class ProtocolOp(Choice):
"""
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse }
"""
componentType = NamedTypes(
NamedType('bindRequest', BindRequest()),
NamedType('bindResponse', BindResponse()),
NamedType('unbindRequest', UnbindRequest()),
NamedType('searchRequest', SearchRequest()),
NamedType('searchResEntry', SearchResultEntry()),
NamedType('searchResDone', SearchResultDone()),
NamedType('searchResRef', SearchResultReference()),
NamedType('modifyRequest', ModifyRequest()),
NamedType('modifyResponse', ModifyResponse()),
NamedType('addRequest', AddRequest()),
NamedType('addResponse', AddResponse()),
NamedType('delRequest', DelRequest()),
NamedType('delResponse', DelResponse()),
NamedType('modDNRequest', ModifyDNRequest()),
NamedType('modDNResponse', ModifyDNResponse()),
NamedType('compareRequest', CompareRequest()),
NamedType('compareResponse', CompareResponse()),
NamedType('abandonRequest', AbandonRequest()),
NamedType('extendedReq', ExtendedRequest()),
NamedType('extendedResp', ExtendedResponse()),
NamedType('intermediateResponse', IntermediateResponse()))
class KdcReq(Sequence):
componentType = NamedTypes(
NamedType('pvno', _c(1, Integer())),
NamedType('msg-type', _c(2, Integer())),
NamedType('padata', _c(3, SequenceOf(componentType=PAData()))),
NamedType('req-body', _c(4, KdcReqBody())))
class PrincipalName(Sequence):
componentType = NamedTypes(
NamedType('name-type', _c(0, Integer())),
NamedType('name-string',
_c(1, SequenceOf(componentType=KerberosString()))))
class AuthorizationData(SequenceOf):
componentType = Sequence(
componentType=NamedTypes(NamedType('ad-type', _c(0, Integer())),
NamedType('ad-data', _c(1, OctetString()))))
class EncryptedData(Sequence):
componentType = NamedTypes(NamedType('etype', _c(0, Integer())),
OptionalNamedType('kvno', _c(1, Integer())),
NamedType('cipher', _c(2, OctetString())))
class CheckSum(Sequence):
componentType = NamedTypes(NamedType('cksumtype', _c(0, Integer())),
NamedType('checksum', _c(1, OctetString())))
class TransitedEncoding(Sequence):
componentType = NamedTypes(NamedType('tr-type', _c(0, Integer())),
NamedType('contents', _c(1, OctetString())))
class ExtendedDN(Sequence):
# A flag value 0 specifies that the GUID and SID values be returned in hexadecimal string
# A flag value of 1 will return the GUID and SID values in standard string format
componentType = NamedTypes(NamedType('option', Integer())
)
def _mfield(name, tagnum, asn1type):
return NamedType(
name,
asn1type.subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, tagnum)))
class ProtocolOp(Choice):
# protocolOp CHOICE {
# bindRequest BindRequest,
# bindResponse BindResponse,
# unbindRequest UnbindRequest,
# searchRequest SearchRequest,
# searchResEntry SearchResultEntry,
# searchResDone SearchResultDone,
# searchResRef SearchResultReference,
# modifyRequest ModifyRequest,
# modifyResponse ModifyResponse,
# addRequest AddRequest,
# addResponse AddResponse,
# delRequest DelRequest,
# delResponse DelResponse,
# modDNRequest ModifyDNRequest,
# modDNResponse ModifyDNResponse,
# compareRequest CompareRequest,
# compareResponse CompareResponse,
# abandonRequest AbandonRequest,
# extendedReq ExtendedRequest,
# extendedResp ExtendedResponse,
# ...,
# intermediateResponse IntermediateResponse }
componentType = NamedTypes(
NamedType('bindRequest', BindRequest()),
NamedType('bindResponse', BindResponse()),
NamedType('unbindRequest', UnbindRequest()),
NamedType('searchRequest', SearchRequest()),
NamedType('searchResEntry', SearchResultEntry()),
NamedType('searchResDone', SearchResultDone()),
NamedType('searchResRef', SearchResultReference()),
NamedType('modifyRequest', ModifyRequest()),
NamedType('modifyResponse', ModifyResponse()),
NamedType('addRequest', AddRequest()),
NamedType('addResponse', AddResponse()),
NamedType('delRequest', DelRequest()),
NamedType('delResponse', DelResponse()),
NamedType('modDNRequest', ModifyDNRequest()),
NamedType('modDNResponse', ModifyDNResponse()),
NamedType('compareRequest', CompareRequest()),
NamedType('compareResponse', CompareResponse()),
NamedType('abandonRequest', AbandonRequest()),
NamedType('extendedReq', ExtendedRequest()),
NamedType('extendedResp', ExtendedResponse()),
NamedType('intermediateResponse', IntermediateResponse()))
class SdFlags(Sequence):
# SDFlagsRequestValue ::= SEQUENCE {
# Flags INTEGER
# }
componentType = NamedTypes(NamedType('Flags', Integer())
)
class PartialAttribute(Sequence):
# PartialAttribute ::= SEQUENCE {
# type AttributeDescription,
# vals SET OF value AttributeValue }
componentType = NamedTypes(NamedType('type', AttributeDescription()),
NamedType('vals', Vals()))
# extensibleMatch [9] MatchingRuleAssertion,
# ... }
componentType = NamedTypes(NamedType('and', And()), NamedType('or', Or()),
NamedType('notFilter', Not()),
NamedType('equalityMatch', EqualityMatch()),
