/* Map API errors to protocol errors... */ int slap_map_api2result( SlapReply *rs ) { switch(rs->sr_err) { case LDAP_SERVER_DOWN: return LDAP_UNAVAILABLE; case LDAP_LOCAL_ERROR: return LDAP_OTHER; case LDAP_ENCODING_ERROR: case LDAP_DECODING_ERROR: return LDAP_PROTOCOL_ERROR; case LDAP_TIMEOUT: return LDAP_UNAVAILABLE; case LDAP_AUTH_UNKNOWN: return LDAP_AUTH_METHOD_NOT_SUPPORTED; case LDAP_FILTER_ERROR: rs->sr_text = "Filter error"; return LDAP_OTHER; case LDAP_USER_CANCELLED: rs->sr_text = "User cancelled"; return LDAP_OTHER; case LDAP_PARAM_ERROR: return LDAP_PROTOCOL_ERROR; case LDAP_NO_MEMORY: return LDAP_OTHER; case LDAP_CONNECT_ERROR: return LDAP_UNAVAILABLE; case LDAP_NOT_SUPPORTED: return LDAP_UNWILLING_TO_PERFORM; case LDAP_CONTROL_NOT_FOUND: return LDAP_PROTOCOL_ERROR; case LDAP_NO_RESULTS_RETURNED: return LDAP_NO_SUCH_OBJECT; case LDAP_MORE_RESULTS_TO_RETURN: rs->sr_text = "More results to return"; return LDAP_OTHER; case LDAP_CLIENT_LOOP: case LDAP_REFERRAL_LIMIT_EXCEEDED: return LDAP_LOOP_DETECT; default: if ( LDAP_API_ERROR(rs->sr_err) ) return LDAP_OTHER; return rs->sr_err; } }
static int retcode_entry_response( Operation *op, SlapReply *rs, BackendInfo *bi, Entry *e ) { Attribute *a; int err; char *next; int disconnect = 0; if ( get_manageDSAit( op ) ) { return SLAP_CB_CONTINUE; } if ( !is_entry_objectclass_or_sub( e, oc_errAbsObject ) ) { return SLAP_CB_CONTINUE; } /* operation */ a = attr_find( e->e_attrs, ad_errOp ); if ( a != NULL ) { int i, gotit = 0; struct berval bv = BER_BVNULL; (void)retcode_op2str( op->o_tag, &bv ); if ( BER_BVISNULL( &bv ) ) { return SLAP_CB_CONTINUE; } for ( i = 0; !BER_BVISNULL( &a->a_nvals[ i ] ); i++ ) { if ( bvmatch( &a->a_nvals[ i ], &bv ) ) { gotit = 1; break; } } if ( !gotit ) { return SLAP_CB_CONTINUE; } } /* disconnect */ a = attr_find( e->e_attrs, ad_errDisconnect ); if ( a != NULL ) { if ( bvmatch( &a->a_nvals[ 0 ], &slap_true_bv ) ) { return rs->sr_err = SLAPD_DISCONNECT; } disconnect = 1; } /* error code */ a = attr_find( e->e_attrs, ad_errCode ); if ( a == NULL ) { return SLAP_CB_CONTINUE; } err = strtol( a->a_nvals[ 0 ].bv_val, &next, 0 ); if ( next == a->a_nvals[ 0 ].bv_val || next[ 0 ] != '\0' ) { return SLAP_CB_CONTINUE; } rs->sr_err = err; /* sleep time */ a = attr_find( e->e_attrs, ad_errSleepTime ); if ( a != NULL && a->a_nvals[ 0 ].bv_val[ 0 ] != '-' ) { int sleepTime; if ( lutil_atoi( &sleepTime, a->a_nvals[ 0 ].bv_val ) == 0 ) { retcode_sleep( sleepTime ); } } if ( rs->sr_err != LDAP_SUCCESS && !LDAP_API_ERROR( rs->sr_err )) { BackendDB db = *op->o_bd, *o_bd = op->o_bd; void *o_callback = op->o_callback; /* message text */ a = attr_find( e->e_attrs, ad_errText ); if ( a != NULL ) { rs->sr_text = a->a_vals[ 0 ].bv_val; } /* matched DN */ a = attr_find( e->e_attrs, ad_errMatchedDN ); if ( a != NULL ) { rs->sr_matched = a->a_vals[ 0 ].bv_val; } if ( bi == NULL ) { slap_overinst *on = (slap_overinst *)op->o_bd->bd_info; bi = on->on_info->oi_orig; } db.bd_info = bi; op->o_bd = &db; op->o_callback = NULL; /* referral */ if ( rs->sr_err == LDAP_REFERRAL ) { BerVarray refs = default_referral; a = attr_find( e->e_attrs, slap_schema.si_ad_ref ); if ( a != NULL ) { refs = a->a_vals; } rs->sr_ref = referral_rewrite( refs, NULL, &op->o_req_dn, op->oq_search.rs_scope ); send_search_reference( op, rs ); ber_bvarray_free( rs->sr_ref ); rs->sr_ref = NULL; } else { a = attr_find( e->e_attrs, ad_errUnsolicitedOID ); if ( a != NULL ) { struct berval oid = BER_BVNULL, data = BER_BVNULL; ber_int_t msgid = op->o_msgid; /* RFC 4511 unsolicited response */ op->o_msgid = 0; oid = a->a_nvals[ 0 ]; a = attr_find( e->e_attrs, ad_errUnsolicitedData ); if ( a != NULL ) { data = a->a_nvals[ 0 ]; } if ( strcmp( oid.bv_val, "0" ) == 0 ) { send_ldap_result( op, rs ); } else { ber_tag_t tag = op->o_tag; op->o_tag = LDAP_REQ_EXTENDED; rs->sr_rspoid = oid.bv_val; if ( !BER_BVISNULL( &data ) ) { rs->sr_rspdata = &data; } send_ldap_extended( op, rs ); rs->sr_rspoid = NULL; rs->sr_rspdata = NULL; op->o_tag = tag; } op->o_msgid = msgid; } else { send_ldap_result( op, rs ); } } rs->sr_text = NULL; rs->sr_matched = NULL; op->o_bd = o_bd; op->o_callback = o_callback; } if ( rs->sr_err != LDAP_SUCCESS ) { if ( disconnect ) { return rs->sr_err = SLAPD_DISCONNECT; } op->o_abandon = 1; return rs->sr_err; } return SLAP_CB_CONTINUE; }
/* * sets last_ldap_result and last_ldap_handle */ int lds_search( char* _lds_name, char* _dn, int _scope, char* _filter, char** _attrs, struct timeval* _search_timeout, int* _ld_result_count, int* _ld_error) { struct ld_session* lds; #ifdef LDAP_PERF struct timeval before_search = { 0, 0 }, after_search = { 0, 0 }; #endif /* * get ld_handle */ if (get_connected_ldap_session(_lds_name, &lds) != 0) { LM_ERR("[%s]: couldn't get ldap session\n", _lds_name); return -1; } /* * free last_ldap_result */ if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } LM_DBG( "[%s]: performing LDAP search: dn [%s]," " scope [%d], filter [%s], client_timeout [%d] usecs\n", _lds_name, _dn, _scope, _filter, (int)(lds->client_search_timeout.tv_sec * 1000000 + lds->client_search_timeout.tv_usec)); #ifdef LDAP_PERF gettimeofday(&before_search, NULL); #endif /* * perform ldap search */ *_ld_error = ldap_search_ext_s( lds->handle, _dn, _scope, _filter, _attrs, 0, NULL, NULL, &lds->client_search_timeout, 0, &last_ldap_result); #ifdef LDAP_PERF gettimeofday(&after_search, NULL); LM_INFO("[%s]: LDAP search took [%d] usecs\n", _lds_name, (int)((after_search.tv_sec * 1000000 + after_search.tv_usec) - (before_search.tv_sec * 1000000 + before_search.tv_usec))); #endif if (*_ld_error != LDAP_SUCCESS) { if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } if (LDAP_API_ERROR(*_ld_error)) { ldap_disconnect(_lds_name); } LM_DBG( "[%s]: ldap_search_ext_st failed: %s\n", _lds_name, ldap_err2string(*_ld_error)); return -1; } last_ldap_handle = lds->handle; *_ld_result_count = ldap_count_entries(lds->handle, last_ldap_result); if (*_ld_result_count < 0) { LM_DBG("[%s]: ldap_count_entries failed\n", _lds_name); return -1; } return 0; }
