i \SrSSKrSSKrSSKrSSKrSSKrSSKrSSKJrJ r J r J r J r J r JrJrJrJrJrJr SSKJr SES\R,\\\R24S\R4\R6S\R8\\44SjjrSES\R,\\\R24S\R4\R6S\4S jjrSES\R,\\R>4S\R4\R6S\R8\\R@44S jjr!SFS \R,S S \R4\S\R4\S\R,\\R8\\R@444Sjjr"S\R,\#\4SS4Sjr$S\R,\#\4SS4Sjr%\RL"SSS/5r'\RL"SSS/5r("SS\R>5r)"SS\R>5r*"SS\RV5r,"SS\RV5r-"SS\RV5r."S S!\RV5r/"S"S#\RV5r0"S$S%\RV5r1"S&S'\RV5r2"S(S)\35r4"S*S+\4S,9r5"S-S.\55r6"S/S0\55r7"S1S2\65r8"S3S4\75r9"S5S6\55r:"S7S8\55r;"S9S:\55r<"S;S<5r="S=S>5r>"S?S@5r?"SASB5r@"SCSD5rAg)GaKerberos Messages Various Kerberos message structures that is used by 'python -m spnego' to unpack raw ASN.1 values and print out a pretty structure for end users. This code is not used in the actual spnego authentication processes and is just used for debugging purposes. N) ASN1ValueTagClassextract_asn1_tlvget_sequence_value unpack_asn1unpack_asn1_bit_stringunpack_asn1_general_stringunpack_asn1_generalized_timeunpack_asn1_integerunpack_asn1_octet_stringunpack_asn1_sequenceunpack_asn1_tagged_sequenceto_textvalue enum_typereturncS[RS[R[[44SjnU(aU"U5$U"U5$)zJGets the human friendly labels of a known enum and what value they map to.vrc[R"[R[[4[ USS5"55$)N native_labelsc0$NrJ/home/james-whalen/.local/lib/python3.13/site-packages/spnego/_kerberos.py2_enum_labels..get_labels..*sVXr)typingcastDictintstrgetattr)rs r get_labels _enum_labels..get_labels)s,{{6;;sCx0'!_j2Y2[\\r)rAnyr!r"r#)rrr%s r _enum_labelsr(#sB ]fjj]V[[c%:]%.:i D:e3DDrc$Sn[U[R5(a URn[ X5n[U[R5(a UR OUnUR 5HupEX:XdM Un O U<SU<S3$)zBParses an IntEnum into a human representative object of that enum.UNKNOWNz ()) isinstanceenumEnumnamer(ritems)rr enum_namelabelsrr/s r parse_enumr3/st I%##JJ % +F%eTYY77EKKUE<<> :I " "5 ))rc[U5n/n[X5n[U5nUR5H)upVX-U:XdMX)-nURSXe4-5 M+ US:waURSU-5 UUS.$)z3Parses an IntFlag into each flag value that is set.z%s (%d)rz UNKNOWN (%d))rawflags)r"r(r0append)rr raw_valuer6r2rr/s r parse_flagsr9Cs E I E % +F JE<<> 9> RKE LLdY. /"  z ^e+, rtoken) KerberosV5MsgPAData PAETypeInfo2 EncryptedDataTicket KdcReqBodysecretencodingc&^^^U(aUOSmS[RS[R4SjnS[RS[4SjnS[S[4U4SjjmS[S[4SjnS[ S[R [[R44U4SjjnS[S[R [[R44U4S jjnS[RS[R[[R [[R444UU4S jjn[U[5(aU"U5$0n [US 05GH&upn [X 5n /n[U [5(aURU S 5 U S n [RU[R[ [R"[$[RU[R&T[RU[R(U[R*U[R,U0 U nU cSnO=[U [.5(aU Vs/sHnUb U"U/UQ76OSPM nnO U"U /UQ76nUX'GM) U $s snf)z(Parses a KerberosV5Msg object to a dict.zutf-8rrcU$rrrs r parse_default+parse_kerberos_token..parse_defaultds rc"UR5$r) isoformatrEs rparse_datetime,parse_kerberos_token..parse_datetimegs  rc>[UTSS9$)Nreplace)rBerrorsr)r text_encodings r parse_text(parse_kerberos_token..parse_textjsu}YGGrcJ[R"U5R5$r)base64 b16encodedecoderEs r parse_bytes)parse_kerberos_token..parse_bytesms&--//rc>[UR5URVs/sH nT"U5PM snS.$s snf)N) name-type name-string)r3 name_typer)rrrPs rparse_principal_name2parse_kerberos_token..parse_principal_nameps6#EOO438;;?;aJqM;?  ?s;cT>[UR5T"UR5S.$)N) addr-typeaddress)r3 addr_typer)rrPs rparse_host_address0parse_kerberos_token..parse_host_addressvs%#EOO4!%++.  rc>[UTT5$r)parse_kerberos_token)rrArOs r parse_token)parse_kerberos_token..parse_token|s#E6=AAr PARSE_MAPrN)rr'datetimer#bytes PrincipalNamer! HostAddressUnionr,r$tupler7 ParseTypedefaultr-r3r6r9textprincipal_name host_addressr:list)r:rArBrFrJrVr\rbrfmsgr/ attr_name attr_type attr_value parse_args parse_func parsed_valuerrPrOs ` @@rrere\s: !)HgMVZZFJJ!h//!C!H%HCH050S0 M fkk#vzz/6R  + &++c6::o2N B6::B&,,sFKKVZZ:>L  ;'F> JgsJrmc [U5n[[USSS[55n[USSS[5n[ X#5$)z(Unpacks an ASN.1 value to a HostAddress.rrmr_rir`)rKerberosHostAddressTyperr r rm)rsr[r/s runpack_hostnamersD#E*A'(:1aP[]p(qrI aM9>V WD y ''rrlc [U5n[[USSS[55n[USSS[5Vs/sHn[ U5PM nn[ X$5$s snf)z*Unpacks an ASN.1 value to a PrincipalName.rrlrYrirZ)rKerberosPrincipalNameTyperr