/* This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include "pkix_pl_ldapt.h" SEC_ASN1_MKSUB(SEC_AnyTemplate) SEC_ASN1_MKSUB(SEC_NullTemplate) SEC_ASN1_MKSUB(SEC_OctetStringTemplate) /* * CertificatePair ::= SEQUENCE { * forward [0] Certificate OPTIONAL, * reverse [1] Certificate OPTIONAL * -- at least one of the pair shall be present -- * } */ const SEC_ASN1Template PKIX_PL_LDAPCrossCertPairTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPCertPair) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 0, offsetof(LDAPCertPair, forward), SEC_ASN1_SUB(SEC_AnyTemplate) }, { SEC_ASN1_OPTIONAL | SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_EXPLICIT | SEC_ASN1_XTRN | 1, offsetof(LDAPCertPair, reverse), SEC_ASN1_SUB(SEC_AnyTemplate) }, { 0 } }; /* * BindRequest ::= * [APPLICATION 0] SEQUENCE { * version INTEGER (1..127), * name LDAPDN, * authentication CHOICE { * simple [0] OCTET STRING, * krbv42LDAP [1] OCTET STRING, * krbv42DSA [2] OCTET STRING * } * } * * LDAPDN ::= LDAPString * * LDAPString ::= OCTET STRING */ #define LDAPStringTemplate SEC_ASN1_SUB(SEC_OctetStringTemplate) static const SEC_ASN1Template LDAPBindApplTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL }, { SEC_ASN1_INTEGER, offsetof(LDAPBind, version) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, bindName) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPBind, authentication) }, { 0 } }; static const SEC_ASN1Template LDAPBindTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BIND_TYPE, 0, LDAPBindApplTemplate, sizeof (LDAPBind) } }; /* * BindResponse ::= [APPLICATION 1] LDAPResult * * LDAPResult ::= * SEQUENCE { * resultCode ENUMERATED { * success (0), * operationsError (1), * protocolError (2), * timeLimitExceeded (3), * sizeLimitExceeded (4), * compareFalse (5), * compareTrue (6), * authMethodNotSupported (7), * strongAuthRequired (8), * noSuchAttribute (16), * undefinedAttributeType (17), * inappropriateMatching (18), * constraintViolation (19), * attributeOrValueExists (20), * invalidAttributeSyntax (21), * noSuchObject (32), * aliasProblem (33), * invalidDNSyntax (34), * isLeaf (35), * aliasDereferencingProblem (36), * inappropriateAuthentication (48), * invalidCredentials (49), * insufficientAccessRights (50), * busy (51), * unavailable (52), * unwillingToPerform (53), * loopDetect (54), * namingViolation (64), * objectClassViolation (65), * notAllowedOnNonLeaf (66), * notAllowedOnRDN (67), * entryAlreadyExists (68), * objectClassModsProhibited (69), * other (80) * }, * matchedDN LDAPDN, * errorMessage LDAPString * } */ static const SEC_ASN1Template LDAPResultTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL }, { SEC_ASN1_ENUMERATED, offsetof(LDAPResult, resultCode) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, matchedDN) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPResult, errorMessage) }, { 0 } }; static const SEC_ASN1Template LDAPBindResponseTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_BINDRESPONSE_TYPE, 0, LDAPResultTemplate, sizeof (LDAPBindResponse) } }; /* * UnbindRequest ::= [APPLICATION 2] NULL */ static const SEC_ASN1Template LDAPUnbindTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | SEC_ASN1_XTRN | LDAP_UNBIND_TYPE , 0, SEC_ASN1_SUB(SEC_NullTemplate) } }; /* * AttributeValueAssertion ::= * SEQUENCE { * attributeType AttributeType, * attributeValue AttributeValue, * } * * AttributeType ::= LDAPString * -- text name of the attribute, or dotted * -- OID representation * * AttributeValue ::= OCTET STRING */ #define LDAPAttributeTypeTemplate LDAPStringTemplate /* * SubstringFilter ::= * SEQUENCE { * type AttributeType, * SEQUENCE OF CHOICE { * initial [0] LDAPString, * any [1] LDAPString, * final [2] LDAPString, * } * } */ #define LDAPSubstringFilterInitialTemplate LDAPStringTemplate #define LDAPSubstringFilterAnyTemplate LDAPStringTemplate #define LDAPSubstringFilterFinalTemplate LDAPStringTemplate static const SEC_ASN1Template LDAPSubstringFilterChoiceTemplate[] = { { SEC_ASN1_CHOICE, offsetof(LDAPSubstring, selector), 0, sizeof (LDAPFilter) }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 