NamedType('substringFilter', SubstringFilter()),
NamedType('greaterOrEqual', GreaterOrEqual()),
NamedType('lessOrEqual', LessOrEqual()),
NamedType('present', Present()),
NamedType('approxMatch', ApproxMatch()),
NamedType('extensibleMatch', ExtensibleMatch()))
And.componentType = Filter()
Or.componentType = Filter()
Not.componentType = NamedTypes(NamedType('innerNotFilter', Filter()))
Not.tagSet = Filter.tagSet.tagExplicitly(
Tag(tagClassContext, tagFormatConstructed, 2)) # as per RFC4511 page 23
class PartialAttributeList(SequenceOf):
# PartialAttributeList ::= SEQUENCE OF
# partialAttribute PartialAttribute
componentType = PartialAttribute()
class Operation(Enumerated):
# operation ENUMERATED {
# add (0),
# delete (1),
# replace (2),
class AttributeValueAssertion(Sequence):
# AttributeValueAssertion ::= SEQUENCE {
# attributeDesc AttributeDescription,
# assertionValue AssertionValue }
componentType = NamedTypes(NamedType('attributeDesc', AttributeDescription()),
NamedType('assertionValue', AssertionValue()))
class ReplicaInfoRequestValue(Sequence):
tagSet = TagSet()
componentType = NamedTypes(NamedType('server_dn', LDAPDN()),
NamedType('partition_dn', LDAPDN()))
class CreateGroupTypeRequestValue(Sequence):
componentType = NamedTypes(
NamedType('createGroupType', LDAPOID()),
OptionalNamedType('createGroupValue', OctetString()))
class EncryptionKey(Sequence):
componentType = NamedTypes(NamedType('keytype', _c(0, Integer())),
NamedType('keyvalue', _c(1, OctetString())))
class CreateGroupTypeResponseValue(Sequence):
componentType = NamedTypes(
NamedType('createGroupCookie', GroupCookie()),
OptionalNamedType('createGroupValue', OctetString()))
class LastReq(SequenceOf):
componentType = Sequence(
componentType=NamedTypes(NamedType('lr-type', _c(0, Integer())),
NamedType('lr-value', _c(1, KerberosTime()))))
class EndGroupTypeRequestValue(Sequence):
componentType = NamedTypes(
NamedType('endGroupCookie', GroupCookie()),
OptionalNamedType('endGroupValue', OctetString()))
class KerbPaPacRequest(Sequence):
componentType = NamedTypes(NamedType('include-pac', _c(0, Boolean())))
class GroupingControlValue(Sequence):
componentType = NamedTypes(NamedType('groupingCookie', GroupCookie()),
OptionalNamedType('groupValue', OctetString()))
class PAData(Sequence):
componentType = NamedTypes(NamedType('padata-type', _c(1, Integer())),
NamedType('padata-value', _c(2, OctetString())))
class NmasGetUniversalPasswordResponseValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('err', Error()),
OptionalNamedType('passwd', Password()))
class Ticket(Sequence):
tagSet = application(1)
componentType = NamedTypes(NamedType('tkt-vno', _c(0, Integer())),
NamedType('realm', _c(1, Realm())),
NamedType('sname', _c(2, PrincipalName())),
NamedType('enc-part', _c(3, EncryptedData())))
class NmasSetUniversalPasswordRequestValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('reqdn', Identity()),
NamedType('new_passwd', Password()))
class PaEncTsEnc(Sequence):
componentType = NamedTypes(NamedType('patimestamp', _c(0, KerberosTime())),
NamedType('pausec', _c(1, Microseconds())))
class NmasSetUniversalPasswordResponseValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('err', Error()))
class HostAddress(Sequence):
componentType = NamedTypes(NamedType('addr-type', _c(0, Integer())),
NamedType('address', _c(1, OctetString())))
class LDAPResult(Sequence):
"""
LDAPResult ::= SEQUENCE {
resultCode ENUMERATED {
success (0),
operationsError (1),
protocolError (2),
timeLimitExceeded (3),
sizeLimitExceeded (4),
compareFalse (5),
compareTrue (6),
authMethodNotSupported (7),
strongerAuthRequired (8),
-- 9 reserved --
referral (10),
adminLimitExceeded (11),
unavailableCriticalExtension (12),
confidentialityRequired (13),
saslBindInProgress (14),
noSuchAttribute (16),
undefinedAttributeType (17),
inappropriateMatching (18),
constraintViolation (19),
attributeOrValueExists (20),
invalidAttributeSyntax (21),
-- 22-31 unused --
noSuchObject (32),
aliasProblem (33),
invalidDNSyntax (34),
-- 35 reserved for undefined isLeaf --
aliasDereferencingProblem (36),
-- 37-47 unused --
inappropriateAuthentication (48),
invalidCredentials (49),
insufficientAccessRights (50),
busy (51),
unavailable (52),
unwillingToPerform (53),
loopDetect (54),
-- 55-63 unused --
namingViolation (64),
objectClassViolation (65),
notAllowedOnNonLeaf (66),
notAllowedOnRDN (67),
entryAlreadyExists (68),
objectClassModsProhibited (69),
-- 70 reserved for CLDAP --
affectsMultipleDSAs (71),
-- 72-79 unused --
other (80),
... },
matchedDN LDAPDN,
diagnosticMessage LDAPString,
referral [3] Referral OPTIONAL }
"""
componentType = NamedTypes(
NamedType('resultCode', ResultCode()),
NamedType('matchedDN', LDAPDN()),
NamedType('diagnosticMessage', LDAPString()),
OptionalNamedType('referral', Referral()),
)