search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
nss: import at 3.0.1 beta 1
[mozilla-nss.git] / security / nss / lib / libpkix / pkix_pl_nss / module / pkix_pl_ldaptemplates.c
blobabd9fcb513c07a1ce2dd0b7ca0e1c227814c3226
1 /*
2 * ***** BEGIN LICENSE BLOCK *****
3 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
4 *
5 * The contents of this file are subject to the Mozilla Public License Version
6 * 1.1 (the "License"); you may not use this file except in compliance with
7 * the License. You may obtain a copy of the License at
8 * http://www.mozilla.org/MPL/
9 *
10 * Software distributed under the License is distributed on an "AS IS" basis,
11 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
12 * for the specific language governing rights and limitations under the
13 * License.
14 *
15 * The Original Code is the PKIX-C library.
16 *
17 * The Initial Developer of the Original Code is
18 * Sun Microsystems, Inc.
19 * Portions created by the Initial Developer are
20 * Copyright 2004-2007 Sun Microsystems, Inc. All Rights Reserved.
21 *
22 * Contributor(s):
23 * Sun Microsystems, Inc.
24 *
25 * Alternatively, the contents of this file may be used under the terms of
26 * either the GNU General Public License Version 2 or later (the "GPL"), or
27 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
28 * in which case the provisions of the GPL or the LGPL are applicable instead
29 * of those above. If you wish to allow use of your version of this file only
30 * under the terms of either the GPL or the LGPL, and not to allow others to
31 * use your version of this file under the terms of the MPL, indicate your
32 * decision by deleting the provisions above and replace them with the notice
33 * and other provisions required by the GPL or the LGPL. If you do not delete
34 * the provisions above, a recipient may use your version of this file under
35 * the terms of any one of the MPL, the GPL or the LGPL.
36 *
37 * ***** END LICENSE BLOCK ***** */
38
39 #include "pkix_pl_ldapt.h"
40
41 SEC_ASN1_MKSUB(SEC_AnyTemplate)
42 SEC_ASN1_MKSUB(SEC_NullTemplate)
43 SEC_ASN1_MKSUB(SEC_OctetStringTemplate)
44
45 /*
46 * CertificatePair ::= SEQUENCE {
47 * forward [0] Certificate OPTIONAL,
48 * reverse [1] Certificate OPTIONAL
49 * -- at least one of the pair shall be present --
50 * }
51 */
52
53 const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = {
54 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) },
55 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
56 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0,
57 offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) },
58 { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
59 SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1,
60 offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) },
61 { 0 }
62 };
63
64 /*
65 * BindRequest ::=
66 * [APPLICATION 0] SEQUENCE {
67 * version INTEGER (1..127),
68 * name LDAPDN,
69 * authentication CHOICE {
70 * simple [0] OCTET STRING,
71 * krbv42LDAP [1] OCTET STRING,
72 * krbv42DSA [2] OCTET STRING
73 * }
74 * }
75 *
76 * LDAPDN ::= LDAPString
77 *
78 * LDAPString ::= OCTET STRING
79 */
80
81 #define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate)
82
83 static const SEC_ASN1Template LDAPBindApplTemplate[] = {
84 { SEC_ASN1_SEQUENCE, 0, NULL },
85 { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) },
86 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) },
87 { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) },
88 { 0 }
89 };
90
91 static const SEC_ASN1Template LDAPBindTemplate[] = {
92 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0,
93 LDAPBindApplTemplate, sizeof (LDAPBind) }
94 };
95
96 /*
97 * BindResponse ::= [APPLICATION 1] LDAPResult
98 *
99 * LDAPResult ::=
100 * SEQUENCE {
101 * resultCode ENUMERATED {
102 * success (0),
103 * operationsError (1),
104 * protocolError (2),
105 * timeLimitExceeded (3),
106 * sizeLimitExceeded (4),
107 * compareFalse (5),
108 * compareTrue (6),
109 * authMethodNotSupported (7),
110 * strongAuthRequired (8),
111 * noSuchAttribute (16),
112 * undefinedAttributeType (17),
113 * inappropriateMatching (18),
114 * constraintViolation (19),
115 * attributeOrValueExists (20),
116 * invalidAttributeSyntax (21),
117 * noSuchObject (32),
118 * aliasProblem (33),
119 * invalidDNSyntax (34),
120 * isLeaf (35),
121 * aliasDereferencingProblem (36),
122 * inappropriateAuthentication (48),
123 * invalidCredentials (49),
124 * insufficientAccessRights (50),
125 * busy (51),
126 * unavailable (52),
127 * unwillingToPerform (53),
128 * loopDetect (54),
129 * namingViolation (64),
130 * objectClassViolation (65),
131 * notAllowedOnNonLeaf (66),
132 * notAllowedOnRDN (67),
133 * entryAlreadyExists (68),
134 * objectClassModsProhibited (69),
135 * other (80)
136 * },
137 * matchedDN LDAPDN,
138 * errorMessage LDAPString
139 * }
140 */
141
142 static const SEC_ASN1Template LDAPResultTemplate[] = {
143 { SEC_ASN1_SEQUENCE, 0, NULL },
144 { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) },
145 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) },
146 { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) },
147 { 0 }
148 };
149
150 static const SEC_ASN1Template LDAPBindResponseTemplate[] = {
