/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _LDAP_H_
#define _LDAP_H_
#include "certt.h"
#include "pkixt.h"
#ifdef __cplusplus
extern "C" {
#endif
extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[];
SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate)
extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[];
SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate)
extern const SEC_ASN1Template LDAPFilterTemplate[];
SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate)
/* ********************************************************************** */
#define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING
#define LDAPATTR_CACERT (1<<0)
#define LDAPATTR_USERCERT (1<<1)
#define LDAPATTR_CROSSPAIRCERT (1<<2)
#define LDAPATTR_CERTREVLIST (1<<3)
#define LDAPATTR_AUTHREVLIST (1<<4)
#define MAX_LDAPATTRS 5
typedef PKIX_UInt32 LdapAttrMask;
typedef enum {
SIMPLE_AUTH = 0,
KRBV42LDAP_AUTH = 1,
KRBV42DSA_AUTH = 2
} AuthType;
typedef enum {
BASE_OBJECT = 0,
SINGLE_LEVEL = 1,
WHOLE_SUBTREE = 2
} ScopeType;
typedef enum {
NEVER_DEREF = 0,
DEREF_IN_SEARCHING = 1,
DEREF_FINDING_BASEOBJ = 2,
ALWAYS_DEREF = 3
} DerefType;
typedef enum {
LDAP_INITIALSUBSTRING_TYPE = 0,
LDAP_ANYSUBSTRING_TYPE = 1,
LDAP_FINALSUBSTRING_TYPE = 2
} LDAPSubstringFilterType;
typedef enum {
LDAP_ANDFILTER_TYPE = 0,
LDAP_ORFILTER_TYPE = 1,
LDAP_NOTFILTER_TYPE = 2,
LDAP_EQUALFILTER_TYPE = 3,
LDAP_SUBSTRINGFILTER_TYPE = 4,
LDAP_GREATEROREQUALFILTER_TYPE = 5,
LDAP_LESSOREQUALFILTER_TYPE = 6,
LDAP_PRESENTFILTER_TYPE = 7,
LDAP_APPROXMATCHFILTER_TYPE = 8
} LDAPFilterType;
typedef enum {
LDAP_BIND_TYPE = 0,
LDAP_BINDRESPONSE_TYPE = 1,
LDAP_UNBIND_TYPE = 2,
LDAP_SEARCH_TYPE = 3,
LDAP_SEARCHRESPONSEENTRY_TYPE = 4,
LDAP_SEARCHRESPONSERESULT_TYPE = 5,
LDAP_ABANDONREQUEST_TYPE = 16
} LDAPMessageType;
typedef enum {
SUCCESS = 0,
OPERATIONSERROR = 1,
PROTOCOLERROR = 2,
TIMELIMITEXCEEDED = 3,
SIZELIMITEXCEEDED = 4,
COMPAREFALSE = 5,
COMPARETRUE = 6,
AUTHMETHODNOTSUPPORTED = 7,
STRONGAUTHREQUIRED = 8,
NOSUCHATTRIBUTE = 16,
UNDEFINEDATTRIBUTETYPE = 17,
INAPPROPRIATEMATCHING = 18,
CONSTRAINTVIOLATION = 19,
ATTRIBUTEORVALUEEXISTS = 20,
INVALIDATTRIBUTESYNTAX = 21,
NOSUCHOBJECT = 32,
ALIASPROBLEM = 33,
INVALIDDNSYNTAX = 34,
ISLEAF = 35,
ALIASDEREFERENCINGPROBLEM = 36,
INAPPROPRIATEAUTHENTICATION = 48,
INVALIDCREDENTIALS = 49,
INSUFFICIENTACCESSRIGHTS = 50,
BUSY = 51,
UNAVAILABLE = 52,
UNWILLINGTOPERFORM = 53,
LOOPDETECT = 54,
NAMINGVIOLATION = 64,
OBJECTCLASSVIOLATION = 65,
NOTALLOWEDONNONLEAF = 66,
NOTALLOWEDONRDN = 67,
ENTRYALREADYEXISTS = 68,
OBJECTCLASSMODSPROHIBITED = 69,
OTHER = 80
} LDAPResultCode;
typedef struct LDAPLocationStruct LDAPLocation;
typedef struct LDAPCertPairStruct LDAPCertPair;
typedef struct LDAPSimpleBindStruct LDAPSimpleBind;
typedef struct LDAPBindAPIStruct LDAPBindAPI;
typedef struct LDAPBindStruct LDAPBind;
typedef struct LDAPResultStruct LDAPBindResponse;
typedef struct LDAPResultStruct LDAPResult;
typedef struct LDAPSearchResponseAttrStruct LDAPSearchResponseAttr;
typedef struct LDAPSearchResponseEntryStruct LDAPSearchResponseEntry;
typedef struct LDAPResultStruct LDAPSearchResponseResult;
typedef struct LDAPUnbindStruct LDAPUnbind;
typedef struct LDAPFilterStruct LDAPFilter;
typedef struct LDAPAndFilterStruct LDAPAndFilter;
typedef struct LDAPNotFilterStruct LDAPNotFilter;
typedef struct LDAPSubstringStruct LDAPSubstring;
typedef struct LDAPSubstringFilterStruct LDAPSubstringFilter;
typedef struct LDAPPresentFilterStruct LDAPPresentFilter;
typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion;
