|
12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007 |
- """
- """
-
- # Created on 2013.05.15
- #
- # Author: Giovanni Cannata
- #
- # Copyright 2014 - 2018 Giovanni Cannata
- #
- # This file is part of ldap3.
- #
- # ldap3 is free software: you can redistribute it and/or modify
- # it under the terms of the GNU Lesser General Public License as published
- # by the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # ldap3 is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- # GNU Lesser General Public License for more details.
- #
- # You should have received a copy of the GNU Lesser General Public License
- # along with ldap3 in the COPYING and COPYING.LESSER files.
- # If not, see <http://www.gnu.org/licenses/>.
-
- #######################
- # ldap ASN.1 Definition
- # from RFC4511 - Appendix B
- # extended with result codes from IANA ldap-parameters as of 2013.08.21
- # extended with modify_increment from RFC4525
-
- #########################################################
- # Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18}
- # -- Copyright (C) The Internet Society (2006). This version of
- # -- this ASN.1 module is part of RFC 4511; see the RFC itself
- # -- for full legal notices.
- # DEFINITIONS
- # IMPLICIT TAGS
- # EXTENSIBILITY IMPLIED
-
- from pyasn1.type.univ import OctetString, Integer, Sequence, Choice, SequenceOf, Boolean, Null, Enumerated, SetOf
- from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType, DefaultedNamedType
- from pyasn1.type.constraint import ValueRangeConstraint, SingleValueConstraint, ValueSizeConstraint
- from pyasn1.type.namedval import NamedValues
- from pyasn1.type.tag import tagClassApplication, tagFormatConstructed, Tag, tagClassContext, tagFormatSimple
-
-
- # constants
- # maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) --
- LDAP_MAX_INT = 2147483647
- MAXINT = Integer(LDAP_MAX_INT)
-
- # constraints
- rangeInt0ToMaxConstraint = ValueRangeConstraint(0, MAXINT)
- rangeInt1To127Constraint = ValueRangeConstraint(1, 127)
- size1ToMaxConstraint = ValueSizeConstraint(1, MAXINT)
- responseValueConstraint = SingleValueConstraint(0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 32, 33, 34, 36, 48, 49, 50, 51, 52, 53, 54, 64, 65, 66, 67, 68, 69, 71, 80, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123,
- 4096)
-
- # custom constraints
- numericOIDConstraint = None # TODO
- distinguishedNameConstraint = None # TODO
- nameComponentConstraint = None # TODO
- attributeDescriptionConstraint = None # TODO
- uriConstraint = None # TODO
- attributeSelectorConstraint = None # TODO
-
-
- class Integer0ToMax(Integer):
- subtypeSpec = Integer.subtypeSpec + rangeInt0ToMaxConstraint
-
-
- class LDAPString(OctetString):
- # LDAPString ::= OCTET STRING -- UTF-8 encoded, -- [ISO10646] characters
- encoding = 'utf-8'
-
-
- class MessageID(Integer0ToMax):
- # MessageID ::= INTEGER (0 .. maxInt)
- pass
-
-
- class LDAPOID(OctetString):
- # LDAPOID ::= OCTET STRING -- Constrained to <numericoid>
- # -- [RFC4512]
-
- # subtypeSpec = numericOIDConstraint
- pass
-
-
- class LDAPDN(LDAPString):
- # LDAPDN ::= LDAPString -- Constrained to <distinguishedName>
- # -- [RFC4514]
-
- # subtypeSpec = distinguishedName
- pass
-
-
- class RelativeLDAPDN(LDAPString):
- # RelativeLDAPDN ::= LDAPString -- Constrained to <name-component>
- # -- [RFC4514]
-
- # subtypeSpec = LDAPString.subtypeSpec + nameComponentConstraint
- pass
-
-
- class AttributeDescription(LDAPString):
- # AttributeDescription ::= LDAPString -- Constrained to <attributedescription>
- # -- [RFC4512]
-
- # subtypeSpec = LDAPString.subtypeSpec + attributeDescriptionConstraint
- pass
-
-
- class AttributeValue(OctetString):
- # AttributeValue ::= OCTET STRING
- encoding = 'utf-8'
-
-
- class AssertionValue(OctetString):
- # AssertionValue ::= OCTET STRING
- encoding = 'utf-8'
-
-
