1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

python/tests/krb5: modify rfc4120.asn1 in order to generate pyasn1 code

The pyasn1 bindings are generated by pyasn1gen.py from
https://github.com/kimgr/asn1ate.git

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Isaac Boukris <iboukris@samba.org>
This commit is contained in:
Stefan Metzmacher 2020-02-13 16:29:38 +01:00
parent a2f75c314e
commit 94d068427f
4 changed files with 1243 additions and 11 deletions

View File

@ -25,15 +25,23 @@ UInt32 ::= INTEGER (0..4294967295)
Microseconds ::= INTEGER (0..999999) Microseconds ::= INTEGER (0..999999)
-- microseconds -- microseconds
KerberosString ::= GeneralString (IA5String) --
-- asn1ate doesn't support 'GeneralString (IA5String)'
-- only 'GeneralString' or 'IA5String', on the wire
-- GeneralString is used.
--
-- KerberosString ::= GeneralString (IA5String)
KerberosString ::= GeneralString
Realm ::= KerberosString Realm ::= KerberosString
PrincipalName ::= SEQUENCE { PrincipalName ::= SEQUENCE {
name-type [0] Int32, name-type [0] NameType, -- Int32,
name-string [1] SEQUENCE OF KerberosString name-string [1] SEQUENCE OF KerberosString
} }
NameType ::= Int32
KerberosTime ::= GeneralizedTime -- with no fractional seconds KerberosTime ::= GeneralizedTime -- with no fractional seconds
HostAddress ::= SEQUENCE { HostAddress ::= SEQUENCE {
@ -50,36 +58,48 @@ HostAddresses -- NOTE: subtly different from rfc1510,
-- NOTE: AuthorizationData is always used as an OPTIONAL field and -- NOTE: AuthorizationData is always used as an OPTIONAL field and
-- should not be empty. -- should not be empty.
AuthorizationData ::= SEQUENCE OF SEQUENCE { AuthorizationData ::= SEQUENCE OF SEQUENCE {
ad-type [0] Int32, ad-type [0] AuthDataType, -- Int32,
ad-data [1] OCTET STRING ad-data [1] OCTET STRING
} }
AuthDataType ::= Int32
PA-DATA ::= SEQUENCE { PA-DATA ::= SEQUENCE {
-- NOTE: first tag is [1], not [0] -- NOTE: first tag is [1], not [0]
padata-type [1] Int32, padata-type [1] PADataType, -- Int32
padata-value [2] OCTET STRING -- might be encoded AP-REQ padata-value [2] OCTET STRING -- might be encoded AP-REQ
} }
KerberosFlags ::= BIT STRING (SIZE (32..MAX)) PADataType ::= Int32
--
-- asn1ate doesn't support 'MAX' nor a lower range != 1.
-- We'll use a custom enodeValue() hooks for BitString
-- in order to encode them with at least 32-Bit.
--
-- KerberosFlags ::= BIT STRING (SIZE (32..MAX))
KerberosFlags ::= BIT STRING (SIZE (1..32))
-- minimum number of bits shall be sent, -- minimum number of bits shall be sent,
-- but no fewer than 32 -- but no fewer than 32
EncryptedData ::= SEQUENCE { EncryptedData ::= SEQUENCE {
etype [0] Int32 -- EncryptionType --, etype [0] EncryptionType, --Int32 EncryptionType --
kvno [1] UInt32 OPTIONAL, kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext cipher [2] OCTET STRING -- ciphertext
} }
EncryptionKey ::= SEQUENCE { EncryptionKey ::= SEQUENCE {
keytype [0] Int32 -- actually encryption type --, keytype [0] EncryptionType, -- Int32 actually encryption type --
keyvalue [1] OCTET STRING keyvalue [1] OCTET STRING
} }
Checksum ::= SEQUENCE { Checksum ::= SEQUENCE {
cksumtype [0] Int32, cksumtype [0] ChecksumType, -- Int32,
checksum [1] OCTET STRING checksum [1] OCTET STRING
} }
ChecksumType ::= Int32
Ticket ::= [APPLICATION 1] SEQUENCE { Ticket ::= [APPLICATION 1] SEQUENCE {
tkt-vno [0] INTEGER (5), tkt-vno [0] INTEGER (5),
realm [1] Realm, realm [1] Realm,
@ -150,7 +170,7 @@ KDC-REQ-BODY ::= SEQUENCE {
till [5] KerberosTime, till [5] KerberosTime,
rtime [6] KerberosTime OPTIONAL, rtime [6] KerberosTime OPTIONAL,
nonce [7] UInt32, nonce [7] UInt32,
etype [8] SEQUENCE OF Int32 -- EncryptionType etype [8] SEQUENCE OF EncryptionType -- Int32 - EncryptionType
-- in preference order --, -- in preference order --,
addresses [9] HostAddresses OPTIONAL, addresses [9] HostAddresses OPTIONAL,
enc-authorization-data [10] EncryptedData OPTIONAL enc-authorization-data [10] EncryptedData OPTIONAL
@ -159,6 +179,8 @@ KDC-REQ-BODY ::= SEQUENCE {
