view nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c @ 3:150b72113545

Add DBM and legacydb support
author Andre Heinecke <andre.heinecke@intevation.de>
date Tue, 05 Aug 2014 18:32:02 +0200
parents 1e5118fa0cb1
children
line wrap: on
line source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include "pkix_pl_ldapt.h"

SEC_ASN1_MKSUB(SEC_AnyTemplate)
SEC_ASN1_MKSUB(SEC_NullTemplate)
SEC_ASN1_MKSUB(SEC_OctetStringTemplate)

/*
 * CertificatePair      ::= SEQUENCE {
 *      forward [0]     Certificate OPTIONAL,
 *      reverse [1]     Certificate OPTIONAL
 *                      -- at least one of the pair shall be present --
 *  }
 */

const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
        offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) },
    { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1,
        offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) },
    { 0 }
};

/*
 * BindRequest ::=
 *      [APPLICATION 0] SEQUENCE {
 *                      version INTEGER (1..127),
 *                      name    LDAPDN,
 *                      authentication CHOICE {
 *                              simple          [0] OCTET STRING,
 *                              krbv42LDAP      [1] OCTET STRING,
 *                              krbv42DSA       [2] OCTET STRING
 *                      }
 *      }
 *
 * LDAPDN ::= LDAPString
 *
 * LDAPString ::= OCTET STRING
 */

#define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate)

static const SEC_ASN1Template LDAPBindApplTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL },
    { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) },
    { 0 }
};

static const SEC_ASN1Template LDAPBindTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0,
        LDAPBindApplTemplate, sizeof (LDAPBind) }
};

/*
 * BindResponse ::= [APPLICATION 1] LDAPResult
 *
 * LDAPResult ::=
 *      SEQUENCE {
 *              resultCode      ENUMERATED {
 *                              success                         (0),
 *                              operationsError                 (1),
 *                              protocolError                   (2),
 *                              timeLimitExceeded               (3),
 *                              sizeLimitExceeded               (4),
 *                              compareFalse                    (5),
 *                              compareTrue                     (6),
 *                              authMethodNotSupported          (7),
 *                              strongAuthRequired              (8),
 *                              noSuchAttribute                 (16),
 *                              undefinedAttributeType          (17),
 *                              inappropriateMatching           (18),
 *                              constraintViolation             (19),
 *                              attributeOrValueExists          (20),
 *                              invalidAttributeSyntax          (21),
 *                              noSuchObject                    (32),
 *                              aliasProblem                    (33),
 *                              invalidDNSyntax                 (34),
 *                              isLeaf                          (35),
 *                              aliasDereferencingProblem       (36),
 *                              inappropriateAuthentication     (48),
 *                              invalidCredentials              (49),
 *                              insufficientAccessRights        (50),
 *                              busy                            (51),
 *                              unavailable                     (52),
 *                              unwillingToPerform              (53),
 *                              loopDetect                      (54),
 *                              namingViolation                 (64),
 *                              objectClassViolation            (65),
 *                              notAllowedOnNonLeaf             (66),
 *                              notAllowedOnRDN                 (67),
 *                              entryAlreadyExists              (68),
 *                              objectClassModsProhibited       (69),
 *                              other                           (80)
 *                              },
 *              matchedDN       LDAPDN,
 *              errorMessage    LDAPString
 *      }
 */

static const SEC_ASN1Template LDAPResultTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL },
    { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) },
    { 0 }
};

static const SEC_ASN1Template LDAPBindResponseTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0,
        LDAPResultTemplate, sizeof (LDAPBindResponse) }
};

/*
 * UnbindRequest ::= [APPLICATION 2] NULL
 */

static const SEC_ASN1Template LDAPUnbindTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN |
        LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) }
};

/*
 * AttributeValueAssertion ::=
 *      SEQUENCE {
 *              attributeType   AttributeType,
 *              attributeValue  AttributeValue,
 *      }
 *
 * AttributeType ::= LDAPString
 *               -- text name of the attribute, or dotted
 *               -- OID representation
 *
 * AttributeValue ::= OCTET STRING
 */

#define LDAPAttributeTypeTemplate LDAPStringTemplate

/*
 * SubstringFilter ::=
 *      SEQUENCE {
 *              type            AttributeType,
 *              SEQUENCE OF CHOICE {
 *                      initial [0] LDAPString,
 *                      any     [1] LDAPString,
 *                      final   [2] LDAPString,
 *              }
 *      }
 */

#define LDAPSubstringFilterInitialTemplate LDAPStringTemplate
#define LDAPSubstringFilterAnyTemplate LDAPStringTemplate
#define LDAPSubstringFilterFinalTemplate LDAPStringTemplate

static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = {
    { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0,
        sizeof (LDAPFilter) },
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
        offsetof(LDAPSubstring, item),
        LDAPSubstringFilterInitialTemplate,
        LDAP_INITIALSUBSTRING_TYPE },
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
        offsetof(LDAPSubstring, item),
        LDAPSubstringFilterAnyTemplate,
        LDAP_ANYSUBSTRING_TYPE },
    { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
        offsetof(LDAPSubstring, item),
        LDAPSubstringFilterFinalTemplate,
        LDAP_FINALSUBSTRING_TYPE },
    { 0 }
};

