1238376Simp/*	$Id: aldap.h,v 1.9 2012/04/30 21:40:03 jmatthew Exp $ */
2238376Simp/*	$OpenBSD: aldap.h,v 1.9 2012/04/30 21:40:03 jmatthew Exp $ */
3238376Simp/*	$FreeBSD$ */
4238376Simp
5238376Simp/*
6238376Simp * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org>
7238376Simp * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org>
8238376Simp *
9238376Simp * Permission to use, copy, modify, and distribute this software for any
10238376Simp * purpose with or without fee is hereby granted, provided that the above
11238376Simp * copyright notice and this permission notice appear in all copies.
12238376Simp *
13238376Simp * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
14238376Simp * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
15238376Simp * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
16238376Simp * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
17238376Simp * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
18238376Simp * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
19238376Simp * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20238376Simp */
21238376Simp
22238376Simp#include <stdio.h>
23238376Simp#include "ber.h"
24238376Simp
25238376Simp#define LDAP_URL "ldap://"
26238376Simp#define LDAP_PORT 389
27238376Simp#define LDAP_PAGED_OID  "1.2.840.113556.1.4.319"
28238376Simp
29238376Simpstruct aldap {
30238376Simp#define ALDAP_ERR_SUCCESS		0
31238376Simp#define ALDAP_ERR_PARSER_ERROR		1
32238376Simp#define ALDAP_ERR_INVALID_FILTER	2
33238376Simp#define ALDAP_ERR_OPERATION_FAILED	3
34238376Simp	u_int8_t	err;
35238376Simp	int		msgid;
36238376Simp	struct ber	ber;
37238376Simp};
38238376Simp
39238376Simpstruct aldap_page_control {
40238376Simp	int size;
41238376Simp	char *cookie;
42238376Simp	unsigned int cookie_len;
43238376Simp};
44238376Simp
45238376Simpstruct aldap_message {
46238376Simp	int msgid;
47238376Simp	int message_type;
48238376Simp
49238376Simp	struct ber_element	*msg;
50238376Simp
51238376Simp	struct ber_element	*header;
52	struct ber_element	*protocol_op;
53
54	struct ber_element	*dn;
55
56	union {
57		struct {
58			long long		 rescode;
59			struct ber_element	*diagmsg;
60		}			 res;
61		struct {
62			struct ber_element	*iter;
63			struct ber_element	*attrs;
64		}			 search;
65	} body;
66	struct ber_element	*references;
67	struct aldap_page_control *page;
68};
69
70enum aldap_protocol {
71	LDAP,
72	LDAPS
73};
74
75struct aldap_url {
76	int		 protocol;
77	char		*host;
78	in_port_t	 port;
79	char		*dn;
80#define MAXATTR 1024
81	char		*attributes[MAXATTR];
82	int		 scope;
83	char		*filter;
84	char		*buffer;
85};
86
87enum protocol_op {
88	LDAP_REQ_BIND		= 0,
89	LDAP_RES_BIND		= 1,
90	LDAP_REQ_UNBIND_30	= 2,
91	LDAP_REQ_SEARCH		= 3,
92	LDAP_RES_SEARCH_ENTRY	= 4,
93	LDAP_RES_SEARCH_RESULT	= 5,
94	LDAP_REQ_MODIFY		= 6,
95	LDAP_RES_MODIFY		= 7,
96	LDAP_REQ_ADD		= 8,
97	LDAP_RES_ADD		= 9,
98	LDAP_REQ_DELETE_30	= 10,
99	LDAP_RES_DELETE		= 11,
100	LDAP_REQ_MODRDN		= 12,
101	LDAP_RES_MODRDN		= 13,
102	LDAP_REQ_COMPARE	= 14,
103	LDAP_RES_COMPARE	= 15,
104	LDAP_REQ_ABANDON_30	= 16,
105
106	LDAP_RES_SEARCH_REFERENCE = 19,
107};
108
109enum deref_aliases {
110	LDAP_DEREF_NEVER	= 0,
111	LDAP_DEREF_SEARCHING	= 1,
112	LDAP_DEREF_FINDING	= 2,
