diff options
Diffstat (limited to 'security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c')
| -rw-r--r-- | security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c | 417 |
1 files changed, 417 insertions, 0 deletions
diff --git a/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c new file mode 100644 index 000000000..ecb681929 --- /dev/null +++ b/security/nss/lib/libpkix/pkix_pl_nss/module/pkix_pl_ldaptemplates.c @@ -0,0 +1,417 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "pkix_pl_ldapt.h" + +SEC_ASN1_MKSUB(SEC_AnyTemplate) +SEC_ASN1_MKSUB(SEC_NullTemplate) +SEC_ASN1_MKSUB(SEC_OctetStringTemplate) + +/* + * CertificatePair ::= SEQUENCE { + * forward [0] Certificate OPTIONAL, + * reverse [1] Certificate OPTIONAL + * -- at least one of the pair shall be present -- + * } + */ + +const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0, + offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) }, + { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1, + offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) }, + { 0 } +}; + +/* + * BindRequest ::= + * [APPLICATION 0] SEQUENCE { + * version INTEGER (1..127), + * name LDAPDN, + * authentication CHOICE { + * simple [0] OCTET STRING, + * krbv42LDAP [1] OCTET STRING, + * krbv42DSA [2] OCTET STRING + * } + * } + * + * LDAPDN ::= LDAPString + * + * LDAPString ::= OCTET STRING + */ + +#define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate) + +static const SEC_ASN1Template LDAPBindApplTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL }, + { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) }, + { 0 } +}; + +static const SEC_ASN1Template LDAPBindTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0, + LDAPBindApplTemplate, sizeof (LDAPBind) } +}; + +/* + * BindResponse ::= [APPLICATION 1] LDAPResult + * + * LDAPResult ::= + * SEQUENCE { + * resultCode ENUMERATED { + * success (0), + * operationsError (1), + * protocolError (2), + * timeLimitExceeded (3), + * sizeLimitExceeded (4), + * compareFalse (5), + * compareTrue (6), + * authMethodNotSupported (7), + * strongAuthRequired (8), + * noSuchAttribute (16), + * undefinedAttributeType (17), + * inappropriateMatching (18), + * constraintViolation (19), + * attributeOrValueExists (20), + * invalidAttributeSyntax (21), + * noSuchObject (32), + * aliasProblem (33), + * invalidDNSyntax (34), + * isLeaf (35), + * aliasDereferencingProblem (36), + * inappropriateAuthentication (48), + * invalidCredentials (49), + * insufficientAccessRights (50), + * busy (51), + * unavailable (52), + * unwillingToPerform (53), + * loopDetect (54), + * namingViolation (64), + * objectClassViolation (65), + * notAllowedOnNonLeaf (66), + * notAllowedOnRDN (67), + * entryAlreadyExists (68), + * objectClassModsProhibited (69), + * other (80) + * }, + * matchedDN LDAPDN, + * errorMessage LDAPString + * } + */ + +static const SEC_ASN1Template LDAPResultTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL }, + { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) }, + { 0 } +}; + +static const SEC_ASN1Template LDAPBindResponseTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0, + LDAPResultTemplate, sizeof (LDAPBindResponse) } +}; + +/* + * UnbindRequest ::= [APPLICATION 2] NULL + */ + +static const SEC_ASN1Template LDAPUnbindTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN | + LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) } +}; + +/* + * AttributeValueAssertion ::= + * SEQUENCE { + * attributeType AttributeType, + * attributeValue AttributeValue, + * } + * + * AttributeType ::= LDAPString + * -- text name of the attribute, or dotted + * -- OID representation + * + * AttributeValue ::= OCTET STRING + */ + +#define LDAPAttributeTypeTemplate LDAPStringTemplate + +/* + * SubstringFilter ::= + * SEQUENCE { + * type AttributeType, + * SEQUENCE OF CHOICE { + * initial [0] LDAPString, + * any [1] LDAPString, + * final [2] LDAPString, + * } + * } + */ + +#define LDAPSubstringFilterInitialTemplate LDAPStringTemplate +#define LDAPSubstringFilterAnyTemplate LDAPStringTemplate +#define LDAPSubstringFilterFinalTemplate LDAPStringTemplate + +static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = { + { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0, + sizeof (LDAPFilter) }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, + offsetof(LDAPSubstring, item), + LDAPSubstringFilterInitialTemplate, + LDAP_INITIALSUBSTRING_TYPE }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, + offsetof(LDAPSubstring, item), + LDAPSubstringFilterAnyTemplate, + LDAP_ANYSUBSTRING_TYPE }, + { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, + offsetof(LDAPSubstring, item), + LDAPSubstringFilterFinalTemplate, + LDAP_FINALSUBSTRING_TYPE }, + { 0 } +}; + +/* + * Filter ::= + * CHOICE { + * and [0] SET OF Filter, + * or [1] SET OF Filter, + * not [2] Filter, + * equalityMatch [3] AttributeValueAssertion, + * substrings [4] SubstringFilter, + * greaterOrEqual [5] AttributeValueAssertion, + * lessOrEqual [6] AttributeValueAssertion, + * present [7] AttributeType, + * approxMatch [8] AttributeValueAssertion + } + */ + +static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) }, + { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings), + LDAPSubstringFilterChoiceTemplate }, + { 0 } +}; + +const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */ + +static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = { + { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate } +}; + +static const SEC_ASN1Template LDAPAVAFilterTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) }, + { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) }, + { 0 } +}; + +static const SEC_ASN1Template LDAPPresentFilterTemplate[] = { + { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) } +}; + +#define LDAPEqualFilterTemplate