1130389Sle/* $Id: aldap.h,v 1.9 2012/04/30 21:40:03 jmatthew Exp $ */ 2190507Slulf/* $OpenBSD: aldap.h,v 1.9 2012/04/30 21:40:03 jmatthew Exp $ */ 3190507Slulf 4130389Sle/* 5130389Sle * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org> 6130389Sle * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org> 7130389Sle * 8130389Sle * Permission to use, copy, modify, and distribute this software for any 9130389Sle * purpose with or without fee is hereby granted, provided that the above 10130389Sle * copyright notice and this permission notice appear in all copies. 11130389Sle * 12130389Sle * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 13130389Sle * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 14130389Sle * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 15130389Sle * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 16130389Sle * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 17130389Sle * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 18130389Sle * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 19130389Sle */ 20130389Sle 21130389Sle#include <stdio.h> 22130389Sle#include "ber.h" 23130389Sle 24130389Sle#define LDAP_URL "ldap://" 25130389Sle#define LDAP_PORT 389 26130389Sle#define LDAP_PAGED_OID "1.2.840.113556.1.4.319" 27130389Sle 28130389Slestruct aldap { 29130389Sle#define ALDAP_ERR_SUCCESS 0 30130389Sle#define ALDAP_ERR_PARSER_ERROR 1 31130389Sle#define ALDAP_ERR_INVALID_FILTER 2 32130389Sle#define ALDAP_ERR_OPERATION_FAILED 3 33130389Sle u_int8_t err; 34130389Sle int msgid; 35130389Sle struct ber ber; 36130389Sle}; 37130389Sle 38130389Slestruct aldap_page_control { 39190507Slulf int size; 40190507Slulf char *cookie; 41190507Slulf unsigned int cookie_len; 42190507Slulf}; 43190507Slulf 44190507Slulfstruct aldap_message { 45130389Sle int msgid; 46130389Sle int message_type; 47130389Sle 48130389Sle struct ber_element *msg; 49130389Sle 50130389Sle struct ber_element *header; 51130389Sle struct ber_element *protocol_op; 52130389Sle 53130389Sle struct ber_element *dn; 54190507Slulf 55130389Sle union { 56130389Sle struct { 57130389Sle long long rescode; 58130389Sle struct ber_element *diagmsg; 59130389Sle } res; 60130389Sle struct { 61130389Sle struct ber_element *iter; 62130389Sle struct ber_element *attrs; 63130389Sle } search; 64130389Sle } body; 65130389Sle struct ber_element *references; 66130389Sle struct aldap_page_control *page; 67130389Sle}; 68130389Sle 69130389Sleenum aldap_protocol { 70130389Sle LDAP, 71130389Sle LDAPS 72130389Sle}; 73130389Sle 74130389Slestruct aldap_url { 75190507Slulf int protocol; 76190507Slulf char *host; 77190507Slulf in_port_t port; 78130389Sle char *dn; 79130389Sle#define MAXATTR 1024 80130389Sle char *attributes[MAXATTR]; 81130389Sle int scope; 82190507Slulf char *filter; 83190507Slulf char *buffer; 84190507Slulf}; 85130389Sle 86130389Sleenum protocol_op { 87130389Sle LDAP_REQ_BIND = 0, 88130389Sle LDAP_RES_BIND = 1, 89190507Slulf LDAP_REQ_UNBIND_30 = 2, 90197767Slulf LDAP_REQ_SEARCH = 3, 91149555Sle LDAP_RES_SEARCH_ENTRY = 4, 92130389Sle LDAP_RES_SEARCH_RESULT = 5, 93130389Sle LDAP_REQ_MODIFY = 6, 94130389Sle LDAP_RES_MODIFY = 7, 95130389Sle LDAP_REQ_ADD = 8, 96130389Sle LDAP_RES_ADD = 9, 97130389Sle LDAP_REQ_DELETE_30 = 10, 98130389Sle LDAP_RES_DELETE = 11, 99130389Sle LDAP_REQ_MODRDN = 12, 100190507Slulf LDAP_RES_MODRDN = 13, 101130389Sle LDAP_REQ_COMPARE = 14, 102130389Sle LDAP_RES_COMPARE = 15, 103130389Sle LDAP_REQ_ABANDON_30 = 16, 104190507Slulf 105190507Slulf LDAP_RES_SEARCH_REFERENCE = 19, 106149555Sle}; 107130389Sle 108130389Sleenum deref_aliases { 109130389Sle LDAP_DEREF_NEVER = 0, 110149555Sle LDAP_DEREF_SEARCHING = 1, 111130389Sle LDAP_DEREF_FINDING = 2, 112190507Slulf LDAP_DEREF_ALWAYS = 3, 113190507Slulf}; 114190507Slulf 115190507Slulfenum authentication_choice { 116190507Slulf LDAP_AUTH_SIMPLE = 0, 117190507Slulf}; 118190507Slulf 119190507Slulfenum scope { 120190507Slulf LDAP_SCOPE_BASE = 0, 121190507Slulf LDAP_SCOPE_ONELEVEL = 1, 