| KRB5(3) | krb5 1.0 | KRB5(3) |
NAME¶
packet.application.krb5 - KRB5 module
DESCRIPTION¶
Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Representation)
RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A Generalized Framework for Kerberos Pre-Authentication
CLASSES¶
class APOptions(packet.utils.OptionFlags)¶
AP Option flags
class AP_REP(baseobj.BaseObj)¶
AP-REP ::= [APPLICATION 15] SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (15),
enc-part [2] EncryptedData -- EncAPRepPart
}
Methods defined here: ---------------------
__init__(self, obj)
class AP_REQ(baseobj.BaseObj)¶
AP-REQ ::= [APPLICATION 14] SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (14),
options [2] APOptions,
ticket [3] Ticket,
authenticator [4] EncryptedData -- Authenticator
}
Methods defined here: ---------------------
__init__(self, obj)
class Checksum(baseobj.BaseObj)¶
Checksum ::= SEQUENCE {
cksumtype [0] Int32,
checksum [1] OCTET STRING
}
Methods defined here: ---------------------
__init__(self, obj)
class EncryptedData(baseobj.BaseObj)¶
EncryptedData ::= SEQUENCE {
etype [0] Int32 -- EncryptionType --,
kvno [1] UInt32 OPTIONAL,
cipher [2] OCTET STRING -- ciphertext
}
Methods defined here: ---------------------
__init__(self, obj)
class EtypeInfo2Entry(baseobj.BaseObj)¶
ETYPE-INFO2-ENTRY ::= SEQUENCE {
etype [0] Int32,
salt [1] KerberosString OPTIONAL,
s2kparams [2] OCTET STRING OPTIONAL
}
Methods defined here: ---------------------
__init__(self, obj)
class HostAddress(baseobj.BaseObj)¶
HostAddress ::= SEQUENCE {
addr-type [0] Int32,
address [1] OCTET STRING
}
Methods defined here: ---------------------
__init__(self, obj)
class KDCOptions(packet.utils.OptionFlags)¶
KDC Option flags
class KDC_REP(baseobj.BaseObj)¶
KDC-REP ::= SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
padata [2] SEQUENCE OF PA-DATA OPTIONAL
-- NOTE: not empty --,
crealm [3] Realm,
cname [4] PrincipalName,
ticket [5] Ticket,
enc-part [6] EncryptedData
-- EncASRepPart or EncTGSRepPart,
-- as appropriate
}
Methods defined here: ---------------------
__init__(self, obj)
class KDC_REQ(baseobj.BaseObj)¶
KDC-REQ ::= SEQUENCE {
-- NOTE: first tag is [1], not [0]
pvno [1] INTEGER (5) ,
msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
padata [3] SEQUENCE OF PA-DATA OPTIONAL
-- NOTE: not empty --,
req-body [4] KDC-REQ-BODY
}
Methods defined here: ---------------------
__init__(self, obj)
class KDC_REQ_BODY(baseobj.BaseObj)¶
KDC-REQ-BODY ::= SEQUENCE {
options [0] KDCOptions,
cname [1] PrincipalName OPTIONAL
-- Used only in AS-REQ --,
realm [2] Realm
-- Server's realm
-- Also client's in AS-REQ --,
sname [3] PrincipalName OPTIONAL,
from [4] KerberosTime OPTIONAL,
till [5] KerberosTime,
rtime [6] KerberosTime OPTIONAL,
nonce [7] UInt32,
etype [8] SEQUENCE OF Int32 -- EncryptionType
-- in preference order --,
addresses [9] HostAddresses OPTIONAL,
enc-authorization-data [10] EncryptedData OPTIONAL
-- AuthorizationData --,
additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
-- NOTE: not empty
}
Methods defined here: ---------------------
__init__(self, obj)
class KRB5(baseobj.BaseObj)¶
KRB5 object Usage:
from packet.application.krb5 import KRB5
# Decode KRB5 layer
x = KRB5(pktt, proto) Object definition: KRB5(
appid = int, # Application Identifier
kdata = KDC_REQ|KDC_REP|KRB_ERROR }
Methods defined here: ---------------------
__init__(self, pktt, proto) Constructor Initialize object's private data.
__nonzero__(self) Truth value testing for the built-in operation bool()
class KRB_ERROR(baseobj.BaseObj)¶
KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
pvno [0] INTEGER (5),
msg-type [1] INTEGER (30),
ctime [2] KerberosTime OPTIONAL,
cusec [3] Microseconds OPTIONAL,
stime [4] KerberosTime,
susec [5] Microseconds,
error-code [6] Int32,
crealm [7] Realm OPTIONAL,
cname [8] PrincipalName OPTIONAL,
realm [9] Realm -- service realm --,
sname [10] PrincipalName -- service name --,
e-text [11] KerberosString OPTIONAL,
e-data [12] OCTET STRING OPTIONAL
}
Methods defined here: ---------------------
__init__(self, obj)
class KrbFastArmor(baseobj.BaseObj)¶
KrbFastArmor ::= SEQUENCE {
armor-type [0] Int32,
-- Type of the armor.
armor-value [1] OCTET STRING,
-- Value of the armor.
}
Methods defined here: ---------------------
__init__(self, obj)
class KrbFastArmoredRep(baseobj.BaseObj)¶
KrbFastArmoredRep ::= SEQUENCE {
enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
-- The encryption key is the armor key in the request, and
-- the key usage number is KEY_USAGE_FAST_REP.
}
Methods defined here: ---------------------
__init__(self, obj)
class KrbFastArmoredReq(baseobj.BaseObj)¶
KrbFastArmoredReq ::= SEQUENCE {
armor [0] KrbFastArmor OPTIONAL,
-- Contains the armor that identifies the armor key.
-- MUST be present in AS-REQ.
req-checksum [1] Checksum,
-- For AS, contains the checksum performed over the type
-- KDC-REQ-BODY for the req-body field of the KDC-REQ
-- structure;
-- For TGS, contains the checksum performed over the type
-- AP-REQ in the PA-TGS-REQ padata.
-- The checksum key is the armor key, the checksum
-- type is the required checksum type for the enctype of
-- the armor key, and the key usage number is
-- KEY_USAGE_FAST_REQ_CHKSUM.
enc-fast-req [2] EncryptedData, -- KrbFastReq --
-- The encryption key is the armor key, and the key usage
-- number is KEY_USAGE_FAST_ENC.
}
Methods defined here: ---------------------
__init__(self, obj)
class PrincipalName(baseobj.BaseObj)¶
PrincipalName ::= SEQUENCE {
name-type [0] Int32,
name-string [1] SEQUENCE OF KerberosString
}
Methods defined here: ---------------------
__init__(self, obj)
class Ticket(baseobj.BaseObj)¶
Ticket ::= [APPLICATION 1] SEQUENCE {
tkt-vno [0] INTEGER (5),
realm [1] Realm,
sname [2] PrincipalName,
enc-part [3] EncryptedData -- EncTicketPart
}
Methods defined here: ---------------------
__init__(self, obj)
class krb5_addrtype(packet.utils.Enum)¶
enum krb5_addrtype
class krb5_adtype(packet.utils.Enum)¶
enum krb5_adtype
class krb5_application(packet.utils.Enum)¶
enum krb5_application
class krb5_ctype(packet.utils.Enum)¶
enum krb5_ctype
class krb5_etype(packet.utils.Enum)¶
enum krb5_etype
class krb5_fatype(packet.utils.Enum)¶
enum krb5_fatype
class krb5_patype(packet.utils.Enum)¶
enum krb5_patype
class krb5_principal(packet.utils.Enum)¶
enum krb5_principal
class krb5_status(packet.utils.Enum)¶
enum krb5_status
class paData(baseobj.BaseObj)¶
PA-DATA ::= SEQUENCE {
-- NOTE: first tag is [1], not [0]
padata-type [1] Int32,
padata-value [2] OCTET STRING
}
Methods defined here: ---------------------
__init__(self, obj)
FUNCTIONS¶
KerberosTime(stime, usec=None)¶
Convert floating point time to a DateStr object, include the microseconds if given
Optional(obj, objtype)¶
Get Optional item of the given object type
SequenceOf(obj, objtype)¶
SEQUENCE OF: return list of the given object type
SEE ALSO¶
BUGS¶
No known bugs.
AUTHOR¶
Jorge Mora (mora@netapp.com)
| 14 February 2017 | NFStest 2.1.5 |