1KRB5(3) krb5 1.0 KRB5(3)
2
3
4
6 packet.application.krb5 - KRB5 module
7
9 Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Rep‐
10 resentation)
11
12 RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A
13 Generalized Framework for Kerberos Pre-Authentication
14
16 class APOptions(packet.utils.OptionFlags)
17 AP Option flags
18
19
20 class AP_REP(baseobj.BaseObj)
21 AP-REP ::= [APPLICATION 15] SEQUENCE {
22 pvno [0] INTEGER (5),
23 msg-type [1] INTEGER (15),
24 enc-part [2] EncryptedData -- EncAPRepPart
25 }
26
27
28 Methods defined here:
29 ---------------------
30
31 __init__(self, obj)
32
33 class AP_REQ(baseobj.BaseObj)
34 AP-REQ ::= [APPLICATION 14] SEQUENCE {
35 pvno [0] INTEGER (5),
36 msg-type [1] INTEGER (14),
37 options [2] APOptions,
38 ticket [3] Ticket,
39 authenticator [4] EncryptedData -- Authenticator
40 }
41
42
43 Methods defined here:
44 ---------------------
45
46 __init__(self, obj)
47
48 class Checksum(baseobj.BaseObj)
49 Checksum ::= SEQUENCE {
50 cksumtype [0] Int32,
51 checksum [1] OCTET STRING
52 }
53
54
55 Methods defined here:
56 ---------------------
57
58 __init__(self, obj)
59
60 class EncryptedData(baseobj.BaseObj)
61 EncryptedData ::= SEQUENCE {
62 etype [0] Int32 -- EncryptionType --,
63 kvno [1] UInt32 OPTIONAL,
64 cipher [2] OCTET STRING -- ciphertext
65 }
66
67
68 Methods defined here:
69 ---------------------
70
71 __init__(self, obj)
72
73 class EtypeInfo2Entry(baseobj.BaseObj)
74 ETYPE-INFO2-ENTRY ::= SEQUENCE {
75 etype [0] Int32,
76 salt [1] KerberosString OPTIONAL,
77 s2kparams [2] OCTET STRING OPTIONAL
78 }
79
80
81 Methods defined here:
82 ---------------------
83
84 __init__(self, obj)
85
86 class HostAddress(baseobj.BaseObj)
87 HostAddress ::= SEQUENCE {
88 addr-type [0] Int32,
89 address [1] OCTET STRING
90 }
91
92
93 Methods defined here:
94 ---------------------
95
96 __init__(self, obj)
97
98 class KDCOptions(packet.utils.OptionFlags)
99 KDC Option flags
100
101
102 class KDC_REP(baseobj.BaseObj)
103 KDC-REP ::= SEQUENCE {
104 pvno [0] INTEGER (5),
105 msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --),
106 padata [2] SEQUENCE OF PA-DATA OPTIONAL
107 -- NOTE: not empty --,
108 crealm [3] Realm,
109 cname [4] PrincipalName,
110 ticket [5] Ticket,
111 enc-part [6] EncryptedData
112 -- EncASRepPart or EncTGSRepPart,
113 -- as appropriate
114 }
115
116
117 Methods defined here:
118 ---------------------
119
120 __init__(self, obj)
121
122 class KDC_REQ(baseobj.BaseObj)
123 KDC-REQ ::= SEQUENCE {
124 -- NOTE: first tag is [1], not [0]
125 pvno [1] INTEGER (5) ,
126 msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --),
127 padata [3] SEQUENCE OF PA-DATA OPTIONAL
128 -- NOTE: not empty --,
129 req-body [4] KDC-REQ-BODY
130 }
131
132
133 Methods defined here:
134 ---------------------
135
136 __init__(self, obj)
137
138 class KDC_REQ_BODY(baseobj.BaseObj)
139 KDC-REQ-BODY ::= SEQUENCE {
140 options [0] KDCOptions,
141 cname [1] PrincipalName OPTIONAL
142 -- Used only in AS-REQ --,
143 realm [2] Realm
144 -- Server's realm
145 -- Also client's in AS-REQ --,
146 sname [3] PrincipalName OPTIONAL,
147 from [4] KerberosTime OPTIONAL,
148 till [5] KerberosTime,
149 rtime [6] KerberosTime OPTIONAL,
150 nonce [7] UInt32,
151 etype [8] SEQUENCE OF Int32 -- EncryptionType
152 -- in preference order --,
153 addresses [9] HostAddresses OPTIONAL,
154 enc-authorization-data [10] EncryptedData OPTIONAL
155 -- AuthorizationData --,
156 additional-tickets [11] SEQUENCE OF Ticket OPTIONAL
157 -- NOTE: not empty
158 }
159
160
161 Methods defined here:
162 ---------------------
163
164 __init__(self, obj)
165
166 class KRB5(baseobj.BaseObj)
167 KRB5 object
168
169 Usage:
170 from packet.application.krb5 import KRB5
171
172 # Decode KRB5 layer
173 x = KRB5(pktt, proto)
174
175 Object definition:
176
177 KRB5(
178 appid = int, # Application Identifier
179 kdata = KDC_REQ|KDC_REP|KRB_ERROR
180 }
181
182
183 Methods defined here:
184 ---------------------
185
186 __init__(self, pktt, proto)
187 Constructor
188
189 Initialize object's private data.
190
191
192 pktt: Packet trace object (packet.pktt.Pktt) so this layer has
193 access to the parent layers.
