Microseconds ::= INTEGER (0..999999)
-- microseconds
-KerberosString ::= GeneralString (IA5String)
+--
+-- asn1ate doesn't support 'GeneralString (IA5String)'
+-- only 'GeneralString' or 'IA5String', on the wire
+-- GeneralString is used.
+--
+-- KerberosString ::= GeneralString (IA5String)
+KerberosString ::= GeneralString
Realm ::= KerberosString
PrincipalName ::= SEQUENCE {
- name-type [0] Int32,
+ name-type [0] NameType, -- Int32,
name-string [1] SEQUENCE OF KerberosString
}
+NameType ::= Int32
+
KerberosTime ::= GeneralizedTime -- with no fractional seconds
HostAddress ::= SEQUENCE {
-- NOTE: AuthorizationData is always used as an OPTIONAL field and
-- should not be empty.
AuthorizationData ::= SEQUENCE OF SEQUENCE {
- ad-type [0] Int32,
+ ad-type [0] AuthDataType, -- Int32,
ad-data [1] OCTET STRING
}
+AuthDataType ::= Int32
+
PA-DATA ::= SEQUENCE {
-- NOTE: first tag is [1], not [0]
- padata-type [1] Int32,
+ padata-type [1] PADataType, -- Int32
padata-value [2] OCTET STRING -- might be encoded AP-REQ
}
-KerberosFlags ::= BIT STRING (SIZE (32..MAX))
+PADataType ::= Int32
+
+--
+-- asn1ate doesn't support 'MAX' nor a lower range != 1.
+-- We'll use a custom enodeValue() hooks for BitString
+-- in order to encode them with at least 32-Bit.
+--
+-- KerberosFlags ::= BIT STRING (SIZE (32..MAX))
+KerberosFlags ::= BIT STRING (SIZE (1..32))
-- minimum number of bits shall be sent,
-- but no fewer than 32
EncryptedData ::= SEQUENCE {
- etype [0] Int32 -- EncryptionType --,
+ etype [0] EncryptionType, --Int32 EncryptionType --
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
EncryptionKey ::= SEQUENCE {
- keytype [0] Int32 -- actually encryption type --,
+ keytype [0] EncryptionType, -- Int32 actually encryption type --
keyvalue [1] OCTET STRING
}
Checksum ::= SEQUENCE {
- cksumtype [0] Int32,
+ cksumtype [0] ChecksumType, -- Int32,
checksum [1] OCTET STRING
}
+ChecksumType ::= Int32
+
Ticket ::= [APPLICATION 1] SEQUENCE {
tkt-vno [0] INTEGER (5),
realm [1] Realm,
till [5] KerberosTime,
rtime [6] KerberosTime OPTIONAL,
nonce [7] UInt32,
- etype [8] SEQUENCE OF Int32 -- EncryptionType
+ etype [8] SEQUENCE OF EncryptionType -- Int32 - EncryptionType
-- in preference order --,
addresses [9] HostAddresses OPTIONAL,
enc-authorization-data [10] EncryptedData OPTIONAL
-- NOTE: not empty
}
+EncryptionType ::= Int32
+
KDCOptions ::= KerberosFlags
-- reserved(0),
-- forwardable(1),
METHOD-DATA ::= SEQUENCE OF PA-DATA
-TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+--
+-- asn1ate doesn't support 'MAX'
+--
+-- TYPED-DATA ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
+TYPED-DATA ::= SEQUENCE SIZE (1..256) OF SEQUENCE {
data-type [0] Int32,
data-value [1] OCTET STRING OPTIONAL
}
s2kparams [2] OCTET STRING OPTIONAL
}
-ETYPE-INFO2 ::= SEQUENCE SIZE (1..MAX) OF ETYPE-INFO2-ENTRY
+ETYPE-INFO2 ::= SEQUENCE SIZE (1..256) OF ETYPE-INFO2-ENTRY
AD-IF-RELEVANT ::= AuthorizationData
AD-MANDATORY-FOR-KDC ::= AuthorizationData
+
+
+
+
+
+--
+--
+-- prettyPrint values
+--
+--
+
+NameTypeValues ::= INTEGER { -- Int32
+ kRB5-NT-UNKNOWN(0), -- Name type not known
+ kRB5-NT-PRINCIPAL(1), -- Just the name of the principal as in
+ kRB5-NT-SRV-INST(2), -- Service and other unique instance (krbtgt)
+ kRB5-NT-SRV-HST(3), -- Service with host name as instance
+ kRB5-NT-SRV-XHST(4), -- Service with host as remaining components
+ kRB5-NT-UID(5), -- Unique ID
+ kRB5-NT-X500-PRINCIPAL(6), -- PKINIT
+ kRB5-NT-SMTP-NAME(7), -- Name in form of SMTP email name
+ kRB5-NT-ENTERPRISE-PRINCIPAL(10), -- Windows 2000 UPN
+ kRB5-NT-WELLKNOWN(11), -- Wellknown
+ kRB5-NT-ENT-PRINCIPAL-AND-ID(-130), -- Windows 2000 UPN and SID
+ kRB5-NT-MS-PRINCIPAL(-128), -- NT 4 style name
+ kRB5-NT-MS-PRINCIPAL-AND-ID(-129) -- NT style name and SID
+}
+NameTypeSequence ::= SEQUENCE {
+ dummy [0] NameTypeValues
+}
+
+TicketFlagsValues ::= BIT STRING { -- KerberosFlags
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ may-postdate(5),
+ postdated(6),
+ invalid(7),
+ renewable(8),
+ initial(9),
+ pre-authent(10),
+ hw-authent(11),
+-- the following are new since 1510
+ transited-policy-checked(12),
+ ok-as-delegate(13)
+}
+TicketFlagsSequence ::= SEQUENCE {
+ dummy [0] TicketFlagsValues
+}
+
+KDCOptionsValues ::= BIT STRING { -- KerberosFlags
+ reserved(0),
+ forwardable(1),
+ forwarded(2),
+ proxiable(3),
+ proxy(4),
+ allow-postdate(5),
+ postdated(6),
+ unused7(7),
+ renewable(8),
+ unused9(9),
+ unused10(10),