0, offsetof(LDAPSubstring, item), LDAPSubstringFilterInitialTemplate, LDAP_INITIALSUBSTRING_TYPE }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 1, offsetof(LDAPSubstring, item), LDAPSubstringFilterAnyTemplate, LDAP_ANYSUBSTRING_TYPE }, { SEC_ASN1_CONTEXT_SPECIFIC | SEC_ASN1_XTRN | 2, offsetof(LDAPSubstring, item), LDAPSubstringFilterFinalTemplate, LDAP_FINALSUBSTRING_TYPE }, { 0 } }; /* * Filter ::= * CHOICE { * and [0] SET OF Filter, * or [1] SET OF Filter, * not [2] Filter, * equalityMatch [3] AttributeValueAssertion, * substrings [4] SubstringFilter, * greaterOrEqual [5] AttributeValueAssertion, * lessOrEqual [6] AttributeValueAssertion, * present [7] AttributeType, * approxMatch [8] AttributeValueAssertion } */ static const SEC_ASN1Template LDAPSubstringFilterTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPSubstringFilter) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPSubstringFilter, attrType) }, { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSubstringFilter, strings), LDAPSubstringFilterChoiceTemplate }, { 0 } }; const SEC_ASN1Template LDAPFilterTemplate[]; /* forward reference */ static const SEC_ASN1Template LDAPSetOfFiltersTemplate[] = { { SEC_ASN1_SET_OF, 0, LDAPFilterTemplate } }; static const SEC_ASN1Template LDAPAVAFilterTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof (LDAPAttributeValueAssertion) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPAttributeValueAssertion, attrType) }, { SEC_ASN1_OCTET_STRING, offsetof(LDAPAttributeValueAssertion, attrValue) }, { 0 } }; static const SEC_ASN1Template LDAPPresentFilterTemplate[] = { { SEC_ASN1_LDAP_STRING, offsetof(LDAPPresentFilter, attrType) } }; #define LDAPEqualFilterTemplate LDAPAVAFilterTemplate #define LDAPGreaterOrEqualFilterTemplate LDAPAVAFilterTemplate #define LDAPLessOrEqualFilterTemplate LDAPAVAFilterTemplate #define LDAPApproxMatchFilterTemplate LDAPAVAFilterTemplate const SEC_ASN1Template LDAPFilterTemplate[] = { { SEC_ASN1_CHOICE, offsetof(LDAPFilter, selector), 0, sizeof(LDAPFilter) }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_ANDFILTER_TYPE, offsetof(LDAPFilter, filter.andFilter.filters), LDAPSetOfFiltersTemplate, LDAP_ANDFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_ORFILTER_TYPE, offsetof(LDAPFilter, filter.orFilter.filters), LDAPSetOfFiltersTemplate, LDAP_ORFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_NOTFILTER_TYPE | SEC_ASN1_POINTER, offsetof(LDAPFilter, filter.notFilter), LDAPFilterTemplate, LDAP_NOTFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_EQUALFILTER_TYPE, offsetof(LDAPFilter, filter.equalFilter), LDAPEqualFilterTemplate, LDAP_EQUALFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_SUBSTRINGFILTER_TYPE, offsetof(LDAPFilter, filter.substringFilter), LDAPSubstringFilterTemplate, LDAP_SUBSTRINGFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_GREATEROREQUALFILTER_TYPE, offsetof(LDAPFilter, filter.greaterOrEqualFilter), LDAPGreaterOrEqualFilterTemplate, LDAP_GREATEROREQUALFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_LESSOREQUALFILTER_TYPE, offsetof(LDAPFilter, filter.lessOrEqualFilter), LDAPLessOrEqualFilterTemplate, LDAP_LESSOREQUALFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_PRESENTFILTER_TYPE, offsetof(LDAPFilter, filter.presentFilter), LDAPPresentFilterTemplate, LDAP_PRESENTFILTER_TYPE }, { SEC_ASN1_CONSTRUCTED | SEC_ASN1_CONTEXT_SPECIFIC | LDAP_APPROXMATCHFILTER_TYPE, offsetof(LDAPFilter, filter.approxMatchFilter), LDAPApproxMatchFilterTemplate, LDAP_APPROXMATCHFILTER_TYPE }, { 0 } }; /* * SearchRequest ::= * [APPLICATION 3] SEQUENCE { * baseObject LDAPDN, * scope ENUMERATED { * baseObject (0), * singleLevel (1), * wholeSubtree (2) * }, * derefAliases ENUMERATED { * neverDerefAliases (0), * derefInSearching (1), * derefFindingBaseObj (2), * alwaysDerefAliases (3) * }, * sizeLimit INTEGER (0 .. MAXINT), * -- value of 0 implies no sizeLimit * timeLimit INTEGER (0 .. MAXINT), * -- value of 0 implies no timeLimit * attrsOnly BOOLEAN, * -- TRUE, if only attributes (without values) * -- to be returned * filter Filter, * attributes SEQUENCE OF AttributeType * } */ static const SEC_ASN1Template LDAPAttributeTemplate[] = { { SEC_ASN1_LDAP_STRING, 0, NULL, sizeof (SECItem) } }; static const SEC_ASN1Template LDAPSearchApplTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearch, baseObject) }, { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, scope) }, { SEC_ASN1_ENUMERATED, offsetof(LDAPSearch, derefAliases) }, { SEC_ASN1_INTEGER, offsetof(LDAPSearch, sizeLimit) }, { SEC_ASN1_INTEGER, offsetof(LDAPSearch, timeLimit) }, { SEC_ASN1_BOOLEAN, offsetof(LDAPSearch, attrsOnly) }, { SEC_ASN1_INLINE, offsetof(LDAPSearch, filter), LDAPFilterTemplate }, { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearch, attributes), LDAPAttributeTemplate }, { 0 } }; static const SEC_ASN1Template LDAPSearchTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCH_TYPE, 0, LDAPSearchApplTemplate, sizeof (LDAPSearch) } }; /* * SearchResponse ::= * CHOICE { * entry [APPLICATION 4] SEQUENCE { * objectName LDAPDN, * attributes SEQUENCE OF SEQUENCE { * AttributeType, * SET OF AttributeValue * } * } * resultCode [APPLICATION 5] LDAPResult * } */ static const SEC_ASN1Template LDAPSearchResponseAttrTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(LDAPSearchResponseAttr) }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseAttr, attrType) }, { SEC_ASN1_SET_OF | SEC_ASN1_XTRN, offsetof(LDAPSearchResponseAttr, val), LDAPStringTemplate }, { 0 } }; static const SEC_ASN1Template LDAPEntryTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL }, { SEC_ASN1_LDAP_STRING, offsetof(LDAPSearchResponseEntry, objectName) }, { SEC_ASN1_SEQUENCE_OF, offsetof(LDAPSearchResponseEntry, attributes), LDAPSearchResponseAttrTemplate }, { 0 } }; static const SEC_ASN1Template LDAPSearchResponseEntryTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSEENTRY_TYPE, 0, LDAPEntryTemplate, sizeof (LDAPSearchResponseEntry) } }; static const SEC_ASN1Template LDAPSearchResponseResultTemplate[] = { { SEC_ASN1_APPLICATION | LDAP_SEARCHRESPONSERESULT_TYPE, 0, LDAPResultTemplate, sizeof (LDAPSearchResponseResult) } }; /* * AbandonRequest ::= * [APPLICATION 16] MessageID */ static const SEC_ASN1Template LDAPAbandonTemplate[] = { { SEC_ASN1_INTEGER, offsetof(LDAPAbandonRequest, messageID) } }; static const SEC_ASN1Template LDAPAbandonRequestTemplate[] = { { SEC_ASN1_CONSTRUCTED | SEC_ASN1_APPLICATION | LDAP_ABANDONREQUEST_TYPE, 0, LDAPAbandonTemplate, sizeof (LDAPAbandonRequest) } }; /* * LDAPMessage ::= * SEQUENCE { * messageID MessageID, * protocolOp CHOICE { * bindRequest BindRequest, * bindResponse BindResponse, * unbindRequest UnbindRequest, * searchRequest SearchRequest, * searchResponse SearchResponse, * abandonRequest AbandonRequest * } * } * * (other choices exist, not shown) * * MessageID ::= INTEGER (0 .. maxInt) */ static const SEC_ASN1Template LDAPMessageProtocolOpTemplate[] = { { SEC_ASN1_CHOICE, offsetof(LDAPProtocolOp, selector), 0, sizeof (LDAPProtocolOp) }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindMsg), LDAPBindTemplate, LDAP_BIND_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.bindResponseMsg), LDAPBindResponseTemplate, LDAP_BINDRESPONSE_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.unbindMsg), LDAPUnbindTemplate, LDAP_UNBIND_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchMsg), LDAPSearchTemplate, LDAP_SEARCH_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseEntryMsg), LDAPSearchResponseEntryTemplate, LDAP_SEARCHRESPONSEENTRY_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.searchResponseResultMsg), LDAPSearchResponseResultTemplate, LDAP_SEARCHRESPONSERESULT_TYPE }, { SEC_ASN1_INLINE, offsetof(LDAPProtocolOp, op.abandonRequestMsg), LDAPAbandonRequestTemplate, LDAP_ABANDONREQUEST_TYPE }, { 0 } }; const SEC_ASN1Template PKIX_PL_LDAPMessageTemplate[] = { { SEC_ASN1_SEQUENCE, 0, NULL }, { SEC_ASN1_INTEGER, offsetof(LDAPMessage, messageID) }, { SEC_ASN1_INLINE, offsetof(LDAPMessage, protocolOp), LDAPMessageProtocolOpTemplate }, { 0 } }; /* This function simply returns the address of the message template. * This is necessary for Windows DLLs. */ SEC_ASN1_CHOOSER_IMPLEMENT(PKIX_PL_LDAPMessageTemplate)