- class AttributeValueAssertion(Sequence):
- # AttributeValueAssertion ::= SEQUENCE {
- # attributeDesc AttributeDescription,
- # assertionValue AssertionValue }
- componentType = NamedTypes(NamedType('attributeDesc', AttributeDescription()),
- NamedType('assertionValue', AssertionValue()))
-
-
- class MatchingRuleId(LDAPString):
- # MatchingRuleId ::= LDAPString
- pass
-
-
- class Vals(SetOf):
- # vals SET OF value AttributeValue }
- componentType = AttributeValue()
-
-
- class ValsAtLeast1(SetOf):
- # vals SET OF value AttributeValue }
- componentType = AttributeValue()
- subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint
-
-
- class PartialAttribute(Sequence):
- # PartialAttribute ::= SEQUENCE {
- # type AttributeDescription,
- # vals SET OF value AttributeValue }
- componentType = NamedTypes(NamedType('type', AttributeDescription()),
- NamedType('vals', Vals()))
-
-
- class Attribute(Sequence):
- # Attribute ::= PartialAttribute(WITH COMPONENTS {
- # ...,
- # vals (SIZE(1..MAX))})
- componentType = NamedTypes(NamedType('type', AttributeDescription()),
- # NamedType('vals', ValsAtLeast1()))
- NamedType('vals', Vals())) # changed from ValsAtLeast1() to allow empty member values in groups - this should not be as per rfc4511 4.1.7, but openldap accept it
-
-
- class AttributeList(SequenceOf):
- # AttributeList ::= SEQUENCE OF attribute Attribute
- componentType = Attribute()
-
-
- class Simple(OctetString):
- # simple [0] OCTET STRING,
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0))
- encoding = 'utf-8'
-
-
- class Credentials(OctetString):
- # credentials OCTET STRING
- encoding = 'utf-8'
-
-
- class SaslCredentials(Sequence):
- # SaslCredentials ::= SEQUENCE {
- # mechanism LDAPString,
- # credentials OCTET STRING OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3))
- componentType = NamedTypes(NamedType('mechanism', LDAPString()),
- OptionalNamedType('credentials', Credentials()))
-
-
- # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol)
- class SicilyPackageDiscovery(OctetString):
- # sicilyPackageDiscovery [9] OCTET STRING,
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 9))
- encoding = 'utf-8'
-
-
- # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol)
- class SicilyNegotiate(OctetString):
- # sicilyNegotiate [10] OCTET STRING,
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 10))
- encoding = 'utf-8'
-
-
- # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol)
- class SicilyResponse(OctetString):
- # sicilyResponse [11] OCTET STRING,
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 11))
- encoding = 'utf-8'
-
-
- class AuthenticationChoice(Choice):
- # AuthenticationChoice ::= CHOICE {
- # simple [0] OCTET STRING,
- # -- 1 and 2 reserved
- # sasl [3] SaslCredentials,
- # ... }
-
- # from https://msdn.microsoft.com/en-us/library/cc223498.aspx # legacy NTLM authentication for Windows Active Directory
- # sicilyPackageDiscovery [9] OCTET STRING
- # sicilyNegotiate [10] OCTET STRING
- # sicilyResponse [11] OCTET STRING }
-
- componentType = NamedTypes(NamedType('simple', Simple()),
- NamedType('sasl', SaslCredentials()),
- NamedType('sicilyPackageDiscovery', SicilyPackageDiscovery()),
- NamedType('sicilyNegotiate', SicilyNegotiate()),
- NamedType('sicilyResponse', SicilyResponse()),
- )
-
-
- class Version(Integer):
- # version INTEGER (1 .. 127),
- subtypeSpec = Integer.subtypeSpec + rangeInt1To127Constraint
-
-
- class ResultCode(Enumerated):
- # resultCode ENUMERATED {
- # success (0),
- # operationsError (1),
- # protocolError (2),
- # timeLimitExceeded (3),
- # sizeLimitExceeded (4),
- # compareFalse (5),
- # compareTrue (6),
- # authMethodNotSupported (7),
- # strongerAuthRequired (8),
- # -- 9 reserved --
- # referral (10),
- # adminLimitExceeded (11),
- # unavailableCriticalExtension (12),
- # confidentialityRequired (13),
