sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-15 23:24:37 +03:00
Code
samba-mirror/python/samba/tests/krb5/rfc4120_pyasn1.py

1153 lines
45 KiB
Python
Raw Normal View History

python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
tests/krb5: Add more ASN1 definitions for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-06 10:21:07 +12:00
# (last modified on 2021-06-25 12:10:34.484667)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
# KerberosV5Spec2
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
def _OID(*components):
output = []
for x in tuple(components):
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
class Int32(univ.Integer):
pass
Int32.subtypeSpec = constraint.ValueRangeConstraint(-2147483648, 2147483647)
class AuthDataType(Int32):
pass
class AuthorizationData(univ.SequenceOf):
pass
AuthorizationData.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('ad-type', AuthDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('ad-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
class AD_AND_OR(univ.Sequence):
pass
AD_AND_OR.componentType = namedtype.NamedTypes(
namedtype.NamedType('condition-count', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class AD_IF_RELEVANT(AuthorizationData):
pass
class ChecksumType(Int32):
pass
class Checksum(univ.Sequence):
pass
Checksum.componentType = namedtype.NamedTypes(
namedtype.NamedType('cksumtype', ChecksumType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('checksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class KerberosString(char.GeneralString):
pass
class NameType(Int32):
pass
class PrincipalName(univ.Sequence):
pass
PrincipalName.componentType = namedtype.NamedTypes(
namedtype.NamedType('name-type', NameType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('name-string', univ.SequenceOf(componentType=KerberosString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class Realm(KerberosString):
pass
class AD_KDCIssued(univ.Sequence):
pass
AD_KDCIssued.componentType = namedtype.NamedTypes(
namedtype.NamedType('ad-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('i-realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('i-sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
class AD_MANDATORY_FOR_KDC(AuthorizationData):
pass
class EncryptionType(Int32):
pass
class UInt32(univ.Integer):
pass
UInt32.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
class EncryptedData(univ.Sequence):
pass
EncryptedData.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
tests/krb5: Use signed integers to represent key version numbers in ASN.1 As specified in 'MS-KILE 3.1.5.8: Key Version Numbers', Windows uses signed 32-bit integers to represent key version numbers. This makes a difference for an RODC with a msDS-SecondaryKrbTgtNumber greater than 32767, where the kvno should be encoded in four bytes rather than five. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-01 15:57:26 +12:00
namedtype.OptionalNamedType('kvno', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class AP_REP(univ.Sequence):
pass
AP_REP.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15))
AP_REP.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(15)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
class KerberosFlags(univ.BitString):
pass
KerberosFlags.subtypeSpec=constraint.ValueSizeConstraint(1, 32)
class APOptions(KerberosFlags):
pass
class Ticket(univ.Sequence):
pass
Ticket.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
Ticket.componentType = namedtype.NamedTypes(
namedtype.NamedType('tkt-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class AP_REQ(univ.Sequence):
pass
AP_REQ.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14))
AP_REQ.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(14)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('ap-options', APOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('authenticator', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
class APOptionsValues(univ.BitString):
pass
APOptionsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('use-session-key', 1),
('mutual-required', 2)
)
class APOptionsSequence(univ.Sequence):
pass
APOptionsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', APOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class PADataType(Int32):
pass
class PA_DATA(univ.Sequence):
pass
PA_DATA.componentType = namedtype.NamedTypes(
namedtype.NamedType('padata-type', PADataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('padata-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class KDC_REP(univ.Sequence):
pass
KDC_REP.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(11, 13)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)))
)
class AS_REP(KDC_REP):
pass
AS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11))
class HostAddress(univ.Sequence):
pass
HostAddress.componentType = namedtype.NamedTypes(
namedtype.NamedType('addr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('address', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class HostAddresses(univ.SequenceOf):
