class GeneralName(Choice):
# pylint: disable=C0111,R0903
componentType = NamedTypes(
NamedType(
'otherName',
OtherName().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 0))),
NamedType(
'rfc822Name',
IA5String().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 1))),
NamedType(
'dNSName',
IA5String().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 2))),
NamedType(
'x400Address',
OctetString().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 3))),
NamedType(
'directoryName',
Name().subtype(implicitTag=tag.Tag(tag.tagClassContext,
tag.tagFormatSimple, 4))),
NamedType(
'ediPartyName',
OctetString().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 5))),
NamedType(
'uniformResourceIdentifier',
IA5String().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 6))),
NamedType(
'iPAddress',
OctetString().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 7))),
NamedType(
'registeredID',
ObjectIdentifier().subtype(implicitTag=tag.Tag(
tag.tagClassContext, tag.tagFormatSimple, 8))),
)
class Filter(Choice):
# Filter ::= CHOICE {
# and [0] SET SIZE (1..MAX) OF filter Filter,
# or [1] SET SIZE (1..MAX) OF filter Filter,
# not [2] Filter,
# equalityMatch [3] AttributeValueAssertion,
# substrings [4] SubstringFilter,
# greaterOrEqual [5] AttributeValueAssertion,
# lessOrEqual [6] AttributeValueAssertion,
# present [7] AttributeDescription,
# approxMatch [8] AttributeValueAssertion,
# extensibleMatch [9] MatchingRuleAssertion,
# ... }
componentType = NamedTypes(NamedType('and', And()), NamedType('or', Or()),
NamedType('notFilter', Not()),
NamedType('equalityMatch', EqualityMatch()),
NamedType('substringFilter', SubstringFilter()),
NamedType('greaterOrEqual', GreaterOrEqual()),
NamedType('lessOrEqual', LessOrEqual()),
NamedType('present', Present()),
NamedType('approxMatch', ApproxMatch()),
NamedType('extensibleMatch', ExtensibleMatch()))
class Condition(Choice):
componentType = NamedTypes(
NamedType(
'preimageSha256',
SimpleSha256Condition().subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 0))),
NamedType(
'prefixSha256',
CompoundSha256Condition().subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 1))),
NamedType(
'thresholdSha256',
CompoundSha256Condition().subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 2))),
NamedType(
'rsaSha256',
SimpleSha256Condition().subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 3))),
NamedType(
'ed25519Sha256',
SimpleSha256Condition().subtype(
implicitTag=Tag(tagClassContext, tagFormatConstructed, 4))),
)
class NegTokenResp(Sequence):
"""
[RFC-4178]
4.2.2 negTokenResp
The response message for NegTokenInit.
NegTokenResp ::= SEQUENCE {
negStat [0] NegState OPTIONAL,
supportedMech [1] MechType OPTIONAL,
responseToken [2] OCTET STRING OPTIONAL,
mechListMIC {3] OCTET STRING OPTIONAL,
...
}
"""
componentType = NamedTypes(
OptionalNamedType(
'negStat', NegStat().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 0)
)
),
OptionalNamedType(
'supportedMech', ObjectIdentifier().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 1)
)
),
OptionalNamedType(
'responseToken', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 2)
)
),
OptionalNamedType(
'mechListMIC', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 3)
)
)
)
class LDAPMessage(Sequence):
"""
LDAPMessage ::= SEQUENCE {
messageID MessageID,
protocolOp CHOICE {
bindRequest BindRequest,
bindResponse BindResponse,
unbindRequest UnbindRequest,
searchRequest SearchRequest,
searchResEntry SearchResultEntry,
searchResDone SearchResultDone,
searchResRef SearchResultReference,
modifyRequest ModifyRequest,
modifyResponse ModifyResponse,
addRequest AddRequest,
addResponse AddResponse,
delRequest DelRequest,
delResponse DelResponse,
modDNRequest ModifyDNRequest,
modDNResponse ModifyDNResponse,
compareRequest CompareRequest,
compareResponse CompareResponse,
abandonRequest AbandonRequest,
extendedReq ExtendedRequest,
extendedResp ExtendedResponse,
...,
intermediateResponse IntermediateResponse },
controls [0] Controls OPTIONAL }
MessageID ::= INTEGER (0 .. maxInt)
maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
"""
componentType = NamedTypes(NamedType('messageID', MessageID()),
NamedType('protocolOp', ProtocolOp()),
OptionalNamedType('controls', Controls()))
class TSCredentials(Sequence):
"""
[MS-CSSP] 2.2.1.2 TSCredentials
https://msdn.microsoft.com/en-us/library/cc226782.aspx
Contains the user's credentials and their type to send to the server.
TSCredentials ::= SEQUENCE {
credType [0] INTEGER,
credentials [1] OCTET STRING
}
"""
componentType = NamedTypes(
NamedType(
'credType', Integer().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 0)
)
),
NamedType(
'credentials', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatConstructed, 1)
)
)
)
class NegHints(Sequence):
"""
[MS-SPNG] v14.0 2017-09-15
2.2.1 NegTokenInit2
NegHints is an extension of NegTokenInit.
