sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-20 22:50:26 +03:00
Code

tests/krb5/rfc4120.asn1: Improve definitions to allow expanded testing

Browse Source 
Update and re-generate the ASN.1 to allow an improved testsuite.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14817
(cherry picked from commit d4492a8aaaf70cbe81af7e6703b4ea9fc1f24162)
This commit is contained in:
Stefan Metzmacher 2020-04-09 11:10:11 +02:00 committed by Jule Anger
parent e9a2916b5f
commit e63908db36
2 changed files with 199 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
python/samba/tests/krb5/rfc4120.asn1
View File

@ -386,14 +386,14 @@ PA-ENC-TS-ENC ::= SEQUENCE {
}
ETYPE-INFO-ENTRY ::= SEQUENCE {
etype [0] Int32,
etype [0] EncryptionType, --Int32 EncryptionType --
salt [1] OCTET STRING OPTIONAL
}
ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
ETYPE-INFO2-ENTRY ::= SEQUENCE {
etype [0] Int32,
etype [0] EncryptionType, --Int32 EncryptionType --
salt [1] KerberosString OPTIONAL,
s2kparams [2] OCTET STRING OPTIONAL
}
@ -425,9 +425,48 @@ PA-S4U2Self ::= SEQUENCE {
auth [3] KerberosString
}
--
--
-- MS-KILE Start
KERB-ERROR-DATA ::= SEQUENCE {
data-type [1] KerbErrorDataType,
data-value [2] OCTET STRING OPTIONAL
}
KerbErrorDataType ::= INTEGER
KERB-PA-PAC-REQUEST ::= SEQUENCE {
include-pac[0] BOOLEAN --If TRUE, and no pac present, include PAC.
--If FALSE, and PAC present, remove PAC
}
KERB-LOCAL ::= OCTET STRING -- Implementation-specific data which MUST be
-- ignored if Kerberos client is not local.
KERB-AD-RESTRICTION-ENTRY ::= SEQUENCE {
restriction-type [0] Int32,
restriction [1] OCTET STRING -- LSAP_TOKEN_INFO_INTEGRITY structure
}
PA-SUPPORTED-ENCTYPES ::= Int32 -- Supported Encryption Types Bit Field --
PACOptionFlags ::= KerberosFlags -- Claims (0)
-- Branch Aware (1)
-- Forward to Full DC (2)
-- Resource Based Constrained Delegation (3)
PA-PAC-OPTIONS ::= SEQUENCE {
options [0] PACOptionFlags
}
-- Note: KerberosFlags ::= BIT STRING (SIZE (32..MAX))
-- minimum number of bits shall be sent, but no fewer than 32
KERB-KEY-LIST-REQ ::= SEQUENCE OF EncryptionType -- Int32 encryption type --
KERB-KEY-LIST-REP ::= SEQUENCE OF EncryptionKey
-- MS-KILE End
--
--
--
--
@ -504,6 +543,15 @@ KDCOptionsSequence ::= SEQUENCE {
dummy [0] KDCOptionsValues
}
APOptionsValues ::= BIT STRING { -- KerberosFlags
reserved(0),
use-session-key(1),
mutual-required(2)
}
APOptionsSequence ::= SEQUENCE {
dummy [0] APOptionsValues
}
MessageTypeValues ::= INTEGER {
krb-as-req(10), -- Request for initial authentication
krb-as-rep(11), -- Response to KRB_AS_REQ request
@ -669,4 +717,22 @@ EncryptionTypeSequence ::= SEQUENCE {
dummy [0] EncryptionTypeValues
}
KerbErrorDataTypeValues ::= INTEGER {
kERB-AP-ERR-TYPE-SKEW-RECOVERY(2),
kERB-ERR-TYPE-EXTENDED(3)
}
KerbErrorDataTypeSequence ::= SEQUENCE {
dummy [0] KerbErrorDataTypeValues
}
PACOptionFlagsValues ::= BIT STRING { -- KerberosFlags
claims(0),
branch-aware(1),
forward-to-full-dc(2),
resource-based-constrained-delegation(3)
}
PACOptionFlagsSequence ::= SEQUENCE {
dummy [0] PACOptionFlagsValues
}
END