+ opt-hardware-auth(11),
+ unused12(12),
+ unused13(13),
+-- 15 is reserved for canonicalize
+ unused15(15),
+-- 26 was unused in 1510
+ disable-transited-check(26),
+--
+ renewable-ok(27),
+ enc-tkt-in-skey(28),
+ renew(30),
+ validate(31)
+}
+KDCOptionsSequence ::= SEQUENCE {
+ dummy [0] KDCOptionsValues
+}
+
+MessageTypeValues ::= INTEGER {
+ krb-as-req(10), -- Request for initial authentication
+ krb-as-rep(11), -- Response to KRB_AS_REQ request
+ krb-tgs-req(12), -- Request for authentication based on TGT
+ krb-tgs-rep(13), -- Response to KRB_TGS_REQ request
+ krb-ap-req(14), -- application request to server
+ krb-ap-rep(15), -- Response to KRB_AP_REQ_MUTUAL
+ krb-safe(20), -- Safe (checksummed) application message
+ krb-priv(21), -- Private (encrypted) application message
+ krb-cred(22), -- Private (encrypted) message to forward credentials
+ krb-error(30) -- Error response
+}
+MessageTypeSequence ::= SEQUENCE {
+ dummy [0] MessageTypeValues
+}
+
+PADataTypeValues ::= INTEGER {
+ kRB5-PADATA-NONE(0),
+ -- kRB5-PADATA-TGS-REQ(1),
+ -- kRB5-PADATA-AP-REQ(1),
+ kRB5-PADATA-KDC-REQ(1),
+ kRB5-PADATA-ENC-TIMESTAMP(2),
+ kRB5-PADATA-PW-SALT(3),
+ kRB5-PADATA-ENC-UNIX-TIME(5),
+ kRB5-PADATA-SANDIA-SECUREID(6),
+ kRB5-PADATA-SESAME(7),
+ kRB5-PADATA-OSF-DCE(8),
+ kRB5-PADATA-CYBERSAFE-SECUREID(9),
+ kRB5-PADATA-AFS3-SALT(10),
+ kRB5-PADATA-ETYPE-INFO(11),
+ kRB5-PADATA-SAM-CHALLENGE(12), -- (sam/otp)
+ kRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
+ kRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
+ kRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
+ -- kRB5-PADATA-PK-AS-REQ-WIN(15), - (PKINIT - old number)
+ kRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
+ kRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
+ kRB5-PADATA-PA-PK-OCSP-RESPONSE(18),
+ kRB5-PADATA-ETYPE-INFO2(19),
+ -- kRB5-PADATA-USE-SPECIFIED-KVNO(20),
+ kRB5-PADATA-SVR-REFERRAL-INFO(20), --- old ms referral number
+ kRB5-PADATA-SAM-REDIRECT(21), -- (sam/otp)
+ kRB5-PADATA-GET-FROM-TYPED-DATA(22),
+ kRB5-PADATA-SAM-ETYPE-INFO(23),
+ kRB5-PADATA-SERVER-REFERRAL(25),
+ kRB5-PADATA-ALT-PRINC(24), -- (crawdad@fnal.gov)
+ kRB5-PADATA-SAM-CHALLENGE2(30), -- (kenh@pobox.com)
+ kRB5-PADATA-SAM-RESPONSE2(31), -- (kenh@pobox.com)
+ kRB5-PA-EXTRA-TGT(41), -- Reserved extra TGT
+ kRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName
+ kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
+ kRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
+ kRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific
+ kRB5-PADATA-TD-REQ-NONCE(107), -- INTEGER
+ kRB5-PADATA-TD-REQ-SEQ(108), -- INTEGER
+ kRB5-PADATA-PA-PAC-REQUEST(128), -- jbrezak@exchange.microsoft.com
+ kRB5-PADATA-FOR-USER(129), -- MS-KILE
+ kRB5-PADATA-FOR-X509-USER(130), -- MS-KILE
+ kRB5-PADATA-FOR-CHECK-DUPS(131), -- MS-KILE
+ kRB5-PADATA-AS-CHECKSUM(132), -- MS-KILE
+ -- kRB5-PADATA-PK-AS-09-BINDING(132), - client send this to
+ -- tell KDC that is supports
+ -- the asCheckSum in the
+ -- PK-AS-REP
+ kRB5-PADATA-FX-COOKIE(133), -- krb-wg-preauth-framework
+ kRB5-PADATA-AUTHENTICATION-SET(134), -- krb-wg-preauth-framework
+ kRB5-PADATA-AUTH-SET-SELECTED(135), -- krb-wg-preauth-framework
+ kRB5-PADATA-FX-FAST(136), -- krb-wg-preauth-framework
+ kRB5-PADATA-FX-ERROR(137), -- krb-wg-preauth-framework
+ kRB5-PADATA-ENCRYPTED-CHALLENGE(138), -- krb-wg-preauth-framework
+ kRB5-PADATA-OTP-CHALLENGE(141), -- (gareth.richards@rsa.com)
+ kRB5-PADATA-OTP-REQUEST(142), -- (gareth.richards@rsa.com)
+ kBB5-PADATA-OTP-CONFIRM(143), -- (gareth.richards@rsa.com)
+ kRB5-PADATA-OTP-PIN-CHANGE(144), -- (gareth.richards@rsa.com)
+ kRB5-PADATA-EPAK-AS-REQ(145),
+ kRB5-PADATA-EPAK-AS-REP(146),
+ kRB5-PADATA-PKINIT-KX(147), -- krb-wg-anon
+ kRB5-PADATA-PKU2U-NAME(148), -- zhu-pku2u
+ kRB5-PADATA-REQ-ENC-PA-REP(149), --
+ kRB5-PADATA-SUPPORTED-ETYPES(165) -- MS-KILE
+}
+PADataTypeSequence ::= SEQUENCE {
+ dummy [0] PADataTypeValues
+}
+
+AuthDataTypeValues ::= INTEGER {
+ kRB5-AUTHDATA-IF-RELEVANT(1),
+ kRB5-AUTHDATA-INTENDED-FOR-SERVER(2),
+ kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
+ kRB5-AUTHDATA-KDC-ISSUED(4),
+ kRB5-AUTHDATA-AND-OR(5),
+ kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
+ kRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
+ kRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
+ kRB5-AUTHDATA-INITIAL-VERIFIED-CAS(9),
+ kRB5-AUTHDATA-OSF-DCE(64),
+ kRB5-AUTHDATA-SESAME(65),
+ kRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
+ kRB5-AUTHDATA-WIN2K-PAC(128),
+ kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129), -- Authenticator only
+ kRB5-AUTHDATA-SIGNTICKET-OLDER(-17),
+ kRB5-AUTHDATA-SIGNTICKET-OLD(142),
+ kRB5-AUTHDATA-SIGNTICKET(512)
+}
+AuthDataTypeSequence ::= SEQUENCE {
+ dummy [0] AuthDataTypeValues
+}
+
+ChecksumTypeValues ::= INTEGER {
+ kRB5-CKSUMTYPE-NONE(0),
+ kRB5-CKSUMTYPE-CRC32(1),
+ kRB5-CKSUMTYPE-RSA-MD4(2),
+ kRB5-CKSUMTYPE-RSA-MD4-DES(3),
+ kRB5-CKSUMTYPE-DES-MAC(4),
+ kRB5-CKSUMTYPE-DES-MAC-K(5),
+ kRB5-CKSUMTYPE-RSA-MD4-DES-K(6),
+ kRB5-CKSUMTYPE-RSA-MD5(7),
+ kRB5-CKSUMTYPE-RSA-MD5-DES(8),
+ kRB5-CKSUMTYPE-RSA-MD5-DES3(9),
+ kRB5-CKSUMTYPE-SHA1-OTHER(10),
+ kRB5-CKSUMTYPE-HMAC-SHA1-DES3(12),
+ kRB5-CKSUMTYPE-SHA1(14),
+ kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128(15),
+ kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256(16),
+ kRB5-CKSUMTYPE-GSSAPI(32771), -- 0x8003
+ kRB5-CKSUMTYPE-HMAC-MD5(-138), -- unofficial microsoft number
+ kRB5-CKSUMTYPE-HMAC-MD5-ENC(-1138) -- even more unofficial
+}
+ChecksumTypeSequence ::= SEQUENCE {
+ dummy [0] ChecksumTypeValues
+}
+
+EncryptionTypeValues ::= INTEGER {
+ kRB5-ENCTYPE-NULL(0),
+ kRB5-ENCTYPE-DES-CBC-CRC(1),
+ kRB5-ENCTYPE-DES-CBC-MD4(2),
+ kRB5-ENCTYPE-DES-CBC-MD5(3),
+ kRB5-ENCTYPE-DES3-CBC-MD5(5),
+ kRB5-ENCTYPE-OLD-DES3-CBC-SHA1(7),
+ kRB5-ENCTYPE-SIGN-DSA-GENERATE(8),
+ kRB5-ENCTYPE-ENCRYPT-RSA-PRIV(9),
+ kRB5-ENCTYPE-ENCRYPT-RSA-PUB(10),
+ kRB5-ENCTYPE-DES3-CBC-SHA1(16), -- with key derivation
+ kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96(17),
+ kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96(18),
+ kRB5-ENCTYPE-ARCFOUR-HMAC-MD5(23),
+ kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56(24),
+ kRB5-ENCTYPE-ENCTYPE-PK-CROSS(48),
+-- some "old" windows types
+ kRB5-ENCTYPE-ARCFOUR-MD4(-128),
+ kRB5-ENCTYPE-ARCFOUR-HMAC-OLD(-133),
+ kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP(-135),
+-- these are for Heimdal internal use
+-- kRB5-ENCTYPE-DES-CBC-NONE(-0x1000),
+-- kRB5-ENCTYPE-DES3-CBC-NONE(-0x1001),
+-- kRB5-ENCTYPE-DES-CFB64-NONE(-0x1002),
+-- kRB5-ENCTYPE-DES-PCBC-NONE(-0x1003),
+-- kRB5-ENCTYPE-DIGEST-MD5-NONE(-0x1004), - private use, lukeh@padl.com
+-- kRB5-ENCTYPE-CRAM-MD5-NONE(-0x1005) - private use, lukeh@padl.com
+ kRB5-ENCTYPE-DUMMY(-1111)
+}
+EncryptionTypeSequence ::= SEQUENCE {
+ dummy [0] EncryptionTypeValues
+}
+
END
--- /dev/null
+# Auto-generated by asn1ate v.0.6.1.dev0 from rfc4120.asn1
+# (last modified on 2020-03-26 10:28:24.346775)
+
+# KerberosV5Spec2
+from pyasn1.type import univ, char, namedtype, namedval, tag, constraint, useful
+
+
+def _OID(*components):
+ output = []
+ for x in tuple(components):
+ if isinstance(x, univ.ObjectIdentifier):
+ output.extend(list(x))
+ else:
+ output.append(int(x))
+
+ return univ.ObjectIdentifier(output)
+
+
+class Int32(univ.Integer):
+ pass
+
+
+Int32.subtypeSpec = constraint.ValueRangeConstraint(-2147483648, 2147483647)
+
+
+class AuthDataType(Int32):
+ pass
+
+
+class AuthorizationData(univ.SequenceOf):
+ pass
+
+
+AuthorizationData.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
+ namedtype.NamedType('ad-type', AuthDataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('ad-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+))
+
+
+class AD_AND_OR(univ.Sequence):
+ pass
+
+
+AD_AND_OR.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('condition-count', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class AD_IF_RELEVANT(AuthorizationData):
+ pass
+
+
+class ChecksumType(Int32):
+ pass
+
+
+class Checksum(univ.Sequence):
+ pass
+
+
+Checksum.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('cksumtype', ChecksumType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('checksum', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class KerberosString(char.GeneralString):
+ pass
+
+
+class NameType(Int32):
+ pass
+
+
+class PrincipalName(univ.Sequence):
+ pass
+
+
+PrincipalName.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('name-type', NameType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('name-string', univ.SequenceOf(componentType=KerberosString()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Realm(KerberosString):
+ pass
+
+
+class AD_KDCIssued(univ.Sequence):
+ pass
+
+