-- NOTE: not empty -- NOTE: not empty
} }
EncryptionType ::= Int32
KDCOptions ::= KerberosFlags KDCOptions ::= KerberosFlags
-- reserved(0), -- reserved(0),
-- forwardable(1), -- forwardable(1),
@ -344,7 +366,11 @@ KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
METHOD-DATA ::= SEQUENCE OF PA-DATA METHOD-DATA ::= SEQUENCE OF PA-DATA
TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { --
-- asn1ate doesn't support 'MAX'
--
-- TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
TYPED-DATA ::= SEQUENCE SIZE (1..256) OF SEQUENCE {
data-type [0] Int32, data-type [0] Int32,
data-value [1] OCTET STRING OPTIONAL data-value [1] OCTET STRING OPTIONAL
} }
@ -371,7 +397,7 @@ ETYPE-INFO2-ENTRY ::= SEQUENCE {
s2kparams [2] OCTET STRING OPTIONAL s2kparams [2] OCTET STRING OPTIONAL
} }
ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY ETYPE-INFO2 ::= SEQUENCE SIZE (1..256) OF ETYPE-INFO2-ENTRY
AD-IF-RELEVANT ::= AuthorizationData AD-IF-RELEVANT ::= AuthorizationData
@ -389,4 +415,249 @@ AD-AND-OR ::= SEQUENCE {
AD-MANDATORY-FOR-KDC ::= AuthorizationData AD-MANDATORY-FOR-KDC ::= AuthorizationData
--
--
-- prettyPrint values
--
--
NameTypeValues ::= INTEGER { -- Int32
kRB5-NT-UNKNOWN(0), -- Name type not known
kRB5-NT-PRINCIPAL(1), -- Just the name of the principal as in
kRB5-NT-SRV-INST(2), -- Service and other unique instance (krbtgt)
kRB5-NT-SRV-HST(3), -- Service with host name as instance
kRB5-NT-SRV-XHST(4), -- Service with host as remaining components
kRB5-NT-UID(5), -- Unique ID
kRB5-NT-X500-PRINCIPAL(6), -- PKINIT
kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name
kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN
kRB5-NT-WELLKNOWN(11), -- Wellknown
kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID
kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name
kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID
}
NameTypeSequence ::= SEQUENCE {
dummy [0] NameTypeValues
}
TicketFlagsValues ::= BIT STRING { -- KerberosFlags
reserved(0),
forwardable(1),
forwarded(2),
proxiable(3),
proxy(4),
may-postdate(5),
postdated(6),
invalid(7),
renewable(8),
initial(9),
pre-authent(10),
hw-authent(11),
-- the following are new since 1510
transited-policy-checked(12),
ok-as-delegate(13)
}
TicketFlagsSequence ::= SEQUENCE {
dummy [0] TicketFlagsValues
}
KDCOptionsValues ::= BIT STRING { -- KerberosFlags
reserved(0),
forwardable(1),
forwarded(2),
proxiable(3),
proxy(4),
allow-postdate(5),
postdated(6),
unused7(7),
renewable(8),
unused9(9),
unused10(10),
opt-hardware-auth(11),
unused12(12),
unused13(13),
-- 15 is reserved for canonicalize
unused15(15),
-- 26 was unused in 1510
disable-transited-check(26),
--
renewable-ok(27),
enc-tkt-in-skey(28),
renew(30),
validate(31)
}
KDCOptionsSequence ::= SEQUENCE {
dummy [0] KDCOptionsValues
}
MessageTypeValues ::= INTEGER {
krb-as-req(10), -- Request for initial authentication
krb-as-rep(11), -- Response to KRB_AS_REQ request
krb-tgs-req(12), -- Request for authentication based on TGT
krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
krb-ap-req(14), -- application request to server
krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
krb-safe(20), -- Safe (checksummed) application message
krb-priv(21), -- Private (encrypted) application message
krb-cred(22), -- Private (encrypted) message to forward credentials
krb-error(30) -- Error response
}
MessageTypeSequence ::= SEQUENCE {
dummy [0] MessageTypeValues
}
PADataTypeValues ::= INTEGER {
kRB5-PADATA-NONE(0),
-- kRB5-PADATA-TGS-REQ(1),
-- kRB5-PADATA-AP-REQ(1),
kRB5-PADATA-KDC-REQ(1),
kRB5-PADATA-ENC-TIMESTAMP(2),
kRB5-PADATA-PW-SALT(3),
kRB5-PADATA-ENC-UNIX-TIME(5),
kRB5-PADATA-SANDIA-SECUREID(6),
kRB5-PADATA-SESAME(7),
kRB5-PADATA-OSF-DCE(8),
kRB5-PADATA-CYBERSAFE-SECUREID(9),
kRB5-PADATA-AFS3-SALT(10),
kRB5-PADATA-ETYPE-INFO(11),
kRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
-- kRB5-PADATA-PK-AS-REQ-WIN(15), - (PKINIT - old number)
kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
kRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
kRB5-PADATA-ETYPE-INFO2(19),
-- kRB5-PADATA-USE-SPECIFIED-KVNO(20),
kRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
kRB5-PADATA-GET-FROM-TYPED-DATA(22),
kRB5-PADATA-SAM-ETYPE-INFO(23),
kRB5-PADATA-SERVER-REFERRAL(25),
kRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov)
kRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com)
kRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com)
kRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT
kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
kRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific
kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
kRB5-PADATA-FOR-USER(129), -- MS-KILE
kRB5-PADATA-FOR-X509-USER(130), -- MS-KILE
kRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE
kRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE
-- kRB5-PADATA-PK-AS-09-BINDING(132), - client send this to
-- tell KDC that is supports
-- the asCheckSum in the
-- PK-AS-REP
kRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework
kRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework
kRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework
kRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework
kRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework
kRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework
kRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com)
kRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com)
kBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com)
kRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com)
kRB5-PADATA-EPAK-AS-REQ(145),
kRB5-PADATA-EPAK-AS-REP(146),
kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon
kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u
kRB5-PADATA-REQ-ENC-PA-REP(149), --
kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE
}
PADataTypeSequence ::= SEQUENCE {
dummy [0] PADataTypeValues
}
AuthDataTypeValues ::= INTEGER {
kRB5-AUTHDATA-IF-RELEVANT(1),
kRB5-AUTHDATA-INTENDED-FOR-SERVER(2),
kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
kRB5-AUTHDATA-KDC-ISSUED(4),
kRB5-AUTHDATA-AND-OR(5),
kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
kRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
kRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
kRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
kRB5-AUTHDATA-OSF-DCE(64),
kRB5-AUTHDATA-SESAME(65),
kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
kRB5-AUTHDATA-WIN2K-PAC(128),
kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
kRB5-AUTHDATA-SIGNTICKET-OLDER(-17),
kRB5-AUTHDATA-SIGNTICKET-OLD(142),
kRB5-AUTHDATA-SIGNTICKET(512)
}
AuthDataTypeSequence ::= SEQUENCE {
dummy [0] AuthDataTypeValues
}
ChecksumTypeValues ::= INTEGER {
kRB5-CKSUMTYPE-NONE(0),
kRB5-CKSUMTYPE-CRC32(1),
kRB5-CKSUMTYPE-RSA-MD4(2),
kRB5-CKSUMTYPE-RSA-MD4-DES(3),
kRB5-CKSUMTYPE-DES-MAC(4),
kRB5-CKSUMTYPE-DES-MAC-K(5),
kRB5-CKSUMTYPE-RSA-MD4-DES-K(6),
kRB5-CKSUMTYPE-RSA-MD5(7),
kRB5-CKSUMTYPE-RSA-MD5-DES(8),
kRB5-CKSUMTYPE-RSA-MD5-DES3(9),
kRB5-CKSUMTYPE-SHA1-OTHER(10),
kRB5-CKSUMTYPE-HMAC-SHA1-DES3(12),
kRB5-CKSUMTYPE-SHA1(14),
kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128(15),
kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256(16),
kRB5-CKSUMTYPE-GSSAPI(32771), -- 0x8003
kRB5-CKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number
kRB5-CKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial
}
ChecksumTypeSequence ::= SEQUENCE {
dummy [0] ChecksumTypeValues
}
EncryptionTypeValues ::= INTEGER {
kRB5-ENCTYPE-NULL(0),
kRB5-ENCTYPE-DES-CBC-CRC(1),
kRB5-ENCTYPE-DES-CBC-MD4(2),
kRB5-ENCTYPE-DES-CBC-MD5(3),
kRB5-ENCTYPE-DES3-CBC-MD5(5),
kRB5-ENCTYPE-OLD-DES3-CBC-SHA1(7),
kRB5-ENCTYPE-SIGN-DSA-GENERATE(8),
kRB5-ENCTYPE-ENCRYPT-RSA-PRIV(9),
kRB5-ENCTYPE-ENCRYPT-RSA-PUB(10),
kRB5-ENCTYPE-DES3-CBC-SHA1(16), -- with key derivation
kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96(17),
kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96(18),
kRB5-ENCTYPE-ARCFOUR-HMAC-MD5(23),
kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56(24),
kRB5-ENCTYPE-ENCTYPE-PK-CROSS(48),
-- some "old" windows types
kRB5-ENCTYPE-ARCFOUR-MD4(-128),
kRB5-ENCTYPE-ARCFOUR-HMAC-OLD(-133),
kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP(-135),
-- these are for Heimdal internal use
-- kRB5-ENCTYPE-DES-CBC-NONE(-0x1000),
-- kRB5-ENCTYPE-DES3-CBC-NONE(-0x1001),
-- kRB5-ENCTYPE-DES-CFB64-NONE(-0x1002),
-- kRB5-ENCTYPE-DES-PCBC-NONE(-0x1003),
-- kRB5-ENCTYPE-DIGEST-MD5-NONE(-0x1004), - private use, lukeh@padl.com
-- kRB5-ENCTYPE-CRAM-MD5-NONE(-0x1005) - private use, lukeh@padl.com
kRB5-ENCTYPE-DUMMY(-1111)
}
EncryptionTypeSequence ::= SEQUENCE {
dummy [0] EncryptionTypeValues
}
END END

View File

@ -0,0 +1,914 @@
# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
# (last modified on 2020-03-26 10:28:24.346775)
# KerberosV5Spec2
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
def _OID(*components):
output = []
for x in tuple(components):
if isinstance(x, univ.ObjectIdentifier):
output.extend(list(x))
else:
output.append(int(x))
return univ.ObjectIdentifier(output)
class Int32(univ.Integer):
pass
Int32.subtypeSpec = constraint.ValueRangeConstraint(-2147483648, 2147483647)
class AuthDataType(Int32):
pass
class AuthorizationData(univ.SequenceOf):
pass
AuthorizationData.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('ad-type', AuthDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('ad-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
class AD_AND_OR(univ.Sequence):
pass
AD_AND_OR.componentType = namedtype.NamedTypes(
namedtype.NamedType('condition-count', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class AD_IF_RELEVANT(AuthorizationData):
pass
class ChecksumType(Int32):
pass
class Checksum(univ.Sequence):
pass
Checksum.componentType = namedtype.NamedTypes(
namedtype.NamedType('cksumtype', ChecksumType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('checksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class KerberosString(char.GeneralString):
pass
class NameType(Int32):
pass
class PrincipalName(univ.Sequence):
pass
PrincipalName.componentType = namedtype.NamedTypes(
namedtype.NamedType('name-type', NameType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('name-string', univ.SequenceOf(componentType=KerberosString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class Realm(KerberosString):
pass
class AD_KDCIssued(univ.Sequence):
pass
AD_KDCIssued.componentType = namedtype.NamedTypes(
namedtype.NamedType('ad-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('i-realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('i-sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
class AD_MANDATORY_FOR_KDC(AuthorizationData):
pass
class EncryptionType(Int32):
pass
class UInt32(univ.Integer):
pass
UInt32.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
class EncryptedData(univ.Sequence):
pass
EncryptedData.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('kvno', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class AP_REP(univ.Sequence):
pass
AP_REP.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15))
AP_REP.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(15)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
)
class KerberosFlags(univ.BitString):
pass
KerberosFlags.subtypeSpec=constraint.ValueSizeConstraint(1, 32)
class APOptions(KerberosFlags):
pass
class Ticket(univ.Sequence):
pass
Ticket.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
Ticket.componentType = namedtype.NamedTypes(
namedtype.NamedType('tkt-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class AP_REQ(univ.Sequence):
pass
AP_REQ.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14))
AP_REQ.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(14)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('ap-options', APOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('authenticator', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
class PADataType(Int32):
pass
