1 2 #pragma ident "%Z%%M% %I% %E% SMI" 3 4 #include <ldap.h> 5 #include <errno.h> 6 /* Solaris Kerberos: errors are handled diff from MIT */ 7 #if 0 /************** Begin IFDEF'ed OUT *******************************/ 8 #include <kdb5_err.h> 9 #endif /**************** END IFDEF'ed OUT *******************************/ 10 #include <krb5.h> 11 #include "ldap_err.h" 12 #ifndef LDAP_X_ERROR 13 #define LDAP_X_ERROR(x) (0) 14 #endif 15 16 #ifndef LDAP_NAME_ERROR 17 #ifdef NAME_ERROR 18 #define LDAP_NAME_ERROR NAME_ERROR 19 #else 20 #define LDAP_NAME_ERROR(x) (0) 21 #endif 22 #endif 23 24 #ifndef LDAP_SECURITY_ERROR 25 #define LDAP_SECURITY_ERROR(x) (0) 26 #endif 27 28 #ifndef LDAP_SERVICE_ERROR 29 #define LDAP_SERVICE_ERROR(x) (0) 30 #endif 31 32 #ifndef LDAP_API_ERROR 33 #define LDAP_API_ERROR(x) (0) 34 #endif 35 36 #ifndef LDAP_UPDATE_ERROR 37 #define LDAP_UPDATE_ERROR(x) (0) 38 #endif 39 40 /* 41 * The possible KDB errors are 42 * 1. KRB5_KDB_UK_RERROR 43 * 2. KRB5_KDB_UK_SERROR 44 * 3. KRB5_KDB_NOENTRY 45 * 4. KRB5_KDB_TRUNCATED_RECORD 46 * 5. KRB5_KDB_UNAUTH 47 * 6. KRB5_KDB_DB_CORRUPT 48 * 7. KRB5_KDB_ACCESS_ERROR (NEW) 49 * 8. KRB5_KDB_INTERNAL_ERROR (NEW) 50 * 9. KRB5_KDB_SERVER_INTERNAL_ERR (NEW) 51 * 10. KRB5_KDB_CONSTRAINT_VIOLATION (NEW) 52 * 53 */ 54 55 /* 56 * op : 57 * 0 => not specified 58 * OP_INIT => ldap_init 59 * OP_BIND => ldap_bind 60 * OP_UNBIND => ldap_unbind 61 * OP_ADD => ldap_add 62 * OP_MOD => ldap_modify 63 * OP_DEL => ldap_delete 64 * OP_SEARCH => ldap_search 65 * OP_CMP => ldap_compare 66 * OP_ABANDON => ldap_abandon 67 */ 68 69 int translate_ldap_error(int err, int op) { 70 71 switch (err) { 72 case LDAP_SUCCESS: 73 return 0; 74 75 case LDAP_OPERATIONS_ERROR: 76 /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is 77 * unable to respond with a more specific error and is also unable 78 * to properly respond to a request */ 79 case LDAP_UNAVAILABLE_CRITICAL_EXTENSION: 80 /* LDAP server was unable to satisfy a request because one or more 81 * critical extensions were not available */ 82 /* This might mean that the schema was not extended ... */ 83 case LDAP_UNDEFINED_TYPE: 84 /* The attribute specified in the modify or add operation does not 85 * exist in the LDAP server's schema. */ 86 return KRB5_KDB_INTERNAL_ERROR; 87 88 89 case LDAP_INAPPROPRIATE_MATCHING: 90 /* The matching rule specified in the search filter does not match a 91 * rule defined for the attribute's syntax */ 92 return KRB5_KDB_UK_RERROR; 93 94 case LDAP_CONSTRAINT_VIOLATION: 95 /* The attribute value specified in a modify, add, or modify DN 96 * operation violates constraints placed on the attribute */ 97 case LDAP_TYPE_OR_VALUE_EXISTS: 98 /* The attribute value specified in a modify or add operation 99 * already exists as a value for that attribute */ 100 return KRB5_KDB_UK_SERROR; 101 102 case LDAP_INVALID_SYNTAX: 103 /* The attribute value specified in an add, compare, or modify 104 * operation is an unrecognized or invalid syntax for the attribute */ 105 if (op == OP_ADD || op == OP_MOD) 106 return KRB5_KDB_UK_SERROR; 107 else /* OP_CMP */ 108 return KRB5_KDB_UK_RERROR; 109 110 /* Ensure that the following don't occur in the DAL-LDAP code. 111 * Don't rely on the LDAP server to catch it */ 112 case LDAP_SASL_BIND_IN_PROGRESS: 113 /* This is not an error. So, this function should not be called */ 114 case LDAP_COMPARE_FALSE: 115 case LDAP_COMPARE_TRUE: 116 /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This 117 * function should not be invoked for them */ 118 case LDAP_RESULTS_TOO_LARGE: /* CLDAP */ 119 case LDAP_TIMELIMIT_EXCEEDED: 120 case LDAP_SIZELIMIT_EXCEEDED: 121 return KRB5_KDB_SERVER_INTERNAL_ERR; 122 123 case LDAP_INVALID_DN_SYNTAX: 124 /* The syntax of the DN is incorrect */ 125 return EINVAL; 126 127 case LDAP_PROTOCOL_ERROR: 128 /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an 129 * invalid or malformed request from the client */ 130 case LDAP_CONFIDENTIALITY_REQUIRED: 131 132 /* Bind problems ... */ 133 case LDAP_AUTH_METHOD_NOT_SUPPORTED: 134 /* case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */ 135 case LDAP_INAPPROPRIATE_AUTH: 136 case LDAP_INVALID_CREDENTIALS: 137 case LDAP_UNAVAILABLE: 138 return KRB5_KDB_ACCESS_ERROR; 139 140 case LDAP_STRONG_AUTH_REQUIRED: 141 if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */ 142 return KRB5_KDB_ACCESS_ERROR; 143 else /* Client requested an operation such that requires strong authentication */ 144 return KRB5_KDB_CONSTRAINT_VIOLATION; 145 146 case LDAP_REFERRAL: 147 return KRB5_KDB_NOENTRY; 148 149 case LDAP_ADMINLIMIT_EXCEEDED: 150 /* An LDAP server limit set by an administrative authority has been 151 * exceeded */ 152 return KRB5_KDB_CONSTRAINT_VIOLATION; 153 case LDAP_UNWILLING_TO_PERFORM: 154 /* The LDAP server cannot process the request because of 155 * server-defined restrictions */ 156 return KRB5_KDB_CONSTRAINT_VIOLATION; 157 158 159 case LDAP_NO_SUCH_ATTRIBUTE: 160 /* Indicates that the attribute specified in the modify or compare 161 * operation does not exist in the entry */ 162 if (op == OP_MOD) 163 return KRB5_KDB_UK_SERROR; 164 else /* OP_CMP */ 165 return KRB5_KDB_TRUNCATED_RECORD; 166 167 168 case LDAP_ALIAS_DEREF_PROBLEM: 169 /* Either the client does not have access rights to read the aliased 170 * object's name or dereferencing is not allowed */ 171 #ifdef LDAP_PROXY_AUTHZ_FAILURE 172 case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ? 173 #endif 174 case LDAP_INSUFFICIENT_ACCESS: 175 /* Caller does not have sufficient rights to perform the requested 176 * operation */ 177 return KRB5_KDB_UNAUTH; 178 179 case LDAP_LOOP_DETECT: 180 /* Client discovered an alias or referral loop */ 181 return KRB5_KDB_DB_CORRUPT; 182 183 default: 184 185 if (LDAP_NAME_ERROR (err)) 186 return KRB5_KDB_NOENTRY; 187 188 /*LINTED*/ 189 if (LDAP_SECURITY_ERROR (err)) 190 return KRB5_KDB_UNAUTH; 191 192 /*LINTED*/ 193 if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err)) 194 return KRB5_KDB_ACCESS_ERROR; 195 196 /*LINTED*/ 197 if (LDAP_UPDATE_ERROR(err)) 198 return KRB5_KDB_UK_SERROR; 199 200 /* LDAP_OTHER */ 201 return KRB5_KDB_SERVER_INTERNAL_ERR; 202 } 203 } 204