- # saslBindInProgress (14),
- # noSuchAttribute (16),
- # undefinedAttributeType (17),
- # inappropriateMatching (18),
- # constraintViolation (19),
- # attributeOrValueExists (20),
- # invalidAttributeSyntax (21),
- # -- 22-31 unused --
- # noSuchObject (32),
- # aliasProblem (33),
- # invalidDNSyntax (34),
- # -- 35 reserved for undefined isLeaf --
- # aliasDereferencingProblem (36),
- # -- 37-47 unused --
- # inappropriateAuthentication (48),
- # invalidCredentials (49),
- # insufficientAccessRights (50),
- # busy (51),
- # unavailable (52),
- # unwillingToPerform (53),
- # loopDetect (54),
- # -- 55-63 unused --
- # namingViolation (64),
- # objectClassViolation (65),
- # notAllowedOnNonLeaf (66),
- # notAllowedOnRDN (67),
- # entryAlreadyExists (68),
- # objectClassModsProhibited (69),
- # -- 70 reserved for CLDAP --
- # affectsMultipleDSAs (71),
- # -- 72-79 unused --
- # other (80),
- # ... }
- #
- # from IANA ldap-parameters:
- # lcupResourcesExhausted 113 IESG [RFC3928]
- # lcupSecurityViolation 114 IESG [RFC3928]
- # lcupInvalidData 115 IESG [RFC3928]
- # lcupUnsupportedScheme 116 IESG [RFC3928]
- # lcupReloadRequired 117 IESG [RFC3928]
- # canceled 118 IESG [RFC3909]
- # noSuchOperation 119 IESG [RFC3909]
- # tooLate 120 IESG [RFC3909]
- # cannotCancel 121 IESG [RFC3909]
- # assertionFailed 122 IESG [RFC4528]
- # authorizationDenied 123 WELTMAN [RFC4370]
- # e-syncRefreshRequired 4096 [Kurt_Zeilenga] [Jong_Hyuk_Choi] [RFC4533]
- namedValues = NamedValues(('success', 0),
- ('operationsError', 1),
- ('protocolError', 2),
- ('timeLimitExceeded', 3),
- ('sizeLimitExceeded', 4),
- ('compareFalse', 5),
- ('compareTrue', 6),
- ('authMethodNotSupported', 7),
- ('strongerAuthRequired', 8),
- ('referral', 10),
- ('adminLimitExceeded', 11),
- ('unavailableCriticalExtension', 12),
- ('confidentialityRequired', 13),
- ('saslBindInProgress', 14),
- ('noSuchAttribute', 16),
- ('undefinedAttributeType', 17),
- ('inappropriateMatching', 18),
- ('constraintViolation', 19),
- ('attributeOrValueExists', 20),
- ('invalidAttributeSyntax', 21),
- ('noSuchObject', 32),
- ('aliasProblem', 33),
- ('invalidDNSyntax', 34),
- ('aliasDereferencingProblem', 36),
- ('inappropriateAuthentication', 48),
- ('invalidCredentials', 49),
- ('insufficientAccessRights', 50),
- ('busy', 51),
- ('unavailable', 52),
- ('unwillingToPerform', 53),
- ('loopDetected', 54),
- ('namingViolation', 64),
- ('objectClassViolation', 65),
- ('notAllowedOnNonLeaf', 66),
- ('notAllowedOnRDN', 67),
- ('entryAlreadyExists', 68),
- ('objectClassModsProhibited', 69),
- ('affectMultipleDSAs', 71),
- ('other', 80),
- ('lcupResourcesExhausted', 113),
- ('lcupSecurityViolation', 114),
- ('lcupInvalidData', 115),
- ('lcupUnsupportedScheme', 116),
- ('lcupReloadRequired', 117),
- ('canceled', 118),
- ('noSuchOperation', 119),
- ('tooLate', 120),
- ('cannotCancel', 121),
- ('assertionFailed', 122),
- ('authorizationDenied', 123),
- ('e-syncRefreshRequired', 4096))
-
- subTypeSpec = Enumerated.subtypeSpec + responseValueConstraint
-
-
- class URI(LDAPString):
- # URI ::= LDAPString -- limited to characters permitted in
- # -- URIs
-
- # subtypeSpec = LDAPString.subTypeSpec + uriConstrain
- pass
-
-
- class Referral(SequenceOf):
- # Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI
- tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3))
- componentType = URI()
-
-
- class ServerSaslCreds(OctetString):
- # serverSaslCreds [7] OCTET STRING OPTIONAL
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 7))
- encoding = 'utf-8'
-
-
- class LDAPResult(Sequence):
- # LDAPResult ::= SEQUENCE {
- # resultCode ENUMERATED {
- # success (0),
- # operationsError (1),
- # protocolError (2),
- # timeLimitExceeded (3),
- # sizeLimitExceeded (4),
- # compareFalse (5),
- # compareTrue (6),
- # authMethodNotSupported (7),
- # strongerAuthRequired (8),
- # -- 9 reserved --
