1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #ifndef _LDAP_H_ 6 #define _LDAP_H_ 7 8 #include "certt.h" 9 #include "pkixt.h" 10 11 #ifdef __cplusplus 12 extern "C" { 13 #endif 14 15 extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[]; 16 SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate) 17 extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[]; 18 SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate) 19 extern const SEC_ASN1Template LDAPFilterTemplate[]; 20 SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate) 21 22 /* ********************************************************************** */ 23 24 #define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING 25 26 #define LDAPATTR_CACERT (1<<0) 27 #define LDAPATTR_USERCERT (1<<1) 28 #define LDAPATTR_CROSSPAIRCERT (1<<2) 29 #define LDAPATTR_CERTREVLIST (1<<3) 30 #define LDAPATTR_AUTHREVLIST (1<<4) 31 #define MAX_LDAPATTRS 5 32 typedef PKIX_UInt32 LdapAttrMask; 33 34 typedef enum { 35 SIMPLE_AUTH = 0, 36 KRBV42LDAP_AUTH = 1, 37 KRBV42DSA_AUTH = 2 38 } AuthType; 39 40 typedef enum { 41 BASE_OBJECT = 0, 42 SINGLE_LEVEL = 1, 43 WHOLE_SUBTREE = 2 44 } ScopeType; 45 46 typedef enum { 47 NEVER_DEREF = 0, 48 DEREF_IN_SEARCHING = 1, 49 DEREF_FINDING_BASEOBJ = 2, 50 ALWAYS_DEREF = 3 51 } DerefType; 52 53 typedef enum { 54 LDAP_INITIALSUBSTRING_TYPE = 0, 55 LDAP_ANYSUBSTRING_TYPE = 1, 56 LDAP_FINALSUBSTRING_TYPE = 2 57 } LDAPSubstringFilterType; 58 59 typedef enum { 60 LDAP_ANDFILTER_TYPE = 0, 61 LDAP_ORFILTER_TYPE = 1, 62 LDAP_NOTFILTER_TYPE = 2, 63 LDAP_EQUALFILTER_TYPE = 3, 64 LDAP_SUBSTRINGFILTER_TYPE = 4, 65 LDAP_GREATEROREQUALFILTER_TYPE = 5, 66 LDAP_LESSOREQUALFILTER_TYPE = 6, 67 LDAP_PRESENTFILTER_TYPE = 7, 68 LDAP_APPROXMATCHFILTER_TYPE = 8 69 } LDAPFilterType; 70 71 typedef enum { 72 LDAP_BIND_TYPE = 0, 73 LDAP_BINDRESPONSE_TYPE = 1, 74 LDAP_UNBIND_TYPE = 2, 75 LDAP_SEARCH_TYPE = 3, 76 LDAP_SEARCHRESPONSEENTRY_TYPE = 4, 77 LDAP_SEARCHRESPONSERESULT_TYPE = 5, 78 LDAP_ABANDONREQUEST_TYPE = 16 79 } LDAPMessageType; 80 81 typedef enum { 82 SUCCESS = 0, 83 OPERATIONSERROR = 1, 84 PROTOCOLERROR = 2, 85 TIMELIMITEXCEEDED = 3, 86 SIZELIMITEXCEEDED = 4, 87 COMPAREFALSE = 5, 88 COMPARETRUE = 6, 89 AUTHMETHODNOTSUPPORTED = 7, 90 STRONGAUTHREQUIRED = 8, 91 NOSUCHATTRIBUTE = 16, 92 UNDEFINEDATTRIBUTETYPE = 17, 93 INAPPROPRIATEMATCHING = 18, 94 CONSTRAINTVIOLATION = 19, 95 ATTRIBUTEORVALUEEXISTS = 20, 96 INVALIDATTRIBUTESYNTAX = 21, 97 NOSUCHOBJECT = 32, 98 ALIASPROBLEM = 33, 99 INVALIDDNSYNTAX = 34, 100 ISLEAF = 35, 101 ALIASDEREFERENCINGPROBLEM = 36, 102 INAPPROPRIATEAUTHENTICATION = 48, 103 INVALIDCREDENTIALS = 49, 104 INSUFFICIENTACCESSRIGHTS = 50, 105 BUSY = 51, 106 UNAVAILABLE = 52, 107 UNWILLINGTOPERFORM = 53, 108 LOOPDETECT = 54, 109 