OLD | NEW |
| (Empty) |
1 /* This Source Code Form is subject to the terms of the Mozilla Public | |
2 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
4 | |
5 #include "pkix_pl_ldapt.h" | |
6 | |
7 SEC_ASN1_MKSUB(SEC_AnyTemplate) | |
8 SEC_ASN1_MKSUB(SEC_NullTemplate) | |
9 SEC_ASN1_MKSUB(SEC_OctetStringTemplate) | |
10 | |
11 /* | |
12 * CertificatePair ::= SEQUENCE { | |
13 * forward [0] Certificate OPTIONAL, | |
14 * reverse [1] Certificate OPTIONAL | |
15 * -- at least one of the pair shall be present -- | |
16 * } | |
17 */ | |
18 | |
19 const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = { | |
20 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) }, | |
21 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
22 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0, | |
23 offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) }, | |
24 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
25 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1, | |
26 offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) }, | |
27 { 0 } | |
28 }; | |
29 | |
30 /* | |
31 * BindRequest ::= | |
32 * [APPLICATION 0] SEQUENCE { | |
33 * version INTEGER (1..127), | |
34 * name LDAPDN, | |
35 * authentication CHOICE { | |
36 * simple [0] OCTET STRING, | |
37 * krbv42LDAP [1] OCTET STRING, | |
38 * krbv42DSA [2] OCTET STRING | |
39 * } | |
40 * } | |
41 * | |
42 * LDAPDN ::= LDAPString | |
43 * | |
44 * LDAPString ::= OCTET STRING | |
45 */ | |
46 | |
47 #define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate) | |
48 | |
49 static const SEC_ASN1Template LDAPBindApplTemplate[] = { | |
50 { SEC_ASN1_SEQUENCE, 0, NULL }, | |
51 { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) }, | |
52 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) }, | |
53 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) }, | |
54 { 0 } | |
55 }; | |
56 | |
57 static const SEC_ASN1Template LDAPBindTemplate[] = { | |
58 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0, | |
59 LDAPBindApplTemplate, sizeof (LDAPBind) } | |
60 }; | |
61 | |
62 /* | |
63 * BindResponse ::= [APPLICATION 1] LDAPResult | |
64 * | |
65 * LDAPResult ::= | |
66 * SEQUENCE { | |
67 * resultCode ENUMERATED { | |
68 * success (0), | |
69 * operationsError (1), | |
70 * protocolError (2), | |
71 * timeLimitExceeded (3), | |
72 * sizeLimitExceeded (4), | |
73 * compareFalse (5), | |
74 * compareTrue (6), | |
75 * authMethodNotSupported (7), | |
76 * strongAuthRequired (8), | |
77 * noSuchAttribute (16), | |
78 * undefinedAttributeType (17), | |
79 * inappropriateMatching (18), | |
80 * constraintViolation (19), | |
81 * attributeOrValueExists (20), | |
82 * invalidAttributeSyntax (21), | |
83 * noSuchObject (32), | |
84 * aliasProblem (33), | |
85 * invalidDNSyntax (34), | |
86 * isLeaf (35), | |
87 * aliasDereferencingProblem (36), | |
88 * inappropriateAuthentication (48), | |
89 * invalidCredentials (49), | |
90 * insufficientAccessRights (50), | |
91 * busy (51), | |
92 * unavailable (52), | |
93 * unwillingToPerform (53), | |
94 * loopDetect (54), | |
95 * namingViolation (64), | |
96 * objectClassViolation (65), | |
97 * notAllowedOnNonLeaf (66), | |
98 * notAllowedOnRDN (67), | |
99 * entryAlreadyExists (68), | |
100 * objectClassModsProhibited (69), | |
101 * other (80) | |
102 * }, | |
103 * matchedDN LDAPDN, | |
104 * errorMessage LDAPString | |
105 * } | |
106 */ | |
107 | |
108 static const SEC_ASN1Template LDAPResultTemplate[] = { | |
109 { SEC_ASN1_SEQUENCE, 0, NULL }, | |
110 { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) }, | |
111 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) }, | |
112 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) }, | |
113 { 0 } | |
114 }; | |
115 | |
116 static const SEC_ASN1Template LDAPBindResponseTemplate[] = { | |
117 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0, | |
118 LDAPResultTemplate, sizeof (LDAPBindResponse) } | |
119 }; | |
120 | |
121 /* | |
122 * UnbindRequest ::= [APPLICATION 2] NULL | |
123 */ | |
124 | |
125 static const SEC_ASN1Template LDAPUnbindTemplate[] = { | |
126 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN | | |
127 LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) } | |
128 }; | |
129 | |
130 /* | |
131 * AttributeValueAssertion ::= | |
132 * SEQUENCE { | |
133 * attributeType AttributeType, | |
134 * attributeValue AttributeValue, | |
135 * } | |
136 * | |
137 * AttributeType ::= LDAPString | |
138 * -- text name of the attribute, or dotted | |
139 * -- OID representation | |
140 * | |
141 * AttributeValue ::= OCTET STRING | |
142 */ | |
143 | |
144 #define LDAPAttributeTypeTemplate LDAPStringTemplate | |
145 | |
146 /* | |
147 * SubstringFilter ::= | |
148 * SEQUENCE { | |
149 * type AttributeType, | |
150 * SEQUENCE OF CHOICE { | |
151 * initial [0] LDAPString, | |
152 * any [1] LDAPString, | |
153 * final [2] LDAPString, | |
154 * } | |
155 * } | |
156 */ | |
157 | |
158 #define LDAPSubstringFilterInitialTemplate LDAPStringTemplate | |
159 #define LDAPSubstringFilterAnyTemplate LDAPStringTemplate | |
160 #define LDAPSubstringFilterFinalTemplate LDAPStringTemplate | |
161 | |
