|
Packit |
40b132 |
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
Packit |
40b132 |
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
Packit |
40b132 |
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifndef _LDAP_H_
|
|
Packit |
40b132 |
#define _LDAP_H_
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#include "certt.h"
|
|
Packit |
40b132 |
#include "pkixt.h"
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifdef __cplusplus
|
|
Packit |
40b132 |
extern "C" {
|
|
Packit |
40b132 |
#endif
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[];
|
|
Packit |
40b132 |
SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate)
|
|
Packit |
40b132 |
extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[];
|
|
Packit |
40b132 |
SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate)
|
|
Packit |
40b132 |
extern const SEC_ASN1Template LDAPFilterTemplate[];
|
|
Packit |
40b132 |
SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate)
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
/* ********************************************************************** */
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#define LDAPATTR_CACERT (1<<0)
|
|
Packit |
40b132 |
#define LDAPATTR_USERCERT (1<<1)
|
|
Packit |
40b132 |
#define LDAPATTR_CROSSPAIRCERT (1<<2)
|
|
Packit |
40b132 |
#define LDAPATTR_CERTREVLIST (1<<3)
|
|
Packit |
40b132 |
#define LDAPATTR_AUTHREVLIST (1<<4)
|
|
Packit |
40b132 |
#define MAX_LDAPATTRS 5
|
|
Packit |
40b132 |
typedef PKIX_UInt32 LdapAttrMask;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
SIMPLE_AUTH = 0,
|
|
Packit |
40b132 |
KRBV42LDAP_AUTH = 1,
|
|
Packit |
40b132 |
KRBV42DSA_AUTH = 2
|
|
Packit |
40b132 |
} AuthType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
BASE_OBJECT = 0,
|
|
Packit |
40b132 |
SINGLE_LEVEL = 1,
|
|
Packit |
40b132 |
WHOLE_SUBTREE = 2
|
|
Packit |
40b132 |
} ScopeType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
NEVER_DEREF = 0,
|
|
Packit |
40b132 |
DEREF_IN_SEARCHING = 1,
|
|
Packit |
40b132 |
DEREF_FINDING_BASEOBJ = 2,
|
|
Packit |
40b132 |
ALWAYS_DEREF = 3
|
|
Packit |
40b132 |
} DerefType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
LDAP_INITIALSUBSTRING_TYPE = 0,
|
|
Packit |
40b132 |
LDAP_ANYSUBSTRING_TYPE = 1,
|
|
Packit |
40b132 |
LDAP_FINALSUBSTRING_TYPE = 2
|
|
Packit |
40b132 |
} LDAPSubstringFilterType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
LDAP_ANDFILTER_TYPE = 0,
|
|
Packit |
40b132 |
LDAP_ORFILTER_TYPE = 1,
|
|
Packit |
40b132 |
LDAP_NOTFILTER_TYPE = 2,
|
|
Packit |
40b132 |
LDAP_EQUALFILTER_TYPE = 3,
|
|
Packit |
40b132 |
LDAP_SUBSTRINGFILTER_TYPE = 4,
|
|
Packit |
40b132 |
LDAP_GREATEROREQUALFILTER_TYPE = 5,
|
|
Packit |
40b132 |
LDAP_LESSOREQUALFILTER_TYPE = 6,
|
|
Packit |
40b132 |
LDAP_PRESENTFILTER_TYPE = 7,
|
|
Packit |
40b132 |
LDAP_APPROXMATCHFILTER_TYPE = 8
|
|
Packit |
40b132 |
} LDAPFilterType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
LDAP_BIND_TYPE = 0,
|
|
Packit |
40b132 |
LDAP_BINDRESPONSE_TYPE = 1,
|
|
Packit |
40b132 |
LDAP_UNBIND_TYPE = 2,
|
|
Packit |
40b132 |
LDAP_SEARCH_TYPE = 3,
|
|
Packit |
40b132 |
LDAP_SEARCHRESPONSEENTRY_TYPE = 4,
|
|
Packit |
40b132 |
LDAP_SEARCHRESPONSERESULT_TYPE = 5,
|
|
Packit |
40b132 |
LDAP_ABANDONREQUEST_TYPE = 16
|
|
Packit |
40b132 |
