class EncAPRepPart(Sequence):
tagSet = application(27)
componentType = NamedTypes(
NamedType('ctime', _c(0, KerberosTime())),
NamedType('cusec', _c(1, Microseconds())),
OptionalNamedType('subkey', _c(2, EncryptionKey())),
OptionalNamedType('seq-number', _c(3, Integer())))
class IntermediateResponse(Sequence):
# IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
# responseName [0] LDAPOID OPTIONAL,
# responseValue [1] OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 25))
componentType = NamedTypes(OptionalNamedType('responseName', IntermediateResponseName()),
OptionalNamedType('responseValue', IntermediateResponseValue()))
class NegTokenInit(Sequence):
"""
[RFC-4178]
NegTokenInit ::= SEQUENCE {
mechTypes [0] MechTypeList,
regFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
mechListMIC [3] OCTER STRING OPTIONAL,
...
}
"""
componentType = NamedTypes(
NamedType(
'mechTypes', MechTypeList().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 0)
)
),
OptionalNamedType(
'reqFlags', ContextFlags().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 1)
)
),
OptionalNamedType(
'mechToken', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 2)
)
),
OptionalNamedType(
'mechListMIC', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 3)
)
)
)
class EncKrbPrivPart(Sequence):
tagSet = application(28)
componentType = NamedTypes(
NamedType('user-data', _c(0, OctetString())),
OptionalNamedType('timestamp', _c(1, KerberosTime())),
OptionalNamedType('usec', _c(2, Integer())),
OptionalNamedType('seq-number', _c(3, Integer())),
NamedType('s-address', _c(4, HostAddress())),
OptionalNamedType('r-address', _c(5, HostAddress())))
class PasswdModifyRequestValue(Sequence):
"""
PasswdModifyRequestValue ::= SEQUENCE {
userIdentity [0] OCTET STRING OPTIONAL
oldPasswd [1] OCTET STRING OPTIONAL
newPasswd [2] OCTET STRING OPTIONAL }
"""
componentType = NamedTypes(OptionalNamedType('userIdentity', UserIdentity()),
OptionalNamedType('oldPasswd', OldPasswd()),
OptionalNamedType('newPasswd', NewPasswd()))
class BindResponse(Sequence):
# BindResponse ::= [APPLICATION 1] SEQUENCE {
# COMPONENTS OF LDAPResult,
# serverSaslCreds [7] OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 1))
componentType = NamedTypes(NamedType('resultCode', ResultCode()),
NamedType('matchedDN', LDAPDN()),
NamedType('diagnosticMessage', LDAPString()),
OptionalNamedType('referral', Referral()),
OptionalNamedType('serverSaslCreds', ServerSaslCreds()))
class MatchingRuleAssertion(Sequence):
# MatchingRuleAssertion ::= SEQUENCE {
# matchingRule [1] MatchingRuleId OPTIONAL,
# type [2] AttributeDescription OPTIONAL,
# matchValue [3] AssertionValue,
# dnAttributes [4] BOOLEAN DEFAULT FALSE }
componentType = NamedTypes(OptionalNamedType('matchingRule', MatchingRule()),
OptionalNamedType('type', Type()),
NamedType('matchValue', MatchValue()),
DefaultedNamedType('dnAttributes', DnAttributes()))
class KdcReqBody(Sequence):
componentType = NamedTypes(
NamedType('kdc-options', _c(0, KDCOptions())),
OptionalNamedType('cname', _c(1, PrincipalName())),
NamedType('realm', _c(2, Realm())),
OptionalNamedType('sname', _c(3, PrincipalName())),
OptionalNamedType('from', _c(4, KerberosTime())),
NamedType('till', _c(5, KerberosTime())),
OptionalNamedType('rtime', _c(6, KerberosTime())),
NamedType('nonce', _c(7, Integer())),
NamedType('etype', _c(8, SequenceOf(componentType=Integer()))))
class Authenticator(Sequence):
tagSet = application(2)
componentType = NamedTypes(
NamedType('authenticator-vno', _c(0, Integer())),
NamedType('crealm', _c(1, Realm())),
NamedType('cname', _c(2, PrincipalName())),
OptionalNamedType('cksum', _c(3, CheckSum())),
NamedType('cusec', _c(4, Microseconds())),
NamedType('ctime', _c(5, KerberosTime())),