113	LDAP_DEREF_ALWAYS	= 3,
114};
115
116enum authentication_choice {
117	LDAP_AUTH_SIMPLE	= 0,
118};
119
120enum scope {
121	LDAP_SCOPE_BASE		= 0,
122	LDAP_SCOPE_ONELEVEL	= 1,
123	LDAP_SCOPE_SUBTREE	= 2,
124};
125
126enum result_code {
127	LDAP_SUCCESS				= 0,
128	LDAP_OPERATIONS_ERROR			= 1,
129	LDAP_PROTOCOL_ERROR			= 2,
130	LDAP_TIMELIMIT_EXCEEDED			= 3,
131	LDAP_SIZELIMIT_EXCEEDED			= 4,
132	LDAP_COMPARE_FALSE			= 5,
133	LDAP_COMPARE_TRUE			= 6,
134	LDAP_STRONG_AUTH_NOT_SUPPORTED		= 7,
135	LDAP_STRONG_AUTH_REQUIRED		= 8,
136
137	LDAP_REFERRAL				= 10,
138	LDAP_ADMINLIMIT_EXCEEDED		= 11,
139	LDAP_UNAVAILABLE_CRITICAL_EXTENSION	= 12,
140	LDAP_CONFIDENTIALITY_REQUIRED		= 13,
141	LDAP_SASL_BIND_IN_PROGRESS		= 14,
142	LDAP_NO_SUCH_ATTRIBUTE			= 16,
143	LDAP_UNDEFINED_TYPE			= 17,
144	LDAP_INAPPROPRIATE_MATCHING		= 18,
145	LDAP_CONSTRAINT_VIOLATION		= 19,
146	LDAP_TYPE_OR_VALUE_EXISTS		= 20,
147	LDAP_INVALID_SYNTAX			= 21,
148
149	LDAP_NO_SUCH_OBJECT			= 32,
150	LDAP_ALIAS_PROBLEM			= 33,
151	LDAP_INVALID_DN_SYNTAX			= 34,
152
153	LDAP_ALIAS_DEREF_PROBLEM		= 36,
154
155	LDAP_INAPPROPRIATE_AUTH			= 48,
156	LDAP_INVALID_CREDENTIALS		= 49,
157	LDAP_INSUFFICIENT_ACCESS		= 50,
158	LDAP_BUSY				= 51,
159	LDAP_UNAVAILABLE			= 52,
160	LDAP_UNWILLING_TO_PERFORM		= 53,
161	LDAP_LOOP_DETECT			= 54,
162
163	LDAP_NAMING_VIOLATION			= 64,
164	LDAP_OBJECT_CLASS_VIOLATION		= 65,
165	LDAP_NOT_ALLOWED_ON_NONLEAF		= 66,
166	LDAP_NOT_ALLOWED_ON_RDN			= 67,
167	LDAP_ALREADY_EXISTS			= 68,
168	LDAP_NO_OBJECT_CLASS_MODS		= 69,
169
170	LDAP_AFFECTS_MULTIPLE_DSAS		= 71,
171
172	LDAP_OTHER				= 80,
173};
174
175enum filter {
176	LDAP_FILT_AND		= 0,
177	LDAP_FILT_OR		= 1,
178	LDAP_FILT_NOT		= 2,
179	LDAP_FILT_EQ		= 3,
180	LDAP_FILT_SUBS		= 4,
181	LDAP_FILT_GE		= 5,
182	LDAP_FILT_LE		= 6,
183	LDAP_FILT_PRES		= 7,
184	LDAP_FILT_APPR		= 8,
185};
186
187enum subfilter {
188	LDAP_FILT_SUBS_INIT	= 0,
189	LDAP_FILT_SUBS_ANY	= 1,
190	LDAP_FILT_SUBS_FIN	= 2,
191};
192
193struct aldap		*aldap_init(int fd);
194int			 aldap_close(struct aldap *);
195struct aldap_message	*aldap_parse(struct aldap *);
196void			 aldap_freemsg(struct aldap_message *);
197
198int	 aldap_bind(struct aldap *, char *, char *);
199int	 aldap_unbind(struct aldap *);
200int	 aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *);
201int	 aldap_get_errno(struct aldap *, const char **);
202
203int	 aldap_get_resultcode(struct aldap_message *);
204char	*aldap_get_dn(struct aldap_message *);
205char	*aldap_get_diagmsg(struct aldap_message *);
206char	**aldap_get_references(struct aldap_message *);
207void	 aldap_free_references(char **values);
208#if 0
209int	 aldap_parse_url(char *, struct aldap_url *);
210void	 aldap_free_url(struct aldap_url *);
211int	 aldap_search_url(struct aldap *, char *, int, int, int);
212#endif
213
214int	 aldap_count_attrs(struct aldap_message *);
215int	 aldap_match_attr(struct aldap_message *, char *, char ***);
216int	 aldap_first_attr(struct aldap_message *, char **, char ***);
217int	 aldap_next_attr(struct aldap_message *, char **, char ***);
218int	 aldap_free_attr(char **);
219
220struct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len);
221void	 aldap_freepage(struct aldap_page_control *);
222