1*d4b95dc4Srob /* $OpenBSD: aldap.h,v 1.4 2019/05/11 17:46:02 rob Exp $ */ 29107066aSreyk 39107066aSreyk /* 49107066aSreyk * Copyright (c) 2008 Alexander Schrijver <aschrijver@openbsd.org> 59107066aSreyk * Copyright (c) 2006, 2007 Marc Balmer <mbalmer@openbsd.org> 69107066aSreyk * 79107066aSreyk * Permission to use, copy, modify, and distribute this software for any 89107066aSreyk * purpose with or without fee is hereby granted, provided that the above 99107066aSreyk * copyright notice and this permission notice appear in all copies. 109107066aSreyk * 119107066aSreyk * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 129107066aSreyk * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 139107066aSreyk * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 149107066aSreyk * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 159107066aSreyk * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 169107066aSreyk * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 179107066aSreyk * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 189107066aSreyk */ 199107066aSreyk 20*d4b95dc4Srob #include <ber.h> 219107066aSreyk #include <stdio.h> 229107066aSreyk #include <tls.h> 239107066aSreyk 249107066aSreyk #define LDAP_URL "ldap://" 259107066aSreyk #define LDAPS_URL "ldaps://" 269107066aSreyk #define LDAPTLS_URL "ldap+tls://" 279107066aSreyk #define LDAPI_URL "ldapi://" 289107066aSreyk 299107066aSreyk #define LDAP_PORT 389 309107066aSreyk #define LDAPS_PORT 636 319107066aSreyk #define LDAP_PAGED_OID "1.2.840.113556.1.4.319" 329107066aSreyk #define LDAP_STARTTLS_OID "1.3.6.1.4.1.1466.20037" 339107066aSreyk 349107066aSreyk struct aldap { 359107066aSreyk #define ALDAP_ERR_SUCCESS 0 369107066aSreyk #define ALDAP_ERR_PARSER_ERROR 1 379107066aSreyk #define ALDAP_ERR_INVALID_FILTER 2 389107066aSreyk #define ALDAP_ERR_OPERATION_FAILED 3 399107066aSreyk #define ALDAP_ERR_TLS_ERROR 4 409107066aSreyk u_int8_t err; 419107066aSreyk int msgid; 429107066aSreyk struct ber ber; 439107066aSreyk 449107066aSreyk int fd; 459107066aSreyk struct tls *tls; 469107066aSreyk 479107066aSreyk struct evbuffer *buf; 489107066aSreyk }; 499107066aSreyk 509107066aSreyk struct aldap_page_control { 519107066aSreyk int size; 529107066aSreyk char *cookie; 539107066aSreyk unsigned int cookie_len; 549107066aSreyk }; 559107066aSreyk 569107066aSreyk struct aldap_message { 579107066aSreyk int msgid; 589107066aSreyk int message_type; 599107066aSreyk 609107066aSreyk struct ber_element *msg; 619107066aSreyk 629107066aSreyk struct ber_element *header; 639107066aSreyk struct ber_element *protocol_op; 649107066aSreyk 659107066aSreyk struct ber_element *dn; 669107066aSreyk 679107066aSreyk union { 689107066aSreyk struct { 699107066aSreyk long long rescode; 709107066aSreyk struct ber_element *diagmsg; 719107066aSreyk } res; 729107066aSreyk struct { 739107066aSreyk struct ber_element *iter; 749107066aSreyk struct ber_element *attrs; 759107066aSreyk } search; 769107066aSreyk } body; 779107066aSreyk struct ber_element *references; 789107066aSreyk struct aldap_page_control *page; 799107066aSreyk }; 809107066aSreyk 819107066aSreyk enum aldap_protocol { 829107066aSreyk LDAP, 839107066aSreyk LDAPS, 849107066aSreyk LDAPTLS, 859107066aSreyk LDAPI 869107066aSreyk }; 879107066aSreyk 882f59fca6Smartijn