diff options
author | cvsadm <cvsadm> | 2005-01-21 00:44:34 +0000 |
---|---|---|
committer | cvsadm <cvsadm> | 2005-01-21 00:44:34 +0000 |
commit | b2093e3016027d6b5cf06b3f91f30769bfc099e2 (patch) | |
tree | cf58939393a9032182c4fbc4441164a9456e82f8 /include/ldaputil | |
download | ds-b2093e3016027d6b5cf06b3f91f30769bfc099e2.tar.gz ds-b2093e3016027d6b5cf06b3f91f30769bfc099e2.tar.xz ds-b2093e3016027d6b5cf06b3f91f30769bfc099e2.zip |
Moving NSCP Directory Server from DirectoryBranch to TRUNK, initial drop. (foxworth)ldapserver7x
Diffstat (limited to 'include/ldaputil')
-rw-r--r-- | include/ldaputil/cert.h | 27 | ||||
-rw-r--r-- | include/ldaputil/certmap.h | 124 | ||||
-rw-r--r-- | include/ldaputil/dbconf.h | 91 | ||||
-rw-r--r-- | include/ldaputil/encode.h | 29 | ||||
-rw-r--r-- | include/ldaputil/errors.h | 108 | ||||
-rw-r--r-- | include/ldaputil/extcmap.h | 634 | ||||
-rw-r--r-- | include/ldaputil/init.h | 23 | ||||
-rw-r--r-- | include/ldaputil/ldapauth.h | 94 | ||||
-rw-r--r-- | include/ldaputil/ldapdb.h | 100 | ||||
-rw-r--r-- | include/ldaputil/ldaputil.h | 132 |
10 files changed, 1362 insertions, 0 deletions
diff --git a/include/ldaputil/cert.h b/include/ldaputil/cert.h new file mode 100644 index 00000000..4dac8f05 --- /dev/null +++ b/include/ldaputil/cert.h @@ -0,0 +1,27 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_CERT_H +#define _LDAPU_CERT_H + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC int ldapu_get_cert (void *SSLendpoint, void **cert); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_CERT_H */ diff --git a/include/ldaputil/certmap.h b/include/ldaputil/certmap.h new file mode 100644 index 00000000..921cbd06 --- /dev/null +++ b/include/ldaputil/certmap.h @@ -0,0 +1,124 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_CERTMAP_H +#define _LDAPU_CERTMAP_H + +#ifndef INTLDAPU +#define INTLDAPU +#endif /* INTLDAPU */ + +#include "extcmap.h" + +enum { + LDAPU_STR_FILTER_DEFAULT, + LDAPU_STR_FILTER_USER, + LDAPU_STR_FILTER_GROUP, + LDAPU_STR_FILTER_MEMBER, + LDAPU_STR_FILTER_MEMBER_RECURSE, + LDAPU_STR_ATTR_USER, + LDAPU_STR_ATTR_CERT, + LDAPU_STR_ATTR_CERT_NOSUBTYPE, + LDAPU_STR_MAX_INDEX +}; + +static char *ldapu_strings[] = { + "objectclass=*", /* LDAPU_STR_DEFAULT */ + "uid=%s", /* LDAPU_STR_FILTER_USER */ + "(& (cn=%s) (| (objectclass=groupofuniquenames) (objectclass=groupofnames)))", /* LDAPU_STR_FILTER_GROUP */ + "(| (uniquemember=%s) (member=%s))", /* LDAPU_STR_FILTER_MEMBER */ + "(& %s (| (objectclass=groupofuniquenames) (objectclass=groupofnames))", /* LDAPU_STR_FILTER_MEMBER_RECURSE */ + "uid", /* LDAPU_STR_ATTR_USER */ + "userCertificate;binary", /* LDAPU_STR_ATTR_CERT */ + "userCertificate" /* LDAPU_STR_ATTR_CERT_NOSUBTYPE */ +}; + +typedef struct { + char *str; + int size; + int len; +} LDAPUStr_t; + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC int ldapu_cert_to_ldap_entry (void *cert, LDAP *ld, + const char *basedn, + LDAPMessage **res); + +NSAPI_PUBLIC int ldapu_set_cert_mapfn (const char *issuerDN, + CertMapFn_t mapfn); + + +NSAPI_PUBLIC CertMapFn_t ldapu_get_cert_mapfn (const char *issuerDN); + +NSAPI_PUBLIC int ldapu_set_cert_searchfn (const char *issuerDN, + CertSearchFn_t searchfn); + + +NSAPI_PUBLIC CertSearchFn_t ldapu_get_cert_searchfn (const char *issuerDN); + +NSAPI_PUBLIC int ldapu_set_cert_verifyfn (const char *issuerDN, + CertVerifyFn_t verifyFn); + +NSAPI_PUBLIC CertVerifyFn_t ldapu_get_cert_verifyfn (const char *issuerDN); + + +NSAPI_PUBLIC int ldapu_get_cert_subject_dn (void *cert, char **subjectDN); + + +NSAPI_PUBLIC int ldapu_get_cert_issuer_dn (void *cert, char **issuerDN); + + +NSAPI_PUBLIC int ldapu_get_cert_ava_val (void *cert, int which_dn, + const char *attr, char ***val); + + +NSAPI_PUBLIC int ldapu_free_cert_ava_val (char **val); + + +NSAPI_PUBLIC int ldapu_get_cert_der (void *cert, unsigned char **derCert, + unsigned int *len); + + +NSAPI_PUBLIC int ldapu_issuer_certinfo (const char *issuerDN, + void **certmap_info); + + +NSAPI_PUBLIC int ldapu_certmap_info_attrval (void *certmap_info, + const char *attr, char **val); + + +NSAPI_PUBLIC char *ldapu_err2string (int err); + +/* Keep the old fn for backward compatibility */ +NSAPI_PUBLIC void ldapu_free_old (char *ptr); + + +NSAPI_PUBLIC void *ldapu_malloc (int size); + + +NSAPI_PUBLIC char *ldapu_strdup (const char *ptr); + + +NSAPI_PUBLIC void *ldapu_realloc (void *ptr, int size); + + +NSAPI_PUBLIC void ldapu_free (void *ptr); + + +NSAPI_PUBLIC int ldapu_string_set (const int type, const char *filter); + + +NSAPI_PUBLIC const char *ldapu_string_get (const int type); + +NSAPI_PUBLIC int ldaputil_exit (); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_CERTMAP_H */ diff --git a/include/ldaputil/dbconf.h b/include/ldaputil/dbconf.h new file mode 100644 index 00000000..3556c36e --- /dev/null +++ b/include/ldaputil/dbconf.h @@ -0,0 +1,91 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_DBCONF_H +#define _LDAPU_DBCONF_H + +#include <stdio.h> + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +typedef struct dbconf_propval { + char *prop; /* Property name */ + char *val; /* Property value */ + struct dbconf_propval *next; /* Pointer to the next prop-val pair */ +} DBPropVal_t; + +typedef struct dbconf_dbinfo { + char *dbname; /* Database name */ + char *url; /* Database URL */ + DBPropVal_t *firstprop; /* pointer to first property-value pair */ + DBPropVal_t *lastprop; /* pointer to last property-value pair */ + struct dbconf_dbinfo *next; /* pointer to next db info */ +} DBConfDBInfo_t; + +typedef struct { + DBConfDBInfo_t *firstdb; /* pointer to first db info */ + DBConfDBInfo_t *lastdb; /* pointer to last db info */ +} DBConfInfo_t; + +#define DBCONF_DEFAULT_DBNAME "default" + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC extern int dbconf_read_default_dbinfo (const char *file, + DBConfDBInfo_t **db_info); +NSAPI_PUBLIC extern int dbconf_read_config_file (const char *file, + DBConfInfo_t **conf_info); + +NSAPI_PUBLIC extern int ldapu_dbinfo_attrval (DBConfDBInfo_t *db_info, + const char *attr, char **val); + +NSAPI_PUBLIC extern void dbconf_free_confinfo (DBConfInfo_t *conf_info); +NSAPI_PUBLIC extern void dbconf_free_dbinfo (DBConfDBInfo_t *db_info); + +extern void dbconf_free_propval (DBPropVal_t *propval); + +extern void dbconf_print_confinfo (DBConfInfo_t *conf_info); +extern void dbconf_print_dbinfo (DBConfDBInfo_t *db_info); +extern void dbconf_print_propval (DBPropVal_t *propval); + + +NSAPI_PUBLIC int dbconf_output_db_directive (FILE *fp, const char *dbname, + const char *url); + +NSAPI_PUBLIC int dbconf_output_propval (FILE *fp, const char *dbname, + const char *prop, const char *val, + const int encoded); + +/* Following functions are required by certmap.c file */ +extern int dbconf_read_config_file_sub (const char *file, + const char *directive, + const int directive_len, + DBConfInfo_t **conf_info_out); + +extern int dbconf_read_default_dbinfo_sub (const char *file, + const char *directive, + const int directive_len, + DBConfDBInfo_t **db_info_out); + +NSAPI_PUBLIC int dbconf_get_dbnames (const char *dbmap, char ***dbnames, int *cnt); + +NSAPI_PUBLIC int dbconf_free_dbnames (char **dbnames); + + +extern int ldapu_strcasecmp (const char *s1, const char *s2); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_DBCONF_H */ diff --git a/include/ldaputil/encode.h b/include/ldaputil/encode.h new file mode 100644 index 00000000..6cc7729e --- /dev/null +++ b/include/ldaputil/encode.h @@ -0,0 +1,29 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_ENCODE_H +#define _LDAPU_ENCODE_H + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC extern char *dbconf_encodeval(const char *val); + +NSAPI_PUBLIC extern char *dbconf_decodeval (const char *val); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_ENCODE_H */ diff --git a/include/ldaputil/errors.h b/include/ldaputil/errors.h new file mode 100644 index 00000000..de6f893d --- /dev/null +++ b/include/ldaputil/errors.h @@ -0,0 +1,108 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_ERRORS_H +#define _LDAPU_ERRORS_H + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +#ifdef DBG_PRINT +#include <stdio.h> +#define DBG_PRINT1(x) fprintf(stderr, x) +#define DBG_PRINT2(x,y) fprintf(stderr, x, y) +#define DBG_PRINT3(x,y,z) fprintf(stderr, x, y, z) +#define DBG_PRINT4(x,y,z,a) fprintf(stderr, x, y, z, a) +#else +#define DBG_PRINT1(x) +#define DBG_PRINT2(x,y) +#define DBG_PRINT3(x,y,z) +#define DBG_PRINT4(x,y,z,a) +#endif + +/* Common error codes */ +#define LDAPU_ERR_NOT_IMPLEMENTED -1000 +#define LDAPU_ERR_INTERNAL -1001 +/* #define LDAPU_SUCCESS 0 */ /* defined in extcmap.h */ +/* #define LDAPU_FAILED -1 */ /* defined in extcmap.h */ +/* #define LDAPU_CERT_MAP_FUNCTION_FAILED -2 *//* defined in extcmap.h */ +/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -3 *//* defined in extcmap.h */ +/* #define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 *//* defined in extcmap.h */ +/* #define LDAPU_CERT_MAP_INITFN_FAILED -5 *//* defined in extcmap.h */ + +/* Error codes returned by ldapdb.c */ +#define LDAPU_ERR_OUT_OF_MEMORY -110 +#define LDAPU_ERR_URL_INVALID_PREFIX -112 +#define LDAPU_ERR_URL_NO_BASEDN -113 +#define LDAPU_ERR_URL_PARSE_FAILED -114 + +#define LDAPU_ERR_LDAP_INIT_FAILED -120 +#define LDAPU_ERR_LCACHE_INIT_FAILED -121 +#define LDAPU_ERR_LDAP_SET_OPTION_FAILED -122 +#define LDAPU_ERR_NO_DEFAULT_CERTDB -123 + +/* Errors returned by dbconf.c */ +#define LDAPU_ERR_CANNOT_OPEN_FILE -141 +#define LDAPU_ERR_DBNAME_IS_MISSING -142 +#define LDAPU_ERR_PROP_IS_MISSING -143 +#define LDAPU_ERR_DIRECTIVE_IS_MISSING -145 +#define LDAPU_ERR_NOT_PROPVAL -146 +#define LDAPU_ATTR_NOT_FOUND -147 + +/* Error codes returned by certmap.c */ +#define LDAPU_ERR_NO_ISSUERDN_IN_CERT -181 +#define LDAPU_ERR_NO_ISSUERDN_IN_CONFIG_FILE -182 +#define LDAPU_ERR_CERTMAP_INFO_MISSING -183 +#define LDAPU_ERR_MALFORMED_SUBJECT_DN -184 +#define LDAPU_ERR_MAPPED_ENTRY_NOT_FOUND -185 +#define LDAPU_ERR_UNABLE_TO_LOAD_PLUGIN -186 +#define LDAPU_ERR_MISSING_INIT_FN_IN_LIB -187 +#define LDAPU_ERR_MISSING_INIT_FN_IN_CONFIG -188 +#define LDAPU_ERR_CERT_VERIFY_FAILED -189 +#define LDAPU_ERR_CERT_VERIFY_NO_CERTS -190 +#define LDAPU_ERR_MISSING_LIBNAME -191 +#define LDAPU_ERR_MISSING_INIT_FN_NAME -192 + +#define LDAPU_ERR_EMPTY_LDAP_RESULT -193 +#define LDAPU_ERR_MULTIPLE_MATCHES -194 +#define LDAPU_ERR_MISSING_RES_ENTRY -195 +#define LDAPU_ERR_MISSING_UID_ATTR -196 +#define LDAPU_ERR_WRONG_ARGS -197 +#define LDAPU_ERR_RENAME_FILE_FAILED -198 + +#define LDAPU_ERR_MISSING_VERIFYCERT_VAL -199 +#define LDAPU_ERR_CANAME_IS_MISSING -200 +#define LDAPU_ERR_CAPROP_IS_MISSING -201 +#define LDAPU_ERR_UNKNOWN_CERT_ATTR -202 +#define LDAPU_ERR_INVALID_ARGUMENT -203 +#define LDAPU_ERR_INVALID_SUFFIX -204 + +/* Error codes returned by cert.c */ +#define LDAPU_ERR_EXTRACT_SUBJECTDN_FAILED -300 +#define LDAPU_ERR_EXTRACT_ISSUERDN_FAILED -301 +#define LDAPU_ERR_EXTRACT_DERCERT_FAILED -302 + +/* Error codes returned by ldapauth.c */ +#define LDAPU_ERR_CIRCULAR_GROUPS -400 +#define LDAPU_ERR_INVALID_STRING -401 +#define LDAPU_ERR_INVALID_STRING_INDEX -402 +#define LDAPU_ERR_MISSING_ATTR_VAL -403 + +#ifdef __cplusplus +extern "C" { +#endif + + /* NSAPI_PUBLIC extern char *ldapu_err2string(int err); */ + +#ifdef __cplusplus +} +#endif + +#endif /* LDAPUTIL_LDAPU_H */ diff --git a/include/ldaputil/extcmap.h b/include/ldaputil/extcmap.h new file mode 100644 index 00000000..fde6a4b3 --- /dev/null +++ b/include/ldaputil/extcmap.h @@ -0,0 +1,634 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _PUBLIC_CERTMAP_H +#define _PUBLIC_CERTMAP_H + +#include <ldap.h> + +#ifndef NSAPI_PUBLIC +#if defined( _WINDOWS ) || defined( _WIN32 ) || defined( XP_WIN32 ) +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + + +#define LDAPU_ATTR_INITFN "InitFn" +#define LDAPU_ATTR_LIBRARY "library" +#define LDAPU_ATTR_DNCOMPS "DNComps" +#define LDAPU_ATTR_FILTERCOMPS "FilterComps" +#define LDAPU_ATTR_VERIFYCERT "VerifyCert" +#define LDAPU_ATTR_CERTMAP_LDAP_ATTR "CmapLdapAttr" + +/* Error/Success codes */ +#define LDAPU_SUCCESS 0 +#define LDAPU_FAILED -1 +#define LDAPU_CERT_MAP_FUNCTION_FAILED -2 +#define LDAPU_CERT_SEARCH_FUNCTION_FAILED -3 +#define LDAPU_CERT_VERIFY_FUNCTION_FAILED -4 +#define LDAPU_CERT_MAP_INITFN_FAILED -5 + + +/* + * CertMapFn_t - + * This is a typedef for cert mapping function. The mapping function is + * called by the function ldapu_cert_to_ldap_entry. + * Parameters: + * cert - cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * ldapdn - The mapping function should allocate memory for ldapdn + * using malloc and set this variable using the 'cert' and + * 'certmap_info'. This DN will be used for ldap lookup. + * filter - The mapping function should allocate memory for filter + * using malloc and set this variable using the 'cert' and + * 'certmap_info'. This will be used as ldap filter for ldap + * lookup of the ldapdn. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion (cert is mapped) + * return LDAPU_FAILED there is no unexpected error but cert could not + * mapped (probably because ldap entry doesn't exist). + * otherwise return LDAPU_CERT_MAP_FUNCTION_FAILED. + */ +typedef int (*CertMapFn_t)(void *cert, LDAP *ld, void *certmap_info, + char **ldapdn, char **filter); + + +/* + * CertSearchFn_t - + * This is a typedef for cert search function. The search function is + * called by the function ldapu_cert_to_ldap_entry after calling the mapping + * function. The candidate 'dn' and 'filter' returned by the mapping + * function is passed to this function. + * The default search function works as follows: + * 1. If the 'filter' is NULL, default it to 'objectclass=*'. + * 2. If the 'dn' is non-NULL, do a base level search with the 'dn' and + * 'filter'. If it succeeds, we are done. If there is no serious + * error (LDAP_NO_SUCH_OBJECT is not serious error yet), continue. + * 3. If the 'dn' is NULL, default it to 'basedn'. + * 4. Perform a 'subtree' search in LDAP for the 'dn' and the 'filter'. + * 5. Return the results of the last search. + * Parameters: + * cert - cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * suffix - If the ldapdn is empty then use this DN to begin the + * search. This is the DN of the root object in LDAP + * Directory. + * ldapdn - candidate 'dn' returned by the mapping function. + * filter - returned by the mapping function. + * attrs - list of attributes to return from the search. If this is + * NULL, all attributes are returned. + * res - result of the search which is passed to the verify + * function. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * return LDAPU_FAILED there is no unexpected error but entries matching the + * 'dn' and 'filter' doesn't exist. + * otherwise return LDAPU_CERT_SEARCH_FUNCTION_FAILED. + */ +typedef int (*CertSearchFn_t)(void *cert, LDAP *ld, void *certmap_info, + const char *suffix, const char *ldapdn, + const char *filter, const char **attrs, + LDAPMessage ***res); + + +/* + * CertVerifyFn_t - + * This is a typedef for cert verify function. The verify function is + * called by the function ldapu_cert_to_ldap_entry after the cert is + * successfully mapped to ldapdn and filter, and an entry matching that + * exists in the directory server. The verify fn may get called for + * multiple matched entries. This function must go through all the entries + * and check which one is appropriate. The pointer to that entry must be + * passed back in the 'LDAPMessage **entry' parameter. + * Parameters: + * cert - Original cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * res - cert is first mapped to ldapdn and filter. 'res' is the + * result of ldap search using the ldapdn and filter. + * 'ld' and 'res' can be used in the calls to ldapsdk API. + * entry - pointer to the entry from 'res' which is the correct match + * according to the verify function. + * + * Return Values: + * return LDAPU_SUCCESS upon successful completion (cert is verified) + * return LDAPU_FAILED there is no unexpected error but cert could not + * verified (probably because it was revoked). + * otherwise return LDAPU_CERT_VERIFY_FUNCTION_FAILED. + */ +typedef int (*CertVerifyFn_t)(void *cert, LDAP *ld, void *certmap_info, + LDAPMessage *res, LDAPMessage **entry); + + + +/* + * CertmapInitFn_t - + * This is a typedef for user defined init function. An init function can be + * specified in the config file (<ServerRoot>/userdb/certmap.conf) per issuer + * of a certificate. This init function must from the user's library, also + * loaded from the config file using the 'library' property. The init + * function is specified in the config file using the 'InitFn' property. + * When