r r rl)rrr[nr/s runpack_principal_namersm#E*A)*S[R@S 0E$)!Nr forwardable forwarded proxiableproxyzallow-postdate postdatedunused7 renewableunused9unused10zopt-hardware-authunused12unused13zconstrained-delegation canonicalizezrequest-anonymousunused17unused18unused19unused20unused21unused22unused23unused24unused25zdisable-transited-checkz renewable-okzenc-tkt-in-skeyunused29renewvalidate)!rrrrrrallow_postdaterrrrropt_hardware_authrrconstrained_delegationrrequest_anonymousrrrrrrrrrdisable_transited_check renewable_okenc_tkt_in_skeyrrrrs rr KerberosKDCOptions.native_labelss!  ' '!  * *M!   ( (+!   ( (+ !  $ $g !  - -/? !   ( (+!   & & !   ( (+!   & & !   ' '!   0 02E!   ' '!   ' '!   5 57O!  + +^!! "  0 02E#! $  ' '  ' '  ' '  ' '  ' '  ' '  ' '  ' '  ' '  6 68Q  + +^  . .0A  ' '  $ $g  ' 'A! ! rrN)*rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr!r#rrrrrrrsHKII ENIGIGH"HH'L"HHHHHHHHH(L OH EH" fkk*>*CD" " rrc\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSr\S\R(S\44Sj5rSrg)KerberosEncryptionTypei:rirrrrc[RS[RS[RS[RS[R S[R S[RS[RS[RS [RS [RS [RS [RS [RS0$)N DES_CBC_CRC DES_CBC_MD4 DES_CBC_MD5 DES_CBC_RAW DES3_CBC_RAW DES3_CBC_SHA1AES128_CTS_HMAC_SHA1_96AES256_CTS_HMAC_SHA1_96AES128_CTS_HMAC_SHA256_128AES256_CTS_HMAC_SHA384_192RC4_HMAC RC4_HMAC_EXPCAMELLIA128_CTS_CMACCAMELLIA256_CTS_CMAC)r des_cbc_crc des_cbc_md4 des_cbc_md5 des_cbc_raw des3_cbc_raw des3_cbc_sha1aes128_cts_hmac_sha1_96aes256_cts_hmac_sha1_96aes128_cts_hmac_sha256_128aes256_cts_hmac_sha384_192rc4_hmac rc4_hmac_expcamellia128_cts_cmaccamellia256_cts_cmacrs rr$KerberosEncryptionType.native_labelsJs # . . " . . " . . " . . " / / " 0 0/ " : :S=r?S>r@S?rAS@rBSArCSBrDSCrESDrFSErG\HSF\IRS\K44SGj5rLSHrMgI)JKerberosErrorCodei_rrirrrrr rrrrrrrrrr!"#$%&'()*,-./01234<=>5rABCDEFGHIJKLrc 0[RS_[RS_[RS_[RS_[R S_[R S_[RS_[RS_[RS _[RS _[RS _[RS _[RS _[RS_[RS_[R S_[R"S_0[R$S_[R&S_[R(S_[R*S_[R,S_[R.S_[R0S_[R2S_[R4S_[R6S_[R8S_[R:S_[R<S_[R>S_[R@S _[RBS!_[RDS"_E0[RFS#_[RHS$_[RJS%_[RLS&_[RNS'_[RPS(_[RRS)_[RTS*_[RVS+_[RXS,_[RZS-_[R\S._[R^S/_[R`S0_[RbS1_[RdS2_[RfS3_E0[RhS4_[RjS5_[RlS6_[RnS7_[RpS8_[RrS9_[RtS:_[RvS;_[RxS<_[RzS=_[R|S>_[R~S?_[RS@_[RSA_[RSB_[RSC_[RSD_E$)EN KDC_ERR_NONEKDC_ERR_NAME_EXPKDC_ERR_SERVICE_EXPKDC_ERR_BAD_PVNOKDC_ERR_C_OLD_MAST_KVNOKDC_ERR_S_OLD_MAST_KVNOKDC_ERR_C_PRINCIPAL_UNKNOWNKDC_ERR_S_PRINCIPAL_UNKNOWNKDC_ERR_PRINCIPAL_NOT_UNIQUEKDC_ERR_NULL_KEYKDC_ERR_CANNOT_POSTDATEKDC_ERR_NEVER_VALIDKDC_ERR_POLICYKDC_ERR_BADOPTIONKDC_ERR_ETYPE_NOSUPPKDC_ERR_SUMTYPE_NOSUPPKDC_ERR_PADATA_TYPE_NOSUPPKDC_ERR_TRTYPE_NOSUPPKDC_ERR_CLIENT_REVOKEDKDC_ERR_SERVICE_REVOKEDKDC_ERR_TGT_REVOKEDKDC_ERR_CLIENT_NOTYETKDC_ERR_SERVICE_NOTYETKDC_ERR_KEY_EXPIREDKDC_ERR_PREAUTH_FAILEDKDC_ERR_PREAUTH_REQUIREDKDC_ERR_SERVER_NOMATCHKDC_ERR_MUST_USE_USER2USERKDC_ERR_PATH_NOT_ACCEPTEDKDC_ERR_SVC_UNAVAILABLEKRB_AP_ERR_BAD_INTEGRITYKRB_AP_ERR_TKT_EXPIREDKRB_AP_ERR_TKT_NYVKRB_AP_ERR_REPEATKRB_AP_ERR_NOT_USKRB_AP_ERR_BADMATCHKRB_AP_ERR_SKEWKRB_AP_ERR_BADADDRKRB_AP_ERR_BADVERSIONKRB_AP_ERR_MSG_TYPEKRB_AP_ERR_MODIFIEDKRB_AP_ERR_BADORDERKRB_AP_ERR_BADKEYVERKRB_AP_ERR_NOKEYKRB_AP_ERR_MUT_FAILKRB_AP_ERR_BADDIRECTIONKRB_AP_ERR_METHODKRB_AP_ERR_BADSEQKRB_AP_ERR_INAPP_CKSUMKRB_AP_PATH_NOT_ACCEPTEDKRB_ERR_RESPONSE_TOO_BIGKRB_ERR_GENERICKRB_ERR_FIELD_TOOLONGKDC_ERROR_CLIENT_NOT_TRUSTEDKDC_ERROR_KDC_NOT_TRUSTEDKDC_ERROR_INVALID_SIGKDC_ERR_KEY_TOO_WEAKKDC_ERR_CERTIFICATE_MISMATCHKRB_AP_ERR_NO_TGTKDC_ERR_WRONG_REALM KRB_AP_ERR_USER_TO_USER_REQUIREDKDC_ERR_CANT_VERIFY_CERTIFICATEKDC_ERR_INVALID_CERTIFICATEKDC_ERR_REVOKED_CERTIFICATE!KDC_ERR_REVOCATION_STATUS_UNKNOWN%KDC_ERR_REVOCATION_STATUS_UNAVAILABLEKDC_ERR_CLIENT_NAME_MISMATCHKDC_ERR_KDC_NAME_MISMATCH)Ernonename_exp