162 static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = { | |
163 { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0, | |
164 sizeof (LDAPFilter) }, | |
165 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, | |
166 offsetof(LDAPSubstring, item), | |
167 LDAPSubstringFilterInitialTemplate, | |
168 LDAP_INITIALSUBSTRING_TYPE }, | |
169 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, | |
170 offsetof(LDAPSubstring, item), | |
171 LDAPSubstringFilterAnyTemplate, | |
172 LDAP_ANYSUBSTRING_TYPE }, | |
173 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, | |
174 offsetof(LDAPSubstring, item), | |
175 LDAPSubstringFilterFinalTemplate, | |
176 LDAP_FINALSUBSTRING_TYPE }, | |
177 { 0 } | |
178 }; | |
179 | |
180 /* | |
181 * Filter ::= | |
182 * CHOICE { | |
183 * and [0] SET OF Filter, | |
184 * or [1] SET OF Filter, | |
185 * not [2] Filter, | |
186 * equalityMatch [3] AttributeValueAssertion, | |
187 * substrings [4] SubstringFilter, | |
188 * greaterOrEqual [5] AttributeValueAssertion, | |
189 * lessOrEqual [6] AttributeValueAssertion, | |
190 * present [7] AttributeType, | |
191 * approxMatch [8] AttributeValueAssertion | |
192 } | |
193 */ | |
194 | |
195 static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = { | |
196 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) }, | |
197 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) }, | |
198 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings), | |
199 LDAPSubstringFilterChoiceTemplate }, | |
200 { 0 } | |
201 }; | |
202 | |
203 const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */ | |
204 | |
205 static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = { | |
206 { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate } | |
207 }; | |
208 | |
209 static const SEC_ASN1Template LDAPAVAFilterTemplate[] = { | |
210 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) }, | |
211 { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) }, | |
212 { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) }, | |
213 { 0 } | |
214 }; | |
215 | |
216 static const SEC_ASN1Template LDAPPresentFilterTemplate[] = { | |
217 { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) } | |
218 }; | |
219 | |
220 #define LDAPEqualFilterTemplate LDAPAVAFilterTemplate | |
221 #define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate | |
222 #define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate | |
223 #define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate | |
224 | |
225 const SEC_ASN1Template LDAPFilterTemplate[] = { | |
226 { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) }, | |
227 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
228 LDAP_ANDFILTER_TYPE, | |
229 offsetof(LDAPFilter, filter.andFilter.filters), | |
230 LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE }, | |
231 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
232 LDAP_ORFILTER_TYPE, | |
233 offsetof(LDAPFilter, filter.orFilter.filters), | |
234 LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE }, | |
235 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
236 LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER, | |
237 offsetof(LDAPFilter, filter.notFilter), | |
238 LDAPFilterTemplate, LDAP_NOTFILTER_TYPE }, | |
239 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
240 LDAP_EQUALFILTER_TYPE, | |
241 offsetof(LDAPFilter, filter.equalFilter), | |
242 LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE }, | |
243 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
244 LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter), | |
245 LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE }, | |
246 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
247 LDAP_GREATEROREQUALFILTER_TYPE, | |
248 offsetof(LDAPFilter, filter.greaterOrEqualFilter), | |
249 LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE }, | |
250 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
251 LDAP_LESSOREQUALFILTER_TYPE, | |
252 offsetof(LDAPFilter, filter.lessOrEqualFilter), | |
253 LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE }, | |
254 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
255 LDAP_PRESENTFILTER_TYPE, | |
256 offsetof(LDAPFilter, filter.presentFilter), | |
257 LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE }, | |
258 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | | |
259 LDAP_APPROXMATCHFILTER_TYPE, | |
260 offsetof(LDAPFilter, filter.approxMatchFilter), | |
261 LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE }, | |
262 { 0 } | |
263 }; | |
264 | |
265 /* | |
266 * SearchRequest ::= | |
267 * [APPLICATION 3] SEQUENCE { | |
268 * baseObject LDAPDN, | |
269 * scope ENUMERATED { | |
270 * baseObject (0), | |
271 * singleLevel (1), | |
272 * wholeSubtree (2) | |
273 * }, | |
274 * derefAliases ENUMERATED { | |
275 * neverDerefAliases (0), | |
276 * derefInSearching (1), | |
277 * derefFindingBaseObj (2), | |
278 * alwaysDerefAliases (3) | |
279 * }, | |
280 * sizeLimit INTEGER (0 .. MAXINT), | |
281 * -- value of 0 implies no sizeLimit | |
282 * timeLimit INTEGER (0 .. MAXINT), | |
283 * -- value of 0 implies no timeLimit | |
284 * attrsOnly BOOLEAN, | |