NAMINGVIOLATION = 64, 110 OBJECTCLASSVIOLATION = 65, 111 NOTALLOWEDONNONLEAF = 66, 112 NOTALLOWEDONRDN = 67, 113 ENTRYALREADYEXISTS = 68, 114 OBJECTCLASSMODSPROHIBITED = 69, 115 OTHER = 80 116 } LDAPResultCode; 117 118 typedef struct LDAPLocationStruct LDAPLocation; 119 typedef struct LDAPCertPairStruct LDAPCertPair; 120 typedef struct LDAPSimpleBindStruct LDAPSimpleBind; 121 typedef struct LDAPBindAPIStruct LDAPBindAPI; 122 typedef struct LDAPBindStruct LDAPBind; 123 typedef struct LDAPResultStruct LDAPBindResponse; 124 typedef struct LDAPResultStruct LDAPResult; 125 typedef struct LDAPSearchResponseAttrStruct LDAPSearchResponseAttr; 126 typedef struct LDAPSearchResponseEntryStruct LDAPSearchResponseEntry; 127 typedef struct LDAPResultStruct LDAPSearchResponseResult; 128 typedef struct LDAPUnbindStruct LDAPUnbind; 129 typedef struct LDAPFilterStruct LDAPFilter; 130 typedef struct LDAPAndFilterStruct LDAPAndFilter; 131 typedef struct LDAPNotFilterStruct LDAPNotFilter; 132 typedef struct LDAPSubstringStruct LDAPSubstring; 133 typedef struct LDAPSubstringFilterStruct LDAPSubstringFilter; 134 typedef struct LDAPPresentFilterStruct LDAPPresentFilter; 135 typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion; 136 typedef struct LDAPNameComponentStruct LDAPNameComponent; 137 typedef struct LDAPRequestParamsStruct LDAPRequestParams; 138 typedef struct LDAPSearchStruct LDAPSearch; 139 typedef struct LDAPAbandonRequestStruct LDAPAbandonRequest; 140 typedef struct protocolOpStruct LDAPProtocolOp; 141 typedef struct LDAPMessageStruct LDAPMessage; 142 typedef LDAPAndFilter LDAPOrFilter; 143 typedef LDAPAttributeValueAssertion LDAPEqualFilter; 144 typedef LDAPAttributeValueAssertion LDAPGreaterOrEqualFilter; 145 typedef LDAPAttributeValueAssertion LDAPLessOrEqualFilter; 146 typedef LDAPAttributeValueAssertion LDAPApproxMatchFilter; 147 148 struct LDAPLocationStruct { 149 PLArenaPool *arena; 150 void *serverSite; 151 void **filterString; 152 void **attrBitString; 153 }; 154 155 struct LDAPCertPairStruct { 156 SECItem forward; 157 SECItem reverse; 158 }; 159 160 struct LDAPSimpleBindStruct { 161 char *bindName; 162 char *authentication; 163 }; 164 165 struct LDAPBindAPIStruct { 166 AuthType selector; 167 union { 168 LDAPSimpleBind simple; 169 } chooser; 170 }; 171 172 struct LDAPBindStruct { 173 SECItem version; 174 SECItem bindName; 175 SECItem authentication; 176 }; 177 178 struct LDAPResultStruct { 179 SECItem resultCode; 180 SECItem matchedDN; 181 SECItem errorMessage; 182 }; 183 184 struct LDAPSearchResponseAttrStruct { 185 SECItem attrType; 186 SECItem **val; 187 }; 188 189 struct LDAPSearchResponseEntryStruct { 190 SECItem objectName; 191 LDAPSearchResponseAttr **attributes; 192 }; 193 194 struct LDAPUnbindStruct { 195 SECItem dummy; 