service_expbad_pvnoc_old_mast_kvnos_old_mast_kvnoc_principal_unknowns_principal_unknownprincipal_not_uniquenull_keycannot_postdate never_validpolicy badoption etype_nosuppsumtype_nosupppadata_type_nosupp trtype_nosuppclient_revokedservice_revoked tgt_revoked client_notyetservice_notyet key_expiredpreauth_failedpreauth_requiredserver_nomatchmust_use_user2userpath_not_acceptedkdc_svc_unavailableap_bad_integrityap_txt_expired ap_tkt_nyv ap_repeat ap_not_use ap_badmatchap_skew ap_badaddr ap_badversion ap_msg_type ap_modified ap_badorder ap_badkeyverap_nokey ap_mut_failap_baddirection ap_method ap_badseqap_inapp_cksumap_path_not_acceptedresponse_too_biggeneric field_toolongkdc_client_not_trustedkdc_not_trustedkdc_invalid_sigkdc_key_too_weakkdc_certificate_mismatch ap_no_tgtkdc_wrong_realmap_user_to_user_requiredkdc_cant_verify_certificatekdc_invalid_certificatekdc_revoked_certificatekdc_revocation_status_unknown!kdc_revocation_status_unavailablekdc_client_name_mismatchkdc_name_mismatchrs rrKerberosErrorCode.native_labelssE  " "NE  & &(:E   ) )+@E   & &(: E  - -/H E  - -/H E   1 13PE   1 13PE   2 24RE   & &(:E   - -/HE   ) )+@E   $ $&6E   ' ')<E   * *,BE  , ,.F!E "  0 02N#E $  + +-D%E &  , ,.F'E (  - -/H)E *  ) )+@+E ,  + +-D-E .  , ,.F/E 0  ) )+@1E 2  , ,.F3E 4  . .0J5E 6  , ,.F7E 8  0 02N9E :  / /1L;E <  1 13L=E >  . .0J?E @  , ,.FAE B  ( (*>CE D  ' ')ME N  + +-DOE P  ) )+@QE R  ) )+@SE T  ) )+@UE V  * *,BWE X  & &(:YE Z  ) )+@[E \  - -/H]E ^  ' ')<_E `  ' ')S:r?S;r@SrCS?rDS/rES@rFSArG\HSB\IRS\K44SCj5rLSDrMgE)FKerberosPADataTypei rirrrrrrrrrrrrrrrrrrrrrrrrrrrefghijklmoprrc0[RS_[RS_[RS_[RS_[R S_[R S_[RS_[RS_[RS _[RS _[RS _[RS _[RS _[RS_[RS_[R S_[R"S_0[R$S_[R&S_[R(S_[R*S_[R,S_[R.S_[R0S_[R2S_[R4S_[R6S_[R8S_[R:S_[R<S_[R>S_[R@S _[RBS!_[RDS"_E0[RFS#_[RHS$_[RJS%_[RLS&_[RNS'_[RPS(_[RRS)_[RTS*_[RVS+_[RXS,_[RZS-_[R\S._[R^S/_[R`S0_[RbS1_[RdS2_[RfS3_E0[RhS4_[RjS5_[RlS6_[RnS7_[RpS8_[RrS9_[RtS:_[RvS;_[RxS<_[RzS=_[R|S>_[R~S?_[RS@_[RSA_[RSB_[RSC_E$)DNz PA-TGS-REQzPA-ENC-TIMESTAMPz PA-PW-SALTrzPA-ENC-UNIX-TIMEzPA-SANDIA-SECUREIDz PA-SESAMEz PA-OSF-DCEzPA-CYBERSAFE-SECUREIDz PA-AFS3-SALTz PA-ETYPE-INFOzPA-SAM-CHALLENGEzPA-SAM-RESPONSEzPA-PK-AS-REQ_OLDzPA-PK-AS-REP_OLDz PA-PK-AS-REQz PA-PK-AS-REPzPA-PK-OCSP-RESPONSEPA-ETYPE-INFO2z-PA-USE-SPECIFIED-KVNO or PA-SVR-REFERRAL-INFOzPA-SAM-REDIRECTzPA-GET-FROM-TYPED-DATAz TD-PADATAzPA-SAM-ETYPE-INFOz PA-ALT-PRINCzPA-SERVER-REFERRALzPA-SAM-CHALLENGE2zPA-SAM-RESPONSE2z PA-EXTRA-TGTzTD-PKINIT-CMS-CERTIFICATESzTD-KRB-PRINCIPALz TD-KRB-REALMzTD-TRUSTED-CERTIFIERSzTD-CERTIFICATE-INDEXzTD-APP-DEFINED-ERRORz TD-REQ-NONCEz TD-REQ-SEQTD_DH_PARAMETERSzTD-CMS-DIGEST-ALGORITHMSzTD-CERT-DIGEST-ALGORITHMSzPA-PAC-REQUESTz PA-FOR_USERzPA-FOR-X509-USERzPA-FOR-CHECK_DUPSzPA-AS-CHECKSUMz PA-FX-COOKIEzPA-AUTHENTICATION-SETzPA-AUTH-SET-SELECTEDz PA-FX-FASTz PA-FX-ERRORzPA-ENCRYPTED-CHALLENGEzPA-OTP-CHALLENGEzPA-OTP-REQUESTzPA-OTP-CONFIRMzPA-OTP-PIN-CHANGEzPA-EPAK-AS-REQzPA-EPAK-AS-REP PA_PKINIT_KX PA_PKU2U_NAMEzPA-REQ-ENC-PA-REPPA_AS_FRESHNESSzPA-SPAKEzKERB-KEY-LIST-REQzKERB-KEY-LIST-REPzPA-SUPPORTED-ETYPESzPA-EXTENDED_ERRORzPA-PAC-OPTIONS)Drr enc_timestamppw_saltr enc_unix_timesandia_secureidsesameosf_dcecybersafe_secureid afs3_salt etype_info sam_challenge sam_response pk_as_req_old pk_as_rep_old pk_as_req pk_as_reppk_ocsp_response etype_info2use_specified_kvno sam_redirectget_from_typed_data td_padatasam_etype_info alt_princserver_referralsam_challenge2 sam_response2 extra_tgttd_pkinit_cms_certificatestd_krb_principal td_krb_realmtd_trusted_certifierstd_certificate_indextd_app_defined_error td_req_nonce td_req_seqtd_dh_parameterstd_cms_digest_algorithmstd_cert_digest_algorithms pac_requestfor_user for_x509_userfor_check_dups as_checksum fx_cookieauthentication_setauth_set_selectedfx_fastfx_errorencrypted_challenge otp_challenge otp_request otp_confirmotp_pin_change epak_as_req epak_as_rep pkinit_kx pku2u_name enc_pa_rep as_freshnessspakekerb_key_list_reqkerb_key_list_repsupported_etypesextended_error pac_optionsrs rr KerberosPADataType.native_labelsOsxD  & & D  , ,.