Error handling changes including separation of client v. server

SASL to LDAP translation. plus comments and other minor changes
2025-12-23 08:09:34 -05:00 · 2000-05-03 18:59:58 +00:00 · 2000-05-03 18:59:58 +00:00 · d0555fffe6
commit d0555fffe6
parent 2783decefa
8 changed files with 81 additions and 28 deletions
--- a/include/ldap.h
+++ b/include/ldap.h
@ -102,6 +102,8 @@ LDAP_BEGIN_DECL
 /* 0x34 - 0x0fff not defined by current draft */
 #define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000  /* to 0x7FFF inclusive */
 /* private and experimental options */
 #define LDAP_OPT_DNS				0x4001	/* use DN & DNS */
@ -112,7 +114,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_NETWORK_TIMEOUT        0x5005  /* socket level timeout */
 #define LDAP_OPT_URI				0x5006
-/* TLS options */
+/* OpenLDAP TLS options */
 #define LDAP_OPT_X_TLS_CACERTFILE	0x6001
 #define LDAP_OPT_X_TLS_CACERTDIR	0x6002
 #define LDAP_OPT_X_TLS_CERT		0x6003
@ -129,7 +131,7 @@ LDAP_BEGIN_DECL
 #define LDAP_OPT_X_TLS_ALLOW		3
 #define LDAP_OPT_X_TLS_TRY		4
-/* SASL options */
+/* OpenLDAP SASL options */
 #define LDAP_OPT_X_SASL_MINSSF		0x6100
 #define LDAP_OPT_X_SASL_MAXSSF		0x6101
 #define LDAP_OPT_X_SASL_ACTSSF		0x6102
--- a/include/ldap_pvt.h
+++ b/include/ldap_pvt.h
@ -113,7 +113,6 @@ LIBLDAP_F (int) ldap_pvt_unhex( int c );
 LIBLDAP_F (int) ldap_pvt_sasl_init LDAP_P(( void )); /* clientside init */
 LIBLDAP_F (int) ldap_pvt_sasl_install LDAP_P(( Sockbuf *, void * ));
 LIBLDAP_F (int) ldap_pvt_sasl_err2ldap LDAP_P(( int ));
 LIBLDAP_F (int) ldap_pvt_sasl_bind LDAP_P(( LDAP *, LDAP_CONST char *,
 	LDAP_CONST char *, LDAP_CONST sasl_callback_t *, LDAPControl **,
 	LDAPControl ** ));
--- a/libraries/libldap/kbind.c
+++ b/libraries/libldap/kbind.c
@ -269,7 +269,7 @@ ldap_get_kerberosv4_credentials(
 		fprintf( stderr, "krb_get_tf_realm failed (%s)\n",
 		    krb_err_txt[err] );
 #endif /* LDAP_LIBUI */
-		ld->ld_errno = LDAP_INVALID_CREDENTIALS;
+		ld->ld_errno = LDAP_AUTH_UNKNOWN;
 		return( NULL );
 	}
@ -287,7 +287,7 @@ ldap_get_kerberosv4_credentials(
 #ifdef LDAP_LIBUI
 		fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] );
 #endif /* LDAP_LIBUI */
-		ld->ld_errno = LDAP_INVALID_CREDENTIALS;
+		ld->ld_errno = LDAP_AUTH_UNKNOWN;
 		return( NULL );
 	}
--- a/libraries/libldap/libldap.dsp
+++ b/libraries/libldap/libldap.dsp
@ -355,6 +355,10 @@ SOURCE=.\string.c
 # End Source File
 # Begin Source File
 SOURCE=.\tls.c
 # End Source File
 # Begin Source File
 SOURCE=.\ufn.c
 # End Source File
 # Begin Source File
--- a/libraries/libldap/sasl.c
+++ b/libraries/libldap/sasl.c
@ -497,42 +497,43 @@ static int sasl_close( Sockbuf *sb )
 	(ber_pvt_sb_io_tcp.sbi_close)( sb );
 }
-int
+static int
-ldap_pvt_sasl_err2ldap( int saslerr )
+sasl_err2ldap( int saslerr )
 {
 	int rc;
 	switch (saslerr) {
 		case SASL_CONTINUE:
-			rc = LDAP_SASL_BIND_IN_PROGRESS;
+			rc = LDAP_MORE_RESULTS_TO_RETURN;
 			break;
 		case SASL_OK:
 			rc = LDAP_SUCCESS;
 			break;
 		case SASL_FAIL:
-			rc = LDAP_OPERATIONS_ERROR;
+			rc = LDAP_LOCAL_ERROR;
 			break;
 		case SASL_NOMEM:
 			rc = LDAP_NO_MEMORY;
 			break;
 		case SASL_NOMECH:
-			rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
+			rc = LDAP_AUTH_UNKNOWN;
 			break;
 		case SASL_BADAUTH:
-			rc = LDAP_INVALID_CREDENTIALS;
+			rc = LDAP_AUTH_UNKNOWN;
 			break;
 		case SASL_NOAUTHZ:
-			rc = LDAP_INSUFFICIENT_ACCESS;
+			rc = LDAP_PARAM_ERROR;
 			break;
 		case SASL_TOOWEAK:
 		case SASL_ENCRYPT:
-			rc = LDAP_INAPPROPRIATE_AUTH;
+			rc = LDAP_AUTH_UNKNOWN;
 			break;
 		default:
-			rc = LDAP_OPERATIONS_ERROR;
+			rc = LDAP_LOCAL_ERROR;
 			break;
 	}
 	assert( rc == LDAP_SUCCESS || LDAP_API_ERROR( rc ) );
 	return rc;
 }
@ -656,7 +657,7 @@ ldap_pvt_sasl_bind(
 	if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
 		LDAP_FREE( mechlist );
-		ld->ld_errno = ldap_pvt_sasl_err2ldap( rc );
+		ld->ld_errno = sasl_err2ldap( rc );
 		sasl_dispose( &ld->ld_sasl_context );