pass
HostAddresses.componentType = HostAddress()
class KDCOptions(KerberosFlags):
pass
class KerberosTime(useful.GeneralizedTime):
pass
class KDC_REQ_BODY(univ.Sequence):
pass
KDC_REQ_BODY.componentType = namedtype.NamedTypes(
namedtype.NamedType('kdc-options', KDCOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.OptionalNamedType('from', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('rtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.NamedType('etype', univ.SequenceOf(componentType=EncryptionType()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('addresses', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.OptionalNamedType('enc-authorization-data', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
namedtype.OptionalNamedType('additional-tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
)
class KDC_REQ(univ.Sequence):
pass
KDC_REQ.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(10, 12)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
class AS_REQ(KDC_REQ):
pass
AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10))
class AuthDataTypeValues(univ.Integer):
pass
AuthDataTypeValues.namedValues = namedval.NamedValues(
('kRB5-AUTHDATA-IF-RELEVANT', 1),
('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2),
('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3),
('kRB5-AUTHDATA-KDC-ISSUED', 4),
('kRB5-AUTHDATA-AND-OR', 5),
('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6),
('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7),
('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8),
('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9),
('kRB5-AUTHDATA-OSF-DCE', 64),
('kRB5-AUTHDATA-SESAME', 65),
('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66),
('kRB5-AUTHDATA-WIN2K-PAC', 128),
('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129),
('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17),
('kRB5-AUTHDATA-SIGNTICKET-OLD', 142),
('kRB5-AUTHDATA-SIGNTICKET', 512)
)
class AuthDataTypeSequence(univ.Sequence):
pass
AuthDataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class EncryptionKey(univ.Sequence):
pass
EncryptionKey.componentType = namedtype.NamedTypes(
namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class Microseconds(univ.Integer):
pass
Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999)
class Authenticator(univ.Sequence):
pass
Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
Authenticator.componentType = namedtype.NamedTypes(
namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
)
class ChecksumTypeValues(univ.Integer):
pass
ChecksumTypeValues.namedValues = namedval.NamedValues(
('kRB5-CKSUMTYPE-NONE', 0),
('kRB5-CKSUMTYPE-CRC32', 1),
('kRB5-CKSUMTYPE-RSA-MD4', 2),
('kRB5-CKSUMTYPE-RSA-MD4-DES', 3),
('kRB5-CKSUMTYPE-DES-MAC', 4),
('kRB5-CKSUMTYPE-DES-MAC-K', 5),
('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6),
('kRB5-CKSUMTYPE-RSA-MD5', 7),
('kRB5-CKSUMTYPE-RSA-MD5-DES', 8),
('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9),
('kRB5-CKSUMTYPE-SHA1-OTHER', 10),
('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12),
('kRB5-CKSUMTYPE-SHA1', 14),
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15),
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16),
('kRB5-CKSUMTYPE-GSSAPI', 32771),
('kRB5-CKSUMTYPE-HMAC-MD5', -138),
('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138)
)
class ChecksumTypeSequence(univ.Sequence):
pass
ChecksumTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class ETYPE_INFO_ENTRY(univ.Sequence):
pass
ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes(
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class ETYPE_INFO(univ.SequenceOf):
pass
ETYPE_INFO.componentType = ETYPE_INFO_ENTRY()
class ETYPE_INFO2_ENTRY(univ.Sequence):
pass
ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes(
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class ETYPE_INFO2(univ.SequenceOf):
pass
ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY()
ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
class EncAPRepPart(univ.Sequence):
pass
EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27))
EncAPRepPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
class LastReq(univ.SequenceOf):
pass
LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
selftest: Add in encrypted-pa-data from RFC 6806 This comes from Windows 2019 which supports FAST. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-10 11:27:06 +13:00
class METHOD_DATA(univ.SequenceOf):
pass
METHOD_DATA.componentType = PA_DATA()
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class TicketFlags(KerberosFlags):
pass
class EncKDCRepPart(univ.Sequence):
pass
EncKDCRepPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
selftest: Add in encrypted-pa-data from RFC 6806 This comes from Windows 2019 which supports FAST. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-11-10 11:27:06 +13:00
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))),