@D   & & D   ' ' D  , ,.@ D  . .0D D   % %{D   & & D   1 13JD   ( (.D   ) )?D   , ,.@D   + +->D   , ,.@D   , ,.@D  ( (.!D "  ( (.#D $  / /1F%D &  * *,<'D (  1 13b)D *  + +->+D ,  2 24L-D .  ( (+/D 0  - -/B1D 2  ( (.3D 4  . .0D5D 6  - -/B7D 8  , ,.@9D :  ( (.;D <  9 9;W=D >  / /1C?D @  + +^AD B  4 46MCD D  3 35KED F  3 35KGD H  + +^ID J  ) )yD z  + +->{D |  $ $j}D ~  0 02ED @  0 02EAD B  / /1FCD D  - -/BED F  * *,*CDE E rrcn\rSrSrSrSrSrSrSrSr Sr S r S r \ S \RS\44S j5rS rg)rirrirrrrrrrrc&[RS[RS[RS[RS[R S[R S[RS[RS[RS 0 $) Nz NT-UNKNOWNz NT-PRINCIPALz NT-SRV-INSTz NT-SRV-HSTz NT-SRV-XHSTzNT-UIDzNT-X500-PRINCIPALz NT-SMTP-NAMEz NT-ENTERPRISE) rr principalsrv_instsrv_hstsrv_xhstuidx500_principal smtp_name enterprisers rr'KerberosPrincipalNameType.native_labelssr & - -| % / / % . . % - -| % . . % ) )8 % 4 46I % / / % 0 0/  rrN)rrrrrr)r*r+r,r-r.r/r0rrr!r#rrrrrrrsWGIHGH CNIJ  fkk*Es*JK    rrcn\rSrSrSrSrSrSrSrSr Sr S r S r \ S \RS\44S j5rS rg)r~irrrrrrrrrrc&[RS[RS[RS[RS[R S[R S[RS[RS[RS 0 $) NIPv4 DirectionalChaosNetXNSISOzDECNET Phase IVz AppleTalk DDPNetBiosIPv6) r~ipv4 directional chaos_netxnsisodecnet_phase_ivapple_talk_ddpnetbiosipv6rs rr%KerberosHostAddressType.native_labelssr $ ( (& # / / # - -z # ' ' # ' ' # 3 35F # 2 2O # + +Y # ( (&  rrN)rrrrr;r<r=r>r?r@rArBrCrrr!r#rrrrrr~r~sW DKI C CONG D  fkk*CS*HI    rr~c8\rSrSrSrSrSrSrSrSr Sr S r S r S r g ) rpirrirrrrrrrrN)rrrrrqr-r6rjrrrkrsrtr:rrrrrprps/G D EH D ENL Errpc^\rSrSr%0r\R \\R \S44\S'S\RS\RSS4Sjr S\R \\ 4SS4U4S jjr S r U=r$) _KerberosMsgTypei_KerberosMsgType__registryargskwargsrNc[USS5nX0R;a0URU'[USS5nUbXRUU'gg)NPVNOr MESSAGE_TYPE)r$rH)rrIrJpvnomsg_types r__init___KerberosMsgType.__init__sT sFA& ~~ %#%CNN4 35  -0NN4  * rsequencec>SnSU;aSn[X5n[XS-5nURURX@5n[[U]U5$)Nrri)r rHgetsuperrG__call__)rrRpvno_idxrN message_typenew_cls __class__s rrV_KerberosMsgType.__call__sa  H H"8#56*8qL+AB ..&**<=%w8BBrr)rrrrrHrr!r"__annotations__r'rPrrVr __classcell__)rZs@rrGrGsIKJ CS2D-D!EEFK 1zz 1** 1  1 C++c9n- C  C CrrGc\rSrSr\R rSrS\R\ \ 4SS4Sjr \ S\R\ \4SS4Sj5rS rg) r;irrRrNcXlgrrRselfrRs rrPKerberosV5Msg.__init__s rrc.[U5n[U5$r)rr;)r msg_sequences runpackKerberosV5Msg.unpacks259 \**rr`)rrrrrrrMrLrr!r"rrP staticmethodrnrkrfrrrrr;r;sb&..L D!S)^!<!!+fll9e#34+++rr;) metaclassc\rSrSrSr\R rSS\R4SS\R4SS\R4SS \R4/r S \ R\\4S S 4S jrSrg )KrbAsReqi aThe KRB_AS_REQ message. The KRB_AS_REQ message is used when the client wishes to retrieve a the initial ticket for a service. The KRB_TGS_REQ message is identical except for the tag and msg-type is used when retrieving additional tickets for a service. The ASN.1 definition for the KDC-REQ structure is defined in `RFC 4120 5.4.1`_:: KDC-REQ ::= SEQUENCE { -- NOTE: first tag is [1], not [0] pvno [1] INTEGER (5) , msg-type [2] INTEGER (10 -- AS -- | 12 -- TGS --), padata [3] SEQUENCE OF PA-DATA OPTIONAL -- NOTE: not empty --, req-body [4] KDC-REQ-BODY } Args: sequence: The ASN.1 sequence value as a dict to unpack. Attributes: padata (PAData): The pre-authentication data. req_body (KdcReqBody): The body of the request. .. _RFC 4120 5.4.1: https://www.rfc-editor.org/rfc/rfc4120#section-5.4.1 rNrLmsg-typerMpadatareq-bodyreq_bodyrRrNcS[R[[4S[R4Sjn[ USSSU5Ul[ USSS[R5Ul g) Nrrcj[U5Vs/sHn[RU5PM sn$s snfrr r<rfrps r unpack_padata(KrbAsReq.__init__..unpack_padata0*.B5.IJ.IFMM!