- # referral (10),
- # adminLimitExceeded (11),
- # unavailableCriticalExtension (12),
- # confidentialityRequired (13),
- # saslBindInProgress (14),
- # noSuchAttribute (16),
- # undefinedAttributeType (17),
- # inappropriateMatching (18),
- # constraintViolation (19),
- # attributeOrValueExists (20),
- # invalidAttributeSyntax (21),
- # -- 22-31 unused --
- # noSuchObject (32),
- # aliasProblem (33),
- # invalidDNSyntax (34),
- # -- 35 reserved for undefined isLeaf --
- # aliasDereferencingProblem (36),
- # -- 37-47 unused --
- # inappropriateAuthentication (48),
- # invalidCredentials (49),
- # insufficientAccessRights (50),
- # busy (51),
- # unavailable (52),
- # unwillingToPerform (53),
- # loopDetect (54),
- # -- 55-63 unused --
- # namingViolation (64),
- # objectClassViolation (65),
- # notAllowedOnNonLeaf (66),
- # notAllowedOnRDN (67),
- # entryAlreadyExists (68),
- # objectClassModsProhibited (69),
- # -- 70 reserved for CLDAP --
- # affectsMultipleDSAs (71),
- # -- 72-79 unused --
- # other (80),
- # ... },
- # matchedDN LDAPDN,
- # diagnosticMessage LDAPString,
- # referral [3] Referral OPTIONAL }
- componentType = NamedTypes(NamedType('resultCode', ResultCode()),
- NamedType('matchedDN', LDAPDN()),
- NamedType('diagnosticMessage', LDAPString()),
- OptionalNamedType('referral', Referral()))
-
-
- class Criticality(Boolean):
- # criticality BOOLEAN DEFAULT FALSE
- defaultValue = False
-
-
- class ControlValue(OctetString):
- # controlValue OCTET STRING
- encoding = 'utf-8'
-
-
- class Control(Sequence):
- # Control ::= SEQUENCE {
- # controlType LDAPOID,
- # criticality BOOLEAN DEFAULT FALSE,
- # controlValue OCTET STRING OPTIONAL }
- componentType = NamedTypes(NamedType('controlType', LDAPOID()),
- DefaultedNamedType('criticality', Criticality()),
- OptionalNamedType('controlValue', ControlValue()))
-
-
- class Controls(SequenceOf):
- # Controls ::= SEQUENCE OF control Control
- tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 0))
- componentType = Control()
-
-
- class Scope(Enumerated):
- # scope ENUMERATED {
- # baseObject (0),
- # singleLevel (1),
- # wholeSubtree (2),
- namedValues = NamedValues(('baseObject', 0),
- ('singleLevel', 1),
- ('wholeSubtree', 2))
-
-
- class DerefAliases(Enumerated):
- # derefAliases ENUMERATED {
- # neverDerefAliases (0),
- # derefInSearching (1),
- # derefFindingBaseObj (2),
- # derefAlways (3) },
- namedValues = NamedValues(('neverDerefAliases', 0),
- ('derefInSearching', 1),
- ('derefFindingBaseObj', 2),
- ('derefAlways', 3))
-
-
- class TypesOnly(Boolean):
- # typesOnly BOOLEAN
- pass
-
-
- class Selector(LDAPString):
- # -- The LDAPString is constrained to
- # -- <attributeSelector> in Section 4.5.1.8
-
- # subtypeSpec = LDAPString.subtypeSpec + attributeSelectorConstraint
- pass
-
-
- class AttributeSelection(SequenceOf):
- # AttributeSelection ::= SEQUENCE OF selector LDAPString
- # -- The LDAPString is constrained to
- # -- <attributeSelector> in Section 4.5.1.8
- componentType = Selector()
-
-
- class MatchingRule(MatchingRuleId):
- # matchingRule [1] MatchingRuleId
- tagSet = MatchingRuleId.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1))
-
-
- class Type(AttributeDescription):
- # type [2] AttributeDescription
- tagSet = AttributeDescription.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 2))
-
-
- class MatchValue(AssertionValue):
- # matchValue [3] AssertionValue,
- tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 3))
-
-
- class DnAttributes(Boolean):
- # dnAttributes [4] BOOLEAN DEFAULT FALSE }
- tagSet = Boolean.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 4))
- defaultValue = Boolean(False)
-
-
- class MatchingRuleAssertion(Sequence):
- # MatchingRuleAssertion ::= SEQUENCE {
- # matchingRule [1] MatchingRuleId OPTIONAL,
- # type [2] AttributeDescription OPTIONAL,
- # matchValue [3] AssertionValue,