} LDAPMessageType;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef enum {
|
|
Packit |
40b132 |
SUCCESS = 0,
|
|
Packit |
40b132 |
OPERATIONSERROR = 1,
|
|
Packit |
40b132 |
PROTOCOLERROR = 2,
|
|
Packit |
40b132 |
TIMELIMITEXCEEDED = 3,
|
|
Packit |
40b132 |
SIZELIMITEXCEEDED = 4,
|
|
Packit |
40b132 |
COMPAREFALSE = 5,
|
|
Packit |
40b132 |
COMPARETRUE = 6,
|
|
Packit |
40b132 |
AUTHMETHODNOTSUPPORTED = 7,
|
|
Packit |
40b132 |
STRONGAUTHREQUIRED = 8,
|
|
Packit |
40b132 |
NOSUCHATTRIBUTE = 16,
|
|
Packit |
40b132 |
UNDEFINEDATTRIBUTETYPE = 17,
|
|
Packit |
40b132 |
INAPPROPRIATEMATCHING = 18,
|
|
Packit |
40b132 |
CONSTRAINTVIOLATION = 19,
|
|
Packit |
40b132 |
ATTRIBUTEORVALUEEXISTS = 20,
|
|
Packit |
40b132 |
INVALIDATTRIBUTESYNTAX = 21,
|
|
Packit |
40b132 |
NOSUCHOBJECT = 32,
|
|
Packit |
40b132 |
ALIASPROBLEM = 33,
|
|
Packit |
40b132 |
INVALIDDNSYNTAX = 34,
|
|
Packit |
40b132 |
ISLEAF = 35,
|
|
Packit |
40b132 |
ALIASDEREFERENCINGPROBLEM = 36,
|
|
Packit |
40b132 |
INAPPROPRIATEAUTHENTICATION = 48,
|
|
Packit |
40b132 |
INVALIDCREDENTIALS = 49,
|
|
Packit |
40b132 |
INSUFFICIENTACCESSRIGHTS = 50,
|
|
Packit |
40b132 |
BUSY = 51,
|
|
Packit |
40b132 |
UNAVAILABLE = 52,
|
|
Packit |
40b132 |
UNWILLINGTOPERFORM = 53,
|
|
Packit |
40b132 |
LOOPDETECT = 54,
|
|
Packit |
40b132 |
NAMINGVIOLATION = 64,
|
|
Packit |
40b132 |
OBJECTCLASSVIOLATION = 65,
|
|
Packit |
40b132 |
NOTALLOWEDONNONLEAF = 66,
|
|
Packit |
40b132 |
NOTALLOWEDONRDN = 67,
|
|
Packit |
40b132 |
ENTRYALREADYEXISTS = 68,
|
|
Packit |
40b132 |
OBJECTCLASSMODSPROHIBITED = 69,
|
|
Packit |
40b132 |
OTHER = 80
|
|
Packit |
40b132 |
} LDAPResultCode;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct LDAPLocationStruct LDAPLocation;
|
|
Packit |
40b132 |
typedef struct LDAPCertPairStruct LDAPCertPair;
|
|
Packit |
40b132 |
typedef struct LDAPSimpleBindStruct LDAPSimpleBind;
|
|
Packit |
40b132 |
typedef struct LDAPBindAPIStruct LDAPBindAPI;
|
|
Packit |
40b132 |
typedef struct LDAPBindStruct LDAPBind;
|
|
Packit |
40b132 |
typedef struct LDAPResultStruct LDAPBindResponse;
|
|
Packit |
40b132 |
typedef struct LDAPResultStruct LDAPResult;
|
|
Packit |
40b132 |
typedef struct LDAPSearchResponseAttrStruct LDAPSearchResponseAttr;
|
|
Packit |
40b132 |
typedef struct LDAPSearchResponseEntryStruct LDAPSearchResponseEntry;
|
|
Packit |
40b132 |
typedef struct LDAPResultStruct LDAPSearchResponseResult;
|
|
Packit |
40b132 |
typedef struct LDAPUnbindStruct LDAPUnbind;
|
|
Packit |
40b132 |
typedef struct LDAPFilterStruct LDAPFilter;
|
|
Packit |
40b132 |
typedef struct LDAPAndFilterStruct LDAPAndFilter;
|
|
Packit |
40b132 |
typedef struct LDAPNotFilterStruct LDAPNotFilter;
|
|
Packit |
40b132 |
typedef struct LDAPSubstringStruct LDAPSubstring;
|
|
Packit |
40b132 |
typedef struct LDAPSubstringFilterStruct LDAPSubstringFilter;
|
|
Packit |
40b132 |
typedef struct LDAPPresentFilterStruct LDAPPresentFilter;
|
|
Packit |
40b132 |
typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion;
|
|
Packit |
40b132 |
typedef struct LDAPNameComponentStruct LDAPNameComponent;
|
|
Packit |
40b132 |
typedef struct LDAPRequestParamsStruct LDAPRequestParams;
|
|
Packit |
40b132 |
typedef struct LDAPSearchStruct LDAPSearch;
|
|
Packit |
40b132 |
typedef struct LDAPAbandonRequestStruct LDAPAbandonRequest;
|
|
Packit |
