2 Unix SMB/CIFS Implementation.
3 LDAP protocol helper functions for SAMBA
4 Copyright (C) Volker Lendecke 2004
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "lib/ldb/include/ldb.h"
25 #include "librpc/gen_ndr/misc.h"
27 enum ldap_request_tag {
28 LDAP_TAG_BindRequest = 0,
29 LDAP_TAG_BindResponse = 1,
30 LDAP_TAG_UnbindRequest = 2,
31 LDAP_TAG_SearchRequest = 3,
32 LDAP_TAG_SearchResultEntry = 4,
33 LDAP_TAG_SearchResultDone = 5,
34 LDAP_TAG_ModifyRequest = 6,
35 LDAP_TAG_ModifyResponse = 7,
36 LDAP_TAG_AddRequest = 8,
37 LDAP_TAG_AddResponse = 9,
38 LDAP_TAG_DelRequest = 10,
39 LDAP_TAG_DelResponse = 11,
40 LDAP_TAG_ModifyDNRequest = 12,
41 LDAP_TAG_ModifyDNResponse = 13,
42 LDAP_TAG_CompareRequest = 14,
43 LDAP_TAG_CompareResponse = 15,
44 LDAP_TAG_AbandonRequest = 16,
45 LDAP_TAG_SearchResultReference = 19,
46 LDAP_TAG_ExtendedRequest = 23,
47 LDAP_TAG_ExtendedResponse = 24
50 enum ldap_auth_mechanism {
51 LDAP_AUTH_MECH_SIMPLE = 0,
52 LDAP_AUTH_MECH_SASL = 3
55 enum ldap_result_code {
57 LDAP_OPERATIONS_ERROR = 1,
58 LDAP_PROTOCOL_ERROR = 2,
59 LDAP_TIME_LIMIT_EXCEEDED = 3,
60 LDAP_SIZE_LIMIT_EXCEEDED = 4,
61 LDAP_COMPARE_FALSE = 5,
62 LDAP_COMPARE_TRUE = 6,
63 LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
64 LDAP_STRONG_AUTH_REQUIRED = 8,
66 LDAP_ADMIN_LIMIT_EXCEEDED = 11,
67 LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
68 LDAP_CONFIDENTIALITY_REQUIRED = 13,
69 LDAP_SASL_BIND_IN_PROGRESS = 14,
70 LDAP_NO_SUCH_ATTRIBUTE = 16,
71 LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
72 LDAP_INAPPROPRIATE_MATCHING = 18,
73 LDAP_CONSTRAINT_VIOLATION = 19,
74 LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
75 LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
76 LDAP_NO_SUCH_OBJECT = 32,
77 LDAP_ALIAS_PROBLEM = 33,
78 LDAP_INVALID_DN_SYNTAX = 34,
79 LDAP_ALIAS_DEREFERENCING_PROBLEM = 36,
80 LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
81 LDAP_INVALID_CREDENTIALS = 49,
82 LDAP_INSUFFICIENT_ACCESS_RIGHTS = 50,
84 LDAP_UNAVAILABLE = 52,
85 LDAP_UNWILLING_TO_PERFORM = 53,
86 LDAP_LOOP_DETECT = 54,
87 LDAP_NAMING_VIOLATION = 64,
88 LDAP_OBJECT_CLASS_VIOLATION = 65,
89 LDAP_NOT_ALLOWED_ON_NON_LEAF = 66,
90 LDAP_NOT_ALLOWED_ON_RDN = 67,
91 LDAP_ENTRY_ALREADY_EXISTS = 68,
92 LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
93 LDAP_AFFECTS_MULTIPLE_DSAS = 71,
100 const char *errormessage;
101 const char *referral;
104 struct ldap_BindRequest {
107 enum ldap_auth_mechanism mechanism;
109 const char *password;
111 const char *mechanism;
112 DATA_BLOB *secblob;/* optional */
117 struct ldap_BindResponse {
118 struct ldap_Result response;
120 DATA_BLOB *secblob;/* optional */
124 struct ldap_UnbindRequest {
129 LDAP_SEARCH_SCOPE_BASE = 0,
130 LDAP_SEARCH_SCOPE_SINGLE = 1,
131 LDAP_SEARCH_SCOPE_SUB = 2
135 LDAP_DEREFERENCE_NEVER = 0,
136 LDAP_DEREFERENCE_IN_SEARCHING = 1,
137 LDAP_DEREFERENCE_FINDING_BASE = 2,
138 LDAP_DEREFERENCE_ALWAYS
141 struct ldap_SearchRequest {
143 enum ldap_scope scope;
144 enum ldap_deref deref;
148 struct ldb_parse_tree *tree;
150 const char **attributes;
153 struct ldap_SearchResEntry {
156 struct ldb_message_element *attributes;
159 struct ldap_SearchResRef {
160 const char *referral;
163 enum ldap_modify_type {
164 LDAP_MODIFY_NONE = -1,
166 LDAP_MODIFY_DELETE = 1,
167 LDAP_MODIFY_REPLACE = 2
171 enum ldap_modify_type type;
172 struct ldb_message_element attrib;
175 struct ldap_ModifyRequest {
178 struct ldap_mod *mods;
181 struct ldap_AddRequest {
184 struct ldb_message_element *attributes;
187 struct ldap_DelRequest {
191 struct ldap_ModifyDNRequest {
195 const char *newsuperior;/* optional */
198 struct ldap_CompareRequest {
200 const char *attribute;
204 struct ldap_AbandonRequest {
208 struct ldap_ExtendedRequest {
210 DATA_BLOB *value;/* optional */
213 struct ldap_ExtendedResponse {
214 struct ldap_Result response;
215 const char *oid;/* optional */
216 DATA_BLOB *value;/* optional */
220 struct ldap_Result GeneralResult;
221 struct ldap_BindRequest BindRequest;
222 struct ldap_BindResponse BindResponse;
223 struct ldap_UnbindRequest UnbindRequest;
224 struct ldap_SearchRequest SearchRequest;
225 struct ldap_SearchResEntry SearchResultEntry;
226 struct ldap_Result SearchResultDone;
227 struct ldap_SearchResRef SearchResultReference;
228 struct ldap_ModifyRequest ModifyRequest;
229 struct ldap_Result ModifyResponse;
230 struct ldap_AddRequest AddRequest;
231 struct ldap_Result AddResponse;
232 struct ldap_DelRequest DelRequest;
233 struct ldap_Result DelResponse;
234 struct ldap_ModifyDNRequest ModifyDNRequest;
235 struct ldap_Result ModifyDNResponse;
236 struct ldap_CompareRequest CompareRequest;
237 struct ldap_Result CompareResponse;
238 struct ldap_AbandonRequest AbandonRequest;
239 struct ldap_ExtendedRequest ExtendedRequest;
240 struct ldap_ExtendedResponse ExtendedResponse;
244 struct ldap_message {
246 enum ldap_request_tag type;
247 union ldap_Request r;
248 struct ldb_control **controls;
249 bool *controls_decoded;
252 struct event_context;
253 struct cli_credentials;
257 struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx);
258 NTSTATUS ldap_decode(struct asn1_data *data, struct ldap_message *msg);
259 bool ldap_encode(struct ldap_message *msg, DATA_BLOB *result, TALLOC_CTX *mem_ctx);