the config file is loaded, any user defined init functions will be + * called with the certmap_info pertaining to the issuer (CA). + * Parameters: + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise return LDAPU_CERT_MAP_INITFN_FAILED. The server startup will be + * aborted if the return value is not LDAPU_SUCCESS. + */ +typedef int (*CertMapInitFn_t)(void *certmap_info, const char *issuerName, + const char *issuerDN, const char *libname); + +/* + * Refer to the description of the function ldapu_get_cert_ava_val + */ +enum { + LDAPU_SUBJECT_DN, + LDAPU_ISSUER_DN +}; + +/* ldapu_cert_to_ldap_entry */ +typedef int (*t_ldapu_cert_to_ldap_entry)(void *cert, LDAP *ld, + const char *suffix, + LDAPMessage **res); + +/* ldapu_set_cert_mapfn */ +typedef int (*t_ldapu_set_cert_mapfn)(const char *issuerDN, + CertMapFn_t mapfn); + +/* ldapu_get_cert_mapfn */ +typedef CertMapFn_t (*t_ldapu_get_cert_mapfn) (const char *issuerDN); + +/* ldapu_set_cert_searchfn */ +typedef int (*t_ldapu_set_cert_searchfn) (const char *issuerDN, + CertSearchFn_t searchfn); + +/* ldapu_get_cert_searchfn */ +typedef CertSearchFn_t (*t_ldapu_get_cert_searchfn) (const char *issuerDN); + +/* ldapu_set_cert_verifyfn */ +typedef int (*t_ldapu_set_cert_verifyfn) (const char *issuerDN, + CertVerifyFn_t verifyFn); + +/* ldapu_get_cert_verifyfn */ +typedef CertVerifyFn_t (*t_ldapu_get_cert_verifyfn) (const char *issuerDN); + +/* ldapu_get_cert_subject_dn */ +typedef int (*t_ldapu_get_cert_subject_dn) (void *cert, char **subjectDN); + +/* ldapu_get_cert_issuer_dn */ +typedef int (*t_ldapu_get_cert_issuer_dn) (void *cert, char **issuerDN); + +/* ldapu_get_cert_ava_val */ +typedef int (*t_ldapu_get_cert_ava_val) (void *cert, int which_dn, + const char *attr, char ***val); + +/* ldapu_free_cert_ava_val */ +typedef int (*t_ldapu_free_cert_ava_val) (char **val); + +/* ldapu_get_cert_der */ +typedef int (*t_ldapu_get_cert_der) (void *cert, unsigned char **derCert, + unsigned int *len); + +/* ldapu_issuer_certinfo */ +typedef int (*t_ldapu_issuer_certinfo) (const char *issuerDN, + void **certmap_info); + +/* ldapu_certmap_info_attrval */ +typedef int (*t_ldapu_certmap_info_attrval) (void *certmap_info, + const char *attr, char **val); + +/* ldapu_err2string */ +typedef char * (*t_ldapu_err2string) (int err); + +/* ldapu_free */ +typedef void (*t_ldapu_free_old) (char *ptr); +typedef void (*t_ldapu_free) (void *ptr); + +/* ldapu_malloc */ +typedef void *(*t_ldapu_malloc) (int size); + +/* ldapu_strdup */ +typedef char *(*t_ldapu_strdup) (const char *ptr); + + +typedef struct LDAPUDispatchVector LDAPUDispatchVector_t; +struct LDAPUDispatchVector { + t_ldapu_cert_to_ldap_entry f_ldapu_cert_to_ldap_entry; + t_ldapu_set_cert_mapfn f_ldapu_set_cert_mapfn; + t_ldapu_get_cert_mapfn f_ldapu_get_cert_mapfn; + t_ldapu_set_cert_searchfn f_ldapu_set_cert_searchfn; + t_ldapu_get_cert_searchfn f_ldapu_get_cert_searchfn; + t_ldapu_set_cert_verifyfn f_ldapu_set_cert_verifyfn; + t_ldapu_get_cert_verifyfn f_ldapu_get_cert_verifyfn; + t_ldapu_get_cert_subject_dn f_ldapu_get_cert_subject_dn; + t_ldapu_get_cert_issuer_dn f_ldapu_get_cert_issuer_dn; + t_ldapu_get_cert_ava_val f_ldapu_get_cert_ava_val; + t_ldapu_free_cert_ava_val f_ldapu_free_cert_ava_val; + t_ldapu_get_cert_der f_ldapu_get_cert_der; + t_ldapu_issuer_certinfo f_ldapu_issuer_certinfo; + t_ldapu_certmap_info_attrval f_ldapu_certmap_info_attrval; + t_ldapu_err2string f_ldapu_err2string; + t_ldapu_free_old f_ldapu_free_old; + t_ldapu_malloc f_ldapu_malloc; + t_ldapu_strdup f_ldapu_strdup; + t_ldapu_free f_ldapu_free; +}; + + +#ifdef INTLDAPU +NSAPI_PUBLIC extern LDAPUDispatchVector_t *__ldapu_table; +#else +typedef int (*CertMapDLLInitFn_t)(LDAPUDispatchVector_t **table); + +NSAPI_PUBLIC extern int CertMapDLLInitFn(LDAPUDispatchVector_t **table); + +extern LDAPUDispatchVector_t *__ldapu_table; + +#if defined( _WINDOWS ) || defined( _WIN32 ) || defined( XP_WIN32 ) +#define CertmapDLLInitFnTbl LDAPUDispatchVector_t *__ldapu_table; +#define CertmapDLLInit(rv, libname) \ +{\ + HANDLE h = LoadLibrary((libname)); \ + CertMapDLLInitFn_t init_fn; \ + if (!h) return LDAPU_CERT_MAP_INITFN_FAILED; \ + init_fn = (CertMapDLLInitFn_t)GetProcAddress(h, "CertMapDLLInitFn"); \ + rv = init_fn(&__ldapu_table); \ +} +#else +#define CertmapDLLInit(rv, libname) +#define CertmapDLLInitFnTbl +#endif + +#endif /* INTLDAPU */ + +#ifndef INTLDAPU + +/* + * ldapu_cert_to_ldap_entry - + * This function is called to map a cert to an ldap entry. It extracts the + * cert issuer information from the given cert. The mapping function set for + * the issuer (if any) or the default mapping function is called to map the + * subject DN from the cert to a candidate ldap DN and filter for ldap + * search. If the mapped ldap DN is NULL, the 'basedn' passed into this + * function is used as a starting place for the search. If the mapped filter + * is NULL, "objectclass=*" is used as a filter. A base level search is + * performed to see if the candidate DN exists in the LDAP database matching + * the filter. If there is no match, a scoped search (sub-tree search) is + * performed. If at least one entry matched the mapped DN and filter, the + * result is passed to the appropriate verify function. The verify function + * is called only if 'VerifyCert' parameter has been set for the cert issuer + * in the certmap.conf file. + * If the verify function succeeds, it must return the pointer to the matched + * 'entry'. If at the end, there is only one matching entry, the mapping is + * successful. + * Parameters: + * cert - cert to be mapped. You can pass this to + * functions ldapu_get_cert_XYZ. + * ld - Handle to the connection to the directory server. + * suffix - If the subject dn is mapped to empty LDAP DN then use this + * DN to begin the search. This is the DN of the root object + * in LDAP Directory. + * res - cert is first mapped to ldapdn and filter. 