_NAMING_VIOLATION, "Naming violation" }, + { LDAP_OBJECT_CLASS_VIOLATION, "Object class violation" }, + { LDAP_NOT_ALLOWED_ON_NONLEAF, "Operation not allowed on nonleaf" }, + { LDAP_NOT_ALLOWED_ON_RDN, "Operation not allowed on RDN" }, + { LDAP_ALREADY_EXISTS, "Already exists" }, + { LDAP_NO_OBJECT_CLASS_MODS, "Cannot modify object class" }, + { LDAP_RESULTS_TOO_LARGE, "Results too large" }, + { LDAP_AFFECTS_MULTIPLE_DSAS, "Affects multiple servers" }, + + { LDAP_OTHER, "Unknown error" }, + { LDAP_SERVER_DOWN, "Can't contact LDAP server" }, + { LDAP_LOCAL_ERROR, "Local error" }, + { LDAP_ENCODING_ERROR, "Encoding error" }, + { LDAP_DECODING_ERROR, "Decoding error" }, + { LDAP_TIMEOUT, "Timed out" }, + { LDAP_AUTH_UNKNOWN, "Unknown authentication method" }, + { LDAP_FILTER_ERROR, "Bad search filter" }, + { LDAP_USER_CANCELLED, "User cancelled operation" }, + { LDAP_PARAM_ERROR, "Bad parameter to an ldap routine" }, + { LDAP_NO_MEMORY, "Out of memory" }, + { LDAP_CONNECT_ERROR, "Can't connect to the LDAP server" }, + { LDAP_NOT_SUPPORTED, "Not supported by this version of the LDAP protocol" }, + { LDAP_CONTROL_NOT_FOUND, "Requested LDAP control not found" }, + { LDAP_NO_RESULTS_RETURNED, "No results returned" }, + { LDAP_MORE_RESULTS_TO_RETURN, "More results to return" }, + { LDAP_CLIENT_LOOP, "Client detected loop" }, + { LDAP_REFERRAL_LIMIT_EXCEEDED, "Referral hop limit exceeded" }, + { -1, 0 } +}; + +char * +LDAP_CALL +ldap_err2string( int err ) +{ + int i; + + LDAPDebug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); + + for ( i = 0; ldap_errlist[i].e_code != -1; i++ ) { + if ( err == ldap_errlist[i].e_code ) + return( ldap_errlist[i].e_reason ); + } + + return( "Unknown error" ); +} + + +static char * +nsldapi_safe_strerror( int e ) +{ + char *s; + + if (( s = strerror( e )) == NULL ) { + s = "unknown error"; + } + + return( s ); +} + + +void +LDAP_CALL +ldap_perror( LDAP *ld, const char *s ) +{ + int i, err; + char *matched = NULL; + char *errmsg = NULL; + char *separator; + char msg[1024]; + + LDAPDebug( LDAP_DEBUG_TRACE, "ldap_perror\n", 0, 0, 0 ); + + if ( s == NULL ) { + s = separator = ""; + } else { + separator = ": "; + } + + if ( ld == NULL ) { + snprintf( msg, sizeof( msg ), + "%s%s%s", s, separator, nsldapi_safe_strerror( errno ) ); + ber_err_print( msg ); + return; + } + + LDAP_MUTEX_LOCK( ld, LDAP_ERR_LOCK ); + err = LDAP_GET_LDERRNO( ld, &matched, &errmsg ); + for ( i = 0; ldap_errlist[i].e_code != -1; i++ ) { + if ( err == ldap_errlist[i].e_code ) { + snprintf( msg, sizeof( msg ), + "%s%s%s", s, separator, ldap_errlist[i].e_reason ); + ber_err_print( msg ); + if ( err == LDAP_CONNECT_ERROR ) { + ber_err_print( " - " ); + ber_err_print( nsldapi_safe_strerror( + LDAP_GET_ERRNO( ld ))); + } + ber_err_print( "\n" ); + if ( matched != NULL && *matched != '\0' ) { + snprintf( msg, sizeof( msg ), + "%s%smatched: %s\n", s, separator, matched ); + ber_err_print( msg ); + } + if ( errmsg != NULL && *errmsg != '\0' ) { + snprintf( msg, sizeof( msg ), + "%s%sadditional info: %s\n", s, separator, errmsg ); + ber_err_print( msg ); + } + LDAP_MUTEX_UNLOCK( ld, LDAP_ERR_LOCK ); + return; + } + } + snprintf( msg, sizeof( msg ), + "%s%sNot an LDAP errno %d\n", s, separator, err ); + ber_err_print( msg ); + LDAP_MUTEX_UNLOCK( ld, LDAP_ERR_LOCK ); +} + +int +LDAP_CALL +ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit ) +{ + int lderr_parse, lderr; + + lderr_parse = ldap_parse_result( ld, r, &lderr, NULL, NULL, NULL, + NULL, freeit ); + + if ( lderr_parse != LDAP_SUCCESS ) { + return( lderr_parse ); + } + + return( lderr ); +} + +int +LDAP_CALL +ldap_get_lderrno( LDAP *ld, char **m, char **s ) +{ + if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { + return( LDAP_PARAM_ERROR ); /* punt */ + } + + if ( ld->ld_get_lderrno_fn == NULL ) { + if ( m != NULL ) { + *m = ld->ld_matched; + } + if ( s != NULL ) { + *s = ld->ld_error; + } + return( ld->ld_errno ); + } else { + return( ld->ld_get_lderrno_fn( m, s, ld->ld_lderrno_arg ) ); + } +} + + +/* + * Note: there is no need for callers of ldap_set_lderrno() to lock the + * ld mutex. If applications intend to share an LDAP session handle + * between threads they *must* perform their own locking around the + * session handle or they must install a "set lderrno" thread callback + * function. + * + */ +int +LDAP_CALL +ldap_set_lderrno( LDAP *ld, int e, char *m, char *s ) +{ + if ( !NSLDAPI_VALID_LDAP_POINTER( ld )) { + return( LDAP_PARAM_ERROR ); + } + + if ( ld->ld_set_lderrno_fn != NULL ) { + ld->ld_set_lderrno_fn( e, m, s, ld->ld_lderrno_arg ); + } else { + LDAP_MUTEX_LOCK( ld, LDAP_ERR_LOCK ); + ld->ld_errno = e; + if ( ld->ld_matched ) { + NSLDAPI_FREE( ld->ld_matched ); + } + ld->ld_matched = m; + if ( ld->ld_error ) { + NSLDAPI_FREE( ld->ld_error ); + } + ld->ld_error = s; + LDAP_MUTEX_UNLOCK( ld, LDAP_ERR_LOCK ); + } + + return( LDAP_SUCCESS ); +} + + +/* + * Returns an LDAP error that says whether parse succeeded. The error code + * from the LDAP result itself is returned in the errcodep result parameter. + * If any of the result params. (errcodep, matchednp, errmsgp, referralsp, + * or serverctrlsp) are NULL we don't return that info. + */ +int +LDAP_CALL +ldap_parse_result( LDAP *ld, LDAPMessage *res, int *errcodep, char **matchednp, + char **errmsgp, char ***referralsp, LDAPControl ***serverctrlsp, + int freeit ) +{ + LDAPMessage *lm; + int err, errcode; + char *m, *e; + m = e = NULL; + + LDAPDebug( LDAP_DEBUG_TRACE, "ldap_parse_result\n", 0, 0, 0 ); + + if ( !NSLDAPI_VALID_LDAP_POINTER( ld ) || + !NSLDAPI_VALID_LDAPMESSAGE_POINTER( res )) { + return( LDAP_PARAM_ERROR ); + } + + /* skip over entries and references to find next result in this chain */ + for ( lm = res; lm != NULL; lm = lm->lm_chain ) { + if ( lm->lm_msgtype != LDAP_RES_SEARCH_ENTRY && + lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) { + break; + } + } + + if ( lm == NULL ) { + err = LDAP_NO_RESULTS_RETURNED; + LDAP_SET_LDERRNO( ld, err, NULL, NULL ); + return( err ); + } + + err = nsldapi_parse_result( ld, lm->lm_msgtype, lm->lm_ber, &errcode, + &m, &e, referralsp, serverctrlsp ); + + if ( err == LDAP_SUCCESS ) { + if ( errcodep != NULL ) { + *errcodep = errcode; + } + if ( matchednp != NULL ) { + *matchednp = nsldapi_strdup( m ); + } + if ( errmsgp != NULL ) { + *errmsgp = nsldapi_strdup( e ); + } + + /* + * if there are more result messages in the chain, arrange to + * return the special LDAP_MORE_RESULTS_TO_RETURN "error" code. + */ + for ( lm = lm->lm_chain; lm != NULL; lm = lm->lm_chain ) { + if ( lm->lm_msgtype != LDAP_RES_SEARCH_ENTRY && + lm->lm_msgtype != LDAP_RES_SEARCH_REFERENCE ) { + err = LDAP_MORE_RESULTS_TO_RETURN; + break; + } + } + } else { + /* In this case, m and e were already freed by ber_scanf */ + m = e = NULL; + } + + if ( freeit ) { + ldap_msgfree( res ); + } + + LDAP_SET_LDERRNO( ld, ( err == LDAP_SUCCESS ) ? errcode : err, m, e ); + + /* nsldapi_parse_result set m and e, so we have to delete