h{(dZddlZddlZddlZddlZddlZddlZddlZddlm Z ddl m Z ddl m Z ddlmZmZmZmZmZmZddlmZmZmZmZddlmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(dd l)m*Z*dd l+m,Z,dd l-m.Z.dd l/m0Z0m1Z1m2Z2dd l3m4Z4m5Z5m6Z6ddl7m8Z8ddl9m:Z:m;Z;mZ>ddl?m@Z@mAZAmBZBddlCmDZDddlEmFZFmGZGmHZHmIZImJZJmKZKddlLmMZMddlNmOZOmPZPddlQmRZRe(ZSe(ZTeSZUeSZVeSZWe(ZXeSZYGdde*ZZGdde*Z[eddidddddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;d<id=d>d?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdNdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]d^d_d`dadbdceUdddeeSdfdee"e$d.ge[dghfZ\GdidjeZ]GdkdleZ^GdmdneZ_GdodpeZ`Gdqdre(ZaGdsdteZbGdudveZcGdwdxe(ZdGdydzeZeGd{d|eZfGd}d~e(ZgGddeZhGddeZiGdde(ZjGddeZkGddeZlGdde(ZmGddeZnGddeZoGdde(ZpeJeJdZqGdde'ZrGdde*ZsGdde*ZtGdde*ZuGdde*ZvGdde*ZwGdde*ZxGdde*ZyGdde*ZzGdde*Z{dZ|Gdde*Z}Gdde*Z~Gdde*ZGdde*ZGdde*ZGdde*ZGdde*ZGdde*ZGdde*ZGddeZGdde*ZGdde*ZGdde*ZGdde*ZGdÄde*ZGdńde*ZGdDŽde*ZGdɄde*ZGd˄de*ZGd̈́de*ZGdτde*ZGdфde*ZGdӄde*ZGdՄde*ZGdׄde*ZGdلde*ZGdۄde*ZGd݄de*ZiZGd߄de'ZGdde*ZGdde*Zeed<Gdde*Zeed<Gdde*Ze6eee5eAede5eAede5eAede5eAede6eAeddGdde*Ze6eee5eBede5eBede6eBeddejddejddejddejddejddejddejddejddejddejddejddejdd ejd d ejd d ejddiZiejddejddejddejddejddejddejddejddejd d!ejd"d#ejd$d%ejd&d'ejd(d)ejd*d+ejd,d-ejd.d/ejd0d1iejd2d3ejd4d5ejd6d7ejd8d9ejd:d;ejd<d=ejd>d?ejd@dAejdBdCejdDdEejdFdGejdHdIejdJdKejdLdMejdNdOejdPdQejdRdSiejdTdUejdVdWejdXdYejdZd[ejd\d]ejd^d_ejd`daejdbdcejdddeejdfdgejdhdiejdjdkejdldmejdndoejdpdqejdrdsejdtduejdvdwejdxdyejdzd{ejd|d}ejd~dejddejddejddejddejddejddi Ziddddd#dd+dd3dd?ddWddddddddddddddddddddddddZGdde ZejdddgZe,jddZe,jj ddZGdde ZGdde4ZGdde4ZGddeZGddeZdS(a' LDAP RFC 1777 - LDAP v2 RFC 4511 - LDAP v3 Note: to mimic Microsoft Windows LDAP packets, you must set:: conf.ASN1_default_long_size = 4 .. note:: You will find more complete documentation for this layer over at `LDAP `_ N)Enum) get_if_addr)AnsweringMachine) ASN1_BOOLEAN ASN1_Class ASN1_CodecsASN1_ENUMERATED ASN1_INTEGER ASN1_STRING)BER_Decoding_Error BER_id_dec BER_len_decBERcodec_STRING)ASN1F_badsequence ASN1F_BOOLEAN ASN1F_CHOICEASN1F_ENUMERATED ASN1F_FLAGS ASN1F_INTEGER ASN1F_NULLASN1F_optional ASN1F_PACKETASN1F_SEQUENCE_OFASN1F_SEQUENCE ASN1F_SET_OFASN1F_STRING_PacketField ASN1F_STRING) ASN1_Packet)conf) log_runtime) FieldLenField FlagsFieldThreeBytesField)Packetbind_bottom_up bind_layers)send) SimpleSocket StreamSocketSSLStreamSocket) dns_resolve)IPTCPUDP)IPv6) _GSSAPI_Field GSS_C_FLAGSGSS_S_COMPLETEGSSAPI_BLOB_SIGNATURE GSSAPI_BLOBSSP) NBTDatagram)NETLOGONNETLOGON_SAM_LOGON_RESPONSE_EX)Listc\eZdZejZeeddeddZ dS)AttributeValueAssertion attributeTypeorganizationNameattributeValueN) __name__ __module__ __qualname__rBER ASN1_codecr AttributeTypeAttributeValue ASN1_rootU/mounts/lovelace/software/anaconda3/lib/python3.11/site-packages/scapy/layers/ldap.pyr;r;usFJ o'9::',,IIIrIr;c4eZdZejZeddZdS) LDAPReferralurir?Nr@rArBrrCrD LDAPStringrGrHrIrJrLrL}&J 5"%%IIIrIrL resultCodesuccessoperationsError protocolErrortimeLimitExceededsizeLimitExceeded compareFalse compareTrueauthMethodNotSupportedstrongAuthRequired referral adminLimitExceededsaslBindInProgressnoSuchAttributeundefinedAttributeTypeinappropriateMatchingconstraintViolationattributeOrValueExistsinvalidAttributeSyntax noSuchObject! aliasProblem"invalidDNSyntax#isLeaf$aliasDereferencingProblem0inappropriateAuthentication1invalidCredentials2insufficientAccessRights3busy4 unavailable5unwillingToPerform6 loopDetect@namingViolationAobjectClassViolationBnotAllowedOnNonLeafCnotAllowedOnRDNentryAlreadyExistsobjectClassModsProhibitedresultsTooLargeother)DEFP matchedDNr?diagnosticMessage implicit_tagcbeZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZdZdZdZdS)ASN1_Class_LDAPLDAP`arcdefghiJklmnrswxN)r@rArBname BindRequest BindResponse UnbindRequest SearchRequestSearchResultEntrySearchResultDone ModifyRequestModifyResponse AddRequest AddResponse DelRequest DelResponseModifyDNRequestModifyDNResponseCompareRequestCompareResponseAbandonRequestSearchResultReferenceExtendedRequestExtendedResponserHrIrJrrs~ DKLMMMNJKJKONON OrIrc.eZdZdZdZdZdZdZdZdZ dZ d