$.IJ JJ0rzKDC-REQpa-datarrn) rrnrrkListrrmr@rfrorbrRrus rrPKrbAsReq.__init__/sZ Ki.>!? KFKK K)1iMZ *8Q :zO`O`a r)rmro)rrrr__doc__rrrMrprqr-r:rhrr!r"rrPrrrrrkrk sz8'--L **+ ^Y^^4 8Y__- Z1 IbS)^!<bbrrkc (\rSrSrSr\R rSS\R4SS\R4SS\R4SS\R4S S \R4S S \R4S S \R4/rS \R \\4SS4SjrSrg)KrbAsRepi7aThe KRB_AS_REP message. The KRB_AS_REP message is used for a reply from the KDC to a KRB_AS_REQ message. The KRB_TGS_REP message is identical except for the tag and msg-type. The ASN.1 definition for the KDC-REP structure is defined in `RFC 4120 5.4.2`_:: KDC-REP ::= SEQUENCE { pvno [0] INTEGER (5), msg-type [1] INTEGER (11 -- AS -- | 13 -- TGS --), padata [2] SEQUENCE OF PA-DATA OPTIONAL -- NOTE: not empty --, crealm [3] Realm, cname [4] PrincipalName, ticket [5] Ticket, enc-part [6] EncryptedData -- EncASRepPart or EncTGSRepPart, -- as appropriate } Args: sequence: The ASN.1 sequence value as a dict to unpack. Attributes: padata (PAData): The pre-authentication data. crealm (bytes): The client realm. cname (PrincipalName): The client principal name. ticket (Ticket): The newly issued ticket. enc_part (EncryptedData): The encrypted part of the message. .. _RFC 4120 5.4.2: https://www.rfc-editor.org/rfc/rfc4120#section-5.4.2 rNrLrlrMrmcrealmcnameticketenc-partenc_partrRrNcxS[R[[4S[R4Sjn[ USSSU5Ul[ USSS[5Ul[ US SS [5Ul [ US SS [R5Ul [ US SS[R5Ulg)Nrrcj[U5Vs/sHn[RU5PM sn$s snfrrrrss rru(KrbAsRep.__init__..unpack_padatagrwrxrzKDC-REPryrrrrrrrr)rrnrrkrzrrmr rrrr?rfrr>rr{s rrPKrbAsRep.__init__fs Ki.>!? KFKK K)1iMZ (1iKef '!YI^_ (1i6==Y *8Q :}OcOcd r)rrrrmr)rrrrr}rrrMrprqr-r:rrrsrhrr!r"rrPrrrrrr7s D'--L **+ ^Y^^4 8Y__- 8Y^^, '9334 8Y__- Z1IeS)^!<eerrc0\rSrSrSr\R rSrg) KrbTgsReqiqzLThe KRB_TGS_REQ is the same as KRB_AS_REQ but with a different MESSAGE_TYPE.rN) rrrrr}rrrMrrrrrrqV&..Lrrc0\rSrSrSr\R rSrg) KrbTgsRepiwzLThe KRB_TGS_REP is the same as KRB_AS_REP but with a different MESSAGE_TYPE.rN) rrrrr}rrrMrrrrrrwrrrc\rSrSrSr\R rSS\R4SS\R4SS\R4S S \R4S S \R4/r S \R\\4S S 4SjrSrg )KrbApReqi}aFThe KRB_AP_REQ message. The KRB_AP_REQ message contains is used to authenticate the initiator to an acceptor. The ASN.1 definition for the KRB_AP_REQ structure is defined in `RFC 4120 5.5.1`_:: AP-REQ ::= [APPLICATION 14] SEQUENCE { pvno [0] INTEGER (5), msg-type [1] INTEGER (14), ap-options [2] APOptions, ticket [3] Ticket, authenticator [4] EncryptedData -- Authenticator } Args: sequence: The ASN.1 sequence value as a dict to unpack. Attributes: ap_options (KerberosAPOptions): Options related to the AP request. ticket (Ticket): The ticket authenticating the client to the server. authenticator (EncryptedData): The encrypted authenticator. .. _RFC 4120 5.5.1: https://www.rfc-editor.org/rfc/rfc4120#section-5.5.1 rNrLrlrM ap-options ap_optionsr authenticatorrRrNc[USSS[5n[[R"SU5S5nX0l[USSS[ R5Ul[USSS [R5Ul g) Nrrrzr)rbrRraw_ap_optionsrs rrPKrbApReq.__init__sh+Ha'J1'MN $(1h&--X /!XXeXlXlmr)rrr)rrrrr}rrrMrprqr-r6r:rhrr!r"rrPrrrrrr}s4'--L **+ ^Y^^4 |Y__5 8Y__- /9??; InS)^!<nnrrc\rSrSrSr\R rSS\R4SS\R4SS\R4/r S \ R\\4S S 4S jrS rg )KrbApRepiaTThe KRB_AP_REP message. The KRB_AP_REP is a response to an application request `KRB_AP_REQ`. The ASN.1 definition for the KRB_AP_REP structure is defined in `RFC 4120 5.5.2`_:: AP-REP ::= [APPLICATION 15] SEQUENCE { pvno [0] INTEGER (5), msg-type [1] INTEGER (15), enc-part [2] EncryptedData -- EncAPRepPart } Args: sequence: The ASN.1 sequence value as a dict to unpack. Attributes: enc_part (EncryptedData): The encrypted authenticator. .. _RFC 4120 5.5.2: https://www.rfc-editor.org/rfc/rfc4120#section-5.5.2 rNrLrlrMrrrRrNcH[USSS[R5Ulg)Nrrr)rr>rfrras rrPKrbApRep.__init__s*8Q*mNbNbc r)r)rrrrr}rrrMrprqr-r:rhrr!r"rrPrrrrrrsl,'--L **+ ^Y^^4 Z1I dS)^!