struct aldap_stringset { 892f59fca6Smartijn size_t len; 902f59fca6Smartijn struct ber_octetstring *str; 912f59fca6Smartijn }; 922f59fca6Smartijn 939107066aSreyk struct aldap_url { 949107066aSreyk int protocol; 959107066aSreyk char *host; 969107066aSreyk in_port_t port; 979107066aSreyk char *dn; 989107066aSreyk #define MAXATTR 1024 999107066aSreyk char *attributes[MAXATTR]; 1009107066aSreyk int scope; 1019107066aSreyk char *filter; 1029107066aSreyk char *buffer; 1039107066aSreyk }; 1049107066aSreyk 1059107066aSreyk enum protocol_op { 1069107066aSreyk LDAP_REQ_BIND = 0, 1079107066aSreyk LDAP_RES_BIND = 1, 1089107066aSreyk LDAP_REQ_UNBIND_30 = 2, 1099107066aSreyk LDAP_REQ_SEARCH = 3, 1109107066aSreyk LDAP_RES_SEARCH_ENTRY = 4, 1119107066aSreyk LDAP_RES_SEARCH_RESULT = 5, 1129107066aSreyk LDAP_REQ_MODIFY = 6, 1139107066aSreyk LDAP_RES_MODIFY = 7, 1149107066aSreyk LDAP_REQ_ADD = 8, 1159107066aSreyk LDAP_RES_ADD = 9, 1169107066aSreyk LDAP_REQ_DELETE_30 = 10, 1179107066aSreyk LDAP_RES_DELETE = 11, 1189107066aSreyk LDAP_REQ_MODRDN = 12, 1199107066aSreyk LDAP_RES_MODRDN = 13, 1209107066aSreyk LDAP_REQ_COMPARE = 14, 1219107066aSreyk LDAP_RES_COMPARE = 15, 1229107066aSreyk LDAP_REQ_ABANDON_30 = 16, 1239107066aSreyk 1249107066aSreyk LDAP_RES_SEARCH_REFERENCE = 19, 1259107066aSreyk 1269107066aSreyk LDAP_REQ_EXTENDED = 23, 1279107066aSreyk LDAP_RES_EXTENDED = 24 1289107066aSreyk }; 1299107066aSreyk 1309107066aSreyk enum deref_aliases { 1319107066aSreyk LDAP_DEREF_NEVER = 0, 1329107066aSreyk LDAP_DEREF_SEARCHING = 1, 1339107066aSreyk LDAP_DEREF_FINDING = 2, 1349107066aSreyk LDAP_DEREF_ALWAYS = 3, 1359107066aSreyk }; 1369107066aSreyk 1379107066aSreyk enum authentication_choice { 1389107066aSreyk LDAP_AUTH_SIMPLE = 0, 1399107066aSreyk }; 1409107066aSreyk 1419107066aSreyk enum scope { 1429107066aSreyk LDAP_SCOPE_BASE = 0, 1439107066aSreyk LDAP_SCOPE_ONELEVEL = 1, 1449107066aSreyk LDAP_SCOPE_SUBTREE = 2, 1459107066aSreyk }; 1469107066aSreyk 1479107066aSreyk enum result_code { 1489107066aSreyk LDAP_SUCCESS = 0, 1499107066aSreyk LDAP_OPERATIONS_ERROR = 1, 1509107066aSreyk LDAP_PROTOCOL_ERROR = 2, 1519107066aSreyk LDAP_TIMELIMIT_EXCEEDED = 3, 1529107066aSreyk LDAP_SIZELIMIT_EXCEEDED = 4, 1539107066aSreyk LDAP_COMPARE_FALSE = 5, 1549107066aSreyk LDAP_COMPARE_TRUE = 6, 1559107066aSreyk LDAP_STRONG_AUTH_NOT_SUPPORTED = 7, 1569107066aSreyk LDAP_STRONG_AUTH_REQUIRED = 8, 1579107066aSreyk 1589107066aSreyk LDAP_REFERRAL = 10, 1599107066aSreyk LDAP_ADMINLIMIT_EXCEEDED = 11, 1609107066aSreyk LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12, 1619107066aSreyk LDAP_CONFIDENTIALITY_REQUIRED = 13, 1629107066aSreyk LDAP_SASL_BIND_IN_PROGRESS = 14, 1639107066aSreyk LDAP_NO_SUCH_ATTRIBUTE = 16, 1649107066aSreyk LDAP_UNDEFINED_TYPE = 17, 1659107066aSreyk LDAP_INAPPROPRIATE_MATCHING = 18, 1669107066aSreyk LDAP_CONSTRAINT_VIOLATION = 19, 1679107066aSreyk LDAP_TYPE_OR_VALUE_EXISTS = 20, 1689107066aSreyk LDAP_INVALID_SYNTAX = 21, 1699107066aSreyk 1709107066aSreyk LDAP_NO_SUCH_OBJECT = 32, 1719107066aSreyk LDAP_ALIAS_PROBLEM = 33, 1729107066aSreyk LDAP_INVALID_DN_SYNTAX = 34, 1739107066aSreyk 1749107066aSreyk LDAP_ALIAS_DEREF_PROBLEM = 36, 1759107066aSreyk 1769107066aSreyk LDAP_INAPPROPRIATE_AUTH = 48, 1779107066aSreyk LDAP_INVALID_CREDENTIALS = 49, 1789107066aSreyk