S) ASN1_Class_LDAP_AuthenticationzLDAP AuthenticationrN) r@rArBrsimple krbv42LDAP krbv42DSAsaslsicilyPackageDiscoverysicilyNegotiatesicilyResponserHrIrJrrs7 D FJI D!ONNNrIrceZdZejZdS)LDAP_Authentication_simpleNr@rArBrrtagrHrIrJrr ( /CCCrIrceZdZejZdS)#BERcodec_LDAP_Authentication_simpleNrrHrIrJrrrrIrceZdZejZdS) ASN1F_LDAP_Authentication_simpleN)r@rArBrrASN1_tagrHrIrJrrs-4HHHrIrceZdZejZdS)LDAP_Authentication_krbv42LDAPNr@rArBrrrrHrIrJrr ( 3CCCrIrceZdZejZdS)'BERcodec_LDAP_Authentication_krbv42LDAPNrrHrIrJrrrrIrceZdZejZdS)$ASN1F_LDAP_Authentication_krbv42LDAPN)r@rArBrrrrHrIrJrrs-8HHHrIrceZdZejZdS)LDAP_Authentication_krbv42DSANr@rArBrrrrHrIrJrr ( 2CCCrIrceZdZejZdS)&BERcodec_LDAP_Authentication_krbv42DSANrrHrIrJrrrrIrceZdZejZdS)#ASN1F_LDAP_Authentication_krbv42DSAN)r@rArBrrrrHrIrJrrs-7HHHrIrceZdZejZdS)*LDAP_Authentication_sicilyPackageDiscoveryNr@rArBrrrrHrIrJrr  ( ?CCCrIrceZdZejZdS)3BERcodec_LDAP_Authentication_sicilyPackageDiscoveryNrrHrIrJrrrrIrceZdZejZdS)0ASN1F_LDAP_Authentication_sicilyPackageDiscoveryN)r@rArBrrrrHrIrJrrs-DHHHrIrceZdZejZdS)#LDAP_Authentication_sicilyNegotiateNr@rArBrrrrHrIrJrr ( 8CCCrIrceZdZejZdS),BERcodec_LDAP_Authentication_sicilyNegotiateNrrHrIrJrrrrIrceZdZejZdS))ASN1F_LDAP_Authentication_sicilyNegotiateN)r@rArBrrrrHrIrJrr s-=HHHrIrceZdZejZdS)"LDAP_Authentication_sicilyResponseNr@rArBrrrrHrIrJrr% ( 7CCCrIrceZdZejZdS)+BERcodec_LDAP_Authentication_sicilyResponseNrrHrIrJr r )rrIr ceZdZejZdS)(ASN1F_LDAP_Authentication_sicilyResponseN)r@rArBrrrrHrIrJr r -s- '+ +4rIN)r@rArBrrCrDr LDAPResultrrrrrGpropertyr0setterr6rHrIrJr(r(]sJ !L!6NNN  L!2BTJJJ  %1I"""X" ***   X   rIr(cTeZdZejZeeddej Z dS)LDAP_UnbindRequestinforrN) r@rArBrrCrDrrrrrGrHrIrJr;r;s@J 61$2IIIrIr;c4eZdZejZeddZdS)LDAP_SubstringFilterInitialrr?NrNrHrIrJr>r>rPrIr>c4eZdZejZeddZdS)LDAP_SubstringFilterAnyrr?NrNrHrIrJr@r@rPrIr@c4eZdZejZeddZdS)LDAP_SubstringFilterFinalrr?NrNrHrIrJrBrBrPrIrBc eZdZejZededede e dede e dede e d Z d S) LDAP_SubstringFilterStrstrr?initialrranyrfinalrN) r@rArBrrCrDrr rr>r@rBrGrHrIrJrDrDsJ   B  ' ' ) ) '     **,,.ETX      % % ' ' %    IIIrIrDc^eZdZejZeeddedge Z dS)LDAP_SubstringFiltertyper?filtersN) r@rArBrrCrDrrErrDrGrHrIrJrJrJsHJ fb!!)R)@AAIIIrIrJct|i|SN LDAP_Filterargskwargss rJrTs{D'CF'C'CrIc6eZdZejZedgeZdS)LDAP_FilterAndvalsN r@rArBrrCrDr _LDAP_FilterrGrHrIrJrVrV(J VR66IIIrIrVc6eZdZejZedgeZdS) LDAP_FilterOrrWNrXrHrIrJr\r\rZrIr\cNeZdZejZeeddddZdS)LDAP_FilterNotrNctSrNrOrQs rJrTzLDAP_FilterNot.sKrI) next_cls_cb) r@rArBrrCrDrrrGrHrIrJr^r^s@J UD$4W4WXXXIIIrIr^c4eZdZejZeddZdS)LDAP_FilterPresentpresent objectClassNr@rArBrrCrDrErGrHrIrJrbrbs&J i77IIIrIrbc*eZdZejZejZdS)LDAP_FilterEqualNr@rArBrrCrDr;rGrHrIrJrgrgJ'1IIIrIrgc*eZdZejZejZdS)LDAP_FilterGreaterOrEqualNrhrHrIrJrkrkrirIrkc*eZdZejZejZdS)LDAP_FilterLessOrEqualNrhrHrIrJrmrmrirIrmc*eZdZejZejZdS)LDAP_FilterApproxMatchNrhrHrIrJrororirIroc eZdZejZeeedddeeddde ddde dd d Z d S) LDAP_FilterExtensibleMatch matchingRuler?rrrK matchValuer dnAttributesFN) r@rArBrrCrDrrrOrFrrGrHrIrJrqrqsJ J~r = = =    Jvr 5 5 5   |Rd;;; ne$???  IIIrIrqc:eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d S) ASN1_Class_LDAP_Filterz LDAP Filterrr,N)r@rArBrAndOrNot EqualityMatch SubstringsGreaterOrEqual LessOrEqualPresent ApproxMatchExtensibleMatchrHrIrJrwrwsE D C B CMJNKGKOOOrIrwceZdZejZedeedde e j edde e j eddee jeddee jeddee jed dee jed dee jed dee jed dee jed dee j ZedefdZ dS)rPfilterand_Nror_not_ equalityMatch substringsgreaterOrEqual lessOrEqualrc approxMatchextensibleMatchc d |ddkrd|z}g}|}g}t|}d}||kr||}|dz }|dvr|dkr4|g|||d}n,|dkr*|st d z|d}n|d vr||n|d vr1|dd vr|dxx|z cc<||n|d vr||n|dkr||nw|dkr||n[d}||dz dD] }|dvrn||z }|st dz|t|dz z }||||k|rt d z|d} fd t  |S)z: Convert a RFC-2254 filter to LDAP_Filter zInvalid LDAP filter string: r(z(%s)rS)   )zparenthesis unmatched.z&|!=z~><:z~><:*r?Nz ():!|&~<>=*zcritical failure (impossible).c dstdztdkr,tdtrdSddvr]tdkrtdzddkrtnt fdddD Sdd krRtd krtd zt td Sdvrdvrtdks ddkrtdzttd fdtd dDSdvrtdtdDrtdks ddvrtdzd dkr#ttdSdvrtndvrt ndvrt"nt$td td Stdz)Nzempty enclosure.rSrz&|rWzbad use of multinary operator.