typedef struct LDAPNameComponentStruct LDAPNameComponent;
typedef struct LDAPRequestParamsStruct LDAPRequestParams;
typedef struct LDAPSearchStruct LDAPSearch;
typedef struct LDAPAbandonRequestStruct LDAPAbandonRequest;
typedef struct protocolOpStruct LDAPProtocolOp;
typedef struct LDAPMessageStruct LDAPMessage;
typedef LDAPAndFilter LDAPOrFilter;
typedef LDAPAttributeValueAssertion LDAPEqualFilter;
typedef LDAPAttributeValueAssertion LDAPGreaterOrEqualFilter;
typedef LDAPAttributeValueAssertion LDAPLessOrEqualFilter;
typedef LDAPAttributeValueAssertion LDAPApproxMatchFilter;
struct LDAPLocationStruct {
PLArenaPool *arena;
void *serverSite;
void **filterString;
void **attrBitString;
};
struct LDAPCertPairStruct {
SECItem forward;
SECItem reverse;
};
struct LDAPSimpleBindStruct {
char *bindName;
char *authentication;
};
struct LDAPBindAPIStruct {
AuthType selector;
union {
LDAPSimpleBind simple;
} chooser;
};
struct LDAPBindStruct {
SECItem version;
SECItem bindName;
SECItem authentication;
};
struct LDAPResultStruct {
SECItem resultCode;
SECItem matchedDN;
SECItem errorMessage;
};
struct LDAPSearchResponseAttrStruct {
SECItem attrType;
SECItem **val;
};
struct LDAPSearchResponseEntryStruct {
SECItem objectName;
LDAPSearchResponseAttr **attributes;
};
struct LDAPUnbindStruct {
SECItem dummy;
};
struct LDAPAndFilterStruct {
LDAPFilter **filters;
};
struct LDAPNotFilterStruct {
LDAPFilter *filter;
};
struct LDAPSubstringStruct {
LDAPSubstringFilterType selector;
SECItem item;
};
struct LDAPSubstringFilterStruct {
SECItem attrType;
LDAPSubstring *strings;
};
struct LDAPPresentFilterStruct {
SECItem attrType;
};
struct LDAPAttributeValueAssertionStruct {
SECItem attrType;
SECItem attrValue;
};
struct LDAPFilterStruct {
LDAPFilterType selector;
union {
LDAPAndFilter andFilter;
LDAPOrFilter orFilter;
LDAPNotFilter notFilter;
LDAPEqualFilter equalFilter;
LDAPSubstringFilter substringFilter;
LDAPGreaterOrEqualFilter greaterOrEqualFilter;
LDAPLessOrEqualFilter lessOrEqualFilter;
LDAPPresentFilter presentFilter;
LDAPApproxMatchFilter approxMatchFilter;
} filter;
};
struct LDAPNameComponentStruct {
unsigned char *attrType;
unsigned char *attrValue;
};
struct LDAPRequestParamsStruct {
char *baseObject; /* e.g. "c=US" */
ScopeType scope;
DerefType derefAliases;
PKIX_UInt32 sizeLimit; /* 0 = no limit */
PRIntervalTime timeLimit; /* 0 = no limit */
LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */
LdapAttrMask attributes;
};
struct LDAPSearchStruct {
SECItem baseObject;
SECItem scope;
SECItem derefAliases;
SECItem sizeLimit;
SECItem timeLimit;
SECItem attrsOnly;
LDAPFilter filter;
SECItem **attributes;
};
struct LDAPAbandonRequestStruct {
SECItem messageID;
};
struct protocolOpStruct {
LDAPMessageType selector;
union {
LDAPBind bindMsg;
LDAPBindResponse bindResponseMsg;
LDAPUnbind unbindMsg;
LDAPSearch searchMsg;
LDAPSearchResponseEntry searchResponseEntryMsg;
LDAPSearchResponseResult searchResponseResultMsg;
LDAPAbandonRequest abandonRequestMsg;
} op;
};
struct LDAPMessageStruct {
SECItem messageID;
LDAPProtocolOp protocolOp;
};
typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient;
typedef PKIX_Error *
(*PKIX_PL_LdapClient_InitiateFcn)(
PKIX_PL_LdapClient *client,
LDAPRequestParams *requestParams,
void **pNBIO,
PKIX_List **pResponse,
void *plContext);
typedef PKIX_Error *
(*PKIX_PL_LdapClient_ResumeFcn)(
PKIX_PL_LdapClient *client,
void **pNBIO,
PKIX_List **pResponse,
void *plContext);
struct PKIX_PL_LdapClientStruct {
PKIX_PL_LdapClient_InitiateFcn initiateFcn;
PKIX_PL_LdapClient_ResumeFcn resumeFcn;
};
#ifdef __cplusplus
}
#endif
#endif