mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code
The pyasn1 bindings are generated by pyasn1gen.py from https://github.com/kimgr/asn1ate.git Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
This commit is contained in:
Stefan Metzmacher
parent
a2f75c314e
commit
94d068427f
@ -25,15 +25,23 @@ UInt32 ::= INTEGER (0..4294967295)
|
||||
Microseconds ::= INTEGER (0..999999)
|
||||
-- microseconds
|
||||
|
||||
KerberosString ::= GeneralString (IA5String)
|
||||
--
|
||||
-- asn1ate doesn't support 'GeneralString (IA5String)'
|
||||
-- only 'GeneralString' or 'IA5String', on the wire
|
||||
-- GeneralString is used.
|
||||
--
|
||||
-- KerberosString ::= GeneralString (IA5String)
|
||||
KerberosString ::= GeneralString
|
||||
|
||||
Realm ::= KerberosString
|
||||
|
||||
PrincipalName ::= SEQUENCE {
|
||||
name-type [0] Int32,
|
||||
name-type [0] NameType, -- Int32,
|
||||
name-string [1] SEQUENCE OF KerberosString
|
||||
}
|
||||
|
||||
NameType ::= Int32
|
||||
|
||||
KerberosTime ::= GeneralizedTime -- with no fractional seconds
|
||||
|
||||
HostAddress ::= SEQUENCE {
|
||||
@ -50,36 +58,48 @@ HostAddresses -- NOTE: subtly different from rfc1510,
|
||||
-- NOTE: AuthorizationData is always used as an OPTIONAL field and
|
||||
-- should not be empty.
|
||||
AuthorizationData ::= SEQUENCE OF SEQUENCE {
|
||||
ad-type [0] Int32,
|
||||
ad-type [0] AuthDataType, -- Int32,
|
||||
ad-data [1] OCTET STRING
|
||||
}
|
||||
|
||||
AuthDataType ::= Int32
|
||||
|
||||
PA-DATA ::= SEQUENCE {
|
||||
-- NOTE: first tag is [1], not [0]
|
||||
padata-type [1] Int32,
|
||||
padata-type [1] PADataType, -- Int32
|
||||
padata-value [2] OCTET STRING -- might be encoded AP-REQ
|
||||
}
|
||||
|
||||
KerberosFlags ::= BIT STRING (SIZE (32..MAX))
|
||||
PADataType ::= Int32
|
||||
|
||||
--
|
||||
-- asn1ate doesn't support 'MAX' nor a lower range != 1.
|
||||
-- We'll use a custom enodeValue() hooks for BitString
|
||||
-- in order to encode them with at least 32-Bit.
|
||||
--
|
||||
-- KerberosFlags ::= BIT STRING (SIZE (32..MAX))
|
||||
KerberosFlags ::= BIT STRING (SIZE (1..32))
|
||||
-- minimum number of bits shall be sent,
|
||||
-- but no fewer than 32
|
||||
|
||||
EncryptedData ::= SEQUENCE {
|
||||
etype [0] Int32 -- EncryptionType --,
|
||||
etype [0] EncryptionType, --Int32 EncryptionType --
|
||||
kvno [1] UInt32 OPTIONAL,
|
||||
cipher [2] OCTET STRING -- ciphertext
|
||||
}
|
||||
|
||||
EncryptionKey ::= SEQUENCE {
|
||||
keytype [0] Int32 -- actually encryption type --,
|
||||
keytype [0] EncryptionType, -- Int32 actually encryption type --
|
||||
keyvalue [1] OCTET STRING
|
||||
}
|
||||
|
||||
Checksum ::= SEQUENCE {
|
||||
cksumtype [0] Int32,
|
||||
cksumtype [0] ChecksumType, -- Int32,
|
||||
checksum [1] OCTET STRING
|
||||
}
|
||||
|
||||
ChecksumType ::= Int32
|
||||
|
||||
Ticket ::= [APPLICATION 1] SEQUENCE {
|
||||
tkt-vno [0] INTEGER (5),
|
||||
realm [1] Realm,
|
||||
@ -150,7 +170,7 @@ KDC-REQ-BODY ::= SEQUENCE {
|
||||
till [5] KerberosTime,
|
||||
rtime [6] KerberosTime OPTIONAL,
|
||||
nonce [7] UInt32,
|
||||
etype [8] SEQUENCE OF Int32 -- EncryptionType
|
||||
etype [8] SEQUENCE OF EncryptionType -- Int32 - EncryptionType
|
||||
-- in preference order --,
|
||||
addresses [9] HostAddresses OPTIONAL,
|
||||
enc-authorization-data [10] EncryptedData OPTIONAL
|
||||
@ -159,6 +179,8 @@ KDC-REQ-BODY ::= SEQUENCE {
|
||||
-- NOTE: not empty
|
||||
}
|
||||
|
||||
EncryptionType ::= Int32
|
||||
|
||||
KDCOptions ::= KerberosFlags
|
||||
-- reserved(0),
|
||||
-- forwardable(1),
|
||||
@ -344,7 +366,11 @@ KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
|
||||
|
||||
METHOD-DATA ::= SEQUENCE OF PA-DATA
|
||||
|
||||
TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
||||
--
|
||||
-- asn1ate doesn't support 'MAX'
|
||||
--
|
||||
-- TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
|
||||
TYPED-DATA ::= SEQUENCE SIZE (1..256) OF SEQUENCE {
|
||||
data-type [0] Int32,
|
||||
data-value [1] OCTET STRING OPTIONAL
|
||||
}
|
||||
@ -371,7 +397,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE {
|
||||
s2kparams [2] OCTET STRING OPTIONAL
|
||||
}
|
||||
|
||||
ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
|
||||
ETYPE-INFO2 ::= SEQUENCE SIZE (1..256) OF ETYPE-INFO2-ENTRY
|
||||
|
||||
AD-IF-RELEVANT ::= AuthorizationData
|
||||
|
||||
@ -389,4 +415,249 @@ AD-AND-OR ::= SEQUENCE {
|
||||
|
||||
AD-MANDATORY-FOR-KDC ::= AuthorizationData
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
--
|
||||
--
|
||||
-- prettyPrint values
|
||||
--
|
||||
--
|
||||
|
||||
NameTypeValues ::= INTEGER { -- Int32
|
||||
kRB5-NT-UNKNOWN(0), -- Name type not known
|
||||
kRB5-NT-PRINCIPAL(1), -- Just the name of the principal as in
|
||||
kRB5-NT-SRV-INST(2), -- Service and other unique instance (krbtgt)
|
||||
kRB5-NT-SRV-HST(3), -- Service with host name as instance
|
||||
kRB5-NT-SRV-XHST(4), -- Service with host as remaining components
|
||||
kRB5-NT-UID(5), -- Unique ID
|
||||
