Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Impacket - Collection of Python classes for working with network protocols. 

2# 

3# SECUREAUTH LABS. Copyright (C) 2021 SecureAuth Corporation. All rights reserved. 

4# 

5# This software is provided under a slightly modified version 

6# of the Apache Software License. See the accompanying LICENSE file 

7# for more information. 

8# 

9# Description: 

10# Changed some of the classes names to match the RFC 4120 

11# Added [MS-KILE] data 

12# Adapted to Enum 

13# 

14# Author: 

15# Altered source by Alberto Solino (@agsolino) 

16# 

17# Copyright and license note from asn1.py: 

18# 

19# Copyright (c) 2013, Marc Horowitz 

20# All rights reserved. 

21# 

22# Redistribution and use in source and binary forms, with or without 

23# modification, are permitted provided that the following conditions are 

24# met: 

25# 

26# Redistributions of source code must retain the above copyright notice, 

27# this list of conditions and the following disclaimer. 

28# 

29# Redistributions in binary form must reproduce the above copyright 

30# notice, this list of conditions and the following disclaimer in the 

31# documentation and/or other materials provided with the distribution. 

32# 

33# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 

34# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 

35# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 

36# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 

37# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 

38# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 

39# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 

40# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 

41# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 

42# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 

43# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

44# 

45from pyasn1.type import tag, namedtype, univ, constraint, char, useful 

46 

47from . import constants 

48 

49 

50def _application_tag(tag_value): 

51 return univ.Sequence.tagSet.tagExplicitly( 

52 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 

53 int(tag_value))) 

54 

55def _vno_component(tag_value, name="pvno"): 

56 return _sequence_component( 

57 name, tag_value, univ.Integer(), 

58 subtypeSpec=constraint.ValueRangeConstraint(5, 5)) 

59 

60def _msg_type_component(tag_value, values): 

61 c = constraint.ConstraintsUnion( 

62 *(constraint.SingleValueConstraint(int(v)) for v in values)) 

63 return _sequence_component('msg-type', tag_value, univ.Integer(), 

64 subtypeSpec=c) 

65 

66def _sequence_component(name, tag_value, type, **subkwargs): 

67 return namedtype.NamedType(name, type.subtype( 

68 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 

69 tag_value), 

70 **subkwargs)) 

71 

72def _sequence_optional_component(name, tag_value, type, **subkwargs): 

73 return namedtype.OptionalNamedType(name, type.subtype( 

74 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 

75 tag_value), 

76 **subkwargs)) 

77 

78def seq_set(seq, name, builder=None, *args, **kwargs): 

79 component = seq.setComponentByName(name).getComponentByName(name) 

80 if builder is not None: 

81 seq.setComponentByName(name, builder(component, *args, **kwargs)) 

82 else: 

83 seq.setComponentByName(name) 

84 return seq.getComponentByName(name) 

85 

86def seq_set_dict(seq, name, pairs, *args, **kwargs): 

87 component = seq.setComponentByName(name).getComponentByName(name) 

88 for k, v in pairs.items(): 

89 component.setComponentByName(k, v) 

90 

91def seq_set_iter(seq, name, iterable): 

92 component = seq.setComponentByName(name).getComponentByName(name) 

93 for pos, v in enumerate(iterable): 

94 component.setComponentByPosition(pos, v) 

95 

96def seq_set_flags(seq, name, flags): 

97 seq_set(seq, name, flags.to_asn1) 

98 

99def seq_append(seq, name, pairs): 

100 component = seq.getComponentByName(name) 

101 if component is None: 

102 component = seq.setComponentByName(name).getComponentByName(name) 

103 index = len(component) 

104 element = component.setComponentByPosition(index 

105 ).getComponentByPosition(index) 

106 for k, v in pairs.items(): 

107 element.setComponentByName(k, v) 

108 

109class Int32(univ.Integer): 

110 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

111 -2147483648, 2147483647) 

112 

113class UInt32(univ.Integer): 

114 pass 

115# subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

116# 0, 4294967295) 

117 

118class Microseconds(univ.Integer): 

119 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

120 0, 999999) 

121 

122class KerberosString(char.GeneralString): 

123 # TODO marc: I'm not sure how to express this constraint in the API. 