+AD_KDCIssued.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('ad-checksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+ namedtype.OptionalNamedType('i-realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('i-sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.NamedType('elements', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class AD_MANDATORY_FOR_KDC(AuthorizationData):
+ pass
+
+
+class EncryptionType(Int32):
+ pass
+
+
+class UInt32(univ.Integer):
+ pass
+
+
+UInt32.subtypeSpec = constraint.ValueRangeConstraint(0, 4294967295)
+
+
+class EncryptedData(univ.Sequence):
+ pass
+
+
+EncryptedData.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('etype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('kvno', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('cipher', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class AP_REP(univ.Sequence):
+ pass
+
+
+AP_REP.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 15))
+AP_REP.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(15)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2)))
+)
+
+
+class KerberosFlags(univ.BitString):
+ pass
+
+
+KerberosFlags.subtypeSpec=constraint.ValueSizeConstraint(1, 32)
+
+
+class APOptions(KerberosFlags):
+ pass
+
+
+class Ticket(univ.Sequence):
+ pass
+
+
+Ticket.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 1))
+Ticket.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('tkt-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class AP_REQ(univ.Sequence):
+ pass
+
+
+AP_REQ.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 14))
+AP_REQ.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(14)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('ap-options', APOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('authenticator', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class PADataType(Int32):
+ pass
+
+
+class PA_DATA(univ.Sequence):
+ pass
+
+
+PA_DATA.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('padata-type', PADataType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('padata-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class KDC_REP(univ.Sequence):
+ pass
+
+
+KDC_REP.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(11, 13)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.NamedType('ticket', Ticket().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6)))
+)
+
+
+class AS_REP(KDC_REP):
+ pass
+
+
+AS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 11))
+
+
+class HostAddress(univ.Sequence):
+ pass
+
+
+HostAddress.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('addr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('address', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class HostAddresses(univ.SequenceOf):
+ pass
+
+
+HostAddresses.componentType = HostAddress()
+
+
+class KDCOptions(KerberosFlags):
+ pass
+
+
+class KerberosTime(useful.GeneralizedTime):
+ pass
+
+
+class KDC_REQ_BODY(univ.Sequence):
+ pass
+
+
+KDC_REQ_BODY.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('kdc-options', KDCOptions().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.OptionalNamedType('from', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+ namedtype.NamedType('till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('rtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+ namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.NamedType('etype', univ.SequenceOf(componentType=EncryptionType()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+ namedtype.OptionalNamedType('addresses', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
+ namedtype.OptionalNamedType('enc-authorization-data', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
+ namedtype.OptionalNamedType('additional-tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+)
+
+
+class KDC_REQ(univ.Sequence):
+ pass
+
+
+KDC_REQ.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(10, 12)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('padata', univ.SequenceOf(componentType=PA_DATA()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('req-body', KDC_REQ_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4)))
+)
+
+
+class AS_REQ(KDC_REQ):
+ pass
+
+
+AS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 10))
+
+
+class AuthDataTypeValues(univ.Integer):
+ pass
+
+
+AuthDataTypeValues.namedValues = namedval.NamedValues(
+ ('kRB5-AUTHDATA-IF-RELEVANT', 1),
+ ('kRB5-AUTHDATA-INTENDED-FOR-SERVER', 2),
+ ('kRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS', 3),