<ddrrc\rSrSrSr\R rSS\R4SS\R4SS\R4SS\R4S S \R4S S \R4S S \R4S S \R4SS\R4SS\R4SS\R4SS\R4SS\R4/ rS\R"\\4SS4SjrSrg)KrbErroriaThe KRB_ERROR message. The KRB_ERROR is a message sent in the occurrence of an error. The ASN.1 definition for the KRB_ERROR structure is defined in `RFC 4120 5.9.1`_:: KRB-ERROR ::= [APPLICATION 30] SEQUENCE { pvno [0] INTEGER (5), msg-type [1] INTEGER (30), ctime [2] KerberosTime OPTIONAL, cusec [3] Microseconds OPTIONAL, stime [4] KerberosTime, susec [5] Microseconds, error-code [6] Int32, crealm [7] Realm OPTIONAL, cname [8] PrincipalName OPTIONAL, realm [9] Realm -- service realm --, sname [10] PrincipalName -- service name --, e-text [11] KerberosString OPTIONAL, e-data [12] OCTET STRING OPTIONAL } Args: sequence: The ASN.1 sequence value as a dict to unpack. Attributes: ctime (datetime.datetime): The current time on the client's host. cusec (int): The microsecond part of the client's timestamp. stime (datetime.datetime): The current time of the server. susec (int): The microsecond part of the server's timestamp. error_code (KerberosErrorCode): THe error code returned by the kerberos when a request fails. crealm (bytes): The realm that issues a ticket. cname (PrincipalName): The principal name in the ticket. realm (bytes): The service realm. sname (PrincipalName): The service name. e_text (bytes): Additional text to explain the error code. e_data (bytes): Additional data about the error. .. _RFC 4120 5.9.1: https://www.rfc-editor.org/rfc/rfc4120#section-5.9.1 rNrLrlrMctimecusecstimesusec error-code error_coderrrealmsnamee-texte_texte-datae_datarRrNc &[USSS[5Ul[USSS[5Ul[USSS[5Ul[USSS [5Ul[[US SS [55Ul[US SS [5Ul [USSS[5Ul [USSS[5Ul [USSS[5Ul[USSS[5Ul[USSS[ 5Ulg)Nrrrrrrrrrrrrrrrrrrrrrr)rr rr rrrrrr rrrrrrr rras rrPKrbError.__init__ s'!['Kgh '!['K^_ '!['Kgh '!['K^_ + xKGZ [ )1k8Mgh '!['K`a '!['Kef '"k7Lab (2{HNhi (2{HNfg r) rrrrrrrrrrr)rrrrr}rrrMrprqr-rjrrrsrkrhrr!r"rrPrrrrrrs(T',,L **+ ^Y^^4 '9--. '9,,- '9--. '9,,- |Y^^4 8Y^^, '9334 '9>>* '9334 8Y^^, 8Y__-I hS)^!< h hrrc\rSrSrSrSS\R 4SS\R4/rS\ R\ \ 4S\ SS4S jr\S\ R 4S j5r\S\ R\\ 4SS4S j5rS rg) r<iaKerberos PA-DATA. The ASN.1 definition for the PA-DATA structure is defined in `RFC 4120 5.2.7`_:: PA-DATA ::= SEQUENCE { -- NOTE: first tag is [1], not [0] padata-type [1] Int32, padata-value [2] OCTET STRING -- might be encoded AP-REQ } Args: data_type: Indicates the type of data the value represents. value: The PAData value, usually the DER encoding of another message. Attributes: data_type (Union[int, KerberosPADataType]): See args. b_value (bytes): The raw bytes of padata-value, use `value` to get a structured object of these bytes if available. .. RFC 4120 5.2.7: https://www.rfc-editor.org/rfc/rfc4120#section-5.2.7 padata-type data_type padata-valuerrNcXlX lgr)rb_value)rbrrs rrPPAData.__init__8s " rcUR[R:XaA[R [ [ UR 5SR5S5$[[R5[RS4[[R5[RS40nURU;alU[UR5up#[ UR 5SnU(a![U5Vs/sH oR"U5PM sn$U"UR5$UR $s snf)NrFT)rrrrrfrrb_datar"rr>rr=r )rb data_type_map unpack_func is_sequencerrs rr PAData.value<s >>/77 7##K DLL0I!0L0S0S$TUV$WX X "00 1M4H4H%3P ".. /,2E2Et1L >>] *'4S5H'I $K!$,,/2G0DW0MN0M1 A0MNN#7>>22<<  Os D<c[U5nS[R[[4S[R[ [ 44Sjn[USSSU5n[USSS[5n[X45$) NrrcT[U5n[U5$![a Us$f=fr)r r ValueError)rint_vals runpack_data_type'PAData.unpack..unpack_data_typeXs0)%0G )'22  s  ''rizPA-DATArrr) rrrnrrkrr"rr r<)rrRrrpa_values rrf PAData.unpackTsp.u5 FLLE1A$B v||TfhkTkGl 'xI}N^_ %h9nNfgi**r)rr)rrrrr}rpr-r:rhrrnr"rrkrPpropertyr'rrhrrfrrrrr<r<s0  Y^^4 )//2I &,,s4F/F"GPUZ^ vzz  .