- # dnAttributes [4] BOOLEAN DEFAULT FALSE }
- componentType = NamedTypes(OptionalNamedType('matchingRule', MatchingRule()),
- OptionalNamedType('type', Type()),
- NamedType('matchValue', MatchValue()),
- DefaultedNamedType('dnAttributes', DnAttributes()))
-
-
- class Initial(AssertionValue):
- # initial [0] AssertionValue, -- can occur at most once
- tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0))
-
-
- class Any(AssertionValue):
- # any [1] AssertionValue,
- tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1))
-
-
- class Final(AssertionValue):
- # final [1] AssertionValue, -- can occur at most once
- tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 2))
-
-
- class Substring(Choice):
- # substring CHOICE {
- # initial [0] AssertionValue, -- can occur at most once
- # any [1] AssertionValue,
- # final [2] AssertionValue } -- can occur at most once
- # }
- componentType = NamedTypes(NamedType('initial', Initial()),
- NamedType('any', Any()),
- NamedType('final', Final()))
-
-
- class Substrings(SequenceOf):
- # substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
- # ...
- # }
- subtypeSpec = SequenceOf.subtypeSpec + size1ToMaxConstraint
- componentType = Substring()
-
-
- class SubstringFilter(Sequence):
- # SubstringFilter ::= SEQUENCE {
- # type AttributeDescription,
- # substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE {
- # initial [0] AssertionValue, -- can occur at most once
- # any [1] AssertionValue,
- # final [2] AssertionValue } -- can occur at most once
- # }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 4))
- componentType = NamedTypes(NamedType('type', AttributeDescription()),
- NamedType('substrings', Substrings()))
-
-
- class And(SetOf):
- # and [0] SET SIZE (1..MAX) OF filter Filter
- tagSet = SetOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 0))
- subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint
-
-
- class Or(SetOf):
- # or [1] SET SIZE (1..MAX) OF filter Filter
- tagSet = SetOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 1))
- subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint
-
-
- class Not(Choice):
- # not [2] Filter
- pass # defined after Filter definition to allow recursion
-
-
- class EqualityMatch(AttributeValueAssertion):
- # equalityMatch [3] AttributeValueAssertion
- tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3))
-
-
- class GreaterOrEqual(AttributeValueAssertion):
- # greaterOrEqual [5] AttributeValueAssertion
- tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 5))
-
-
- class LessOrEqual(AttributeValueAssertion):
- # lessOrEqual [6] AttributeValueAssertion
- tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 6))
-
-
- class Present(AttributeDescription):
- # present [7] AttributeDescription
- tagSet = AttributeDescription.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 7))
-
-
- class ApproxMatch(AttributeValueAssertion):
- # approxMatch [8] AttributeValueAssertion
- tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 8))
-
-
- class ExtensibleMatch(MatchingRuleAssertion):
- # extensibleMatch [9] MatchingRuleAssertion
- tagSet = MatchingRuleAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 9))
-
-
- class Filter(Choice):
- # Filter ::= CHOICE {
- # and [0] SET SIZE (1..MAX) OF filter Filter,
- # or [1] SET SIZE (1..MAX) OF filter Filter,
- # not [2] Filter,
- # equalityMatch [3] AttributeValueAssertion,
- # substrings [4] SubstringFilter,
- # greaterOrEqual [5] AttributeValueAssertion,
- # lessOrEqual [6] AttributeValueAssertion,
- # present [7] AttributeDescription,
- # approxMatch [8] AttributeValueAssertion,
- # extensibleMatch [9] MatchingRuleAssertion,
- # ... }
- componentType = NamedTypes(NamedType('and', And()),
- NamedType('or', Or()),
- NamedType('notFilter', Not()),
- NamedType('equalityMatch', EqualityMatch()),