+ ('kRB5-AUTHDATA-KDC-ISSUED', 4),
+ ('kRB5-AUTHDATA-AND-OR', 5),
+ ('kRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS', 6),
+ ('kRB5-AUTHDATA-IN-TICKET-EXTENSIONS', 7),
+ ('kRB5-AUTHDATA-MANDATORY-FOR-KDC', 8),
+ ('kRB5-AUTHDATA-INITIAL-VERIFIED-CAS', 9),
+ ('kRB5-AUTHDATA-OSF-DCE', 64),
+ ('kRB5-AUTHDATA-SESAME', 65),
+ ('kRB5-AUTHDATA-OSF-DCE-PKI-CERTID', 66),
+ ('kRB5-AUTHDATA-WIN2K-PAC', 128),
+ ('kRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION', 129),
+ ('kRB5-AUTHDATA-SIGNTICKET-OLDER', -17),
+ ('kRB5-AUTHDATA-SIGNTICKET-OLD', 142),
+ ('kRB5-AUTHDATA-SIGNTICKET', 512)
+)
+
+
+class AuthDataTypeSequence(univ.Sequence):
+ pass
+
+
+AuthDataTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', AuthDataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class EncryptionKey(univ.Sequence):
+ pass
+
+
+EncryptionKey.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('keytype', EncryptionType().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('keyvalue', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class Microseconds(univ.Integer):
+ pass
+
+
+Microseconds.subtypeSpec = constraint.ValueRangeConstraint(0, 999999)
+
+
+class Authenticator(univ.Sequence):
+ pass
+
+
+Authenticator.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 2))
+Authenticator.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('authenticator-vno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+ namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 6))),
+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8)))
+)
+
+
+class ChecksumTypeValues(univ.Integer):
+ pass
+
+
+ChecksumTypeValues.namedValues = namedval.NamedValues(
+ ('kRB5-CKSUMTYPE-NONE', 0),
+ ('kRB5-CKSUMTYPE-CRC32', 1),
+ ('kRB5-CKSUMTYPE-RSA-MD4', 2),
+ ('kRB5-CKSUMTYPE-RSA-MD4-DES', 3),
+ ('kRB5-CKSUMTYPE-DES-MAC', 4),
+ ('kRB5-CKSUMTYPE-DES-MAC-K', 5),
+ ('kRB5-CKSUMTYPE-RSA-MD4-DES-K', 6),
+ ('kRB5-CKSUMTYPE-RSA-MD5', 7),
+ ('kRB5-CKSUMTYPE-RSA-MD5-DES', 8),
+ ('kRB5-CKSUMTYPE-RSA-MD5-DES3', 9),
+ ('kRB5-CKSUMTYPE-SHA1-OTHER', 10),
+ ('kRB5-CKSUMTYPE-HMAC-SHA1-DES3', 12),
+ ('kRB5-CKSUMTYPE-SHA1', 14),
+ ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-128', 15),
+ ('kRB5-CKSUMTYPE-HMAC-SHA1-96-AES-256', 16),
+ ('kRB5-CKSUMTYPE-GSSAPI', 32771),
+ ('kRB5-CKSUMTYPE-HMAC-MD5', -138),
+ ('kRB5-CKSUMTYPE-HMAC-MD5-ENC', -1138)
+)
+
+
+class ChecksumTypeSequence(univ.Sequence):
+ pass
+
+
+ChecksumTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', ChecksumTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class ETYPE_INFO_ENTRY(univ.Sequence):
+ pass
+
+
+ETYPE_INFO_ENTRY.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('salt', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class ETYPE_INFO(univ.SequenceOf):
+ pass
+
+
+ETYPE_INFO.componentType = ETYPE_INFO_ENTRY()
+
+
+class ETYPE_INFO2_ENTRY(univ.Sequence):
+ pass
+
+
+ETYPE_INFO2_ENTRY.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('etype', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('salt', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('s2kparams', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2)))
+)
+
+
+class ETYPE_INFO2(univ.SequenceOf):
+ pass
+
+
+ETYPE_INFO2.componentType = ETYPE_INFO2_ENTRY()
+ETYPE_INFO2.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
+
+
+class EncAPRepPart(univ.Sequence):
+ pass
+
+
+EncAPRepPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 27))
+EncAPRepPart.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('subkey', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3)))
+)
+
+
+class LastReq(univ.SequenceOf):
+ pass
+
+
+LastReq.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
+ namedtype.NamedType('lr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('lr-value', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+))
+
+
+class TicketFlags(KerberosFlags):
+ pass
+
+
+class EncKDCRepPart(univ.Sequence):
+ pass
+
+
+EncKDCRepPart.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+ namedtype.NamedType('last-req', LastReq().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('key-expiration', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+ namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+ namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+ namedtype.NamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11)))
+)
+
+
+class EncASRepPart(EncKDCRepPart):
+ pass
+
+
+EncASRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 25))
