154925bf6Swillf 254925bf6Swillf #include <ldap.h> 354925bf6Swillf #include <errno.h> 454925bf6Swillf /* Solaris Kerberos: errors are handled diff from MIT */ 554925bf6Swillf #if 0 /************** Begin IFDEF'ed OUT *******************************/ 654925bf6Swillf #include <kdb5_err.h> 754925bf6Swillf #endif /**************** END IFDEF'ed OUT *******************************/ 854925bf6Swillf #include <krb5.h> 954925bf6Swillf #include "ldap_err.h" 1054925bf6Swillf #ifndef LDAP_X_ERROR 1154925bf6Swillf #define LDAP_X_ERROR(x) (0) 1254925bf6Swillf #endif 1354925bf6Swillf 1454925bf6Swillf #ifndef LDAP_NAME_ERROR 1554925bf6Swillf #ifdef NAME_ERROR 1654925bf6Swillf #define LDAP_NAME_ERROR NAME_ERROR 1754925bf6Swillf #else 1854925bf6Swillf #define LDAP_NAME_ERROR(x) (0) 1954925bf6Swillf #endif 2054925bf6Swillf #endif 21*55fea89dSDan Cross 2254925bf6Swillf #ifndef LDAP_SECURITY_ERROR 2354925bf6Swillf #define LDAP_SECURITY_ERROR(x) (0) 2454925bf6Swillf #endif 2554925bf6Swillf 2654925bf6Swillf #ifndef LDAP_SERVICE_ERROR 2754925bf6Swillf #define LDAP_SERVICE_ERROR(x) (0) 2854925bf6Swillf #endif 2954925bf6Swillf 3054925bf6Swillf #ifndef LDAP_API_ERROR 3154925bf6Swillf #define LDAP_API_ERROR(x) (0) 3254925bf6Swillf #endif 3354925bf6Swillf 3454925bf6Swillf #ifndef LDAP_UPDATE_ERROR 3554925bf6Swillf #define LDAP_UPDATE_ERROR(x) (0) 3654925bf6Swillf #endif 3754925bf6Swillf 3854925bf6Swillf /* 3954925bf6Swillf * The possible KDB errors are 4054925bf6Swillf * 1. KRB5_KDB_UK_RERROR 4154925bf6Swillf * 2. KRB5_KDB_UK_SERROR 4254925bf6Swillf * 3. KRB5_KDB_NOENTRY 4354925bf6Swillf * 4. KRB5_KDB_TRUNCATED_RECORD 4454925bf6Swillf * 5. KRB5_KDB_UNAUTH 4554925bf6Swillf * 6. KRB5_KDB_DB_CORRUPT 4654925bf6Swillf * 7. KRB5_KDB_ACCESS_ERROR (NEW) 4754925bf6Swillf * 8. KRB5_KDB_INTERNAL_ERROR (NEW) 4854925bf6Swillf * 9. KRB5_KDB_SERVER_INTERNAL_ERR (NEW) 4954925bf6Swillf * 10. KRB5_KDB_CONSTRAINT_VIOLATION (NEW) 5054925bf6Swillf * 5154925bf6Swillf */ 5254925bf6Swillf 5354925bf6Swillf /* 5454925bf6Swillf * op : 5554925bf6Swillf * 0 => not specified 5654925bf6Swillf * OP_INIT => ldap_init 5754925bf6Swillf * OP_BIND => ldap_bind 5854925bf6Swillf * OP_UNBIND => ldap_unbind 5954925bf6Swillf * OP_ADD => ldap_add 6054925bf6Swillf * OP_MOD => ldap_modify 6154925bf6Swillf * OP_DEL => ldap_delete 6254925bf6Swillf * OP_SEARCH => ldap_search 6354925bf6Swillf * OP_CMP => ldap_compare 6454925bf6Swillf * OP_ABANDON => ldap_abandon 6554925bf6Swillf */ 6654925bf6Swillf translate_ldap_error(int err,int op)6754925bf6Swillfint translate_ldap_error(int err, int op) { 6854925bf6Swillf 6954925bf6Swillf switch (err) { 7054925bf6Swillf case LDAP_SUCCESS: 7154925bf6Swillf return 0; 7254925bf6Swillf 7354925bf6Swillf case LDAP_OPERATIONS_ERROR: 7454925bf6Swillf /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is 7554925bf6Swillf * unable to respond with a more specific error and is also unable 7654925bf6Swillf * to properly respond to a request */ 7754925bf6Swillf case LDAP_UNAVAILABLE_CRITICAL_EXTENSION: 7854925bf6Swillf /* LDAP server was