2 Unix SMB/CIFS Implementation.
3 LDAP protocol helper functions for SAMBA
4 Copyright (C) Volker Lendecke 2004
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 #include "lib/ldb/include/ldb.h"
26 #include "lib/ldb/include/ldb_parse.h"
28 enum ldap_request_tag {
29 LDAP_TAG_BindRequest = 0,
30 LDAP_TAG_BindResponse = 1,
31 LDAP_TAG_UnbindRequest = 2,
32 LDAP_TAG_SearchRequest = 3,
33 LDAP_TAG_SearchResultEntry = 4,
34 LDAP_TAG_SearchResultDone = 5,
35 LDAP_TAG_ModifyRequest = 6,
36 LDAP_TAG_ModifyResponse = 7,
37 LDAP_TAG_AddRequest = 8,
38 LDAP_TAG_AddResponse = 9,
39 LDAP_TAG_DelRequest = 10,
40 LDAP_TAG_DelResponse = 11,
41 LDAP_TAG_ModifyDNRequest = 12,
42 LDAP_TAG_ModifyDNResponse = 13,
43 LDAP_TAG_CompareRequest = 14,
44 LDAP_TAG_CompareResponse = 15,
45 LDAP_TAG_AbandonRequest = 16,
46 LDAP_TAG_SearchResultReference = 19,
47 LDAP_TAG_ExtendedRequest = 23,
48 LDAP_TAG_ExtendedResponse = 24
51 enum ldap_auth_mechanism {
52 LDAP_AUTH_MECH_SIMPLE = 0,
53 LDAP_AUTH_MECH_SASL = 3
56 enum ldap_result_code {
58 LDAP_OPERATIONS_ERROR = 1,
59 LDAP_PROTOCOL_ERROR = 2,
60 LDAP_TIME_LIMIT_EXCEEDED = 3,
61 LDAP_SIZE_LIMIT_EXCEEDED = 4,
62 LDAP_COMPARE_FALSE = 5,
63 LDAP_COMPARE_TRUE = 6,
64 LDAP_AUTH_METHOD_NOT_SUPPORTED = 7,
65 LDAP_STRONG_AUTH_REQUIRED = 8,
67 LDAP_ADMIN_LIMIT_EXCEEDED = 11,
68 LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 12,
69 LDAP_CONFIDENTIALITY_REQUIRED = 13,
70 LDAP_SASL_BIND_IN_PROGRESS = 14,
71 LDAP_NO_SUCH_ATTRIBUTE = 16,
72 LDAP_UNDEFINED_ATTRIBUTE_TYPE = 17,
73 LDAP_INAPPROPRIATE_MATCHING = 18,
74 LDAP_CONSTRAINT_VIOLATION = 19,
75 LDAP_ATTRIBUTE_OR_VALUE_EXISTS = 20,
76 LDAP_INVALID_ATTRIBUTE_SYNTAX = 21,
77 LDAP_NO_SUCH_OBJECT = 32,
78 LDAP_ALIAS_PROBLEM = 33,
79 LDAP_INVALID_DN_SYNTAX = 34,
80 LDAP_ALIAS_DEREFERENCING_PROBLEM = 36,
81 LDAP_INAPPROPRIATE_AUTHENTICATION = 48,
82 LDAP_INVALID_CREDENTIALS = 49,
83 LDAP_INSUFFICIENT_ACCESS_RIGHTs = 50,
85 LDAP_UNAVAILABLE = 52,
86 LDAP_UNWILLING_TO_PERFORM = 53,
87 LDAP_LOOP_DETECT = 54,
88 LDAP_NAMING_VIOLATION = 64,
89 LDAP_OBJECT_CLASS_VIOLATION = 65,
90 LDAP_NOT_ALLOWED_ON_NON_LEAF = 66,
91 LDAP_NOT_ALLOWED_ON_RDN = 67,
92 LDAP_ENTRY_ALREADY_EXISTS = 68,
93 LDAP_OBJECT_CLASS_MODS_PROHIBITED = 69,
94 LDAP_AFFECTS_MULTIPLE_DSAS = 71,
101 const char *errormessage;
102 const char *referral;
105 struct ldap_attribute {
111 struct ldap_BindRequest {
114 enum ldap_auth_mechanism mechanism;
116 const char *password;
118 const char *mechanism;
124 struct ldap_BindResponse {
125 struct ldap_Result response;
131 struct ldap_UnbindRequest {
136 LDAP_SEARCH_SCOPE_BASE = 0,
137 LDAP_SEARCH_SCOPE_SINGLE = 1,
138 LDAP_SEARCH_SCOPE_SUB = 2
142 LDAP_DEREFERENCE_NEVER = 0,
143 LDAP_DEREFERENCE_IN_SEARCHING = 1,
144 LDAP_DEREFERENCE_FINDING_BASE = 2,
145 LDAP_DEREFERENCE_ALWAYS