+
+
+class KrbCredInfo(univ.Sequence):
+ pass
+
+
+KrbCredInfo.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 0))),
+ namedtype.OptionalNamedType('prealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('pname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.OptionalNamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.OptionalNamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.OptionalNamedType('srealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+ namedtype.OptionalNamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 9))),
+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
+)
+
+
+class EncKrbCredPart(univ.Sequence):
+ pass
+
+
+EncKrbCredPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 29))
+EncKrbCredPart.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('ticket-info', univ.SequenceOf(componentType=KrbCredInfo()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('nonce', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.OptionalNamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
+)
+
+
+class EncKrbPrivPart(univ.Sequence):
+ pass
+
+
+EncKrbPrivPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 28))
+EncKrbPrivPart.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
+)
+
+
+class EncTGSRepPart(EncKDCRepPart):
+ pass
+
+
+EncTGSRepPart.tagSet = EncKDCRepPart.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 26))
+
+
+class TransitedEncoding(univ.Sequence):
+ pass
+
+
+TransitedEncoding.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('tr-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('contents', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class EncTicketPart(univ.Sequence):
+ pass
+
+
+EncTicketPart.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 3))
+EncTicketPart.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('flags', TicketFlags().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('key', EncryptionKey().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 1))),
+ namedtype.NamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.NamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3))),
+ namedtype.NamedType('transited', TransitedEncoding().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.NamedType('authtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.OptionalNamedType('starttime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+ namedtype.NamedType('endtime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.OptionalNamedType('renew-till', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 8))),
+ namedtype.OptionalNamedType('caddr', HostAddresses().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
+ namedtype.OptionalNamedType('authorization-data', AuthorizationData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 10)))
+)
+
+
+class EncryptionTypeValues(univ.Integer):
+ pass
+
+
+EncryptionTypeValues.namedValues = namedval.NamedValues(
+ ('kRB5-ENCTYPE-NULL', 0),
+ ('kRB5-ENCTYPE-DES-CBC-CRC', 1),
+ ('kRB5-ENCTYPE-DES-CBC-MD4', 2),
+ ('kRB5-ENCTYPE-DES-CBC-MD5', 3),
+ ('kRB5-ENCTYPE-DES3-CBC-MD5', 5),
+ ('kRB5-ENCTYPE-OLD-DES3-CBC-SHA1', 7),
+ ('kRB5-ENCTYPE-SIGN-DSA-GENERATE', 8),
+ ('kRB5-ENCTYPE-ENCRYPT-RSA-PRIV', 9),
+ ('kRB5-ENCTYPE-ENCRYPT-RSA-PUB', 10),
+ ('kRB5-ENCTYPE-DES3-CBC-SHA1', 16),
+ ('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96', 17),
+ ('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96', 18),
+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5', 23),
+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5-56', 24),
+ ('kRB5-ENCTYPE-ENCTYPE-PK-CROSS', 48),
+ ('kRB5-ENCTYPE-ARCFOUR-MD4', -128),
+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD', -133),
+ ('kRB5-ENCTYPE-ARCFOUR-HMAC-OLD-EXP', -135),
+ ('kRB5-ENCTYPE-DUMMY', -1111)
+)
+
+
+class EncryptionTypeSequence(univ.Sequence):
+ pass
+
+
+EncryptionTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', EncryptionTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KDCOptionsValues(univ.BitString):
+ pass
+
+
+KDCOptionsValues.namedValues = namedval.NamedValues(
+ ('reserved', 0),
+ ('forwardable', 1),
+ ('forwarded', 2),
+ ('proxiable', 3),
+ ('proxy', 4),
+ ('allow-postdate', 5),
+ ('postdated', 6),
+ ('unused7', 7),
+ ('renewable', 8),
+ ('unused9', 9),
+ ('unused10', 10),
+ ('opt-hardware-auth', 11),
+ ('unused12', 12),
+ ('unused13', 13),
+ ('unused15', 15),
+ ('disable-transited-check', 26),