- NamedType('substringFilter', SubstringFilter()),
- NamedType('greaterOrEqual', GreaterOrEqual()),
- NamedType('lessOrEqual', LessOrEqual()),
- NamedType('present', Present()),
- NamedType('approxMatch', ApproxMatch()),
- NamedType('extensibleMatch', ExtensibleMatch()))
-
-
- And.componentType = Filter()
- Or.componentType = Filter()
- Not.componentType = NamedTypes(NamedType('innerNotFilter', Filter()))
- Not.tagSet = Filter.tagSet.tagExplicitly(Tag(tagClassContext, tagFormatConstructed, 2)) # as per RFC4511 page 23
-
-
- class PartialAttributeList(SequenceOf):
- # PartialAttributeList ::= SEQUENCE OF
- # partialAttribute PartialAttribute
- componentType = PartialAttribute()
-
-
- class Operation(Enumerated):
- # operation ENUMERATED {
- # add (0),
- # delete (1),
- # replace (2),
- # ... }
- namedValues = NamedValues(('add', 0),
- ('delete', 1),
- ('replace', 2),
- ('increment', 3))
-
-
- class Change(Sequence):
- # change SEQUENCE {
- # operation ENUMERATED {
- # add (0),
- # delete (1),
- # replace (2),
- # ... },
- # modification PartialAttribute } }
- componentType = NamedTypes(NamedType('operation', Operation()),
- NamedType('modification', PartialAttribute()))
-
-
- class Changes(SequenceOf):
- # changes SEQUENCE OF change SEQUENCE
- componentType = Change()
-
-
- class DeleteOldRDN(Boolean):
- # deleteoldrdn BOOLEAN
- pass
-
-
- class NewSuperior(LDAPDN):
- # newSuperior [0] LDAPDN
- tagSet = LDAPDN.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0))
-
-
- class RequestName(LDAPOID):
- # requestName [0] LDAPOID
- tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0))
-
-
- class RequestValue(OctetString):
- # requestValue [1] OCTET STRING
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1))
- encoding = 'utf-8'
-
-
- class ResponseName(LDAPOID):
- # responseName [10] LDAPOID
- tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 10))
-
-
- class ResponseValue(OctetString):
- # responseValue [11] OCTET STRING
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 11))
- encoding = 'utf-8'
-
-
- class IntermediateResponseName(LDAPOID):
- # responseName [0] LDAPOID
- tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0))
-
-
- class IntermediateResponseValue(OctetString):
- # responseValue [1] OCTET STRING
- tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1))
- encoding = 'utf-8'
-
-
- # operations
- class BindRequest(Sequence):
- # BindRequest ::= [APPLICATION 0] SEQUENCE {
- # version INTEGER (1 .. 127),
- # name LDAPDN,
- # authentication AuthenticationChoice }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 0))
- componentType = NamedTypes(NamedType('version', Version()),
- NamedType('name', LDAPDN()),
- NamedType('authentication', AuthenticationChoice()))
-
-
- class BindResponse(Sequence):
- # BindResponse ::= [APPLICATION 1] SEQUENCE {
- # COMPONENTS OF LDAPResult,
- # serverSaslCreds [7] OCTET STRING OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 1))
- componentType = NamedTypes(NamedType('resultCode', ResultCode()),
- NamedType('matchedDN', LDAPDN()),
- NamedType('diagnosticMessage', LDAPString()),
- OptionalNamedType('referral', Referral()),
- OptionalNamedType('serverSaslCreds', ServerSaslCreds()))
-
-
- class UnbindRequest(Null):
- # UnbindRequest ::= [APPLICATION 2] NULL
- tagSet = Null.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 2))
-
-
- class SearchRequest(Sequence):
- # SearchRequest ::= [APPLICATION 3] SEQUENCE {
- # baseObject LDAPDN,
- # scope ENUMERATED {
- # baseObject (0),
- # singleLevel (1),
- # wholeSubtree (2),
- # ... },
- # derefAliases ENUMERATED {
- # neverDerefAliases (0),
- # derefInSearching (1),
- # derefFindingBaseObj (2),
- # derefAlways (3) },
- # sizeLimit INTEGER (0 .. maxInt),
- # timeLimit INTEGER (0 .. maxInt),
- # typesOnly BOOLEAN,
- # filter Filter,
- # attributes AttributeSelection }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 3))