namedtype.OptionalNamedType('encrypted-pa-data', METHOD_DATA().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12)))
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
)
class EncASRepPart(EncKDCRepPart):
pass
EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25))
class KrbCredInfo(univ.Sequence):
pass
KrbCredInfo.componentType = namedtype.NamedTypes(
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))),
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
)
class EncKrbCredPart(univ.Sequence):
pass
EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29))
EncKrbCredPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class EncKrbPrivPart(univ.Sequence):
pass
EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28))
EncKrbPrivPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class EncTGSRepPart(EncKDCRepPart):
pass
EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26))
class TransitedEncoding(univ.Sequence):
pass
TransitedEncoding.componentType = namedtype.NamedTypes(
namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class EncTicketPart(univ.Sequence):
pass
EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3))
EncTicketPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
)
class EncryptionTypeValues(univ.Integer):
pass
EncryptionTypeValues.namedValues = namedval.NamedValues(
('kRB5-ENCTYPE-NULL', 0),
('kRB5-ENCTYPE-DES-CBC-CRC', 1),
('kRB5-ENCTYPE-DES-CBC-MD4', 2),
('kRB5-ENCTYPE-DES-CBC-MD5', 3),
('kRB5-ENCTYPE-DES3-CBC-MD5', 5),
('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7),
('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8),
('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9),
('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10),
('kRB5-ENCTYPE-DES3-CBC-SHA1', 16),
('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17),
('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18),
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23),
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24),
('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48),
('kRB5-ENCTYPE-ARCFOUR-MD4', -128),
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133),
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135),
('kRB5-ENCTYPE-DUMMY', -1111)
)
class EncryptionTypeSequence(univ.Sequence):
pass
EncryptionTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
tests/krb5: Add more ASN1 definitions for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-06 10:21:07 +12:00
class FastOptions(univ.BitString):
pass
FastOptions.namedValues = namedval.NamedValues(
('reserved', 0),
('hide-client-names', 1),
('kdc-follow-referrals', 16)
)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class KDCOptionsValues(univ.BitString):
pass
KDCOptionsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('forwardable', 1),
('forwarded', 2),
('proxiable', 3),
('proxy', 4),
('allow-postdate', 5),
('postdated', 6),
('unused7', 7),
('renewable', 8),
('unused9', 9),
('unused10', 10),
('opt-hardware-auth', 11),
('unused12', 12),
('unused13', 13),
tests/krb5: Add KDCOptions flag for constrained delegation Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2021-09-01 16:05:39 +12:00
('cname-in-addl-tkt', 14),
tests python krb5: Add canonicalize flag to ASN1 Add the canonicalize flag to KerberosFlags, so that it can be used in python based canonicalization tests. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-10-27 09:31:24 +13:00
('canonicalize', 15),
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
('disable-transited-check', 26),
('renewable-ok', 27),
('enc-tkt-in-skey', 28),
('renew', 30),
('validate', 31)
)
class KDCOptionsSequence(univ.Sequence):
pass
KDCOptionsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', KDCOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
class KERB_AD_RESTRICTION_ENTRY(univ.Sequence):
pass
KERB_AD_RESTRICTION_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('restriction-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('restriction', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class KerbErrorDataType(univ.Integer):
pass
class KERB_ERROR_DATA(univ.Sequence):
pass
KERB_ERROR_DATA.componentType = namedtype.NamedTypes(
namedtype.NamedType('data-type', KerbErrorDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class KERB_KEY_LIST_REP(univ.SequenceOf):
pass
KERB_KEY_LIST_REP.componentType = EncryptionKey()
class KERB_KEY_LIST_REQ(univ.SequenceOf):
pass
KERB_KEY_LIST_REQ.componentType = EncryptionType()
class KERB_LOCAL(univ.OctetString):
pass
class KERB_PA_PAC_REQUEST(univ.Sequence):
pass
KERB_PA_PAC_REQUEST.componentType = namedtype.NamedTypes(
namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class KRB_CRED(univ.Sequence):
pass
KRB_CRED.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 22))
KRB_CRED.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(22)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class KRB_ERROR(univ.Sequence):
pass
KRB_ERROR.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 30))