int ldap_params_search( int* _ld_result_count, char* _lds_name, char* _dn, int _scope, char** _attrs, char* _filter, ...) { int rc; static char filter_str[LDAP_MAX_FILTER_LEN]; va_list filter_vars; /* * check _scope */ switch (_scope) { case LDAP_SCOPE_ONELEVEL: case LDAP_SCOPE_BASE: case LDAP_SCOPE_SUBTREE: break; default: LM_ERR("[%s]: invalid scope argument [%d]\n", _lds_name, _scope); return -1; } /* * vsnprintf */ va_start(filter_vars, _filter); rc = vsnprintf(filter_str, (size_t)LDAP_MAX_FILTER_LEN, _filter, filter_vars); if (rc >= LDAP_MAX_FILTER_LEN) { LM_ERR( "[%s]: filter string too long (len [%d], max len [%d])\n", _lds_name, rc, LDAP_MAX_FILTER_LEN); return -1; } else if (rc < 0) { LM_ERR("vsnprintf failed\n"); return -1; } /* * ldap search */ if (lds_search(_lds_name, _dn, _scope, filter_str, _attrs, NULL, _ld_result_count, &rc) != 0) { /* try again if LDAP API ERROR */ if (LDAP_API_ERROR(rc) && (lds_search(_lds_name, _dn, _scope, filter_str, _attrs, NULL, _ld_result_count, &rc) != 0)) { LM_ERR( "[%s]: LDAP search (dn [%s], scope [%d]," " filter [%s]) failed: %s\n", _lds_name, _dn, _scope, filter_str, ldap_err2string(rc)); return -1; } } LM_DBG( "[%s]: [%d] LDAP entries found\n", _lds_name, *_ld_result_count); return 0; }
char * ldap_err2string( int err ) { char *m; Debug( LDAP_DEBUG_TRACE, "ldap_err2string\n", 0, 0, 0 ); switch ( err ) { # define C(code, message) case code: m = message; break /* LDAPv3 (RFC 4511) codes */ C(LDAP_SUCCESS, N_("Success")); C(LDAP_OPERATIONS_ERROR, N_("Operations error")); C(LDAP_PROTOCOL_ERROR, N_("Protocol error")); C(LDAP_TIMELIMIT_EXCEEDED, N_("Time limit exceeded")); C(LDAP_SIZELIMIT_EXCEEDED, N_("Size limit exceeded")); C(LDAP_COMPARE_FALSE, N_("Compare False")); C(LDAP_COMPARE_TRUE, N_("Compare True")); C(LDAP_STRONG_AUTH_NOT_SUPPORTED,N_("Authentication method not supported")); C(LDAP_STRONG_AUTH_REQUIRED, N_("Strong(er) authentication required")); C(LDAP_REFERRAL, N_("Referral")); C(LDAP_ADMINLIMIT_EXCEEDED, N_("Administrative limit exceeded")); C(LDAP_UNAVAILABLE_CRITICAL_EXTENSION, N_("Critical extension is unavailable")); C(LDAP_CONFIDENTIALITY_REQUIRED,N_("Confidentiality required")); C(LDAP_SASL_BIND_IN_PROGRESS, N_("SASL bind in progress")); C(LDAP_NO_SUCH_ATTRIBUTE, N_("No such attribute")); C(LDAP_UNDEFINED_TYPE, N_("Undefined attribute type")); C(LDAP_INAPPROPRIATE_MATCHING, N_("Inappropriate matching")); C(LDAP_CONSTRAINT_VIOLATION, N_("Constraint violation")); C(LDAP_TYPE_OR_VALUE_EXISTS, N_("Type or value exists")); C(LDAP_INVALID_SYNTAX, N_("Invalid syntax")); C(LDAP_NO_SUCH_OBJECT, N_("No such object")); C(LDAP_ALIAS_PROBLEM, N_("Alias problem")); C(LDAP_INVALID_DN_SYNTAX, N_("Invalid DN syntax")); C(LDAP_ALIAS_DEREF_PROBLEM, N_("Alias dereferencing problem")); C(LDAP_INAPPROPRIATE_AUTH, N_("Inappropriate authentication")); C(LDAP_INVALID_CREDENTIALS, N_("Invalid