-/*
- Unix SMB/CIFS Implementation.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Volker Lendecke 2004
-
+/*
+ Unix SMB/CIFS implementation.
+ Copyright (C) Andrew Tridgell 2001
+ Copyright (C) Remus Koos 2001
+ Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002
+ Copyright (C) Guenther Deschner 2005
+ Copyright (C) Gerald Carter 2006
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _SMB_LDAP_H
#define _SMB_LDAP_H
-enum ldap_request_tag {
- LDAP_TAG_BindRequest = 0,
- LDAP_TAG_BindResponse = 1,
- LDAP_TAG_UnbindRequest = 2,
- LDAP_TAG_SearchRequest = 3,
- LDAP_TAG_SearchResultEntry = 4,
- LDAP_TAG_SearchResultDone = 5,
- LDAP_TAG_ModifyRequest = 6,
- LDAP_TAG_ModifyResponse = 7,
- LDAP_TAG_AddRequest = 8,
- LDAP_TAG_AddResponse = 9,
- LDAP_TAG_DelRequest = 10,
- LDAP_TAG_DelResponse = 11,
- LDAP_TAG_ModifyDNRequest = 12,
- LDAP_TAG_ModifyDNResponse = 13,
- LDAP_TAG_CompareRequest = 14,
- LDAP_TAG_CompareResponse = 15,
- LDAP_TAG_AbandonRequest = 16,
- LDAP_TAG_SearchResultReference = 19,
- LDAP_TAG_ExtendedRequest = 23,
- LDAP_TAG_ExtendedResponse = 24
-};
-
-enum ldap_auth_mechanism {
- LDAP_AUTH_MECH_SIMPLE = 0,
- LDAP_AUTH_MECH_SASL = 3
-};
-
-#ifndef LDAP_SUCCESS
-enum ldap_result_code {
- LDAP_SUCCESS = 0,
- LDAP_SASL_BIND_IN_PROGRESS = 0x0e,
- LDAP_INVALID_CREDENTIALS = 0x31,
- LDAP_OTHER = 0x50
-};
-#endif /* LDAP_SUCCESS */
-
-struct ldap_Result {
- int resultcode;
- const char *dn;
- const char *errormessage;
- const char *referral;
-};
-
-struct ldap_attribute {
- const char *name;
- int num_values;
- DATA_BLOB *values;
-};
-
-struct ldap_BindRequest {
- int version;
- const char *dn;
- enum ldap_auth_mechanism mechanism;
- union {
- const char *password;
- struct {
- const char *mechanism;
- DATA_BLOB secblob;
- } SASL;
- } creds;
-};
-
-struct ldap_BindResponse {
- struct ldap_Result response;
- union {
- DATA_BLOB secblob;
- } SASL;
-};
-
-struct ldap_UnbindRequest {
- uint8 __dummy;
-};
-
-enum ldap_scope {
- LDAP_SEARCH_SCOPE_BASE = 0,
- LDAP_SEARCH_SCOPE_SINGLE = 1,
- LDAP_SEARCH_SCOPE_SUB = 2
-};
-
-enum ldap_deref {
- LDAP_DEREFERENCE_NEVER = 0,
- LDAP_DEREFERENCE_IN_SEARCHING = 1,
- LDAP_DEREFERENCE_FINDING_BASE = 2,
- LDAP_DEREFERENCE_ALWAYS
-};
-
-struct ldap_SearchRequest {
- const char *basedn;
- enum ldap_scope scope;
- enum ldap_deref deref;
- uint32 timelimit;
- uint32 sizelimit;
- BOOL attributesonly;
- char *filter;
- int num_attributes;
- const char **attributes;
-};
-
-struct ldap_SearchResEntry {
- const char *dn;
- int num_attributes;
- struct ldap_attribute *attributes;
-};
-
-struct ldap_SearchResRef {
- int num_referrals;
- const char **referrals;
-};
-
-enum ldap_modify_type {
- LDAP_MODIFY_NONE = -1,
- LDAP_MODIFY_ADD = 0,
- LDAP_MODIFY_DELETE = 1,
- LDAP_MODIFY_REPLACE = 2
-};
-
-struct ldap_mod {
- enum ldap_modify_type type;
- struct ldap_attribute attrib;
-};
-
-struct ldap_ModifyRequest {
- const char *dn;
- int num_mods;
- struct ldap_mod *mods;
-};
-
-struct ldap_AddRequest {
- const char *dn;
- int num_attributes;
- struct ldap_attribute *attributes;
-};
-
-struct ldap_DelRequest {
- const char *dn;
-};
-
-struct ldap_ModifyDNRequest {
- const char *dn;
- const char *newrdn;
- BOOL deleteolddn;
- const char *newsuperior;
-};
-
-struct ldap_CompareRequest {
- const char *dn;
- const char *attribute;
- const char *value;
-};
-
-struct ldap_AbandonRequest {
- uint32 messageid;
-};
+#if HAVE_LBER_H
+#include <lber.h>
+#if defined(HPUX) && !defined(_LBER_TYPES_H)
+/* Define ber_tag_t and ber_int_t for using
+ * HP LDAP-UX Integration products' LDAP libraries.