LDAP_INSUFFICIENT_ACCESS = 50, 1799107066aSreyk LDAP_BUSY = 51, 1809107066aSreyk LDAP_UNAVAILABLE = 52, 1819107066aSreyk LDAP_UNWILLING_TO_PERFORM = 53, 1829107066aSreyk LDAP_LOOP_DETECT = 54, 1839107066aSreyk 1849107066aSreyk LDAP_NAMING_VIOLATION = 64, 1859107066aSreyk LDAP_OBJECT_CLASS_VIOLATION = 65, 1869107066aSreyk LDAP_NOT_ALLOWED_ON_NONLEAF = 66, 1879107066aSreyk LDAP_NOT_ALLOWED_ON_RDN = 67, 1889107066aSreyk LDAP_ALREADY_EXISTS = 68, 1899107066aSreyk LDAP_NO_OBJECT_CLASS_MODS = 69, 1909107066aSreyk 1919107066aSreyk LDAP_AFFECTS_MULTIPLE_DSAS = 71, 1929107066aSreyk 1939107066aSreyk LDAP_OTHER = 80, 1949107066aSreyk }; 1959107066aSreyk 1969107066aSreyk enum filter { 1979107066aSreyk LDAP_FILT_AND = 0, 1989107066aSreyk LDAP_FILT_OR = 1, 1999107066aSreyk LDAP_FILT_NOT = 2, 2009107066aSreyk LDAP_FILT_EQ = 3, 2019107066aSreyk LDAP_FILT_SUBS = 4, 2029107066aSreyk LDAP_FILT_GE = 5, 2039107066aSreyk LDAP_FILT_LE = 6, 2049107066aSreyk LDAP_FILT_PRES = 7, 2059107066aSreyk LDAP_FILT_APPR = 8, 2069107066aSreyk }; 2079107066aSreyk 2089107066aSreyk enum subfilter { 2099107066aSreyk LDAP_FILT_SUBS_INIT = 0, 2109107066aSreyk LDAP_FILT_SUBS_ANY = 1, 2119107066aSreyk LDAP_FILT_SUBS_FIN = 2, 2129107066aSreyk }; 2139107066aSreyk 2149107066aSreyk struct aldap *aldap_init(int); 2159107066aSreyk int aldap_tls(struct aldap *, struct tls_config *, 2169107066aSreyk const char *); 2179107066aSreyk int aldap_close(struct aldap *); 2189107066aSreyk struct aldap_message *aldap_parse(struct aldap *); 2199107066aSreyk void aldap_freemsg(struct aldap_message *); 2209107066aSreyk 2219107066aSreyk int aldap_req_starttls(struct aldap *); 2229107066aSreyk 2239107066aSreyk int aldap_bind(struct aldap *, char *, char *); 2249107066aSreyk int aldap_unbind(struct aldap *); 2259107066aSreyk int aldap_search(struct aldap *, char *, enum scope, char *, char **, int, int, int, struct aldap_page_control *); 2269107066aSreyk int aldap_get_errno(struct aldap *, const char **); 2279107066aSreyk 2289107066aSreyk int aldap_get_resultcode(struct aldap_message *); 2299107066aSreyk char *aldap_get_dn(struct aldap_message *); 2309107066aSreyk char *aldap_get_diagmsg(struct aldap_message *); 2312f59fca6Smartijn struct aldap_stringset *aldap_get_references(struct aldap_message *); 2329107066aSreyk void aldap_free_references(char **values); 2339107066aSreyk int aldap_parse_url(const char *, struct aldap_url *); 2349107066aSreyk void aldap_free_url(struct aldap_url *); 2359107066aSreyk int aldap_search_url(struct aldap *, char *, int, int, int, 2369107066aSreyk struct aldap_page_control *); 2379107066aSreyk 2389107066aSreyk int aldap_count_attrs(struct aldap_message *); 2392f59fca6Smartijn int aldap_match_attr(struct aldap_message *, char *, 2402f59fca6Smartijn struct aldap_stringset **); 2412f59fca6Smartijn int aldap_first_attr(struct aldap_message *, char **, struct 2422f59fca6Smartijn aldap_stringset **); 2432f59fca6Smartijn int aldap_next_attr(struct aldap_message *, char **, 2442f59fca6Smartijn struct aldap_stringset **); 2452f59fca6Smartijn int aldap_free_attr(struct aldap_stringset *); 2469107066aSreyk 2479107066aSreyk struct aldap_page_control *aldap_parse_page_control(struct ber_element *, size_t len); 2489107066aSreyk void aldap_freepage(struct aldap_page_control *); 249