credentials")); C(LDAP_INSUFFICIENT_ACCESS, N_("Insufficient access")); C(LDAP_BUSY, N_("Server is busy")); C(LDAP_UNAVAILABLE, N_("Server is unavailable")); C(LDAP_UNWILLING_TO_PERFORM, N_("Server is unwilling to perform")); C(LDAP_LOOP_DETECT, N_("Loop detected")); C(LDAP_NAMING_VIOLATION, N_("Naming violation")); C(LDAP_OBJECT_CLASS_VIOLATION, N_("Object class violation")); C(LDAP_NOT_ALLOWED_ON_NONLEAF, N_("Operation not allowed on non-leaf")); C(LDAP_NOT_ALLOWED_ON_RDN, N_("Operation not allowed on RDN")); C(LDAP_ALREADY_EXISTS, N_("Already exists")); C(LDAP_NO_OBJECT_CLASS_MODS, N_("Cannot modify object class")); C(LDAP_AFFECTS_MULTIPLE_DSAS, N_("Operation affects multiple DSAs")); /* Virtual List View draft */ C(LDAP_VLV_ERROR, N_("Virtual List View error")); C(LDAP_OTHER, N_("Other (e.g., implementation specific) error")); /* LDAPv2 (RFC 1777) codes */ C(LDAP_PARTIAL_RESULTS, N_("Partial results and referral received")); C(LDAP_IS_LEAF, N_("Entry is a leaf")); /* Connection-less LDAP (CLDAP - RFC 1798) code */ C(LDAP_RESULTS_TOO_LARGE, N_("Results too large")); /* Cancel Operation (RFC 3909) codes */ C(LDAP_CANCELLED, N_("Cancelled")); C(LDAP_NO_SUCH_OPERATION, N_("No Operation to Cancel")); C(LDAP_TOO_LATE, N_("Too Late to Cancel")); C(LDAP_CANNOT_CANCEL, N_("Cannot Cancel")); /* Assert Control (RFC 4528 and old internet-draft) codes */ C(LDAP_ASSERTION_FAILED, N_("Assertion Failed")); C(LDAP_X_ASSERTION_FAILED, N_("Assertion Failed (X)")); /* Proxied Authorization Control (RFC 4370 and I-D) codes */ C(LDAP_PROXIED_AUTHORIZATION_DENIED, N_("Proxied Authorization Denied")); C(LDAP_X_PROXY_AUTHZ_FAILURE, N_("Proxy Authorization Failure (X)")); /* Content Sync Operation (RFC 4533 and I-D) codes */ C(LDAP_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required")); C(LDAP_X_SYNC_REFRESH_REQUIRED, N_("Content Sync Refresh Required (X)")); /* No-Op Control (draft-zeilenga-ldap-noop) code */ C(LDAP_X_NO_OPERATION, N_("No Operation (X)")); /* Client Update Protocol (RFC 3928) codes */ C(LDAP_CUP_RESOURCES_EXHAUSTED, N_("LCUP Resources Exhausted")); C(LDAP_CUP_SECURITY_VIOLATION, N_("LCUP Security Violation")); C(LDAP_CUP_INVALID_DATA, N_("LCUP Invalid Data")); C(LDAP_CUP_UNSUPPORTED_SCHEME, N_("LCUP Unsupported Scheme")); C(LDAP_CUP_RELOAD_REQUIRED, N_("LCUP Reload Required")); #ifdef LDAP_X_TXN /* Codes related to LDAP Transactions (draft-zeilenga-ldap-txn) */ C(LDAP_X_TXN_SPECIFY_OKAY, N_("TXN specify okay")); C(LDAP_X_TXN_ID_INVALID, N_("TXN ID is invalid")); #endif /* API codes - renumbered since draft-ietf-ldapext-ldap-c-api */ C(LDAP_SERVER_DOWN, N_("Can't contact LDAP server")); C(LDAP_LOCAL_ERROR, N_("Local error")); C(LDAP_ENCODING_ERROR, N_("Encoding error")); C(LDAP_DECODING_ERROR, N_("Decoding error")); C(LDAP_TIMEOUT, N_("Timed out")); C(LDAP_AUTH_UNKNOWN, N_("Unknown authentication method")); C(LDAP_FILTER_ERROR, N_("Bad search filter")); C(LDAP_USER_CANCELLED, N_("User cancelled operation")); C(LDAP_PARAM_ERROR, N_("Bad parameter