124 # For now, we will be liberal in what we accept. 

125 # subtypeSpec = constraint.PermittedAlphabetConstraint(char.IA5String()) 

126 pass 

127 

128class Realm(KerberosString): 

129 pass 

130 

131class PrincipalName(univ.Sequence): 

132 componentType = namedtype.NamedTypes( 

133 _sequence_component("name-type", 0, Int32()), 

134 _sequence_component("name-string", 1, 

135 univ.SequenceOf(componentType=KerberosString())) 

136 ) 

137 

138class KerberosTime(useful.GeneralizedTime): 

139 pass 

140 

141class HostAddress(univ.Sequence): 

142 componentType = namedtype.NamedTypes( 

143 _sequence_component("addr-type", 0, Int32()), 

144 _sequence_component("address", 1, univ.OctetString()) 

145 ) 

146 

147class HostAddresses(univ.SequenceOf): 

148 componentType = HostAddress() 

149 

150class AuthorizationData(univ.SequenceOf): 

151 componentType = univ.Sequence(componentType=namedtype.NamedTypes( 

152 _sequence_component('ad-type', 0, Int32()), 

153 _sequence_component('ad-data', 1, univ.OctetString()) 

154 )) 

155 

156class PA_DATA(univ.Sequence): 

157 componentType = namedtype.NamedTypes( 

158 _sequence_component('padata-type', 1, Int32()), 

159 _sequence_component('padata-value', 2, univ.OctetString()) 

160 ) 

161 

162class KerberosFlags(univ.BitString): 

163 # TODO marc: it doesn't look like there's any way to specify the 

164 # SIZE (32.. MAX) parameter to the encoder. However, we can 

165 # arrange at a higher layer to pass in >= 32 bits to the encoder. 

166 pass 

167 

168class EncryptedData(univ.Sequence): 

169 componentType = namedtype.NamedTypes( 

170 _sequence_component("etype", 0, Int32()), 

171 _sequence_optional_component("kvno", 1, UInt32()), 

172 _sequence_component("cipher", 2, univ.OctetString()) 

173 ) 

174 

175class EncryptionKey(univ.Sequence): 

176 componentType = namedtype.NamedTypes( 

177 _sequence_component('keytype', 0, Int32()), 

178 _sequence_component('keyvalue', 1, univ.OctetString())) 

179 

180class Checksum(univ.Sequence): 

181 componentType = namedtype.NamedTypes( 

182 _sequence_component('cksumtype', 0, Int32()), 

183 _sequence_component('checksum', 1, univ.OctetString())) 

184 

185class Ticket(univ.Sequence): 

186 tagSet = _application_tag(constants.ApplicationTagNumbers.Ticket.value) 

187 componentType = namedtype.NamedTypes( 

188 _vno_component(name="tkt-vno", tag_value=0), 

189 _sequence_component("realm", 1, Realm()), 

190 _sequence_component("sname", 2, PrincipalName()), 

191 _sequence_component("enc-part", 3, EncryptedData()) 

192 ) 

193 

194class TicketFlags(KerberosFlags): 

195 pass 

196 

197class TransitedEncoding(univ.Sequence): 

198 componentType = namedtype.NamedTypes( 

199 _sequence_component('tr-type', 0, Int32()), 

200 _sequence_component('contents', 1, univ.OctetString())) 

201 

202class EncTicketPart(univ.Sequence): 

203 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTicketPart.value) 

204 componentType = namedtype.NamedTypes( 

205 _sequence_component("flags", 0, TicketFlags()), 

206 _sequence_component("key", 1, EncryptionKey()), 

207 _sequence_component("crealm", 2, Realm()), 

208 _sequence_component("cname", 3, PrincipalName()), 

209 _sequence_component("transited", 4, TransitedEncoding()), 

210 _sequence_component("authtime", 5, KerberosTime()), 

211 _sequence_optional_component("starttime", 6, KerberosTime()), 

212 _sequence_component("endtime", 7, KerberosTime()), 

213 _sequence_optional_component("renew-till", 8, KerberosTime()), 

214 _sequence_optional_component("caddr", 9, HostAddresses()), 

215 _sequence_optional_component("authorization-data", 10, AuthorizationData()) 

