andre@0: /* This Source Code Form is subject to the terms of the Mozilla Public andre@0: * License, v. 2.0. If a copy of the MPL was not distributed with this andre@0: * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ andre@0: andre@0: #ifndef _LDAP_H_ andre@0: #define _LDAP_H_ andre@0: andre@0: #include "certt.h" andre@0: #include "pkixt.h" andre@0: andre@0: #ifdef __cplusplus andre@0: extern "C" { andre@0: #endif andre@0: andre@0: extern const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[]; andre@0: SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPCrossCertPairTemplate) andre@0: extern const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[]; andre@0: SEC_ASN1_CHOOSER_DECLARE(PKIX_PL_LDAPMessageTemplate) andre@0: extern const SEC_ASN1Template LDAPFilterTemplate[]; andre@0: SEC_ASN1_CHOOSER_DECLARE(LDAPFilterTemplate) andre@0: andre@0: /* ********************************************************************** */ andre@0: andre@0: #define SEC_ASN1_LDAP_STRING SEC_ASN1_OCTET_STRING andre@0: andre@0: #define LDAPATTR_CACERT (1<<0) andre@0: #define LDAPATTR_USERCERT (1<<1) andre@0: #define LDAPATTR_CROSSPAIRCERT (1<<2) andre@0: #define LDAPATTR_CERTREVLIST (1<<3) andre@0: #define LDAPATTR_AUTHREVLIST (1<<4) andre@0: #define MAX_LDAPATTRS 5 andre@0: typedef PKIX_UInt32 LdapAttrMask; andre@0: andre@0: typedef enum { andre@0: SIMPLE_AUTH = 0, andre@0: KRBV42LDAP_AUTH = 1, andre@0: KRBV42DSA_AUTH = 2 andre@0: } AuthType; andre@0: andre@0: typedef enum { andre@0: BASE_OBJECT = 0, andre@0: SINGLE_LEVEL = 1, andre@0: WHOLE_SUBTREE = 2 andre@0: } ScopeType; andre@0: andre@0: typedef enum { andre@0: NEVER_DEREF = 0, andre@0: DEREF_IN_SEARCHING = 1, andre@0: DEREF_FINDING_BASEOBJ = 2, andre@0: ALWAYS_DEREF = 3 andre@0: } DerefType; andre@0: andre@0: typedef enum { andre@0: LDAP_INITIALSUBSTRING_TYPE = 0, andre@0: LDAP_ANYSUBSTRING_TYPE = 1, andre@0: LDAP_FINALSUBSTRING_TYPE = 2 andre@0: } LDAPSubstringFilterType; andre@0: andre@0: typedef enum { andre@0: LDAP_ANDFILTER_TYPE = 0, andre@0: LDAP_ORFILTER_TYPE = 1, andre@0: LDAP_NOTFILTER_TYPE = 2, andre@0: LDAP_EQUALFILTER_TYPE = 3, andre@0: LDAP_SUBSTRINGFILTER_TYPE = 4, andre@0: LDAP_GREATEROREQUALFILTER_TYPE = 5, andre@0: LDAP_LESSOREQUALFILTER_TYPE = 6, andre@0: LDAP_PRESENTFILTER_TYPE = 7, andre@0: LDAP_APPROXMATCHFILTER_TYPE = 8 andre@0: } LDAPFilterType; andre@0: andre@0: typedef enum { andre@0: LDAP_BIND_TYPE = 0, andre@0: LDAP_BINDRESPONSE_TYPE = 1, andre@0: LDAP_UNBIND_TYPE = 2, andre@0: LDAP_SEARCH_TYPE = 3, andre@0: LDAP_SEARCHRESPONSEENTRY_TYPE = 4, andre@0: LDAP_SEARCHRESPONSERESULT_TYPE = 5, andre@0: LDAP_ABANDONREQUEST_TYPE = 16 andre@0: } LDAPMessageType; andre@0: andre@0: typedef enum { andre@0: SUCCESS = 0, andre@0: OPERATIONSERROR = 1, andre@0: PROTOCOLERROR = 2, andre@0: TIMELIMITEXCEEDED = 3, andre@0: SIZELIMITEXCEEDED = 4, andre@0: COMPAREFALSE = 5, andre@0: COMPARETRUE = 6, andre@0: AUTHMETHODNOTSUPPORTED = 7, andre@0: STRONGAUTHREQUIRED = 8, andre@0: NOSUCHATTRIBUTE = 16, andre@0: UNDEFINEDATTRIBUTETYPE = 17, andre@0: INAPPROPRIATEMATCHING = 18, andre@0: CONSTRAINTVIOLATION = 19, andre@0: ATTRIBUTEORVALUEEXISTS = 20, andre@0: INVALIDATTRIBUTESYNTAX = 21, andre@0: NOSUCHOBJECT = 32, andre@0: ALIASPROBLEM = 33, andre@0: INVALIDDNSYNTAX = 34, andre@0: ISLEAF = 35, andre@0: ALIASDEREFERENCINGPROBLEM = 36, andre@0: INAPPROPRIATEAUTHENTICATION = 48, andre@0: INVALIDCREDENTIALS = 49, andre@0: INSUFFICIENTACCESSRIGHTS = 50, andre@0: BUSY = 51, andre@0: UNAVAILABLE = 52, andre@0: UNWILLINGTOPERFORM = 53, andre@0: LOOPDETECT = 54, andre@0: NAMINGVIOLATION = 64, andre@0: OBJECTCLASSVIOLATION = 65, andre@0: NOTALLOWEDONNONLEAF = 66, andre@0: NOTALLOWEDONRDN = 67, andre@0: ENTRYALREADYEXISTS = 68, andre@0: OBJECTCLASSMODSPROHIBITED = 69, andre@0: OTHER = 80 andre@0: } LDAPResultCode; andre@0: andre@0: typedef struct LDAPLocationStruct LDAPLocation; andre@0: typedef struct LDAPCertPairStruct LDAPCertPair; andre@0: typedef struct LDAPSimpleBindStruct LDAPSimpleBind; andre@0: typedef struct LDAPBindAPIStruct LDAPBindAPI; andre@0: typedef struct LDAPBindStruct LDAPBind; andre@0: typedef struct LDAPResultStruct LDAPBindResponse; andre@0: typedef struct LDAPResultStruct LDAPResult; andre@0: typedef struct LDAPSearchResponseAttrStruct LDAPSearchResponseAttr; andre@0: typedef struct LDAPSearchResponseEntryStruct LDAPSearchResponseEntry; andre@0: typedef struct LDAPResultStruct LDAPSearchResponseResult; andre@0: typedef struct LDAPUnbindStruct LDAPUnbind; andre@0: typedef struct LDAPFilterStruct LDAPFilter; andre@0: typedef struct LDAPAndFilterStruct LDAPAndFilter; andre@0: typedef struct LDAPNotFilterStruct LDAPNotFilter; andre@0: typedef struct LDAPSubstringStruct LDAPSubstring; andre@0: typedef struct LDAPSubstringFilterStruct LDAPSubstringFilter; andre@0: typedef struct LDAPPresentFilterStruct LDAPPresentFilter; andre@0: typedef struct LDAPAttributeValueAssertionStruct LDAPAttributeValueAssertion; andre@0: typedef struct LDAPNameComponentStruct LDAPNameComponent; andre@0: typedef struct LDAPRequestParamsStruct LDAPRequestParams; andre@0: typedef struct LDAPSearchStruct LDAPSearch; andre@0: typedef struct LDAPAbandonRequestStruct LDAPAbandonRequest; andre@0: typedef struct protocolOpStruct LDAPProtocolOp; andre@0: typedef struct LDAPMessageStruct LDAPMessage; andre@0: typedef LDAPAndFilter LDAPOrFilter; andre@0: typedef LDAPAttributeValueAssertion LDAPEqualFilter; andre@0: typedef LDAPAttributeValueAssertion LDAPGreaterOrEqualFilter; andre@0: typedef LDAPAttributeValueAssertion LDAPLessOrEqualFilter; andre@0: typedef LDAPAttributeValueAssertion LDAPApproxMatchFilter; andre@0: andre@0: struct LDAPLocationStruct { andre@0: PLArenaPool *arena; andre@0: void *serverSite; andre@0: void **filterString; andre@0: void **attrBitString; andre@0: }; andre@0: andre@0: struct LDAPCertPairStruct { andre@0: SECItem forward; andre@0: SECItem reverse; andre@0: }; andre@0: andre@0: struct LDAPSimpleBindStruct { andre@0: char *bindName; andre@0: char *authentication; andre@0: }; andre@0: andre@0: struct LDAPBindAPIStruct { andre@0: AuthType selector; andre@0: union { andre@0: LDAPSimpleBind simple; andre@0: } chooser; andre@0: }; andre@0: andre@0: struct LDAPBindStruct { andre@0: SECItem version; andre@0: SECItem bindName; andre@0: SECItem authentication; andre@0: }; andre@0: andre@0: struct LDAPResultStruct { andre@0: SECItem resultCode; andre@0: SECItem matchedDN; andre@0: SECItem errorMessage; andre@0: }; andre@0: andre@0: struct LDAPSearchResponseAttrStruct { andre@0: SECItem attrType; andre@0: SECItem **val; andre@0: }; andre@0: andre@0: struct LDAPSearchResponseEntryStruct { andre@0: SECItem objectName; andre@0: LDAPSearchResponseAttr **attributes; andre@0: }; andre@0: andre@0: struct LDAPUnbindStruct { andre@0: SECItem dummy; andre@0: }; andre@0: andre@0: struct LDAPAndFilterStruct { andre@0: LDAPFilter **filters; andre@0: }; andre@0: andre@0: struct LDAPNotFilterStruct { andre@0: LDAPFilter *filter; andre@0: }; andre@0: andre@0: struct LDAPSubstringStruct { andre@0: LDAPSubstringFilterType selector; andre@0: SECItem item; andre@0: }; andre@0: andre@0: struct LDAPSubstringFilterStruct { andre@0: SECItem attrType; andre@0: LDAPSubstring *strings; andre@0: }; andre@0: andre@0: struct LDAPPresentFilterStruct { andre@0: SECItem attrType; andre@0: }; andre@0: andre@0: struct LDAPAttributeValueAssertionStruct { andre@0: SECItem attrType; andre@0: SECItem attrValue; andre@0: }; andre@0: andre@0: struct LDAPFilterStruct { andre@0: LDAPFilterType selector; andre@0: union { andre@0: LDAPAndFilter andFilter; andre@0: LDAPOrFilter orFilter; andre@0: LDAPNotFilter notFilter; andre@0: LDAPEqualFilter equalFilter; andre@0: LDAPSubstringFilter substringFilter; andre@0: LDAPGreaterOrEqualFilter greaterOrEqualFilter; andre@0: LDAPLessOrEqualFilter lessOrEqualFilter; andre@0: LDAPPresentFilter presentFilter; andre@0: LDAPApproxMatchFilter approxMatchFilter; andre@0: } filter; andre@0: }; andre@0: andre@0: struct LDAPNameComponentStruct { andre@0: unsigned char *attrType; andre@0: unsigned char *attrValue; andre@0: }; andre@0: andre@0: struct LDAPRequestParamsStruct { andre@0: char *baseObject; /* e.g. "c=US" */ andre@0: ScopeType scope; andre@0: DerefType derefAliases; andre@0: PKIX_UInt32 sizeLimit; /* 0 = no limit */ andre@0: PRIntervalTime timeLimit; /* 0 = no limit */ andre@0: LDAPNameComponent **nc; /* e.g. {{"cn","xxx"},{"o","yyy"},NULL} */ andre@0: LdapAttrMask attributes; andre@0: }; andre@0: andre@0: struct LDAPSearchStruct { andre@0: SECItem baseObject; andre@0: SECItem scope; andre@0: SECItem derefAliases; andre@0: SECItem sizeLimit; andre@0: SECItem timeLimit; andre@0: SECItem attrsOnly; andre@0: LDAPFilter filter; andre@0: SECItem **attributes; andre@0: }; andre@0: andre@0: struct LDAPAbandonRequestStruct { andre@0: SECItem messageID; andre@0: }; andre@0: andre@0: struct protocolOpStruct { andre@0: LDAPMessageType selector; andre@0: union { andre@0: LDAPBind bindMsg; andre@0: LDAPBindResponse bindResponseMsg; andre@0: LDAPUnbind unbindMsg; andre@0: LDAPSearch searchMsg; andre@0: LDAPSearchResponseEntry searchResponseEntryMsg; andre@0: LDAPSearchResponseResult searchResponseResultMsg; andre@0: LDAPAbandonRequest abandonRequestMsg; andre@0: } op; andre@0: }; andre@0: andre@0: struct LDAPMessageStruct { andre@0: SECItem messageID; andre@0: LDAPProtocolOp protocolOp; andre@0: }; andre@0: andre@0: typedef struct PKIX_PL_LdapClientStruct PKIX_PL_LdapClient; andre@0: andre@0: typedef PKIX_Error * andre@0: (*PKIX_PL_LdapClient_InitiateFcn)( andre@0: PKIX_PL_LdapClient *client, andre@0: LDAPRequestParams *requestParams, andre@0: void **pNBIO, andre@0: PKIX_List **pResponse, andre@0: void *plContext); andre@0: andre@0: typedef PKIX_Error * andre@0: (*PKIX_PL_LdapClient_ResumeFcn)( andre@0: PKIX_PL_LdapClient *client, andre@0: void **pNBIO, andre@0: PKIX_List **pResponse, andre@0: void *plContext); andre@0: andre@0: struct PKIX_PL_LdapClientStruct { andre@0: PKIX_PL_LdapClient_InitiateFcn initiateFcn; andre@0: PKIX_PL_LdapClient_ResumeFcn resumeFcn; andre@0: }; andre@0: andre@0: #ifdef __cplusplus andre@0: } andre@0: #endif andre@0: andre@0: #endif