KRB_ERROR.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(30)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('stime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('susec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.NamedType('error-code', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
namedtype.OptionalNamedType('e-text', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))),
namedtype.OptionalNamedType('e-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12)))
)
class KRB_PRIV(univ.Sequence):
pass
KRB_PRIV.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 21))
KRB_PRIV.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(21)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class KRB_SAFE_BODY(univ.Sequence):
pass
KRB_SAFE_BODY.componentType = namedtype.NamedTypes(
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class KRB_SAFE(univ.Sequence):
pass
KRB_SAFE.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 20))
KRB_SAFE.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(20)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('safe-body', KRB_SAFE_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
class KerbErrorDataTypeValues(univ.Integer):
pass
KerbErrorDataTypeValues.namedValues = namedval.NamedValues(
('kERB-AP-ERR-TYPE-SKEW-RECOVERY', 2),
('kERB-ERR-TYPE-EXTENDED', 3)
)
class KerbErrorDataTypeSequence(univ.Sequence):
pass
KerbErrorDataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', KerbErrorDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
tests/krb5: Add more ASN1 definitions for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-06 10:21:07 +12:00
class KrbFastArmor(univ.Sequence):
pass
KrbFastArmor.componentType = namedtype.NamedTypes(
namedtype.NamedType('armor-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('armor-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class KrbFastArmoredRep(univ.Sequence):
pass
KrbFastArmoredRep.componentType = namedtype.NamedTypes(
namedtype.NamedType('enc-fast-rep', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
)
class KrbFastArmoredReq(univ.Sequence):
pass
KrbFastArmoredReq.componentType = namedtype.NamedTypes(
namedtype.OptionalNamedType('armor', KrbFastArmor().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('req-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('enc-fast-req', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
class KrbFastFinished(univ.Sequence):
pass
KrbFastFinished.componentType = namedtype.NamedTypes(
namedtype.NamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('usec', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType('ticket-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
class KrbFastReq(univ.Sequence):
pass
KrbFastReq.componentType = namedtype.NamedTypes(
namedtype.NamedType('fast-options', FastOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
class KrbFastResponse(univ.Sequence):
pass
KrbFastResponse.componentType = namedtype.NamedTypes(
namedtype.NamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('strengthen-key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.OptionalNamedType('finished', KrbFastFinished().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class MessageTypeValues(univ.Integer):
pass
MessageTypeValues.namedValues = namedval.NamedValues(
('krb-as-req', 10),
('krb-as-rep', 11),
('krb-tgs-req', 12),
('krb-tgs-rep', 13),
('krb-ap-req', 14),
('krb-ap-rep', 15),
('krb-safe', 20),
('krb-priv', 21),
('krb-cred', 22),
('krb-error', 30)
)
class MessageTypeSequence(univ.Sequence):
pass
MessageTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', MessageTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class NameTypeValues(univ.Integer):
pass
NameTypeValues.namedValues = namedval.NamedValues(
('kRB5-NT-UNKNOWN', 0),
('kRB5-NT-PRINCIPAL', 1),
('kRB5-NT-SRV-INST', 2),
('kRB5-NT-SRV-HST', 3),
('kRB5-NT-SRV-XHST', 4),
('kRB5-NT-UID', 5),
('kRB5-NT-X500-PRINCIPAL', 6),
('kRB5-NT-SMTP-NAME', 7),
('kRB5-NT-ENTERPRISE-PRINCIPAL', 10),
('kRB5-NT-WELLKNOWN', 11),
('kRB5-NT-ENT-PRINCIPAL-AND-ID', -130),
('kRB5-NT-MS-PRINCIPAL', -128),
('kRB5-NT-MS-PRINCIPAL-AND-ID', -129)
)
class NameTypeSequence(univ.Sequence):
pass
NameTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', NameTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class PA_ENC_TIMESTAMP(EncryptedData):
pass
class PA_ENC_TS_ENC(univ.Sequence):
pass
PA_ENC_TS_ENC.componentType = namedtype.NamedTypes(
namedtype.NamedType('patimestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('pausec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
tests/krb5: Add more ASN1 definitions for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-06 10:21:07 +12:00
class PA_FX_FAST_REPLY(univ.Choice):
pass
PA_FX_FAST_REPLY.componentType = namedtype.NamedTypes(
namedtype.NamedType('armored-data', KrbFastArmoredRep().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
)
class PA_FX_FAST_REQUEST(univ.Choice):
pass
PA_FX_FAST_REQUEST.componentType = namedtype.NamedTypes(
