Annotation of src/usr.bin/ldap/aldap.h, Revision 1.2
1.2 ! martijn 1: /* $Id: aldap.h,v 1.1.1.1 2018/06/13 15:45:57 reyk Exp $ */
! 2: /* $OpenBSD: aldap.h,v 1.1.1.1 2018/06/13 15:45:57 reyk Exp $ */
1.1 reyk 3:
4: /*
5: * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org>
6: * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org>
7: *
8: * Permission to use, copy, modify, and distribute this software for any
9: * purpose with or without fee is hereby granted, provided that the above
10: * copyright notice and this permission notice appear in all copies.
11: *
12: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
13: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
14: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
15: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
16: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
17: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
18: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19: */
20:
21: #include <stdio.h>
22:
23: #include <tls.h>
24:
25: #include "ber.h"
26:
27: #define LDAP_URL "ldap://"
28: #define LDAPS_URL "ldaps://"
29: #define LDAPTLS_URL "ldap+tls://"
30: #define LDAPI_URL "ldapi://"
31:
32: #define LDAP_PORT 389
33: #define LDAPS_PORT 636
34: #define LDAP_PAGED_OID "1.2.840.113556.1.4.319"
35: #define LDAP_STARTTLS_OID "1.3.6.1.4.1.1466.20037"
36:
37: struct aldap {
38: #define ALDAP_ERR_SUCCESS 0
39: #define ALDAP_ERR_PARSER_ERROR 1
40: #define ALDAP_ERR_INVALID_FILTER 2
41: #define ALDAP_ERR_OPERATION_FAILED 3
42: #define ALDAP_ERR_TLS_ERROR 4
43: u_int8_t err;
44: int msgid;
45: struct ber ber;
46:
47: int fd;
48: struct tls *tls;
49:
50: struct evbuffer *buf;
51: };
52:
53: struct aldap_page_control {
54: int size;
55: char *cookie;
56: unsigned int cookie_len;
57: };
58:
59: struct aldap_message {
60: int msgid;
61: int message_type;
62:
63: struct ber_element *msg;
64:
65: struct ber_element *header;
66: struct ber_element *protocol_op;
67:
68: struct ber_element *dn;
69:
70: union {
71: struct {
72: long long rescode;
73: struct ber_element *diagmsg;
74: } res;
75: struct {
76: struct ber_element *iter;
77: struct ber_element *attrs;
78: } search;
79: } body;
80: struct ber_element *references;
81: struct aldap_page_control *page;
82: };
83:
84: enum aldap_protocol {
85: LDAP,
86: LDAPS,
87: LDAPTLS,
88: LDAPI
89: };
90:
1.2 ! martijn 91: struct aldap_stringset {
! 92: size_t len;
! 93: struct ber_octetstring *str;
! 94: };
! 95:
1.1 reyk 96: struct aldap_url {
97: int protocol;
98: char *host;
99: in_port_t port;
100: char *dn;
101: #define MAXATTR 1024
102: char *attributes[MAXATTR];
103: int scope;
104: char *filter;
105: char *buffer;
106: };
107:
108: enum protocol_op {
109: LDAP_REQ_BIND = 0,
110: LDAP_RES_BIND = 1,
111: LDAP_REQ_UNBIND_30 = 2,
112: LDAP_REQ_SEARCH = 3,
113: LDAP_RES_SEARCH_ENTRY = 4,
114: LDAP_RES_SEARCH_RESULT = 5,
115: LDAP_REQ_MODIFY = 6,
116: LDAP_RES_MODIFY = 7,
117: LDAP_REQ_ADD = 8,
118: LDAP_RES_ADD = 9,
119: LDAP_REQ_DELETE_30 = 10,
120: LDAP_RES_DELETE = 11,
121: LDAP_REQ_MODRDN = 12,
122: LDAP_RES_MODRDN = 13,
123: LDAP_REQ_COMPARE = 14,
124: LDAP_RES_COMPARE = 15,
125: LDAP_REQ_ABANDON_30 = 16,
126:
127: LDAP_RES_SEARCH_REFERENCE = 19,
128:
129: LDAP_REQ_EXTENDED = 23,
130: LDAP_RES_EXTENDED = 24
131: };
132:
133: enum deref_aliases {
134: LDAP_DEREF_NEVER = 0,
135: LDAP_DEREF_SEARCHING = 1,
136: LDAP_DEREF_FINDING = 2,
137: LDAP_DEREF_ALWAYS = 3,
138: };
139:
140: enum authentication_choice {
