xref: /openbsd/usr.bin/ldap/aldap.h (revision f6aab3d8) 
1 /*	$OpenBSD: aldap.h,v 1.4 2019/05/11 17:46:02 rob Exp $ */
2 
3 /*
4  * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org>
5  * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org>
6  *
7  * Permission to use, copy, modify, and distribute this software for any
8  * purpose with or without fee is hereby granted, provided that the above
9  * copyright notice and this permission notice appear in all copies.
10  *
11  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18  */
19 
20 #include <ber.h>
21 #include <stdio.h>
22 #include <tls.h>
23 
24 #define LDAP_URL 		"ldap://"
25 #define LDAPS_URL 		"ldaps://"
26 #define LDAPTLS_URL 		"ldap+tls://"
27 #define LDAPI_URL 		"ldapi://"
28 
29 #define LDAP_PORT 		389
30 #define LDAPS_PORT 		636
31 #define LDAP_PAGED_OID		"1.2.840.113556.1.4.319"
32 #define LDAP_STARTTLS_OID	"1.3.6.1.4.1.1466.20037"
33 
34 struct aldap {
35 #define ALDAP_ERR_SUCCESS		0
36 #define ALDAP_ERR_PARSER_ERROR		1
37 #define ALDAP_ERR_INVALID_FILTER	2
38 #define ALDAP_ERR_OPERATION_FAILED	3
39 #define ALDAP_ERR_TLS_ERROR		4
40 	u_int8_t	err;
41 	int		msgid;
42 	struct ber	ber;
43 
44 	int		fd;
45 	struct tls	*tls;
46 
47 	struct evbuffer *buf;
48 };
49 
50 struct aldap_page_control {
51 	int size;
52 	char *cookie;
53 	unsigned int cookie_len;
54 };
55 
56 struct aldap_message {
57 	int msgid;
58 	int message_type;
59 
60 	struct ber_element	*msg;
61 
62 	struct ber_element	*header;
63 	struct ber_element	*protocol_op;
64 
65 	struct ber_element	*dn;
66 
67 	union {
68 		struct {
69 			long long		 rescode;
70 			struct ber_element	*diagmsg;
71 		}			 res;
72 		struct {
73 			struct ber_element	*iter;
74 			struct ber_element	*attrs;
75 		}			 search;
76 	} body;
77 	struct ber_element	*references;
78 	struct aldap_page_control *page;
79 };
80 
81 enum aldap_protocol {
82 	LDAP,
83 	LDAPS,
84 	LDAPTLS,
85 	LDAPI
86 };
87 
88 struct aldap_stringset {
89 	size_t			 len;
90 	struct ber_octetstring	*str;
91 };
92 
93 struct aldap_url {
94 	int		 protocol;
95 	char		*host;
96 	in_port_t	 port;
97 	char		*dn;
98 #define MAXATTR 1024
99 	char		*attributes[MAXATTR];
100 	int		 scope;
101 	char		*filter;
102 	char		*buffer;
103 };
104 
105 enum protocol_op {
106 	LDAP_REQ_BIND		= 0,
107 	LDAP_RES_BIND		= 1,
108 	LDAP_REQ_UNBIND_30	= 2,
109 	LDAP_REQ_SEARCH		= 3,
110 	LDAP_RES_SEARCH_ENTRY	= 4,
111 	LDAP_RES_SEARCH_RESULT	= 5,
112 	LDAP_REQ_MODIFY		= 6,
113 	LDAP_RES_MODIFY		= 7,
114 	LDAP_REQ_ADD		= 8,
115 	LDAP_RES_ADD		= 9,
116 	LDAP_REQ_DELETE_30	= 10,
117 	LDAP_RES_DELETE		= 11,
118 	LDAP_REQ_MODRDN		= 12,
119 	LDAP_RES_MODRDN		= 13,
120 	LDAP_REQ_COMPARE	= 14,
121 	LDAP_RES_COMPARE	= 15,
122 	LDAP_REQ_ABANDON_30	= 16,
123 
124 	LDAP_RES_SEARCH_REFERENCE = 19,
125 
126 	LDAP_REQ_EXTENDED	= 23,
127 	LDAP_RES_EXTENDED	= 24
128 };
129 
130 enum deref_aliases {
131 	LDAP_DEREF_NEVER	= 0,
132 	LDAP_DEREF_SEARCHING	= 1,
133 	LDAP_DEREF_FINDING	= 2,
134 	LDAP_DEREF_ALWAYS	= 3,
135 };
136 
137 enum authentication_choice {
138 	LDAP_AUTH_SIMPLE	= 0,
139 };
140 
141 enum scope {
142 	LDAP_SCOPE_BASE		= 0,
143 	LDAP_SCOPE_ONELEVEL	= 1,
144 	LDAP_SCOPE_SUBTREE	= 2,
145 };
146 
147 enum result_code {
148 	LDAP_SUCCESS				= 0,
149 	LDAP_OPERATIONS_ERROR			= 1,
