1
/* $OpenLDAP$ */
2
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
3
 *
4
 * Copyright 1998-2024 The OpenLDAP Foundation.
5
 * All rights reserved.
6
 *
7
 * Redistribution and use in source and binary forms, with or without
8
 * modification, are permitted only as authorized by the OpenLDAP
9
 * Public License.
10
 *
11
 * A copy of this license is available in the file LICENSE in the
12
 * top-level directory of the distribution or, alternatively, at
13
 * <http://www.OpenLDAP.org/license.html>.
14
 */
15

16
#include "portable.h"
17

18
#include <stdio.h>
19

20
#include <ac/stdlib.h>
21

22
#include <ac/socket.h>
23
#include <ac/string.h>
24
#include <ac/time.h>
25

26
#include "ldap-int.h"
27

28
void ldap_int_error_init( void ) {
29
}
30

31
char *
32
ldap_err2string( int err )
33
{
34
	char *m;
35

36
	Debug0( LDAP_DEBUG_TRACE, "ldap_err2string\n" );
37

38
	switch ( err ) {
39
#	define C(code, message) case code: m = message; break
40

41
	/* LDAPv3 (RFC 4511) codes */
42
	C(LDAP_SUCCESS,					N_("Success"));
43
	C(LDAP_OPERATIONS_ERROR, 		N_("Operations error"));
44
	C(LDAP_PROTOCOL_ERROR, 			N_("Protocol error"));
45
	C(LDAP_TIMELIMIT_EXCEEDED,		N_("Time limit exceeded"));
46
	C(LDAP_SIZELIMIT_EXCEEDED, 		N_("Size limit exceeded"));
47
	C(LDAP_COMPARE_FALSE, 			N_("Compare False"));
48
	C(LDAP_COMPARE_TRUE, 			N_("Compare True"));
49
	C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported"));
50
	C(LDAP_STRONG_AUTH_REQUIRED,	N_("Strong(er) authentication required"));
51

52
	C(LDAP_REFERRAL,				N_("Referral"));
53
	C(LDAP_ADMINLIMIT_EXCEEDED,		N_("Administrative limit exceeded"));
54
	C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION,
55
									N_("Critical extension is unavailable"));
56
	C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required"));
57
	C(LDAP_SASL_BIND_IN_PROGRESS,	N_("SASL bind in progress"));
58

59
	C(LDAP_NO_SUCH_ATTRIBUTE, 		N_("No such attribute"));
60
	C(LDAP_UNDEFINED_TYPE, 			N_("Undefined attribute type"));
61
	C(LDAP_INAPPROPRIATE_MATCHING, 	N_("Inappropriate matching"));
62
	C(LDAP_CONSTRAINT_VIOLATION, 	N_("Constraint violation"));
63
	C(LDAP_TYPE_OR_VALUE_EXISTS, 	N_("Type or value exists"));
64
	C(LDAP_INVALID_SYNTAX, 			N_("Invalid syntax"));
65

66
	C(LDAP_NO_SUCH_OBJECT, 			N_("No such object"));
67
	C(LDAP_ALIAS_PROBLEM, 			N_("Alias problem"));
68
	C(LDAP_INVALID_DN_SYNTAX,		N_("Invalid DN syntax"));
69

70
	C(LDAP_ALIAS_DEREF_PROBLEM,	 	N_("Alias dereferencing problem"));
71

72
	C(LDAP_INAPPROPRIATE_AUTH, 		N_("Inappropriate authentication"));
73
	C(LDAP_INVALID_CREDENTIALS, 	N_("Invalid credentials"));
74
	C(LDAP_INSUFFICIENT_ACCESS, 	N_("Insufficient access"));
75
	C(LDAP_BUSY, 					N_("Server is busy"));
76
	C(LDAP_UNAVAILABLE, 			N_("Server is unavailable"));
77
	C(LDAP_UNWILLING_TO_PERFORM, 	N_("Server is unwilling to perform"));
78
	C(LDAP_LOOP_DETECT, 			N_("Loop detected"));
79

80
	C(LDAP_NAMING_VIOLATION, 		N_("Naming violation"));
81
	C(LDAP_OBJECT_CLASS_VIOLATION, 	N_("Object class violation"));
82
	C(LDAP_NOT_ALLOWED_ON_NONLEAF, 	N_("Operation not allowed on non-leaf"));
83
	C(LDAP_NOT_ALLOWED_ON_RDN,	 	N_("Operation not allowed on RDN"));
84
	C(LDAP_ALREADY_EXISTS, 			N_("Already exists"));
85
	C(LDAP_NO_OBJECT_CLASS_MODS, 	N_("Cannot modify object class"));
86