LDAPAVAFilterTemplate +#define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate +#define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate +#define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate + +const SEC_ASN1Template LDAPFilterTemplate[] = { + { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_ANDFILTER_TYPE, + offsetof(LDAPFilter, filter.andFilter.filters), + LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_ORFILTER_TYPE, + offsetof(LDAPFilter, filter.orFilter.filters), + LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER, + offsetof(LDAPFilter, filter.notFilter), + LDAPFilterTemplate, LDAP_NOTFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_EQUALFILTER_TYPE, + offsetof(LDAPFilter, filter.equalFilter), + LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter), + LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_GREATEROREQUALFILTER_TYPE, + offsetof(LDAPFilter, filter.greaterOrEqualFilter), + LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_LESSOREQUALFILTER_TYPE, + offsetof(LDAPFilter, filter.lessOrEqualFilter), + LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_PRESENTFILTER_TYPE, + offsetof(LDAPFilter, filter.presentFilter), + LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE }, + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | + LDAP_APPROXMATCHFILTER_TYPE, + offsetof(LDAPFilter, filter.approxMatchFilter), + LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE }, + { 0 } +}; + +/* + * SearchRequest ::= + * [APPLICATION 3] SEQUENCE { + * baseObject LDAPDN, + * scope ENUMERATED { + * baseObject (0), + * singleLevel (1), + * wholeSubtree (2) + * }, + * derefAliases ENUMERATED { + * neverDerefAliases (0), + * derefInSearching (1), + * derefFindingBaseObj (2), + * alwaysDerefAliases (3) + * }, + * sizeLimit INTEGER (0 .. MAXINT), + * -- value of 0 implies no sizeLimit + * timeLimit INTEGER (0 .. MAXINT), + * -- value of 0 implies no timeLimit + * attrsOnly BOOLEAN, + * -- TRUE, if only attributes (without values) + * -- to be returned + * filter Filter, + * attributes SEQUENCE OF AttributeType + * } + */ + +static const SEC_ASN1Template LDAPAttributeTemplate[] = { + { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) } +}; + +static const SEC_ASN1Template LDAPSearchApplTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) }, + { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) }, + { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) }, + { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) }, + { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) }, + { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) }, + { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate }, + { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate }, + { 0 } +}; + +static const SEC_ASN1Template LDAPSearchTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0, + LDAPSearchApplTemplate, sizeof (LDAPSearch) } +}; + +/* + * SearchResponse ::= + * CHOICE { + * entry [APPLICATION 4] SEQUENCE { + * objectName LDAPDN, + * attributes SEQUENCE OF SEQUENCE { + * AttributeType, + * SET OF AttributeValue + * } + * } + * resultCode [APPLICATION 5] LDAPResult + * } + */ + +static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) }, + { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val), + LDAPStringTemplate }, + { 0 } +}; + +static const SEC_ASN1Template LDAPEntryTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL }, + { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) }, + { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes), + LDAPSearchResponseAttrTemplate }, + { 0 } +}; + +static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0, + LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) } +}; + +static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = { + { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0, + LDAPResultTemplate, sizeof (LDAPSearchResponseResult) } +}; + +/* + * AbandonRequest ::= + * [APPLICATION 16] MessageID + */ + +static const SEC_ASN1Template LDAPAbandonTemplate[] = { + { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) } +}; + +static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = { + { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0, + LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) } +}; + +/* + * LDAPMessage ::= + * SEQUENCE { + * messageID MessageID, + * protocolOp CHOICE { + * bindRequest BindRequest, + * bindResponse BindResponse, + * unbindRequest UnbindRequest, + * searchRequest SearchRequest, + * searchResponse SearchResponse, + * abandonRequest AbandonRequest + * } + * } + * + * (other choices exist, not shown) + * + * MessageID ::= INTEGER (0 .. maxInt) + */ + +static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = { + { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg), + LDAPBindTemplate, LDAP_BIND_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg), + LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg), + LDAPUnbindTemplate, LDAP_UNBIND_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg), + LDAPSearchTemplate, LDAP_SEARCH_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg), + LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg), + LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE }, + { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg), + LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE }, + { 0 } +}; + +const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL }, + { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) }, + { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp), + LDAPMessageProtocolOpTemplate }, + { 0 } +}; + +/* This function simply returns the address of the message template. + * This is necessary for Windows DLLs. + */ +SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate) |