kRB5-NT-X500-PRINCIPAL(6), -- PKINIT
|
||||
kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name
|
||||
kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN
|
||||
kRB5-NT-WELLKNOWN(11), -- Wellknown
|
||||
kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID
|
||||
kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name
|
||||
kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID
|
||||
}
|
||||
NameTypeSequence ::= SEQUENCE {
|
||||
dummy [0] NameTypeValues
|
||||
}
|
||||
|
||||
TicketFlagsValues ::= BIT STRING { -- KerberosFlags
|
||||
reserved(0),
|
||||
forwardable(1),
|
||||
forwarded(2),
|
||||
proxiable(3),
|
||||
proxy(4),
|
||||
may-postdate(5),
|
||||
postdated(6),
|
||||
invalid(7),
|
||||
renewable(8),
|
||||
initial(9),
|
||||
pre-authent(10),
|
||||
hw-authent(11),
|
||||
-- the following are new since 1510
|
||||
transited-policy-checked(12),
|
||||
ok-as-delegate(13)
|
||||
}
|
||||
TicketFlagsSequence ::= SEQUENCE {
|
||||
dummy [0] TicketFlagsValues
|
||||
}
|
||||
|
||||
KDCOptionsValues ::= BIT STRING { -- KerberosFlags
|
||||
reserved(0),
|
||||
forwardable(1),
|
||||
forwarded(2),
|
||||
proxiable(3),
|
||||
proxy(4),
|
||||
allow-postdate(5),
|
||||
postdated(6),
|
||||
unused7(7),
|
||||
renewable(8),
|
||||
unused9(9),
|
||||
unused10(10),
|
||||
opt-hardware-auth(11),
|
||||
unused12(12),
|
||||
unused13(13),
|
||||
-- 15 is reserved for canonicalize
|
||||
unused15(15),
|
||||
-- 26 was unused in 1510
|
||||
disable-transited-check(26),
|
||||
--
|
||||
renewable-ok(27),
|
||||
enc-tkt-in-skey(28),
|
||||
renew(30),
|
||||
validate(31)
|
||||
}
|
||||
KDCOptionsSequence ::= SEQUENCE {
|
||||
dummy [0] KDCOptionsValues
|
||||
}
|
||||
|
||||
MessageTypeValues ::= INTEGER {
|
||||
krb-as-req(10), -- Request for initial authentication
|
||||
krb-as-rep(11), -- Response to KRB_AS_REQ request
|
||||
krb-tgs-req(12), -- Request for authentication based on TGT
|
||||
krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
|
||||
krb-ap-req(14), -- application request to server
|
||||
krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
|
||||
krb-safe(20), -- Safe (checksummed) application message
|
||||
krb-priv(21), -- Private (encrypted) application message
|
||||
krb-cred(22), -- Private (encrypted) message to forward credentials
|
||||
krb-error(30) -- Error response
|
||||
}
|
||||
MessageTypeSequence ::= SEQUENCE {
|
||||
dummy [0] MessageTypeValues
|
||||
}
|
||||
|
||||
PADataTypeValues ::= INTEGER {
|
||||
kRB5-PADATA-NONE(0),
|
||||
-- kRB5-PADATA-TGS-REQ(1),
|
||||
-- kRB5-PADATA-AP-REQ(1),
|
||||
kRB5-PADATA-KDC-REQ(1),
|
||||
kRB5-PADATA-ENC-TIMESTAMP(2),
|
||||
kRB5-PADATA-PW-SALT(3),
|
||||
kRB5-PADATA-ENC-UNIX-TIME(5),
|
||||
kRB5-PADATA-SANDIA-SECUREID(6),
|
||||
kRB5-PADATA-SESAME(7),
|
||||
kRB5-PADATA-OSF-DCE(8),
|
||||
kRB5-PADATA-CYBERSAFE-SECUREID(9),
|
||||
kRB5-PADATA-AFS3-SALT(10),
|
||||
kRB5-PADATA-ETYPE-INFO(11),
|
||||
kRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
|
||||
kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
|
||||
kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
|
||||
kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
|
||||
-- kRB5-PADATA-PK-AS-REQ-WIN(15), - (PKINIT - old number)
|
||||
kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
|
||||
kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
|
||||
kRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
|
||||
kRB5-PADATA-ETYPE-INFO2(19),
|
||||
-- kRB5-PADATA-USE-SPECIFIED-KVNO(20),
|
||||
kRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
|
||||
kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
|
||||
kRB5-PADATA-GET-FROM-TYPED-DATA(22),
|
||||
kRB5-PADATA-SAM-ETYPE-INFO(23),
|
||||
kRB5-PADATA-SERVER-REFERRAL(25),
|
||||
kRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov)
|
||||
kRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com)
|
||||
kRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com)
|
||||
kRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT
|
||||
kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
|
||||
kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
|
||||
kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
|
||||
kRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific
|
||||
kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
|
||||
kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
|
||||
kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
|
||||
kRB5-PADATA-FOR-USER(129), -- MS-KILE
|
||||
kRB5-PADATA-FOR-X509-USER(130), -- MS-KILE
|
||||
kRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE
|
||||
kRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE
|
||||
-- kRB5-PADATA-PK-AS-09-BINDING(132), - client send this to
|
||||
-- tell KDC that is supports
|
||||
-- the asCheckSum in the
|
||||
-- PK-AS-REP
|
||||
kRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework
|
||||
kRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com)
|
||||
kRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com)