&cBg|]}t|S)rrO).0y_getflds rJ zDLDAP_Filter.from_rfc2254_string.._getfld..s,HHHQ+WWQZZ888HHHrIrW!rUzbad use of unary operator.rrrrzbad use of substring.c g|]a\}}|dk t|tdz krtn|dkrtntt |bS)rrWrr)rE)rDlenrBr>r@r )rirxs rJrzDLDAP_Filter.from_rfc2254_string.._getfld..s   !Aq880!=#$Q!#4#4!: 9$%66&A%@%<"-a.. !2!2!2$88rI)rKrLz:=zExtensible not implemented.c3K|]}|dvV dS))<=>=~=rNrH)rrs rJ zCLDAP_Filter.from_rfc2254_string.._getfld..s(==aQ11======rIzbad use of comparison.rcrrrr<r>zinvalid filter.) ValueErrorrr3listrVr\r^rPrJr strip enumerateNotImplementedErrorrGrbrmrkrorg)rr_lerrs`rJrz0LDAP_Filter.from_rfc2254_string.._getflds= < );!;<<<Q1AaD$!7!7wqt}}$1q66A::$U-M%MNNNH!A$#++=HHHH!ABB%HHH1q66Q;;$U-I%IJJJ%#771Q4==999cQhhq66A::1$U-D%DEEE+$QqTZZ\\22    %.ae$4$4    )*GHHH==1===== <q66Q;;#QqT//$U-E%EFFFQ43;;-k!A$6G6GHHHH*qyy+*qyy32qyy0/)"-adjjll";";#.qt#4#4    !):!:;;;rIr)lstriprappendrpoprP) rtokenscur backtrack filterlenrcvrrrs @@rJfrom_rfc2254_stringzLDAP_Filter.from_rfc2254_stringQs| / ==??1  $ $f_F KK )mmq A FA%%%c 2  %%%"gc G$U-E%EFFFmmB''e 1 cr7f$$GGGqLGGG 1 e 1 c 1 c 1 AAM))FAAO$U-M%MNNNSVVaZ 1 Y)mm^  ?U%==>> >> <> <> <> <> <> <@''&//2222rI)!r@rArBrrCrDrrbrrVrwrr\rr^rrgrrJrrkrrmrrrorrqrrG staticmethodrErrHrIrJrPrPsJ  D.7M7Q     45K5N     D.7M7Q       /=       /:       %/>       "/;       /7       "/;       &/?    a66IpF3CF3F3F3\F3F3F3rIrPc4eZdZejZeddZdS)LDAP_SearchRequestAttributerKr?NrerHrIrJrrs&J fb))IIIrIrceZdZejZeeddeddddddeddd d d d d e dde dde dde de e e dgeej ZdS)LDAP_SearchRequest baseObjectr?scoper singleLevel wholeSubtreerrSrU derefAliasesneverDerefAliasesderefInSearchingderefFindingBaseObj derefAlways)rrSrUrW sizeLimit timeLimit attrsOnlyFr attributesrN)r@rArBrrCrDrr&rrrrrPrrrrrGrHrIrJrrsJ|R   QL]~NN     &%(      k1%% k1%% k5)) X{{}}k::,,GHH$2)IIIrIrc4eZdZejZeddZdS)LDAP_AttributeValuevaluer?N)r@rArBrrCrDrFrGrHrIrJrrs&Jw++IIIrIrc^eZdZejZeeddedge Z dS)LDAP_PartialAttributerKr?valuesN) r@rArBrrCrDrrErrrGrHrIrJrrsGJ fb!! Xr#677IIIrIrc|eZdZejZeeddede e e j Z dS)LDAP_SearchResponseEntry objectNamer?rrN) r@rArBrrCrDrr&rrrrrGrHrIrJrrsdJ|R    ! ! # # !  %6IIIrIrc6eZdZejZeedej iZ dS)LDAP_SearchResponseResultDonerN) r@rArBrrCrDrr7rrrGrHrIrJrrs4J $5IIIrIrcDeZdZejZedgeej Z dS)LDAP_SearchResponseReferenceurisrN) r@rArBrrCrDrURIrrrGrHrIrJrrs;J!!  $: IIIrIrc xeZdZejZeeddddddede e Z dS) LDAP_ModifyRequestChange operationradddeletereplacer modificationN) r@rArBrrCrDrrrrrGrHrIrJrr*smJ        ^%:%:%<%<>STT  IIIrIrcleZdZejZeeddedge e j Z dS)LDAP_ModifyRequestobjectr?changesrN) r@rArBrrCrDrr&rrrrrGrHrIrJrr:sSJx)R)ABB$2IIIrIrc6eZdZejZeedej iZ dS)LDAP_ModifyResponserN) r@rArBrrCrDrr7rrrGrHrIrJrrCs4J $3IIIrIrc*eZdZejZejZdS)LDAP_AttributeN)r@rArBrrCrDrrGrHrIrJrrOsJ%/IIIrIrc|eZdZejZeeddede e e j Z dS)LDAP_AddRequestentryr?rrN) r@rArBrrCrDrr&rrrrrGrHrIrJrrTscJw  N     %/IIIrIrc6eZdZejZeedej iZ dS)LDAP_AddResponserN) r@rArBrrCrDrr7rrrGrHrIrJrra4J $0IIIrIrcBeZdZejZeddejZ dS)LDAP_DelRequestrr?rN) r@rArBrrCrDr&rrrGrHrIrJrrms7J $/IIIrIrc6eZdZejZeedej iZ dS)LDAP_DelResponserN) r@rArBrrCrDrr7rrrGrHrIrJrrvrrIrcTeZdZejZeeddej Z dS)LDAP_AbandonRequest messageIDrrN) r@rArBrrCrDrrrrrGrHrIrJrrs@J k1%%$3IIIrIrc eZdZejZeeee dddee dddfzde j iZ fdZxZS) LDAP_ExtendedResponse responseNameNrr responseValuerrctt||}|s|S|jjddD]*} |||}#t $rYnwxYw|S)N)rr do_dissectrGseqdissectr)rrrobjrs rJr z LDAP_ExtendedResponse.do_dissects ' . . 9 9! < < H>%bcc*  C KKa(($    sA A*)A*)r@rArBrrCrDrr7rLDAPOIDrrrrGr rrs@rJrrsJ ww~t$OOOPP||OTPTUUUVV  %5  I         rIrceZdZfdZxZS)_ControlValue_Fieldctt|||}|djs|S|jj}|t vr*t ||dj||dfS|Sr)rrrr controlTypedecode_LDAP_CONTROLS)rrrrrrs rJrz_ControlValue_Field.m2is'..223::1vz Jo)0022 . ( ({+CFJCHHHA  rIrrs@rJrrs8         rIrc eZdZejZeeddee ddee ddZ dS) LDAP_Controlrr? criticalityF controlValueN) r@rArBrrCrDrr rrrrGrHrIrJrrspJ r"" M- / /   **>2>>?? IIIrIrc\eZdZejZeeddeddZ dS)LDAP_realSearchControlValuesizercookier?N) r@rArBrrCrDrrrrGrHrIrJrrsDJ fa   Xr""IIIrIr1.2.840.113556.1.4.319cLeZdZejZeeddgdZdS)LDAP_serverSDFlagsControlflagsN)OWNERGROUPDACLSACL) r@rArBrrCrDrrrGrHrIrJrrsJJ        IIIrIrz1.2.840.113556.1.4.801ceZdZejZeeddede e e e e e eeeeeeeeeeeeddedZdZeddZed Zd Z e!d Z"d Z#d Z$dS)rrr protocolOpControlsNrxrc|rit|dkrV|ddkrJtjd|ddddzt|krtStjS|S)NrYrr!I)rstructunpackLDAP_SASL_Bufferr raw_layer)cls_pktrRkargss rJ dispatch_hookzLDAP.dispatch_hooksg  &CIINNAw$=tBQBx003a73t99DD++~% rIcDt|dkrdS|}|r tt|d\}}n#ttf$rYdSwxYw|rAt||kr.