141: LDAP_AUTH_SIMPLE = 0,
142: };
143:
144: enum scope {
145: LDAP_SCOPE_BASE = 0,
146: LDAP_SCOPE_ONELEVEL = 1,
147: LDAP_SCOPE_SUBTREE = 2,
148: };
149:
150: enum result_code {
151: LDAP_SUCCESS = 0,
152: LDAP_OPERATIONS_ERROR = 1,
153: LDAP_PROTOCOL_ERROR = 2,
154: LDAP_TIMELIMIT_EXCEEDED = 3,
155: LDAP_SIZELIMIT_EXCEEDED = 4,
156: LDAP_COMPARE_FALSE = 5,
157: LDAP_COMPARE_TRUE = 6,
158: LDAP_STRONG_AUTH_NOT_SUPPORTED = 7,
159: LDAP_STRONG_AUTH_REQUIRED = 8,
160:
161: LDAP_REFERRAL = 10,
162: LDAP_ADMINLIMIT_EXCEEDED = 11,
163: LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
164: LDAP_CONFIDENTIALITY_REQUIRED = 13,
165: LDAP_SASL_BIND_IN_PROGRESS = 14,
166: LDAP_NO_SUCH_ATTRIBUTE = 16,
167: LDAP_UNDEFINED_TYPE = 17,
168: LDAP_INAPPROPRIATE_MATCHING = 18,
169: LDAP_CONSTRAINT_VIOLATION = 19,
170: LDAP_TYPE_OR_VALUE_EXISTS = 20,
171: LDAP_INVALID_SYNTAX = 21,
172:
173: LDAP_NO_SUCH_OBJECT = 32,
174: LDAP_ALIAS_PROBLEM = 33,
175: LDAP_INVALID_DN_SYNTAX = 34,
176:
177: LDAP_ALIAS_DEREF_PROBLEM = 36,
178:
179: LDAP_INAPPROPRIATE_AUTH = 48,
180: LDAP_INVALID_CREDENTIALS = 49,
181: LDAP_INSUFFICIENT_ACCESS = 50,
182: LDAP_BUSY = 51,
183: LDAP_UNAVAILABLE = 52,
184: LDAP_UNWILLING_TO_PERFORM = 53,
185: LDAP_LOOP_DETECT = 54,
186:
187: LDAP_NAMING_VIOLATION = 64,
188: LDAP_OBJECT_CLASS_VIOLATION = 65,
189: LDAP_NOT_ALLOWED_ON_NONLEAF = 66,
190: LDAP_NOT_ALLOWED_ON_RDN = 67,
191: LDAP_ALREADY_EXISTS = 68,
192: LDAP_NO_OBJECT_CLASS_MODS = 69,
193:
194: LDAP_AFFECTS_MULTIPLE_DSAS = 71,
195:
196: LDAP_OTHER = 80,
197: };
198:
199: enum filter {
200: LDAP_FILT_AND = 0,
201: LDAP_FILT_OR = 1,
202: LDAP_FILT_NOT = 2,
203: LDAP_FILT_EQ = 3,
204: LDAP_FILT_SUBS = 4,
205: LDAP_FILT_GE = 5,
206: LDAP_FILT_LE = 6,
207: LDAP_FILT_PRES = 7,
208: LDAP_FILT_APPR = 8,
209: };
210:
211: enum subfilter {
212: LDAP_FILT_SUBS_INIT = 0,
213: LDAP_FILT_SUBS_ANY = 1,
214: LDAP_FILT_SUBS_FIN = 2,
215: };
216:
217: struct aldap *aldap_init(int);
218: int aldap_tls(struct aldap *, struct tls_config *,
219: const char *);
220: int aldap_close(struct aldap *);
221: struct aldap_message *aldap_parse(struct aldap *);
222: void aldap_freemsg(struct aldap_message *);
223:
224: int aldap_req_starttls(struct aldap *);
225:
226: int aldap_bind(struct aldap *, char *, char *);
227: int aldap_unbind(struct aldap *);
228: int aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *);
229: int aldap_get_errno(struct aldap *, const char **);
230:
231: int aldap_get_resultcode(struct aldap_message *);
232: char *aldap_get_dn(struct aldap_message *);
233: char *aldap_get_diagmsg(struct aldap_message *);
1.2 ! martijn 234: struct aldap_stringset *aldap_get_references(struct aldap_message *);
1.1 reyk 235: void aldap_free_references(char **values);
236: int aldap_parse_url(const char *, struct aldap_url *);
237: void aldap_free_url(struct aldap_url *);
238: int aldap_search_url(struct aldap *, char *, int, int, int,
239: struct aldap_page_control *);
240:
241: int aldap_count_attrs(struct aldap_message *);
1.2 ! martijn 242: int aldap_match_attr(struct aldap_message *, char *,
! 243: struct aldap_stringset **);
! 244: int aldap_first_attr(struct aldap_message *, char **, struct
! 245: aldap_stringset **);
! 246: int aldap_next_attr(struct aldap_message *, char **,
! 247: struct aldap_stringset **);
! 248: int aldap_free_attr(struct aldap_stringset *);
1.1 reyk 249:
250: struct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len);
251: void aldap_freepage(struct aldap_page_control *);