148 struct ldap_SearchRequest {
150 enum ldap_scope scope;
151 enum ldap_deref deref;
157 const char **attributes;
160 struct ldap_SearchResEntry {
163 struct ldap_attribute *attributes;
166 struct ldap_SearchResRef {
167 const char *referral;
170 enum ldap_modify_type {
171 LDAP_MODIFY_NONE = -1,
173 LDAP_MODIFY_DELETE = 1,
174 LDAP_MODIFY_REPLACE = 2
178 enum ldap_modify_type type;
179 struct ldap_attribute attrib;
182 struct ldap_ModifyRequest {
185 struct ldap_mod *mods;
188 struct ldap_AddRequest {
191 struct ldap_attribute *attributes;
194 struct ldap_DelRequest {
198 struct ldap_ModifyDNRequest {
202 const char *newsuperior;
205 struct ldap_CompareRequest {
207 const char *attribute;
211 struct ldap_AbandonRequest {
215 struct ldap_ExtendedRequest {
220 struct ldap_ExtendedResponse {
221 struct ldap_Result response;
227 struct ldap_BindRequest BindRequest;
228 struct ldap_BindResponse BindResponse;
229 struct ldap_UnbindRequest UnbindRequest;
230 struct ldap_SearchRequest SearchRequest;
231 struct ldap_SearchResEntry SearchResultEntry;
232 struct ldap_Result SearchResultDone;
233 struct ldap_SearchResRef SearchResultReference;
234 struct ldap_ModifyRequest ModifyRequest;
235 struct ldap_Result ModifyResponse;
236 struct ldap_AddRequest AddRequest;
237 struct ldap_Result AddResponse;
238 struct ldap_DelRequest DelRequest;
239 struct ldap_Result DelResponse;
240 struct ldap_ModifyDNRequest ModifyDNRequest;
241 struct ldap_Result ModifyDNResponse;
242 struct ldap_CompareRequest CompareRequest;
243 struct ldap_Result CompareResponse;
244 struct ldap_AbandonRequest AbandonRequest;
245 struct ldap_ExtendedRequest ExtendedRequest;
246 struct ldap_ExtendedResponse ExtendedResponse;
249 struct ldap_Control {
255 struct ldap_message {
258 enum ldap_request_tag type;
259 union ldap_Request r;
261 struct ldap_Control *controls;
264 struct ldap_queue_entry {
265 struct ldap_queue_entry *next, *prev;
267 struct ldap_message *msg;
270 struct ldap_connection {
279 const char *simple_pw;
281 /* Current outstanding search entry */
284 /* List for incoming search entries */
285 struct ldap_queue_entry *search_entries;
287 /* Outstanding LDAP requests that have not yet been replied to */
288 struct ldap_queue_entry *outstanding;
290 /* Let's support SASL */
291 struct gensec_security *gensec;
294 #define LDAP_CONNECTION_TIMEOUT 10000
296 /* The following definitions come from libcli/ldap/ldap.c */
298 BOOL ldap_encode(struct ldap_message *msg, DATA_BLOB *result);
299 BOOL ldap_decode(struct asn1_data *data, struct ldap_message *msg);
300 BOOL ldap_parse_basic_url(TALLOC_CTX *mem_ctx, const char *url,
301 char **host, uint16_t *port, BOOL *ldaps);
303 /* The following definitions come from libcli/ldap/ldap_client.c */
305 struct ldap_connection *ldap_connect(TALLOC_CTX *mem_ctx, const char *url);