class PA_DATA(univ.Sequence):
pass
PA_DATA.componentType = namedtype.NamedTypes(
namedtype.NamedType('padata-type', PADataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('padata-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class KDC_REP(univ.Sequence):
pass
KDC_REP.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(11, 13)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)))
)
class AS_REP(KDC_REP):
pass
AS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11))
class HostAddress(univ.Sequence):
pass
HostAddress.componentType = namedtype.NamedTypes(
namedtype.NamedType('addr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('address', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class HostAddresses(univ.SequenceOf):
pass
HostAddresses.componentType = HostAddress()
class KDCOptions(KerberosFlags):
pass
class KerberosTime(useful.GeneralizedTime):
pass
class KDC_REQ_BODY(univ.Sequence):
pass
KDC_REQ_BODY.componentType = namedtype.NamedTypes(
namedtype.NamedType('kdc-options', KDCOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.OptionalNamedType('from', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('rtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.NamedType('etype', univ.SequenceOf(componentType=EncryptionType()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('addresses', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.OptionalNamedType('enc-authorization-data', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
namedtype.OptionalNamedType('additional-tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
)
class KDC_REQ(univ.Sequence):
pass
KDC_REQ.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(10, 12)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
)
class AS_REQ(KDC_REQ):
pass
AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10))
class AuthDataTypeValues(univ.Integer):
pass
AuthDataTypeValues.namedValues = namedval.NamedValues(
('kRB5-AUTHDATA-IF-RELEVANT', 1),
('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2),
('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3),
('kRB5-AUTHDATA-KDC-ISSUED', 4),
('kRB5-AUTHDATA-AND-OR', 5),
('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6),
('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7),
('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8),
('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9),
('kRB5-AUTHDATA-OSF-DCE', 64),
('kRB5-AUTHDATA-SESAME', 65),
('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66),
('kRB5-AUTHDATA-WIN2K-PAC', 128),
('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129),
('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17),
('kRB5-AUTHDATA-SIGNTICKET-OLD', 142),
('kRB5-AUTHDATA-SIGNTICKET', 512)
)
class AuthDataTypeSequence(univ.Sequence):
pass
AuthDataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class EncryptionKey(univ.Sequence):
pass
EncryptionKey.componentType = namedtype.NamedTypes(
namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class Microseconds(univ.Integer):
pass
Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999)
class Authenticator(univ.Sequence):
pass
Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
Authenticator.componentType = namedtype.NamedTypes(
namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
)
class ChecksumTypeValues(univ.Integer):
pass
ChecksumTypeValues.namedValues = namedval.NamedValues(
('kRB5-CKSUMTYPE-NONE', 0),
('kRB5-CKSUMTYPE-CRC32', 1),
('kRB5-CKSUMTYPE-RSA-MD4', 2),
('kRB5-CKSUMTYPE-RSA-MD4-DES', 3),
('kRB5-CKSUMTYPE-DES-MAC', 4),
('kRB5-CKSUMTYPE-DES-MAC-K', 5),
('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6),
('kRB5-CKSUMTYPE-RSA-MD5', 7),
('kRB5-CKSUMTYPE-RSA-MD5-DES', 8),
('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9),
('kRB5-CKSUMTYPE-SHA1-OTHER', 10),
('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12),
('kRB5-CKSUMTYPE-SHA1', 14),
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15),
('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16),
