Annotation of src/usr.bin/ldap/aldap.h, Revision 1.3
1.3 ! tedu 1: /* $OpenBSD: aldap.h,v 1.2 2018/11/27 12:04:57 martijn Exp $ */
1.1 reyk 2:
3: /*
4: * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org>
5: * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org>
6: *
7: * Permission to use, copy, modify, and distribute this software for any
8: * purpose with or without fee is hereby granted, provided that the above
9: * copyright notice and this permission notice appear in all copies.
10: *
11: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
12: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
13: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
14: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
16: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
17: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
18: */
19:
20: #include <stdio.h>
21:
22: #include <tls.h>
23:
24: #include "ber.h"
25:
26: #define LDAP_URL "ldap://"
27: #define LDAPS_URL "ldaps://"
28: #define LDAPTLS_URL "ldap+tls://"
29: #define LDAPI_URL "ldapi://"
30:
31: #define LDAP_PORT 389
32: #define LDAPS_PORT 636
33: #define LDAP_PAGED_OID "1.2.840.113556.1.4.319"
34: #define LDAP_STARTTLS_OID "1.3.6.1.4.1.1466.20037"
35:
36: struct aldap {
37: #define ALDAP_ERR_SUCCESS 0
38: #define ALDAP_ERR_PARSER_ERROR 1
39: #define ALDAP_ERR_INVALID_FILTER 2
40: #define ALDAP_ERR_OPERATION_FAILED 3
41: #define ALDAP_ERR_TLS_ERROR 4
42: u_int8_t err;
43: int msgid;
44: struct ber ber;
45:
46: int fd;
47: struct tls *tls;
48:
49: struct evbuffer *buf;
50: };
51:
52: struct aldap_page_control {
53: int size;
54: char *cookie;
55: unsigned int cookie_len;
56: };
57:
58: struct aldap_message {
59: int msgid;
60: int message_type;
61:
62: struct ber_element *msg;
63:
64: struct ber_element *header;
65: struct ber_element *protocol_op;
66:
67: struct ber_element *dn;
68:
69: union {
70: struct {
71: long long rescode;
72: struct ber_element *diagmsg;
73: } res;
74: struct {
75: struct ber_element *iter;
76: struct ber_element *attrs;
77: } search;
78: } body;
79: struct ber_element *references;
80: struct aldap_page_control *page;
81: };
82:
83: enum aldap_protocol {
84: LDAP,
85: LDAPS,
86: LDAPTLS,
87: LDAPI
88: };
89:
1.2 martijn 90: struct aldap_stringset {
91: size_t len;
92: struct ber_octetstring *str;
93: };
94:
1.1 reyk 95: struct aldap_url {
96: int protocol;
97: char *host;
98: in_port_t port;
99: char *dn;
100: #define MAXATTR 1024
101: char *attributes[MAXATTR];
102: int scope;
103: char *filter;
104: char *buffer;
105: };
106:
107: enum protocol_op {
108: LDAP_REQ_BIND = 0,
109: LDAP_RES_BIND = 1,
110: LDAP_REQ_UNBIND_30 = 2,
111: LDAP_REQ_SEARCH = 3,
112: LDAP_RES_SEARCH_ENTRY = 4,
113: LDAP_RES_SEARCH_RESULT = 5,
114: LDAP_REQ_MODIFY = 6,
115: LDAP_RES_MODIFY = 7,
116: LDAP_REQ_ADD = 8,
117: LDAP_RES_ADD = 9,
118: LDAP_REQ_DELETE_30 = 10,
119: LDAP_RES_DELETE = 11,
120: LDAP_REQ_MODRDN = 12,
121: LDAP_RES_MODRDN = 13,
122: LDAP_REQ_COMPARE = 14,
123: LDAP_RES_COMPARE = 15,
124: LDAP_REQ_ABANDON_30 = 16,
125:
126: LDAP_RES_SEARCH_REFERENCE = 19,
127:
128: LDAP_REQ_EXTENDED = 23,
129: LDAP_RES_EXTENDED = 24
130: };
131:
132: enum deref_aliases {
133: LDAP_DEREF_NEVER = 0,
134: LDAP_DEREF_SEARCHING = 1,
135: LDAP_DEREF_FINDING = 2,
136: LDAP_DEREF_ALWAYS = 3,
137: };
138:
139: enum authentication_choice {
140: LDAP_AUTH_SIMPLE = 0,
141: };
142:
143: enum scope {
