python/samba/tests/krb5/rfc4120_constants.py

   1 # Unix SMB/CIFS implementation.
   2 # Copyright (C) 2020 Catalyst.Net Ltd
   3 #
   4 # This program is free software; you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation; either version 3 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # This program is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  16 #
  17
  18 import samba.tests.krb5.rfc4120_pyasn1 as krb5_asn1
  19
  20 # Encryption types
  21 AES256_CTS_HMAC_SHA1_96 = int(
  22     krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES256-CTS-HMAC-SHA1-96'))
  23 AES128_CTS_HMAC_SHA1_96 = int(
  24     krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-AES128-CTS-HMAC-SHA1-96'))
  25 ARCFOUR_HMAC_MD5 = int(
  26     krb5_asn1.EncryptionTypeValues('kRB5-ENCTYPE-ARCFOUR-HMAC-MD5'))
  27
  28 # Message types
  29 KRB_ERROR = int(krb5_asn1.MessageTypeValues('krb-error'))
  30 KRB_AP_REQ = int(krb5_asn1.MessageTypeValues('krb-ap-req'))
  31 KRB_AS_REP = int(krb5_asn1.MessageTypeValues('krb-as-rep'))
  32 KRB_AS_REQ = int(krb5_asn1.MessageTypeValues('krb-as-req'))
  33 KRB_TGS_REP = int(krb5_asn1.MessageTypeValues('krb-tgs-rep'))
  34 KRB_TGS_REQ = int(krb5_asn1.MessageTypeValues('krb-tgs-req'))
  35
  36 # PAData types
  37 PADATA_ENC_TIMESTAMP = int(
  38     krb5_asn1.PADataTypeValues('kRB5-PADATA-ENC-TIMESTAMP'))
  39 PADATA_ENCRYPTED_CHALLENGE = int(
  40     krb5_asn1.PADataTypeValues('kRB5-PADATA-ENCRYPTED-CHALLENGE'))
  41 PADATA_ETYPE_INFO = int(
  42     krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO'))
  43 PADATA_ETYPE_INFO2 = int(
  44     krb5_asn1.PADataTypeValues('kRB5-PADATA-ETYPE-INFO2'))
  45 PADATA_FOR_USER = int(
  46     krb5_asn1.PADataTypeValues('kRB5-PADATA-FOR-USER'))
  47 PADATA_FX_COOKIE = int(
  48     krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-COOKIE'))
  49 PADATA_FX_ERROR = int(
  50     krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-ERROR'))
  51 PADATA_FX_FAST = int(
  52     krb5_asn1.PADataTypeValues('kRB5-PADATA-FX-FAST'))
  53 PADATA_KDC_REQ = int(
  54     krb5_asn1.PADataTypeValues('kRB5-PADATA-KDC-REQ'))
  55 PADATA_PAC_OPTIONS = int(
  56     krb5_asn1.PADataTypeValues('kRB5-PADATA-PAC-OPTIONS'))
  57 PADATA_PAC_REQUEST = int(
  58     krb5_asn1.PADataTypeValues('kRB5-PADATA-PA-PAC-REQUEST'))
  59 PADATA_PK_AS_REQ = int(
  60     krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REQ'))
  61 PADATA_PK_AS_REP_19 = int(
  62     krb5_asn1.PADataTypeValues('kRB5-PADATA-PK-AS-REP-19'))
  63 PADATA_PW_SALT = int(
  64     krb5_asn1.PADataTypeValues('kRB5-PADATA-PW-SALT'))
  65 PADATA_SUPPORTED_ETYPES = int(
  66     krb5_asn1.PADataTypeValues('kRB5-PADATA-SUPPORTED-ETYPES'))
  67
  68 # Error codes
  69 KDC_ERR_C_PRINCIPAL_UNKNOWN = 6
  70 KDC_ERR_S_PRINCIPAL_UNKNOWN = 7
  71 KDC_ERR_POLICY = 12
  72 KDC_ERR_BADOPTION = 13
  73 KDC_ERR_ETYPE_NOSUPP = 14
  74 KDC_ERR_SUMTYPE_NOSUPP = 15
  75 KDC_ERR_PREAUTH_FAILED = 24
  76 KDC_ERR_PREAUTH_REQUIRED = 25
  77 KDC_ERR_BAD_INTEGRITY = 31
  78 KDC_ERR_NOT_US = 35
  79 KDC_ERR_BADMATCH = 36
  80 KDC_ERR_SKEW = 37
  81 KDC_ERR_MODIFIED = 41
  82 KDC_ERR_INAPP_CKSUM = 50
  83 KDC_ERR_GENERIC = 60
  84 KDC_ERR_CLIENT_NAME_MISMATCH = 75
  85 KDC_ERR_UNKNOWN_CRITICAL_FAST_OPTIONS = 93
  86
  87 # Extended error types
  88 KERB_AP_ERR_TYPE_SKEW_RECOVERY = int(
  89     krb5_asn1.KerbErrorDataTypeValues('kERB-AP-ERR-TYPE-SKEW-RECOVERY'))
  90 KERB_ERR_TYPE_EXTENDED = int(
  91     krb5_asn1.KerbErrorDataTypeValues('kERB-ERR-TYPE-EXTENDED'))
  92
  93 # Name types
  94 NT_UNKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-UNKNOWN'))