OptionalNamedType('subkey', _c(6, EncryptionKey())),
OptionalNamedType('seq-number', _c(7, Integer())),
OptionalNamedType('authorization-data', _c(8, AuthorizationData())))
class ExtendedResponse(Sequence):
# ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
# COMPONENTS OF LDAPResult,
# responseName [10] LDAPOID OPTIONAL,
# responseValue [11] OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 24))
componentType = NamedTypes(NamedType('resultCode', ResultCode()),
NamedType('matchedDN', LDAPDN()),
NamedType('diagnosticMessage', LDAPString()),
OptionalNamedType('referral', Referral()),
OptionalNamedType('responseName', ResponseName()),
OptionalNamedType('responseValue', ResponseValue()))
class EncKDCRepPart(Sequence):
componentType = NamedTypes(
NamedType('key', _c(0, EncryptionKey())),
NamedType('last-req', _c(1, LastReq())),
NamedType('nonce', _c(2, Integer())),
OptionalNamedType('key-expiration', _c(3, KerberosTime())),
NamedType('flags', _c(4, TicketFlags())),
NamedType('authtime', _c(5, KerberosTime())),
OptionalNamedType('starttime', _c(6, KerberosTime())),
NamedType('endtime', _c(7, KerberosTime())),
OptionalNamedType('renew-till', _c(8, KerberosTime())),
NamedType('srealm', _c(9, Realm())),
NamedType('sname', _c(10, PrincipalName())),
OptionalNamedType('caddr', _c(11, HostAddresses())))
class MatchingRuleAssertion(Sequence):
"""
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
"""
componentType = NamedTypes(
OptionalNamedType('matchingRule', MatchingRuleId()),
OptionalNamedType('type', TypeDescription()),
NamedType('matchValue', matchValueAssertion()),
NamedType('dnAttributes', Boolean(False)),
)
class EncTicketPart(Sequence):
tagSet = application(3)
componentType = NamedTypes(
NamedType('flags', _c(0, TicketFlags())),
NamedType('key', _c(1, EncryptionKey())),
NamedType('crealm', _c(2, Realm())),
NamedType('cname', _c(3, PrincipalName())),
NamedType('transited', _c(4, TransitedEncoding())),
NamedType('authtime', _c(5, KerberosTime())),
OptionalNamedType('starttime', _c(6, KerberosTime())),
NamedType('endtime', _c(7, KerberosTime())),
OptionalNamedType('renew-till', _c(8, KerberosTime())),
OptionalNamedType('caddr', _c(9, HostAddresses())),
OptionalNamedType('authorization-data', _c(10, AuthorizationData())))
class ECPrivateKey(Sequence):
componentType = NamedTypes(
NamedType(
"version",
Integer(namedValues=NamedValues(("ecPrivkeyVer1", 1))).subtype(
subtypeSpec=Integer.subtypeSpec + SingleValueConstraint(1))),
NamedType("privateKey", OctetString()),
OptionalNamedType(
"parameters",
ObjectIdentifier().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 0))),
OptionalNamedType(
"publicKey",
BitString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 1))))
class LDAPMessage(Sequence):
"""
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse },
controls [0] Controls OPTIONAL }
"""
componentType = NamedTypes(NamedType('messageID', MessageID()),
NamedType('protocolOp', ProtocolOp()),
OptionalNamedType('controls', Controls()))
class MatchingRuleAssertion(Sequence):
"""
MatchingRuleAssertion ::= SEQUENCE {
matchingRule [1] MatchingRuleId OPTIONAL,
type [2] AttributeDescription OPTIONAL,
matchValue [3] AssertionValue,
dnAttributes [4] BOOLEAN DEFAULT FALSE }
"""
tagSet = Sequence.tagSet.tagImplicitly(
Tag(tagClassContext, tagFormatConstructed, 9))
componentType = NamedTypes(
OptionalNamedType('matchingRule', MatchingRuleId()),
OptionalNamedType('type', TypeDescription()),
NamedType('matchValue', matchValueAssertion()),
NamedType('dnAttributes', DnAttributes()),
)
class SaslCredentials(Sequence):
# SaslCredentials ::= SEQUENCE {
# mechanism LDAPString,
# credentials OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3))
componentType = NamedTypes(NamedType('mechanism', LDAPString()),
