1 2package Net::LDAP::ASN; 3 4$VERSION = "0.05"; 5 6use Convert::ASN1; 7 8my $asn = Convert::ASN1->new; 9 10sub import { 11 my $pkg = shift; 12 my $caller = caller; 13 14 foreach my $macro (@_) { 15 my $obj = $asn->find($macro) 16 or require Carp and Carp::croak("Unknown macro '$macro'"); 17 18 *{"$caller\::$macro"} = \$obj; 19 } 20} 21 22$asn->prepare(<<LDAP_ASN) or die $asn->error; 23 24 -- We have split LDAPMessage into LDAPResponse and LDAPRequest 25 -- The purpose of this is two fold 26 -- 1) for encode we don't want the protocolOp 27 -- in the hierarchy as it is not really needed 28 -- 2) For decode we do want it, this allows Net::LDAP::Message::decode 29 -- to be much simpler. Decode will also be faster due to 30 -- less elements in the CHOICE 31 32 LDAPRequest ::= SEQUENCE { 33 messageID MessageID, 34 --protocolOp 35 CHOICE { 36 bindRequest BindRequest, 37 unbindRequest UnbindRequest, 38 searchRequest SearchRequest, 39 modifyRequest ModifyRequest, 40 addRequest AddRequest, 41 delRequest DelRequest, 42 modDNRequest ModifyDNRequest, 43 compareRequest CompareRequest, 44 abandonRequest AbandonRequest, 45 extendedReq ExtendedRequest} 46 controls [0] Controls OPTIONAL } 47 48 LDAPResponse ::= SEQUENCE { 49 messageID MessageID, 50 protocolOp CHOICE { 51 bindResponse BindResponse, 52 searchResEntry SearchResultEntry, 53 searchResDone SearchResultDone, 54 searchResRef SearchResultReference, 55 modifyResponse ModifyResponse, 56 addResponse AddResponse, 57 delResponse DelResponse, 58 modDNResponse ModifyDNResponse, 59 compareResponse CompareResponse, 60 extendedResp ExtendedResponse, 61 intermediateResponse IntermediateResponse } 62 controls [0] Controls OPTIONAL } 63 64 MessageID ::= INTEGER -- (0 .. maxInt) 65 66 -- maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- 67 68 LDAPString ::= OCTET STRING -- UTF8String ?? 69 70 LDAPOID ::= OCTET STRING 71 72 LDAPDN ::= LDAPString 73 74 RelativeLDAPDN ::= LDAPString 75 76 AttributeType ::= LDAPString 77 78 AttributeDescription ::= LDAPString 79 80 AttributeDescriptionList ::= SEQUENCE OF 81 AttributeDescription 82 83 AttributeValue ::= OCTET STRING 84 85 AttributeValueAssertion ::= SEQUENCE { 86 attributeDesc AttributeDescription, 87 assertionValue AssertionValue } 88 89 AssertionValue ::= OCTET STRING 90 91 Attribute ::= SEQUENCE { 92 type AttributeDescription, 93 vals SET OF AttributeValue } 94 95 MatchingRuleId ::= LDAPString 96 97 LDAPResult ::= SEQUENCE { 98 resultCode ENUMERATED { 99 success (0), 100 operationsError (1), 101 protocolError (2), 102 timeLimitExceeded (3), 103 sizeLimitExceeded (4), 104 compareFalse (5), 105 compareTrue (6), 106 authMethodNotSupported (7), 107 strongAuthRequired (8), 108 -- 9 reserved -- 109 referral (10), -- new 110 adminLimitExceeded (11), -- new 111 unavailableCriticalExtension (12), -- new 112 confidentialityRequired (13), -- new 113 saslBindInProgress (14), -- new 114 noSuchAttribute (16), 115 undefinedAttributeType (17), 116 inappropriateMatching (18), 117 constraintViolation (19), 118 attributeOrValueExists (20), 119 invalidAttributeSyntax (21), 120 -- 22-31 unused -- 121 noSuchObject (32), 122 