150 	LDAP_PROTOCOL_ERROR			= 2,
151 	LDAP_TIMELIMIT_EXCEEDED			= 3,
152 	LDAP_SIZELIMIT_EXCEEDED			= 4,
153 	LDAP_COMPARE_FALSE			= 5,
154 	LDAP_COMPARE_TRUE			= 6,
155 	LDAP_STRONG_AUTH_NOT_SUPPORTED		= 7,
156 	LDAP_STRONG_AUTH_REQUIRED		= 8,
157 
158 	LDAP_REFERRAL				= 10,
159 	LDAP_ADMINLIMIT_EXCEEDED		= 11,
160 	LDAP_UNAVAILABLE_CRITICAL_EXTENSION	= 12,
161 	LDAP_CONFIDENTIALITY_REQUIRED		= 13,
162 	LDAP_SASL_BIND_IN_PROGRESS		= 14,
163 	LDAP_NO_SUCH_ATTRIBUTE			= 16,
164 	LDAP_UNDEFINED_TYPE			= 17,
165 	LDAP_INAPPROPRIATE_MATCHING		= 18,
166 	LDAP_CONSTRAINT_VIOLATION		= 19,
167 	LDAP_TYPE_OR_VALUE_EXISTS		= 20,
168 	LDAP_INVALID_SYNTAX			= 21,
169 
170 	LDAP_NO_SUCH_OBJECT			= 32,
171 	LDAP_ALIAS_PROBLEM			= 33,
172 	LDAP_INVALID_DN_SYNTAX			= 34,
173 
174 	LDAP_ALIAS_DEREF_PROBLEM		= 36,
175 
176 	LDAP_INAPPROPRIATE_AUTH			= 48,
177 	LDAP_INVALID_CREDENTIALS		= 49,
178 	LDAP_INSUFFICIENT_ACCESS		= 50,
179 	LDAP_BUSY				= 51,
180 	LDAP_UNAVAILABLE			= 52,
181 	LDAP_UNWILLING_TO_PERFORM		= 53,
182 	LDAP_LOOP_DETECT			= 54,
183 
184 	LDAP_NAMING_VIOLATION			= 64,
185 	LDAP_OBJECT_CLASS_VIOLATION		= 65,
186 	LDAP_NOT_ALLOWED_ON_NONLEAF		= 66,
187 	LDAP_NOT_ALLOWED_ON_RDN			= 67,
188 	LDAP_ALREADY_EXISTS			= 68,
189 	LDAP_NO_OBJECT_CLASS_MODS		= 69,
190 
191 	LDAP_AFFECTS_MULTIPLE_DSAS		= 71,
192 
193 	LDAP_OTHER				= 80,
194 };
195 
196 enum filter {
197 	LDAP_FILT_AND		= 0,
198 	LDAP_FILT_OR		= 1,
199 	LDAP_FILT_NOT		= 2,
200 	LDAP_FILT_EQ		= 3,
201 	LDAP_FILT_SUBS		= 4,
202 	LDAP_FILT_GE		= 5,
203 	LDAP_FILT_LE		= 6,
204 	LDAP_FILT_PRES		= 7,
205 	LDAP_FILT_APPR		= 8,
206 };
207 
208 enum subfilter {
209 	LDAP_FILT_SUBS_INIT	= 0,
210 	LDAP_FILT_SUBS_ANY	= 1,
211 	LDAP_FILT_SUBS_FIN	= 2,
212 };
213 
214 struct aldap		*aldap_init(int);
215 int			 aldap_tls(struct aldap *, struct tls_config *,
216 			    const char *);
217 int			 aldap_close(struct aldap *);
218 struct aldap_message	*aldap_parse(struct aldap *);
219 void			 aldap_freemsg(struct aldap_message *);
220 
221 int	 		 aldap_req_starttls(struct aldap *);
222 
223 int	 aldap_bind(struct aldap *, char *, char *);
224 int	 aldap_unbind(struct aldap *);
225 int	 aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *);
226 int	 aldap_get_errno(struct aldap *, const char **);
227 
228 int	 aldap_get_resultcode(struct aldap_message *);
229 char	*aldap_get_dn(struct aldap_message *);
230 char	*aldap_get_diagmsg(struct aldap_message *);
231 struct aldap_stringset	*aldap_get_references(struct aldap_message *);
232 void	 aldap_free_references(char **values);
233 int	 aldap_parse_url(const char *, struct aldap_url *);
234 void	 aldap_free_url(struct aldap_url *);
235 int	 aldap_search_url(struct aldap *, char *, int, int, int,
236 	    struct aldap_page_control *);
237 
238 int	 aldap_count_attrs(struct aldap_message *);
239 int	 aldap_match_attr(struct aldap_message *, char *,
240 	    struct aldap_stringset **);
241 int	 aldap_first_attr(struct aldap_message *, char **, struct
242 	    aldap_stringset **);
243 int	 aldap_next_attr(struct aldap_message *, char **,
244 	    struct aldap_stringset **);
245 int	 aldap_free_attr(struct aldap_stringset *);
246 
247 struct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len);
248 void	 aldap_freepage(struct aldap_page_control *);
249