('kRB5-CKSUMTYPE-GSSAPI', 32771),
('kRB5-CKSUMTYPE-HMAC-MD5', -138),
('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138)
)
class ChecksumTypeSequence(univ.Sequence):
pass
ChecksumTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class ETYPE_INFO_ENTRY(univ.Sequence):
pass
ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class ETYPE_INFO(univ.SequenceOf):
pass
ETYPE_INFO.componentType = ETYPE_INFO_ENTRY()
class ETYPE_INFO2_ENTRY(univ.Sequence):
pass
ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class ETYPE_INFO2(univ.SequenceOf):
pass
ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY()
ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
class EncAPRepPart(univ.Sequence):
pass
EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27))
EncAPRepPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
)
class LastReq(univ.SequenceOf):
pass
LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
class TicketFlags(KerberosFlags):
pass
class EncKDCRepPart(univ.Sequence):
pass
EncKDCRepPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
)
class EncASRepPart(EncKDCRepPart):
pass
EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25))
class KrbCredInfo(univ.Sequence):
pass
KrbCredInfo.componentType = namedtype.NamedTypes(
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))),
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
)
class EncKrbCredPart(univ.Sequence):
pass
EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29))
EncKrbCredPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class EncKrbPrivPart(univ.Sequence):
pass
EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28))
EncKrbPrivPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class EncTGSRepPart(EncKDCRepPart):
pass
EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26))
class TransitedEncoding(univ.Sequence):
pass
TransitedEncoding.componentType = namedtype.NamedTypes(
namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class EncTicketPart(univ.Sequence):
pass
EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3))
EncTicketPart.componentType = namedtype.NamedTypes(
namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
)
class EncryptionTypeValues(univ.Integer):
pass
EncryptionTypeValues.namedValues = namedval.NamedValues(
('kRB5-ENCTYPE-NULL', 0),
('kRB5-ENCTYPE-DES-CBC-CRC', 1),
('kRB5-ENCTYPE-DES-CBC-MD4', 2),
('kRB5-ENCTYPE-DES-CBC-MD5', 3),
('kRB5-ENCTYPE-DES3-CBC-MD5', 5),
('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7),
('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8),
('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9),
('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10),
('kRB5-ENCTYPE-DES3-CBC-SHA1', 16),
('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17),
('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18),
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23),
('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24),
('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48),
('kRB5-ENCTYPE-ARCFOUR-MD4', -128),
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133),
('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135),
('kRB5-ENCTYPE-DUMMY', -1111)
)
class EncryptionTypeSequence(univ.Sequence):
pass
EncryptionTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class KDCOptionsValues(univ.BitString):
pass
KDCOptionsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('forwardable', 1),
('forwarded', 2),
('proxiable', 3),
('proxy', 4),
('allow-postdate', 5),
('postdated', 6),
('unused7', 7),
('renewable', 8),
('unused9', 9),
('unused10', 10),
('opt-hardware-auth', 11),
('unused12', 12),
('unused13', 13),
('unused15', 15),
('disable-transited-check', 26),
('renewable-ok', 27),
('enc-tkt-in-skey', 28),
('renew', 30),
('validate', 31)
)
class KDCOptionsSequence(univ.Sequence):
pass
KDCOptionsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', KDCOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class KRB_CRED(univ.Sequence):
pass
