You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

148 lines
6.0 KiB

  1. package ldap
  2. import (
  3. "fmt"
  4. "gopkg.in/asn1-ber.v1"
  5. )
  6. // LDAP Result Codes
  7. const (
  8. LDAPResultSuccess = 0
  9. LDAPResultOperationsError = 1
  10. LDAPResultProtocolError = 2
  11. LDAPResultTimeLimitExceeded = 3
  12. LDAPResultSizeLimitExceeded = 4
  13. LDAPResultCompareFalse = 5
  14. LDAPResultCompareTrue = 6
  15. LDAPResultAuthMethodNotSupported = 7
  16. LDAPResultStrongAuthRequired = 8
  17. LDAPResultReferral = 10
  18. LDAPResultAdminLimitExceeded = 11
  19. LDAPResultUnavailableCriticalExtension = 12
  20. LDAPResultConfidentialityRequired = 13
  21. LDAPResultSaslBindInProgress = 14
  22. LDAPResultNoSuchAttribute = 16
  23. LDAPResultUndefinedAttributeType = 17
  24. LDAPResultInappropriateMatching = 18
  25. LDAPResultConstraintViolation = 19
  26. LDAPResultAttributeOrValueExists = 20
  27. LDAPResultInvalidAttributeSyntax = 21
  28. LDAPResultNoSuchObject = 32
  29. LDAPResultAliasProblem = 33
  30. LDAPResultInvalidDNSyntax = 34
  31. LDAPResultAliasDereferencingProblem = 36
  32. LDAPResultInappropriateAuthentication = 48
  33. LDAPResultInvalidCredentials = 49
  34. LDAPResultInsufficientAccessRights = 50
  35. LDAPResultBusy = 51
  36. LDAPResultUnavailable = 52
  37. LDAPResultUnwillingToPerform = 53
  38. LDAPResultLoopDetect = 54
  39. LDAPResultNamingViolation = 64
  40. LDAPResultObjectClassViolation = 65
  41. LDAPResultNotAllowedOnNonLeaf = 66
  42. LDAPResultNotAllowedOnRDN = 67
  43. LDAPResultEntryAlreadyExists = 68
  44. LDAPResultObjectClassModsProhibited = 69
  45. LDAPResultAffectsMultipleDSAs = 71
  46. LDAPResultOther = 80
  47. ErrorNetwork = 200
  48. ErrorFilterCompile = 201
  49. ErrorFilterDecompile = 202
  50. ErrorDebugging = 203
  51. ErrorUnexpectedMessage = 204
  52. ErrorUnexpectedResponse = 205
  53. )
  54. // LDAPResultCodeMap contains string descriptions for LDAP error codes
  55. var LDAPResultCodeMap = map[uint8]string{
  56. LDAPResultSuccess: "Success",
  57. LDAPResultOperationsError: "Operations Error",
  58. LDAPResultProtocolError: "Protocol Error",
  59. LDAPResultTimeLimitExceeded: "Time Limit Exceeded",
  60. LDAPResultSizeLimitExceeded: "Size Limit Exceeded",
  61. LDAPResultCompareFalse: "Compare False",
  62. LDAPResultCompareTrue: "Compare True",
  63. LDAPResultAuthMethodNotSupported: "Auth Method Not Supported",
  64. LDAPResultStrongAuthRequired: "Strong Auth Required",
  65. LDAPResultReferral: "Referral",
  66. LDAPResultAdminLimitExceeded: "Admin Limit Exceeded",
  67. LDAPResultUnavailableCriticalExtension: "Unavailable Critical Extension",
  68. LDAPResultConfidentialityRequired: "Confidentiality Required",
  69. LDAPResultSaslBindInProgress: "Sasl Bind In Progress",
  70. LDAPResultNoSuchAttribute: "No Such Attribute",
  71. LDAPResultUndefinedAttributeType: "Undefined Attribute Type",
  72. LDAPResultInappropriateMatching: "Inappropriate Matching",
  73. LDAPResultConstraintViolation: "Constraint Violation",
  74. LDAPResultAttributeOrValueExists: "Attribute Or Value Exists",
  75. LDAPResultInvalidAttributeSyntax: "Invalid Attribute Syntax",
  76. LDAPResultNoSuchObject: "No Such Object",
  77. LDAPResultAliasProblem: "Alias Problem",
  78. LDAPResultInvalidDNSyntax: "Invalid DN Syntax",
  79. LDAPResultAliasDereferencingProblem: "Alias Dereferencing Problem",
  80. LDAPResultInappropriateAuthentication: "Inappropriate Authentication",
  81. LDAPResultInvalidCredentials: "Invalid Credentials",
  82. LDAPResultInsufficientAccessRights: "Insufficient Access Rights",
  83. LDAPResultBusy: "Busy",
  84. LDAPResultUnavailable: "Unavailable",
  85. LDAPResultUnwillingToPerform: "Unwilling To Perform",
  86. LDAPResultLoopDetect: "Loop Detect",
  87. LDAPResultNamingViolation: "Naming Violation",
  88. LDAPResultObjectClassViolation: "Object Class Violation",
  89. LDAPResultNotAllowedOnNonLeaf: "Not Allowed On Non Leaf",
  90. LDAPResultNotAllowedOnRDN: "Not Allowed On RDN",
  91. LDAPResultEntryAlreadyExists: "Entry Already Exists",
  92. LDAPResultObjectClassModsProhibited: "Object Class Mods Prohibited",
  93. LDAPResultAffectsMultipleDSAs: "Affects Multiple DSAs",
  94. LDAPResultOther: "Other",
  95. }
  96. func getLDAPResultCode(packet *ber.Packet) (code uint8, description string) {
  97. if packet == nil {
  98. return ErrorUnexpectedResponse, "Empty packet"
  99. } else if len(packet.Children) >= 2 {
  100. response := packet.Children[1]
  101. if response == nil {
  102. return ErrorUnexpectedResponse, "Empty response in packet"
  103. }
  104. if response.ClassType == ber.ClassApplication && response.TagType == ber.TypeConstructed && len(response.Children) >= 3 {
  105. // Children[1].Children[2] is the diagnosticMessage which is guaranteed to exist as seen here: https://tools.ietf.org/html/rfc4511#section-4.1.9
  106. return uint8(response.Children[0].Value.(int64)), response.Children[2].Value.(string)
  107. }
  108. }
  109. return ErrorNetwork, "Invalid packet format"
  110. }
  111. // Error holds LDAP error information
  112. type Error struct {
  113. // Err is the underlying error
  114. Err error
  115. // ResultCode is the LDAP error code
  116. ResultCode uint8
  117. }
  118. func (e *Error) Error() string {
  119. return fmt.Sprintf("LDAP Result Code %d %q: %s", e.ResultCode, LDAPResultCodeMap[e.ResultCode], e.Err.Error())
  120. }
  121. // NewError creates an LDAP error with the given code and underlying error
  122. func NewError(resultCode uint8, err error) error {
  123. return &Error{ResultCode: resultCode, Err: err}
  124. }
  125. // IsErrorWithCode returns true if the given error is an LDAP error with the given result code
  126. func IsErrorWithCode(err error, desiredResultCode uint8) bool {
  127. if err == nil {
  128. return false
  129. }
  130. serverError, ok := err.(*Error)
  131. if !ok {
  132. return false
  133. }
  134. return serverError.ResultCode == desiredResultCode
  135. }