mirror of
https://github.com/goharbor/harbor.git
synced 2025-01-04 15:08:21 +01:00
351 lines
9.7 KiB
Go
351 lines
9.7 KiB
Go
|
/*
|
||
|
*
|
||
|
* Copyright (C) 2012 - Marc Quinton.
|
||
|
*
|
||
|
* Use of this source code is governed by the MIT Licence :
|
||
|
* http://opensource.org/licenses/mit-license.php
|
||
|
*
|
||
|
* Permission is hereby granted, free of charge, to any person obtaining
|
||
|
* a copy of this software and associated documentation files (the
|
||
|
* "Software"), to deal in the Software without restriction, including
|
||
|
* without limitation the rights to use, copy, modify, merge, publish,
|
||
|
* distribute, sublicense, and/or sell copies of the Software, and to
|
||
|
* permit persons to whom the Software is furnished to do so, subject to
|
||
|
* the following conditions:
|
||
|
*
|
||
|
* The above copyright notice and this permission notice shall be
|
||
|
* included in all copies or substantial portions of the Software.
|
||
|
*
|
||
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||
|
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||
|
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||
|
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
||
|
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||
|
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||
|
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||
|
*/
|
||
|
|
||
|
package openldap
|
||
|
|
||
|
const (
|
||
|
// first version for this GO API binding
|
||
|
OPENLDAP_API_BINDING_VERSION = "0.2"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_VERSION1 = 1
|
||
|
LDAP_VERSION2 = 2
|
||
|
LDAP_VERSION3 = 3
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_VERSION_MIN = LDAP_VERSION2
|
||
|
LDAP_VERSION = LDAP_VERSION2
|
||
|
LDAP_VERSION_MAX = LDAP_VERSION3
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_API_VERSION = 3001
|
||
|
LDAP_VENDOR_NAME = "OpenLDAP"
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_PORT = 389
|
||
|
LDAPS_PORT = 636
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_SUCCESS = 0
|
||
|
LDAP_OPT_ERROR = -1
|
||
|
)
|
||
|
|
||
|
// search scopes
|
||
|
const (
|
||
|
LDAP_SCOPE_BASE = 0x0000
|
||
|
LDAP_SCOPE_ONELEVEL = 0x0001
|
||
|
LDAP_SCOPE_SUBTREE = 0x0002
|
||
|
LDAP_SCOPE_SUBORDINATE = 0x0003 // OpenLDAP extension
|
||
|
LDAP_SCOPE_DEFAULT = -1 // OpenLDAP extension
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_SCOPE_BASEOBJECT = LDAP_SCOPE_BASE
|
||
|
LDAP_SCOPE_ONE = LDAP_SCOPE_ONELEVEL
|
||
|
LDAP_SCOPE_SUB = LDAP_SCOPE_SUBTREE
|
||
|
LDAP_SCOPE_CHILDREN = LDAP_SCOPE_SUBORDINATE
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_RES_ANY = -1
|
||
|
LDAP_RES_UNSOLICITED = 0
|
||
|
)
|
||
|
|
||
|
//const (
|
||
|
//LDAP_API_FEATURE_THREAD_SAFE = 1
|
||
|
//LDAP_API_FEATURE_SESSION_THREAD_SAFE = 1
|
||
|
//LDAP_API_FEATURE_OPERATION_THREAD_SAFE = 1
|
||
|
//)
|
||
|
|
||
|
const (
|
||
|
