pkix_pl_ldaptemplates.c (17176B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 #include "pkix_pl_ldapt.h" 6 7 SEC_ASN1_MKSUB(SEC_AnyTemplate) 8 SEC_ASN1_MKSUB(SEC_NullTemplate) 9 SEC_ASN1_MKSUB(SEC_OctetStringTemplate) 10 11 /* 12 * CertificatePair ::= SEQUENCE { 13 * forward [0] Certificate OPTIONAL, 14 * reverse [1] Certificate OPTIONAL 15 * -- at least one of the pair shall be present -- 16 * } 17 */ 18 19 const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = { 20 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) }, 21 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 22 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0, 23 offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) }, 24 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 25 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1, 26 offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) }, 27 { 0 } 28 }; 29 30 /* 31 * BindRequest ::= 32 * [APPLICATION 0] SEQUENCE { 33 * version INTEGER (1..127), 34 * name LDAPDN, 35 * authentication CHOICE { 36 * simple [0] OCTET STRING, 37 * krbv42LDAP [1] OCTET STRING, 38 * krbv42DSA [2] OCTET STRING 39 * } 40 * } 41 * 42 * LDAPDN ::= LDAPString 43 * 44 * LDAPString ::= OCTET STRING 45 */ 46 47 #define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate) 48 49 static const SEC_ASN1Template LDAPBindApplTemplate[] = { 50 { SEC_ASN1_SEQUENCE, 0, NULL }, 51 { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) }, 52 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) }, 53 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) }, 54 { 0 } 55 }; 56 57 static const SEC_ASN1Template LDAPBindTemplate[] = { 58 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0, 59 LDAPBindApplTemplate, sizeof (LDAPBind) } 60 }; 61 62 /* 63 * BindResponse ::= [APPLICATION 1] LDAPResult 64 * 65 * LDAPResult ::= 66 * SEQUENCE { 67 * resultCode ENUMERATED { 68 * success (0), 69 * operationsError (1), 70 * protocolError (2), 71 * timeLimitExceeded (3), 72 * sizeLimitExceeded (4), 73 * compareFalse (5), 74 * compareTrue (6), 75 * authMethodNotSupported (7), 76 * strongAuthRequired (8), 77 * noSuchAttribute (16), 78 * undefinedAttributeType (17), 79 * inappropriateMatching (18), 80 * constraintViolation (19), 81 * attributeOrValueExists (20), 82 * invalidAttributeSyntax (21), 83 * noSuchObject (32), 84 * aliasProblem (33), 85 * invalidDNSyntax (34), 86 * isLeaf (35), 87 * aliasDereferencingProblem (36), 88 * inappropriateAuthentication (48), 89 * invalidCredentials (49), 90 * insufficientAccessRights (50), 91 * busy (51), 92 * unavailable (52), 93 * unwillingToPerform (53), 94 * loopDetect (54), 95 * namingViolation (64), 96 * objectClassViolation (65), 97 * notAllowedOnNonLeaf (66), 98 * notAllowedOnRDN (67), 99 * entryAlreadyExists (68), 100 * objectClassModsProhibited (69), 101 * other (80) 102 * }, 103 * matchedDN LDAPDN, 104 * errorMessage LDAPString 105 * } 106 */ 107 108 static const SEC_ASN1Template LDAPResultTemplate[] = { 109 { SEC_ASN1_SEQUENCE, 0, NULL }, 110 { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) }, 111 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) }, 112 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) }, 113 { 0 } 114 }; 115 116 static const SEC_ASN1Template LDAPBindResponseTemplate[] = { 117 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0, 118 LDAPResultTemplate, sizeof (LDAPBindResponse) } 119 }; 120 121 /* 122 * UnbindRequest ::= [APPLICATION 2] NULL 123 */ 124 125 static const SEC_ASN1Template LDAPUnbindTemplate[] = { 126 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN | 127 LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) } 128 }; 129 130 /* 131 * AttributeValueAssertion ::= 132 * SEQUENCE { 133 * attributeType AttributeType, 134 * attributeValue AttributeValue, 135 * } 136 * 137 * AttributeType ::= LDAPString 138 * -- text name of the attribute, or dotted 139 * -- OID representation 140 * 141 * AttributeValue ::= OCTET STRING 142 */ 143 144 #define LDAPAttributeTypeTemplate LDAPStringTemplate 145 146 /* 147 * SubstringFilter ::= 148 * SEQUENCE { 149 * type AttributeType, 150 * SEQUENCE OF CHOICE { 151 * initial [0] LDAPString, 152 * any [1] LDAPString, 153 * final [2] LDAPString, 154 * } 155 * } 156 */ 157 158 #define LDAPSubstringFilterInitialTemplate LDAPStringTemplate 159 #define LDAPSubstringFilterAnyTemplate LDAPStringTemplate 160 #define LDAPSubstringFilterFinalTemplate LDAPStringTemplate 161 162 static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = { 163 { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0, 164 sizeof (LDAPFilter) }, 165 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, 166 offsetof(LDAPSubstring, item), 167 LDAPSubstringFilterInitialTemplate, 168 LDAP_INITIALSUBSTRING_TYPE }, 169 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, 170 offsetof(LDAPSubstring, item), 171 LDAPSubstringFilterAnyTemplate, 172 LDAP_ANYSUBSTRING_TYPE }, 173 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, 174 offsetof(LDAPSubstring, item), 175 LDAPSubstringFilterFinalTemplate, 176 LDAP_FINALSUBSTRING_TYPE }, 177 { 0 } 178 }; 179 180 /* 181 * Filter ::= 182 * CHOICE { 183 * and [0] SET OF Filter, 184 * or [1] SET OF Filter, 185 * not [2] Filter, 186 * equalityMatch [3] AttributeValueAssertion, 187 * substrings [4] SubstringFilter, 188 * greaterOrEqual [5] AttributeValueAssertion, 189 * lessOrEqual [6] AttributeValueAssertion, 190 * present [7] AttributeType, 191 * approxMatch [8] AttributeValueAssertion 192 } 193 */ 194 195 static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = { 196 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) }, 197 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) }, 198 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings), 199 LDAPSubstringFilterChoiceTemplate }, 200 { 0 } 201 }; 202 203 const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */ 204 205 static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = { 206 { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate } 207 }; 208 209 static const SEC_ASN1Template LDAPAVAFilterTemplate[] = { 210 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) }, 211 { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) }, 212 { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) }, 213 { 0 } 214 }; 215 216 static const SEC_ASN1Template LDAPPresentFilterTemplate[] = { 217 { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) } 218 }; 219 220 #define LDAPEqualFilterTemplate LDAPAVAFilterTemplate 221 #define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate 222 #define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate 223 #define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate 224 225 const SEC_ASN1Template LDAPFilterTemplate[] = { 226 { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) }, 227 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 228 LDAP_ANDFILTER_TYPE, 229 offsetof(LDAPFilter, filter.andFilter.filters), 230 LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE }, 231 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 232 LDAP_ORFILTER_TYPE, 233 offsetof(LDAPFilter, filter.orFilter.filters), 234 LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE }, 235 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 236 LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER, 237 offsetof(LDAPFilter, filter.notFilter), 238 LDAPFilterTemplate, LDAP_NOTFILTER_TYPE }, 239 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 240 LDAP_EQUALFILTER_TYPE, 241 offsetof(LDAPFilter, filter.equalFilter), 242 LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE }, 243 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 244 LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter), 245 LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE }, 246 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 247 LDAP_GREATEROREQUALFILTER_TYPE, 248 offsetof(LDAPFilter, filter.greaterOrEqualFilter), 249 LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE }, 250 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 251 LDAP_LESSOREQUALFILTER_TYPE, 252 offsetof(LDAPFilter, filter.lessOrEqualFilter), 253 LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE }, 254 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 255 LDAP_PRESENTFILTER_TYPE, 256 offsetof(LDAPFilter, filter.presentFilter), 257 LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE }, 258 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | 259 LDAP_APPROXMATCHFILTER_TYPE, 260 offsetof(LDAPFilter, filter.approxMatchFilter), 261 LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE }, 262 { 0 } 263 }; 264 265 /* 266 * SearchRequest ::= 267 * [APPLICATION 3] SEQUENCE { 268 * baseObject LDAPDN, 269 * scope ENUMERATED { 270 * baseObject (0), 271 * singleLevel (1), 272 * wholeSubtree (2) 273 * }, 274 * derefAliases ENUMERATED { 275 * neverDerefAliases (0), 276 * derefInSearching (1), 277 * derefFindingBaseObj (2), 278 * alwaysDerefAliases (3) 279 * }, 280 * sizeLimit INTEGER (0 .. MAXINT), 281 * -- value of 0 implies no sizeLimit 282 * timeLimit INTEGER (0 .. MAXINT), 283 * -- value of 0 implies no timeLimit 284 * attrsOnly BOOLEAN, 