+fll9e#34+++rr<c\rSrSrSrSS\R 4SS\R4SS\R4/rS\ S\ R\S\ R\SS4Sjr \ S \ R\\4SS4S j5rS rg) r=ifaKerberos PA-ETYPE-INFO2 container. The ASN.1 definition for the PA-ETYPE-INFO2 structure is defined in `RFC 4120 5.2.7.5`_:: ETYPE-INFO2-ENTRY ::= SEQUENCE { etype [0] Int32, salt [1] KerberosString OPTIONAL, s2kparams [2] OCTET STRING OPTIONAL } Args: etype: The etype that defines the cipher used. salt: The used in the cipher associated with the cryptosystem. s2kparams: Extra params to be interpreted by the cipher associated with the cryptosystem. Attributes: etype (KerberosEncryptionType): See args. salt (Optional[bytes]): See args. s2kparams (Optional[bytes]): See args. .. RFC 4120 5.2.7.5: https://www.rfc-editor.org/rfc/rfc4120#section-5.2.7.5 etypesalt s2kparamsrNc(XlX lX0lgr)rrr)rbrrrs rrPPAETypeInfo2.__init__s   "rrc [U5n[[USSS[55n[USSS[5n[USSS[ 5n[ X#U5$) NrrrrizETYPE-INFO2-ENTRYrrr)rrrr r r r=)rrRrrrs rrfPAETypeInfo2.unpacks\.u5&'9(AGWY`bu'vw!(A/BFLfg&x4GVno E33r)rrr)rrrrr}rpr-rkrhrrOptionalrPrhrnrrfrrrrr=r=fs2 '9>>* ) k9??3I #%#ooe$#??5) #  #4fll9e#34444rr=c\rSrSrSrSS\R 4SS\R4SS\R4/r S\ S\ R\ S\SS4Sjr\S \ R \\4SS4S j5rS rg) r>iaKerberos EncryptedData container. The ASN.1 definition for the EncryptedData structure is defined in `RFC 4120 5.2.9`_:: EncryptedData ::= SEQUENCE { etype [0] Int32 -- EncryptionType --, kvno [1] UInt32 OPTIONAL, cipher [2] OCTET STRING -- ciphertext } Args: etype: The encryption algorithm that was used to encipher the cipher. kvno: The version number of the key under which data is encrypted. It is only present in messages encrypted under long lasting keys. cipher: The enciphered text. Attributes: etype (KerberosEncryptionType): See args. kvno (Optional[int]): See args. cipher (bytes): See args. .. RFC 4120 5.2.9: https://www.rfc-editor.org/rfc/rfc4120#section-5.2.9 rkvnocipherrNc(XlX lX0lgr)rrr)rbrrrs rrPEncryptedData.__init__s   rrc [U5n[[USSS[55n[USSS[5n[USSS[5n[ X#U5$)Nrr>rrirrr)rrrr r r>)rrRrrrs rrfEncryptedData.unpacksY.u5&'9(AX_at'uv!(AH[\#Ha(LdeU&11r)rrr)rrrrr}rpr-rqrkrhrrrr"rPrhrnrrfrrrrr>r>s4 '9>>* **+ 8Y__-I 4FOOCc \rSrSrSrSS\R 4SS\R4SS\R4SS\R4/r S\ S\ S\ R\S\S S 4 S jr\S \ R&\\ 4S S4S j5rSrg )r?iaHKerberos Ticket. The ASN.1 definition for the Ticket structure is defined in `RFC 4120 5.3`_:: Ticket ::= [APPLICATION 1] SEQUENCE { tkt-vno [0] INTEGER (5), realm [1] Realm, sname [2] PrincipalName, enc-part [3] EncryptedData -- EncTicketPart } Args: tkt_vno: The version number for the ticket format. realm: The realm that issued a ticket. sname: All the name components of the server's identity. enc_part: The encrypted part of the ticket, it is encrypted in the key shared by Kerberos and the end server. Attributes: tkt_vno (int): See args. realm (bytes): See args. sname (List[PrincipalName]): See args. enc_part (EncryptedData): See args. .. _RFC 4120 5.3: https://www.rfc-editor.org/rfc/rfc4120#section-5.3 tkt-vnotkt_vnorrrrrNc4XlX lX0lX@lgr)rrrr)rbrrrrs rrPTicket.__init__s    rrc*[U[RS5n[[ U5S5n[ USSS[ 5n[ USSS[5n[ USSS[5n[ USSS [R5n[X4XV5$) Nrirr?rrrrrr) rr applicationrrrr r rr>rfr?)rrrRrrrrs rrf Ticket.unpacks!%)=)=qA.{6/B1/EF$Xq(IGZ["8Q'C]^"8Q'CXY%h8ZI]I]^ge66r)rrrr)rrrrr}rprqrrrsr:rhr"rkrrzrlr>rPrhrnrrfrrrrr?r?s8 Iy001 '9>>* '9334 Z1 I ! ! !{{=) !  !  ! 7fll9e#34 7 7 7rr?c\rSrSrSrSS\R \44SS\R4SS\R4SS\R4SS \R4S S \R4S S \R4S S \R4SS\R4SS\R4SS\R4SS\R4/ rS\S\R$\S\S\S \R$\ RS \ RS \R$\ RS \S\R*\S\R$\R*\S\R$\S\R$\R*\SS4Sjr\S\R8\\4SS4Sj5rSrg)r@ia The KRB_AS_REQ message. The KRB_AS_REQ message is used when the client wishes to retrieve a the initial ticket for a service. The KRB_TGS_REQ message is identical except for the tag and msg-type is used when retrieving additional tickets for a service. The ASN.1 definition for the KDC-REQ structure is defined in `RFC 4120 5.4.1`_:: KDC-REQ-BODY ::= SEQUENCE { kdc-options [0] KDCOptions, cname [1] PrincipalName OPTIONAL -- Used only in AS-REQ --, realm [2] Realm -- Server's realm -- Also client's in AS-REQ --, sname [3] PrincipalName OPTIONAL, from [4] KerberosTime OPTIONAL, till [5] KerberosTime, rtime [6] KerberosTime OPTIONAL, nonce [7] UInt32, etype [8] SEQUENCE OF Int32 -- EncryptionType -- in preference order --, addresses [9] HostAddresses OPTIONAL, enc-authorization-data [10] EncryptedData OPTIONAL -- AuthorizationData --, additional-tickets [11] SEQUENCE OF Ticket OPTIONAL -- NOTE: not empty } Args: kdc_options: Flags desired by the client and other behaviour desired. cname: The client name. realm: The realm part of the server's principal. sname: The service name. postdated_from: When the requested ticket is to be posted from. postdated_till: The expiration date requested by the client. rtime: The requested renew-till time. nonce: Random number generated by the client. etype: The desired encryption algorithm to be used in priority order. addresses: Addresses from which the requested ticket is to be valid. enc_authorization_data: Encrypted authorization data. additional_tickets: Additional tickets to be optionally included in a request. Attributes: kdc_options (int): See args. cname (Optional[PrincipalName]): See args. realm (bytes): See args. sname (PrincipalName): See args. postdated_from (Optional[datetime.datetime]): See args. postdated_till (datetime.datetime): See args. rtime (Optional[datetime.datetime]): See args. nonce (int): See args. etype (List[KerberosEncryptionType]): See args. addresses (Optional[List[HostAddress]]): See args. enc_authorization_data (Optional[EncryptedData]): See args. additional_tickets (Optional[Ticket]): See args. .. _RFC 4120 5.4.1: https://www.rfc-editor.org/rfc/rfc4120#section-5.4.1 kdc-options kdc_optionsrrrfrompostdated_fromtillpostdated_tillrtimenoncer addressesenc-authorization-dataenc_authorization_dataadditional-ticketsadditional_ticketsrNc XlX lX0lX@lXPlX`lXplXlXlXl Xl Xl gr) rrrrrrrrrrrr) rbrrrrrrrrrrrrs rrPKdcReqBody.__init__SsE'   ,,   "&<#"4rrc[U5nS[R[[4S[ 4SjnS[R[[4S[R [4SjnS[R[[4S[R [4SjnS[R[[4S[R [4Sjn[USSS U5n[US SS [5n[US SS [5n[USSS[5n [USSS[5n [USSS[5n [USSS[5n [USSS[5n [USSSU5n[USSSU5n[USSS[R 5n[USSSU5n[#UUUU U U U U UUUU5 $) NrrcL[U5n[R"SU5S$)Nz>Ir)rrrf)rrs runpack_kdc_options-KdcReqBody.unpack..unpack_kdc_optionsss"+E2F==v.q1 1rch[U5Vs/sHn[[U55PM sn$s snfr)r rr )res r unpack_etype'KdcReqBody.unpack..unpack_etypews.L`afLghLgq*+>q+ABLgh hhs/cV[U5Vs/sHn[U5PM sn$s snfr)r r)rhs runpack_addresses+KdcReqBody.unpack..unpack_addresseszs&0DU0KL0K1OA&0KL LLs&cj[U5Vs/sHn[RU5PM sn$s snfr)r r?rf)rts r unpack_ticket(KdcReqBody.unpack..unpack_ticket}rwrxrz KDC-REQ-BODYrrirrrrrrrrrrrrrrrrrrrrr)rrrnrrkr"rzrrmr?rrr r r r>rfr@)rrRrrrrrrrrrrrrrr enc_auth_datars rrfKdcReqBody.unpackos.u5 2fll9e3C&D 2 2 i Y-= > i6;;OeCf i MFLLE1A$B Mv{{S^G_ M Ki.>!? KFKKPVDW K)1nmUgh "8QI^_"8QIcd"8QI^_+HaQmn+HaQmn"8QIef"8QI\]"8QV&xNKQab *8RIacpcwcwx /"nNbdqr              r) rrrrrrrrrrrr) rrrrr}rpr6rrsrrrjrqr-rtr:rhr"rrrlrkrzrrmr>r?rPrhrnrrfrrrrr@r@s;|  9K'LM '9334 '9>>* '9334 !9#5#56 !9#5#56 '9--. '9,,- '9>>* k9#9#9: !#;Y__M 3Y__E I55}-5 5  5 (9(9: 5!))5x00155{{125??6;;{#;<5!' >5#OOFKK,?@5 58* fll9e#34* * * rr@r)NN)Br}rS collectionsrjr-rr spnego._asn1rrrrrrr r r r r r spnego._textrrnr"r#r.rTyper!r(r3IntFlagr'r9rerkrr namedtuplermrlrrIntEnumrrrrrr~rptyperGr;rkrrrrrrr<r=r>r?r@rrrrsk     ! /3 E <<S$))+ , Ev{{+ E [[c E/3* <<S$))+ ,*v{{+* *,/3 <<T\\) *v{{+ [[fjj!6$(%)F <<j kF OOC Fooc"F \\#v{{3 ?334 FR(6<<y(89(m( *eY.>!? *O *$$]['4JK "&&g8NO &    E E R! T\\! JM  M b $,, 2L L `   6 dll 4  CtC@ +. ++b}+b\7e}7et// // +n}+n\ d} dFJh}JhZH+H+V1414h-2-2`9797xT T r