aliasProblem (33), 123 invalidDNSyntax (34), 124 -- 35 reserved for undefined isLeaf -- 125 aliasDereferencingProblem (36), 126 -- 37-47 unused -- 127 inappropriateAuthentication (48), 128 invalidCredentials (49), 129 insufficientAccessRights (50), 130 busy (51), 131 unavailable (52), 132 unwillingToPerform (53), 133 loopDetect (54), 134 -- 55-63 unused -- 135 namingViolation (64), 136 objectClassViolation (65), 137 notAllowedOnNonLeaf (66), 138 notAllowedOnRDN (67), 139 entryAlreadyExists (68), 140 objectClassModsProhibited (69), 141 -- 70 reserved for CLDAP -- 142 affectsMultipleDSAs (71), -- new 143 -- 72-79 unused -- 144 other (80)} 145 -- 81-90 reserved for APIs -- 146 matchedDN LDAPDN, 147 errorMessage LDAPString, 148 referral [3] Referral OPTIONAL } 149 150 Referral ::= SEQUENCE OF LDAPURL 151 152 LDAPURL ::= LDAPString -- limited to characters permitted in URLs 153 154 Controls ::= SEQUENCE OF Control 155 156 -- Names changed here for backwards compat with previous 157 -- Net::LDAP --GMB 158 Control ::= SEQUENCE { 159 type LDAPOID, -- controlType 160 critical BOOLEAN OPTIONAL, -- DEFAULT FALSE, -- criticality 161 value OCTET STRING OPTIONAL } -- controlValue 162 163 BindRequest ::= [APPLICATION 0] SEQUENCE { 164 version INTEGER, -- (1 .. 127), 165 name LDAPDN, 166 authentication AuthenticationChoice } 167 168 AuthenticationChoice ::= CHOICE { 169 simple [0] OCTET STRING, 170 -- 1 and 2 reserved 171 sasl [3] SaslCredentials } 172 173 SaslCredentials ::= SEQUENCE { 174 mechanism LDAPString, 175 credentials OCTET STRING OPTIONAL } 176 177 BindResponse ::= [APPLICATION 1] SEQUENCE { 178 COMPONENTS OF LDAPResult, 179 serverSaslCreds [7] OCTET STRING OPTIONAL } 180 181 UnbindRequest ::= [APPLICATION 2] NULL 182 183 SearchRequest ::= [APPLICATION 3] SEQUENCE { 184 baseObject LDAPDN, 185 scope ENUMERATED { 186 baseObject (0), 187 singleLevel (1), 188 wholeSubtree (2) } 189 derefAliases ENUMERATED { 190 neverDerefAliases (0), 191 derefInSearching (1), 192 derefFindingBaseObj (2), 193 derefAlways (3) } 194 sizeLimit INTEGER , -- (0 .. maxInt), 195 timeLimit INTEGER , -- (0 .. maxInt), 196 typesOnly BOOLEAN, 197 filter Filter, 198 attributes AttributeDescriptionList } 199 200 Filter ::= CHOICE { 201 and [0] SET OF Filter, 202 or [1] SET OF Filter, 203 not [2] Filter, 204 equalityMatch [3] AttributeValueAssertion, 205 substrings [4] SubstringFilter, 206 greaterOrEqual [5] AttributeValueAssertion, 207 lessOrEqual [6] AttributeValueAssertion, 208 present [7] AttributeDescription, 209 approxMatch [8] AttributeValueAssertion, 210 extensibleMatch [9] MatchingRuleAssertion } 211 212 SubstringFilter ::= SEQUENCE { 213 type AttributeDescription, 214 -- at least one must be present 215 substrings SEQUENCE OF CHOICE { 216 initial [0] LDAPString, 217 any [1] LDAPString, 218 final [2] LDAPString } } 219 220 MatchingRuleAssertion ::= SEQUENCE { 221 matchingRule [1] MatchingRuleId OPTIONAL, 222 type [2] AttributeDescription OPTIONAL, 223 matchValue [3] AssertionValue, 224 dnAttributes [4] BOOLEAN OPTIONAL } -- DEFAULT FALSE } 225 226 SearchResultEntry ::= [APPLICATION 4] SEQUENCE { 227 objectName LDAPDN, 228 