KRB_CRED.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 22))
KRB_CRED.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(22)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class KRB_ERROR(univ.Sequence):
pass
KRB_ERROR.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 30))
KRB_ERROR.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(30)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('stime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
namedtype.NamedType('susec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
namedtype.NamedType('error-code', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
namedtype.OptionalNamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
namedtype.OptionalNamedType('e-text', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))),
namedtype.OptionalNamedType('e-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12)))
)
class KRB_PRIV(univ.Sequence):
pass
KRB_PRIV.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 21))
KRB_PRIV.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(21)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class KRB_SAFE_BODY(univ.Sequence):
pass
KRB_SAFE_BODY.componentType = namedtype.NamedTypes(
namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
)
class KRB_SAFE(univ.Sequence):
pass
KRB_SAFE.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 20))
KRB_SAFE.componentType = namedtype.NamedTypes(
namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(20)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.NamedType('safe-body', KRB_SAFE_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
)
class METHOD_DATA(univ.SequenceOf):
pass
METHOD_DATA.componentType = PA_DATA()
class MessageTypeValues(univ.Integer):
pass
MessageTypeValues.namedValues = namedval.NamedValues(
('krb-as-req', 10),
('krb-as-rep', 11),
('krb-tgs-req', 12),
('krb-tgs-rep', 13),
('krb-ap-req', 14),
('krb-ap-rep', 15),
('krb-safe', 20),
('krb-priv', 21),
('krb-cred', 22),
('krb-error', 30)
)
class MessageTypeSequence(univ.Sequence):
pass
MessageTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', MessageTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class NameTypeValues(univ.Integer):
pass
NameTypeValues.namedValues = namedval.NamedValues(
('kRB5-NT-UNKNOWN', 0),
('kRB5-NT-PRINCIPAL', 1),
('kRB5-NT-SRV-INST', 2),
('kRB5-NT-SRV-HST', 3),
('kRB5-NT-SRV-XHST', 4),
('kRB5-NT-UID', 5),
('kRB5-NT-X500-PRINCIPAL', 6),
('kRB5-NT-SMTP-NAME', 7),
('kRB5-NT-ENTERPRISE-PRINCIPAL', 10),
('kRB5-NT-WELLKNOWN', 11),
('kRB5-NT-ENT-PRINCIPAL-AND-ID', -130),
('kRB5-NT-MS-PRINCIPAL', -128),
('kRB5-NT-MS-PRINCIPAL-AND-ID', -129)
)
class NameTypeSequence(univ.Sequence):
pass
NameTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', NameTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class PA_ENC_TIMESTAMP(EncryptedData):
pass
class PA_ENC_TS_ENC(univ.Sequence):
pass
PA_ENC_TS_ENC.componentType = namedtype.NamedTypes(
namedtype.NamedType('patimestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('pausec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class PADataTypeValues(univ.Integer):
pass
PADataTypeValues.namedValues = namedval.NamedValues(
('kRB5-PADATA-NONE', 0),
('kRB5-PADATA-KDC-REQ', 1),
('kRB5-PADATA-ENC-TIMESTAMP', 2),
('kRB5-PADATA-PW-SALT', 3),
('kRB5-PADATA-ENC-UNIX-TIME', 5),
('kRB5-PADATA-SANDIA-SECUREID', 6),
('kRB5-PADATA-SESAME', 7),
('kRB5-PADATA-OSF-DCE', 8),
('kRB5-PADATA-CYBERSAFE-SECUREID', 9),
('kRB5-PADATA-AFS3-SALT', 10),
('kRB5-PADATA-ETYPE-INFO', 11),
('kRB5-PADATA-SAM-CHALLENGE', 12),
('kRB5-PADATA-SAM-RESPONSE', 13),
('kRB5-PADATA-PK-AS-REQ-19', 14),
('kRB5-PADATA-PK-AS-REP-19', 15),
('kRB5-PADATA-PK-AS-REQ', 16),
('kRB5-PADATA-PK-AS-REP', 17),
('kRB5-PADATA-PA-PK-OCSP-RESPONSE', 18),
('kRB5-PADATA-ETYPE-INFO2', 19),
('kRB5-PADATA-SVR-REFERRAL-INFO', 20),
('kRB5-PADATA-SAM-REDIRECT', 21),
('kRB5-PADATA-GET-FROM-TYPED-DATA', 22),
('kRB5-PADATA-SAM-ETYPE-INFO', 23),
('kRB5-PADATA-SERVER-REFERRAL', 25),
('kRB5-PADATA-ALT-PRINC', 24),
