1 /*
2    Unix SMB/CIFS Implementation.
3    LDAP protocol helper functions for SAMBA
4    Copyright (C) Volker Lendecke 2004
5 
6    This program is free software; you can redistribute it and/or modify
7    it under the terms of the GNU General Public License as published by
8    the Free Software Foundation; either version 2 of the License, or
9    (at your option) any later version.
10 
11    This program is distributed in the hope that it will be useful,
12    but WITHOUT ANY WARRANTY; without even the implied warranty of
13    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
14    GNU General Public License for more details.
15 
16    You should have received a copy of the GNU General Public License
17    along with this program; if not, write to the Free Software
18    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
19 
20 */
21 
22 #ifndef _SMB_LDAP_H
23 #define _SMB_LDAP_H
24 
25 #include "lib/ldb/include/ldb.h"
26 
27 enum ldap_request_tag {
28 	LDAP_TAG_BindRequest = 0,
29 	LDAP_TAG_BindResponse = 1,
30 	LDAP_TAG_UnbindRequest = 2,
31 	LDAP_TAG_SearchRequest = 3,
32 	LDAP_TAG_SearchResultEntry = 4,
33 	LDAP_TAG_SearchResultDone = 5,
34 	LDAP_TAG_ModifyRequest = 6,
35 	LDAP_TAG_ModifyResponse = 7,
36 	LDAP_TAG_AddRequest = 8,
37 	LDAP_TAG_AddResponse = 9,
38 	LDAP_TAG_DelRequest = 10,
39 	LDAP_TAG_DelResponse = 11,
40 	LDAP_TAG_ModifyDNRequest = 12,
41 	LDAP_TAG_ModifyDNResponse = 13,
42 	LDAP_TAG_CompareRequest = 14,
43 	LDAP_TAG_CompareResponse = 15,
44 	LDAP_TAG_AbandonRequest = 16,
45 	LDAP_TAG_SearchResultReference = 19,
46 	LDAP_TAG_ExtendedRequest = 23,
47 	LDAP_TAG_ExtendedResponse = 24
48 };
49 
50 enum ldap_auth_mechanism {
51 	LDAP_AUTH_MECH_SIMPLE = 0,
52 	LDAP_AUTH_MECH_SASL = 3
53 };
54 
55 enum ldap_result_code {
56 	LDAP_SUCCESS				= 0,
57 	LDAP_OPERATIONS_ERROR			= 1,
58 	LDAP_PROTOCOL_ERROR			= 2,
59 	LDAP_TIME_LIMIT_EXCEEDED		= 3,
60 	LDAP_SIZE_LIMIT_EXCEEDED		= 4,
61 	LDAP_COMPARE_FALSE			= 5,
62 	LDAP_COMPARE_TRUE			= 6,
63 	LDAP_AUTH_METHOD_NOT_SUPPORTED		= 7,
64 	LDAP_STRONG_AUTH_REQUIRED		= 8,
65 	LDAP_REFERRAL				= 10,
66 	LDAP_ADMIN_LIMIT_EXCEEDED		= 11,
67 	LDAP_UNAVAILABLE_CRITICAL_EXTENSION	= 12,
68 	LDAP_CONFIDENTIALITY_REQUIRED		= 13,
69 	LDAP_SASL_BIND_IN_PROGRESS		= 14,
70 	LDAP_NO_SUCH_ATTRIBUTE			= 16,
71 	LDAP_UNDEFINED_ATTRIBUTE_TYPE		= 17,
72 	LDAP_INAPPROPRIATE_MATCHING		= 18,
73 	LDAP_CONSTRAINT_VIOLATION		= 19,
74 	LDAP_ATTRIBUTE_OR_VALUE_EXISTS		= 20,
75 	LDAP_INVALID_ATTRIBUTE_SYNTAX		= 21,
76 	LDAP_NO_SUCH_OBJECT			= 32,
77 	LDAP_ALIAS_PROBLEM			= 33,
78 	LDAP_INVALID_DN_SYNTAX			= 34,
79 	LDAP_ALIAS_DEREFERENCING_PROBLEM	= 36,
80 	LDAP_INAPPROPRIATE_AUTHENTICATION	= 48,
81 	LDAP_INVALID_CREDENTIALS		= 49,
82 	LDAP_INSUFFICIENT_ACCESS_RIGHTs		= 50,
83 	LDAP_BUSY				= 51,
84 	LDAP_UNAVAILABLE			= 52,
85 	LDAP_UNWILLING_TO_PERFORM		= 53,
86 	LDAP_LOOP_DETECT			= 54,
87 	LDAP_NAMING_VIOLATION			= 64,
88 	LDAP_OBJECT_CLASS_VIOLATION		= 65,
89 	LDAP_NOT_ALLOWED_ON_NON_LEAF		= 66,
90 	LDAP_NOT_ALLOWED_ON_RDN			= 67,
91 	LDAP_ENTRY_ALREADY_EXISTS		= 68,
92 	LDAP_OBJECT_CLASS_MODS_PROHIBITED	= 69,
93 	LDAP_AFFECTS_MULTIPLE_DSAS		= 71,
94 	LDAP_OTHER 				= 80
95 };
96 
97 struct ldap_Result {
98 	int resultcode;
99 	const char *dn;
100 	const char *errormessage;
101 	const char *referral;
102 };
103 
104 struct ldap_BindRequest {
105 	int version;
106 	const char *dn;
107 	enum ldap_auth_mechanism mechanism;
108 	union {
109 		const char *password;
110 		struct {
111 			const char *mechanism;
112 			DATA_BLOB *secblob;/* optional */
113 		} SASL;