unable to satisfy a request because one or more 7954925bf6Swillf * critical extensions were not available */ 8054925bf6Swillf /* This might mean that the schema was not extended ... */ 8154925bf6Swillf case LDAP_UNDEFINED_TYPE: 8254925bf6Swillf /* The attribute specified in the modify or add operation does not 8354925bf6Swillf * exist in the LDAP server's schema. */ 8454925bf6Swillf return KRB5_KDB_INTERNAL_ERROR; 8554925bf6Swillf 8654925bf6Swillf 8754925bf6Swillf case LDAP_INAPPROPRIATE_MATCHING: 8854925bf6Swillf /* The matching rule specified in the search filter does not match a 8954925bf6Swillf * rule defined for the attribute's syntax */ 9054925bf6Swillf return KRB5_KDB_UK_RERROR; 9154925bf6Swillf 9254925bf6Swillf case LDAP_CONSTRAINT_VIOLATION: 9354925bf6Swillf /* The attribute value specified in a modify, add, or modify DN 9454925bf6Swillf * operation violates constraints placed on the attribute */ 9554925bf6Swillf case LDAP_TYPE_OR_VALUE_EXISTS: 9654925bf6Swillf /* The attribute value specified in a modify or add operation 9754925bf6Swillf * already exists as a value for that attribute */ 9854925bf6Swillf return KRB5_KDB_UK_SERROR; 9954925bf6Swillf 10054925bf6Swillf case LDAP_INVALID_SYNTAX: 10154925bf6Swillf /* The attribute value specified in an add, compare, or modify 10254925bf6Swillf * operation is an unrecognized or invalid syntax for the attribute */ 10354925bf6Swillf if (op == OP_ADD || op == OP_MOD) 10454925bf6Swillf return KRB5_KDB_UK_SERROR; 10554925bf6Swillf else /* OP_CMP */ 10654925bf6Swillf return KRB5_KDB_UK_RERROR; 10754925bf6Swillf 10854925bf6Swillf /* Ensure that the following don't occur in the DAL-LDAP code. 10954925bf6Swillf * Don't rely on the LDAP server to catch it */ 11054925bf6Swillf case LDAP_SASL_BIND_IN_PROGRESS: 11154925bf6Swillf /* This is not an error. So, this function should not be called */ 11254925bf6Swillf case LDAP_COMPARE_FALSE: 11354925bf6Swillf case LDAP_COMPARE_TRUE: 11454925bf6Swillf /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This 11554925bf6Swillf * function should not be invoked for them */ 11654925bf6Swillf case LDAP_RESULTS_TOO_LARGE: /* CLDAP */ 11754925bf6Swillf case LDAP_TIMELIMIT_EXCEEDED: 11854925bf6Swillf case LDAP_SIZELIMIT_EXCEEDED: 11954925bf6Swillf return KRB5_KDB_SERVER_INTERNAL_ERR; 12054925bf6Swillf 12154925bf6Swillf case LDAP_INVALID_DN_SYNTAX: 12254925bf6Swillf /* The syntax of the DN is incorrect */ 12354925bf6Swillf return EINVAL; 12454925bf6Swillf 12554925bf6Swillf case LDAP_PROTOCOL_ERROR: 12654925bf6Swillf /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an 12754925bf6Swillf * invalid or malformed request from the client */ 12854925bf6Swillf case LDAP_CONFIDENTIALITY_REQUIRED: 12954925bf6Swillf 13054925bf6Swillf /* Bind problems ... */ 13154925bf6Swillf case LDAP_AUTH_METHOD_NOT_SUPPORTED: 13254925bf6Swillf /* case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */ 13354925bf6Swillf case LDAP_INAPPROPRIATE_AUTH: 13454925bf6Swillf case LDAP_INVALID_CREDENTIALS: 13554925bf6Swillf case LDAP_UNAVAILABLE: 