attributes PartialAttributeList } 229 230 PartialAttributeList ::= SEQUENCE OF SEQUENCE { 231 type AttributeDescription, 232 vals SET OF AttributeValue } 233 234 SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL 235 236 SearchResultDone ::= [APPLICATION 5] LDAPResult 237 238 ModifyRequest ::= [APPLICATION 6] SEQUENCE { 239 object LDAPDN, 240 modification SEQUENCE OF SEQUENCE { 241 operation ENUMERATED { 242 add (0), 243 delete (1), 244 replace (2) } 245 modification AttributeTypeAndValues } } 246 247 AttributeTypeAndValues ::= SEQUENCE { 248 type AttributeDescription, 249 vals SET OF AttributeValue } 250 251 ModifyResponse ::= [APPLICATION 7] LDAPResult 252 253 AddRequest ::= [APPLICATION 8] SEQUENCE { 254 objectName LDAPDN, 255 attributes AttributeList } 256 257 AttributeList ::= SEQUENCE OF SEQUENCE { 258 type AttributeDescription, 259 vals SET OF AttributeValue } 260 261 AddResponse ::= [APPLICATION 9] LDAPResult 262 263 DelRequest ::= [APPLICATION 10] LDAPDN 264 265 DelResponse ::= [APPLICATION 11] LDAPResult 266 267 ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { 268 entry LDAPDN, 269 newrdn RelativeLDAPDN, 270 deleteoldrdn BOOLEAN, 271 newSuperior [0] LDAPDN OPTIONAL } 272 273 ModifyDNResponse ::= [APPLICATION 13] LDAPResult 274 275 CompareRequest ::= [APPLICATION 14] SEQUENCE { 276 entry LDAPDN, 277 ava AttributeValueAssertion } 278 279 CompareResponse ::= [APPLICATION 15] LDAPResult 280 281 AbandonRequest ::= [APPLICATION 16] MessageID 282 283 ExtendedRequest ::= [APPLICATION 23] SEQUENCE { 284 requestName [0] LDAPOID, 285 requestValue [1] OCTET STRING OPTIONAL } 286 287 ExtendedResponse ::= [APPLICATION 24] SEQUENCE { 288 COMPONENTS OF LDAPResult, 289 responseName [10] LDAPOID OPTIONAL, 290 response [11] OCTET STRING OPTIONAL } 291 292 IntermediateResponse ::= [APPLICATION 25] SEQUENCE { 293 responseName [0] LDAPOID OPTIONAL, 294 responseValue [1] OCTET STRING OPTIONAL } 295 296 297 -- Virtual List View Control 298 VirtualListViewRequest ::= SEQUENCE { 299 beforeCount INTEGER , --(0 .. maxInt), 300 afterCount INTEGER , --(0 .. maxInt), 301 CHOICE { 302 byoffset [0] SEQUENCE { 303 offset INTEGER , --(0 .. maxInt), 304 contentCount INTEGER } --(0 .. maxInt) } 305 byValue [1] AssertionValue } 306 -- byValue [1] greaterThanOrEqual assertionValue } 307 contextID OCTET STRING OPTIONAL } 308 309 VirtualListViewResponse ::= SEQUENCE { 310 targetPosition INTEGER , --(0 .. maxInt), 311 contentCount INTEGER , --(0 .. maxInt), 312 virtualListViewResult ENUMERATED { 313 success (0), 314 operatonsError (1), 315 unwillingToPerform (53), 316 insufficientAccessRights (50), 317 busy (51), 318 timeLimitExceeded (3), 319 adminLimitExceeded (11), 320 sortControlMissing (60), 321 indexRangeError (61), 322 other (80) } 323 contextID OCTET STRING OPTIONAL } 324 325 326 LDAPEntry ::= COMPONENTS OF AddRequest 327 328 -- RFC-2891 Server Side Sorting Control 329 -- Current parser does not allow a named entity following the ::= 330 -- so we use a COMPONENTS OF hack 331 SortRequestDummy ::= SEQUENCE { 332 order SEQUENCE OF SEQUENCE { 333 type OCTET STRING, 334 orderingRule [0] OCTET STRING OPTIONAL, 