LDAP_SUCCESS = 0x00
|
||
|
LDAP_OPERATIONS_ERROR = 0x01
|
||
|
LDAP_PROTOCOL_ERROR = 0x02
|
||
|
LDAP_TIMELIMIT_EXCEEDED = 0x03
|
||
|
LDAP_SIZELIMIT_EXCEEDED = 0x04
|
||
|
LDAP_COMPARE_FALSE = 0x05
|
||
|
LDAP_COMPARE_TRUE = 0x06
|
||
|
LDAP_AUTH_METHOD_NOT_SUPPORTED = 0x07
|
||
|
LDAP_STRONG_AUTH_REQUIRED = 0x08
|
||
|
// Not used in LDAPv3
|
||
|
LDAP_PARTIAL_RESULTS = 0x09
|
||
|
|
||
|
// Next 5 new in LDAPv3
|
||
|
LDAP_REFERRAL = 0x0a
|
||
|
LDAP_ADMINLIMIT_EXCEEDED = 0x0b
|
||
|
LDAP_UNAVAILABLE_CRITICAL_EXTENSION = 0x0c
|
||
|
LDAP_CONFIDENTIALITY_REQUIRED = 0x0d
|
||
|
LDAP_SASL_BIND_INPROGRESS = 0x0e
|
||
|
|
||
|
LDAP_NO_SUCH_ATTRIBUTE = 0x10
|
||
|
LDAP_UNDEFINED_TYPE = 0x11
|
||
|
LDAP_INAPPROPRIATE_MATCHING = 0x12
|
||
|
LDAP_CONSTRAINT_VIOLATION = 0x13
|
||
|
LDAP_TYPE_OR_VALUE_EXISTS = 0x14
|
||
|
LDAP_INVALID_SYNTAX = 0x15
|
||
|
|
||
|
LDAP_NO_SUCH_OBJECT = 0x20 /* 32 */
|
||
|
LDAP_ALIAS_PROBLEM = 0x21
|
||
|
LDAP_INVALID_DN_SYNTAX = 0x22
|
||
|
// Next two not used in LDAPv3
|
||
|
LDAP_IS_LEAF = 0x23
|
||
|
LDAP_ALIAS_DEREF_PROBLEM = 0x24
|
||
|
|
||
|
LDAP_INAPPROPRIATE_AUTH = 0x30 /* 48 */
|
||
|
LDAP_INVALID_CREDENTIALS = 0x31 /* 49 */
|
||
|
LDAP_INSUFFICIENT_ACCESS = 0x32
|
||
|
LDAP_BUSY = 0x33
|
||
|
LDAP_UNAVAILABLE = 0x34
|
||
|
LDAP_UNWILLING_TO_PERFORM = 0x35
|
||
|
LDAP_LOOP_DETECT = 0x36
|
||
|
|
||
|
LDAP_SORT_CONTROL_MISSING = 0x3C /* 60 */
|
||
|
LDAP_INDEX_RANGE_ERROR = 0x3D /* 61 */
|
||
|
|
||
|
LDAP_NAMING_VIOLATION = 0x40
|
||
|
LDAP_OBJECT_CLASS_VIOLATION = 0x41
|
||
|
LDAP_NOT_ALLOWED_ON_NONLEAF = 0x42
|
||
|
LDAP_NOT_ALLOWED_ON_RDN = 0x43
|
||
|
LDAP_ALREADY_EXISTS = 0x44 /* 68 */
|
||
|
LDAP_NO_OBJECT_CLASS_MODS = 0x45
|
||
|
LDAP_RESULTS_TOO_LARGE = 0x46
|
||
|
// Next two for LDAPv3
|
||
|
LDAP_AFFECTS_MULTIPLE_DSAS = 0x47
|
||
|
LDAP_OTHER = 0x50
|
||
|
|
||
|
// Used by some APIs
|
||
|
LDAP_SERVER_DOWN = 0x51
|
||
|
LDAP_LOCAL_ERROR = 0x52
|
||
|
LDAP_ENCODING_ERROR = 0x53
|
||
|
LDAP_DECODING_ERROR = 0x54
|
||
|
LDAP_TIMEOUT = 0x55
|
||
|
LDAP_AUTH_UNKNOWN = 0x56
|
||
|
LDAP_FILTER_ERROR = 0x57 /* 87 */
|
||
|
LDAP_USER_CANCELLED = 0x58
|
||
|
LDAP_PARAM_ERROR = 0x59
|
||
|
LDAP_NO_MEMORY = 0x5a
|
||
|
|
||
|
// Preliminary LDAPv3 codes
|
||
|
LDAP_CONNECT_ERROR = 0x5b
|
||
|
LDAP_NOT_SUPPORTED = 0x5c
|
||
|
LDAP_CONTROL_NOT_FOUND = 0x5d
|
||
|
LDAP_NO_RESULTS_RETURNED = 0x5e
|
||
|
LDAP_MORE_RESULTS_TO_RETURN = 0x5f
|
||
|
LDAP_CLIENT_LOOP = 0x60
|
||
|
LDAP_REFERRAL_LIMIT_EXCEEDED = 0x61
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_DEREF_NEVER = 0
|
||
|
LDAP_DEREF_SEARCHING = 1
|
||
|
LDAP_DEREF_FINDING = 2
|
||
|
LDAP_DEREF_ALWAYS = 3
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_NO_LIMIT = 0
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_MSG_ONE = 0
|
||
|
LDAP_MSG_ALL = 1
|
||
|
LDAP_MSG_RECEIVED = 2
|
||
|
)
|
||
|
|
||
|
// LDAP_OPTions
|
||
|
// 0x0000 - 0x0fff reserved for api options
|