'res' is the + * result of ldap search using the ldapdn and filter. + * 'ld' and 'res' can be used in the calls to ldapsdk API. + * When done with 'res', free it using ldap_msgfree(res) + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_cert_to_ldap_entry (*__ldapu_table->f_ldapu_cert_to_ldap_entry) + +/* + * ldapu_set_cert_mapfn - + * This function can be used to set the cert mapping function for the given + * issuer (CA). If the mapping information doesn't exist for the given + * issuer then a new one will be created and the mapping function will be + * set. When creating the new mapping information, the default mapping + * information is copied. + * Parameters: + * issuerDN - DN of the cert issuer. This mapping function will be used + * for all certs issued by this issuer. If the issuerDN is + * NULL, the given 'mapfn' becomes the default mapping + * function (which is used when no mapping function has been + * set for the cert's issuer). + * mapfn - the mapping function. Look at the desciption of + * CertMapFn_t to find out more about the mapping functions. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_set_cert_mapfn (*__ldapu_table->f_ldapu_set_cert_mapfn) + + +/* + * ldapu_get_cert_mapfn - + * This function can be used to get the cert mapping function for the given + * issuer (CA). This will always return a non-NULL function. + * Parameters: + * issuerDN - DN of the cert issuer for which the mapping function is to + * be retrieved. If this is NULL, default mapping function + * is returned. + * + * Return Value: + * The mapping function set for the issuer is returned. If the issuerDN is + * NULL or if no specific mapping function has been set for the issuer, the + * default mapping function is returned. + */ +#define ldapu_get_cert_mapfn (*__ldapu_table->f_ldapu_get_cert_mapfn) + +/* + * ldapu_set_cert_searchfn - + * This function can be used to set the cert search function for the given + * issuer (CA). + * Parameters: + * issuerDN - DN of the cert issuer. This search function will be used + * for all certs issued by this issuer. If the issuerDN is + * NULL, the given 'searchfn' becomes the default search + * function (which is used when no search function has been + * set for the cert's issuer). + * searchfn - the search function. Look at the desciption of + * CertSearchFn_t to find out more about the search functions. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_set_cert_searchfn (*__ldapu_table->f_ldapu_set_cert_searchfn) + + +/* + * ldapu_get_cert_searchfn - + * This function can be used to get the cert search function for the given + * issuer (CA). This will always return a non-NULL function. + * Parameters: + * issuerDN - DN of the cert issuer for which the search function is to + * be retrieved. If this is NULL, the default search + * function is returned. + * + * Return Value: + * The search function set for the issuer is returned. If the issuerDN is + * NULL or if no specific search function has been set for the issuer, the + * default search function is returned. + */ +#define ldapu_get_cert_searchfn (*__ldapu_table->f_ldapu_get_cert_searchfn) + +/* + * ldapu_set_cert_verifyfn - + * This function can be used to set the cert verify function for the given + * issuer (CA). If the mapping information doesn't exist for the given + * issuer then a new one will be created and the verify function will be + * set. When creating the new mapping information, the default mapping + * information is copied. + * Parameters: + * issuerDN - DN of the cert issuer. This verify function will be used + * for all certs issued by this issuer. If the issuerDN is + * NULL, the given 'verifyFn' becomes the default verify + * function (which is used when no verify function has been + * set for the cert's issuer). + * verifyFn - the verify function. Look at the desciption of + * CertMapFn_t to find out more about the verify functions. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_set_cert_verifyfn (*__ldapu_table->f_ldapu_set_cert_verifyfn) + +/* + * ldapu_get_cert_verifyfn - + * This function can be used to get the cert verify function for the given + * issuer (CA). This function can return NULL when there is no applicable + * verify function. + * Parameters: + * issuerDN - DN of the cert issuer for which the verify function is to + * be retrieved. If this is NULL, default verify function + * is returned. + * + * Return Value: + * The verify function set for the issuer is returned. If the issuerDN is + * NULL or if no specific verify function has been set for the issuer, the + * default verify function is returned. This function can return NULL when + * there is no applicable verify function. + */ +#define ldapu_get_cert_verifyfn (*__ldapu_table->f_ldapu_get_cert_verifyfn) + + +/* + * ldapu_get_cert_subject_dn - + * This function can be used to get the subject DN from the cert. Free the + * subjectDN using 'free' after you are done using it. + * Parameters: + * cert - cert from which the DN is to be extracted. + * subjectDN - subjectDN extracted from the cert. Free it using 'free' + * after it is no longer required. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_get_cert_subject_dn (*__ldapu_table->f_ldapu_get_cert_subject_dn) + + +/* + * ldapu_get_cert_issuer_dn - + * This function can be used to get the issuer DN from the cert. Free the + * issuerDN using 'free' after you are done using it. + * Parameters: + * cert - cert from which the DN is to be extracted. + * issuerDN - issuerDN extracted from the cert. Free it using 'free' + * after it is no longer required. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_get_cert_issuer_dn (*__ldapu_table->f_ldapu_get_cert_issuer_dn) + + +/* + * ldapu_get_cert_ava_val - + * This function can be used to get value of the given attribute from either + * the subject DN or the issuer DN from the cert. + * Parameters: + * cert - cert from which the values are to be extracted. + * which_dn - Should be either LDAPU_ISSUER_DN or LDAPU_SUBJECT_DN. + * attr - Should be one of "CN", "OU", "O", "C", "UID", "MAIL", + * "E", "L", and "ST". + * val - An array of attribute values extracted from the cert. + * There could be multiple values. The last entry in the + * array is NULL. You must free this array of strings after + * you are done with it (using the function + * ldapu_free_cert_ava_val). 'val' is initialized to NULL if + * there is an error. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_get_cert_ava_val (*__ldapu_table->f_ldapu_get_cert_ava_val) + + +/* + * ldapu_free_cert_ava_val - + * This function can be used to free the array returned by the + * ldapu_get_cert_ava_val function. + * Parameters: + * val - An array of attribute values returned by + * ldapu_get_cert_ava_val. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_free_cert_ava_val (*__ldapu_table->f_ldapu_free_cert_ava_val) + + +/* + * ldapu_get_cert_der - + * This function can be used to get the original DER encoded cert for the + * given cert. + * Parameters: + * cert - cert from which the original DER is to be extracted. + * derCert - the original DER encoded cert + * len - length of derCert + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_get_cert_der (*__ldapu_table->f_ldapu_get_cert_der) + + +/* + * ldapu_issuer_certinfo - + * This function can be used to get the handle on the internal structure for + * the given issuer. This handle can be passed to ldapu_certmap_info_attrval + * to get configuration attribute values for the issuer. + * Parameters: + * issuerDN - DN of the issuer for whom the handle on internal structure + * is requested. If issuerDN is NULL, the handle to the + * default configuration information is returned. + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * This structure can be passed to the function + * ldapu_certmap_info_attrval to get value for a particular + * configuration attribute (or a property). + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + * CAUTION: DON'T FREE THE 'certmap_info' STRUCTURE. + */ +#define ldapu_issuer_certinfo (*__ldapu_table->f_ldapu_issuer_certinfo) + + +/* + * ldapu_certmap_info_attrval - + * This function can be used to get values for the given attribute/property + * from the given certmap_info. You can get handle on the certmap_info by + * calling the ldapu_issuer_certinfo function. Free the 'val' using 'free' + * after it is no longer required. + * Parameters: + * certmap_info - This structure contains information about the + * configuration parameters for the cert's issuer (CA). + * attr - name of the attribute/property for which the value is to + * be returned. The attribute can be one of the attributes + * listed above (LDAPU_ATTR_XYZ). User defined attributes + * can also be used. + * val - Value of the 'attr' from the 'certmap_info'. + * + * Return Value: + * return LDAPU_SUCCESS upon successful completion + * otherwise returns an error code that can be passed to ldapu_err2string. + */ +#define ldapu_certmap_info_attrval (*__ldapu_table->f_ldapu_certmap_info_attrval) + + +/* + * ldapu_err2string - + * This function can be used to print any of the ldaputil or LDAP error + * code. + * Parameters: + * err - error code to be converted to printable string. + * + * Return Value: + * Printable representation of the given error code. + */ +#define ldapu_err2string (*__ldapu_table->f_ldapu_err2string) + +/* + * ldapu_free - + * This function should be used to free the memory allocated by + * ldapu_* functions if the ldapu_* function doesn't have a corresponding + * 'free' function. Use this function for free'ing the memory allocated by + * the following functions: + * ldapu_get_cert_subject_dn + * ldapu_get_cert_issuer_dn + * ldapu_get_cert_der + * ldapu_certmap_info_attrval + * To free memory allocated by ldapu_get_cert_ava_val, use + * ldapu_free_cert_ava_val. Do not free the certmap_info pointer returned by + * ldapu_issuer_certinfo. + * Parameters: + * ptr - pointer returned by ldapu_get_cert_* functions. + */ +#define ldapu_free (*__ldapu_table->f_ldapu_free) + +/* + * ldapu_malloc - + * This function is a cover function for the 'malloc' system call. On NT, it + * is best to alloc & free the memory in the same DLL. + * Parameters: + * size - size of the memory to be allocated + * Return Value: + * same as 'malloc' -- pointer to the allocated memory or NULL on failure. + */ +#define ldapu_malloc (*__ldapu_table->f_ldapu_malloc) + +/* + * ldapu_strdup - + * This function is a cover function for the 'strdup' system call. On NT, it + * is best to alloc & free the memory in the same DLL. + * Parameters: + * ptr - Pointer to the string to be copied + * Return Value: + * same as 'strdup' -- pointer to the copied string or NULL on failure. + */ +#define