194
195 proto: Transport layer protocol.
196
197 __nonzero__(self)
198 Truth value testing for the built-in operation bool()
199
200 class KRB_ERROR(baseobj.BaseObj)
201 KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
202 pvno [0] INTEGER (5),
203 msg-type [1] INTEGER (30),
204 ctime [2] KerberosTime OPTIONAL,
205 cusec [3] Microseconds OPTIONAL,
206 stime [4] KerberosTime,
207 susec [5] Microseconds,
208 error-code [6] Int32,
209 crealm [7] Realm OPTIONAL,
210 cname [8] PrincipalName OPTIONAL,
211 realm [9] Realm -- service realm --,
212 sname [10] PrincipalName -- service name --,
213 e-text [11] KerberosString OPTIONAL,
214 e-data [12] OCTET STRING OPTIONAL
215 }
216
217
218 Methods defined here:
219 ---------------------
220
221 __init__(self, obj)
222
223 class KrbFastArmor(baseobj.BaseObj)
224 KrbFastArmor ::= SEQUENCE {
225 armor-type [0] Int32,
226 -- Type of the armor.
227 armor-value [1] OCTET STRING,
228 -- Value of the armor.
229 }
230
231
232 Methods defined here:
233 ---------------------
234
235 __init__(self, obj)
236
237 class KrbFastArmoredRep(baseobj.BaseObj)
238 KrbFastArmoredRep ::= SEQUENCE {
239 enc-fast-rep [0] EncryptedData, -- KrbFastResponse --
240 -- The encryption key is the armor key in the request, and
241 -- the key usage number is KEY_USAGE_FAST_REP.
242 }
243
244
245 Methods defined here:
246 ---------------------
247
248 __init__(self, obj)
249
250 class KrbFastArmoredReq(baseobj.BaseObj)
251 KrbFastArmoredReq ::= SEQUENCE {
252 armor [0] KrbFastArmor OPTIONAL,
253 -- Contains the armor that identifies the armor key.
254 -- MUST be present in AS-REQ.
255 req-checksum [1] Checksum,
256 -- For AS, contains the checksum performed over the type
257 -- KDC-REQ-BODY for the req-body field of the KDC-REQ
258 -- structure;
259 -- For TGS, contains the checksum performed over the type
260 -- AP-REQ in the PA-TGS-REQ padata.
261 -- The checksum key is the armor key, the checksum
262 -- type is the required checksum type for the enctype of
263 -- the armor key, and the key usage number is
264 -- KEY_USAGE_FAST_REQ_CHKSUM.
265 enc-fast-req [2] EncryptedData, -- KrbFastReq --
266 -- The encryption key is the armor key, and the key usage
267 -- number is KEY_USAGE_FAST_ENC.
268 }
269
270
271 Methods defined here:
272 ---------------------
273
274 __init__(self, obj)
275
276 class PrincipalName(baseobj.BaseObj)
277 PrincipalName ::= SEQUENCE {
278 name-type [0] Int32,
279 name-string [1] SEQUENCE OF KerberosString
280 }
281
282
283 Methods defined here:
284 ---------------------
285
286 __init__(self, obj)
287
288 class Ticket(baseobj.BaseObj)
289 Ticket ::= [APPLICATION 1] SEQUENCE {
290 tkt-vno [0] INTEGER (5),
291 realm [1] Realm,
292 sname [2] PrincipalName,
293 enc-part [3] EncryptedData -- EncTicketPart
294 }
295
296
297 Methods defined here:
298 ---------------------
299
300 __init__(self, obj)
301
302 class krb5_addrtype(packet.utils.Enum)
303 enum krb5_addrtype
304
305
306 class krb5_adtype(packet.utils.Enum)
307 enum krb5_adtype
308
309
310 class krb5_application(packet.utils.Enum)
311 enum krb5_application
312
313
314 class krb5_ctype(packet.utils.Enum)
315 enum krb5_ctype
316
317
318 class krb5_etype(packet.utils.Enum)
319 enum krb5_etype
320
321
322 class krb5_fatype(packet.utils.Enum)
323 enum krb5_fatype
324
325
326 class krb5_patype(packet.utils.Enum)
327 enum krb5_patype
328
329
330 class krb5_principal(packet.utils.Enum)
331 enum krb5_principal
332
333
334 class krb5_status(packet.utils.Enum)
335 enum krb5_status
336
337
338 class paData(baseobj.BaseObj)
339 PA-DATA ::= SEQUENCE {
340 -- NOTE: first tag is [1], not [0]
341 padata-type [1] Int32,
342 padata-value [2] OCTET STRING
343 }
344
345
346 Methods defined here:
347 ---------------------
348
349 __init__(self, obj)
350
352 KerberosTime(stime, usec=None)
353 Convert floating point time to a DateStr object, include the microsec‐
354 onds if given
355
356 Optional(obj, objtype)
357 Get Optional item of the given object type
358
359 SequenceOf(obj, objtype)
360 SEQUENCE OF: return list of the given object type
361
363 baseobj(3), packet.derunpack(3), packet.utils(3)
364
365
367 No known bugs.
368
370 Jorge Mora (mora@netapp.com)
371
372
373
374NFStest 2.1.5 14 February 2017 KRB5(3)