2 Unix SMB/CIFS Implementation.
3 LDAP protocol helper functions for SAMBA
4 Copyright (C) Volker Lendecke 2004
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 enum ldap_request_tag {
26 LDAP_TAG_BindRequest = 0,
27 LDAP_TAG_BindResponse = 1,
28 LDAP_TAG_UnbindRequest = 2,
29 LDAP_TAG_SearchRequest = 3,
30 LDAP_TAG_SearchResultEntry = 4,
31 LDAP_TAG_SearchResultDone = 5,
32 LDAP_TAG_ModifyRequest = 6,
33 LDAP_TAG_ModifyResponse = 7,
34 LDAP_TAG_AddRequest = 8,
35 LDAP_TAG_AddResponse = 9,
36 LDAP_TAG_DelRequest = 10,
37 LDAP_TAG_DelResponse = 11,
38 LDAP_TAG_ModifyDNRequest = 12,
39 LDAP_TAG_ModifyDNResponse = 13,
40 LDAP_TAG_CompareRequest = 14,
41 LDAP_TAG_CompareResponse = 15,
42 LDAP_TAG_AbandonRequest = 16,
43 LDAP_TAG_SearchResultReference = 19,
44 LDAP_TAG_ExtendedRequest = 23,
45 LDAP_TAG_ExtendedResponse = 24
48 enum ldap_auth_mechanism {
49 LDAP_AUTH_MECH_SIMPLE = 0,
50 LDAP_AUTH_MECH_SASL = 3
53 enum ldap_result_code {
55 LDAP_OPERATIONS_ERROR = 1,
56 LDAP_PROTOCOL_ERROR = 2,
57 LDAP_TIME_LIMIT_EXCEEDED = 3,
58 LDAP_SIZE_LIMIT_EXCEEDED = 4,
59 LDAP_COMPARE_FALSE = 5,
60 LDAP_COMPARE_TRUE = 6,
61 LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
62 LDAP_STRONG_AUTH_REQUIRED = 8,
64 LDAP_ADMIN_LIMIT_EXCEEDED = 11,
65 LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
66 LDAP_CONFIDENTIALITY_REQUIRED = 13,
67 LDAP_SASL_BIND_IN_PROGRESS = 14,
68 LDAP_NO_SUCH_ATTRIBUTE = 16,
69 LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
70 LDAP_INAPPROPRIATE_MATCHING = 18,
71 LDAP_CONSTRAINT_VIOLATION = 19,
72 LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
73 LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
74 LDAP_NO_SUCH_OBJECT = 32,
75 LDAP_ALIAS_PROBLEM = 33,
76 LDAP_INVALID_DN_SYNTAX = 34,
77 LDAP_ALIAS_DEREFERENCING_PROBLEM = 36,
78 LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
79 LDAP_INVALID_CREDENTIALS = 49,
80 LDAP_INSUFFICIENT_ACCESS_RIGHTs = 50,
82 LDAP_UNAVAILABLE = 52,
83 LDAP_UNWILLING_TO_PERFORM = 53,
84 LDAP_LOOP_DETECT = 54,
85 LDAP_NAMING_VIOLATION = 64,
86 LDAP_OBJECT_CLASS_VIOLATION = 65,
87 LDAP_NOT_ALLOWED_ON_NON_LEAF = 66,
88 LDAP_NOT_ALLOWED_ON_RDN = 67,
89 LDAP_ENTRY_ALREADY_EXISTS = 68,
90 LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
91 LDAP_AFFECTS_MULTIPLE_DSAS = 71,
98 const char *errormessage;
102 struct ldap_attribute {
108 struct ldap_BindRequest {
111 enum ldap_auth_mechanism mechanism;
113 const char *password;
115 const char *mechanism;
121 struct ldap_BindResponse {
122 struct ldap_Result response;
128 struct ldap_UnbindRequest {
133 LDAP_SEARCH_SCOPE_BASE = 0,
134 LDAP_SEARCH_SCOPE_SINGLE = 1,
135 LDAP_SEARCH_SCOPE_SUB = 2
139 LDAP_DEREFERENCE_NEVER = 0,
140 LDAP_DEREFERENCE_IN_SEARCHING = 1,
141 LDAP_DEREFERENCE_FINDING_BASE = 2,
142 LDAP_DEREFERENCE_ALWAYS
145 struct ldap_SearchRequest {
147 enum ldap_scope scope;
148 enum ldap_deref deref;
154 const char **attributes;
157 struct ldap_SearchResEntry {
160 struct ldap_attribute *attributes;
163 struct ldap_SearchResRef {
165 const char **referrals;
168 enum ldap_modify_type {
169 LDAP_MODIFY_NONE = -1,
171 LDAP_MODIFY_DELETE = 1,
172 LDAP_MODIFY_REPLACE = 2
176 enum ldap_modify_type type;
177 struct ldap_attribute attrib;
180 struct ldap_ModifyRequest {
183 struct ldap_mod *mods;
186 struct ldap_AddRequest {
189 struct ldap_attribute *attributes;
192 struct ldap_DelRequest {
196 struct ldap_ModifyDNRequest {
200 const char *newsuperior;
203 struct ldap_CompareRequest {
205 const char *attribute;
209 struct ldap_AbandonRequest {
213 struct ldap_ExtendedRequest {
218 struct ldap_ExtendedResponse {
219 struct ldap_Result response;
225 struct ldap_BindRequest BindRequest;
226 struct ldap_BindResponse BindResponse;
227 struct ldap_UnbindRequest UnbindRequest;
228 struct ldap_SearchRequest SearchRequest;
229 struct ldap_SearchResEntry SearchResultEntry;
230 struct ldap_Result SearchResultDone;
231 struct ldap_SearchResRef SearchResultReference;
232 struct ldap_ModifyRequest ModifyRequest;
233 struct ldap_Result ModifyResponse;
234 struct ldap_AddRequest AddRequest;
235 struct ldap_Result AddResponse;
236 struct ldap_DelRequest DelRequest;
237 struct ldap_Result DelResponse;
238 struct ldap_ModifyDNRequest ModifyDNRequest;
239 struct ldap_Result ModifyDNResponse;
240 struct ldap_CompareRequest CompareRequest;
241 struct ldap_Result CompareResponse;
242 struct ldap_AbandonRequest AbandonRequest;
243 struct ldap_ExtendedRequest ExtendedRequest;
244 struct ldap_ExtendedResponse ExtendedResponse;
247 struct ldap_Control {
253 struct ldap_message {
257 union ldap_Request r;
259 struct ldap_Control *controls;
262 struct ldap_queue_entry {
263 struct ldap_queue_entry *next, *prev;
265 struct ldap_message *msg;
268 struct ldap_connection {
277 const char *simple_pw;
279 /* Current outstanding search entry */
282 /* List for incoming search entries */
283 struct ldap_queue_entry *search_entries;
285 /* Outstanding LDAP requests that have not yet been replied to */
286 struct ldap_queue_entry *outstanding;
288 /* Let's support SASL */
289 struct gensec_security *gensec;
292 /* Hmm. A blob might be more appropriate here :-) */
299 enum ldap_parse_op {LDAP_OP_SIMPLE, LDAP_OP_AND, LDAP_OP_OR, LDAP_OP_NOT};
301 struct ldap_parse_tree {
302 enum ldap_parse_op operation;
306 struct ldap_val value;
309 unsigned int num_elements;
310 struct ldap_parse_tree **elements;
313 struct ldap_parse_tree *child;
318 #define LDAP_ALL_SEP "()&|=!"
319 #define LDAP_CONNECTION_TIMEOUT 10000