216 ) 

217 

218class KDCOptions(KerberosFlags): 

219 pass 

220 

221class KDC_REQ_BODY(univ.Sequence): 

222 componentType = namedtype.NamedTypes( 

223 _sequence_component('kdc-options', 0, KDCOptions()), 

224 _sequence_optional_component('cname', 1, PrincipalName()), 

225 _sequence_component('realm', 2, Realm()), 

226 _sequence_optional_component('sname', 3, PrincipalName()), 

227 _sequence_optional_component('from', 4, KerberosTime()), 

228 _sequence_component('till', 5, KerberosTime()), 

229 _sequence_optional_component('rtime', 6, KerberosTime()), 

230 _sequence_component('nonce', 7, UInt32()), 

231 _sequence_component('etype', 8, 

232 univ.SequenceOf(componentType=Int32())), 

233 _sequence_optional_component('addresses', 9, HostAddresses()), 

234 _sequence_optional_component('enc-authorization-data', 10, 

235 EncryptedData()), 

236 _sequence_optional_component('additional-tickets', 11, 

237 univ.SequenceOf(componentType=Ticket())) 

238 ) 

239 

240class KDC_REQ(univ.Sequence): 

241 componentType = namedtype.NamedTypes( 

242 _vno_component(1), 

243 _msg_type_component(2, (constants.ApplicationTagNumbers.AS_REQ.value, 

244 constants.ApplicationTagNumbers.TGS_REQ.value)), 

245 _sequence_optional_component('padata', 3, 

246 univ.SequenceOf(componentType=PA_DATA())), 

247 _sequence_component('req-body', 4, KDC_REQ_BODY()) 

248 ) 

249 

250class AS_REQ(KDC_REQ): 

251 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REQ.value) 

252 

253class TGS_REQ(KDC_REQ): 

254 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REQ.value) 

255 

256class KDC_REP(univ.Sequence): 

257 componentType = namedtype.NamedTypes( 

258 _vno_component(0), 

259 _msg_type_component(1, (constants.ApplicationTagNumbers.AS_REP.value, 

260 constants.ApplicationTagNumbers.TGS_REP.value)), 

261 _sequence_optional_component('padata', 2, 

262 univ.SequenceOf(componentType=PA_DATA())), 

263 _sequence_component('crealm', 3, Realm()), 

264 _sequence_component('cname', 4, PrincipalName()), 

265 _sequence_component('ticket', 5, Ticket()), 

266 _sequence_component('enc-part', 6, EncryptedData()) 

267 ) 

268 

269class LastReq(univ.SequenceOf): 

270 componentType = univ.Sequence(componentType=namedtype.NamedTypes( 

271 _sequence_component('lr-type', 0, Int32()), 

272 _sequence_component('lr-value', 1, KerberosTime()) 

273 )) 

274 

275class METHOD_DATA(univ.SequenceOf): 

276 componentType = PA_DATA() 

277 

278class EncKDCRepPart(univ.Sequence): 

279 componentType = namedtype.NamedTypes( 

280 _sequence_component('key', 0, EncryptionKey()), 

281 _sequence_component('last-req', 1, LastReq()), 

282 _sequence_component('nonce', 2, UInt32()), 

283 _sequence_optional_component('key-expiration', 3, KerberosTime()), 

284 _sequence_component('flags', 4, TicketFlags()), 

285 _sequence_component('authtime', 5, KerberosTime()), 

286 _sequence_optional_component('starttime', 6, KerberosTime()), 

287 _sequence_component('endtime', 7, KerberosTime()), 

288 _sequence_optional_component('renew-till', 8, KerberosTime()), 

289 _sequence_component('srealm', 9, Realm()), 

290 _sequence_component('sname', 10, PrincipalName()), 

291 _sequence_optional_component('caddr', 11, HostAddresses()), 

292 _sequence_optional_component('encrypted_pa_data', 12, METHOD_DATA()) 