- componentType = NamedTypes(NamedType('baseObject', LDAPDN()),
- NamedType('scope', Scope()),
- NamedType('derefAliases', DerefAliases()),
- NamedType('sizeLimit', Integer0ToMax()),
- NamedType('timeLimit', Integer0ToMax()),
- NamedType('typesOnly', TypesOnly()),
- NamedType('filter', Filter()),
- NamedType('attributes', AttributeSelection()))
-
-
- class SearchResultReference(SequenceOf):
- # SearchResultReference ::= [APPLICATION 19] SEQUENCE
- # SIZE (1..MAX) OF uri URI
- tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 19))
- subtypeSpec = SequenceOf.subtypeSpec + size1ToMaxConstraint
- componentType = URI()
-
-
- class SearchResultEntry(Sequence):
- # SearchResultEntry ::= [APPLICATION 4] SEQUENCE {
- # objectName LDAPDN,
- # attributes PartialAttributeList }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 4))
- componentType = NamedTypes(NamedType('object', LDAPDN()),
- NamedType('attributes', PartialAttributeList()))
-
-
- class SearchResultDone(LDAPResult):
- # SearchResultDone ::= [APPLICATION 5] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 5))
-
-
- class ModifyRequest(Sequence):
- # ModifyRequest ::= [APPLICATION 6] SEQUENCE {
- # object LDAPDN,
- # changes SEQUENCE OF change SEQUENCE {
- # operation ENUMERATED {
- # add (0),
- # delete (1),
- # replace (2),
- # ... },
- # modification PartialAttribute } }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 6))
- componentType = NamedTypes(NamedType('object', LDAPDN()),
- NamedType('changes', Changes()))
-
-
- class ModifyResponse(LDAPResult):
- # ModifyResponse ::= [APPLICATION 7] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 7))
-
-
- class AddRequest(Sequence):
- # AddRequest ::= [APPLICATION 8] SEQUENCE {
- # entry LDAPDN,
- # attributes AttributeList }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 8))
- componentType = NamedTypes(NamedType('entry', LDAPDN()),
- NamedType('attributes', AttributeList()))
-
-
- class AddResponse(LDAPResult):
- # AddResponse ::= [APPLICATION 9] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 9))
-
-
- class DelRequest(LDAPDN):
- # DelRequest ::= [APPLICATION 10] LDAPDN
- tagSet = LDAPDN.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 10))
-
-
- class DelResponse(LDAPResult):
- # DelResponse ::= [APPLICATION 11] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 11))
-
-
- class ModifyDNRequest(Sequence):
- # ModifyDNRequest ::= [APPLICATION 12] SEQUENCE {
- # entry LDAPDN,
- # newrdn RelativeLDAPDN,
- # deleteoldrdn BOOLEAN,
- # newSuperior [0] LDAPDN OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 12))
- componentType = NamedTypes(NamedType('entry', LDAPDN()),
- NamedType('newrdn', RelativeLDAPDN()),
- NamedType('deleteoldrdn', DeleteOldRDN()),
- OptionalNamedType('newSuperior', NewSuperior()))
-
-
- class ModifyDNResponse(LDAPResult):
- # ModifyDNResponse ::= [APPLICATION 13] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 13))
-
-
- class CompareRequest(Sequence):
- # CompareRequest ::= [APPLICATION 14] SEQUENCE {
- # entry LDAPDN,
- # ava AttributeValueAssertion }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 14))
- componentType = NamedTypes(NamedType('entry', LDAPDN()),
- NamedType('ava', AttributeValueAssertion()))
-
-
- class CompareResponse(LDAPResult):
- # CompareResponse ::= [APPLICATION 15] LDAPResult
- tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 15))
-
-
- class AbandonRequest(MessageID):
- # AbandonRequest ::= [APPLICATION 16] MessageID
- tagSet = MessageID.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 16))
-
-
- class ExtendedRequest(Sequence):
- # ExtendedRequest ::= [APPLICATION 23] SEQUENCE {
- # requestName [0] LDAPOID,
- # requestValue [1] OCTET STRING OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 23))
- componentType = NamedTypes(NamedType('requestName', RequestName()),