namedtype.NamedType('armored-data', KrbFastArmoredReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0)))
)
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
class PACOptionFlags(KerberosFlags):
pass
class PA_PAC_OPTIONS(univ.Sequence):
pass
PA_PAC_OPTIONS.componentType = namedtype.NamedTypes(
namedtype.NamedType('options', PACOptionFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
selftest: add python S4U2Self tests including unkeyed checksums To test the CRC32 I reverted the unkeyed-checksum fix (43958af1) and the weak-crypto fix (389d1b97). Note that the unkeyed-md5 still worked even with weak-crypto disabled, and that the unkeyed-sha1 never worked but I left it anyway. Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 15 12:25:40 UTC 2020 on sn-devel-184
2020-05-04 18:09:53 +02:00
class PA_S4U2Self(univ.Sequence):
pass
PA_S4U2Self.componentType = namedtype.NamedTypes(
namedtype.NamedType('name', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('auth', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing Update and re-generate the ASN.1 to allow an improved testsuite. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-04-09 11:10:11 +02:00
class PA_SUPPORTED_ENCTYPES(Int32):
pass
class PACOptionFlagsValues(univ.BitString):
pass
PACOptionFlagsValues.namedValues = namedval.NamedValues(
('claims', 0),
('branch-aware', 1),
('forward-to-full-dc', 2),
('resource-based-constrained-delegation', 3)
)
class PACOptionFlagsSequence(univ.Sequence):
pass
PACOptionFlagsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', PACOptionFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
class PADataTypeValues(univ.Integer):
pass
PADataTypeValues.namedValues = namedval.NamedValues(
('kRB5-PADATA-NONE', 0),
('kRB5-PADATA-KDC-REQ', 1),
('kRB5-PADATA-ENC-TIMESTAMP', 2),
('kRB5-PADATA-PW-SALT', 3),
('kRB5-PADATA-ENC-UNIX-TIME', 5),
('kRB5-PADATA-SANDIA-SECUREID', 6),
('kRB5-PADATA-SESAME', 7),
('kRB5-PADATA-OSF-DCE', 8),
('kRB5-PADATA-CYBERSAFE-SECUREID', 9),
('kRB5-PADATA-AFS3-SALT', 10),
('kRB5-PADATA-ETYPE-INFO', 11),
('kRB5-PADATA-SAM-CHALLENGE', 12),
('kRB5-PADATA-SAM-RESPONSE', 13),
('kRB5-PADATA-PK-AS-REQ-19', 14),
('kRB5-PADATA-PK-AS-REP-19', 15),
('kRB5-PADATA-PK-AS-REQ', 16),
('kRB5-PADATA-PK-AS-REP', 17),
('kRB5-PADATA-PA-PK-OCSP-RESPONSE', 18),
('kRB5-PADATA-ETYPE-INFO2', 19),
('kRB5-PADATA-SVR-REFERRAL-INFO', 20),
('kRB5-PADATA-SAM-REDIRECT', 21),
('kRB5-PADATA-GET-FROM-TYPED-DATA', 22),
('kRB5-PADATA-SAM-ETYPE-INFO', 23),
('kRB5-PADATA-SERVER-REFERRAL', 25),
('kRB5-PADATA-ALT-PRINC', 24),
('kRB5-PADATA-SAM-CHALLENGE2', 30),
('kRB5-PADATA-SAM-RESPONSE2', 31),
('kRB5-PA-EXTRA-TGT', 41),
('kRB5-PADATA-TD-KRB-PRINCIPAL', 102),
('kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS', 104),
('kRB5-PADATA-PK-TD-CERTIFICATE-INDEX', 105),
('kRB5-PADATA-TD-APP-DEFINED-ERROR', 106),
('kRB5-PADATA-TD-REQ-NONCE', 107),
('kRB5-PADATA-TD-REQ-SEQ', 108),
('kRB5-PADATA-PA-PAC-REQUEST', 128),
('kRB5-PADATA-FOR-USER', 129),
('kRB5-PADATA-FOR-X509-USER', 130),
('kRB5-PADATA-FOR-CHECK-DUPS', 131),
('kRB5-PADATA-AS-CHECKSUM', 132),
('kRB5-PADATA-FX-COOKIE', 133),
('kRB5-PADATA-AUTHENTICATION-SET', 134),
('kRB5-PADATA-AUTH-SET-SELECTED', 135),
('kRB5-PADATA-FX-FAST', 136),
('kRB5-PADATA-FX-ERROR', 137),
('kRB5-PADATA-ENCRYPTED-CHALLENGE', 138),
('kRB5-PADATA-OTP-CHALLENGE', 141),
('kRB5-PADATA-OTP-REQUEST', 142),
('kBB5-PADATA-OTP-CONFIRM', 143),
('kRB5-PADATA-OTP-PIN-CHANGE', 144),
('kRB5-PADATA-EPAK-AS-REQ', 145),
('kRB5-PADATA-EPAK-AS-REP', 146),
('kRB5-PADATA-PKINIT-KX', 147),
('kRB5-PADATA-PKU2U-NAME', 148),
('kRB5-PADATA-REQ-ENC-PA-REP', 149),
tests/krb5: Add more ASN1 definitions for FAST Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2021-07-06 10:21:07 +12:00
('kRB5-PADATA-SUPPORTED-ETYPES', 165),
('kRB5-PADATA-PAC-OPTIONS', 167)
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-02-13 16:29:38 +01:00
)
class PADataTypeSequence(univ.Sequence):
pass
PADataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', PADataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class TGS_REP(KDC_REP):
pass
TGS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13))
class TGS_REQ(KDC_REQ):
pass
TGS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12))
class TYPED_DATA(univ.SequenceOf):
pass
TYPED_DATA.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('data-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
TYPED_DATA.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
class TicketFlagsValues(univ.BitString):
pass
TicketFlagsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('forwardable', 1),
('forwarded', 2),
('proxiable', 3),
('proxy', 4),
('may-postdate', 5),
('postdated', 6),
('invalid', 7),
('renewable', 8),
('initial', 9),
('pre-authent', 10),
('hw-authent', 11),
('transited-policy-checked', 12),
('ok-as-delegate', 13)
)
class TicketFlagsSequence(univ.Sequence):
pass
TicketFlagsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', TicketFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
id_krb5 = _OID(1, 3, 6, 1, 5, 2)
Copy Permalink