||
|
// 0x1000 - 0x3fff reserved for api extended options
|
||
|
// 0x4000 - 0x7fff reserved for private and experimental options
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_API_INFO = 0x0000
|
||
|
LDAP_OPT_DESC = 0x0001 // historic
|
||
|
LDAP_OPT_DEREF = 0x0002
|
||
|
LDAP_OPT_SIZELIMIT = 0x0003
|
||
|
LDAP_OPT_TIMELIMIT = 0x0004
|
||
|
// 0x05 - 0x07 not defined
|
||
|
|
||
|
LDAP_OPT_REFERRALS = 0x0008
|
||
|
LDAP_OPT_RESTART = 0x0009
|
||
|
// 0x0a - 0x10 not defined
|
||
|
|
||
|
LDAP_OPT_PROTOCOL_VERSION = 0x0011
|
||
|
LDAP_OPT_SERVER_CONTROLS = 0x0012
|
||
|
LDAP_OPT_CLIENT_CONTROLS = 0x0013
|
||
|
// 0x14 not defined
|
||
|
|
||
|
LDAP_OPT_API_FEATURE_INFO = 0x0015
|
||
|
// 0x16 - 0x2f not defined
|
||
|
|
||
|
LDAP_OPT_HOST_NAME = 0x0030
|
||
|
LDAP_OPT_RESULT_CODE = 0x0031
|
||
|
LDAP_OPT_ERROR_NUMBER = LDAP_OPT_RESULT_CODE
|
||
|
LDAP_OPT_DIAGNOSTIC_MESSAGE = 0x0032
|
||
|
LDAP_OPT_ERROR_STRING = LDAP_OPT_DIAGNOSTIC_MESSAGE
|
||
|
LDAP_OPT_MATCHED_DN = 0x0033
|
||
|
// 0x0034 - 0x3fff not defined
|
||
|
|
||
|
// 0x0091 used by Microsoft for LDAP_OPT_AUTO_RECONNECT
|
||
|
|
||
|
LDAP_OPT_SSPI_FLAGS = 0x0092
|
||
|
// 0x0093 used by Microsoft for LDAP_OPT_SSL_INFO
|
||
|
|
||
|
// 0x0094 used by Microsoft for LDAP_OPT_REF_DEREF_CONN_PER_MSG
|
||
|
|
||
|
LDAP_OPT_SIGN = 0x0095
|
||
|
LDAP_OPT_ENCRYPT = 0x0096
|
||
|
LDAP_OPT_SASL_METHOD = 0x0097
|
||
|
// 0x0098 used by Microsoft for LDAP_OPT_AREC_EXCLUSIVE
|
||
|
|
||
|
LDAP_OPT_SECURITY_CONTEXT = 0x0099
|
||
|
|
||
|
// 0x009A used by Microsoft for LDAP_OPT_ROOTDSE_CACHE
|
||
|
|
||
|
// 0x009B - 0x3fff not defined
|
||
|
|
||
|
)
|
||
|
|
||
|
// API Extensions
|
||
|
|
||
|
const LDAP_OPT_API_EXTENSION_BASE = 0x4000 // API extensions
|
||
|
|
||
|
// private and experimental options
|
||
|
|
||
|
// OpenLDAP specific options
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_DEBUG_LEVEL = 0x5001 // debug level
|
||
|
LDAP_OPT_TIMEOUT = 0x5002 // default timeout
|
||
|
LDAP_OPT_REFHOPLIMIT = 0x5003 // ref hop limit
|
||
|
LDAP_OPT_NETWORK_TIMEOUT = 0x5005 // socket level timeout
|
||
|
LDAP_OPT_URI = 0x5006
|
||
|
LDAP_OPT_REFERRAL_URLS = 0x5007 // Referral URLs
|
||
|
LDAP_OPT_SOCKBUF = 0x5008 // sockbuf
|
||
|
LDAP_OPT_DEFBASE = 0x5009 // searchbase
|
||
|
LDAP_OPT_CONNECT_ASYNC = 0x5010 // create connections asynchronously
|
||
|
LDAP_OPT_CONNECT_CB = 0x5011 // connection callbacks
|
||
|
LDAP_OPT_SESSION_REFCNT = 0x5012 // session reference count
|
||
|
)
|
||
|
|
||
|
// OpenLDAP TLS options
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_X_TLS = 0x6000
|
||
|
LDAP_OPT_X_TLS_CTX = 0x6001 // OpenSSL CTX*
|
||
|
LDAP_OPT_X_TLS_CACERTFILE = 0x6002
|
||
|
LDAP_OPT_X_TLS_CACERTDIR = 0x6003
|
||
|
LDAP_OPT_X_TLS_CERTFILE = 0x6004
|
||
|
LDAP_OPT_X_TLS_KEYFILE = 0x6005
|
||
|
LDAP_OPT_X_TLS_REQUIRE_CERT = 0x6006
|
||
|
LDAP_OPT_X_TLS_PROTOCOL_MIN = 0x6007
|
||
|
LDAP_OPT_X_TLS_CIPHER_SUITE = 0x6008