285 * -- TRUE, if only attributes (without values) 286 * -- to be returned 287 * filter Filter, 288 * attributes SEQUENCE OF AttributeType 289 * } 290 */ 291 292 static const SEC_ASN1Template LDAPAttributeTemplate[] = { 293 { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) } 294 }; 295 296 static const SEC_ASN1Template LDAPSearchApplTemplate[] = { 297 { SEC_ASN1_SEQUENCE, 0, NULL }, 298 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) }, 299 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) }, 300 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) }, 301 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) }, 302 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) }, 303 { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) }, 304 { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate }, 305 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate }, 306 { 0 } 307 }; 308 309 static const SEC_ASN1Template LDAPSearchTemplate[] = { 310 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0, 311 LDAPSearchApplTemplate, sizeof (LDAPSearch) } 312 }; 313 314 /* 315 * SearchResponse ::= 316 * CHOICE { 317 * entry [APPLICATION 4] SEQUENCE { 318 * objectName LDAPDN, 319 * attributes SEQUENCE OF SEQUENCE { 320 * AttributeType, 321 * SET OF AttributeValue 322 * } 323 * } 324 * resultCode [APPLICATION 5] LDAPResult 325 * } 326 */ 327 328 static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = { 329 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) }, 330 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) }, 331 { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val), 332 LDAPStringTemplate }, 333 { 0 } 334 }; 335 336 static const SEC_ASN1Template LDAPEntryTemplate[] = { 337 { SEC_ASN1_SEQUENCE, 0, NULL }, 338 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) }, 339 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes), 340 LDAPSearchResponseAttrTemplate }, 341 { 0 } 342 }; 343 344 static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = { 345 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0, 346 LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) } 347 }; 348 349 static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = { 350 { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0, 351 LDAPResultTemplate, sizeof (LDAPSearchResponseResult) } 352 }; 353 354 /* 355 * AbandonRequest ::= 356 * [APPLICATION 16] MessageID 357 */ 358 359 static const SEC_ASN1Template LDAPAbandonTemplate[] = { 360 { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) } 361 }; 362 363 static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = { 364 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0, 365 LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) } 366 }; 367 368 /* 369 * LDAPMessage ::= 370 * SEQUENCE { 371 * messageID MessageID, 372 * protocolOp CHOICE { 373 * bindRequest BindRequest, 374 * bindResponse BindResponse, 375 * unbindRequest UnbindRequest, 376 * searchRequest SearchRequest, 377 * searchResponse SearchResponse, 378 * abandonRequest AbandonRequest 379 * } 380 * } 381 * 382 * (other choices exist, not shown) 383 * 384 * MessageID ::= INTEGER (0 .. maxInt) 385 */ 386 387 static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = { 388 { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) }, 389 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg), 390 LDAPBindTemplate, LDAP_BIND_TYPE }, 391 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg), 392 LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE }, 393 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg), 394 LDAPUnbindTemplate, LDAP_UNBIND_TYPE }, 395 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg), 396 LDAPSearchTemplate, LDAP_SEARCH_TYPE }, 397 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg), 398 LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE }, 399 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg), 400 LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE }, 401 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg), 402 LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE }, 403 { 0 } 404 }; 405 406 const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = { 407 { SEC_ASN1_SEQUENCE, 0, NULL }, 408 { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) }, 409 { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp), 410 LDAPMessageProtocolOpTemplate }, 411 { 0 } 412 }; 413 414 /* This function simply returns the address of the message template. 415 * This is necessary for Windows DLLs. 416 */ 417 SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)