1KRB5(3) krb5 1.0 KRB5(3)
2
3
4
6 packet.application.krb5 - KRB5 module
7
9 Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Rep‐
10 resentation)
11
12 RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A
13 Generalized Framework for Kerberos Pre-Authentication
14
16 class APOptions(packet.utils.OptionFlags)
17 AP Option flags
18
19
20 class AP_REP(baseobj.BaseObj)
21 AP-REP ::= [APPLICATION 15] SEQUENCE {
22 pvno [0] INTEGER (5),
23 msg-type [1] INTEGER (15),
24 enc-part [2] EncryptedData -- EncAPRepPart
25 }
26
27
28 Methods defined here:
29 ---------------------
30
31 __init__(self, obj)
32 Constructor
33
34 Initialize object's private data according to the arguments given.
35 Arguments can be given as positional, named arguments or a
36 combination of both.
37
38 class AP_REQ(baseobj.BaseObj)
39 AP-REQ ::= [APPLICATION 14] SEQUENCE {
40 pvno [0] INTEGER (5),
41 msg-type [1] INTEGER (14),
42 options [2] APOptions,
43 ticket [3] Ticket,
44 authenticator [4] EncryptedData -- Authenticator
45 }
46
47
48 Methods defined here:
49 ---------------------
50
51 __init__(self, obj)
52 Constructor
53
54 Initialize object's private data according to the arguments given.
55 Arguments can be given as positional, named arguments or a
56 combination of both.
57
58 class Checksum(baseobj.BaseObj)
59 Checksum ::= SEQUENCE {
60 cksumtype [0] Int32,
61 checksum [1] OCTET STRING
62 }
63
64
65 Methods defined here:
66 ---------------------
67
68 __init__(self, obj)
69 Constructor
70
71 Initialize object's private data according to the arguments given.
72 Arguments can be given as positional, named arguments or a
73 combination of both.
74
75 class EncryptedData(baseobj.BaseObj)
76 EncryptedData ::= SEQUENCE {
77 etype [0] Int32 -- EncryptionType --,
78 kvno [1] UInt32 OPTIONAL,
79 cipher [2] OCTET STRING -- ciphertext
80 }
81
82
83 Methods defined here:
84 ---------------------
85
86 __init__(self, obj)
87 Constructor
88
89 Initialize object's private data according to the arguments given.
90 Arguments can be given as positional, named arguments or a
91 combination of both.
92
93 class EtypeInfo2Entry(baseobj.BaseObj)
94 ETYPE-INFO2-ENTRY ::= SEQUENCE {
95 etype [0] Int32,
96 salt [1] KerberosString OPTIONAL,
97 s2kparams [2] OCTET STRING OPTIONAL
98 }
99
100
101 Methods defined here:
102 ---------------------
103
104 __init__(self, obj)
105 Constructor
106
107 Initialize object's private data according to the arguments given.
108 Arguments can be given as positional, named arguments or a
109 combination of both.
110
111 class HostAddress(baseobj.BaseObj)
112 HostAddress ::= SEQUENCE {
113 addr-type [0] Int32,
114 address [1] OCTET STRING
115 }
116
117
118 Methods defined here:
119 ---------------------
120
121 __init__(self, obj)
122 Constructor
123
124 Initialize object's private data according to the arguments given.
125 Arguments can be given as positional, named arguments or a
126 combination of both.
127
128 class KDCOptions(packet.utils.OptionFlags)
129 KDC Option flags
130
131
132 class KDC_REP(baseobj.BaseObj)
133 KDC-REP ::= SEQUENCE {
134 pvno [0] INTEGER (5),
135 msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
136 padata [2] SEQUENCE OF PA-DATA OPTIONAL
137 -- NOTE: not empty --,
138 crealm [3] Realm,
139 cname [4] PrincipalName,
140 ticket [5] Ticket,
141 enc-part [6] EncryptedData
142 -- EncASRepPart or EncTGSRepPart,
143 -- as appropriate
144 }
145
146
147 Methods defined here:
148 ---------------------
149
150 __init__(self, obj)
151 Constructor
152
153 Initialize object's private data according to the arguments given.
154 Arguments can be given as positional, named arguments or a
155 combination of both.