40b132 |
typedef struct protocolOpStruct LDAPProtocolOp;
|
|
Packit |
40b132 |
typedef struct LDAPMessageStruct LDAPMessage;
|
|
Packit |
40b132 |
typedef LDAPAndFilter LDAPOrFilter;
|
|
Packit |
40b132 |
typedef LDAPAttributeValueAssertion LDAPEqualFilter;
|
|
Packit |
40b132 |
typedef LDAPAttributeValueAssertion LDAPGreaterOrEqualFilter;
|
|
Packit |
40b132 |
typedef LDAPAttributeValueAssertion LDAPLessOrEqualFilter;
|
|
Packit |
40b132 |
typedef LDAPAttributeValueAssertion LDAPApproxMatchFilter;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPLocationStruct {
|
|
Packit |
40b132 |
PLArenaPool *arena;
|
|
Packit |
40b132 |
void *serverSite;
|
|
Packit |
40b132 |
void **filterString;
|
|
Packit |
40b132 |
void **attrBitString;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPCertPairStruct {
|
|
Packit |
40b132 |
SECItem forward;
|
|
Packit |
40b132 |
SECItem reverse;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSimpleBindStruct {
|
|
Packit |
40b132 |
char *bindName;
|
|
Packit |
40b132 |
char *authentication;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPBindAPIStruct {
|
|
Packit |
40b132 |
AuthType selector;
|
|
Packit |
40b132 |
union {
|
|
Packit |
40b132 |
LDAPSimpleBind simple;
|
|
Packit |
40b132 |
} chooser;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPBindStruct {
|
|
Packit |
40b132 |
SECItem version;
|
|
Packit |
40b132 |
SECItem bindName;
|
|
Packit |
40b132 |
SECItem authentication;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPResultStruct {
|
|
Packit |
40b132 |
SECItem resultCode;
|
|
Packit |
40b132 |
SECItem matchedDN;
|
|
Packit |
40b132 |
SECItem errorMessage;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSearchResponseAttrStruct {
|
|
Packit |
40b132 |
SECItem attrType;
|
|
Packit |
40b132 |
SECItem **val;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSearchResponseEntryStruct {
|
|
Packit |
40b132 |
SECItem objectName;
|
|
Packit |
40b132 |
LDAPSearchResponseAttr **attributes;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPUnbindStruct {
|
|
Packit |
40b132 |
SECItem dummy;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPAndFilterStruct {
|
|
Packit |
40b132 |
LDAPFilter **filters;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPNotFilterStruct {
|
|
Packit |
40b132 |
LDAPFilter *filter;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSubstringStruct {
|
|
Packit |
40b132 |
LDAPSubstringFilterType selector;
|
|
Packit |
40b132 |
SECItem item;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSubstringFilterStruct {
|
|
Packit |
40b132 |
SECItem attrType;
|
|
Packit |
40b132 |
LDAPSubstring *strings;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPPresentFilterStruct {
|
|
Packit |
40b132 |
SECItem attrType;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPAttributeValueAssertionStruct {
|
|
Packit |
40b132 |
SECItem attrType;
|
|
Packit |
40b132 |
SECItem attrValue;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPFilterStruct {
|
|
Packit |
40b132 |
LDAPFilterType selector;
|
|
Packit |
40b132 |
union {
|
|
Packit |
40b132 |
LDAPAndFilter andFilter;
|
|
Packit |
40b132 |
LDAPOrFilter orFilter;
|
|
Packit |
40b132 |
LDAPNotFilter notFilter;
|
|
Packit |
40b132 |
LDAPEqualFilter equalFilter;
|
|
Packit |
40b132 |
LDAPSubstringFilter substringFilter;