335 reverseOrder [1] BOOLEAN OPTIONAL } } 336 337 SortRequest ::= COMPONENTS OF SortRequestDummy 338 339 SortResult ::= SEQUENCE { 340 sortResult ENUMERATED { 341 success (0), -- results are sorted 342 operationsError (1), -- server internal failure 343 timeLimitExceeded (3), -- timelimit reached before 344 -- sorting was completed 345 strongAuthRequired (8), -- refused to return sorted 346 -- results via insecure 347 -- protocol 348 adminLimitExceeded (11), -- too many matching entries 349 -- for the server to sort 350 noSuchAttribute (16), -- unrecognized attribute 351 -- type in sort key 352 inappropriateMatching (18), -- unrecognized or inappro- 353 -- priate matching rule in 354 -- sort key 355 insufficientAccessRights (50), -- refused to return sorted 356 -- results to this client 357 busy (51), -- too busy to process 358 unwillingToPerform (53), -- unable to sort 359 other (80) } 360 attributeType [0] AttributeDescription OPTIONAL } 361 362 -- RFC-2696 Paged Results Control 363 realSearchControlValue ::= SEQUENCE { 364 size INTEGER, -- (0..maxInt), 365 -- requested page size from client 366 -- result set size estimate from server 367 cookie OCTET STRING } 368 369 -- draft-behera-ldap-password-policy-09 370 ppControlResponse ::= SEQUENCE { 371 warning [0] PPWarning OPTIONAL, 372 error [1] PPError OPTIONAL 373 } 374 PPWarning ::= CHOICE { 375 timeBeforeExpiration [0] INTEGER, -- (0..maxInt), 376 graceAuthNsRemaining [1] INTEGER -- (0..maxInt) 377 } 378 PPError ::= ENUMERATED { 379 passwordExpired (0), 380 accountLocked (1), 381 changeAfterReset (2), 382 passwordModNotAllowed (3), 383 mustSupplyOldPassword (4), 384 insufficientPasswordQuality (5), 385 passwordTooShort (6), 386 passwordTooYoung (7), 387 passwordInHistory (8) 388 } 389 390 -- RFC-4370 Proxied Authorization Control 391 proxyAuthValue ::= SEQUENCE { 392 proxyDN LDAPDN 393 } 394 395 -- RFC-3296 ManageDsaIT Control 396 ManageDsaIT ::= SEQUENCE { 397 dummy INTEGER OPTIONAL -- it really is unused 398 } 399 400 -- Persistent Search Control 401 PersistentSearch ::= SEQUENCE { 402 changeTypes INTEGER, 403 changesOnly BOOLEAN, 404 returnECs BOOLEAN 405 } 406 407 -- Entry Change Notification Control 408 EntryChangeNotification ::= SEQUENCE { 409 changeType ENUMERATED { 410 add (1), 411 delete (2), 412 modify (4), 413 modDN (8) 414 } 415 previousDN LDAPDN OPTIONAL, -- modifyDN ops. only 416 changeNumber INTEGER OPTIONAL -- if supported 417 } 418 419 -- RFC-3876 Matched Values Control 420 ValuesReturnFilter ::= SEQUENCE OF SimpleFilterItem 421 422 SimpleFilterItem ::= CHOICE { 423 equalityMatch [3] AttributeValueAssertion, 424 substrings [4] SubstringFilter, 425 greaterOrEqual [5] AttributeValueAssertion, 426 lessOrEqual [6] AttributeValueAssertion, 427 present [7] AttributeDescription, 428 approxMatch [8] AttributeValueAssertion, 429 extensibleMatch [9] SimpleMatchingAssertion } 430 431 SimpleMatchingAssertion ::= SEQUENCE { 432 matchingRule [1] MatchingRuleId OPTIONAL, 433 type [2] AttributeDescription OPTIONAL, 434 --- at least one of the above must be present 435 matchValue [3] AssertionValue } 436 437LDAP_ASN 438 4391; 440 441