12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- # -*- coding: utf-8 -*-
- """
- ldap.controls.ppolicy - classes for Password Policy controls
- (see https://tools.ietf.org/html/draft-behera-ldap-password-policy)
-
- See https://www.python-ldap.org/ for project details.
- """
-
- __all__ = [
- 'PasswordPolicyControl'
- ]
-
- # Imports from python-ldap 2.4+
- from ldap.controls import (
- ResponseControl, ValueLessRequestControl, KNOWN_RESPONSE_CONTROLS
- )
-
- # Imports from pyasn1
- from pyasn1.type import tag,namedtype,namedval,univ,constraint
- from pyasn1.codec.der import decoder
-
-
- class PasswordPolicyWarning(univ.Choice):
- componentType = namedtype.NamedTypes(
- namedtype.NamedType('timeBeforeExpiration',univ.Integer().subtype(
- implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0)
- )),
- namedtype.NamedType('graceAuthNsRemaining',univ.Integer().subtype(
- implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1)
- )),
- )
-
-
- class PasswordPolicyError(univ.Enumerated):
- namedValues = namedval.NamedValues(
- ('passwordExpired',0),
- ('accountLocked',1),
- ('changeAfterReset',2),
- ('passwordModNotAllowed',3),
- ('mustSupplyOldPassword',4),
- ('insufficientPasswordQuality',5),
- ('passwordTooShort',6),
- ('passwordTooYoung',7),
- ('passwordInHistory',8)
- )
- subtypeSpec = univ.Enumerated.subtypeSpec + constraint.SingleValueConstraint(0,1,2,3,4,5,6,7,8)
-
-
- class PasswordPolicyResponseValue(univ.Sequence):
- componentType = namedtype.NamedTypes(
- namedtype.OptionalNamedType(
- 'warning',
- PasswordPolicyWarning().subtype(
- implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,0)
- ),
- ),
- namedtype.OptionalNamedType(
- 'error',PasswordPolicyError().subtype(
- implicitTag=tag.Tag(tag.tagClassContext,tag.tagFormatSimple,1)
- )
- ),
- )
-
-
- class PasswordPolicyControl(ValueLessRequestControl,ResponseControl):
- controlType = '1.3.6.1.4.1.42.2.27.8.5.1'
-
- def __init__(self,criticality=False):
- self.criticality = criticality
-
- def decodeControlValue(self,encodedControlValue):
- ppolicyValue,_ = decoder.decode(encodedControlValue,asn1Spec=PasswordPolicyResponseValue())
- self.timeBeforeExpiration = None
- self.graceAuthNsRemaining = None
- self.error = None
-
- warning = ppolicyValue.getComponentByName('warning')
- if warning.hasValue():
- if 'timeBeforeExpiration' in warning:
- self.timeBeforeExpiration = int(
- warning.getComponentByName('timeBeforeExpiration'))
- if 'graceAuthNsRemaining' in warning:
- self.graceAuthNsRemaining = int(
- warning.getComponentByName('graceAuthNsRemaining'))
-
- error = ppolicyValue.getComponentByName('error')
- if error.hasValue():
- self.error = int(error)
-
-
- KNOWN_RESPONSE_CONTROLS[PasswordPolicyControl.controlType] = PasswordPolicyControl
|