diff options
Diffstat (limited to 'epan/dissectors/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn')
| -rw-r--r-- | epan/dissectors/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn | 540 |
1 files changed, 540 insertions, 0 deletions
diff --git a/epan/dissectors/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn b/epan/dissectors/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn new file mode 100644 index 0000000000..9059eea9ec --- /dev/null +++ b/epan/dissectors/asn1/ldap/Lightweight-Directory-Access-Protocol-V3.asn @@ -0,0 +1,540 @@ +-- Module Lightweight-Directory-Access-Protocol-V3 (RFC 2251:12/1997) +Lightweight-Directory-Access-Protocol-V3 +-- +-- This is based on the ASN.1 definitions in RFC 2251, with changes made +-- as necessary for Wireshark. +-- Copyright (C) The Internet Society (1997). This version of +-- this ASN.1 module is part of RFC 2251; +-- see the RFC itself for full legal notices. +-- +DEFINITIONS IMPLICIT TAGS ::= +BEGIN + +LDAPMessage ::= SEQUENCE { + messageID MessageID, + protocolOp ProtocolOp, + controls [0] Controls OPTIONAL +} + +MessageID ::= INTEGER(0..maxInt) + +ProtocolOp ::= CHOICE { + bindRequest BindRequest, + bindResponse BindResponse, + unbindRequest UnbindRequest, + searchRequest SearchRequest, + searchResEntry SearchResultEntry, + searchResDone SearchResultDone, + searchResRef SearchResultReference, + modifyRequest ModifyRequest, + modifyResponse ModifyResponse, + addRequest AddRequest, + addResponse AddResponse, + delRequest DelRequest, + delResponse DelResponse, + modDNRequest ModifyDNRequest, + modDNResponse ModifyDNResponse, + compareRequest CompareRequest, + compareResponse CompareResponse, + abandonRequest AbandonRequest, + extendedReq ExtendedRequest, + extendedResp ExtendedResponse, + intermediateResponse IntermediateResponse + } + + +maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) + +LDAPString ::= OCTET STRING + +LDAPOID ::= OCTET STRING + +LDAPDN ::= LDAPString + +RelativeLDAPDN ::= LDAPString + +AttributeType ::= LDAPString + +AttributeDescription ::= LDAPString + +AttributeDescriptionList ::= SEQUENCE OF AttributeDescription + +AttributeValue ::= OCTET STRING + +AttributeValueAssertion ::= SEQUENCE { + attributeDesc AttributeDescription, + assertionValue AssertionValue +} + +AssertionValue ::= OCTET STRING + +Attribute ::= SEQUENCE {type AttributeDescription, + vals SET OF AttributeValue +} + +MatchingRuleId ::= LDAPString + +LDAPResult ::= SEQUENCE { + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL +} + +Referral ::= SEQUENCE OF LDAPURL + +LDAPURL ::= OCTET STRING -- LDAPString - - limited to characters permitted in URLs + +Controls ::= SEQUENCE OF Control + +Control ::= SEQUENCE { + controlType ControlType, + criticality BOOLEAN DEFAULT FALSE, + controlValue OCTET STRING OPTIONAL +} + +ControlType ::= LDAPOID + +BindRequest ::= [APPLICATION 0] SEQUENCE { + version INTEGER(1..127), + name LDAPDN, + authentication AuthenticationChoice +} + +AuthenticationChoice ::= CHOICE { + simple [0] Simple, + -- 1 and 2 reserved + sasl [3] SaslCredentials, + -- 10,11 from bug 1148 + ntlmsspNegotiate [10] IMPLICIT OCTET STRING, + ntlmsspAuth [11] IMPLICIT OCTET STRING +} + +Simple ::= OCTET STRING + +SaslCredentials ::= SEQUENCE { + mechanism Mechanism, + credentials Credentials OPTIONAL +} + +--4.1.2. String Types +-- +-- The LDAPString is a notational convenience to indicate that, although +-- strings of LDAPString type encode as OCTET STRING types, the ISO +-- 10646 [13] character set (a superset of Unicode) is used, encoded +-- following the UTF-8 algorithm [14]. Note that in the UTF-8 algorithm +-- characters which are the same as ASCII (0x0000 through 0x007F) are +-- represented as that same ASCII character in a single byte. The other +-- byte values are used to form a variable-length encoding of an +-- arbitrary character. + +-- Mechanism ::= LDAPString +Mechanism ::= OCTET STRING + +Credentials ::= OCTET STRING + +BindResponse ::= [APPLICATION 1] SEQUENCE { +-- COMPONENTS OF LDAPResult, + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, + +-- end of components + serverSaslCreds [7] ServerSaslCreds OPTIONAL +} + +ServerSaslCreds ::= OCTET STRING + +ErrorMessage ::= LDAPString + +UnbindRequest ::= [APPLICATION 2] NULL + +SearchRequest ::= [APPLICATION 3] SEQUENCE { + baseObject LDAPDN, + scope ENUMERATED {baseObject(0), singleLevel(1), wholeSubtree(2)}, + derefAliases + ENUMERATED {neverDerefAliases(0), derefInSearching(1), + derefFindingBaseObj(2), derefAlways(3)}, + sizeLimit INTEGER(0..maxInt), + timeLimit INTEGER(0..maxInt), + typesOnly BOOLEAN, + filter Filter, + attributes AttributeDescriptionList +} + +Filter ::= CHOICE { + and [0] SET OF Filter, + or [1] SET OF Filter, + not [2] Filter, + equalityMatch [3] AttributeValueAssertion, + substrings [4] SubstringFilter, + greaterOrEqual [5] AttributeValueAssertion, + lessOrEqual [6] AttributeValueAssertion, + present [7] AttributeDescription, + approxMatch [8] AttributeValueAssertion, + extensibleMatch [9] MatchingRuleAssertion +} + +SubstringFilter ::= SEQUENCE { + type AttributeDescription, + -- at least one must be present + substrings + SEQUENCE OF + CHOICE {initial [0] LDAPString, + any [1] LDAPString, + final [2] LDAPString} +} + +MatchingRuleAssertion ::= SEQUENCE { + matchingRule [1] MatchingRuleId OPTIONAL, + type [2] AttributeDescription OPTIONAL, + matchValue [3] AssertionValue, + dnAttributes [4] BOOLEAN DEFAULT FALSE +} + +SearchResultEntry ::= [APPLICATION 4] SEQUENCE { + objectName LDAPDN, + attributes PartialAttributeList +} + +PartialAttributeList ::= + SEQUENCE OF SEQUENCE {type AttributeDescription, + vals SET OF AttributeValue} + +SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL + +SearchResultDone ::= [APPLICATION 5] LDAPResult + +ModifyRequest ::= [APPLICATION 6] SEQUENCE { + object LDAPDN, + modification + SEQUENCE OF + SEQUENCE {operation ENUMERATED {add(0), delete(1), replace(2)}, + modification AttributeTypeAndValues} +} + +AttributeTypeAndValues ::= SEQUENCE { + type AttributeDescription, + vals SET OF AttributeValue +} + +ModifyResponse ::= [APPLICATION 7] LDAPResult + +AddRequest ::= [APPLICATION 8] SEQUENCE { + entry LDAPDN, + attributes AttributeList +} + +AttributeList ::= + SEQUENCE OF SEQUENCE {type AttributeDescription, + vals SET OF AttributeValue} + +AddResponse ::= [APPLICATION 9] LDAPResult + +DelRequest ::= [APPLICATION 10] LDAPDN + +DelResponse ::= [APPLICATION 11] LDAPResult + +ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { + entry LDAPDN, + newrdn RelativeLDAPDN, + deleteoldrdn BOOLEAN, + newSuperior [0] LDAPDN OPTIONAL +} + +ModifyDNResponse ::= [APPLICATION 13] LDAPResult + +CompareRequest ::= [APPLICATION 14] SEQUENCE { + entry LDAPDN, + ava AttributeValueAssertion +} + +CompareResponse ::= [APPLICATION 15] LDAPResult + +AbandonRequest ::= [APPLICATION 16] MessageID + +ExtendedRequest ::= [APPLICATION 23] SEQUENCE { + requestName [0] LDAPOID, + requestValue [1] OCTET STRING OPTIONAL +} + +ExtendedResponse ::= [APPLICATION 24] SEQUENCE { +-- COMPONENTS OF LDAPResult, + resultCode + ENUMERATED {success(0), operationsError(1), protocolError(2), + timeLimitExceeded(3), sizeLimitExceeded(4), compareFalse(5), + compareTrue(6), authMethodNotSupported(7), + strongAuthRequired(8), + -- 9 reserved + referral(10),-- new-- adminLimitExceeded(11),-- new-- + unavailableCriticalExtension(12),-- new-- + confidentialityRequired(13),-- new-- + saslBindInProgress(14),-- new-- noSuchAttribute(16), + undefinedAttributeType(17), inappropriateMatching(18), + constraintViolation(19), attributeOrValueExists(20), + invalidAttributeSyntax(21), + -- 22-31 unused + noSuchObject(32), aliasProblem(33), + invalidDNSyntax(34), + -- 35 reserved for undefined isLeaf + aliasDereferencingProblem(36), + -- 37-47 unused + inappropriateAuthentication(48), invalidCredentials(49), + insufficientAccessRights(50), busy(51), unavailable(52), + unwillingToPerform(53), + loopDetect(54), + -- 55-63 unused + namingViolation(64), objectClassViolation(65), + notAllowedOnNonLeaf(66), notAllowedOnRDN(67), + entryAlreadyExists(68), + objectClassModsProhibited(69), + -- 70 reserved for CLDAP + affectsMultipleDSAs(71),-- new-- + -- 72-79 unused + other(80), + canceled(118), noSuchOperation(119), tooLate(120), cannotCancel(121) -- RFC 3909 + }, + -- 81-90 reserved for APIs + matchedDN LDAPDN, + errorMessage ErrorMessage, + referral [3] Referral OPTIONAL, +-- end of COMPONENTS + responseName [10] ResponseName OPTIONAL, + response [11] OCTET STRING OPTIONAL +} + +IntermediateResponse ::= [APPLICATION 25] SEQUENCE { + responseName [0] ResponseName OPTIONAL, + responseValue [1] OCTET STRING OPTIONAL +} + +ResponseName ::= LDAPOID + +-- RFC 2696 - Simple Paged Results Manipulation + +SearchControlValue ::= SEQUENCE { + size INTEGER --(0..maxInt)--, + -- requested page size from client + -- result set size estimate from server + cookie OCTET STRING +} + +-- RFC 2891 - Server Side Sorting of Search Results + +SortKeyList ::= SEQUENCE OF SEQUENCE { + attributeType AttributeDescription, + orderingRule [0] MatchingRuleId OPTIONAL, + reverseOrder [1] BOOLEAN DEFAULT FALSE } + +SortResult ::= SEQUENCE { + sortResult ENUMERATED { + success (0), -- results are sorted + operationsError (1), -- server internal failure + timeLimitExceeded (3), -- timelimit reached before + -- sorting was completed + strongAuthRequired (8), -- refused to return sorted + -- results via insecure + -- protocol + adminLimitExceeded (11), -- too many matching entries + -- for the server to sort + noSuchAttribute (16), -- unrecognized attribute + -- type in sort key + inappropriateMatching (18), -- unrecognized or + -- inappropriate matching + -- rule in sort key + insufficientAccessRights (50), -- refused to return sorted + -- results to this client + busy (51), -- too busy to process + unwillingToPerform (53), -- unable to sort + other (80) + }, + attributeType [0] AttributeDescription OPTIONAL } + + +-- Draft RFC - but used in some implementations +-- Normaly it's an integer but we want to generate a subitem +DirSyncFlagsSubEntry ::= SEQUENCE { + value [0] INTEGER +} + +DirSyncFlags ::= INTEGER + +DirSyncControlValue ::= SEQUENCE { + flags DirSyncFlags, + maxBytes INTEGER, + cookie OCTET STRING +} + +-- RFC 3062 + +--passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 + +PasswdModifyRequestValue ::= SEQUENCE { + userIdentity [0] OCTET STRING OPTIONAL, + oldPasswd [1] OCTET STRING OPTIONAL, + newPasswd [2] OCTET STRING OPTIONAL +} + +PasswdModifyResponseValue ::= SEQUENCE { + genPasswd [0] OCTET STRING OPTIONAL +} + +-- RFC 3909 + +--cancelRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.1.8 + +CancelRequestValue ::= SEQUENCE { + cancelID MessageID +} + +-- RFC 4533 + +--syncRequestOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.1 + +SyncRequestValue ::= SEQUENCE { + mode ENUMERATED { + -- 0 unused + refreshOnly (1), + -- 2 reserved + refreshAndPersist (3) + }, + cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL + reloadHint BOOLEAN DEFAULT FALSE +} + +--syncStateOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.2 + +SyncStateValue ::= SEQUENCE { + state ENUMERATED { + present (0), + add (1), + modify (2), + delete (3) + }, + entryUUID SyncUUID, + cookie OCTET STRING OPTIONAL -- SyncCookie OPTIONAL +} + +--syncDoneOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.3 + +SyncDoneValue ::= SEQUENCE { + cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL + refreshDeletes BOOLEAN DEFAULT FALSE +} + +--syncInfoOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.9.1.4 + +SyncInfoValue ::= CHOICE { + newcookie [0] OCTET STRING, -- SyncCookie + refreshDelete [1] SEQUENCE { + cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL + refreshDone BOOLEAN DEFAULT TRUE + }, + refreshPresent [2] SEQUENCE { + cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL + refreshDone BOOLEAN DEFAULT TRUE + }, + syncIdSet [3] SEQUENCE { + cookie OCTET STRING OPTIONAL, -- SyncCookie OPTIONAL + refreshDeletes BOOLEAN DEFAULT FALSE, + syncUUIDs SET OF SyncUUID + } +} + +SyncUUID ::= OCTET STRING(SIZE(16)) + +-- SyncCookie ::= OCTET STRING + +-- + +-- Draft RFC - Password Policy for LDAP Directories +-- https://opends.dev.java.net/public/standards/draft-behera-ldap-password-policy.txt + +PasswordPolicyResponseValue ::= SEQUENCE { + warning [0] CHOICE { + timeBeforeExpiration [0] INTEGER (0 .. maxInt), + graceAuthNsRemaining [1] INTEGER (0 .. maxInt) } OPTIONAL, + error [1] ENUMERATED { + passwordExpired (0), + accountLocked (1), + changeAfterReset (2), + passwordModNotAllowed (3), + mustSupplyOldPassword (4), + insufficientPasswordQuality (5), + passwordTooShort (6), + passwordTooYoung (7), + passwordInHistory (8) } OPTIONAL } + +END + +-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D + |