87
	C(LDAP_AFFECTS_MULTIPLE_DSAS,	N_("Operation affects multiple DSAs"));
88

89
	/* Virtual List View draft */
90
	C(LDAP_VLV_ERROR,				N_("Virtual List View error"));
91

92
	C(LDAP_OTHER, N_("Other (e.g., implementation specific) error"));
93

94
	/* LDAPv2 (RFC 1777) codes */
95
	C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received"));
96
	C(LDAP_IS_LEAF, 				N_("Entry is a leaf"));
97

98
	/* Connection-less LDAP (CLDAP - RFC 1798) code */
99
	C(LDAP_RESULTS_TOO_LARGE,		N_("Results too large"));
100

101
	/* Cancel Operation (RFC 3909) codes */
102
	C(LDAP_CANCELLED,				N_("Cancelled"));
103
	C(LDAP_NO_SUCH_OPERATION,		N_("No Operation to Cancel"));
104
	C(LDAP_TOO_LATE,				N_("Too Late to Cancel"));
105
	C(LDAP_CANNOT_CANCEL,			N_("Cannot Cancel"));
106

107
	/* Assert Control (RFC 4528 and old internet-draft) codes */
108
	C(LDAP_ASSERTION_FAILED,		N_("Assertion Failed"));
109
	C(LDAP_X_ASSERTION_FAILED,		N_("Assertion Failed (X)"));
110

111
	/* Proxied Authorization Control (RFC 4370 and I-D) codes */
112
	C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied"));
113
	C(LDAP_X_PROXY_AUTHZ_FAILURE,	N_("Proxy Authorization Failure (X)"));
114

115
	/* Content Sync Operation (RFC 4533 and I-D) codes */
116
	C(LDAP_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required"));
117
	C(LDAP_X_SYNC_REFRESH_REQUIRED,	N_("Content Sync Refresh Required (X)"));
118

119
	/* No-Op Control (draft-zeilenga-ldap-noop) code */
120
	C(LDAP_X_NO_OPERATION,			N_("No Operation (X)"));
121

122
	/* Client Update Protocol (RFC 3928) codes */
123
	C(LDAP_CUP_RESOURCES_EXHAUSTED,	N_("LCUP Resources Exhausted"));
124
	C(LDAP_CUP_SECURITY_VIOLATION,	N_("LCUP Security Violation"));
125
	C(LDAP_CUP_INVALID_DATA,		N_("LCUP Invalid Data"));
126
	C(LDAP_CUP_UNSUPPORTED_SCHEME,	N_("LCUP Unsupported Scheme"));
127
	C(LDAP_CUP_RELOAD_REQUIRED,		N_("LCUP Reload Required"));
128

129
	C(LDAP_TXN_SPECIFY_OKAY,		N_("TXN specify okay"));
130
	C(LDAP_TXN_ID_INVALID,			N_("TXN ID is invalid"));
131

132
	/* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */
133
	C(LDAP_SERVER_DOWN,				N_("Can't contact LDAP server"));
134
	C(LDAP_LOCAL_ERROR,				N_("Local error"));
135
	C(LDAP_ENCODING_ERROR,			N_("Encoding error"));
136
	C(LDAP_DECODING_ERROR,			N_("Decoding error"));
137
	C(LDAP_TIMEOUT,					N_("Timed out"));
138
	C(LDAP_AUTH_UNKNOWN,			N_("Unknown authentication method"));
139
	C(LDAP_FILTER_ERROR,			N_("Bad search filter"));
140
	C(LDAP_USER_CANCELLED,			N_("User cancelled operation"));
141
	C(LDAP_PARAM_ERROR,				N_("Bad parameter to an ldap routine"));
142
	C(LDAP_NO_MEMORY,				N_("Out of memory"));
143
	C(LDAP_CONNECT_ERROR,			N_("Connect error"));
144
	C(LDAP_NOT_SUPPORTED,			N_("Not Supported"));
145
	C(LDAP_CONTROL_NOT_FOUND,		N_("Control not found"));
146
	C(LDAP_NO_RESULTS_RETURNED,		N_("No results returned"));
147
	C(LDAP_MORE_RESULTS_TO_RETURN,	N_("More results to return"));
148
	C(LDAP_CLIENT_LOOP,				N_("Client Loop"));
149
	C(LDAP_REFERRAL_LIMIT_EXCEEDED,	N_("Referral Limit Exceeded"));
150
	C(LDAP_X_CONNECTING,			N_("Connecting (X)"));
151
#	undef C
152