||d}|s!||}t |vr t |vrdS|SndS|dS)NrYrS)rrr r IndexErrorrr)r-datarRrS remaininglengthrrs rJtcp_reassemblezLDAP.tcp_reassembles t99q==4   ' 9(=(=a(@AA & 3   tt  #a&&F**fggJ  #d))C1C779DD#tJt# $ts%AAAcdSNsldaprHr/s rJhashretz LDAP.hashret4wrIcL|jdkot|jtS)Nr)rr3r%rr/s rJ unsolicitedzLDAP.unsolicited7s,~" z O2( (  rIc^|jrdSt|to|j|jkS)NT)r<r3rrrrs rJanswersz LDAP.answers>s0   4%&&L5?dn+LLrIc|jr|jsdS|jjjddd|jjdt gfS)Nr?_rrr)r%rrr@rrrr/s rJ mysummaryzLDAP.mysummaryCsa dn 2)2::3DDDD"""  F   rIrN)%r@rArBrrCrDrrrrr"r(rrrrrrrrrrr;rrrrrG show_indent classmethodr0r6r9r8r<r?rBrHrIrJrrs9J k1%%       $ )  (        !#  (   j$ 4 P P P  -I6K[[6  X MMM      rIr)dport)sporti rGrFc eZdZejZeejj de e ddejj dZdZ dS)CLDAPruserr?rScLt|to|j|jkSrN)r3rJrr>s rJr?z CLDAP.answerses %''MEOt~,MMrIN) r@rArBrrCrDrrrGr rr&r?rHrIrJrJrJ[szJ 1 F62     1 INNNNNrIrJz$C7407360-20BF-11D0-A768-00AA006E0529z"Domain Password & Lockout Policiesz$59BA2F42-79A2-11D0-9020-00C04FC2D3CFzGeneral Informationz$4C164200-20C0-11D0-A768-00AA006E0529zAccount Restrictionsz$5F202010-79A5-11D0-9020-00C04FC2D4CFzLogon Informationz$BC0AC240-79A9-11D0-9020-00C04FC2D4CFzGroup Membershipz$E45795B2-9455-11D1-AEBD-0000F80367C1zPhone and Mail Optionsz$77B5B886-944A-11D1-AEBD-0000F80367C1zPersonal Informationz$E45795B3-9455-11D1-AEBD-0000F80367C1zWeb Informationz$E48D0154-BCF8-11D1-8702-00C04FB96050zPublic Informationz$037088F8-0AE1-11D2-B422-00A0C968F939zRemote Access Informationz$B8119FD0-04F6-4762-AB7A-4986C76B3F9AzOther Domain Parametersz$72E39547-7B18-11D1-ADEF-00C04FD8D5CDzDNS Host Name Attributesz$FFA6F046-CA4B-4FEB-B40D-04DFEE722543zMS-TS-GatewayAccessz$91E647DE-D96F-4B70-9557-D63FF4F3CCD8zPrivate Informationz$5805BC62-BDC9-4428-A5E2-856A0F4C185EzTerminal Server License Serverz$ee914b82-0a98-11d1-adbb-00c04fd8d5cdzAbandon-Replicationz$440820ad-65b4-11d1-a3da-0000f875ae0dzAdd-GUIDz$1abd7cf8-0a99-11d1-adbb-00c04fd8d5cdz Allocate-Ridsz$68b1d179-0d15-4d4f-ab71-46152e79a7bczAllowed-To-Authenticatez$edacfd8f-ffb3-11d1-b41d-00a0c968f939zApply-Group-Policyz$0e10c968-78fb-11d2-90d4-00c04f79dc55zCertificate-Enrollmentz$a05b8cc2-17bc-4802-a710-e7c15ab866a2zCertificate-AutoEnrollmentz$014bf69c-7b3b-11d1-85f6-08002be74fabzChange-Domain-Masterz$cc17b1fb-33d9-11d2-97d4-00c04fd8d5cdzChange-Infrastructure-Masterz$bae50096-4752-11d1-9052-00c04fc2d4cfz Change-PDCz$d58d5f36-0a98-11d1-adbb-00c04fd8d5cdzChange-Rid-Masterz$e12b56b6-0a95-11d1-adbb-00c04fd8d5cdzChange-Schema-Masterz$e2a36dc9-ae17-47c3-b58b-be34c55ba633zCreate-Inbound-Forest-Trustz$fec364e0-0a98-11d1-adbb-00c04fd8d5cdzDo-Garbage-Collectionz$ab721a52-1e2f-11d0-9819-00aa0040529bzDomain-Administer-Serverz$69ae6200-7f46-11d2-b9ad-00c04f79f805zDS-Check-Stale-Phantomsz$2f16c4a5-b98e-432c-952a-cb388ba33f2ezDS-Execute-Intentions-Scriptz$9923a32a-3607-11d2-b9be-0000f87a36b2zDS-Install-Replicaz$4ecc03fe-ffc0-4947-b630-eb672a8a9dbczDS-Query-Self-Quotaz$1131f6aa-9c07-11d1-f79f-00c04fc2dcd2zDS-Replication-Get-Changesz$1131f6ad-9c07-11d1-f79f-00c04fc2dcd2zDS-Replication-Get-Changes-Allz$89e95b76-444d-4c62-991a-0facbeda640cz*DS-Replication-Get-Changes-In-Filtered-Setz$1131f6ac-9c07-11d1-f79f-00c04fc2dcd2zDS-Replication-Manage-Topologyz$f98340fb-7c5b-4cdb-a00b-2ebdfa115a96zDS-Replication-Monitor-Topologyz$1131f6ab-9c07-11d1-f79f-00c04fc2dcd2zDS-Replication-Synchronizez$05c74c5e-4deb-43b4-bd9f-86664c2a7fd5z-Enable-Per-User-Reversibly-Encrypted-Passwordz$b7b1b3de-ab09-4242-9e30-9980e5d322f7zGenerate-RSoP-Loggingz$b7b1b3dd-ab09-4242-9e30-9980e5d322f7zGenerate-RSoP-Planningz$7c0e2a7c-a419-48e4-a995-10180aad54ddzManage-Optional-Featuresz$ba33815a-4f93-4c76-87f3-57574bff8109zMigrate-SID-Historyz$b4e60130-df3f-11d1-9c86-006008764d0ezmsmq-Open-Connectorz$06bd3201-df3e-11d1-9c86-006008764d0ez