upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 08:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Error handling changes including separation of client v. server

Browse source 
SASL to LDAP translation.  plus comments and other minor changes
This commit is contained in:
Kurt Zeilenga 2000-05-03 18:59:58 +00:00
parent 2783decefa
commit d0555fffe6
8 changed files with 81 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
include/ldap.h
View file

@ -102,6 +102,8 @@ LDAP_BEGIN_DECL
/* 0x34 - 0x0fff not defined by current draft */
#define LDAP_OPT_PRIVATE_EXTENSION_BASE 0x4000 /* to 0x7FFF inclusive */
/* private and experimental options */
#define LDAP_OPT_DNS 0x4001 /* use DN & DNS */
@ -112,7 +114,7 @@ LDAP_BEGIN_DECL
#define LDAP_OPT_NETWORK_TIMEOUT 0x5005 /* socket level timeout */
#define LDAP_OPT_URI 0x5006
/* TLS options */
/* OpenLDAP TLS options */
#define LDAP_OPT_X_TLS_CACERTFILE 0x6001
#define LDAP_OPT_X_TLS_CACERTDIR 0x6002
#define LDAP_OPT_X_TLS_CERT 0x6003
@ -129,7 +131,7 @@ LDAP_BEGIN_DECL
#define LDAP_OPT_X_TLS_ALLOW 3
#define LDAP_OPT_X_TLS_TRY 4
/* SASL options */
/* OpenLDAP SASL options */
#define LDAP_OPT_X_SASL_MINSSF 0x6100
#define LDAP_OPT_X_SASL_MAXSSF 0x6101
#define LDAP_OPT_X_SASL_ACTSSF 0x6102

1
include/ldap_pvt.h
View file

@ -113,7 +113,6 @@ LIBLDAP_F (int) ldap_pvt_unhex( int c );
LIBLDAP_F (int) ldap_pvt_sasl_init LDAP_P(( void )); /* clientside init */
LIBLDAP_F (int) ldap_pvt_sasl_install LDAP_P(( Sockbuf *, void * ));
LIBLDAP_F (int) ldap_pvt_sasl_err2ldap LDAP_P(( int ));
LIBLDAP_F (int) ldap_pvt_sasl_bind LDAP_P(( LDAP *, LDAP_CONST char *,
LDAP_CONST char *, LDAP_CONST sasl_callback_t *, LDAPControl **,
LDAPControl ** ));

4
libraries/libldap/kbind.c
View file

@ -269,7 +269,7 @@ ldap_get_kerberosv4_credentials(
fprintf( stderr, "krb_get_tf_realm failed (%s)\n",
krb_err_txt[err] );
#endif /* LDAP_LIBUI */
ld->ld_errno = LDAP_INVALID_CREDENTIALS;
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}
@ -287,7 +287,7 @@ ldap_get_kerberosv4_credentials(
#ifdef LDAP_LIBUI
fprintf( stderr, "krb_mk_req failed (%s)\n", krb_err_txt[err] );
#endif /* LDAP_LIBUI */
ld->ld_errno = LDAP_INVALID_CREDENTIALS;
ld->ld_errno = LDAP_AUTH_UNKNOWN;
return( NULL );
}

4
libraries/libldap/libldap.dsp
View file

@ -355,6 +355,10 @@ SOURCE=.\string.c
# End Source File
# Begin Source File
SOURCE=.\tls.c
# End Source File
# Begin Source File
SOURCE=.\ufn.c
# End Source File
# Begin Source File

25
libraries/libldap/sasl.c
View file

@ -497,42 +497,43 @@ static int sasl_close( Sockbuf *sb )
(ber_pvt_sb_io_tcp.sbi_close)( sb );
}
int
ldap_pvt_sasl_err2ldap( int saslerr )
static int
sasl_err2ldap( int saslerr )
{
int rc;
switch (saslerr) {
case SASL_CONTINUE:
rc = LDAP_SASL_BIND_IN_PROGRESS;
rc = LDAP_MORE_RESULTS_TO_RETURN;
break;
case SASL_OK:
rc = LDAP_SUCCESS;
break;
case SASL_FAIL:
rc = LDAP_OPERATIONS_ERROR;
rc = LDAP_LOCAL_ERROR;
break;
case SASL_NOMEM:
rc = LDAP_NO_MEMORY;
break;
case SASL_NOMECH:
rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
rc = LDAP_AUTH_UNKNOWN;
break;
case SASL_BADAUTH:
rc = LDAP_INVALID_CREDENTIALS;
rc = LDAP_AUTH_UNKNOWN;
break;
case SASL_NOAUTHZ:
rc = LDAP_INSUFFICIENT_ACCESS;
rc = LDAP_PARAM_ERROR;
break;
case SASL_TOOWEAK:
case SASL_ENCRYPT:
rc = LDAP_INAPPROPRIATE_AUTH;
rc = LDAP_AUTH_UNKNOWN;
break;
default:
rc = LDAP_OPERATIONS_ERROR;
rc = LDAP_LOCAL_ERROR;
break;
}
assert( rc == LDAP_SUCCESS || LDAP_API_ERROR( rc ) );
return rc;
}
@ -656,7 +657,7 @@ ldap_pvt_sasl_bind(
if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
LDAP_FREE( mechlist );
ld->ld_errno = ldap_pvt_sasl_err2ldap( rc );
ld->ld_errno = sasl_err2ldap( rc );
sasl_dispose( &ld->ld_sasl_context );
return ld->ld_errno;
}
@ -675,7 +676,7 @@ ldap_pvt_sasl_bind(
LDAP_FREE( mechlist );
if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
ld->ld_errno = ldap_pvt_sasl_err2ldap( saslrc );
ld->ld_errno = sasl_err2ldap( saslrc );
sasl_dispose( &ld->ld_sasl_context );
return ld->ld_errno;
}
@ -711,7 +712,7 @@ ldap_pvt_sasl_bind(
ber_bvfree( scred );
if ( (saslrc != SASL_OK) && (saslrc != SASL_CONTINUE) ) {
ld->ld_errno = ldap_pvt_sasl_err2ldap( saslrc );
ld->ld_errno = sasl_err2ldap( saslrc );
sasl_dispose( &ld->ld_sasl_context );
return ld->ld_errno;
}