134
python/samba/tests/krb5/rfc4120_pyasn1.py
View File

@ -1,5 +1,5 @@
# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
# (last modified on 2020-11-06 11:30:42.476808)
# (last modified on 2021-06-16 08:54:13.969508)
# KerberosV5Spec2
from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
@ -175,6 +175,26 @@ AP_REQ.componentType = namedtype.NamedTypes(
)
class APOptionsValues(univ.BitString):
pass
APOptionsValues.namedValues = namedval.NamedValues(
('reserved', 0),
('use-session-key', 1),
('mutual-required', 2)
)
class APOptionsSequence(univ.Sequence):
pass
APOptionsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', APOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class PADataType(Int32):
pass
@ -384,7 +404,7 @@ class ETYPE_INFO_ENTRY(univ.Sequence):
ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
@ -401,7 +421,7 @@ class ETYPE_INFO2_ENTRY(univ.Sequence):
ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
@ -636,6 +656,57 @@ KDCOptionsSequence.componentType = namedtype.NamedTypes(
)
class KERB_AD_RESTRICTION_ENTRY(univ.Sequence):
pass
KERB_AD_RESTRICTION_ENTRY.componentType = namedtype.NamedTypes(
namedtype.NamedType('restriction-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
namedtype.NamedType('restriction', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
)
class KerbErrorDataType(univ.Integer):
pass
class KERB_ERROR_DATA(univ.Sequence):
pass
KERB_ERROR_DATA.componentType = namedtype.NamedTypes(
namedtype.NamedType('data-type', KerbErrorDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
)
class KERB_KEY_LIST_REP(univ.SequenceOf):
pass
KERB_KEY_LIST_REP.componentType = EncryptionKey()
class KERB_KEY_LIST_REQ(univ.SequenceOf):
pass
KERB_KEY_LIST_REQ.componentType = EncryptionType()
class KERB_LOCAL(univ.OctetString):
pass
class KERB_PA_PAC_REQUEST(univ.Sequence):
pass
KERB_PA_PAC_REQUEST.componentType = namedtype.NamedTypes(
namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class KRB_CRED(univ.Sequence):
pass
@ -710,6 +781,25 @@ KRB_SAFE.componentType = namedtype.NamedTypes(
)
class KerbErrorDataTypeValues(univ.Integer):
pass
KerbErrorDataTypeValues.namedValues = namedval.NamedValues(
('kERB-AP-ERR-TYPE-SKEW-RECOVERY', 2),
('kERB-ERR-TYPE-EXTENDED', 3)
)
class KerbErrorDataTypeSequence(univ.Sequence):
pass
KerbErrorDataTypeSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', KerbErrorDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class MessageTypeValues(univ.Integer):
pass
@ -781,6 +871,19 @@ PA_ENC_TS_ENC.componentType = namedtype.NamedTypes(
)
class PACOptionFlags(KerberosFlags):
pass
class PA_PAC_OPTIONS(univ.Sequence):
pass
PA_PAC_OPTIONS.componentType = namedtype.NamedTypes(
namedtype.NamedType('options', PACOptionFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class PA_S4U2Self(univ.Sequence):
pass
@ -793,6 +896,31 @@ PA_S4U2Self.componentType = namedtype.NamedTypes(
)
class PA_SUPPORTED_ENCTYPES(Int32):
pass
class PACOptionFlagsValues(univ.BitString):
pass
PACOptionFlagsValues.namedValues = namedval.NamedValues(
('claims', 0),
('branch-aware', 1),
('forward-to-full-dc', 2),
('resource-based-constrained-delegation', 3)
)
class PACOptionFlagsSequence(univ.Sequence):
pass
PACOptionFlagsSequence.componentType = namedtype.NamedTypes(
namedtype.NamedType('dummy', PACOptionFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
)
class PADataTypeValues(univ.Integer):
pass