1KRB5(3) krb5 1.0 KRB5(3)
2
6 packet.application.krb5 - KRB5 module
7
9 Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Rep‐
10 resentation)
11 RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A
13 Generalized Framework for Kerberos Pre-Authentication
14
16 class APOptions(packet.utils.OptionFlags)
17 AP Option flags
18 class AP_REP(baseobj.BaseObj)
21 AP-REP ::= [APPLICATION 15] SEQUENCE {
22 pvno [0] INTEGER (5),
23 msg-type [1] INTEGER (15),
24 enc-part [2] EncryptedData -- EncAPRepPart
25 }
26 Methods defined here:
29 ---------------------
30 __init__(self, obj)
32 Constructor
33 Initialize object's private data according to the arguments given.
35 Arguments can be given as positional, named arguments or a
36 combination of both.
37 class AP_REQ(baseobj.BaseObj)
39 AP-REQ ::= [APPLICATION 14] SEQUENCE {
40 pvno [0] INTEGER (5),
41 msg-type [1] INTEGER (14),
42 options [2] APOptions,
43 ticket [3] Ticket,
44 authenticator [4] EncryptedData -- Authenticator
45 }
46 Methods defined here:
49 ---------------------
50 __init__(self, obj)
52 Constructor
53 Initialize object's private data according to the arguments given.
55 Arguments can be given as positional, named arguments or a
56 combination of both.
57 class Checksum(baseobj.BaseObj)
59 Checksum ::= SEQUENCE {
60 cksumtype [0] Int32,
61 checksum [1] OCTET STRING
62 }
63 Methods defined here:
66 ---------------------
67 __init__(self, obj)
69 Constructor
70 Initialize object's private data according to the arguments given.
72 Arguments can be given as positional, named arguments or a
73 combination of both.
74 class EncryptedData(baseobj.BaseObj)
76 EncryptedData ::= SEQUENCE {
77 etype [0] Int32 -- EncryptionType --,
78 kvno [1] UInt32 OPTIONAL,
79 cipher [2] OCTET STRING -- ciphertext
80 }
81 Methods defined here:
84 ---------------------
85 __init__(self, obj)
87 Constructor
88 Initialize object's private data according to the arguments given.
90 Arguments can be given as positional, named arguments or a
91 combination of both.
92 class EtypeInfo2Entry(baseobj.BaseObj)
94 ETYPE-INFO2-ENTRY ::= SEQUENCE {
95 etype [0] Int32,
96 salt [1] KerberosString OPTIONAL,
97 s2kparams [2] OCTET STRING OPTIONAL
98 }
99 Methods defined here:
102 ---------------------
103 __init__(self, obj)
105 Constructor
106 Initialize object's private data according to the arguments given.
108 Arguments can be given as positional, named arguments or a
109 combination of both.
110 class HostAddress(baseobj.BaseObj)
112 HostAddress ::= SEQUENCE {
113 addr-type [0] Int32,
114 address [1] OCTET STRING
115 }
116 Methods defined here:
119 ---------------------
120 __init__(self, obj)
122 Constructor
123 Initialize object's private data according to the arguments given.
125 Arguments can be given as positional, named arguments or a
126 combination of both.
127 class KDCOptions(packet.utils.OptionFlags)
129 KDC Option flags
130 class KDC_REP(baseobj.BaseObj)
133 KDC-REP ::= SEQUENCE {
134 pvno [0] INTEGER (5),
135 msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
136 padata [2] SEQUENCE OF PA-DATA OPTIONAL
137 -- NOTE: not empty --,
138 crealm [3] Realm,
139 cname [4] PrincipalName,
140 ticket [5] Ticket,
141 enc-part [6] EncryptedData
142 -- EncASRepPart or EncTGSRepPart,
143 -- as appropriate
144 }
145 Methods defined here:
148 ---------------------
149 __init__(self, obj)
151 Constructor
152 Initialize object's private data according to the arguments given.
154 Arguments can be given as positional, named arguments or a
155 combination of both.