4
libraries/libldap_r/libldap_r.dsp
View file

@ -348,6 +348,10 @@ SOURCE=.\thr_stub.c
# End Source File
# Begin Source File
SOURCE=..\libldap\tls.c
# End Source File
# Begin Source File
SOURCE=..\libldap\ufn.c
# End Source File
# Begin Source File

61
servers/slapd/sasl.c
View file

@ -19,7 +19,7 @@ char **supportedSASLMechanisms = NULL;
char *sasl_host = NULL;
#ifdef HAVE_CYRUS_SASL
static void *sasl_pvt_mutex_new(void)
static void *slap_sasl_mutex_new(void)
{
ldap_pvt_thread_mutex_t *mutex;
@ -30,22 +30,62 @@ static void *sasl_pvt_mutex_new(void)
return NULL;
}
static int sasl_pvt_mutex_lock(void *mutex)
static int slap_sasl_mutex_lock(void *mutex)
{
return ldap_pvt_thread_mutex_lock( (ldap_pvt_thread_mutex_t *)mutex );
}
static int sasl_pvt_mutex_unlock(void *mutex)
static int slap_sasl_mutex_unlock(void *mutex)
{
return ldap_pvt_thread_mutex_unlock( (ldap_pvt_thread_mutex_t *)mutex );
}
static void sasl_pvt_mutex_dispose(void *mutex)
static void slap_sasl_mutex_dispose(void *mutex)
{
(void) ldap_pvt_thread_mutex_destroy( (ldap_pvt_thread_mutex_t *)mutex );
free( mutex );
}
static int
slap_sasl_err2ldap( int saslerr )
{
int rc;
switch (saslerr) {
case SASL_CONTINUE:
rc = LDAP_SASL_BIND_IN_PROGRESS;
break;
case SASL_OK:
rc = LDAP_SUCCESS;
break;
case SASL_FAIL:
rc = LDAP_OTHER;
break;
case SASL_NOMEM:
rc = LDAP_OTHER;
break;
case SASL_NOMECH:
rc = LDAP_AUTH_METHOD_NOT_SUPPORTED;
break;
case SASL_BADAUTH:
rc = LDAP_INVALID_CREDENTIALS;
break;
case SASL_NOAUTHZ:
rc = LDAP_INSUFFICIENT_ACCESS;
break;
case SASL_TOOWEAK:
case SASL_ENCRYPT:
rc = LDAP_INAPPROPRIATE_AUTH;
break;
default:
rc = LDAP_OTHER;
break;
}
return rc;
}
int sasl_init( void )
{
int rc;
@ -54,8 +94,11 @@ int sasl_init( void )
sasl_set_alloc( ch_malloc, ch_calloc, ch_realloc, ch_free );
sasl_set_mutex( sasl_pvt_mutex_new, sasl_pvt_mutex_lock,
sasl_pvt_mutex_unlock, sasl_pvt_mutex_dispose );
sasl_set_mutex(
slap_sasl_mutex_new,
slap_sasl_mutex_lock,
slap_sasl_mutex_unlock,
slap_sasl_mutex_dispose );
rc = sasl_server_init( NULL, "slapd" );
@ -188,7 +231,7 @@ int sasl_bind(
cred->bv_val, cred->bv_len, (char **)&response.bv_val,
(unsigned *)&response.bv_len, &errstr );
if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
NULL, errstr, NULL, NULL );
}
}
@ -196,7 +239,7 @@ int sasl_bind(
sc = sasl_server_step( conn->c_sasl_bind_context, cred->bv_val, cred->bv_len,
(char **)&response.bv_val, (unsigned *)&response.bv_len, &errstr );
if ( (sc != SASL_OK) && (sc != SASL_CONTINUE) ) {
send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
NULL, errstr, NULL, NULL );
}
}
@ -206,7 +249,7 @@ int sasl_bind(
if ( ( sc = sasl_getprop( conn->c_sasl_bind_context, SASL_USERNAME,
(void **)&authzid ) ) != SASL_OK ) {
send_ldap_result( conn, op, rc = ldap_pvt_sasl_err2ldap( sc ),
send_ldap_result( conn, op, rc = slap_sasl_err2ldap( sc ),
NULL, NULL, NULL, NULL );
} else {