1 # Unix SMB/CIFS implementation.
2 # Copyright (C) 2020 Catalyst.Net Ltd
4 # This program is free software; you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation; either version 3 of the License, or
7 # (at your option) any later version.
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
18 import samba
.tests
.krb5
.rfc4120_pyasn1
as krb5_asn1
21 AES256_CTS_HMAC_SHA1_96
= int(
22 krb5_asn1
.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96'))
23 AES128_CTS_HMAC_SHA1_96
= int(
24 krb5_asn1
.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96'))
25 ARCFOUR_HMAC_MD5
= int(
26 krb5_asn1
.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5'))
29 KRB_ERROR
= int(krb5_asn1
.MessageTypeValues('krb-error'))
30 KRB_AP_REQ
= int(krb5_asn1
.MessageTypeValues('krb-ap-req'))
31 KRB_AS_REP
= int(krb5_asn1
.MessageTypeValues('krb-as-rep'))
32 KRB_AS_REQ
= int(krb5_asn1
.MessageTypeValues('krb-as-req'))
33 KRB_TGS_REP
= int(krb5_asn1
.MessageTypeValues('krb-tgs-rep'))
34 KRB_TGS_REQ
= int(krb5_asn1
.MessageTypeValues('krb-tgs-req'))
37 PADATA_ENC_TIMESTAMP
= int(
38 krb5_asn1
.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP'))
39 PADATA_ENCRYPTED_CHALLENGE
= int(
40 krb5_asn1
.PADataTypeValues('kRB5-PADATA-ENCRYPTED-CHALLENGE'))
41 PADATA_ETYPE_INFO
= int(
42 krb5_asn1
.PADataTypeValues('kRB5-PADATA-ETYPE-INFO'))
43 PADATA_ETYPE_INFO2
= int(
44 krb5_asn1
.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2'))
45 PADATA_FOR_USER
= int(
46 krb5_asn1
.PADataTypeValues('kRB5-PADATA-FOR-USER'))
47 PADATA_FX_COOKIE
= int(
48 krb5_asn1
.PADataTypeValues('kRB5-PADATA-FX-COOKIE'))
49 PADATA_FX_ERROR
= int(
50 krb5_asn1
.PADataTypeValues('kRB5-PADATA-FX-ERROR'))
52 krb5_asn1
.PADataTypeValues('kRB5-PADATA-FX-FAST'))
54 krb5_asn1
.PADataTypeValues('kRB5-PADATA-KDC-REQ'))
55 PADATA_PAC_OPTIONS
= int(
56 krb5_asn1
.PADataTypeValues('kRB5-PADATA-PAC-OPTIONS'))
57 PADATA_PAC_REQUEST
= int(
58 krb5_asn1
.PADataTypeValues('kRB5-PADATA-PA-PAC-REQUEST'))
59 PADATA_PK_AS_REQ
= int(
60 krb5_asn1
.PADataTypeValues('kRB5-PADATA-PK-AS-REQ'))
61 PADATA_PK_AS_REP_19
= int(
62 krb5_asn1
.PADataTypeValues('kRB5-PADATA-PK-AS-REP-19'))
64 krb5_asn1
.PADataTypeValues('kRB5-PADATA-PW-SALT'))
65 PADATA_SUPPORTED_ETYPES
= int(
66 krb5_asn1
.PADataTypeValues('kRB5-PADATA-SUPPORTED-ETYPES'))
69 KDC_ERR_C_PRINCIPAL_UNKNOWN
= 6
70 KDC_ERR_S_PRINCIPAL_UNKNOWN
= 7
72 KDC_ERR_BADOPTION
= 13
73 KDC_ERR_ETYPE_NOSUPP
= 14
74 KDC_ERR_SUMTYPE_NOSUPP
= 15
75 KDC_ERR_PREAUTH_FAILED
= 24
76 KDC_ERR_PREAUTH_REQUIRED
= 25
77 KDC_ERR_BAD_INTEGRITY
= 31
82 KDC_ERR_INAPP_CKSUM
= 50
84 KDC_ERR_CLIENT_NAME_MISMATCH
= 75
85 KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS
= 93
87 # Extended error types
88 KERB_AP_ERR_TYPE_SKEW_RECOVERY
= int(
89 krb5_asn1
.KerbErrorDataTypeValues('kERB-AP-ERR-TYPE-SKEW-RECOVERY'))
90 KERB_ERR_TYPE_EXTENDED
= int(
91 krb5_asn1
.KerbErrorDataTypeValues('kERB-ERR-TYPE-EXTENDED'))
94 NT_UNKNOWN
= int(krb5_asn1
.NameTypeValues('kRB5-NT-UNKNOWN'))
95 NT_PRINCIPAL