285 * -- TRUE, if only attributes (without values) | |
286 * -- to be returned | |
287 * filter Filter, | |
288 * attributes SEQUENCE OF AttributeType | |
289 * } | |
290 */ | |
291 | |
292 static const SEC_ASN1Template LDAPAttributeTemplate[] = { | |
293 { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) } | |
294 }; | |
295 | |
296 static const SEC_ASN1Template LDAPSearchApplTemplate[] = { | |
297 { SEC_ASN1_SEQUENCE, 0, NULL }, | |
298 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) }, | |
299 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) }, | |
300 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) }, | |
301 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) }, | |
302 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) }, | |
303 { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) }, | |
304 { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate }, | |
305 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTempl
ate }, | |
306 { 0 } | |
307 }; | |
308 | |
309 static const SEC_ASN1Template LDAPSearchTemplate[] = { | |
310 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0, | |
311 LDAPSearchApplTemplate, sizeof (LDAPSearch) } | |
312 }; | |
313 | |
314 /* | |
315 * SearchResponse ::= | |
316 * CHOICE { | |
317 * entry [APPLICATION 4] SEQUENCE { | |
318 * objectName LDAPDN, | |
319 * attributes SEQUENCE OF SEQUENCE { | |
320 * AttributeType, | |
321 * SET OF AttributeValue | |
322 * } | |
323 * } | |
324 * resultCode [APPLICATION 5] LDAPResult | |
325 * } | |
326 */ | |
327 | |
328 static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = { | |
329 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) }, | |
330 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) }, | |
331 { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val), | |
332 LDAPStringTemplate }, | |
333 { 0 } | |
334 }; | |
335 | |
336 static const SEC_ASN1Template LDAPEntryTemplate[] = { | |
337 { SEC_ASN1_SEQUENCE, 0, NULL }, | |
338 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) }, | |
339 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes), | |
340 LDAPSearchResponseAttrTemplate }, | |
341 { 0 } | |
342 }; | |
343 | |
344 static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = { | |
345 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYP
E, 0, | |
346 LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) } | |
347 }; | |
348 | |
349 static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = { | |
350 { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0, | |
351 LDAPResultTemplate, sizeof (LDAPSearchResponseResult) } | |
352 }; | |
353 | |
354 /* | |
355 * AbandonRequest ::= | |
356 * [APPLICATION 16] MessageID | |
357 */ | |
358 | |
359 static const SEC_ASN1Template LDAPAbandonTemplate[] = { | |
360 { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) } | |
361 }; | |
362 | |
363 static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = { | |
364 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0, | |
365 LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) } | |
366 }; | |
367 | |
368 /* | |
369 * LDAPMessage ::= | |
370 * SEQUENCE { | |
371 * messageID MessageID, | |
372 * protocolOp CHOICE { | |
373 * bindRequest BindRequest, | |
374 * bindResponse BindResponse, | |
375 * unbindRequest UnbindRequest, | |
376 * searchRequest SearchRequest, | |
377 * searchResponse SearchResponse, | |
378 * abandonRequest AbandonRequest | |
379 * } | |
380 * } | |
381 * | |
382 * (other choices exist, not shown) | |
383 * | |
384 * MessageID ::= INTEGER (0 .. maxInt) | |
385 */ | |
386 | |
387 static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = { | |
388 { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtoc
olOp) }, | |
389 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg), | |
390 LDAPBindTemplate, LDAP_BIND_TYPE }, | |
391 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg), | |
392 LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE }, | |
393 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg), | |
394 LDAPUnbindTemplate, LDAP_UNBIND_TYPE }, | |
395 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg), | |
396 LDAPSearchTemplate, LDAP_SEARCH_TYPE }, | |
397 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg), | |
398 LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE }, | |
399 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg), | |
400 LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE }, | |
401 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg), | |
402 LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE }, | |
403 { 0 } | |
404 }; | |
405 | |
406 const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = { | |
407 { SEC_ASN1_SEQUENCE, 0, NULL }, | |
408 { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) }, | |
409 { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp), | |
410 LDAPMessageProtocolOpTemplate }, | |
411 { 0 } | |
412 }; | |
413 | |
414 /* This function simply returns the address of the message template. | |
415 * This is necessary for Windows DLLs. | |
416 */ | |
417 SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate) | |
OLD | NEW |