+ ('renewable-ok', 27),
+ ('enc-tkt-in-skey', 28),
+ ('renew', 30),
+ ('validate', 31)
+)
+
+
+class KDCOptionsSequence(univ.Sequence):
+ pass
+
+
+KDCOptionsSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', KDCOptionsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class KRB_CRED(univ.Sequence):
+ pass
+
+
+KRB_CRED.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 22))
+KRB_CRED.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(22)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('tickets', univ.SequenceOf(componentType=Ticket()).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class KRB_ERROR(univ.Sequence):
+ pass
+
+
+KRB_ERROR.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 30))
+KRB_ERROR.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(30)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('ctime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('cusec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('stime', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 4))),
+ namedtype.NamedType('susec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 5))),
+ namedtype.NamedType('error-code', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 6))),
+ namedtype.OptionalNamedType('crealm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 7))),
+ namedtype.OptionalNamedType('cname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 8))),
+ namedtype.NamedType('realm', Realm().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 9))),
+ namedtype.NamedType('sname', PrincipalName().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 10))),
+ namedtype.OptionalNamedType('e-text', KerberosString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 11))),
+ namedtype.OptionalNamedType('e-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 12)))
+)
+
+
+class KRB_PRIV(univ.Sequence):
+ pass
+
+
+KRB_PRIV.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 21))
+KRB_PRIV.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(21)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('enc-part', EncryptedData().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class KRB_SAFE_BODY(univ.Sequence):
+ pass
+
+
+KRB_SAFE_BODY.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('user-data', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('timestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.OptionalNamedType('usec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 2))),
+ namedtype.OptionalNamedType('seq-number', UInt32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 3))),
+ namedtype.NamedType('s-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 4))),
+ namedtype.OptionalNamedType('r-address', HostAddress().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 5)))
+)
+
+
+class KRB_SAFE(univ.Sequence):
+ pass
+
+
+KRB_SAFE.tagSet = univ.Sequence.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 20))
+KRB_SAFE.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('pvno', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(5)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.NamedType('msg-type', univ.Integer().subtype(subtypeSpec=constraint.SingleValueConstraint(20)).subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1))),
+ namedtype.NamedType('safe-body', KRB_SAFE_BODY().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 2))),
+ namedtype.NamedType('cksum', Checksum().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatConstructed, 3)))
+)
+
+
+class METHOD_DATA(univ.SequenceOf):
+ pass
+
+
+METHOD_DATA.componentType = PA_DATA()
+
+
+class MessageTypeValues(univ.Integer):
+ pass
+
+
+MessageTypeValues.namedValues = namedval.NamedValues(
+ ('krb-as-req', 10),
+ ('krb-as-rep', 11),
+ ('krb-tgs-req', 12),
+ ('krb-tgs-rep', 13),
+ ('krb-ap-req', 14),
+ ('krb-ap-rep', 15),
+ ('krb-safe', 20),
+ ('krb-priv', 21),
+ ('krb-cred', 22),
+ ('krb-error', 30)
+)
+
+
+class MessageTypeSequence(univ.Sequence):
+ pass
+
+
+MessageTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', MessageTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class NameTypeValues(univ.Integer):
+ pass
+
+
+NameTypeValues.namedValues = namedval.NamedValues(
+ ('kRB5-NT-UNKNOWN', 0),
+ ('kRB5-NT-PRINCIPAL', 1),
+ ('kRB5-NT-SRV-INST', 2),
+ ('kRB5-NT-SRV-HST', 3),
+ ('kRB5-NT-SRV-XHST', 4),
+ ('kRB5-NT-UID', 5),
+ ('kRB5-NT-X500-PRINCIPAL', 6),
+ ('kRB5-NT-SMTP-NAME', 7),
+ ('kRB5-NT-ENTERPRISE-PRINCIPAL', 10),