156 class KDC_REQ(baseobj.BaseObj)
158 KDC-REQ ::= SEQUENCE {
159 -- NOTE: first tag is [1], not [0]
160 pvno [1] INTEGER (5) ,
161 msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
162 padata [3] SEQUENCE OF PA-DATA OPTIONAL
163 -- NOTE: not empty --,
164 req-body [4] KDC-REQ-BODY
165 }
166 Methods defined here:
169 ---------------------
170 __init__(self, obj)
172 Constructor
173 Initialize object's private data according to the arguments given.
175 Arguments can be given as positional, named arguments or a
176 combination of both.
177 class KDC_REQ_BODY(baseobj.BaseObj)
179 KDC-REQ-BODY ::= SEQUENCE {
180 options [0] KDCOptions,
181 cname [1] PrincipalName OPTIONAL
182 -- Used only in AS-REQ --,
183 realm [2] Realm
184 -- Server's realm
185 -- Also client's in AS-REQ --,
186 sname [3] PrincipalName OPTIONAL,
187 from [4] KerberosTime OPTIONAL,
188 till [5] KerberosTime,
189 rtime [6] KerberosTime OPTIONAL,
190 nonce [7] UInt32,
191 etype [8] SEQUENCE OF Int32 -- EncryptionType
192 -- in preference order --,
193 addresses [9] HostAddresses OPTIONAL,
194 enc-authorization-data [10] EncryptedData OPTIONAL
195 -- AuthorizationData --,
196 additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
197 -- NOTE: not empty
198 }
199 Methods defined here:
202 ---------------------
203 __init__(self, obj)
205 Constructor
206 Initialize object's private data according to the arguments given.
208 Arguments can be given as positional, named arguments or a
209 combination of both.
210 class KRB5(baseobj.BaseObj)
212 KRB5 object
213 Usage:
215 from packet.application.krb5 import KRB5
216 # Decode KRB5 layer
218 x = KRB5(pktt, proto)
219 Object definition:
221 KRB5(
223 appid = int, # Application Identifier
224 kdata = KDC_REQ|KDC_REP|KRB_ERROR
225 }
226 Methods defined here:
229 ---------------------
230 __bool__(self)
232 Truth value testing for the built-in operation bool()
233 __init__(self, pktt, proto)
235 Constructor
236 Initialize object's private data.
238 pktt: Packet trace object (packet.pktt.Pktt) so this layer has
241 access to the parent layers.
242 proto: Transport layer protocol.
244 class KRB_ERROR(baseobj.BaseObj)
246 KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
247 pvno [0] INTEGER (5),
248 msg-type [1] INTEGER (30),
249 ctime [2] KerberosTime OPTIONAL,
250 cusec [3] Microseconds OPTIONAL,
251 stime [4] KerberosTime,
252 susec [5] Microseconds,
253 error-code [6] Int32,
254 crealm [7] Realm OPTIONAL,
255 cname [8] PrincipalName OPTIONAL,
256 realm [9] Realm -- service realm --,
257 sname [10] PrincipalName -- service name --,
258 e-text [11] KerberosString OPTIONAL,
259 e-data [12] OCTET STRING OPTIONAL
260 }
261 Methods defined here:
264 ---------------------
265 __init__(self, obj)
267 Constructor
268 Initialize object's private data according to the arguments given.
270 Arguments can be given as positional, named arguments or a
271 combination of both.
272 class KrbFastArmor(baseobj.BaseObj)
274 KrbFastArmor ::= SEQUENCE {
275 armor-type [0] Int32,
276 -- Type of the armor.
277 armor-value [1] OCTET STRING,
278 -- Value of the armor.
279 }
280 Methods defined here:
283 ---------------------
284 __init__(self, obj)
286 Constructor
287 Initialize object's private data according to the arguments given.
289 Arguments can be given as positional, named arguments or a
290 combination of both.
291 class KrbFastArmoredRep(baseobj.BaseObj)
293 KrbFastArmoredRep ::= SEQUENCE {
294 enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
295 -- The encryption key is the armor key in the request, and
296 -- the key usage number is KEY_USAGE_FAST_REP.