|
||||
kBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com)
|
||||
kRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com)
|
||||
kRB5-PADATA-EPAK-AS-REQ(145),
|
||||
kRB5-PADATA-EPAK-AS-REP(146),
|
||||
kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon
|
||||
kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u
|
||||
kRB5-PADATA-REQ-ENC-PA-REP(149), --
|
||||
kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE
|
||||
}
|
||||
PADataTypeSequence ::= SEQUENCE {
|
||||
dummy [0] PADataTypeValues
|
||||
}
|
||||
|
||||
AuthDataTypeValues ::= INTEGER {
|
||||
kRB5-AUTHDATA-IF-RELEVANT(1),
|
||||
kRB5-AUTHDATA-INTENDED-FOR-SERVER(2),
|
||||
kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
|
||||
kRB5-AUTHDATA-KDC-ISSUED(4),
|
||||
kRB5-AUTHDATA-AND-OR(5),
|
||||
kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
|
||||
kRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
|
||||
kRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
|
||||
kRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
|
||||
kRB5-AUTHDATA-OSF-DCE(64),
|
||||
kRB5-AUTHDATA-SESAME(65),
|
||||
kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
|
||||
kRB5-AUTHDATA-WIN2K-PAC(128),
|
||||
kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
|
||||
kRB5-AUTHDATA-SIGNTICKET-OLDER(-17),
|
||||
kRB5-AUTHDATA-SIGNTICKET-OLD(142),
|
||||
kRB5-AUTHDATA-SIGNTICKET(512)
|
||||
}
|
||||
AuthDataTypeSequence ::= SEQUENCE {
|
||||
dummy [0] AuthDataTypeValues
|
||||
}
|
||||
|
||||
ChecksumTypeValues ::= INTEGER {
|
||||
kRB5-CKSUMTYPE-NONE(0),
|
||||
kRB5-CKSUMTYPE-CRC32(1),
|
||||
kRB5-CKSUMTYPE-RSA-MD4(2),
|
||||
kRB5-CKSUMTYPE-RSA-MD4-DES(3),
|
||||
kRB5-CKSUMTYPE-DES-MAC(4),
|
||||
kRB5-CKSUMTYPE-DES-MAC-K(5),
|
||||
kRB5-CKSUMTYPE-RSA-MD4-DES-K(6),
|
||||
kRB5-CKSUMTYPE-RSA-MD5(7),
|
||||
kRB5-CKSUMTYPE-RSA-MD5-DES(8),
|
||||
kRB5-CKSUMTYPE-RSA-MD5-DES3(9),
|
||||
kRB5-CKSUMTYPE-SHA1-OTHER(10),
|
||||
kRB5-CKSUMTYPE-HMAC-SHA1-DES3(12),
|
||||
kRB5-CKSUMTYPE-SHA1(14),
|
||||
kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128(15),
|
||||
kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256(16),
|
||||
kRB5-CKSUMTYPE-GSSAPI(32771), -- 0x8003
|
||||
kRB5-CKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number
|
||||
kRB5-CKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial
|
||||
}
|
||||
ChecksumTypeSequence ::= SEQUENCE {
|
||||
dummy [0] ChecksumTypeValues
|
||||
}
|
||||
|
||||
EncryptionTypeValues ::= INTEGER {
|
||||
kRB5-ENCTYPE-NULL(0),
|
||||
kRB5-ENCTYPE-DES-CBC-CRC(1),
|
||||
kRB5-ENCTYPE-DES-CBC-MD4(2),
|
||||
kRB5-ENCTYPE-DES-CBC-MD5(3),
|
||||
kRB5-ENCTYPE-DES3-CBC-MD5(5),
|
||||
kRB5-ENCTYPE-OLD-DES3-CBC-SHA1(7),
|
||||
kRB5-ENCTYPE-SIGN-DSA-GENERATE(8),
|
||||
kRB5-ENCTYPE-ENCRYPT-RSA-PRIV(9),
|
||||
kRB5-ENCTYPE-ENCRYPT-RSA-PUB(10),
|
||||
kRB5-ENCTYPE-DES3-CBC-SHA1(16), -- with key derivation
|
||||
kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96(17),
|
||||
kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96(18),
|
||||
kRB5-ENCTYPE-ARCFOUR-HMAC-MD5(23),
|
||||
kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56(24),
|
||||
kRB5-ENCTYPE-ENCTYPE-PK-CROSS(48),
|
||||
-- some "old" windows types
|
||||
kRB5-ENCTYPE-ARCFOUR-MD4(-128),
|
||||
kRB5-ENCTYPE-ARCFOUR-HMAC-OLD(-133),
|
||||
kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP(-135),
|
||||
-- these are for Heimdal internal use
|
||||
-- kRB5-ENCTYPE-DES-CBC-NONE(-0x1000),
|
||||
-- kRB5-ENCTYPE-DES3-CBC-NONE(-0x1001),
|
||||
-- kRB5-ENCTYPE-DES-CFB64-NONE(-0x1002),
|
||||
-- kRB5-ENCTYPE-DES-PCBC-NONE(-0x1003),
|
||||
-- kRB5-ENCTYPE-DIGEST-MD5-NONE(-0x1004), - private use, lukeh@padl.com
|
||||
-- kRB5-ENCTYPE-CRAM-MD5-NONE(-0x1005) - private use, lukeh@padl.com
|
||||
kRB5-ENCTYPE-DUMMY(-1111)
|
||||
}
|
||||
EncryptionTypeSequence ::= SEQUENCE {
|
||||
dummy [0] EncryptionTypeValues
|
||||
}
|
||||
|
||||
END
|
||||
|
||||
914
python/samba/tests/krb5/rfc4120_pyasn1.py
Normal file
914
python/samba/tests/krb5/rfc4120_pyasn1.py
Normal file
@ -0,0 +1,914 @@
|
||||
# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
|
||||
# (last modified on 2020-03-26 10:28:24.346775)
|
||||
|
||||
# KerberosV5Spec2
|
||||
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
|
||||
|
||||
|
||||
def _OID(*components):
|
||||
output = []
|
||||
for x in tuple(components):
|
||||
if isinstance(x, univ.ObjectIdentifier):
|
||||
output.extend(list(x))
|
||||
else:
|
||||
output.append(int(x))
|
||||
|
||||
return univ.ObjectIdentifier(output)
|
||||
|
||||
|
||||
class Int32(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
Int32.subtypeSpec = constraint.ValueRangeConstraint(-2147483648, 2147483647)
|
||||
|
||||
|
||||
class AuthDataType(Int32):
|
||||
pass
|
||||
|
||||
|
||||
class AuthorizationData(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
AuthorizationData.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
|
||||
namedtype.NamedType('ad-type', AuthDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('ad-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