|
||
|
LDAP_OPT_X_TLS_RANDOM_FILE = 0x6009
|
||
|
LDAP_OPT_X_TLS_SSL_CTX = 0x600a // OpenSSL SSL*
|
||
|
LDAP_OPT_X_TLS_CRLCHECK = 0x600b
|
||
|
LDAP_OPT_X_TLS_CONNECT_CB = 0x600c
|
||
|
LDAP_OPT_X_TLS_CONNECT_ARG = 0x600d
|
||
|
LDAP_OPT_X_TLS_DHFILE = 0x600e
|
||
|
LDAP_OPT_X_TLS_NEWCTX = 0x600f
|
||
|
LDAP_OPT_X_TLS_CRLFILE = 0x6010 // GNUtls only
|
||
|
LDAP_OPT_X_TLS_PACKAGE = 0x6011
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_X_TLS_NEVER = 0
|
||
|
LDAP_OPT_X_TLS_HARD = 1
|
||
|
LDAP_OPT_X_TLS_DEMAND = 2
|
||
|
LDAP_OPT_X_TLS_ALLOW = 3
|
||
|
LDAP_OPT_X_TLS_TRY = 4
|
||
|
)
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_X_TLS_CRL_NONE = 0
|
||
|
LDAP_OPT_X_TLS_CRL_PEER = 1
|
||
|
LDAP_OPT_X_TLS_CRL_ALL = 2
|
||
|
)
|
||
|
|
||
|
// for LDAP_OPT_X_TLS_PROTOCOL_MIN
|
||
|
|
||
|
//!!! const (
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL(maj,min) = (((maj) << 8) + (min))
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL_SSL2 = (2 << 8)
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL_SSL3 = (3 << 8)
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL_TLS1_0 = ((3 << 8) + 1)
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL_TLS1_1 = ((3 << 8) + 2)
|
||
|
//!!! LDAP_OPT_X_TLS_PROTOCOL_TLS1_2 = ((3 << 8) + 3)
|
||
|
//!!! )
|
||
|
|
||
|
// OpenLDAP SASL options
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_X_SASL_MECH = 0x6100
|
||
|
LDAP_OPT_X_SASL_REALM = 0x6101
|
||
|
LDAP_OPT_X_SASL_AUTHCID = 0x6102
|
||
|
LDAP_OPT_X_SASL_AUTHZID = 0x6103
|
||
|
LDAP_OPT_X_SASL_SSF = 0x6104 // read-only
|
||
|
LDAP_OPT_X_SASL_SSF_EXTERNAL = 0x6105 // write-only
|
||
|
LDAP_OPT_X_SASL_SECPROPS = 0x6106 // write-only
|
||
|
LDAP_OPT_X_SASL_SSF_MIN = 0x6107
|
||
|
LDAP_OPT_X_SASL_SSF_MAX = 0x6108
|
||
|
LDAP_OPT_X_SASL_MAXBUFSIZE = 0x6109
|
||
|
LDAP_OPT_X_SASL_MECHLIST = 0x610a // read-only
|
||
|
LDAP_OPT_X_SASL_NOCANON = 0x610b
|
||
|
LDAP_OPT_X_SASL_USERNAME = 0x610c // read-only
|
||
|
LDAP_OPT_X_SASL_GSS_CREDS = 0x610d
|
||
|
)
|
||
|
|
||
|
// OpenLDAP GSSAPI options
|
||
|
|
||
|
const (
|
||
|
LDAP_OPT_X_GSSAPI_DO_NOT_FREE_CONTEXT = 0x6200
|
||
|
LDAP_OPT_X_GSSAPI_ALLOW_REMOTE_PRINCIPAL = 0x6201
|
||
|
)
|
||
|
|
||
|
//
|
||
|
// OpenLDAP per connection tcp-keepalive settings
|
||
|
// (Linux only, ignored where unsupported)
|
||
|
const (
|
||
|
LDAP_OPT_X_KEEPALIVE_IDLE = 0x6300
|
||
|
LDAP_OPT_X_KEEPALIVE_PROBES = 0x6301
|
||
|
LDAP_OPT_X_KEEPALIVE_INTERVAL = 0x6302
|
||
|
)
|
||
|
|
||
|
/* authentication methods available */
|
||
|
const (
|
||
|
LDAP_AUTH_NONE = 0x00 // no authentication
|
||
|
LDAP_AUTH_SIMPLE = 0x80 // context specific + primitive
|
||
|
LDAP_AUTH_SASL = 0xa3 // context specific + constructed
|
||
|
LDAP_AUTH_KRBV4 = 0xff // means do both of the following
|
||
|
LDAP_AUTH_KRBV41 = 0x81 // context specific + primitive
|
||
|
LDAP_AUTH_KRBV42 = 0x82 // context specific + primitive
|
||
|
)
|