114 	} creds;
115 };
116 
117 struct ldap_BindResponse {
118 	struct ldap_Result response;
119 	union {
120 		DATA_BLOB *secblob;/* optional */
121 	} SASL;
122 };
123 
124 struct ldap_UnbindRequest {
125 	uint8_t __dummy;
126 };
127 
128 enum ldap_scope {
129 	LDAP_SEARCH_SCOPE_BASE = 0,
130 	LDAP_SEARCH_SCOPE_SINGLE = 1,
131 	LDAP_SEARCH_SCOPE_SUB = 2
132 };
133 
134 enum ldap_deref {
135 	LDAP_DEREFERENCE_NEVER = 0,
136 	LDAP_DEREFERENCE_IN_SEARCHING = 1,
137 	LDAP_DEREFERENCE_FINDING_BASE = 2,
138 	LDAP_DEREFERENCE_ALWAYS
139 };
140 
141 struct ldap_SearchRequest {
142 	const char *basedn;
143 	enum ldap_scope scope;
144 	enum ldap_deref deref;
145 	uint32_t timelimit;
146 	uint32_t sizelimit;
147 	BOOL attributesonly;
148 	struct ldb_parse_tree *tree;
149 	int num_attributes;
150 	const char **attributes;
151 };
152 
153 struct ldap_SearchResEntry {
154 	const char *dn;
155 	int num_attributes;
156 	struct ldb_message_element *attributes;
157 };
158 
159 struct ldap_SearchResRef {
160 	const char *referral;
161 };
162 
163 enum ldap_modify_type {
164 	LDAP_MODIFY_NONE = -1,
165 	LDAP_MODIFY_ADD = 0,
166 	LDAP_MODIFY_DELETE = 1,
167 	LDAP_MODIFY_REPLACE = 2
168 };
169 
170 struct ldap_mod {
171 	enum ldap_modify_type type;
172 	struct ldb_message_element attrib;
173 };
174 
175 struct ldap_ModifyRequest {
176 	const char *dn;
177 	int num_mods;
178 	struct ldap_mod *mods;
179 };
180 
181 struct ldap_AddRequest {
182 	const char *dn;
183 	int num_attributes;
184 	struct ldb_message_element *attributes;
185 };
186 
187 struct ldap_DelRequest {
188 	const char *dn;
189 };
190 
191 struct ldap_ModifyDNRequest {
192 	const char *dn;
193 	const char *newrdn;
194 	BOOL deleteolddn;
195 	const char *newsuperior;/* optional */
196 };
197 
198 struct ldap_CompareRequest {
199 	const char *dn;
200 	const char *attribute;
201 	DATA_BLOB value;
202 };
203 
204 struct ldap_AbandonRequest {
205 	uint32_t messageid;
206 };
207 
208 struct ldap_ExtendedRequest {
209 	const char *oid;
210 	DATA_BLOB *value;/* optional */
211 };
212 
213 struct ldap_ExtendedResponse {
214 	struct ldap_Result response;
215 	const char *oid;/* optional */
216 	DATA_BLOB *value;/* optional */
217 };
218 
219 union ldap_Request {
220 	struct ldap_Result 		GeneralResult;
221 	struct ldap_BindRequest 	BindRequest;
222 	struct ldap_BindResponse 	BindResponse;
223 	struct ldap_UnbindRequest 	UnbindRequest;
224 	struct ldap_SearchRequest 	SearchRequest;
225 	struct ldap_SearchResEntry 	SearchResultEntry;
226 	struct ldap_Result 		SearchResultDone;
227 	struct ldap_SearchResRef 	SearchResultReference;
228 	struct ldap_ModifyRequest 	ModifyRequest;
229 	struct ldap_Result 		ModifyResponse;
230 	struct ldap_AddRequest 		AddRequest;
231 	struct ldap_Result 		AddResponse;
232 	struct ldap_DelRequest 		DelRequest;
233 	struct ldap_Result 		DelResponse;
234 	struct ldap_ModifyDNRequest 	ModifyDNRequest;
235 	struct ldap_Result 		ModifyDNResponse;
236 	struct ldap_CompareRequest 	CompareRequest;
237 	struct ldap_Result 		CompareResponse;
238 	struct ldap_AbandonRequest 	AbandonRequest;
239 	struct ldap_ExtendedRequest 	ExtendedRequest;
240 	struct ldap_ExtendedResponse 	ExtendedResponse;
241 };
242 
243 struct ldap_message {
244 	int                     messageid;
245 	enum ldap_request_tag   type;
246 	union ldap_Request      r;
247 	struct ldb_control    **controls;
248 };
249 
250 struct event_context;
251 struct cli_credentials;
252 struct dom_sid;
253 struct asn1_data;
254 
255 #include "libcli/ldap/ldap_proto.h"
256 
257 #endif
258