))
|
||||
|
||||
|
||||
class AD_AND_OR(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
AD_AND_OR.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('condition-count', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class AD_IF_RELEVANT(AuthorizationData):
|
||||
pass
|
||||
|
||||
|
||||
class ChecksumType(Int32):
|
||||
pass
|
||||
|
||||
|
||||
class Checksum(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
Checksum.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('cksumtype', ChecksumType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('checksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class KerberosString(char.GeneralString):
|
||||
pass
|
||||
|
||||
|
||||
class NameType(Int32):
|
||||
pass
|
||||
|
||||
|
||||
class PrincipalName(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
PrincipalName.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('name-type', NameType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('name-string', univ.SequenceOf(componentType=KerberosString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class Realm(KerberosString):
|
||||
pass
|
||||
|
||||
|
||||
class AD_KDCIssued(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
AD_KDCIssued.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('ad-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||||
namedtype.OptionalNamedType('i-realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('i-sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
|
||||
)
|
||||
|
||||
|
||||
class AD_MANDATORY_FOR_KDC(AuthorizationData):
|
||||
pass
|
||||
|
||||
|
||||
class EncryptionType(Int32):
|
||||
pass
|
||||
|
||||
|
||||
class UInt32(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
UInt32.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
|
||||
|
||||
|
||||
class EncryptedData(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncryptedData.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('kvno', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
|
||||
)
|
||||
|
||||
|
||||
class AP_REP(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
AP_REP.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15))
|
||||
AP_REP.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(15)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
|
||||
)
|
||||
|
||||
|
||||
class KerberosFlags(univ.BitString):
|
||||
pass
|
||||
|
||||
|
||||
KerberosFlags.subtypeSpec=constraint.ValueSizeConstraint(1, 32)
|
||||
|
||||
|
||||
class APOptions(KerberosFlags):
|
||||
pass
|
||||
|
||||
|
||||
class Ticket(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
Ticket.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
|
||||
Ticket.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('tkt-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
|
||||
)
|
||||
|
||||
|
||||
class AP_REQ(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
AP_REQ.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14))
|
||||
AP_REQ.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(14)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('ap-options', APOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('authenticator', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
|
||||
)
|
||||
|
||||
|
||||
class PADataType(Int32):
|
||||
pass
|
||||
|
||||
|
||||
class PA_DATA(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
PA_DATA.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('padata-type', PADataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('padata-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
|
||||
)
|
||||
|
||||
|
||||
class KDC_REP(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KDC_REP.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(11, 13)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
|
||||
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)))
|
||||
)
|
||||
|
||||
|
||||
class AS_REP(KDC_REP):
|
||||
pass
|
||||
|
||||
|
||||
AS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11))
|
||||
|
||||
|
||||
class HostAddress(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
HostAddress.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('addr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('address', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class HostAddresses(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
HostAddresses.componentType = HostAddress()
|
||||
|
||||
|
||||
class KDCOptions(KerberosFlags):
|
||||
pass
|
||||
|
||||
|
||||
class KerberosTime(useful.GeneralizedTime):
|
||||
pass
|
||||
|
||||
|
||||
class KDC_REQ_BODY(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KDC_REQ_BODY.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('kdc-options', KDCOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
|
||||
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
|
||||
namedtype.OptionalNamedType('from', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