 		return ld->ld_errno;
 	}
@ -675,7 +676,7 @@ ldap_pvt_sasl_bind(
 	LDAP_FREE( mechlist );
 	if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
-		ld->ld_errno = ldap_pvt_sasl_err2ldap( saslrc );
+		ld->ld_errno = sasl_err2ldap( saslrc );
 		sasl_dispose( &ld->ld_sasl_context );
 		return ld->ld_errno;
 	}
@ -711,7 +712,7 @@ ldap_pvt_sasl_bind(
 		ber_bvfree( scred );
 		if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
-			ld->ld_errno = ldap_pvt_sasl_err2ldap( saslrc );
+			ld->ld_errno = sasl_err2ldap( saslrc );
 			sasl_dispose( &ld->ld_sasl_context );
 			return ld->ld_errno;
 		}
--- a/libraries/libldap_r/libldap_r.dsp
+++ b/libraries/libldap_r/libldap_r.dsp
@ -348,6 +348,10 @@ SOURCE=.\thr_stub.c
 # End Source File
 # Begin Source File
 SOURCE=..\libldap\tls.c
 # End Source File
 # Begin Source File
 SOURCE=..\libldap\ufn.c
 # End Source File
 # Begin Source File
--- a/servers/slapd/sasl.c
+++ b/servers/slapd/sasl.c
@ -19,7 +19,7 @@ char **supportedSASLMechanisms = NULL;
 char *sasl_host = NULL;
 #ifdef HAVE_CYRUS_SASL
-static void *sasl_pvt_mutex_new(void)
+static void *slap_sasl_mutex_new(void)
 {
 	ldap_pvt_thread_mutex_t *mutex;
@ -30,22 +30,62 @@ static void *sasl_pvt_mutex_new(void)
 	return NULL;
 }
-static int sasl_pvt_mutex_lock(void *mutex)
+static int slap_sasl_mutex_lock(void *mutex)
 {
 	return ldap_pvt_thread_mutex_lock( (ldap_pvt_thread_mutex_t *)mutex );
 }
-static int sasl_pvt_mutex_unlock(void *mutex)
+static int slap_sasl_mutex_unlock(void *mutex)
 {
 	return ldap_pvt_thread_mutex_unlock( (ldap_pvt_thread_mutex_t *)mutex );
 }
-static void sasl_pvt_mutex_dispose(void *mutex)
+static void slap_sasl_mutex_dispose(void *mutex)
 {
 	(void) ldap_pvt_thread_mutex_destroy( (ldap_pvt_thread_mutex_t *)mutex );
 	free( mutex );
 }
 static int
 slap_sasl_err2ldap( int saslerr )
 {
 	int rc;
 	switch (saslerr) {
 		case SASL_CONTINUE:
 			rc = LDAP_SASL_BIND_IN_PROGRESS;
 			break;
 		case SASL_OK:
 			rc = LDAP_SUCCESS;
 			break;
 		case SASL_FAIL:
 			rc = LDAP_OTHER;
 			break;
 		case SASL_NOMEM:
 			rc = LDAP_OTHER;
 			break;
 		case SASL_NOMECH:
 			rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
 			break;
 		case SASL_BADAUTH:
 			rc = LDAP_INVALID_CREDENTIALS;
 			break;
 		case SASL_NOAUTHZ:
 			rc = LDAP_INSUFFICIENT_ACCESS;
 			break;
 		case SASL_TOOWEAK:
 		case SASL_ENCRYPT:
 			rc = LDAP_INAPPROPRIATE_AUTH;
 			break;
 		default:
 			rc = LDAP_OTHER;
 			break;
 	}
 	return rc;
 }
 int sasl_init( void )
 {
 	int rc;
@ -54,8 +94,11 @@ int sasl_init( void )
 	sasl_set_alloc( ch_malloc, ch_calloc, ch_realloc, ch_free ); 
-	sasl_set_mutex( sasl_pvt_mutex_new, sasl_pvt_mutex_lock,
+	sasl_set_mutex(
-		sasl_pvt_mutex_unlock, sasl_pvt_mutex_dispose );
+		slap_sasl_mutex_new,
 		slap_sasl_mutex_lock,
 		slap_sasl_mutex_unlock,
 		slap_sasl_mutex_dispose );
 	rc = sasl_server_init( NULL, "slapd" );
@ -188,7 +231,7 @@ int sasl_bind(
 				cred->bv_val, cred->bv_len, (char **)&response.bv_val,
 				(unsigned *)&response.bv_len, &errstr );
 			if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
-				send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
+				send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
 					NULL, errstr, NULL, NULL );
 			}
 		}
@ -196,7 +239,7 @@ int sasl_bind(
 		sc = sasl_server_step( conn->c_sasl_bind_context, cred->bv_val, cred->bv_len,
 			(char **)&response.bv_val, (unsigned *)&response.bv_len, &errstr );
 		if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
-			send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
+			send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
 				NULL, errstr, NULL, NULL );
 		}
 	}
@ -206,7 +249,7 @@ int sasl_bind(
 		if ( ( sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME,
 			(void **)&authzid ) ) != SASL_OK ) {
-			send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
+			send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
 				NULL, NULL, NULL, NULL );
 		} else {