OptionalNamedType('credentials', Credentials()))
class ExtendedRequest(Sequence):
# ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
# requestName [0] LDAPOID,
# requestValue [1] OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 23))
componentType = NamedTypes(NamedType('requestName', RequestName()),
OptionalNamedType('requestValue', RequestValue()))
class LDAPMessage(Sequence):
# LDAPMessage ::= SEQUENCE {
# messageID MessageID,
# protocolOp CHOICE {
# bindRequest BindRequest,
# bindResponse BindResponse,
# unbindRequest UnbindRequest,
# searchRequest SearchRequest,
# searchResEntry SearchResultEntry,
# searchResDone SearchResultDone,
# searchResRef SearchResultReference,
# modifyRequest ModifyRequest,
# modifyResponse ModifyResponse,
# addRequest AddRequest,
# addResponse AddResponse,
# delRequest DelRequest,
# delResponse DelResponse,
# modDNRequest ModifyDNRequest,
# modDNResponse ModifyDNResponse,
# compareRequest CompareRequest,
# compareResponse CompareResponse,
# abandonRequest AbandonRequest,
# extendedReq ExtendedRequest,
# extendedResp ExtendedResponse,
# ...,
# intermediateResponse IntermediateResponse },
# controls [0] Controls OPTIONAL }
componentType = NamedTypes(NamedType('messageID', MessageID()),
NamedType('protocolOp', ProtocolOp()),
OptionalNamedType('controls', Controls()))
class PasswdModifyResponseValue(Sequence):
"""
PasswdModifyResponseValue ::= SEQUENCE {
genPasswd [0] OCTET STRING OPTIONAL }
"""
componentType = NamedTypes(OptionalNamedType('genPasswd', GenPasswd()))
class Control(Sequence):
"""
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL }
"""
componentType = NamedTypes(
NamedType('controlType', LDAPOID()),
DefaultedNamedType('criticality', Boolean(False)),
OptionalNamedType('controlValue', OctetString()),
)
def setComponentByPosition(self,
idx,
value=None,
verifyConstraints=True,
exactTypes=False,
matchTags=True,
matchConstraints=True):
if idx == 0: # controlType
try:
cls = KNOWN_CONTROLS[value]
if self.__class__ != cls:
self.__class__ = cls
except KeyError:
pass
return Sequence.setComponentByPosition(self, idx, value,
verifyConstraints, exactTypes,
matchTags, matchConstraints)
class LDAPResult(Sequence):
"""
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongerAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL }
"""
componentType = NamedTypes(NamedType('resultCode', ResultCode()),
NamedType('matchedDN', LDAPDN()),
NamedType('diagnosticMessage', LDAPString()),
OptionalNamedType('referral', Referral()))
class EntryChangeNotificationControl(Sequence):
# EntryChangeNotification ::= SEQUENCE {
# changeType ENUMERATED {
# add (1),
# delete (2),
# modify (4),
# modDN (8)
# },
# previousDN LDAPDN OPTIONAL, -- modifyDN ops. only
# changeNumber INTEGER OPTIONAL -- if supported
# }
# tagSet = TagSet()
# tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatConstructed, 16))
componentType = NamedTypes(NamedType('changeType', ChangeType()),
OptionalNamedType('previousDN', LDAPDN()),
OptionalNamedType('changeNumber', Integer()))
class Control(Sequence):
# Control ::= SEQUENCE {
# controlType LDAPOID,
# criticality BOOLEAN DEFAULT FALSE,
# controlValue OCTET STRING OPTIONAL }
componentType = NamedTypes(NamedType('controlType', LDAPOID()),
DefaultedNamedType('criticality', Criticality()),
OptionalNamedType('controlValue', ControlValue()))
class NegTokenInit2(Sequence):
"""
[MS-SPNG] v14.0 2017-09-15
2.2.1 NegTokenInit2
NegTokenInit2 is the message structure that extends NegTokenInit with a
negotiation hints (negHints) field. On a server initiated SPNEGO process,
it sends negTokenInit2 message instead of just the plain NegTokenInit.