153
	default:
154
		m = (LDAP_API_ERROR(err) ? N_("Unknown API error")
155
			 : LDAP_E_ERROR(err) ? N_("Unknown (extension) error")
156
			 : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error")
157
			 : N_("Unknown error"));
158
		break;
159
	}
160

161
	return _(m);
162
}
163

164
/* deprecated */
165
void
166
ldap_perror( LDAP *ld, LDAP_CONST char *str )
167
{
168
    int i;
169

170
	assert( ld != NULL );
171
	assert( LDAP_VALID( ld ) );
172
	assert( str != NULL );
173

174
	fprintf( stderr, "%s: %s (%d)\n",
175
		str ? str : "ldap_perror",
176
		ldap_err2string( ld->ld_errno ),
177
		ld->ld_errno );
178

179
	if ( ld->ld_matched != NULL && ld->ld_matched[0] != '\0' ) {
180
		fprintf( stderr, _("\tmatched DN: %s\n"), ld->ld_matched );
181
	}
182

183
	if ( ld->ld_error != NULL && ld->ld_error[0] != '\0' ) {
184
		fprintf( stderr, _("\tadditional info: %s\n"), ld->ld_error );
185
	}
186

187
	if ( ld->ld_referrals != NULL && ld->ld_referrals[0] != NULL) {
188
		fprintf( stderr, _("\treferrals:\n") );
189
		for (i=0; ld->ld_referrals[i]; i++) {
190
			fprintf( stderr, _("\t\t%s\n"), ld->ld_referrals[i] );
191
		}
192
	}
193

194
	fflush( stderr );
195
}
196

197
/* deprecated */
198
int
199
ldap_result2error( LDAP *ld, LDAPMessage *r, int freeit )
200
{
201
	int rc, err;
202

203
	rc = ldap_parse_result( ld, r, &err,
204
		NULL, NULL, NULL, NULL, freeit );
205

206
	return err != LDAP_SUCCESS ? err : rc;
207
}
208

209
/*
210
 * Parse LDAPResult Messages:
211
 *
212
 *   LDAPResult ::= SEQUENCE {
213
 *     resultCode      ENUMERATED,
214
 *     matchedDN       LDAPDN,
215
 *     errorMessage    LDAPString,
216
 *     referral        [3] Referral OPTIONAL }
217
 *
218
 * including Bind results:
219
 *
220
 *   BindResponse ::= [APPLICATION 1] SEQUENCE {
221
 *     COMPONENTS OF LDAPResult,
222
 *     serverSaslCreds  [7] OCTET STRING OPTIONAL }
223
 *
224
 * and ExtendedOp results:
225
 *
226
 *   ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
227
 *     COMPONENTS OF LDAPResult,
228
 *     responseName     [10] LDAPOID OPTIONAL,
229
 *     response         [11] OCTET STRING OPTIONAL }
230
 *
231
 */
232
int
233
ldap_parse_result(
234
	LDAP			*ld,
235
	LDAPMessage		*r,
236
	int				*errcodep,
237
	char			**matcheddnp,
238
	char			**errmsgp,
239
	char			***referralsp,
240
	LDAPControl		***serverctrls,
241
	int				freeit )
242
{
243
	LDAPMessage	*lm;
244
	ber_int_t errcode = LDAP_SUCCESS;
245

246
	ber_tag_t tag;
247
	BerElement	*ber;
248

249
	Debug0( LDAP_DEBUG_TRACE, "ldap_parse_result\n" );
250

251
	assert( ld != NULL );
252
	assert( LDAP_VALID( ld ) );
253
	assert( r != NULL );
254

255
	if(errcodep != NULL) *errcodep = LDAP_SUCCESS;
256
	if(matcheddnp != NULL) *matcheddnp = NULL;
257
	if(errmsgp != NULL) *errmsgp = NULL;
258
	if(referralsp != NULL) *referralsp = NULL;
259
	if(serverctrls != NULL) *serverctrls = NULL;
260