msmq-Peekz$4b6e08c3-df3c-11d1-9c86-006008764d0ezmsmq-Peek-computer-Journalz$4b6e08c1-df3c-11d1-9c86-006008764d0ezmsmq-Peek-Dead-Letterz$06bd3200-df3e-11d1-9c86-006008764d0ez msmq-Receivez$4b6e08c2-df3c-11d1-9c86-006008764d0ezmsmq-Receive-computer-Journalz$4b6e08c0-df3c-11d1-9c86-006008764d0ezmsmq-Receive-Dead-Letterz$06bd3203-df3e-11d1-9c86-006008764d0ezmsmq-Receive-journalz$06bd3202-df3e-11d1-9c86-006008764d0ez msmq-Sendz$a1990816-4298-11d1-ade2-00c04fd8d5cdzOpen-Address-Bookz$1131f6ae-9c07-11d1-f79f-00c04fc2dcd2z,Read-Only-Replication-Secret-Synchronizationz$45ec5156-db7e-47bb-b53f-dbeb2d03c40fzReanimate-Tombstonesz$0bc1554e-0a99-11d1-adbb-00c04fd8d5cdzRecalculate-Hierarchyz$62dd28a8-7f46-11d2-b9ad-00c04f79f805z Recalculate-Security-Inheritancez$ab721a56-1e2f-11d0-9819-00aa0040529bz Receive-Asz$9432c620-033c-4db7-8b58-14ef6d0bf477zRefresh-Group-Cachez$1a60ea8d-58a6-4b20-bcdc-fb71eb8a9ff8zReload-SSL-Certificatez$7726b9d5-a4b4-4288-a6b2-dce952e80a7fzRun-Protect_Admin_Groups-Taskz$91d67418-0135-4acc-8d79-c08e857cfbeczSAM-Enumerate-Entire-Domainz$ab721a54-1e2f-11d0-9819-00aa0040529bzSend-Asz$ab721a55-1e2f-11d0-9819-00aa0040529bzSend-Toz$ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501zUnexpire-Passwordz$280f369c-67c7-438e-ae98-1d46f3c6f541z Update-Password-Not-Required-Bitz$be2bb760-7f46-11d2-b9ad-00c04f79f805zUpdate-Schema-Cachez$ab721a53-1e2f-11d0-9819-00aa0040529bzUser-Change-Passwordz$00299570-246d-11d0-a768-00aa006e0529zUser-Force-Change-Passwordz$3e0f7e18-2c7a-4c10-ba82-4d926db99a3ezDS-Clone-Domain-Controllerz$084c93a2-620d-4879-a836-f0ae47de0e89zDS-Read-Partition-Secretsz$94825a8d-b171-4116-8146-1e34d8f54401zDS-Write-Partition-Secretsz$4125c71f-7fac-4ff0-bcb7-f09a41325286z DS-Set-Ownerz$88a9933e-e5c8-4f2a-9dd7-2527416b8092zDS-Bypass-Quotaz$9b026da6-0d3c-465c-8bee-5199d7165cbazDS-Validated-Write-Computer CREATE_CHILD DELETE_CHILD LIST_CONTENTSWRITE_PROPERTY_EXTENDED READ_PROP WRITE_PROP DELETE_TREEr LIST_OBJECTCONTROL_ACCESSiDELETEi READ_CONTROLi WRITE_DACi WRITE_OWNERi SYNCHRONIZEiACCESS_SYSTEM_SECURITYl GENERIC_READi@ GENERIC_WRITEGENERIC_EXECUTE GENERIC_ALL)i icreZdZdZdZeeZdej dddddddfdZ d Z d Z d Z dS) LdapPing_am ldappingdzudp port 389 or 138DOMAINz$192bc4b3-0085-4521-83fe-062913ef59f2zDefault-First-Site-NameSRV1Nc ||_|p|dz|_||_||_||_|p |dz|jz|_||_||_dS)Nz.LOCAL.)NetbiosDomainName DnsForestName DomainGuid DcSiteNameNetbiosComputerName DnsHostNamesrc_ipsrc_ip6) rrhrjrkrlrirmrnros rJ parse_optionszLdapPing_am.parse_optionssi"3*L/@8/K$$#6 & # %(: :   rIct|vr'ddlm}m} ||vo||jvS#t $rYdSwxYwt |vst|jtsdS|j}|j oz|j dj j dkoM|joFt|jjto't!d|jjjDS)Nr)SMBMailslot_WriteNETLOGON_SAM_LOGON_REQUESTFsnetlogonc3@K|]}|jjjdkVdS)NtVerN)rr<rrrs rJrz)LdapPing_am.is_request..#s@;<&*h6rI)r6scapy.layers.smbrrrsDataAttributeErrorrJr3r%rrrKrlowerrrVrGrW)rreqrrrss rJ is_requestzLdapPing_am.is_request s #   V V V V V V V V %,W1Ksx1W"   uu    :cn>P#Q#Q 5n N q!&*0022kA   3:,n== @C @Q@V  s ..ct|vr||St|vr9t|tj|jp|tj}n8t |t j|jp|t j}|t|j |j z} td|j j j jD}n#t$rYdSwxYw|t!t#t%t't)t+t-|dddd|j|j|j|j|jd|j|j   gt)d  g |jdz t!t=dd|jdz S)N)dstsrcrHc3bK|]*}|jjjdk|jjjV+dS) DnsDomainN)rr<rr>rvs rJrz)LdapPing_am.make_reply..3sI!!8)-=='+====!!rIzV1+V5.) DnsDomainName NtVersion LmNtToken Lm20TokenFlagsrjrirmrhrlUserNamerkClientSiteNamer)rNetlogon)rrK)r)r%rrKr)rdrQ)r6make_mailslot_ping_replyr/rror~r,rnr.rFrGnextr%rrW StopIterationrJrrrr r4r8rjrirmrhrlrkrr)rr{resprs rJ make_replyzLdapPing_am.make_reply(s #  0055 5 3;;CIMt|/Ls4y}MMMDD#b'+4;+E#b'+FFFD #)395555  !!.5:!!!MM     FF  3- 3*5,1,J>K:A:?:?6=;??>B>P<@->w -S-S!T!T . #     jll  X*   /557722/!z -,,( $ 8?