packet.application.krb5 - Man Page

KRB5 module

Description

Decode KRB5 layer Decoding using ASN.1 DER (Distinguished Encoding Representation)

RFC 4120 The Kerberos Network Authentication Service (V5) RFC 6113 A Generalized Framework for Kerberos Pre-Authentication

Classes

class APOptions(packet.utils.OptionFlags)

AP Option flags

class AP_REP(baseobj.BaseObj)

AP-REP  ::= [APPLICATION 15] SEQUENCE {
    pvno      [0] INTEGER (5),
    msg-type  [1] INTEGER (15),
    enc-part  [2] EncryptedData -- EncAPRepPart
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class AP_REQ(baseobj.BaseObj)

AP-REQ  ::= [APPLICATION 14] SEQUENCE {
    pvno           [0] INTEGER (5),
    msg-type       [1] INTEGER (14),
    options        [2] APOptions,
    ticket         [3] Ticket,
    authenticator  [4] EncryptedData -- Authenticator
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class Checksum(baseobj.BaseObj)

Checksum  ::= SEQUENCE {
    cksumtype  [0] Int32,
    checksum   [1] OCTET STRING
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class EncryptedData(baseobj.BaseObj)

EncryptedData  ::= SEQUENCE {
    etype   [0] Int32 -- EncryptionType --,
    kvno    [1] UInt32 OPTIONAL,
    cipher  [2] OCTET STRING -- ciphertext
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class EtypeInfo2Entry(baseobj.BaseObj)

ETYPE-INFO2-ENTRY  ::= SEQUENCE {
    etype      [0] Int32,
    salt       [1] KerberosString OPTIONAL,
    s2kparams  [2] OCTET STRING OPTIONAL
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class HostAddress(baseobj.BaseObj)

HostAddress  ::= SEQUENCE  {
    addr-type  [0] Int32,
    address    [1] OCTET STRING
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KDCOptions(packet.utils.OptionFlags)

KDC Option flags

class KDC_REP(baseobj.BaseObj)

KDC-REP  ::= SEQUENCE {
    pvno      [0] INTEGER (5),
    msg-type  [1] INTEGER (11 -- AS -- | 13 -- TGS --),
    padata    [2] SEQUENCE OF PA-DATA OPTIONAL
                  -- NOTE: not empty --,
    crealm    [3] Realm,
    cname     [4] PrincipalName,
    ticket    [5] Ticket,
    enc-part  [6] EncryptedData
                  -- EncASRepPart or EncTGSRepPart,
                  -- as appropriate
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KDC_REQ(baseobj.BaseObj)

KDC-REQ  ::= SEQUENCE {
    -- NOTE: first tag is [1], not [0]
    pvno      [1] INTEGER (5) ,
    msg-type  [2] INTEGER (10 -- AS -- | 12 -- TGS --),
    padata    [3] SEQUENCE OF PA-DATA OPTIONAL
                  -- NOTE: not empty --,
    req-body  [4] KDC-REQ-BODY
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KDC_REQ_BODY(baseobj.BaseObj)

KDC-REQ-BODY  ::= SEQUENCE {
    options                  [0] KDCOptions,
    cname                    [1] PrincipalName OPTIONAL
                                 -- Used only in AS-REQ --,
    realm                    [2] Realm
                                 -- Server's realm
                                 -- Also client's in AS-REQ --,
    sname                    [3] PrincipalName OPTIONAL,
    from                     [4] KerberosTime OPTIONAL,
    till                     [5] KerberosTime,
    rtime                    [6] KerberosTime OPTIONAL,
    nonce                    [7] UInt32,
    etype                    [8] SEQUENCE OF Int32 -- EncryptionType
                                 -- in preference order --,
    addresses                [9] HostAddresses OPTIONAL,
    enc-authorization-data  [10] EncryptedData OPTIONAL
                                 -- AuthorizationData --,
    additional-tickets      [11] SEQUENCE OF Ticket OPTIONAL
                                 -- NOTE: not empty
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KRB5(baseobj.BaseObj)

KRB5 object

Usage:
    from packet.application.krb5 import KRB5

    # Decode KRB5 layer
    x = KRB5(pktt, proto)

Object definition:

KRB5(
    appid = int,  # Application Identifier
    kdata = KDC_REQ|KDC_REP|KRB_ERROR
}


Methods defined here:
---------------------

__bool__(self)
Truth value testing for the built-in operation bool()

__init__(self, pktt, proto)
Constructor

Initialize object's private data.