297 }
298 Methods defined here:
301 ---------------------
302 __init__(self, obj)
304 Constructor
305 Initialize object's private data according to the arguments given.
307 Arguments can be given as positional, named arguments or a
308 combination of both.
309 class KrbFastArmoredReq(baseobj.BaseObj)
311 KrbFastArmoredReq ::= SEQUENCE {
312 armor [0] KrbFastArmor OPTIONAL,
313 -- Contains the armor that identifies the armor key.
314 -- MUST be present in AS-REQ.
315 req-checksum [1] Checksum,
316 -- For AS, contains the checksum performed over the type
317 -- KDC-REQ-BODY for the req-body field of the KDC-REQ
318 -- structure;
319 -- For TGS, contains the checksum performed over the type
320 -- AP-REQ in the PA-TGS-REQ padata.
321 -- The checksum key is the armor key, the checksum
322 -- type is the required checksum type for the enctype of
323 -- the armor key, and the key usage number is
324 -- KEY_USAGE_FAST_REQ_CHKSUM.
325 enc-fast-req [2] EncryptedData, -- KrbFastReq --
326 -- The encryption key is the armor key, and the key usage
327 -- number is KEY_USAGE_FAST_ENC.
328 }
329 Methods defined here:
332 ---------------------
333 __init__(self, obj)
335 Constructor
336 Initialize object's private data according to the arguments given.
338 Arguments can be given as positional, named arguments or a
339 combination of both.
340 class PrincipalName(baseobj.BaseObj)
342 PrincipalName ::= SEQUENCE {
343 name-type [0] Int32,
344 name-string [1] SEQUENCE OF KerberosString
345 }
346 Methods defined here:
349 ---------------------
350 __init__(self, obj)
352 Constructor
353 Initialize object's private data according to the arguments given.
355 Arguments can be given as positional, named arguments or a
356 combination of both.
357 class Ticket(baseobj.BaseObj)
359 Ticket ::= [APPLICATION 1] SEQUENCE {
360 tkt-vno [0] INTEGER (5),
361 realm [1] Realm,
362 sname [2] PrincipalName,
363 enc-part [3] EncryptedData -- EncTicketPart
364 }
365 Methods defined here:
368 ---------------------
369 __init__(self, obj)
371 Constructor
372 Initialize object's private data according to the arguments given.
374 Arguments can be given as positional, named arguments or a
375 combination of both.
376 class krb5_addrtype(packet.utils.Enum)
378 enum krb5_addrtype
379 class krb5_adtype(packet.utils.Enum)
382 enum krb5_adtype
383 class krb5_application(packet.utils.Enum)
386 enum krb5_application
387 class krb5_ctype(packet.utils.Enum)
390 enum krb5_ctype
391 class krb5_etype(packet.utils.Enum)
394 enum krb5_etype
395 class krb5_fatype(packet.utils.Enum)
398 enum krb5_fatype
399 class krb5_patype(packet.utils.Enum)
402 enum krb5_patype
403 class krb5_principal(packet.utils.Enum)
406 enum krb5_principal
407 class krb5_status(packet.utils.Enum)
410 enum krb5_status
411 class paData(baseobj.BaseObj)
414 PA-DATA ::= SEQUENCE {
415 -- NOTE: first tag is [1], not [0]
416 padata-type [1] Int32,
417 padata-value [2] OCTET STRING
418 }
419 Methods defined here:
422 ---------------------
423 __init__(self, obj)
425 Constructor
426 Initialize object's private data according to the arguments given.
428 Arguments can be given as positional, named arguments or a
429 combination of both.
430
432 KerberosTime(stime, usec=None)
433 Convert floating point time to a DateStr object,
434 include the microseconds if given
435 Optional(obj, objtype)
437 Get Optional item of the given object type
438 SequenceOf(obj, objtype)
440 SEQUENCE OF: return list of the given object type
441
443 baseobj(3), packet.application.krb5_const(3), packet.derunpack(3),
444 packet.utils(3)
445
448 No known bugs.
449
451 Jorge Mora (mora@netapp.com)
452NFStest 3.2 21 March 2023 KRB5(3)