122190507Slulf LDAP_SCOPE_SUBTREE = 2, 123149555Sle}; 124190507Slulf 125149555Sleenum result_code { 126190507Slulf LDAP_SUCCESS = 0, 127190507Slulf LDAP_OPERATIONS_ERROR = 1, 128190507Slulf LDAP_PROTOCOL_ERROR = 2, 129190507Slulf LDAP_TIMELIMIT_EXCEEDED = 3, 130190507Slulf LDAP_SIZELIMIT_EXCEEDED = 4, 131190507Slulf LDAP_COMPARE_FALSE = 5, 132190507Slulf LDAP_COMPARE_TRUE = 6, 133190507Slulf LDAP_STRONG_AUTH_NOT_SUPPORTED = 7, 134190507Slulf LDAP_STRONG_AUTH_REQUIRED = 8, 135190507Slulf 136190507Slulf LDAP_REFERRAL = 10, 137190507Slulf LDAP_ADMINLIMIT_EXCEEDED = 11, 138190507Slulf LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12, 139190507Slulf LDAP_CONFIDENTIALITY_REQUIRED = 13, 140190507Slulf LDAP_SASL_BIND_IN_PROGRESS = 14, 141190507Slulf LDAP_NO_SUCH_ATTRIBUTE = 16, 142190507Slulf LDAP_UNDEFINED_TYPE = 17, 143190507Slulf LDAP_INAPPROPRIATE_MATCHING = 18, 144190507Slulf LDAP_CONSTRAINT_VIOLATION = 19, 145190507Slulf LDAP_TYPE_OR_VALUE_EXISTS = 20, 146190507Slulf LDAP_INVALID_SYNTAX = 21, 147190507Slulf 148190507Slulf LDAP_NO_SUCH_OBJECT = 32, 149190507Slulf LDAP_ALIAS_PROBLEM = 33, 150190507Slulf LDAP_INVALID_DN_SYNTAX = 34, 151190507Slulf 152190507Slulf LDAP_ALIAS_DEREF_PROBLEM = 36, 153190507Slulf 154190507Slulf LDAP_INAPPROPRIATE_AUTH = 48, 155190507Slulf LDAP_INVALID_CREDENTIALS = 49, 156190507Slulf LDAP_INSUFFICIENT_ACCESS = 50, 157190507Slulf LDAP_BUSY = 51, 158190507Slulf LDAP_UNAVAILABLE = 52, 159135966Sle LDAP_UNWILLING_TO_PERFORM = 53, 160149555Sle LDAP_LOOP_DETECT = 54, 161130389Sle 162130389Sle LDAP_NAMING_VIOLATION = 64, 163190507Slulf LDAP_OBJECT_CLASS_VIOLATION = 65, 164130389Sle LDAP_NOT_ALLOWED_ON_NONLEAF = 66, 165130389Sle LDAP_NOT_ALLOWED_ON_RDN = 67, 166130389Sle LDAP_ALREADY_EXISTS = 68, 167149555Sle LDAP_NO_OBJECT_CLASS_MODS = 69, 168130389Sle 169130389Sle LDAP_AFFECTS_MULTIPLE_DSAS = 71, 170130389Sle 171149555Sle LDAP_OTHER = 80, 172149555Sle}; 173130389Sle 174149555Sleenum filter { 175130389Sle LDAP_FILT_AND = 0, 176130389Sle LDAP_FILT_OR = 1, 177130389Sle LDAP_FILT_NOT = 2, 178130389Sle LDAP_FILT_EQ = 3, 179190507Slulf LDAP_FILT_SUBS = 4, 180130389Sle LDAP_FILT_GE = 5, 181149555Sle LDAP_FILT_LE = 6, 182149555Sle LDAP_FILT_PRES = 7, 183149555Sle LDAP_FILT_APPR = 8, 184130389Sle}; 185130389Sle 186190507Slulfenum subfilter { 187149555Sle LDAP_FILT_SUBS_INIT = 0, 188190507Slulf LDAP_FILT_SUBS_ANY = 1, 189130389Sle LDAP_FILT_SUBS_FIN = 2, 190190507Slulf}; 191130389Sle 192190507Slulfstruct aldap *aldap_init(int fd); 193190507Slulfint aldap_close(struct aldap *); 194190507Slulfstruct aldap_message *aldap_parse(struct aldap *); 195190507Slulfvoid aldap_freemsg(struct aldap_message *); 196190507Slulf 197190507Slulfint aldap_bind(struct aldap *, char *, char *); 198190507Slulfint aldap_unbind(struct aldap *); 199190507Slulfint aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *); 200190507Slulfint aldap_get_errno(struct aldap *, const char **); 201190507Slulf 202190507Slulfint aldap_get_resultcode(struct aldap_message *); 203190507Slulfchar *aldap_get_dn(struct aldap_message *); 204190507Slulfchar *aldap_get_diagmsg(struct aldap_message *); 205190507Slulfchar **aldap_get_references(struct aldap_message *); 206190507Slulfvoid aldap_free_references(char **values); 207190507Slulf#if 0 208190507Slulfint aldap_parse_url(char *, struct aldap_url *); 209190507Slulfvoid aldap_free_url(struct aldap_url *); 210190507Slulfint aldap_search_url(struct aldap *, char *, int, int, int); 211190507Slulf#endif 212190507Slulf 213130389Sleint aldap_count_attrs(struct aldap_message *); 214190507Slulfint aldap_match_attr(struct aldap_message *, char *, char ***); 215190507Slulfint aldap_first_attr(struct aldap_message *, char **, char ***); 216190507Slulfint aldap_next_attr(struct aldap_message *, char **, char ***); 217190507Slulfint aldap_free_attr(char **); 218190507Slulf 219190507Slulfstruct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len); 220130389Slevoid aldap_freepage(struct aldap_page_control *); 221130389Sle