|
||||
namedtype.NamedType('till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.OptionalNamedType('rtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
|
||||
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.NamedType('etype', univ.SequenceOf(componentType=EncryptionType()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
|
||||
namedtype.OptionalNamedType('addresses', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
|
||||
namedtype.OptionalNamedType('enc-authorization-data', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
|
||||
namedtype.OptionalNamedType('additional-tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
|
||||
)
|
||||
|
||||
|
||||
class KDC_REQ(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KDC_REQ.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(10, 12)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
|
||||
)
|
||||
|
||||
|
||||
class AS_REQ(KDC_REQ):
|
||||
pass
|
||||
|
||||
|
||||
AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10))
|
||||
|
||||
|
||||
class AuthDataTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
AuthDataTypeValues.namedValues = namedval.NamedValues(
|
||||
('kRB5-AUTHDATA-IF-RELEVANT', 1),
|
||||
('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2),
|
||||
('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3),
|
||||
('kRB5-AUTHDATA-KDC-ISSUED', 4),
|
||||
('kRB5-AUTHDATA-AND-OR', 5),
|
||||
('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6),
|
||||
('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7),
|
||||
('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8),
|
||||
('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9),
|
||||
('kRB5-AUTHDATA-OSF-DCE', 64),
|
||||
('kRB5-AUTHDATA-SESAME', 65),
|
||||
('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66),
|
||||
('kRB5-AUTHDATA-WIN2K-PAC', 128),
|
||||
('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129),
|
||||
('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17),
|
||||
('kRB5-AUTHDATA-SIGNTICKET-OLD', 142),
|
||||
('kRB5-AUTHDATA-SIGNTICKET', 512)
|
||||
)
|
||||
|
||||
|
||||
class AuthDataTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
AuthDataTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class EncryptionKey(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncryptionKey.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class Microseconds(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999)
|
||||
|
||||
|
||||
class Authenticator(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
|
||||
Authenticator.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
|
||||
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
|
||||
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
|
||||
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
|
||||
)
|
||||
|
||||
|
||||
class ChecksumTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
ChecksumTypeValues.namedValues = namedval.NamedValues(
|
||||
('kRB5-CKSUMTYPE-NONE', 0),
|
||||
('kRB5-CKSUMTYPE-CRC32', 1),
|
||||
('kRB5-CKSUMTYPE-RSA-MD4', 2),
|
||||
('kRB5-CKSUMTYPE-RSA-MD4-DES', 3),
|
||||
('kRB5-CKSUMTYPE-DES-MAC', 4),
|
||||
('kRB5-CKSUMTYPE-DES-MAC-K', 5),
|
||||
('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6),
|
||||
('kRB5-CKSUMTYPE-RSA-MD5', 7),
|
||||
('kRB5-CKSUMTYPE-RSA-MD5-DES', 8),
|
||||
('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9),
|
||||
('kRB5-CKSUMTYPE-SHA1-OTHER', 10),
|
||||
('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12),
|
||||
('kRB5-CKSUMTYPE-SHA1', 14),
|
||||
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15),
|
||||
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16),
|
||||
('kRB5-CKSUMTYPE-GSSAPI', 32771),
|
||||
('kRB5-CKSUMTYPE-HMAC-MD5', -138),
|
||||
('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138)
|
||||
)
|
||||
|
||||
|
||||
class ChecksumTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
ChecksumTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class ETYPE_INFO_ENTRY(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class ETYPE_INFO(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
ETYPE_INFO.componentType = ETYPE_INFO_ENTRY()
|
||||
|
||||
|
||||
class ETYPE_INFO2_ENTRY(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
|
||||
)
|
||||
|
||||
|
||||
class ETYPE_INFO2(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY()
|
||||
ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
|
||||
|
||||
|
||||
class EncAPRepPart(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27))
|
||||
EncAPRepPart.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
|
||||
)
|
||||
|
||||
|
||||
class LastReq(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
|
||||
namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
))
|
||||
|
||||
|
||||
class TicketFlags(KerberosFlags):
|
||||
pass
|
||||
|
||||
|
||||
class EncKDCRepPart(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncKDCRepPart.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||||
namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
|
||||
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
|
||||
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
|
||||
namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
|
||||
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
|
||||
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
|
||||
)
|
||||
|
||||
|
||||
class EncASRepPart(EncKDCRepPart):
|
||||
pass
|
||||
|
||||
|
||||
EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25))
|
||||
|
||||
|
||||
class KrbCredInfo(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KrbCredInfo.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
|
||||
namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
|
||||
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
|
||||
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
|
||||
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))),
|
||||
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
|
||||
)
|
||||
|
||||
|
||||
class EncKrbCredPart(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29))
|
||||
EncKrbCredPart.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
|
||||
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
|
||||
)
|
||||
|
||||
|
||||
class EncKrbPrivPart(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28))
|
||||
EncKrbPrivPart.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
|
||||
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
|
||||
)
|
||||
|
||||
|
||||
class EncTGSRepPart(EncKDCRepPart):
|
||||
pass
|
||||
|
||||
|
||||
EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26))
|
||||
|
||||
|
||||
class TransitedEncoding(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
TransitedEncoding.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class EncTicketPart(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3))
|
||||
EncTicketPart.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
|
||||
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
|
||||
namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
|
||||
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
|
||||
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
|
||||
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
|
||||
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
|
||||
)
|
||||
|
||||
|
||||
class EncryptionTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
EncryptionTypeValues.namedValues = namedval.NamedValues(
|
||||
('kRB5-ENCTYPE-NULL', 0),
|
||||
('kRB5-ENCTYPE-DES-CBC-CRC', 1),
|
||||
('kRB5-ENCTYPE-DES-CBC-MD4', 2),
|
||||
('kRB5-ENCTYPE-DES-CBC-MD5', 3),
|
||||
('kRB5-ENCTYPE-DES3-CBC-MD5', 5),
|
||||
('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7),
|
||||
('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8),
|
||||
('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9),
|
||||
('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10),
|
||||
('kRB5-ENCTYPE-DES3-CBC-SHA1', 16),
|
||||
('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17),
|
||||
('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18),
|
||||
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23),
|
||||
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24),
|
||||
('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48),
|
||||
('kRB5-ENCTYPE-ARCFOUR-MD4', -128),
|
||||
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133),
|
||||
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135),
|
||||
('kRB5-ENCTYPE-DUMMY', -1111)
|
||||
)
|
||||
|
||||
|
||||
class EncryptionTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
EncryptionTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class KDCOptionsValues(univ.BitString):
|
||||
pass
|
||||
|
||||
|
||||
KDCOptionsValues.namedValues = namedval.NamedValues(
|
||||
('reserved', 0),
|
||||
('forwardable', 1),
|
||||
('forwarded', 2),
|
||||
('proxiable', 3),
|
||||
('proxy', 4),
|
||||
('allow-postdate', 5),
|
||||
('postdated', 6),
|
||||
('unused7', 7),
|
||||
('renewable', 8),
|
||||
('unused9', 9),
|
||||
('unused10', 10),
|
||||
('opt-hardware-auth', 11),
|
||||
('unused12', 12),
|
||||
('unused13', 13),
|
||||
('unused15', 15),
|
||||
('disable-transited-check', 26),
|
||||
('renewable-ok', 27),
|
||||
('enc-tkt-in-skey', 28),
|
||||
('renew', 30),
|
||||
('validate', 31)
|
||||
)
|
||||
|
||||
|
||||
class KDCOptionsSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KDCOptionsSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', KDCOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class KRB_CRED(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KRB_CRED.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 22))
|
||||
KRB_CRED.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(22)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
|
||||
)
|
||||
|
||||
|
||||
class KRB_ERROR(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KRB_ERROR.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 30))