- OptionalNamedType('requestValue', RequestValue()))
-
-
- class ExtendedResponse(Sequence):
- # ExtendedResponse ::= [APPLICATION 24] SEQUENCE {
- # COMPONENTS OF LDAPResult,
- # responseName [10] LDAPOID OPTIONAL,
- # responseValue [11] OCTET STRING OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 24))
- componentType = NamedTypes(NamedType('resultCode', ResultCode()),
- NamedType('matchedDN', LDAPDN()),
- NamedType('diagnosticMessage', LDAPString()),
- OptionalNamedType('referral', Referral()),
- OptionalNamedType('responseName', ResponseName()),
- OptionalNamedType('responseValue', ResponseValue()))
-
-
- class IntermediateResponse(Sequence):
- # IntermediateResponse ::= [APPLICATION 25] SEQUENCE {
- # responseName [0] LDAPOID OPTIONAL,
- # responseValue [1] OCTET STRING OPTIONAL }
- tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 25))
- componentType = NamedTypes(OptionalNamedType('responseName', IntermediateResponseName()),
- OptionalNamedType('responseValue', IntermediateResponseValue()))
-
-
- class ProtocolOp(Choice):
- # protocolOp CHOICE {
- # bindRequest BindRequest,
- # bindResponse BindResponse,
- # unbindRequest UnbindRequest,
- # searchRequest SearchRequest,
- # searchResEntry SearchResultEntry,
- # searchResDone SearchResultDone,
- # searchResRef SearchResultReference,
- # modifyRequest ModifyRequest,
- # modifyResponse ModifyResponse,
- # addRequest AddRequest,
- # addResponse AddResponse,
- # delRequest DelRequest,
- # delResponse DelResponse,
- # modDNRequest ModifyDNRequest,
- # modDNResponse ModifyDNResponse,
- # compareRequest CompareRequest,
- # compareResponse CompareResponse,
- # abandonRequest AbandonRequest,
- # extendedReq ExtendedRequest,
- # extendedResp ExtendedResponse,
- # ...,
- # intermediateResponse IntermediateResponse }
- componentType = NamedTypes(NamedType('bindRequest', BindRequest()),
- NamedType('bindResponse', BindResponse()),
- NamedType('unbindRequest', UnbindRequest()),
- NamedType('searchRequest', SearchRequest()),
- NamedType('searchResEntry', SearchResultEntry()),
- NamedType('searchResDone', SearchResultDone()),
- NamedType('searchResRef', SearchResultReference()),
- NamedType('modifyRequest', ModifyRequest()),
- NamedType('modifyResponse', ModifyResponse()),
- NamedType('addRequest', AddRequest()),
- NamedType('addResponse', AddResponse()),
- NamedType('delRequest', DelRequest()),
- NamedType('delResponse', DelResponse()),
- NamedType('modDNRequest', ModifyDNRequest()),
- NamedType('modDNResponse', ModifyDNResponse()),
- NamedType('compareRequest', CompareRequest()),
- NamedType('compareResponse', CompareResponse()),
- NamedType('abandonRequest', AbandonRequest()),
- NamedType('extendedReq', ExtendedRequest()),
- NamedType('extendedResp', ExtendedResponse()),
- NamedType('intermediateResponse', IntermediateResponse()))
-
-
- class LDAPMessage(Sequence):
- # LDAPMessage ::= SEQUENCE {
- # messageID MessageID,
- # protocolOp CHOICE {
- # bindRequest BindRequest,
- # bindResponse BindResponse,
- # unbindRequest UnbindRequest,
- # searchRequest SearchRequest,
- # searchResEntry SearchResultEntry,
- # searchResDone SearchResultDone,
- # searchResRef SearchResultReference,
- # modifyRequest ModifyRequest,
- # modifyResponse ModifyResponse,
- # addRequest AddRequest,
- # addResponse AddResponse,
- # delRequest DelRequest,
- # delResponse DelResponse,
- # modDNRequest ModifyDNRequest,
- # modDNResponse ModifyDNResponse,
- # compareRequest CompareRequest,
- # compareResponse CompareResponse,
- # abandonRequest AbandonRequest,
- # extendedReq ExtendedRequest,
- # extendedResp ExtendedResponse,
- # ...,
- # intermediateResponse IntermediateResponse },
- # controls [0] Controls OPTIONAL }
- componentType = NamedTypes(NamedType('messageID', MessageID()),
- NamedType('protocolOp', ProtocolOp()),
- OptionalNamedType('controls', Controls()))
|