them if they exist. + Only delete them if they haven't been reused for matchednp or errmsgp. + if ( err == LDAP_SUCCESS ) { + if ( (m != NULL) && (matchednp == NULL) ) { + NSLDAPI_FREE( m ); + } + if ( (e != NULL) && (errmsgp == NULL) ) { + NSLDAPI_FREE( e ); + } + } */ + + return( err ); +} + +/* + * returns an LDAP error code indicating success or failure of parsing + * does NOT set any error information inside "ld" + */ +int +nsldapi_parse_result( LDAP *ld, int msgtype, BerElement *rber, int *errcodep, + char **matchednp, char **errmsgp, char ***referralsp, + LDAPControl ***serverctrlsp ) +{ + BerElement ber; + ber_len_t len; + ber_int_t errcode; + int berrc, err; + char *m, *e; + + /* + * Parse the result message. LDAPv3 result messages look like this: + * + * LDAPResult ::= SEQUENCE { + * resultCode ENUMERATED { ... }, + * matchedDN LDAPDN, + * errorMessage LDAPString, + * referral [3] Referral OPTIONAL + * opSpecificStuff OPTIONAL + * } + * + * all wrapped up in an LDAPMessage sequence which looks like this: + * LDAPMessage ::= SEQUENCE { + * messageID MessageID, + * LDAPResult CHOICE { ... }, // message type + * controls [0] Controls OPTIONAL + * } + * + * LDAPv2 messages don't include referrals or controls. + * LDAPv1 messages don't include matchedDN, referrals, or controls. + * + * ldap_result() pulls out the message id, so by the time a result + * message gets here we are sitting at the start of the LDAPResult. + */ + + err = LDAP_SUCCESS; /* optimistic */ + m = e = NULL; + if ( matchednp != NULL ) { + *matchednp = NULL; + } + if ( errmsgp != NULL ) { + *errmsgp = NULL; + } + if ( referralsp != NULL ) { + *referralsp = NULL; + } + if ( serverctrlsp != NULL ) { + *serverctrlsp = NULL; + } + ber = *rber; /* struct copy */ + + if ( NSLDAPI_LDAP_VERSION( ld ) < LDAP_VERSION2 ) { + berrc = ber_scanf( &ber, "{ia}", &errcode, &e ); + } else { + if (( berrc = ber_scanf( &ber, "{iaa", &errcode, &m, &e )) + != LBER_ERROR ) { + /* check for optional referrals */ + if ( ber_peek_tag( &ber, &len ) == LDAP_TAG_REFERRAL ) { + if ( referralsp == NULL ) { + /* skip referrals */ + berrc = ber_scanf( &ber, "x" ); + } else { + /* suck out referrals */ + berrc = ber_scanf( &ber, "v", + referralsp ); + } + } else if ( referralsp != NULL ) { + *referralsp = NULL; + } + } + + if ( berrc != LBER_ERROR ) { + /* + * skip past optional operation-specific elements: + * bind results - serverSASLcreds + * extendedop results - OID plus value + */ + if ( msgtype == LDAP_RES_BIND ) { + if ( ber_peek_tag( &ber, &len ) == + LDAP_TAG_SASL_RES_CREDS ) { + berrc = ber_scanf( &ber, "x" ); + } + } else if ( msgtype == LDAP_RES_EXTENDED ) { + if ( ber_peek_tag( &ber, &len ) == + LDAP_TAG_EXOP_RES_OID ) { + berrc = ber_scanf( &ber, "x" ); + } + if ( berrc != LBER_ERROR && + ber_peek_tag( &ber, &len ) == + LDAP_TAG_EXOP_RES_VALUE ) { + berrc = ber_scanf( &ber, "x" ); + } + } + } + + /* pull out controls (if requested and any are present) */ + if ( berrc != LBER_ERROR && serverctrlsp != NULL && + ( berrc = ber_scanf( &ber, "}" )) != LBER_ERROR ) { + err = nsldapi_get_controls( &ber, serverctrlsp ); + } + } + + if ( berrc == LBER_ERROR && err == LDAP_SUCCESS ) { + err = LDAP_DECODING_ERROR; + } + + if ( errcodep != NULL ) { + *errcodep = errcode; + } + if ( matchednp != NULL ) { + *matchednp = m; + } else if ( m != NULL ) { + NSLDAPI_FREE( m ); + } + if ( errmsgp != NULL ) { + *errmsgp = e; + } else if ( e != NULL ) { + NSLDAPI_FREE( e ); + } + + return( err ); +} |