ldap3/protocol/microsoft.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139

"""
"""

# Created on 2015.03.27
#
# Author: Giovanni Cannata
#
# Copyright 2015 - 2020 Giovanni Cannata
#
# This file is part of ldap3.
#
# ldap3 is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# ldap3 is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public License
# along with ldap3 in the COPYING and COPYING.LESSER files.
# If not, see <http://www.gnu.org/licenses/>.

import ctypes

from pyasn1.type.namedtype import NamedTypes, NamedType
from pyasn1.type.tag import Tag, tagClassApplication, tagFormatConstructed
from pyasn1.type.univ import Sequence, OctetString, Integer
from .rfc4511 import ResultCode, LDAPString
from .controls import build_control


class SicilyBindResponse(Sequence):
    # SicilyBindResponse ::= [APPLICATION 1] SEQUENCE {
    #
    #     resultCode   ENUMERATED {
    #                      success                     (0),
    #                      protocolError               (2),
    #                      adminLimitExceeded          (11),
    #                      inappropriateAuthentication (48),
    #                      invalidCredentials          (49),
    #                      busy                        (51),
    #                      unavailable                 (52),
    #                      unwillingToPerform          (53),
    #                      other                       (80) },
    #
    #     serverCreds  OCTET STRING,
    #     errorMessage LDAPString }
    # BindResponse ::= [APPLICATION 1] SEQUENCE {
    #     COMPONENTS OF LDAPResult,
    #     serverSaslCreds    [7] OCTET STRING OPTIONAL }
    tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 1))
    componentType = NamedTypes(NamedType('resultCode', ResultCode()),
                               NamedType('serverCreds', OctetString()),
                               NamedType('errorMessage', LDAPString())
                               )


class DirSyncControlRequestValue(Sequence):
    # DirSyncRequestValue  ::= SEQUENCE {
    #    Flags      integer
    #    MaxBytes   integer
    #    Cookie     OCTET STRING }
    componentType = NamedTypes(NamedType('Flags', Integer()),
                               NamedType('MaxBytes', Integer()),
                               NamedType('Cookie', OctetString())
                               )


class DirSyncControlResponseValue(Sequence):
    # DirSyncResponseValue ::= SEQUENCE {
    #    MoreResults     INTEGER
    #    unused          INTEGER
    #    CookieServer    OCTET STRING
    #     }
    componentType = NamedTypes(NamedType('MoreResults', Integer()),
                               NamedType('unused', Integer()),
                               NamedType('CookieServer', OctetString())
                               )


class SdFlags(Sequence):
    # SDFlagsRequestValue ::= SEQUENCE {
    #     Flags    INTEGER
    # }
    componentType = NamedTypes(NamedType('Flags', Integer())
                               )


class ExtendedDN(Sequence):
    # A flag value 0 specifies that the GUID and SID values be returned in hexadecimal string
    # A flag value of 1 will return the GUID and SID values in standard string format
    componentType = NamedTypes(NamedType('option', Integer())
                               )


def dir_sync_control(criticality, object_security, ancestors_first, public_data_only, incremental_values, max_length, cookie):
    control_value = DirSyncControlRequestValue()
    flags = 0x0
    if object_security:
        flags |= 0x00000001

    if ancestors_first:
        flags |= 0x00000800

    if public_data_only:
        flags |= 0x00002000

    if incremental_values:
        flags |= 0x80000000
        # converts flags to signed 32 bit (AD expects a 4 bytes long unsigned integer, but ASN.1 Integer type is signed
        # so the BER encoder gives back a 5 bytes long signed integer
        flags = ctypes.c_long(flags & 0xFFFFFFFF).value

    control_value.setComponentByName('Flags', flags)
    control_value.setComponentByName('MaxBytes', max_length)
    if cookie:
        control_value.setComponentByName('Cookie', cookie)
    else:
        control_value.setComponentByName('Cookie', OctetString(''))
    return build_control('1.2.840.113556.1.4.841', criticality, control_value)


def extended_dn_control(criticality=False, hex_format=False):
    control_value = ExtendedDN()
    control_value.setComponentByName('option', Integer(not hex_format))
    return build_control('1.2.840.113556.1.4.529', criticality, control_value)


def show_deleted_control(criticality=False):
    return build_control('1.2.840.113556.1.4.417', criticality, value=None)


def security_descriptor_control(criticality=False, sdflags=0x0F):
    sdcontrol = SdFlags()
    sdcontrol.setComponentByName('Flags', sdflags)
    return [build_control('1.2.840.113556.1.4.801', criticality, sdcontrol)]