|
||||
KRB_ERROR.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(30)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('stime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
|
||||
namedtype.NamedType('susec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
|
||||
namedtype.NamedType('error-code', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
|
||||
namedtype.OptionalNamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
|
||||
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
|
||||
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
|
||||
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
|
||||
namedtype.OptionalNamedType('e-text', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))),
|
||||
namedtype.OptionalNamedType('e-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12)))
|
||||
)
|
||||
|
||||
|
||||
class KRB_PRIV(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KRB_PRIV.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 21))
|
||||
KRB_PRIV.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(21)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
|
||||
)
|
||||
|
||||
|
||||
class KRB_SAFE_BODY(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KRB_SAFE_BODY.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
|
||||
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
|
||||
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
|
||||
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
|
||||
)
|
||||
|
||||
|
||||
class KRB_SAFE(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
KRB_SAFE.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 20))
|
||||
KRB_SAFE.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(20)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
|
||||
namedtype.NamedType('safe-body', KRB_SAFE_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
|
||||
namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
|
||||
)
|
||||
|
||||
|
||||
class METHOD_DATA(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
METHOD_DATA.componentType = PA_DATA()
|
||||
|
||||
|
||||
class MessageTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
MessageTypeValues.namedValues = namedval.NamedValues(
|
||||
('krb-as-req', 10),
|
||||
('krb-as-rep', 11),
|
||||
('krb-tgs-req', 12),
|
||||
('krb-tgs-rep', 13),
|
||||
('krb-ap-req', 14),
|
||||
('krb-ap-rep', 15),
|
||||
('krb-safe', 20),
|
||||
('krb-priv', 21),
|
||||
('krb-cred', 22),
|
||||
('krb-error', 30)
|
||||
)
|
||||
|
||||
|
||||
class MessageTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
MessageTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', MessageTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class NameTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
NameTypeValues.namedValues = namedval.NamedValues(
|
||||
('kRB5-NT-UNKNOWN', 0),
|
||||
('kRB5-NT-PRINCIPAL', 1),
|
||||
('kRB5-NT-SRV-INST', 2),
|
||||
('kRB5-NT-SRV-HST', 3),
|
||||
('kRB5-NT-SRV-XHST', 4),
|
||||
('kRB5-NT-UID', 5),
|
||||
('kRB5-NT-X500-PRINCIPAL', 6),
|
||||
('kRB5-NT-SMTP-NAME', 7),
|
||||
('kRB5-NT-ENTERPRISE-PRINCIPAL', 10),
|
||||
('kRB5-NT-WELLKNOWN', 11),
|
||||
('kRB5-NT-ENT-PRINCIPAL-AND-ID', -130),
|
||||
('kRB5-NT-MS-PRINCIPAL', -128),
|
||||
('kRB5-NT-MS-PRINCIPAL-AND-ID', -129)
|
||||
)
|
||||
|
||||
|
||||
class NameTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
NameTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', NameTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class PA_ENC_TIMESTAMP(EncryptedData):
|
||||
pass
|
||||
|
||||
|
||||
class PA_ENC_TS_ENC(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
PA_ENC_TS_ENC.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('patimestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('pausec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
)
|
||||
|
||||
|
||||
class PADataTypeValues(univ.Integer):
|
||||
pass
|
||||
|
||||
|
||||
PADataTypeValues.namedValues = namedval.NamedValues(
|
||||
('kRB5-PADATA-NONE', 0),
|
||||
('kRB5-PADATA-KDC-REQ', 1),
|
||||
('kRB5-PADATA-ENC-TIMESTAMP', 2),
|
||||
('kRB5-PADATA-PW-SALT', 3),
|
||||
('kRB5-PADATA-ENC-UNIX-TIME', 5),
|
||||
('kRB5-PADATA-SANDIA-SECUREID', 6),
|
||||
('kRB5-PADATA-SESAME', 7),
|
||||
('kRB5-PADATA-OSF-DCE', 8),
|
||||
('kRB5-PADATA-CYBERSAFE-SECUREID', 9),
|
||||
('kRB5-PADATA-AFS3-SALT', 10),
|
||||
('kRB5-PADATA-ETYPE-INFO', 11),
|
||||
('kRB5-PADATA-SAM-CHALLENGE', 12),
|
||||
('kRB5-PADATA-SAM-RESPONSE', 13),
|
||||
('kRB5-PADATA-PK-AS-REQ-19', 14),
|
||||
('kRB5-PADATA-PK-AS-REP-19', 15),
|
||||
('kRB5-PADATA-PK-AS-REQ', 16),
|
||||
('kRB5-PADATA-PK-AS-REP', 17),
|
||||
('kRB5-PADATA-PA-PK-OCSP-RESPONSE', 18),
|
||||
('kRB5-PADATA-ETYPE-INFO2', 19),
|
||||
('kRB5-PADATA-SVR-REFERRAL-INFO', 20),
|
||||
('kRB5-PADATA-SAM-REDIRECT', 21),
|
||||
('kRB5-PADATA-GET-FROM-TYPED-DATA', 22),
|
||||
('kRB5-PADATA-SAM-ETYPE-INFO', 23),
|
||||
('kRB5-PADATA-SERVER-REFERRAL', 25),
|
||||
('kRB5-PADATA-ALT-PRINC', 24),
|
||||