= int(krb5_asn1
.NameTypeValues('kRB5-NT-PRINCIPAL'))
96 NT_SRV_HST
= int(krb5_asn1
.NameTypeValues('kRB5-NT-SRV-HST'))
97 NT_SRV_INST
= int(krb5_asn1
.NameTypeValues('kRB5-NT-SRV-INST'))
98 NT_ENTERPRISE_PRINCIPAL
= int(krb5_asn1
.NameTypeValues(
99 'kRB5-NT-ENTERPRISE-PRINCIPAL'))
100 NT_WELLKNOWN
= int(krb5_asn1
.NameTypeValues('kRB5-NT-WELLKNOWN'))
102 # Authorization data ad-type values
105 AD_INTENDED_FOR_SERVER
= 2
106 AD_INTENDED_FOR_APPLICATION_CLASS
= 3
109 AD_MANDATORY_TICKET_EXTENSIONS
= 6
110 AD_IN_TICKET_EXTENSIONS
= 7
111 AD_MANDATORY_FOR_KDC
= 8
112 AD_INITIAL_VERIFIED_CAS
= 9
113 AD_FX_FAST_ARMOR
= 71
119 # RFC 4120 Section 7.5.1. Key Usage Numbers
120 KU_PA_ENC_TIMESTAMP
= 1
121 ''' AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
122 client key (section 5.2.7.2) '''
124 ''' AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
125 application session key), encrypted with the service key
127 KU_AS_REP_ENC_PART
= 3
128 ''' AS-REP encrypted part (includes tgs session key or application
129 session key), encrypted with the client key (section 5.4.2) '''
130 KU_TGS_REQ_AUTH_DAT_SESSION
= 4
131 ''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
132 session key (section 5.4.1) '''
133 KU_TGS_REQ_AUTH_DAT_SUBKEY
= 5
134 ''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
135 authenticator subkey (section 5.4.1) '''
136 KU_TGS_REQ_AUTH_CKSUM
= 6
137 ''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
138 with the tgs session key (section 5.5.1) '''
140 ''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
141 authenticator subkey), encrypted with the tgs session key
143 KU_TGS_REP_ENC_PART_SESSION
= 8
144 ''' TGS-REP encrypted part (includes application session key),
145 encrypted with the tgs session key (section 5.4.2) '''
146 KU_TGS_REP_ENC_PART_SUB_KEY
= 9
147 ''' TGS-REP encrypted part (includes application session key),
148 encrypted with the tgs authenticator subkey (section 5.4.2) '''
149 KU_AP_REQ_AUTH_CKSUM
= 10
150 ''' AP-REQ Authenticator cksum, keyed with the application session
151 key (section 5.5.1) '''
153 ''' AP-REQ Authenticator (includes application authenticator
154 subkey), encrypted with the application session key (section 5.5.1) '''
155 KU_AP_REQ_ENC_PART
= 12
156 ''' AP-REP encrypted part (includes application session subkey),
157 encrypted with the application session key (section 5.5.2) '''
159 ''' KRB-PRIV encrypted part, encrypted with a key chosen by the
160 application (section 5.7.1) '''
162 ''' KRB-CRED encrypted part, encrypted with a key chosen by the
163 application (section 5.8.1) '''
164 KU_KRB_SAFE_CKSUM
= 15
165 ''' KRB-SAFE cksum, keyed with a key chosen by the application
167 KU_NON_KERB_SALT
= 16
168 KU_NON_KERB_CKSUM_SALT
= 17
170 KU_ACCEPTOR_SEAL
= 22
171 KU_ACCEPTOR_SIGN
= 23
172 KU_INITIATOR_SEAL
= 24
173 KU_INITIATOR_SIGN
= 25
175 KU_FAST_REQ_CHKSUM
= 50
178 KU_FAST_FINISHED
= 53
179 KU_ENC_CHALLENGE_CLIENT
= 54
180 KU_ENC_CHALLENGE_KDC
= 55
183 FX_FAST_ARMOR_AP_REQUEST
= 1