NegTokenInit2 ::= SEQUENCE {
mechTypes [0] MechTypeList OPTIONAL,
reqFlags [1] ContextFlags OPTIONAL,
mechToken [2] OCTET STRING OPTIONAL,
negHints [3] NegHints OPTIONAL,
mechListMIC [4] OCTET STRING OPTIONAL,
...
}
"""
componentType = NamedTypes(
OptionalNamedType(
'mechTypes', MechTypeList().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 0)
)
),
OptionalNamedType(
'reqFlags', ContextFlags().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 1)
)
),
OptionalNamedType(
'mechToken', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 2)
)
),
OptionalNamedType(
'negHints', NegHints().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 3)
)
),
OptionalNamedType(
'mechListMIC', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 4)
)
),
)
class KdcRep(Sequence):
componentType = NamedTypes(
NamedType('pvno', _c(0, Integer())),
NamedType('msg-type', _c(1, Integer())),
OptionalNamedType('padata', _c(2, SequenceOf(componentType=PAData()))),
NamedType('crealm', _c(3, Realm())),
NamedType('cname', _c(4, PrincipalName())),
NamedType('ticket', _c(5, Ticket())),
NamedType('enc-part', _c(6, EncryptedData())))
class ModifyDNRequest(Sequence):
# ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
# entry LDAPDN,
# newrdn RelativeLDAPDN,
# deleteoldrdn BOOLEAN,
# newSuperior [0] LDAPDN OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 12))
componentType = NamedTypes(NamedType('entry', LDAPDN()),
NamedType('newrdn', RelativeLDAPDN()),
NamedType('deleteoldrdn', DeleteOldRDN()),
OptionalNamedType('newSuperior', NewSuperior()))
class PrivateKeyInfo(Sequence):
componentType = NamedTypes(
NamedType(
"version",
Integer(namedValues=NamedValues(("v1", 0))).subtype(
subtypeSpec=Integer.subtypeSpec + SingleValueConstraint(0))),
NamedType("privateKeyAlgorithm", AlgorithmIdentifier()),
NamedType("privateKey", OctetString()),
OptionalNamedType(
"attributes",
SetOf(componentType=Attribute()).subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 0))))
class Control(Sequence):
"""
Control ::= SEQUENCE {
controlType LDAPOID,
criticality BOOLEAN DEFAULT FALSE,
controlValue OCTET STRING OPTIONAL }
"""
componentType = NamedTypes(
NamedType('controlType', LDAPOID()),
NamedType('criticality', Boolean(False)),
OptionalNamedType('controlValue', OctetString()),
)
class SimplePagedResultsControl(Control):
"""
pagedResultsControl ::= SEQUENCE {
controlType 1.2.840.113556.1.4.319,
criticality BOOLEAN DEFAULT FALSE,
controlValue pagedSearchControlValue }
"""
componentType = NamedTypes(
NamedType('controlType', LDAPOID()),
DefaultedNamedType('criticality', Boolean(False)),
OptionalNamedType('controlValue', OctetString()),
)
def __init__(self, criticality=False, size=1000, cookie='', **kwargs):
Control.__init__(self, **kwargs)
self['controlType'] = CONTROL_PAGEDRESULTS
self['criticality'] = criticality
self._size = size
self._cookie = cookie
self._encodeControlValue()
def _encodeControlValue(self):
self['controlValue'] = encoder.encode(
SimplePagedSearchControlValue().setComponents(
self._size, self._cookie))
def _decodeControlValue(self):
self._size, self._cookie = decoder.decode(
self['controlValue'], asn1Spec=SimplePagedSearchControlValue())[0]
def getCriticality(self):
return self['criticality']
def setCritical(self, value):
self['criticality'] = value
def getSize(self):
self._decodeControlValue()
return self._size
def setSize(self, value):
self._size = value
self._encodeControlValue()
def getCookie(self):
self._decodeControlValue()
return self._cookie
def setCookie(self, value):
self._cookie = value
self._encodeControlValue()