('kRB5-PADATA-SAM-CHALLENGE2', 30),
|
||||
('kRB5-PADATA-SAM-RESPONSE2', 31),
|
||||
('kRB5-PA-EXTRA-TGT', 41),
|
||||
('kRB5-PADATA-TD-KRB-PRINCIPAL', 102),
|
||||
('kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS', 104),
|
||||
('kRB5-PADATA-PK-TD-CERTIFICATE-INDEX', 105),
|
||||
('kRB5-PADATA-TD-APP-DEFINED-ERROR', 106),
|
||||
('kRB5-PADATA-TD-REQ-NONCE', 107),
|
||||
('kRB5-PADATA-TD-REQ-SEQ', 108),
|
||||
('kRB5-PADATA-PA-PAC-REQUEST', 128),
|
||||
('kRB5-PADATA-FOR-USER', 129),
|
||||
('kRB5-PADATA-FOR-X509-USER', 130),
|
||||
('kRB5-PADATA-FOR-CHECK-DUPS', 131),
|
||||
('kRB5-PADATA-AS-CHECKSUM', 132),
|
||||
('kRB5-PADATA-FX-COOKIE', 133),
|
||||
('kRB5-PADATA-AUTHENTICATION-SET', 134),
|
||||
('kRB5-PADATA-AUTH-SET-SELECTED', 135),
|
||||
('kRB5-PADATA-FX-FAST', 136),
|
||||
('kRB5-PADATA-FX-ERROR', 137),
|
||||
('kRB5-PADATA-ENCRYPTED-CHALLENGE', 138),
|
||||
('kRB5-PADATA-OTP-CHALLENGE', 141),
|
||||
('kRB5-PADATA-OTP-REQUEST', 142),
|
||||
('kBB5-PADATA-OTP-CONFIRM', 143),
|
||||
('kRB5-PADATA-OTP-PIN-CHANGE', 144),
|
||||
('kRB5-PADATA-EPAK-AS-REQ', 145),
|
||||
('kRB5-PADATA-EPAK-AS-REP', 146),
|
||||
('kRB5-PADATA-PKINIT-KX', 147),
|
||||
('kRB5-PADATA-PKU2U-NAME', 148),
|
||||
('kRB5-PADATA-REQ-ENC-PA-REP', 149),
|
||||
('kRB5-PADATA-SUPPORTED-ETYPES', 165)
|
||||
)
|
||||
|
||||
|
||||
class PADataTypeSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
PADataTypeSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', PADataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
class TGS_REP(KDC_REP):
|
||||
pass
|
||||
|
||||
|
||||
TGS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13))
|
||||
|
||||
|
||||
class TGS_REQ(KDC_REQ):
|
||||
pass
|
||||
|
||||
|
||||
TGS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12))
|
||||
|
||||
|
||||
class TYPED_DATA(univ.SequenceOf):
|
||||
pass
|
||||
|
||||
|
||||
TYPED_DATA.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
|
||||
namedtype.NamedType('data-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
|
||||
namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
|
||||
))
|
||||
|
||||
TYPED_DATA.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
|
||||
|
||||
|
||||
class TicketFlagsValues(univ.BitString):
|
||||
pass
|
||||
|
||||
|
||||
TicketFlagsValues.namedValues = namedval.NamedValues(
|
||||
('reserved', 0),
|
||||
('forwardable', 1),
|
||||
('forwarded', 2),
|
||||
('proxiable', 3),
|
||||
('proxy', 4),
|
||||
('may-postdate', 5),
|
||||
('postdated', 6),
|
||||
('invalid', 7),
|
||||
('renewable', 8),
|
||||
('initial', 9),
|
||||
('pre-authent', 10),
|
||||
('hw-authent', 11),
|
||||
('transited-policy-checked', 12),
|
||||
('ok-as-delegate', 13)
|
||||
)
|
||||
|
||||
|
||||
class TicketFlagsSequence(univ.Sequence):
|
||||
pass
|
||||
|
||||
|
||||
TicketFlagsSequence.componentType = namedtype.NamedTypes(
|
||||
namedtype.NamedType('dummy', TicketFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
|
||||
)
|
||||
|
||||
|
||||
id_krb5 = _OID(1, 3, 6, 1, 5, 2)
|
||||
|
||||
|
||||
41
python/samba/tests/krb5/rfc4120_pyasn1_regen.sh
Executable file
41
python/samba/tests/krb5/rfc4120_pyasn1_regen.sh
Executable file
@ -0,0 +1,41 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
|
||||
#
|
||||
# I used https://github.com/kimgr/asn1ate.git
|
||||
# to generate pyasn1 bindings for rfc4120.asn1
|
||||
#
|
||||
|
||||
PATH_TO_ASN1ATE_CHECKOUT=$1
|
||||
PATH_TO_ASN1_INPUT_FILE=$2
|
||||
|
||||
set -u
|
||||
set -e
|
||||
|
||||
usage() {
|
||||
echo "usage: $0 PATH_TO_ASN1ATE_CHECKOUT PATH_TO_ASN1_INPUT_FILE > PATH_TO_PYASN1_OUTPUT_FILE"
|
||||
}
|
||||
|
||||
test -n "${PATH_TO_ASN1ATE_CHECKOUT}" || {
|
||||
usage
|
||||
exit 1
|
||||
}
|
||||
test -n "${PATH_TO_ASN1_INPUT_FILE}" || {
|
||||
usage
|
||||
exit 1
|
||||
}
|
||||
test -d "${PATH_TO_ASN1ATE_CHECKOUT}" || {
|
||||
usage
|
||||
exit 1
|
||||
}
|
||||
test -f "${PATH_TO_ASN1_INPUT_FILE}" || {
|
||||
usage
|
||||
exit 1
|
||||
}
|
||||
|
||||
PATH_TO_PYASN1GEN_PY="${PATH_TO_ASN1ATE_CHECKOUT}/asn1ate/pyasn1gen.py"
|
||||
|
||||
PYTHONPATH="${PATH_TO_ASN1ATE_CHECKOUT}:${PYTHONPATH-}"
|
||||
export PYTHONPATH
|
||||
|
||||
python3 "${PATH_TO_PYASN1GEN_PY}" "${PATH_TO_ASN1_INPUT_FILE}"
|
||||
@ -93,6 +93,9 @@ class TestSource(TestCase):
|
||||
if fname.endswith("python/samba/tests/krb5/kcrypto.py"):
|
||||
# Imported from MIT testing repo
|
||||
continue
|
||||
if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"):
|
||||
# Autogenerated
|
||||
continue
|
||||
match = copyright_re.search(text)
|
||||
if not match:
|
||||
incorrect.append((fname, 'no copyright line found\n'))
|
||||
@ -138,6 +141,9 @@ class TestSource(TestCase):
|
||||
if fname.endswith("python/samba/tests/krb5/kcrypto.py"):
|
||||
# Imported from MIT testing repo
|
||||
continue
|
||||
if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"):
|
||||
# Autogenerated
|
||||
continue
|
||||
if not gpl_re.search(text):
|
||||
incorrect.append(fname)
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user