ldapu_strdup (*__ldapu_table->f_ldapu_strdup) + + +#endif /* !INTLDAPU */ + +#endif /* _PUBLIC_CERTMAP_H */ diff --git a/include/ldaputil/init.h b/include/ldaputil/init.h new file mode 100644 index 00000000..e983787b --- /dev/null +++ b/include/ldaputil/init.h @@ -0,0 +1,23 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_INIT_H +#define _LDAPU_INIT_H + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC extern int ldaputil_init (const char *config_file, + const char *dllname, + const char *serv_root, + const char *serv_type, + const char *serv_id); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_INIT_H */ diff --git a/include/ldaputil/ldapauth.h b/include/ldaputil/ldapauth.h new file mode 100644 index 00000000..d4d96bfc --- /dev/null +++ b/include/ldaputil/ldapauth.h @@ -0,0 +1,94 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ + +#ifndef LDAPU_AUTH_H +#define LDAPU_AUTH_H + +#include <ldap.h> + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +typedef int (*LDAPU_GroupCmpFn_t)(const void *groupids, const char *group, + const int len); + +#ifdef __cplusplus +extern "C" { +#endif + +extern int ldapu_find (LDAP *ld, const char *base, int scope, + const char *filter, const char **attrs, + int attrsonly, LDAPMessage **res); + +int ldapu_find_entire_tree (LDAP *ld, int scope, + const char *filter, const char **attrs, + int attrsonly, LDAPMessage ***res); + +extern int ldapu_auth_userdn_groupdn (LDAP *ld, const char *userdn, + const char *groupdn, + const char *base); + +extern int ldapu_auth_uid_groupdn (LDAP *ld, const char *uid, + const char *groupdn, const char *base); + +extern int ldapu_auth_uid_groupid (LDAP *ld, const char *uid, + const char *groupid, const char *base); + +extern int ldapu_auth_userdn_groupid (LDAP *ld, + const char *userdn, const char *groupid, + const char *base); + +extern int ldapu_auth_userdn_groupids (LDAP *ld, const char *userdn, + void *groupids, + LDAPU_GroupCmpFn_t grpcmpfn, + const char *base, + char **group_out); + +extern int ldapu_auth_userdn_attrfilter (LDAP *ld, + const char *userdn, + const char *attrfilter); + +extern int ldapu_auth_uid_attrfilter (LDAP *ld, const char *uid, + const char *attrfilter, + const char *base); + +extern int ldapu_auth_userdn_password (LDAP *ld, + const char *userdn, + const char *password); + +extern int ldapu_find_uid_attrs (LDAP *ld, const char *uid, + const char *base, const char **attrs, + int attrsonly, LDAPMessage **res); + +extern int ldapu_find_uid (LDAP *ld, const char *uid, + const char *base, LDAPMessage **res); + +NSAPI_PUBLIC extern int ldapu_find_userdn (LDAP *ld, const char *uid, + const char *base, char **dn); + +extern int ldapu_find_group_attrs (LDAP *ld, const char *groupid, + const char *base, const char **attrs, + int attrsonly, LDAPMessage **res); + +extern int ldapu_find_group (LDAP *ld, const char *groupid, + const char *base, LDAPMessage **res); + +extern int ldapu_find_groupdn (LDAP *ld, const char *groupid, + const char *base, char **dn); + +extern int ldapu_auth_uid_password (LDAP *ld, const char *uid, + const char *password, const char *base); + +#ifdef __cplusplus +} +#endif + +#endif /* LDAPU_AUTH_H */ diff --git a/include/ldaputil/ldapdb.h b/include/ldaputil/ldapdb.h new file mode 100644 index 00000000..13254a93 --- /dev/null +++ b/include/ldaputil/ldapdb.h @@ -0,0 +1,100 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_LDAPDB_H +#define _LDAPU_LDAPDB_H + +#include <ldap.h> +/* removed for LDAPSDK31 integration +#include <lcache.h> +*/ +#ifdef LDAPDB_THREAD_SAFE +/* In the past, we used CRITICAL objects from lib/base/crit.cpp. + * Now we use PRMonitor to avoid ldapu to depend on lib/base. + */ +#include <prmon.h> +#else +#define PRMonitor void +#endif /* LDAPDB_THREAD_SAFE */ + +#ifndef NSAPI_PUBLIC +#ifdef XP_WIN32 +#define NSAPI_PUBLIC __declspec(dllexport) +#else +#define NSAPI_PUBLIC +#endif +#endif + +#define LDAPDB_URL_PREFIX "ldapdb:" +#define LDAPDB_URL_PREFIX_LEN 7 + +typedef struct { + int use_ssl; /* Set to 0 in case of local LDAP cache */ + char *host; /* Set to 0 in case of local LDAP cache */ + int port; /* Set to 0 in case of local LDAP cache */ + char *basedn; + char *scope; + char *filter; + LDAP *ld; + char *binddn; /* Set to 0 in case of local LDAP cache */ + char *bindpw; /* Set to 0 in case of local LDAP cache */ + int bound; /* If 0 then not bound with binddn & bindpw */ + PRMonitor* crit;/* to control critical sections */ +} LDAPDatabase_t; + +#define LDAPU_ATTR_BINDDN "binddn" +#define LDAPU_ATTR_BINDPW "bindpw" + + +#ifdef __cplusplus +extern "C" { +#endif + +NSAPI_PUBLIC extern int ldapu_url_parse (const char *url, const char *binddn, + const char *bindpw, + LDAPDatabase_t **ldb); + +NSAPI_PUBLIC extern int ldapu_ldapdb_url_parse (const char *url, + LDAPDatabase_t **ldb); + +NSAPI_PUBLIC extern int ldapu_is_local_db (const LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern void ldapu_free_LDAPDatabase_t (LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern LDAPDatabase_t *ldapu_copy_LDAPDatabase_t (const LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern int ldapu_ldap_init (LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern int ldapu_ldap_init_and_bind (LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern int ldapu_ldap_rebind (LDAPDatabase_t *ldb); + +NSAPI_PUBLIC extern int ldapu_ldap_reinit_and_rebind (LDAPDatabase_t *ldb); + +#ifdef __cplusplus +} +#endif + +/* + * LDAPU_REQ -- + * 'ld' is cached in the 'ldb' structure. If the LDAP server goes down since + * it was cached, the