+*/
+#ifndef ber_tag_t
+typedef unsigned long ber_tag_t;
+typedef int ber_int_t;
+#endif
+#endif /* defined(HPUX) && !defined(_LBER_TYPES_H) */
+#ifndef LBER_USE_DER
+#define LBER_USE_DER 0x01
+#endif
+#endif /* HAVE_LBER_H */
-struct ldap_ExtendedRequest {
- const char *oid;
- DATA_BLOB value;
-};
+#if HAVE_LDAP_H
+#include <ldap.h>
+#ifndef LDAP_CONST
+#define LDAP_CONST const
+#endif
-struct ldap_ExtendedResponse {
- struct ldap_Result response;
- const char *name;
- DATA_BLOB value;
-};
+#ifdef HAVE_LDAP_PVT_H
+#include <ldap_pvt.h>
+#endif /* HAVE_LDAP_PVT_H */
-union ldap_Request {
- struct ldap_BindRequest BindRequest;
- struct ldap_BindResponse BindResponse;
- struct ldap_UnbindRequest UnbindRequest;
- struct ldap_SearchRequest SearchRequest;
- struct ldap_SearchResEntry SearchResultEntry;
- struct ldap_Result SearchResultDone;
- struct ldap_SearchResRef SearchResultReference;
- struct ldap_ModifyRequest ModifyRequest;
- struct ldap_Result ModifyResponse;
- struct ldap_AddRequest AddRequest;
- struct ldap_Result AddResponse;
- struct ldap_DelRequest DelRequest;
- struct ldap_Result DelResponse;
- struct ldap_ModifyDNRequest ModifyDNRequest;
- struct ldap_Result ModifyDNResponse;
- struct ldap_CompareRequest CompareRequest;
- struct ldap_Result CompareResponse;
- struct ldap_AbandonRequest AbandonRequest;
- struct ldap_ExtendedRequest ExtendedRequest;
- struct ldap_ExtendedResponse ExtendedResponse;
-};
+/* Solaris 8 and maybe other LDAP implementations spell this "..._INPROGRESS": */
+#if defined(LDAP_SASL_BIND_INPROGRESS) && !defined(LDAP_SASL_BIND_IN_PROGRESS)
+#define LDAP_SASL_BIND_IN_PROGRESS LDAP_SASL_BIND_INPROGRESS
+#endif
+/* Solaris 8 defines SSL_LDAP_PORT, not LDAPS_PORT and it only does so if
+ LDAP_SSL is defined - but SSL is not working. We just want the
+ port number! Let's just define LDAPS_PORT correct. */
+#if !defined(LDAPS_PORT)
+#define LDAPS_PORT 636
+#endif
-struct ldap_Control {
- const char *oid;
- BOOL critical;
- DATA_BLOB value;
-};
+#endif /* HAVE_LDAP_H */
-struct ldap_message {
- TALLOC_CTX *mem_ctx;
- uint32 messageid;
- uint8 type;
- union ldap_Request r;
- int num_controls;
- struct ldap_Control *controls;
-};
+#ifndef HAVE_LDAP
+#define LDAP void
+#define LDAPMessage void
+#define LDAPMod void
+#define LDAP_CONST const
+#define LDAPControl void
+struct berval;
+struct ldapsam_privates;
+#endif /* HAVE_LDAP */
-struct ldap_queue_entry {
- struct ldap_queue_entry *next, *prev;
- int msgid;
- struct ldap_message *msg;
-};
+#ifndef LDAP_OPT_SUCCESS
+#define LDAP_OPT_SUCCESS 0
+#endif
-struct ldap_connection {
- TALLOC_CTX *mem_ctx;
- int sock;
- int next_msgid;
- char *host;
- uint16 port;
- BOOL ldaps;
+#define LDAP_DEFAULT_TIMEOUT 15
+#define LDAP_CONNECTION_DEFAULT_TIMEOUT 2
+#define LDAP_PAGE_SIZE 1024
- const char *auth_dn;
- const char *simple_pw;
+#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319"
- /* Current outstanding search entry */
- int searchid;
+/*
+ * Work around versions of the LDAP client libs that don't have the OIDs
+ * defined, or have them defined under the old name.
+ * This functionality is really a factor of the server, not the client
+ *
+ */
- /* List for incoming search entries */
- struct ldap_queue_entry *search_entries;
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)
+#define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD)
+#define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"
+#endif
- /* Outstanding LDAP requests that have not yet been replied to */
- struct ldap_queue_entry *outstanding;
-};
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_EXOP_X_MODIFY_PASSWD_ID
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD_ID)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)
+#endif
+#if defined(LDAP_EXOP_X_MODIFY_PASSWD_NEW) && !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_EXOP_X_MODIFY_PASSWD_NEW
+#elif !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)
+#define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)
#endif
+
+#endif /* _SMB_LDAP_H */