  95 NT_PRINCIPAL = int(krb5_asn1.NameTypeValues('kRB5-NT-PRINCIPAL'))
  96 NT_SRV_HST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-HST'))
  97 NT_SRV_INST = int(krb5_asn1.NameTypeValues('kRB5-NT-SRV-INST'))
  98 NT_ENTERPRISE_PRINCIPAL = int(krb5_asn1.NameTypeValues(
  99     'kRB5-NT-ENTERPRISE-PRINCIPAL'))
 100 NT_WELLKNOWN = int(krb5_asn1.NameTypeValues('kRB5-NT-WELLKNOWN'))
 101
 102 # Authorization data ad-type values
 103
 104 AD_IF_RELEVANT = 1
 105 AD_INTENDED_FOR_SERVER = 2
 106 AD_INTENDED_FOR_APPLICATION_CLASS = 3
 107 AD_KDC_ISSUED = 4
 108 AD_AND_OR = 5
 109 AD_MANDATORY_TICKET_EXTENSIONS = 6
 110 AD_IN_TICKET_EXTENSIONS = 7
 111 AD_MANDATORY_FOR_KDC = 8
 112 AD_INITIAL_VERIFIED_CAS = 9
 113 AD_FX_FAST_ARMOR = 71
 114 AD_FX_FAST_USED = 72
 115 AD_WIN2K_PAC = 128
 116 AD_SIGNTICKET = 512
 117
 118 # Key usage numbers
 119 # RFC 4120 Section 7.5.1.  Key Usage Numbers
 120 KU_PA_ENC_TIMESTAMP = 1
 121 ''' AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
 122     client key (section 5.2.7.2) '''
 123 KU_TICKET = 2
 124 ''' AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
 125     application session key), encrypted with the service key
 126     (section 5.3) '''
 127 KU_AS_REP_ENC_PART = 3
 128 ''' AS-REP encrypted part (includes tgs session key or application
 129     session key), encrypted with the client key (section 5.4.2) '''
 130 KU_TGS_REQ_AUTH_DAT_SESSION = 4
 131 ''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
 132     session key (section 5.4.1) '''
 133 KU_TGS_REQ_AUTH_DAT_SUBKEY = 5
 134 ''' TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
 135     authenticator subkey (section 5.4.1) '''
 136 KU_TGS_REQ_AUTH_CKSUM = 6
 137 ''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
 138     with the tgs session key (section 5.5.1) '''
 139 KU_TGS_REQ_AUTH = 7
 140 ''' TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
 141     authenticator subkey), encrypted with the tgs session key
 142     (section 5.5.1) '''
 143 KU_TGS_REP_ENC_PART_SESSION = 8
 144 ''' TGS-REP encrypted part (includes application session key),
 145     encrypted with the tgs session key (section 5.4.2) '''
 146 KU_TGS_REP_ENC_PART_SUB_KEY = 9
 147 ''' TGS-REP encrypted part (includes application session key),
 148     encrypted with the tgs authenticator subkey (section 5.4.2) '''
 149 KU_AP_REQ_AUTH_CKSUM = 10
 150 ''' AP-REQ Authenticator cksum, keyed with the application session
 151     key (section 5.5.1) '''
 152 KU_AP_REQ_AUTH = 11
 153 ''' AP-REQ Authenticator (includes application authenticator
 154     subkey), encrypted with the application session key (section 5.5.1) '''
 155 KU_AP_REQ_ENC_PART = 12
 156 ''' AP-REP encrypted part (includes application session subkey),
 157     encrypted with the application session key (section 5.5.2) '''
 158 KU_KRB_PRIV = 13
 159 ''' KRB-PRIV encrypted part, encrypted with a key chosen by the
 160     application (section 5.7.1) '''
 161 KU_KRB_CRED = 14
 162 ''' KRB-CRED encrypted part, encrypted with a key chosen by the
 163     application (section 5.8.1) '''
 164 KU_KRB_SAFE_CKSUM = 15
 165 ''' KRB-SAFE cksum, keyed with a key chosen by the application
 166     (section 5.6.1) '''
 167 KU_NON_KERB_SALT = 16
 168 KU_NON_KERB_CKSUM_SALT = 17
 169
 170 KU_ACCEPTOR_SEAL = 22
 171 KU_ACCEPTOR_SIGN = 23
 172 KU_INITIATOR_SEAL = 24
 173 KU_INITIATOR_SIGN = 25
 174
 175 KU_FAST_REQ_CHKSUM = 50
 176 KU_FAST_ENC = 51
 177 KU_FAST_REP = 52
 178 KU_FAST_FINISHED = 53
 179 KU_ENC_CHALLENGE_CLIENT = 54
 180 KU_ENC_CHALLENGE_KDC = 55
 181
 182 # Armor types
 183 FX_FAST_ARMOR_AP_REQUEST = 1