('kRB5-PADATA-SAM-CHALLENGE2', 30),
('kRB5-PADATA-SAM-RESPONSE2', 31),
('kRB5-PA-EXTRA-TGT', 41),
('kRB5-PADATA-TD-KRB-PRINCIPAL', 102),
('kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS', 104),
('kRB5-PADATA-PK-TD-CERTIFICATE-INDEX', 105),
('kRB5-PADATA-TD-APP-DEFINED-ERROR', 106),
('kRB5-PADATA-TD-REQ-NONCE', 107),
('kRB5-PADATA-TD-REQ-SEQ', 108),
('kRB5-PADATA-PA-PAC-REQUEST', 128),
('kRB5-PADATA-FOR-USER', 129),
('kRB5-PADATA-FOR-X509-USER', 130),
('kRB5-PADATA-FOR-CHECK-DUPS', 131),
('kRB5-PADATA-AS-CHECKSUM', 132),
('kRB5-PADATA-FX-COOKIE', 133),
('kRB5-PADATA-AUTHENTICATION-SET', 134),
('kRB5-PADATA-AUTH-SET-SELECTED', 135),
('kRB5-PADATA-FX-FAST', 136),
('kRB5-PADATA-FX-ERROR', 137),
('kRB5-PADATA-ENCRYPTED-CHALLENGE', 138),
('kRB5-PADATA-OTP-CHALLENGE', 141),
('kRB5-PADATA-OTP-REQUEST', 142),
('kBB5-PADATA-OTP-CONFIRM', 143),
('kRB5-PADATA-OTP-PIN-CHANGE', 144),
('kRB5-PADATA-EPAK-AS-REQ', 145),
('kRB5-PADATA-EPAK-AS-REP', 146),
('kRB5-PADATA-PKINIT-KX', 147),
('kRB5-PADATA-PKU2U-NAME', 148),
('kRB5-PADATA-REQ-ENC-PA-REP', 149),
('kRB5-PADATA-SUPPORTED-ETYPES', 165)
)
class PADataTypeSequence(univ.Sequence):
pass
PADataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', PADataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class TGS_REP(KDC_REP):
pass
TGS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13))
class TGS_REQ(KDC_REQ):
pass
TGS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12))
class TYPED_DATA(univ.SequenceOf):
pass
TYPED_DATA.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
namedtype.NamedType('data-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
))
TYPED_DATA.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
class TicketFlagsValues(univ.BitString):
pass
TicketFlagsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('forwardable', 1),
('forwarded', 2),
('proxiable', 3),
('proxy', 4),
('may-postdate', 5),
('postdated', 6),
('invalid', 7),
('renewable', 8),
('initial', 9),
('pre-authent', 10),
('hw-authent', 11),
('transited-policy-checked', 12),
('ok-as-delegate', 13)
)
class TicketFlagsSequence(univ.Sequence):
pass
TicketFlagsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', TicketFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
id_krb5 = _OID(1, 3, 6, 1, 5, 2)

View File

@ -0,0 +1,41 @@
#!/bin/bash
#
#
# I used https://github.com/kimgr/asn1ate.git
# to generate pyasn1 bindings for rfc4120.asn1
#
PATH_TO_ASN1ATE_CHECKOUT=$1
PATH_TO_ASN1_INPUT_FILE=$2
set -u
set -e
usage() {
echo "usage: $0 PATH_TO_ASN1ATE_CHECKOUT PATH_TO_ASN1_INPUT_FILE > PATH_TO_PYASN1_OUTPUT_FILE"
}
test -n "${PATH_TO_ASN1ATE_CHECKOUT}" || {
usage
exit 1
}
test -n "${PATH_TO_ASN1_INPUT_FILE}" || {
usage
exit 1
}
test -d "${PATH_TO_ASN1ATE_CHECKOUT}" || {
usage
exit 1
}
test -f "${PATH_TO_ASN1_INPUT_FILE}" || {
usage
exit 1
}
PATH_TO_PYASN1GEN_PY="${PATH_TO_ASN1ATE_CHECKOUT}/asn1ate/pyasn1gen.py"
PYTHONPATH="${PATH_TO_ASN1ATE_CHECKOUT}:${PYTHONPATH-}"
export PYTHONPATH
python3 "${PATH_TO_PYASN1GEN_PY}" "${PATH_TO_ASN1_INPUT_FILE}"

View File

@ -93,6 +93,9 @@ class TestSource(TestCase):
if fname.endswith("python/samba/tests/krb5/kcrypto.py"): if fname.endswith("python/samba/tests/krb5/kcrypto.py"):
# Imported from MIT testing repo # Imported from MIT testing repo
continue continue
if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"):
# Autogenerated
continue
match = copyright_re.search(text) match = copyright_re.search(text)
if not match: if not match:
incorrect.append((fname, 'no copyright line found\n')) incorrect.append((fname, 'no copyright line found\n'))
@ -138,6 +141,9 @@ class TestSource(TestCase):
if fname.endswith("python/samba/tests/krb5/kcrypto.py"): if fname.endswith("python/samba/tests/krb5/kcrypto.py"):
# Imported from MIT testing repo # Imported from MIT testing repo
continue continue
if fname.endswith("python/samba/tests/krb5/rfc4120_pyasn1.py"):
# Autogenerated
continue
if not gpl_re.search(text): if not gpl_re.search(text):
incorrect.append(fname) incorrect.append(fname)