ldap lookup commands fail with LDAP_SERVER_DOWN. This + * macro can be used to rebind to the server and retry the command once if + * this happens. + */ +#define LDAPU_REQ(rv, ldb, cmd) \ +{ \ + int numtry = 0; \ + while(1) { \ + rv = cmd; \ + if (rv != LDAP_SERVER_DOWN || numtry++ != 0) break; \ + /* Server went down since our last ldap lookup ... reconnect */ \ + rv = ldapu_ldap_reinit_and_rebind(ldb); \ + if (rv != LDAPU_SUCCESS) break; \ + } \ +} + + +#endif /* LDAPUTIL_LDAPDB_H */ diff --git a/include/ldaputil/ldaputil.h b/include/ldaputil/ldaputil.h new file mode 100644 index 00000000..f0d87c22 --- /dev/null +++ b/include/ldaputil/ldaputil.h @@ -0,0 +1,132 @@ +/** BEGIN COPYRIGHT BLOCK + * Copyright 2001 Sun Microsystems, Inc. + * Portions copyright 1999, 2001-2003 Netscape Communications Corporation. + * All rights reserved. + * END COPYRIGHT BLOCK **/ +#ifndef _LDAPU_LDAPUTIL_H +#define _LDAPU_LDAPUTIL_H + +#include <ldaputil/dbconf.h> +#include <ldaputil/certmap.h> + +typedef struct ldapu_list_node { + void *info; /* pointer to the corresponding info */ + struct ldapu_list_node *next; /* pointer to the next node */ + struct ldapu_list_node *prev; /* pointer to the prev node */ +} LDAPUListNode_t; + +typedef struct ldapu_list { + LDAPUListNode_t *head; + LDAPUListNode_t *tail; +} LDAPUList_t; + +typedef struct { + char *prop; /* property name */ + char *val; /* value -- only char* supported for now */ +} LDAPUPropVal_t; + +typedef LDAPUList_t LDAPUPropValList_t; + +enum { + COMPS_COMMENTED_OUT, + COMPS_EMPTY, + COMPS_HAS_ATTRS +}; + +typedef struct { + char *issuerName; /* issuer (symbolic/short) name */ + char *issuerDN; /* cert issuer's DN */ + LDAPUPropValList_t *propval; /* pointer to the prop-val pairs list */ + CertMapFn_t mapfn; /* cert to ldapdn & filter mapping func */ + CertVerifyFn_t verifyfn; /* verify cert function */ + CertSearchFn_t searchfn; /* search ldap entry function */ + long dncomps; /* bitmask: components to form ldap dn */ + long filtercomps; /* components used to form ldap filter */ + int verifyCert; /* Verify the cert? */ + char *searchAttr; /* LDAP attr used by the search fn */ + int dncompsState; /* Empty, commented out, or attr names */ + int filtercompsState; /* Empty, commented out, or attr names */ +} LDAPUCertMapInfo_t; + +typedef LDAPUList_t LDAPUCertMapListInfo_t; + +typedef void * (*LDAPUListNodeFn_t)(void *info, void *arg); + +#ifdef __cplusplus +extern "C" { +#endif + +extern int certmap_read_default_certinfo (const char *file); + +extern int certmap_read_certconfig_file (const char *file); + +extern void ldapu_certinfo_free (void *certmap_info); + +extern void ldapu_certmap_listinfo_free (void *certmap_listinfo); + +extern void ldapu_propval_list_free (void *propval_list); + +NSAPI_PUBLIC extern int ldaputil_exit (); + +NSAPI_PUBLIC extern int ldapu_cert_to_user (void *cert, LDAP *ld, + const char *basedn, + LDAPMessage **res, + char **user); + +NSAPI_PUBLIC extern int ldapu_certmap_init (const char *config_file, + const char *libname, + LDAPUCertMapListInfo_t **certmap_list, + LDAPUCertMapInfo_t + **certmap_default); + +NSAPI_PUBLIC extern int ldapu_certinfo_modify (const char *issuerName, + const char *issuerDN, + const LDAPUPropValList_t *propval); + +NSAPI_PUBLIC extern int ldapu_certinfo_delete (const char *issuerDN); + +NSAPI_PUBLIC extern int ldapu_certinfo_save (const char *fname, + const char *old_fname, + const char *tmp_fname); + +NSAPI_PUBLIC extern int ldapu_list_alloc (LDAPUList_t **list); +NSAPI_PUBLIC extern int ldapu_propval_alloc (const char *prop, const char *val, + LDAPUPropVal_t **propval); +NSAPI_PUBLIC extern int ldapu_list_add_info (LDAPUList_t *list, void *info); + +#ifndef DONT_USE_LDAP_SSL +#define USE_LDAP_SSL +#endif + +typedef struct { +#ifdef USE_LDAP_SSL + LDAP* (LDAP_CALL LDAP_CALLBACK *ldapuV_ssl_init) ( const char*, int, int ); +#else + LDAP* (LDAP_CALL LDAP_CALLBACK *ldapuV_init) ( const char*, int ); +#endif + int (LDAP_CALL LDAP_CALLBACK *ldapuV_set_option) ( LDAP*, int, void* ); + int (LDAP_CALL LDAP_CALLBACK *ldapuV_simple_bind_s) ( LDAP*, const char*, const char* ); + int (LDAP_CALL LDAP_CALLBACK *ldapuV_unbind) ( LDAP* ); + int (LDAP_CALL LDAP_CALLBACK *ldapuV_search_s) ( LDAP*, const char*, int, const char*, char**, int, LDAPMessage** ); + int (LDAP_CALL LDAP_CALLBACK *ldapuV_count_entries) ( LDAP*, LDAPMessage* ); + LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_first_entry) ( LDAP*, LDAPMessage* ); + LDAPMessage*(LDAP_CALL LDAP_CALLBACK *ldapuV_next_entry) ( LDAP*, LDAPMessage* ); + int (LDAP_CALL LDAP_CALLBACK *ldapuV_msgfree) ( LDAP*, LDAPMessage* ); + char* (LDAP_CALL LDAP_CALLBACK *ldapuV_get_dn) ( LDAP*, LDAPMessage* ); + void (LDAP_CALL LDAP_CALLBACK *ldapuV_memfree) ( LDAP*, void* ); + char* (LDAP_CALL LDAP_CALLBACK *ldapuV_first_attribute) ( LDAP*, LDAPMessage*, BerElement** ); + char* (LDAP_CALL LDAP_CALLBACK *ldapuV_next_attribute) ( LDAP*, LDAPMessage*, BerElement* ); + void (LDAP_CALL LDAP_CALLBACK *ldapuV_ber_free) ( LDAP*, BerElement*, int ); + char** (LDAP_CALL LDAP_CALLBACK *ldapuV_get_values) ( LDAP*, LDAPMessage*, const char* ); + void (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free) ( LDAP*, char** ); + struct berval**(LDAP_CALL LDAP_CALLBACK *ldapuV_get_values_len)( LDAP*, LDAPMessage*, const char* ); + void (LDAP_CALL LDAP_CALLBACK *ldapuV_value_free_len)( LDAP*, struct berval** ); +} LDAPUVTable_t; + +NSAPI_PUBLIC extern void ldapu_VTable_set (LDAPUVTable_t*); + +#ifdef __cplusplus +} +#endif + +#endif /* _LDAPU_LDAPUTIL_H */ |