+ ('kRB5-NT-WELLKNOWN', 11),
+ ('kRB5-NT-ENT-PRINCIPAL-AND-ID', -130),
+ ('kRB5-NT-MS-PRINCIPAL', -128),
+ ('kRB5-NT-MS-PRINCIPAL-AND-ID', -129)
+)
+
+
+class NameTypeSequence(univ.Sequence):
+ pass
+
+
+NameTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', NameTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class PA_ENC_TIMESTAMP(EncryptedData):
+ pass
+
+
+class PA_ENC_TS_ENC(univ.Sequence):
+ pass
+
+
+PA_ENC_TS_ENC.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('patimestamp', KerberosTime().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('pausec', Microseconds().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+)
+
+
+class PADataTypeValues(univ.Integer):
+ pass
+
+
+PADataTypeValues.namedValues = namedval.NamedValues(
+ ('kRB5-PADATA-NONE', 0),
+ ('kRB5-PADATA-KDC-REQ', 1),
+ ('kRB5-PADATA-ENC-TIMESTAMP', 2),
+ ('kRB5-PADATA-PW-SALT', 3),
+ ('kRB5-PADATA-ENC-UNIX-TIME', 5),
+ ('kRB5-PADATA-SANDIA-SECUREID', 6),
+ ('kRB5-PADATA-SESAME', 7),
+ ('kRB5-PADATA-OSF-DCE', 8),
+ ('kRB5-PADATA-CYBERSAFE-SECUREID', 9),
+ ('kRB5-PADATA-AFS3-SALT', 10),
+ ('kRB5-PADATA-ETYPE-INFO', 11),
+ ('kRB5-PADATA-SAM-CHALLENGE', 12),
+ ('kRB5-PADATA-SAM-RESPONSE', 13),
+ ('kRB5-PADATA-PK-AS-REQ-19', 14),
+ ('kRB5-PADATA-PK-AS-REP-19', 15),
+ ('kRB5-PADATA-PK-AS-REQ', 16),
+ ('kRB5-PADATA-PK-AS-REP', 17),
+ ('kRB5-PADATA-PA-PK-OCSP-RESPONSE', 18),
+ ('kRB5-PADATA-ETYPE-INFO2', 19),
+ ('kRB5-PADATA-SVR-REFERRAL-INFO', 20),
+ ('kRB5-PADATA-SAM-REDIRECT', 21),
+ ('kRB5-PADATA-GET-FROM-TYPED-DATA', 22),
+ ('kRB5-PADATA-SAM-ETYPE-INFO', 23),
+ ('kRB5-PADATA-SERVER-REFERRAL', 25),
+ ('kRB5-PADATA-ALT-PRINC', 24),
+ ('kRB5-PADATA-SAM-CHALLENGE2', 30),
+ ('kRB5-PADATA-SAM-RESPONSE2', 31),
+ ('kRB5-PA-EXTRA-TGT', 41),
+ ('kRB5-PADATA-TD-KRB-PRINCIPAL', 102),
+ ('kRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS', 104),
+ ('kRB5-PADATA-PK-TD-CERTIFICATE-INDEX', 105),
+ ('kRB5-PADATA-TD-APP-DEFINED-ERROR', 106),
+ ('kRB5-PADATA-TD-REQ-NONCE', 107),
+ ('kRB5-PADATA-TD-REQ-SEQ', 108),
+ ('kRB5-PADATA-PA-PAC-REQUEST', 128),
+ ('kRB5-PADATA-FOR-USER', 129),
+ ('kRB5-PADATA-FOR-X509-USER', 130),
+ ('kRB5-PADATA-FOR-CHECK-DUPS', 131),
+ ('kRB5-PADATA-AS-CHECKSUM', 132),
+ ('kRB5-PADATA-FX-COOKIE', 133),
+ ('kRB5-PADATA-AUTHENTICATION-SET', 134),
+ ('kRB5-PADATA-AUTH-SET-SELECTED', 135),
+ ('kRB5-PADATA-FX-FAST', 136),
+ ('kRB5-PADATA-FX-ERROR', 137),
+ ('kRB5-PADATA-ENCRYPTED-CHALLENGE', 138),
+ ('kRB5-PADATA-OTP-CHALLENGE', 141),
+ ('kRB5-PADATA-OTP-REQUEST', 142),
+ ('kBB5-PADATA-OTP-CONFIRM', 143),
+ ('kRB5-PADATA-OTP-PIN-CHANGE', 144),
+ ('kRB5-PADATA-EPAK-AS-REQ', 145),
+ ('kRB5-PADATA-EPAK-AS-REP', 146),
+ ('kRB5-PADATA-PKINIT-KX', 147),
+ ('kRB5-PADATA-PKU2U-NAME', 148),
+ ('kRB5-PADATA-REQ-ENC-PA-REP', 149),
+ ('kRB5-PADATA-SUPPORTED-ETYPES', 165)
+)
+
+
+class PADataTypeSequence(univ.Sequence):
+ pass
+
+
+PADataTypeSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', PADataTypeValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+class TGS_REP(KDC_REP):
+ pass
+
+
+TGS_REP.tagSet = KDC_REP.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 13))
+
+
+class TGS_REQ(KDC_REQ):
+ pass
+
+
+TGS_REQ.tagSet = KDC_REQ.tagSet.tagExplicitly(tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 12))
+
+
+class TYPED_DATA(univ.SequenceOf):
+ pass
+
+
+TYPED_DATA.componentType = univ.Sequence(componentType=namedtype.NamedTypes(
+ namedtype.NamedType('data-type', Int32().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))),
+ namedtype.OptionalNamedType('data-value', univ.OctetString().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 1)))
+))
+
+TYPED_DATA.subtypeSpec=constraint.ValueSizeConstraint(1, 256)
+
+
+class TicketFlagsValues(univ.BitString):
+ pass
+
+
+TicketFlagsValues.namedValues = namedval.NamedValues(
+ ('reserved', 0),
+ ('forwardable', 1),
+ ('forwarded', 2),
+ ('proxiable', 3),
+ ('proxy', 4),
+ ('may-postdate', 5),
+ ('postdated', 6),
+ ('invalid', 7),
+ ('renewable', 8),
+ ('initial', 9),
+ ('pre-authent', 10),
+ ('hw-authent', 11),
+ ('transited-policy-checked', 12),
+ ('ok-as-delegate', 13)
+)
+
+
+class TicketFlagsSequence(univ.Sequence):
+ pass
+
+
+TicketFlagsSequence.componentType = namedtype.NamedTypes(
+ namedtype.NamedType('dummy', TicketFlagsValues().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)))
+)
+
+
+id_krb5 = _OID(1, 3, 6, 1, 5, 2)
+
+
projects / thirdparty / samba.git / commitdiff