306 struct ldap_message *new_ldap_message(TALLOC_CTX *mem_ctx);
307 BOOL ldap_send_msg(struct ldap_connection *conn, struct ldap_message *msg,
308 const struct timeval *endtime);
309 BOOL ldap_receive_msg(struct ldap_connection *conn, struct ldap_message *msg,
310 const struct timeval *endtime);
311 struct ldap_message *ldap_receive(struct ldap_connection *conn, int msgid,
312 const struct timeval *endtime);
313 struct ldap_message *ldap_transaction(struct ldap_connection *conn,
314 struct ldap_message *request);
315 int ldap_bind_simple(struct ldap_connection *conn, const char *userdn, const char *password);
316 int ldap_bind_sasl(struct ldap_connection *conn, struct cli_credentials *creds);
317 struct ldap_connection *ldap_setup_connection(TALLOC_CTX *mem_ctx, const char *url,
318 const char *userdn, const char *password);
319 struct ldap_connection *ldap_setup_connection_with_sasl(TALLOC_CTX *mem_ctx, const char *url,
320 struct cli_credentials *creds);
321 BOOL ldap_abandon_message(struct ldap_connection *conn, int msgid,
322 const struct timeval *endtime);
323 BOOL ldap_setsearchent(struct ldap_connection *conn, struct ldap_message *msg,
324 const struct timeval *endtime);
325 struct ldap_message *ldap_getsearchent(struct ldap_connection *conn,
326 const struct timeval *endtime);
327 void ldap_endsearchent(struct ldap_connection *conn,
328 const struct timeval *endtime);
329 struct ldap_message *ldap_searchone(struct ldap_connection *conn,
330 struct ldap_message *msg,
331 const struct timeval *endtime);
332 BOOL ldap_find_single_value(struct ldap_message *msg, const char *attr,
334 BOOL ldap_find_single_string(struct ldap_message *msg, const char *attr,
335 TALLOC_CTX *mem_ctx, char **value);
336 BOOL ldap_find_single_int(struct ldap_message *msg, const char *attr,
338 int ldap_error(struct ldap_connection *conn);
339 NTSTATUS ldap2nterror(int ldaperror);
341 /* The following definitions come from libcli/ldap/ldap_ldif.c */
343 BOOL add_value_to_attrib(TALLOC_CTX *mem_ctx, struct ldb_val *value,
344 struct ldap_attribute *attrib);
345 BOOL add_attrib_to_array_talloc(TALLOC_CTX *mem_ctx,
346 const struct ldap_attribute *attrib,
347 struct ldap_attribute **attribs,
349 BOOL add_mod_to_array_talloc(TALLOC_CTX *mem_ctx,
350 struct ldap_mod *mod,
351 struct ldap_mod **mods,
353 struct ldap_message *ldap_ldif2msg(TALLOC_CTX *mem_ctx, const char *s);
355 /* The following definitions come from libcli/ldap/ldap_ndr.c */
357 const char *ldap_encode_ndr_uint32(TALLOC_CTX *mem_ctx, uint32_t value);
358 const char *ldap_encode_ndr_dom_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid);
359 const char *ldap_encode_ndr_GUID(TALLOC_CTX *mem_ctx, struct GUID *guid);
360 NTSTATUS ldap_decode_ndr_GUID(TALLOC_CTX *mem_ctx, struct ldb_val val, struct GUID *guid);