136cd997836SWill Fiveash case LDAP_SERVER_DOWN: /* Solaris Kerberos */ 137cd997836SWill Fiveash case LDAP_CONNECT_ERROR: /* Solaris Kerberos */ 13854925bf6Swillf return KRB5_KDB_ACCESS_ERROR; 13954925bf6Swillf 14054925bf6Swillf case LDAP_STRONG_AUTH_REQUIRED: 14154925bf6Swillf if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */ 14254925bf6Swillf return KRB5_KDB_ACCESS_ERROR; 14354925bf6Swillf else /* Client requested an operation such that requires strong authentication */ 14454925bf6Swillf return KRB5_KDB_CONSTRAINT_VIOLATION; 14554925bf6Swillf 14654925bf6Swillf case LDAP_REFERRAL: 14754925bf6Swillf return KRB5_KDB_NOENTRY; 14854925bf6Swillf 14954925bf6Swillf case LDAP_ADMINLIMIT_EXCEEDED: 15054925bf6Swillf /* An LDAP server limit set by an administrative authority has been 15154925bf6Swillf * exceeded */ 15254925bf6Swillf return KRB5_KDB_CONSTRAINT_VIOLATION; 15354925bf6Swillf case LDAP_UNWILLING_TO_PERFORM: 15454925bf6Swillf /* The LDAP server cannot process the request because of 15554925bf6Swillf * server-defined restrictions */ 15654925bf6Swillf return KRB5_KDB_CONSTRAINT_VIOLATION; 15754925bf6Swillf 15854925bf6Swillf 15954925bf6Swillf case LDAP_NO_SUCH_ATTRIBUTE: 16054925bf6Swillf /* Indicates that the attribute specified in the modify or compare 16154925bf6Swillf * operation does not exist in the entry */ 16254925bf6Swillf if (op == OP_MOD) 16354925bf6Swillf return KRB5_KDB_UK_SERROR; 16454925bf6Swillf else /* OP_CMP */ 16554925bf6Swillf return KRB5_KDB_TRUNCATED_RECORD; 16654925bf6Swillf 16754925bf6Swillf 16854925bf6Swillf case LDAP_ALIAS_DEREF_PROBLEM: 16954925bf6Swillf /* Either the client does not have access rights to read the aliased 17054925bf6Swillf * object's name or dereferencing is not allowed */ 17154925bf6Swillf #ifdef LDAP_PROXY_AUTHZ_FAILURE 17254925bf6Swillf case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ? 17354925bf6Swillf #endif 17454925bf6Swillf case LDAP_INSUFFICIENT_ACCESS: 17554925bf6Swillf /* Caller does not have sufficient rights to perform the requested 17654925bf6Swillf * operation */ 17754925bf6Swillf return KRB5_KDB_UNAUTH; 17854925bf6Swillf 17954925bf6Swillf case LDAP_LOOP_DETECT: 18054925bf6Swillf /* Client discovered an alias or referral loop */ 18154925bf6Swillf return KRB5_KDB_DB_CORRUPT; 18254925bf6Swillf 18354925bf6Swillf default: 18454925bf6Swillf 18554925bf6Swillf if (LDAP_NAME_ERROR (err)) 18654925bf6Swillf return KRB5_KDB_NOENTRY; 18754925bf6Swillf 18854925bf6Swillf /*LINTED*/ 18954925bf6Swillf if (LDAP_SECURITY_ERROR (err)) 19054925bf6Swillf return KRB5_KDB_UNAUTH; 19154925bf6Swillf 19254925bf6Swillf /*LINTED*/ 19354925bf6Swillf if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err)) 19454925bf6Swillf return KRB5_KDB_ACCESS_ERROR; 19554925bf6Swillf 19654925bf6Swillf /*LINTED*/ 19754925bf6Swillf if (LDAP_UPDATE_ERROR(err)) 19854925bf6Swillf return KRB5_KDB_UK_SERROR; 19954925bf6Swillf 20054925bf6Swillf /* LDAP_OTHER */ 20154925bf6Swillf return KRB5_KDB_SERVER_INTERNAL_ERR; 20254925bf6Swillf } 20354925bf6Swillf } 204