151 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0,
152 LDAPResultTemplate, sizeof (LDAPBindResponse) }
153 };
154
155 /*
156 * UnbindRequest ::= [APPLICATION 2] NULL
157 */
158
159 static const SEC_ASN1Template LDAPUnbindTemplate[] = {
160 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN |
161 LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) }
162 };
163
164 /*
165 * AttributeValueAssertion ::=
166 * SEQUENCE {
167 * attributeType AttributeType,
168 * attributeValue AttributeValue,
169 * }
170 *
171 * AttributeType ::= LDAPString
172 * -- text name of the attribute, or dotted
173 * -- OID representation
174 *
175 * AttributeValue ::= OCTET STRING
176 */
177
178 #define LDAPAttributeTypeTemplate LDAPStringTemplate
179
180 /*
181 * SubstringFilter ::=
182 * SEQUENCE {
183 * type AttributeType,
184 * SEQUENCE OF CHOICE {
185 * initial [0] LDAPString,
186 * any [1] LDAPString,
187 * final [2] LDAPString,
188 * }
189 * }
190 */
191
192 #define LDAPSubstringFilterInitialTemplate LDAPStringTemplate
193 #define LDAPSubstringFilterAnyTemplate LDAPStringTemplate
194 #define LDAPSubstringFilterFinalTemplate LDAPStringTemplate
195
196 static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = {
197 { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0,
198 sizeof (LDAPFilter) },
199 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0,
200 offsetof(LDAPSubstring, item),
201 LDAPSubstringFilterInitialTemplate,
202 LDAP_INITIALSUBSTRING_TYPE },
203 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1,
204 offsetof(LDAPSubstring, item),
205 LDAPSubstringFilterAnyTemplate,
206 LDAP_ANYSUBSTRING_TYPE },
207 { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2,
208 offsetof(LDAPSubstring, item),
209 LDAPSubstringFilterFinalTemplate,
210 LDAP_FINALSUBSTRING_TYPE },
211 { 0 }
212 };
213
214 /*
215 * Filter ::=
216 * CHOICE {
217 * and [0] SET OF Filter,
218 * or [1] SET OF Filter,
219 * not [2] Filter,
220 * equalityMatch [3] AttributeValueAssertion,
221 * substrings [4] SubstringFilter,
222 * greaterOrEqual [5] AttributeValueAssertion,
223 * lessOrEqual [6] AttributeValueAssertion,
224 * present [7] AttributeType,
225 * approxMatch [8] AttributeValueAssertion
226 }
227 */
228
229 static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = {
230 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) },
231 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) },
232 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings),
233 LDAPSubstringFilterChoiceTemplate },
234 { 0 }
235 };
236
237 const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */
238
239 static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = {
240 { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate }
241 };
242
243 static const SEC_ASN1Template LDAPAVAFilterTemplate[] = {
244 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) },
245 { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) },
246 { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) },
247 { 0 }
248 };
249
250 static const SEC_ASN1Template LDAPPresentFilterTemplate[] = {
251 { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) }
252 };
253
254 #define LDAPEqualFilterTemplate LDAPAVAFilterTemplate
255 #define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate
256 #define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate
257 #define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate
258
259 const SEC_ASN1Template LDAPFilterTemplate[] = {
260 { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) },
261 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
262 LDAP_ANDFILTER_TYPE,
263 offsetof(LDAPFilter, filter.andFilter.filters),
264 LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE },
265 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
266 LDAP_ORFILTER_TYPE,
267 offsetof(LDAPFilter, filter.orFilter.filters),
268 LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE },
269 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
270 LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER,
271 offsetof(LDAPFilter, filter.notFilter),
272 LDAPFilterTemplate, LDAP_NOTFILTER_TYPE },
273 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
274 LDAP_EQUALFILTER_TYPE,
275 offsetof(LDAPFilter, filter.equalFilter),
276 LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE },
277 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
278 LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter),
279 LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE },
280 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
281 LDAP_GREATEROREQUALFILTER_TYPE,
282 offsetof(LDAPFilter, filter.greaterOrEqualFilter),
283 LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE },
284 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
285 LDAP_LESSOREQUALFILTER_TYPE,
286 offsetof(LDAPFilter, filter.lessOrEqualFilter),
287 LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE },
288 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
289 LDAP_PRESENTFILTER_TYPE,
290 offsetof(LDAPFilter, filter.presentFilter),
291 LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE },
292 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC |
293 LDAP_APPROXMATCHFILTER_TYPE,
294 offsetof(LDAPFilter, filter.approxMatchFilter),