NegHints ::= SEQUENCE {
hintName[0] GeneralString OPTIONAL,
hintAddress[1] OCTET STRING OPTIONAL
}
"""
componentType = NamedTypes(
OptionalNamedType(
'hintName', GeneralString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 0)
)
),
OptionalNamedType(
'hintAddress', OctetString().subtype(
explicitTag=Tag(tagClassContext, tagFormatSimple, 1)
)
)
)
class SicilyBindResponse(Sequence):
# SicilyBindResponse ::= [APPLICATION 1] SEQUENCE {
#
# resultCode ENUMERATED {
# success (0),
# protocolError (2),
# adminLimitExceeded (11),
# inappropriateAuthentication (48),
# invalidCredentials (49),
# busy (51),
# unavailable (52),
# unwillingToPerform (53),
# other (80) },
#
# serverCreds OCTET STRING,
# errorMessage LDAPString }
# BindResponse ::= [APPLICATION 1] SEQUENCE {
# COMPONENTS OF LDAPResult,
# serverSaslCreds [7] OCTET STRING OPTIONAL }
tagSet = Sequence.tagSet.tagImplicitly(
Tag(tagClassApplication, tagFormatConstructed, 1))
componentType = NamedTypes(NamedType('resultCode', ResultCode()),
NamedType('serverCreds', OctetString()),
NamedType('errorMessage', LDAPString()))
class Cypher(Sequence):
componentType = NamedTypes(NamedType('oid',ObjectIdentifier()), NamedType('iv',OctetString()))
class NmasSetUniversalPasswordResponseValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('err', Error()))
class ReplicaInfoRequestValue(Sequence):
tagSet = TagSet()
componentType = NamedTypes(NamedType('server_dn', LDAPDN()),
NamedType('partition_dn', LDAPDN()))
class NmasGetUniversalPasswordResponseValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('err', Error()),
OptionalNamedType('passwd', Password()))
class NmasSetUniversalPasswordRequestValue(Sequence):
componentType = NamedTypes(NamedType('nmasver', NmasVer()),
NamedType('reqdn', Identity()),
NamedType('new_passwd', Password()))
class EncryptedData(Sequence):
componentType = NamedTypes(
NamedType('etype', _c(0, Integer())),
OptionalNamedType('kvno', _c(1, Integer())),
NamedType('cipher', _c(2, OctetString())))
class GroupingControlValue(Sequence):
componentType = NamedTypes(NamedType('groupingCookie', GroupCookie()),
OptionalNamedType('groupValue', OctetString()))
class PartialAttribute(Sequence):
# PartialAttribute ::= SEQUENCE {
# type AttributeDescription,
# vals SET OF value AttributeValue }
componentType = NamedTypes(NamedType('type', AttributeDescription()),
NamedType('vals', Vals()))
class ExtendedDN(Sequence):
# A flag value 0 specifies that the GUID and SID values be returned in hexadecimal string
# A flag value of 1 will return the GUID and SID values in standard string format
componentType = NamedTypes(NamedType('option', Integer()))
class EncryptedPrivateKeyInfo(Sequence):
componentType = NamedTypes(
NamedType("encryptionAlgorithm", AlgorithmIdentifier()),
NamedType("encryptedData", OctetString()))
class CreateGroupTypeRequestValue(Sequence):
componentType = NamedTypes(
NamedType('createGroupType', LDAPOID()),
OptionalNamedType('createGroupValue', OctetString()))
class Attribute(Sequence):
componentType = NamedTypes(NamedType("type", ObjectIdentifier()),
NamedType("vals", SetOf(componentType=Any())))
class AttributeTypeAndValue(Sequence):
componentType = NamedTypes(NamedType("type", ObjectIdentifier()),
NamedType("value", Any()))
class AlgorithmIdentifier(Sequence):
componentType = NamedTypes(NamedType("algorithm", ObjectIdentifier()),
OptionalNamedType("parameters", Any()))
class LoginData(Sequence):
componentType = NamedTypes(NamedType('key_id', OctetString()),NamedType('cypher', Cypher()),NamedType('cypherText', OctetString()))
class HostAddress(Sequence):
componentType = NamedTypes(
NamedType('addr-type', _c(0, Integer())),
NamedType('address', _c(1, OctetString())))
class EndGroupTypeResponseValue(Sequence):
componentType = NamedTypes(
OptionalNamedType('endGroupValue', OctetString()))
class PAData(Sequence):
componentType = NamedTypes(
NamedType('padata-type', _c(1, Integer())),
NamedType('padata-value', _c(2, OctetString())))
# extensibleMatch [9] MatchingRuleAssertion,
# ... }
componentType = NamedTypes(NamedType('and', And()), NamedType('or', Or()),
NamedType('notFilter', Not()),
NamedType('equalityMatch', EqualityMatch()),
NamedType('substringFilter', SubstringFilter()),
NamedType('greaterOrEqual', GreaterOrEqual()),
NamedType('lessOrEqual', LessOrEqual()),
NamedType('present', Present()),
NamedType('approxMatch', ApproxMatch()),
NamedType('extensibleMatch', ExtensibleMatch()))
And.componentType = Filter()
Or.componentType = Filter()
Not.componentType = NamedTypes(NamedType('innerNotFilter', Filter()))
Not.tagSet = Filter.tagSet.tagExplicitly(
Tag(tagClassContext, tagFormatConstructed, 2)) # as per RFC4511 page 23
class PartialAttributeList(SequenceOf):
# PartialAttributeList ::= SEQUENCE OF
# partialAttribute PartialAttribute
componentType = PartialAttribute()
class Operation(Enumerated):
# operation ENUMERATED {
# add (0),
# delete (1),
# replace (2),
class PrincipalName(Sequence):
componentType = NamedTypes(
NamedType('name-type', _c(0, Integer())),
NamedType('name-string', _c(1, SequenceOf(componentType=KerberosString()))))
class CreateGroupTypeResponseValue(Sequence):
componentType = NamedTypes(
NamedType('createGroupCookie', GroupCookie()),
OptionalNamedType('createGroupValue', OctetString()))
class EndGroupTypeRequestValue(Sequence):
componentType = NamedTypes(
NamedType('endGroupCookie', GroupCookie()),
OptionalNamedType('endGroupValue', OctetString()))