        pktt:
    Packet trace object (packet.pktt.Pktt) so this layer has
    access to the parent layers.
        proto:
    Transport layer protocol.

class KRB_ERROR(baseobj.BaseObj)

KRB-ERROR  ::= [APPLICATION 30] SEQUENCE {
    pvno        [0] INTEGER (5),
    msg-type    [1] INTEGER (30),
    ctime       [2] KerberosTime OPTIONAL,
    cusec       [3] Microseconds OPTIONAL,
    stime       [4] KerberosTime,
    susec       [5] Microseconds,
    error-code  [6] Int32,
    crealm      [7] Realm OPTIONAL,
    cname       [8] PrincipalName OPTIONAL,
    realm       [9] Realm -- service realm --,
    sname       [10] PrincipalName -- service name --,
    e-text      [11] KerberosString OPTIONAL,
    e-data      [12] OCTET STRING OPTIONAL
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KrbFastArmor(baseobj.BaseObj)

KrbFastArmor  ::= SEQUENCE {
    armor-type   [0] Int32,
        -- Type of the armor.
    armor-value  [1] OCTET STRING,
        -- Value of the armor.
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KrbFastArmoredRep(baseobj.BaseObj)

KrbFastArmoredRep ::= SEQUENCE {
   enc-fast-rep  [0] EncryptedData, -- KrbFastResponse --
       -- The encryption key is the armor key in the request, and
       -- the key usage number is KEY_USAGE_FAST_REP.
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class KrbFastArmoredReq(baseobj.BaseObj)

KrbFastArmoredReq ::= SEQUENCE {
    armor        [0] KrbFastArmor OPTIONAL,
        -- Contains the armor that identifies the armor key.
        -- MUST be present in AS-REQ.
    req-checksum [1] Checksum,
        -- For AS, contains the checksum performed over the type
        -- KDC-REQ-BODY for the req-body field of the KDC-REQ
        -- structure;
        -- For TGS, contains the checksum performed over the type
        -- AP-REQ in the PA-TGS-REQ padata.
        -- The checksum key is the armor key, the checksum
        -- type is the required checksum type for the enctype of
        -- the armor key, and the key usage number is
        -- KEY_USAGE_FAST_REQ_CHKSUM.
    enc-fast-req [2] EncryptedData, -- KrbFastReq --
        -- The encryption key is the armor key, and the key usage
        -- number is KEY_USAGE_FAST_ENC.
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class PrincipalName(baseobj.BaseObj)

PrincipalName  ::= SEQUENCE {
    name-type    [0] Int32,
    name-string  [1] SEQUENCE OF KerberosString
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class Ticket(baseobj.BaseObj)

Ticket  ::= [APPLICATION 1] SEQUENCE {
    tkt-vno   [0] INTEGER (5),
    realm     [1] Realm,
    sname     [2] PrincipalName,
    enc-part  [3] EncryptedData -- EncTicketPart
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

class krb5_addrtype(packet.utils.Enum)

enum krb5_addrtype

class krb5_adtype(packet.utils.Enum)

enum krb5_adtype

class krb5_application(packet.utils.Enum)

enum krb5_application

class krb5_ctype(packet.utils.Enum)

enum krb5_ctype

class krb5_etype(packet.utils.Enum)

enum krb5_etype

class krb5_fatype(packet.utils.Enum)

enum krb5_fatype

class krb5_patype(packet.utils.Enum)

enum krb5_patype

class krb5_principal(packet.utils.Enum)

enum krb5_principal

class krb5_status(packet.utils.Enum)

enum krb5_status

class paData(baseobj.BaseObj)

PA-DATA  ::= SEQUENCE {
    -- NOTE: first tag is [1], not [0]
    padata-type   [1] Int32,
    padata-value  [2] OCTET STRING
}


Methods defined here:
---------------------

__init__(self, obj)
Constructor

Initialize object's private data according to the arguments given.
Arguments can be given as positional, named arguments or a
combination of both.

Functions

KerberosTime(stime, usec=None)
Convert floating point time to a DateStr object,
include the microseconds if given

Optional(obj, objtype)
Get Optional item of the given object type

SequenceOf(obj, objtype)
SEQUENCE OF: return list of the given object type

See Also

baseobj(3), packet.application.krb5_const(3), packet.derunpack(3), packet.utils(3)

Bugs

No known bugs.

Author

Jorge Mora (mora@netapp.com)

Referenced By

packet.application.gss(3), packet.transport.tcp(3), packet.transport.udp(3).

21 March 2023 NFStest 3.2 krb5 1.0