to an ldap routine")); C(LDAP_NO_MEMORY, N_("Out of memory")); C(LDAP_CONNECT_ERROR, N_("Connect error")); C(LDAP_NOT_SUPPORTED, N_("Not Supported")); C(LDAP_CONTROL_NOT_FOUND, N_("Control not found")); C(LDAP_NO_RESULTS_RETURNED, N_("No results returned")); C(LDAP_MORE_RESULTS_TO_RETURN, N_("More results to return")); C(LDAP_CLIENT_LOOP, N_("Client Loop")); C(LDAP_REFERRAL_LIMIT_EXCEEDED, N_("Referral Limit Exceeded")); # undef C default: m = (LDAP_API_ERROR(err) ? N_("Unknown API error") : LDAP_E_ERROR(err) ? N_("Unknown (extension) error") : LDAP_X_ERROR(err) ? N_("Unknown (private extension) error") : N_("Unknown error")); break; } return _(m); }
void slap_send_ldap_result( Operation *op, SlapReply *rs ) { char *tmp = NULL; const char *otext = rs->sr_text; BerVarray oref = rs->sr_ref; rs->sr_type = REP_RESULT; /* Propagate Abandons so that cleanup callbacks can be processed */ if ( rs->sr_err == SLAPD_ABANDON || op->o_abandon ) goto abandon; Debug( LDAP_DEBUG_TRACE, "send_ldap_result: %s p=%d\n", op->o_log_prefix, op->o_protocol ); Debug( LDAP_DEBUG_ARGS, "send_ldap_result: err=%d matched=\"%s\" text=\"%s\"\n", rs->sr_err, rs->sr_matched ? rs->sr_matched : "", rs->sr_text ? rs->sr_text : "" ); if( rs->sr_ref ) { Debug( LDAP_DEBUG_ARGS, "send_ldap_result: referral=\"%s\"\n", rs->sr_ref[0].bv_val ? rs->sr_ref[0].bv_val : "NULL" ); } assert( !LDAP_API_ERROR( rs->sr_err ) ); assert( rs->sr_err != LDAP_PARTIAL_RESULTS ); if ( rs->sr_err == LDAP_REFERRAL ) { if( op->o_domain_scope ) rs->sr_ref = NULL; if( rs->sr_ref == NULL ) { rs->sr_err = LDAP_NO_SUCH_OBJECT; } else if ( op->o_protocol < LDAP_VERSION3 ) { rs->sr_err = LDAP_PARTIAL_RESULTS; } } if ( op->o_protocol < LDAP_VERSION3 ) { tmp = v2ref( rs->sr_ref, rs->sr_text ); rs->sr_text = tmp; rs->sr_ref = NULL; } abandon: rs->sr_tag = slap_req2res( op->o_tag ); rs->sr_msgid = (rs->sr_tag != LBER_SEQUENCE) ? op->o_msgid : 0; if ( rs->sr_flags & REP_REF_MUSTBEFREED ) { if ( rs->sr_ref == NULL ) { rs->sr_flags ^= REP_REF_MUSTBEFREED; ber_bvarray_free( oref ); } oref = NULL; /* send_ldap_response() will free rs->sr_ref if != NULL */ } if ( send_ldap_response( op, rs ) == SLAP_CB_CONTINUE ) { if ( op->o_tag == LDAP_REQ_SEARCH ) { Statslog( LDAP_DEBUG_STATS, "%s SEARCH RESULT tag=%lu err=%d nentries=%d text=%s\n", op->o_log_prefix, rs->sr_tag, rs->sr_err, rs->sr_nentries, rs->sr_text ? rs->sr_text : "" ); } else { Statslog( LDAP_DEBUG_STATS, "%s RESULT tag=%lu err=%d text=%s\n", op->o_log_prefix, rs->sr_tag, rs->sr_err, rs->sr_text ? rs->sr_text : "" ); } } if( tmp != NULL ) ch_free(tmp); rs->sr_text = otext; rs->sr_ref = oref; }