#    & rI)r@rArB function_namerrr' send_functionuuidUUIDrpr|rrrHrIrJrbrbsM "F L&&M#49CDD,",   8@ @ @ D/////rIrb LocatedDCipsamlogon dclocatoriXAldapcV |d}d|||t|g}|tvr t|Sd|z}|rt jd|z dt |d|D} n #t$rtd |zwxYw| std |z|rt jd | d |d g} | D]5} t | ||} | r| d| D6| std|d| |rt jd | d||dkrt| ddS|dkr | Jd| D]} |rt jd| d|d tj tj tj }|||| |ft| d}|t|<||cS#t"$r0|rt jd| zY|wxYw#|wxYwtd|d| |dkr| D]j} |rt jd| z tj tj tj}|||| dft'|t(}|t)t-t/t1t/t3t5dt5| !t/t3t5d"t5t7jd#| !g$!t;t5d%&g'd(|d)}|rd}t=|jt@r5 tCd*|jj"D}n#tF$rYnwxYwt| |}|t|<||cSn>#t"$r1|rt jd| zY|8wxYw |S#|wxYwtd+| zdS),aV Perform a DC Locator as per [MS-ADTS] sect 6.3.6 or RFC4120. :param realm: the kerberos realm to locate :param mode: Detect if a server is up and joinable thanks to one of: - 'nocheck': Do not check that servers are online. - 'ldap': Use the LDAP ping (CLDAP) per [MS-ADTS]. Default. This will however not work with MIT Kerberos servers. - 'connect': connect to specified port to test the connection. :param mode: in connect mode, the port to connect to. (e.g. 88) :param debug: print debug logs This is cached in conf.netcache.dclocator. Ni!;z_kerberos._tcp.dc._msdcs.%sz'DC Locator: requesting SRV for '%s' ...cg|] }|j SrH)targetrvs rJrzdclocator..s*    H   rISRV)qnameqtypetimeoutzResolution of %s timed outzNo DNS record found for %szDC Locator: got z . Resolving z records ...c3$K|] }|jV dSrN)rdatarvs rJrzdclocator..s$--1qw------rIzCould not get any z records for z . Mode: nocheckrconnectz%Must provide a port in connect mode !zDC Locator: connecting to z on z ...zDC Locator: %s timed out.zNo host was reachable on port z among rzDC Locator: LDAP Ping %s on ...rErrrruz.1sQ,,$%#$6:#<#<!)!):)> ? ?#<#<#<#<,,rIz6No LDAP ping succeeded on any of %s. Try another mode?)$joinrErz_dclocatorcacher r<r+ TimeoutErrorrextend _located_dcsocketAF_INET SOCK_STREAM settimeoutrcloseOSError SOCK_DGRAMr(rJsr1rrPrVrgr r)packrr3r%rrrr)realmrmodeportrrdebug cache_identrhostsipshostarecrsockresultrresponses rJrrsX(  ((E5$I?@@FFHHKo%%{++ *EKKMM 9E LBUJKKK A       AAA7%?@@@A  5=>>>  >CeeUUU K    C..     . JJ----- - - - Hj%%%OPPP HCCCFGGG y3q64(((   !H  B X  RRRQUQUQU!VWWW }V^V5GHH((( b$Z((($R../5 ,    G$%@2%EFFF    jccRSSS @ @ B I !BR!GHHH= }V^V5FGG((( b#Y'''#D%00hh#5#.'5(33C>I,>W>W?J5?Q?Q4.4.4.)*)*)* )43C>I(>S>S?J4:Ki4P4P@2@24.4.4.)*)*)**&("("("$$$*!<)4[)A)A!"!"!"(+$$$6"9<$A!!D"#H!#.2JKK!!'+,,),)B,,,((HH -!!! D!(X66F39OK0! -"    G$%@2%EFFF  !",  QTWWXXXG sB!!B>0A0H77#I1I40I11I44J E9R)#Q&%R)& Q30R)2Q33R)(S>)#S$ S>#S$$S>>Tc*eZdZdZdZdZdZdZdZdZ dS) LDAP_BIND_MECHSUNAUTHENTICATEDSIMPLEGSSAPIz GSS-SPNEGOEXTERNALz DIGEST-MD5SICILYN) r@rArBNONEr SASL_GSSAPISASL_GSS_SPNEGO SASL_EXTERNALSASL_DIGEST_MD5rrHrIrJrrKs1 D FK"OM"O FFFrIrc NeZdZdZeddddddded dgZd S) LDAP_SASL_GSSAPI_SsfCapz6 RFC2222 sect 7.2.1 and 7.2.2 negotiate token supported_security_layersrir INTEGRITYCONFIDENTIALITY)rSrUrYmax_output_token_sizeN)r@rArB__doc__r"r# fields_descrHrIrJrrVs`  ' !'     /33 KKKrIrcjeZdZdZeddddedegZdZdZ e d Z dS) r+z RFC 4422 sect 3.7 BufferLengthNr(Buffer)fmt length_ofcdSr8rHr/s rJr9zLDAP_SASL_Buffer.hashretzr:rIc,t|tSrN)r3r+r>s rJr?zLDAP_SASL_Buffer.answers}s%!1222rIcbt|dkrdS|ddkrItt|d\}}|r"|t|krt|St jd|ddddz}t||kr ||SdS)NrYrrrSr()rrr rr)r*)r-r3rRrSxlenrr5s rJr6zLDAP_SASL_Buffer.tcp_reassembles t99q==4 7d??!*T"2"21"566GD! "ADzz!tT"1"X..q1A5 t99  3t99   rI) r@rArBrr!r0rrr9r?rDr6rHrIrJr+r+ks  ndIII h%%K 333  [   rIr+c&eZdZddgZfdZxZS)LDAP_ExceptionrQrc|dd}|rO|jj|_|jjjdd|_n6|dd|_|dd|_tt|j |i|dS)NrbackslashreplaceerrorsrQr) rr%rQrrrstriprrr__init__)rrRrSrrs rJrzLDAP_Exception.__init__szz&$''  K"o8DO%)_%F%J%Q%Q&&f.f//  " "%jjt< > > > > > > > >rIrc >eZdZdZ ddZddZddeefd Z dd Z e j d e j e jzZd d d d ddd ggf dededeedeefdZgfdedeedeeddfdZdZdS) LDAP_Clienta A basic LDAP client The complete documentation is available at https://scapy.readthedocs.io/en/latest/layers/ldap.html Example 1 - SICILY - NTLM (with encryption):: client = LDAP_Client() client.connect("192.168.0.100") ssp = NTLMSSP(UPN="Administrator", PASSWORD="Password1!") client.bind( LDAP_BIND_MECHS.SICILY, ssp=ssp, encrypt=True, ) Example 2 - SASL_GSSAPI - Kerberos (with signing):: client = LDAP_Client() client.connect("192.168.0.100") ssp = KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local") client.bind( LDAP_BIND_MECHS.SASL_GSSAPI, ssp=ssp, sign=True, ) Example 3 - SASL_GSS_SPNEGO - NTLM / Kerberos:: client = LDAP_Client() client.connect("192.168.0.100") ssp = SPNEGOSSP([ NTLMSSP(UPN="Administrator", PASSWORD="Password1!"), KerberosSSP(UPN="Administrator@domain.local", PASSWORD="Password1!", SPN="ldap/dc1.domain.local"), ]) client.bind( LDAP_BIND_MECHS.SASL_GSS_SPNEGO, ssp=ssp, ) Example 4 - Simple bind over TLS:: client = LDAP_Client() client.connect("192.168.0.100", use_ssl=True) client.bind( LDAP_BIND_MECHS.SIMPLE, simple_username="Administrator", simple_password="Password1!", ) Tcd|_||_d|_d|_d|_d|_d|_d|_d|_d|_ d|_ dS)NFr) rverbssl sslcontextssp sspcontextencryptsign sasl_wrapboundr)rrs rJrzLDAP_Client.