196 }; 197 198 struct LDAPAndFilterStruct { 199 LDAPFilter **filters; 200 }; 201 202 struct LDAPNotFilterStruct { 203 LDAPFilter *filter; 204 }; 205 206 struct LDAPSubstringStruct { 207 LDAPSubstringFilterType selector; 208 SECItem item; 209 }; 210 211 struct LDAPSubstringFilterStruct { 212 SECItem attrType; 213 LDAPSubstring *strings; 214 }; 215 216 struct LDAPPresentFilterStruct { 217 SECItem attrType; 218 }; 219 220 struct LDAPAttributeValueAssertionStruct { 221 SECItem attrType; 222 SECItem attrValue; 223 }; 224 225 struct LDAPFilterStruct { 226 LDAPFilterType selector; 227 union { 228 LDAPAndFilter andFilter; 229 LDAPOrFilter orFilter; 230 LDAPNotFilter notFilter; 231 LDAPEqualFilter equalFilter; 232 LDAPSubstringFilter substringFilter; 233 LDAPGreaterOrEqualFilter greaterOrEqualFilter; 234 LDAPLessOrEqualFilter lessOrEqualFilter; 235 LDAPPresentFilter presentFilter; 236 LDAPApproxMatchFilter approxMatchFilter; 237 } filter; 238 }; 239 240 struct LDAPNameComponentStruct { 241 unsigned char *attrType; 242 unsigned char *attrValue; 243 }; 244 245 struct LDAPRequestParamsStruct { 246 char *baseObject; /* e.g. "c=US" */ 247 ScopeType scope; 248 DerefType derefAliases; 249 PKIX_UInt32 sizeLimit; /* 0 = no limit */ 250 PRIntervalTime timeLimit; /* 0 = no limit */ 251 LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */ 252 LdapAttrMask attributes; 253 }; 254 255 struct LDAPSearchStruct { 256 SECItem baseObject; 257 SECItem scope; 258 SECItem derefAliases; 259 SECItem sizeLimit; 260 SECItem timeLimit; 261 SECItem attrsOnly; 262 LDAPFilter filter; 263 SECItem **attributes; 264 }; 265 266 struct LDAPAbandonRequestStruct { 267 SECItem messageID; 268 }; 269 270 struct protocolOpStruct { 271 LDAPMessageType selector; 272 union { 273 LDAPBind bindMsg; 274 LDAPBindResponse bindResponseMsg; 275 LDAPUnbind unbindMsg; 276 LDAPSearch searchMsg; 277 LDAPSearchResponseEntry searchResponseEntryMsg; 278 LDAPSearchResponseResult searchResponseResultMsg; 279 LDAPAbandonRequest abandonRequestMsg; 280 } op; 281 }; 282 283 struct LDAPMessageStruct { 284 SECItem messageID; 285 LDAPProtocolOp protocolOp; 286 }; 287 288 typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient; 289 290 typedef PKIX_Error * 291 (*PKIX_PL_LdapClient_InitiateFcn)( 292 PKIX_PL_LdapClient *client, 293 LDAPRequestParams *requestParams, 294 void **pNBIO, 295 PKIX_List **pResponse, 296 void *plContext); 297 298 typedef PKIX_Error * 299 (*PKIX_PL_LdapClient_ResumeFcn)( 300 PKIX_PL_LdapClient *client, 301 void **pNBIO, 302 PKIX_List **pResponse, 303 void *plContext); 304 305 struct PKIX_PL_LdapClientStruct { 306 PKIX_PL_LdapClient_InitiateFcn initiateFcn; 307 PKIX_PL_LdapClient_ResumeFcn resumeFcn; 308 }; 309 310 #ifdef __cplusplus 311 } 312 #endif 313 314 #endif 315