int translate_ldap_error(int err, int op) { switch (err) { case LDAP_SUCCESS: return 0; case LDAP_OPERATIONS_ERROR: /* LDAP_OPERATIONS_ERROR: Indicates an internal error. The server is * unable to respond with a more specific error and is also unable * to properly respond to a request */ case LDAP_UNAVAILABLE_CRITICAL_EXTENSION: /* LDAP server was unable to satisfy a request because one or more * critical extensions were not available */ /* This might mean that the schema was not extended ... */ case LDAP_UNDEFINED_TYPE: /* The attribute specified in the modify or add operation does not * exist in the LDAP server's schema. */ return KRB5_KDB_INTERNAL_ERROR; case LDAP_INAPPROPRIATE_MATCHING: /* The matching rule specified in the search filter does not match a * rule defined for the attribute's syntax */ return KRB5_KDB_UK_RERROR; case LDAP_CONSTRAINT_VIOLATION: /* The attribute value specified in a modify, add, or modify DN * operation violates constraints placed on the attribute */ case LDAP_TYPE_OR_VALUE_EXISTS: /* The attribute value specified in a modify or add operation * already exists as a value for that attribute */ return KRB5_KDB_UK_SERROR; case LDAP_INVALID_SYNTAX: /* The attribute value specified in an add, compare, or modify * operation is an unrecognized or invalid syntax for the attribute */ if (op == OP_ADD || op == OP_MOD) return KRB5_KDB_UK_SERROR; else /* OP_CMP */ return KRB5_KDB_UK_RERROR; /* Ensure that the following don't occur in the DAL-LDAP code. * Don't rely on the LDAP server to catch it */ case LDAP_SASL_BIND_IN_PROGRESS: /* This is not an error. So, this function should not be called */ case LDAP_COMPARE_FALSE: case LDAP_COMPARE_TRUE: /* LDAP_COMPARE_FALSE and LDAP_COMPARE_TRUE are not errors. This * function should not be invoked for them */ case LDAP_RESULTS_TOO_LARGE: /* CLDAP */ case LDAP_TIMELIMIT_EXCEEDED: case LDAP_SIZELIMIT_EXCEEDED: return KRB5_KDB_SERVER_INTERNAL_ERR; case LDAP_INVALID_DN_SYNTAX: /* The syntax of the DN is incorrect */ return EINVAL; case LDAP_PROTOCOL_ERROR: /* LDAP_PROTOCOL_ERROR: Indicates that the server has received an * invalid or malformed request from the client */ case LDAP_CONFIDENTIALITY_REQUIRED: /* Bind problems ... */ case LDAP_AUTH_METHOD_NOT_SUPPORTED: /* case LDAP_STRONG_AUTH_NOT_SUPPORTED: // Is this a bind error ? */ case LDAP_INAPPROPRIATE_AUTH: case LDAP_INVALID_CREDENTIALS: case LDAP_UNAVAILABLE: case LDAP_SERVER_DOWN: /* Solaris Kerberos */ case LDAP_CONNECT_ERROR: /* Solaris Kerberos */ return KRB5_KDB_ACCESS_ERROR; case LDAP_STRONG_AUTH_REQUIRED: if (op == OP_BIND) /* the LDAP server accepts only strong authentication. */ return KRB5_KDB_ACCESS_ERROR; else /* Client requested an operation such that requires strong authentication */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_REFERRAL: return KRB5_KDB_NOENTRY; case LDAP_ADMINLIMIT_EXCEEDED: /* An LDAP server limit set by an administrative authority has been * exceeded */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_UNWILLING_TO_PERFORM: /* The LDAP server cannot process the request because of * server-defined restrictions */ return KRB5_KDB_CONSTRAINT_VIOLATION; case LDAP_NO_SUCH_ATTRIBUTE: /* Indicates that the attribute specified in the modify or compare * operation does not exist in the entry */ if (op == OP_MOD) return KRB5_KDB_UK_SERROR; else /* OP_CMP */ return KRB5_KDB_TRUNCATED_RECORD; case LDAP_ALIAS_DEREF_PROBLEM: /* Either the client does not have access rights to read the aliased * object's name or dereferencing is not allowed */ #ifdef LDAP_PROXY_AUTHZ_FAILURE case LDAP_PROXY_AUTHZ_FAILURE: // Is this correct ? #endif case LDAP_INSUFFICIENT_ACCESS: /* Caller does not have sufficient rights to perform the requested * operation */ return KRB5_KDB_UNAUTH; case LDAP_LOOP_DETECT: /* Client discovered an alias or referral loop */ return KRB5_KDB_DB_CORRUPT; default: if (LDAP_NAME_ERROR (err)) return KRB5_KDB_NOENTRY; /*LINTED*/ if (LDAP_SECURITY_ERROR (err)) return KRB5_KDB_UNAUTH; /*LINTED*/ if (LDAP_SERVICE_ERROR (err) || LDAP_API_ERROR (err) || LDAP_X_ERROR (err)) return KRB5_KDB_ACCESS_ERROR; /*LINTED*/ if (LDAP_UPDATE_ERROR(err)) return KRB5_KDB_UK_SERROR; /* LDAP_OTHER */ return KRB5_KDB_SERVER_INTERNAL_ERR; } }
int lds_search_async( char* _lds_name, char* _dn, int _scope, char* _filter, char** _attrs, struct timeval* _search_timeout, int* _ld_result_count, int* _ld_error, int* _msgidp) { struct ld_session* lds; struct timeval zerotime; #ifdef LDAP_PERF struct timeval before_search = { 0, 0 }, after_search = { 0, 0 }; #endif /* * get ld_handle */ if (get_connected_ldap_session(_lds_name, &lds) != 0) { LM_ERR("[%s]: couldn't get ldap session\n", _lds_name); return -1; } /* * free last_ldap_result */ if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } LM_DBG( "[%s]: performing LDAP search: dn [%s]," " scope [%d], filter [%s], client_timeout [%d] usecs\n", _lds_name, _dn, _scope, _filter, (int)(lds->client_search_timeout.tv_sec * 1000000 + lds->client_search_timeout.tv_usec)); #ifdef LDAP_PERF gettimeofday(&before_search, NULL); #endif /* * perform ldap search */ *_ld_error = ldap_search_ext( lds->handle, _dn, _scope, _filter, _attrs, 0, NULL, NULL, &lds->client_search_timeout, 0, _msgidp); #ifdef LDAP_PERF gettimeofday(&after_search, NULL); LM_INFO("[%s]: LDAP search took [%d] usecs\n", _lds_name, (int)((after_search.tv_sec * 1000000 + after_search.tv_usec) - (before_search.tv_sec * 1000000 + before_search.tv_usec))); #endif if (*_ld_error != LDAP_SUCCESS) { if (last_ldap_result != NULL) { ldap_msgfree(last_ldap_result); last_ldap_result = NULL; } if (LDAP_API_ERROR(*_ld_error)) { ldap_disconnect(_lds_name); } LM_DBG( "[%s]: ldap_search_ext_st failed: %s\n", _lds_name, ldap_err2string(*_ld_error)); return -1; } zerotime.tv_sec = zerotime.tv_usec = 0L; *_ld_error = ldap_result(lds->handle, *_msgidp, LDAP_MSG_ALL, &zerotime, &last_ldap_result); switch (*_ld_error) { case -1: LM_ERR("[%s]: ldap result failed\n", _lds_name); return -1; case 0: /* receive did not succeed; reactor needed */ return 0; default: /* receive successfull */ *_msgidp = -1; break; } last_ldap_handle = lds->handle; *_ld_result_count = ldap_count_entries(lds->handle, last_ldap_result); if (*_ld_result_count < 0) { LM_DBG("[%s]: ldap_count_entries failed\n", _lds_name); return -1; } return 0; }