__init__sU     rINFr[c ||_||_| |jrd}nd}tj}|||jr!t d|d||jrdndd|||f|jrNt tj d t| z|jrZ|j7tj tj }d |_tj|_n|j}||}|jrt%|t&|_dSt+|t&|_dS) a Initiate a connection :param ip: the IP to connect to. :param port: the port to connect to. (Default: 389 or 636) :param use_ssl: whether to use LDAPS or not. (Default: False) :param sslcontext: an optional SSLContext to use. Ni|rEu┃ Connecting to z on port z with SSLr?z...u└ Connected from %sF)rrrrrprintrr color_themegreenrepr getsockname SSLContextPROTOCOL_TLS_CLIENTcheck_hostname CERT_NONE verify_mode wrap_socketr*rrr))rrruse_sslrrrcontexts rJrzLDAP_Client.connects~$ <x }    9  EBBD#'83KK33     b$Z   9   &&.d6F6F6H6H1I1II    8 -&.)@AA).&&)m##/&&t,,D 8 1'd33DIII$T400DIIIrIcontrolsc |xjdz c_|jr9ttjd|jjzt|j||}|j rBt|j |j t||j}|jj|fddi|}|rdt|vr[|tjrI|jr@|ttjd|S|j r<|jr3t|j |j |j}nd}|jr|s.ttjd dSttjd t|vr|jjjn |jjz|S) NrSz>> %s)rr%r& conf_req_flag)rrrz! Got unsolicited notification.z! Bad response.z<< %s)rrrrr openingrr@rrr+rGSS_Wraprr4rrrr<showfailr GSS_UnwraprRr%)rr%rrSrrs rJrzLDAP_Client.sr1s ! 9 U $"**7Z5I5R+RSS T T Tn!    > "x((O#JJ"&,)Cty}        DDLLT$Z%;Ly P d&++,MNNOOOK > { H''  9  d&++,=>>???$,, $t||!O5>>!%!8     rIcz||_||_||_||_d|_|t |t std|t jkr+ddl m }t |j|stdn|t j kr+ddl m }t |j|stdn|t jkrHddlm} t |j| std |jr|jstd n7|t jt jfvr|js|jrtd |j1|t jt jfvrtd |jz|jt jkr|t+t-|pd t/|pd } t0| vs*t | jt4r| jjdkr*|jr| t=dt>} n|jt jkr |t+t-dtAd} | jjdkr#| t=d|j!|jtDj#tDj$ztDj%z|jr tDj&ndz|jr tDj'ndz\|_} } |t+t-dtQtS| } | jj*} | s#| t=d|j!|jtW| \|_} } |t+t-dtYtS| } | jjdkrt[d| n|jt j t jfvr|j!|jtDj#tDj$ztDj%z|jr tDj&ndz|jr tDj'ndz\|_} } | r|t+t-dt]t-|jjt-tS| } t | jt4s9|jr0t_d|jj0z| dS| jj1} | s | jj} n9|j!|jtW| \|_} } | nt>} | t>kr0| t=d|jj0z|jt jkr|t+t-dt]t-|jjd} te|j3|jti| jj1}|jr|j5j6st=d|jr|j5j7st=dte|js|jr,d8|jrdgng|jrdgngznd|j9}|t+t-dt]t-|jj|j:|jtS|d !} | jjdkrt[d"| |jp|j|_;|j;r0d#|j<_=t}|j<j?t|_<|jrt_d$|jj0zd#|_AdS)%aO Send Bind request. :param mech: one of LDAP_BIND_MECHS :param ssp: the SSP object to use for binding :param sign: request signing when binding :param encrypt: request encryption when binding : This acts differently based on the :mech: provided during initialization. Nz@'mech' attribute is required and must be one of LDAP_BIND_MECHS.r) KerberosSSPz4Only raw KerberosSSP is supported with SASL_GSSAPI !) SPNEGOSSPz2Only SPNEGOSSP is supported with SASL_GSS_SPNEGO !)NTLMSSPz+Only raw NTLMSSP is supported with SICILY !z:NTLM on LDAP does not support signing without encryption !z4Cannot use 'sign' or 'encrypt' with NONE or SIMPLE !z%s cannot be used with a ssp !r?)r$r%zLDAP simple bind failed !rIz!Sicily package discovery failed !) req_flagssNTLMzSicily negotiate failed !zSicily response failed !r)rr z%s bind failed !z+GSSAPI SASL failed to negotiate INTEGRITY !z1GSSAPI SASL failed to negotiate CONFIDENTIALITY !+rrr)rrFrz7GSSAPI SASL failed to negotiate client security flags !Tz%s bind succeeded !)Bmechrrrrr3rrrscapy.layers.kerberosrrscapy.layers.spnegor rscapy.layers.ntlmr!rrrrr"r rrr%r(rQrr RuntimeErrorr2rGSS_Init_sec_contextr1GSS_C_REPLAY_FLAGGSS_C_SEQUENCE_FLAGGSS_C_MUTUAL_FLAGGSS_C_INTEG_FLAGGSS_C_CONF_FLAGrr4r0r4rrrrrr6rrr3rrrrrrrrclosedr)insr+r)rr%rrrsimple_usernamesimple_passwordrr r!rstatustokenr saslOptionss rJbindzLDAP_Client.bindTs ,    ???#FF Y/0 0 088 )#..#Mc#R#RD )Q.. "#FGGG-1X-J-J1!56!348???-1X-J-JS!1!1.. *DOUF88 )'22#Ee $$D)Q..$./ Y  +  '   .2X-J-J 1!56!348ABBB Fo9!_7F151N1NO[%5%522.' .$F ^ # # IIKKK1DINBCC C Y/5 5 588 )#..#F"-dio">">$($$$D2##O)$/*MNNK y R!F!P R"#PQQQ  X#=M X##VWWW1 I +"& +#((&*i7k]]R.2lB)**D+++ &1&G   K88 )#..#F"-dio">">$(H$5$5 O!+..*/ %6%%$$$     D)Q..