144: LDAP_SCOPE_BASE = 0,
145: LDAP_SCOPE_ONELEVEL = 1,
146: LDAP_SCOPE_SUBTREE = 2,
147: };
148:
149: enum result_code {
150: LDAP_SUCCESS = 0,
151: LDAP_OPERATIONS_ERROR = 1,
152: LDAP_PROTOCOL_ERROR = 2,
153: LDAP_TIMELIMIT_EXCEEDED = 3,
154: LDAP_SIZELIMIT_EXCEEDED = 4,
155: LDAP_COMPARE_FALSE = 5,
156: LDAP_COMPARE_TRUE = 6,
157: LDAP_STRONG_AUTH_NOT_SUPPORTED = 7,
158: LDAP_STRONG_AUTH_REQUIRED = 8,
159:
160: LDAP_REFERRAL = 10,
161: LDAP_ADMINLIMIT_EXCEEDED = 11,
162: LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
163: LDAP_CONFIDENTIALITY_REQUIRED = 13,
164: LDAP_SASL_BIND_IN_PROGRESS = 14,
165: LDAP_NO_SUCH_ATTRIBUTE = 16,
166: LDAP_UNDEFINED_TYPE = 17,
167: LDAP_INAPPROPRIATE_MATCHING = 18,
168: LDAP_CONSTRAINT_VIOLATION = 19,
169: LDAP_TYPE_OR_VALUE_EXISTS = 20,
170: LDAP_INVALID_SYNTAX = 21,
171:
172: LDAP_NO_SUCH_OBJECT = 32,
173: LDAP_ALIAS_PROBLEM = 33,
174: LDAP_INVALID_DN_SYNTAX = 34,
175:
176: LDAP_ALIAS_DEREF_PROBLEM = 36,
177:
178: LDAP_INAPPROPRIATE_AUTH = 48,
179: LDAP_INVALID_CREDENTIALS = 49,
180: LDAP_INSUFFICIENT_ACCESS = 50,
181: LDAP_BUSY = 51,
182: LDAP_UNAVAILABLE = 52,
183: LDAP_UNWILLING_TO_PERFORM = 53,
184: LDAP_LOOP_DETECT = 54,
185:
186: LDAP_NAMING_VIOLATION = 64,
187: LDAP_OBJECT_CLASS_VIOLATION = 65,
188: LDAP_NOT_ALLOWED_ON_NONLEAF = 66,
189: LDAP_NOT_ALLOWED_ON_RDN = 67,
190: LDAP_ALREADY_EXISTS = 68,
191: LDAP_NO_OBJECT_CLASS_MODS = 69,
192:
193: LDAP_AFFECTS_MULTIPLE_DSAS = 71,
194:
195: LDAP_OTHER = 80,
196: };
197:
198: enum filter {
199: LDAP_FILT_AND = 0,
200: LDAP_FILT_OR = 1,
201: LDAP_FILT_NOT = 2,
202: LDAP_FILT_EQ = 3,
203: LDAP_FILT_SUBS = 4,
204: LDAP_FILT_GE = 5,
205: LDAP_FILT_LE = 6,
206: LDAP_FILT_PRES = 7,
207: LDAP_FILT_APPR = 8,
208: };
209:
210: enum subfilter {
211: LDAP_FILT_SUBS_INIT = 0,
212: LDAP_FILT_SUBS_ANY = 1,
213: LDAP_FILT_SUBS_FIN = 2,
214: };
215:
216: struct aldap *aldap_init(int);
217: int aldap_tls(struct aldap *, struct tls_config *,
218: const char *);
219: int aldap_close(struct aldap *);
220: struct aldap_message *aldap_parse(struct aldap *);
221: void aldap_freemsg(struct aldap_message *);
222:
223: int aldap_req_starttls(struct aldap *);
224:
225: int aldap_bind(struct aldap *, char *, char *);
226: int aldap_unbind(struct aldap *);
227: int aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *);
228: int aldap_get_errno(struct aldap *, const char **);
229:
230: int aldap_get_resultcode(struct aldap_message *);
231: char *aldap_get_dn(struct aldap_message *);
232: char *aldap_get_diagmsg(struct aldap_message *);
1.2 martijn 233: struct aldap_stringset *aldap_get_references(struct aldap_message *);
1.1 reyk 234: void aldap_free_references(char **values);
235: int aldap_parse_url(const char *, struct aldap_url *);
236: void aldap_free_url(struct aldap_url *);
237: int aldap_search_url(struct aldap *, char *, int, int, int,
238: struct aldap_page_control *);
239:
240: int aldap_count_attrs(struct aldap_message *);
1.2 martijn 241: int aldap_match_attr(struct aldap_message *, char *,
242: struct aldap_stringset **);
243: int aldap_first_attr(struct aldap_message *, char **, struct
244: aldap_stringset **);
245: int aldap_next_attr(struct aldap_message *, char **,
246: struct aldap_stringset **);
247: int aldap_free_attr(struct aldap_stringset *);
1.1 reyk 248:
249: struct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len);
250: void aldap_freepage(struct aldap_page_control *);