|
|
Packit |
40b132 |
LDAPGreaterOrEqualFilter greaterOrEqualFilter;
|
|
Packit |
40b132 |
LDAPLessOrEqualFilter lessOrEqualFilter;
|
|
Packit |
40b132 |
LDAPPresentFilter presentFilter;
|
|
Packit |
40b132 |
LDAPApproxMatchFilter approxMatchFilter;
|
|
Packit |
40b132 |
} filter;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPNameComponentStruct {
|
|
Packit |
40b132 |
unsigned char *attrType;
|
|
Packit |
40b132 |
unsigned char *attrValue;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPRequestParamsStruct {
|
|
Packit |
40b132 |
char *baseObject; /* e.g. "c=US" */
|
|
Packit |
40b132 |
ScopeType scope;
|
|
Packit |
40b132 |
DerefType derefAliases;
|
|
Packit |
40b132 |
PKIX_UInt32 sizeLimit; /* 0 = no limit */
|
|
Packit |
40b132 |
PRIntervalTime timeLimit; /* 0 = no limit */
|
|
Packit |
40b132 |
LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */
|
|
Packit |
40b132 |
LdapAttrMask attributes;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPSearchStruct {
|
|
Packit |
40b132 |
SECItem baseObject;
|
|
Packit |
40b132 |
SECItem scope;
|
|
Packit |
40b132 |
SECItem derefAliases;
|
|
Packit |
40b132 |
SECItem sizeLimit;
|
|
Packit |
40b132 |
SECItem timeLimit;
|
|
Packit |
40b132 |
SECItem attrsOnly;
|
|
Packit |
40b132 |
LDAPFilter filter;
|
|
Packit |
40b132 |
SECItem **attributes;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPAbandonRequestStruct {
|
|
Packit |
40b132 |
SECItem messageID;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct protocolOpStruct {
|
|
Packit |
40b132 |
LDAPMessageType selector;
|
|
Packit |
40b132 |
union {
|
|
Packit |
40b132 |
LDAPBind bindMsg;
|
|
Packit |
40b132 |
LDAPBindResponse bindResponseMsg;
|
|
Packit |
40b132 |
LDAPUnbind unbindMsg;
|
|
Packit |
40b132 |
LDAPSearch searchMsg;
|
|
Packit |
40b132 |
LDAPSearchResponseEntry searchResponseEntryMsg;
|
|
Packit |
40b132 |
LDAPSearchResponseResult searchResponseResultMsg;
|
|
Packit |
40b132 |
LDAPAbandonRequest abandonRequestMsg;
|
|
Packit |
40b132 |
} op;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct LDAPMessageStruct {
|
|
Packit |
40b132 |
SECItem messageID;
|
|
Packit |
40b132 |
LDAPProtocolOp protocolOp;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient;
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef PKIX_Error *
|
|
Packit |
40b132 |
(*PKIX_PL_LdapClient_InitiateFcn)(
|
|
Packit |
40b132 |
PKIX_PL_LdapClient *client,
|
|
Packit |
40b132 |
LDAPRequestParams *requestParams,
|
|
Packit |
40b132 |
void **pNBIO,
|
|
Packit |
40b132 |
PKIX_List **pResponse,
|
|
Packit |
40b132 |
void *plContext);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
typedef PKIX_Error *
|
|
Packit |
40b132 |
(*PKIX_PL_LdapClient_ResumeFcn)(
|
|
Packit |
40b132 |
PKIX_PL_LdapClient *client,
|
|
Packit |
40b132 |
void **pNBIO,
|
|
Packit |
40b132 |
PKIX_List **pResponse,
|
|
Packit |
40b132 |
void *plContext);
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
struct PKIX_PL_LdapClientStruct {
|
|
Packit |
40b132 |
PKIX_PL_LdapClient_InitiateFcn initiateFcn;
|
|
Packit |
40b132 |
PKIX_PL_LdapClient_ResumeFcn resumeFcn;
|
|
Packit |
40b132 |
};
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#ifdef __cplusplus
|
|
Packit |
40b132 |
}
|
|
Packit |
40b132 |
#endif
|
|
Packit |
40b132 |
|
|
Packit |
40b132 |
#endif
|