$M 2 > F#DI $TY]4DEEDI 9 : '$).8 9 9 9 rIs^[%s]*$r?ri rrrc |dkrd}|rt|}n+tttd}d} i} t |d|Dt|t |t |t|t|t| | j r"td dtd |  gngzd} t| vr#| tddfd| rt| vr#t!jdt%| nt&| jvr7fd| jjD} | | | jjj<nt| jvr| jj}|dkr=t!j| jdt5d| | jr.t9d| jDd}| |jj} n n | j} | | sn| S)z Perform a LDAP search. :param baseObject: the dn of the base object to search in. :param filter: the filter to apply to the search (currently unsupported) :param scope: 0=baseObject, 1=singleLevel, 2=wholeSubtree rootDSEr?s objectClassrrrITcHg|]}tt| S)r)rr )rattrs rJrz&LDAP_Client.search..ms;    4T9J9JKKK   rI)rrrrrrrrri)rr)rrrrWrrzSearch timed out.c.|dS)Nrr)r)rs rJrTz$LDAP_Client.search..s188+=8>>rIcdj|r|S|SrN) _TEXT_REGmatchr)rrs rJ_ssafez"LDAP_Client.search.._ssafes.>''**88::%HrIzInvalid response: %sc^i|])}|jjfd|jD*S)c:g|]}|jjSrH)rr)rrrAs rJrz1LDAP_Client.search...s'+U+U+UAFF17;,?,?+U+U+UrI)rKrr)rr;_srAs rJ z&LDAP_Client.search..sP 49=))+U+U+U+U+U+U+UrIrzGot response: %resultCode%zLDAP search failed !r#c3XK|]%}t|jt|jV&dSrN)r3rr)rrs rJrz%LDAP_Client.search..sP!"!"()'1()8S(&(&!"$%N!"!"!"!"!"!"rIN)rPrrbr rrr r rrrrrrrrr warningr rr%rrrrQsprintfrr&rrpayload)rrrrrrrrrrrentriesrattrsrQrealSearchControlValuerDrAs` @@rJsearchzLDAP_Client.searchHs1&  " "J   44V<!>*955*955*955    :  (,D,0-H),+1."."."   "A!!DD-D88 "#6777>>B     ( $t##'(>T KKK+t>>$(O$>ECHGBBt9=>>??2doEE!%!;J!S((#+ O334PQQ-2!%  =&59!"!"-1]!"!"!"!% 6 62 6A)?)F)J %|Q( $T w[ xrIrrreturnc|t|||d}t|jvs|jjdkrt d|dS)zC Perform a LDAP modify request. :returns: )rrrWr<rzLDAP modify failed !r#N)rrrr%rQr)rrrrrs rJmodifyzLDAP_Client.modifysxx        t 6 6)Q.. & /.rIcr|jrtd|jd|_dS)NzX Connection closed F)rrrrrr/s rJrzLDAP_Client.closes8 9 + ) * * *  rI)T)NFNr[rN)NFFNN)r@rArBrrrr9rrr7recompileescapestring printableencoder?rErMrrPrrHrIrJrrs44p"01010101d99\(:9999|  ppppd :  &2B2I2I2K2K(L(LLMMI "')}}}}I}|$}}}}F(* ./|$   8rIr)rrNrSNr)r collectionsrRrrrUr)renumr scapy.archrscapy.ansmachinerscapy.asn1.asn1rrrr r r scapy.asn1.berr r rrscapy.asn1fieldsrrrrrrrrrrrrrrscapy.asn1packetr scapy.configr scapy.errorr scapy.fieldsr!r"r# scapy.packetr$r%r&scapy.sendrecvr'scapy.supersocketr(r)r*scapy.layers.dnsr+scapy.layers.inetr,r-r.scapy.layers.inet6r/scapy.layers.gssapir0r1r2r3r4r5scapy.layers.netbiosr6rwr7r8typingr9rOr r&RelativeLDAPDNrErFrr;rLr7rrrrrrrrrrrrrrrrrrr r rrrr"r(r;r>r@rBrDrJrYrVr\r^rbrgrkrmrorqrwrPrrrrrrrrrrrrrrrrrrrrrrrrJrLDAP_PROPERTY_SETLDAP_CONTROL_ACCESS_RIGHTSLDAP_DS_ACCESS_RIGHTSrb namedtuplernetcache new_cachercommandsregisterrrrr+r)rrrrHrIrJrusO   """"""------  )(((((######    )(((((**********######-,,,,,    k&&&&&;&&&  ' y'  '  '  " ' " ' ~ '  }'  ''  #'   '  $'  $'  !'  ('  '' %!' " (#' ' $ (%' & '' ( )' * !+' , -' . +/' 0 -1' 2 $3' 4 *5' 6 7' 8  9' : $;' <  =' > !?' @ &A' B %C' D !E' ' F%+!M' ' ' ++X F;J"B''N$$Z\PTUUUVVa1 nj:     Z   0000000000000/00055555|555 44444[44444444o44499999<999 33333K33333333_33388888,888 @@@@@@@@@@@@@/@@@EEEEE|EEE 99999+99999999?999>>>>> >>> 8888888888888/888=====|===$/;GG     4   +{"///// ///l&&&&&+&&& &&&&&k&&& &&&&& &&& k.;DC 77777[777 77777K777 [88888888 22222{222 22222 222 22222[222 22222[222             Z   A3A3A3A3A3+A3A3A3H*****+*** 4,,,,,+,,, K     {   K;     {    +00000[000     k   {k{+K:     2   ;+,G'(         ,E'( ^ ^ ^ ^ ^ ;^ ^ ^ B D$sD$$$$sD$$$$sD%%%%sD%%%% CS,,,, N N N N NK N N N E5sE%%%%sE%%%% Cc---- DI.+ DI4557L DI4557M DI4557J DI4557I DI4557O DI4557M DI4557H DI4557K DI4557R DI4557P DI4557Q DI4557L DI4557L DI4557W#,K DI4557LK DI455zKDI455KDI4557P K DI4557K K DI4557O KDI4557SKDI4557MKDI4557UKDI455|KDI4557JKDI4557MKDI4557TKDI4557NKDI4557QK DI4557P!K"DI4557U#KK$DI4557K%K&DI4557L'K(DI4557S)K*DI4557W+K,DI.31K2DI4557W3K4DI.(9K:DI4557S;K<DI.6AKBDI4557NCKDDI4557OEKFDI4557QGKHDI4557LIKJDI4557LKKLDI455{MKNDI4557SOKPDI4557NQKKKRDI455~SKTDI4557VUKVDI4557QWKXDI4557MYKZDI455{[K\DI4557J]K^DI.5cKdDI4557MeKfDI4557NgKhDI.)mKnDI455|oKpDI4557LqKrDI4557OsKtDI4557VuKvDI4557TwKxDI455yyKzDI455y{KK|DI4557J DI.) DI4557L DI4557M DI4557S DI4557S DI4557R DI4557S DI455~ DI4557H DI4557TUKK`)           ( !"#$"'4hhhhh"hhhV%k$[42DEE -))+s;;OPbYbYbYbYTdf*!!!!!v!!!H > > > > >\ > > > H H H H H &H H H H H rI