295 LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE },
296 { 0 }
297 };
298
299 /*
300 * SearchRequest ::=
301 * [APPLICATION 3] SEQUENCE {
302 * baseObject LDAPDN,
303 * scope ENUMERATED {
304 * baseObject (0),
305 * singleLevel (1),
306 * wholeSubtree (2)
307 * },
308 * derefAliases ENUMERATED {
309 * neverDerefAliases (0),
310 * derefInSearching (1),
311 * derefFindingBaseObj (2),
312 * alwaysDerefAliases (3)
313 * },
314 * sizeLimit INTEGER (0 .. MAXINT),
315 * -- value of 0 implies no sizeLimit
316 * timeLimit INTEGER (0 .. MAXINT),
317 * -- value of 0 implies no timeLimit
318 * attrsOnly BOOLEAN,
319 * -- TRUE, if only attributes (without values)
320 * -- to be returned
321 * filter Filter,
322 * attributes SEQUENCE OF AttributeType
323 * }
324 */
325
326 static const SEC_ASN1Template LDAPAttributeTemplate[] = {
327 { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) }
328 };
329
330 static const SEC_ASN1Template LDAPSearchApplTemplate[] = {
331 { SEC_ASN1_SEQUENCE, 0, NULL },
332 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) },
333 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) },
334 { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) },
335 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) },
336 { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) },
337 { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) },
338 { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate },
339 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate },
340 { 0 }
341 };
342
343 static const SEC_ASN1Template LDAPSearchTemplate[] = {
344 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0,
345 LDAPSearchApplTemplate, sizeof (LDAPSearch) }
346 };
347
348 /*
349 * SearchResponse ::=
350 * CHOICE {
351 * entry [APPLICATION 4] SEQUENCE {
352 * objectName LDAPDN,
353 * attributes SEQUENCE OF SEQUENCE {
354 * AttributeType,
355 * SET OF AttributeValue
356 * }
357 * }
358 * resultCode [APPLICATION 5] LDAPResult
359 * }
360 */
361
362 static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = {
363 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) },
364 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) },
365 { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val),
366 LDAPStringTemplate },
367 { 0 }
368 };
369
370 static const SEC_ASN1Template LDAPEntryTemplate[] = {
371 { SEC_ASN1_SEQUENCE, 0, NULL },
372 { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) },
373 { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes),
374 LDAPSearchResponseAttrTemplate },
375 { 0 }
376 };
377
378 static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = {
379 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0,
380 LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) }
381 };
382
383 static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = {
384 { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0,
385 LDAPResultTemplate, sizeof (LDAPSearchResponseResult) }
386 };
387
388 /*
389 * AbandonRequest ::=
390 * [APPLICATION 16] MessageID
391 */
392
393 static const SEC_ASN1Template LDAPAbandonTemplate[] = {
394 { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) }
395 };
396
397 static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = {
398 { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0,
399 LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) }
400 };
401
402 /*
403 * LDAPMessage ::=
404 * SEQUENCE {
405 * messageID MessageID,
406 * protocolOp CHOICE {
407 * bindRequest BindRequest,
408 * bindResponse BindResponse,
409 * unbindRequest UnbindRequest,
410 * searchRequest SearchRequest,
411 * searchResponse SearchResponse,
412 * abandonRequest AbandonRequest
413 * }
414 * }
415 *
416 * (other choices exist, not shown)
417 *
418 * MessageID ::= INTEGER (0 .. maxInt)
419 */
420
421 static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = {
422 { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) },
423 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg),
424 LDAPBindTemplate, LDAP_BIND_TYPE },
425 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg),
426 LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE },
427 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg),
428 LDAPUnbindTemplate, LDAP_UNBIND_TYPE },
429 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg),
430 LDAPSearchTemplate, LDAP_SEARCH_TYPE },
431 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg),
432 LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE },
433 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg),
434 LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE },
435 { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg),
436 LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE },
437 { 0 }
438 };
439
440 const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = {
441 { SEC_ASN1_SEQUENCE, 0, NULL },
442 { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) },
443 { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp),
444 LDAPMessageProtocolOpTemplate },
445 { 0 }
446 };
447
448 /* This function simply returns the address of the message template.
449 * This is necessary for Windows DLLs.
450 */
451 SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)
Mozilla NSS module