156
157 class KDC_REQ(baseobj.BaseObj)
158 KDC-REQ ::= SEQUENCE {
159 -- NOTE: first tag is [1], not [0]
160 pvno [1] INTEGER (5) ,
161 msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
162 padata [3] SEQUENCE OF PA-DATA OPTIONAL
163 -- NOTE: not empty --,
164 req-body [4] KDC-REQ-BODY
165 }
166
167
168 Methods defined here:
169 ---------------------
170
171 __init__(self, obj)
172 Constructor
173
174 Initialize object's private data according to the arguments given.
175 Arguments can be given as positional, named arguments or a
176 combination of both.
177
178 class KDC_REQ_BODY(baseobj.BaseObj)
179 KDC-REQ-BODY ::= SEQUENCE {
180 options [0] KDCOptions,
181 cname [1] PrincipalName OPTIONAL
182 -- Used only in AS-REQ --,
183 realm [2] Realm
184 -- Server's realm
185 -- Also client's in AS-REQ --,
186 sname [3] PrincipalName OPTIONAL,
187 from [4] KerberosTime OPTIONAL,
188 till [5] KerberosTime,
189 rtime [6] KerberosTime OPTIONAL,
190 nonce [7] UInt32,
191 etype [8] SEQUENCE OF Int32 -- EncryptionType
192 -- in preference order --,
193 addresses [9] HostAddresses OPTIONAL,
194 enc-authorization-data [10] EncryptedData OPTIONAL
195 -- AuthorizationData --,
196 additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
197 -- NOTE: not empty
198 }
199
200
201 Methods defined here:
202 ---------------------
203
204 __init__(self, obj)
205 Constructor
206
207 Initialize object's private data according to the arguments given.
208 Arguments can be given as positional, named arguments or a
209 combination of both.
210
211 class KRB5(baseobj.BaseObj)
212 KRB5 object
213
214 Usage:
215 from packet.application.krb5 import KRB5
216
217 # Decode KRB5 layer
218 x = KRB5(pktt, proto)
219
220 Object definition:
221
222 KRB5(
223 appid = int, # Application Identifier
224 kdata = KDC_REQ|KDC_REP|KRB_ERROR
225 }
226
227
228 Methods defined here:
229 ---------------------
230
231 __bool__(self)
232 Truth value testing for the built-in operation bool()
233
234 __init__(self, pktt, proto)
235 Constructor
236
237 Initialize object's private data.
238
239
240 pktt: Packet trace object (packet.pktt.Pktt) so this layer has
241 access to the parent layers.
242
243 proto: Transport layer protocol.
244
245 class KRB_ERROR(baseobj.BaseObj)
246 KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
247 pvno [0] INTEGER (5),
248 msg-type [1] INTEGER (30),
249 ctime [2] KerberosTime OPTIONAL,
250 cusec [3] Microseconds OPTIONAL,
251 stime [4] KerberosTime,
252 susec [5] Microseconds,
253 error-code [6] Int32,
254 crealm [7] Realm OPTIONAL,
255 cname [8] PrincipalName OPTIONAL,
256 realm [9] Realm -- service realm --,
257 sname [10] PrincipalName -- service name --,
258 e-text [11] KerberosString OPTIONAL,
259 e-data [12] OCTET STRING OPTIONAL
260 }
261
262
263 Methods defined here:
264 ---------------------
265
266 __init__(self, obj)
267 Constructor
268
269 Initialize object's private data according to the arguments given.
270 Arguments can be given as positional, named arguments or a
271 combination of both.
272
273 class KrbFastArmor(baseobj.BaseObj)
274 KrbFastArmor ::= SEQUENCE {
275 armor-type [0] Int32,
276 -- Type of the armor.
277 armor-value [1] OCTET STRING,
278 -- Value of the armor.
279 }
280
281
282 Methods defined here:
283 ---------------------
284
285 __init__(self, obj)
286 Constructor
287
288 Initialize object's private data according to the arguments given.
289 Arguments can be given as positional, named arguments or a
290 combination of both.
291
292 class KrbFastArmoredRep(baseobj.BaseObj)
293 KrbFastArmoredRep ::= SEQUENCE {
294 enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
295 -- The encryption key is the armor key in the request, and
296 -- the key usage number is KEY_USAGE_FAST_REP.