261
	LDAP_MUTEX_LOCK( &ld->ld_res_mutex );
262
	/* Find the result, last msg in chain... */
263
	lm = r->lm_chain_tail;
264
	/* FIXME: either this is not possible (assert?)
265
	 * or it should be handled */
266
	if ( lm != NULL ) {
267
		switch ( lm->lm_msgtype ) {
268
		case LDAP_RES_SEARCH_ENTRY:
269
		case LDAP_RES_SEARCH_REFERENCE:
270
		case LDAP_RES_INTERMEDIATE:
271
			lm = NULL;
272
			break;
273

274
		default:
275
			break;
276
		}
277
	}
278

279
	if( lm == NULL ) {
280
		errcode = ld->ld_errno = LDAP_NO_RESULTS_RETURNED;
281
		LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
282
	    goto done;
283
	}
284

285
	if ( ld->ld_error ) {
286
		LDAP_FREE( ld->ld_error );
287
		ld->ld_error = NULL;
288
	}
289
	if ( ld->ld_matched ) {
290
		LDAP_FREE( ld->ld_matched );
291
		ld->ld_matched = NULL;
292
	}
293
	if ( ld->ld_referrals ) {
294
		LDAP_VFREE( ld->ld_referrals );
295
		ld->ld_referrals = NULL;
296
	}
297

298
	/* parse results */
299

300
	ber = ber_dup( lm->lm_ber );
301

302
	if ( ld->ld_version < LDAP_VERSION2 ) {
303
		tag = ber_scanf( ber, "{iA}",
304
			&ld->ld_errno, &ld->ld_error );
305

306
	} else {
307
		ber_len_t len;
308

309
		tag = ber_scanf( ber, "{iAA" /*}*/,
310
			&ld->ld_errno, &ld->ld_matched, &ld->ld_error );
311

312
		if( tag != LBER_ERROR ) {
313
			/* peek for referrals */
314
			if( ber_peek_tag(ber, &len) == LDAP_TAG_REFERRAL ) {
315
				tag = ber_scanf( ber, "v", &ld->ld_referrals );
316
			}
317
		}
318

319
		/* need to clean out misc items */
320
		if( tag != LBER_ERROR ) {
321
			if( lm->lm_msgtype == LDAP_RES_BIND ) {
322
				/* look for sasl result credentials */
323
				if ( ber_peek_tag( ber, &len ) == LDAP_TAG_SASL_RES_CREDS ) {
324
					/* skip 'em */
325
					tag = ber_scanf( ber, "x" );
326
				}
327

328
			} else if( lm->lm_msgtype == LDAP_RES_EXTENDED ) {
329
				/* look for exop result oid or value */
330
				if ( ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_OID ) {
331
					/* skip 'em */
332
					tag = ber_scanf( ber, "x" );
333
				}
334

335
				if ( tag != LBER_ERROR &&
336
					ber_peek_tag( ber, &len ) == LDAP_TAG_EXOP_RES_VALUE )
337
				{
338
					/* skip 'em */
339
					tag = ber_scanf( ber, "x" );
340
				}
341
			}
342
		}
343

344
		if( tag != LBER_ERROR ) {
345
			int rc = ldap_pvt_get_controls( ber, serverctrls );
346

347
			if( rc != LDAP_SUCCESS ) {
348
				tag = LBER_ERROR;
349
			}
350
		}
351

352
		if( tag != LBER_ERROR ) {
353
			tag = ber_scanf( ber, /*{*/"}" );
354
		}
355
	}
356

357
	if ( tag == LBER_ERROR ) {
358
		ld->ld_errno = errcode = LDAP_DECODING_ERROR;
359
	}
360

361
	if( ber != NULL ) {
362
		ber_free( ber, 0 );
363
	}
364

365
	/* return */
366
	if( errcodep != NULL ) {
367
		*errcodep = ld->ld_errno;
368
	}
369
	if ( errcode == LDAP_SUCCESS ) {
370
		if( matcheddnp != NULL ) {
371
			if ( ld->ld_matched )
372
			{
373
				*matcheddnp = LDAP_STRDUP( ld->ld_matched );
374
			}
375
		}
376
		if( errmsgp != NULL ) {
377
			if ( ld->ld_error )
378
			{
379
				*errmsgp = LDAP_STRDUP( ld->ld_error );
380
			}
381
		}
382

383
		if( referralsp != NULL) {
384
			*referralsp = ldap_value_dup( ld->ld_referrals );
385
		}
386
	}
387
	LDAP_MUTEX_UNLOCK( &ld->ld_res_mutex );
388

389
done:
390
	if ( freeit ) {
391
		ldap_msgfree( r );
392
	}
393

394
	return errcode;
395
}
396

397