/*
 * Filter ::=
 *      CHOICE {
 *              and             [0] SET OF Filter,
 *              or              [1] SET OF Filter,
 *              not             [2] Filter,
 *              equalityMatch   [3] AttributeValueAssertion,
 *              substrings      [4] SubstringFilter,
 *              greaterOrEqual  [5] AttributeValueAssertion,
 *              lessOrEqual     [6] AttributeValueAssertion,
 *              present         [7] AttributeType,
 *              approxMatch     [8] AttributeValueAssertion
        }
 */

static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) },
    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings),
        LDAPSubstringFilterChoiceTemplate },
    { 0 }
};

const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */

static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = {
    { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate }
};

static const SEC_ASN1Template LDAPAVAFilterTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) },
    { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) },
    { 0 }
};

static const SEC_ASN1Template LDAPPresentFilterTemplate[] = {
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) }
};

#define LDAPEqualFilterTemplate LDAPAVAFilterTemplate
#define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate
#define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate
#define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate

const SEC_ASN1Template LDAPFilterTemplate[] = {
    { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_ANDFILTER_TYPE,
        offsetof(LDAPFilter, filter.andFilter.filters),
        LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_ORFILTER_TYPE,
        offsetof(LDAPFilter, filter.orFilter.filters),
        LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER,
        offsetof(LDAPFilter, filter.notFilter),
        LDAPFilterTemplate, LDAP_NOTFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_EQUALFILTER_TYPE,
        offsetof(LDAPFilter, filter.equalFilter),
        LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter),
        LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_GREATEROREQUALFILTER_TYPE,
        offsetof(LDAPFilter, filter.greaterOrEqualFilter),
        LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_LESSOREQUALFILTER_TYPE,
        offsetof(LDAPFilter, filter.lessOrEqualFilter),
        LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_PRESENTFILTER_TYPE,
        offsetof(LDAPFilter, filter.presentFilter),
        LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE },
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
        LDAP_APPROXMATCHFILTER_TYPE,
        offsetof(LDAPFilter, filter.approxMatchFilter),
        LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE },
    { 0 }
};

/*
 * SearchRequest ::=
 *      [APPLICATION 3] SEQUENCE {
 *              baseObject      LDAPDN,
 *              scope           ENUMERATED {
 *                                      baseObject              (0),
 *                                      singleLevel             (1),
 *                                      wholeSubtree            (2)
 *                              },
 *              derefAliases    ENUMERATED {
 *                                      neverDerefAliases       (0),
 *                                      derefInSearching        (1),
 *                                      derefFindingBaseObj     (2),
 *                                      alwaysDerefAliases      (3)
 *                              },
 *              sizeLimit       INTEGER (0 .. MAXINT),
 *                              -- value of 0 implies no sizeLimit
 *              timeLimit       INTEGER (0 .. MAXINT),
 *                              -- value of 0 implies no timeLimit
 *              attrsOnly       BOOLEAN,
 *                              -- TRUE, if only attributes (without values)
 *                              -- to be returned
 *              filter          Filter,
 *              attributes      SEQUENCE OF AttributeType
 *      }
 */

static const SEC_ASN1Template LDAPAttributeTemplate[] = {
    { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) }
};

static const SEC_ASN1Template LDAPSearchApplTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) },
    { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) },
    { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) },
    { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) },
    { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) },
    { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) },
    { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate },
    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate },
    { 0 }
};

static const SEC_ASN1Template LDAPSearchTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0,
        LDAPSearchApplTemplate, sizeof (LDAPSearch) } 
};

/*
 * SearchResponse ::=
 *      CHOICE {
 *              entry   [APPLICATION 4] SEQUENCE {
 *                              objectName      LDAPDN,
 *                              attributes      SEQUENCE OF SEQUENCE {
 *                                                      AttributeType,
 *                                                      SET OF AttributeValue
 *                                              }
 *                      }
 *              resultCode [APPLICATION 5] LDAPResult
 *      }
 */

static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) },
    { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val),
        LDAPStringTemplate },
    { 0 }
};

static const SEC_ASN1Template LDAPEntryTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL },
    { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) },
    { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes),
        LDAPSearchResponseAttrTemplate },
    { 0 }
};

static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0,
        LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) }
};

static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = {
    { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0,
        LDAPResultTemplate, sizeof (LDAPSearchResponseResult) }
};

/*
 * AbandonRequest ::=
 *      [APPLICATION 16] MessageID
 */

static const SEC_ASN1Template LDAPAbandonTemplate[] = {
    { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) }
};

static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = {
    { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0,
        LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) }
};

/*
 * LDAPMessage ::=
 *      SEQUENCE {
 *              messageID       MessageID,
 *              protocolOp      CHOICE {
 *                                      bindRequest     BindRequest,
 *                                      bindResponse    BindResponse,
 *                                      unbindRequest   UnbindRequest,
 *                                      searchRequest   SearchRequest,
 *                                      searchResponse  SearchResponse,
 *                                      abandonRequest  AbandonRequest
 *                              }
 *      }
 *
 *                                      (other choices exist, not shown)
 *
 * MessageID ::= INTEGER (0 .. maxInt)
 */

static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = {
    { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg),
        LDAPBindTemplate, LDAP_BIND_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg),
        LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg),
        LDAPUnbindTemplate, LDAP_UNBIND_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg),
        LDAPSearchTemplate, LDAP_SEARCH_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg),
        LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg),
        LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE },
    { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg),
        LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE },
    { 0 }
};

const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL },
    { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) },
    { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp),
        LDAPMessageProtocolOpTemplate },
    { 0 }
};

/* This function simply returns the address of the message template.
 * This is necessary for Windows DLLs.
 */
SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)