297 }
298
299
300 Methods defined here:
301 ---------------------
302
303 __init__(self, obj)
304 Constructor
305
306 Initialize object's private data according to the arguments given.
307 Arguments can be given as positional, named arguments or a
308 combination of both.
309
310 class KrbFastArmoredReq(baseobj.BaseObj)
311 KrbFastArmoredReq ::= SEQUENCE {
312 armor [0] KrbFastArmor OPTIONAL,
313 -- Contains the armor that identifies the armor key.
314 -- MUST be present in AS-REQ.
315 req-checksum [1] Checksum,
316 -- For AS, contains the checksum performed over the type
317 -- KDC-REQ-BODY for the req-body field of the KDC-REQ
318 -- structure;
319 -- For TGS, contains the checksum performed over the type
320 -- AP-REQ in the PA-TGS-REQ padata.
321 -- The checksum key is the armor key, the checksum
322 -- type is the required checksum type for the enctype of
323 -- the armor key, and the key usage number is
324 -- KEY_USAGE_FAST_REQ_CHKSUM.
325 enc-fast-req [2] EncryptedData, -- KrbFastReq --
326 -- The encryption key is the armor key, and the key usage
327 -- number is KEY_USAGE_FAST_ENC.
328 }
329
330
331 Methods defined here:
332 ---------------------
333
334 __init__(self, obj)
335 Constructor
336
337 Initialize object's private data according to the arguments given.
338 Arguments can be given as positional, named arguments or a
339 combination of both.
340
341 class PrincipalName(baseobj.BaseObj)
342 PrincipalName ::= SEQUENCE {
343 name-type [0] Int32,
344 name-string [1] SEQUENCE OF KerberosString
345 }
346
347
348 Methods defined here:
349 ---------------------
350
351 __init__(self, obj)
352 Constructor
353
354 Initialize object's private data according to the arguments given.
355 Arguments can be given as positional, named arguments or a
356 combination of both.
357
358 class Ticket(baseobj.BaseObj)
359 Ticket ::= [APPLICATION 1] SEQUENCE {
360 tkt-vno [0] INTEGER (5),
361 realm [1] Realm,
362 sname [2] PrincipalName,
363 enc-part [3] EncryptedData -- EncTicketPart
364 }
365
366
367 Methods defined here:
368 ---------------------
369
370 __init__(self, obj)
371 Constructor
372
373 Initialize object's private data according to the arguments given.
374 Arguments can be given as positional, named arguments or a
375 combination of both.
376
377 class krb5_addrtype(packet.utils.Enum)
378 enum krb5_addrtype
379
380
381 class krb5_adtype(packet.utils.Enum)
382 enum krb5_adtype
383
384
385 class krb5_application(packet.utils.Enum)
386 enum krb5_application
387
388
389 class krb5_ctype(packet.utils.Enum)
390 enum krb5_ctype
391
392
393 class krb5_etype(packet.utils.Enum)
394 enum krb5_etype
395
396
397 class krb5_fatype(packet.utils.Enum)
398 enum krb5_fatype
399
400
401 class krb5_patype(packet.utils.Enum)
402 enum krb5_patype
403
404
405 class krb5_principal(packet.utils.Enum)
406 enum krb5_principal
407
408
409 class krb5_status(packet.utils.Enum)
410 enum krb5_status
411
412
413 class paData(baseobj.BaseObj)
414 PA-DATA ::= SEQUENCE {
415 -- NOTE: first tag is [1], not [0]
416 padata-type [1] Int32,
417 padata-value [2] OCTET STRING
418 }
419
420
421 Methods defined here:
422 ---------------------
423
424 __init__(self, obj)
425 Constructor
426
427 Initialize object's private data according to the arguments given.
428 Arguments can be given as positional, named arguments or a
429 combination of both.
430
432 KerberosTime(stime, usec=None)
433 Convert floating point time to a DateStr object,
434 include the microseconds if given
435
436 Optional(obj, objtype)
437 Get Optional item of the given object type
438
439 SequenceOf(obj, objtype)
440 SEQUENCE OF: return list of the given object type
441
443 baseobj(3), packet.application.krb5_const(3), packet.derunpack(3),
444 packet.utils(3)
445
446
448 No known bugs.
449
451 Jorge Mora (mora@netapp.com)
452
453
454
455NFStest 3.2 21 March 2023 KRB5(3)