293 ) 

294 

295class EncASRepPart(EncKDCRepPart): 

296 tagSet = _application_tag(constants.ApplicationTagNumbers.EncASRepPart.value) 

297 

298class EncTGSRepPart(EncKDCRepPart): 

299 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTGSRepPart.value) 

300 

301class AS_REP(KDC_REP): 

302 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REP.value) 

303 

304class TGS_REP(KDC_REP): 

305 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REP.value) 

306 

307class APOptions(KerberosFlags): 

308 pass 

309 

310class Authenticator(univ.Sequence): 

311 tagSet = _application_tag(constants.ApplicationTagNumbers.Authenticator.value) 

312 componentType = namedtype.NamedTypes( 

313 _vno_component(name='authenticator-vno', tag_value=0), 

314 _sequence_component('crealm', 1, Realm()), 

315 _sequence_component('cname', 2, PrincipalName()), 

316 _sequence_optional_component('cksum', 3, Checksum()), 

317 _sequence_component('cusec', 4, Microseconds()), 

318 _sequence_component('ctime', 5, KerberosTime()), 

319 _sequence_optional_component('subkey', 6, EncryptionKey()), 

320 _sequence_optional_component('seq-number', 7, UInt32()), 

321 _sequence_optional_component('authorization-data', 8, 

322 AuthorizationData()) 

323 ) 

324 

325class AP_REQ(univ.Sequence): 

326 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REQ.value) 

327 componentType = namedtype.NamedTypes( 

328 _vno_component(0), 

329 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REQ.value,)), 

330 _sequence_component('ap-options', 2, APOptions()), 

331 _sequence_component('ticket', 3, Ticket()), 

332 _sequence_component('authenticator', 4, EncryptedData()) 

333 ) 

334 

335class AP_REP(univ.Sequence): 

336 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REP.value) 

337 componentType = namedtype.NamedTypes( 

338 _vno_component(0), 

339 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REP.value,)), 

340 _sequence_component('enc-part', 2, EncryptedData()), 

341 ) 

342 

343class EncAPRepPart(univ.Sequence): 

344 tagSet = _application_tag(constants.ApplicationTagNumbers.EncApRepPart.value) 

345 componentType = namedtype.NamedTypes( 

346 _sequence_component('ctime', 0, KerberosTime()), 

347 _sequence_component('cusec', 1, Microseconds()), 

348 _sequence_optional_component('subkey', 2, EncryptionKey()), 

349 _sequence_optional_component('seq-number', 3, UInt32()), 

350 ) 

351 

352class KRB_SAFE_BODY(univ.Sequence): 

353 componentType = namedtype.NamedTypes( 

354 _sequence_component('user-data', 0, univ.OctetString()), 

355 _sequence_optional_component('timestamp', 1, KerberosTime()), 

356 _sequence_optional_component('usec', 2, Microseconds()), 

357 _sequence_optional_component('seq-number', 3, UInt32()), 

358 _sequence_component('s-address', 4, HostAddress()), 

359 _sequence_optional_component('r-address', 5, HostAddress()), 

360 ) 

361 

362class KRB_SAFE(univ.Sequence): 

363 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_SAFE.value) 

364 componentType = namedtype.NamedTypes( 

365 _vno_component(0), 

366 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_SAFE.value,)), 

367 _sequence_component('safe-body', 2, KRB_SAFE_BODY()), 

368 _sequence_component('cksum', 3, Checksum()), 

369 ) 

370 

371class KRB_PRIV(univ.Sequence): 

372 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_PRIV.value) 

373 componentType = namedtype.NamedTypes( 

374 _vno_component(0), 

375 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_PRIV.value,)), 

376 _sequence_component('enc-part', 3, EncryptedData()), 

377 ) 

378 

379class EncKrbPrivPart(univ.Sequence): 

380 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbPrivPart.value) 

381 componentType = namedtype.NamedTypes( 

382 _sequence_component('user-data', 0, univ.OctetString()), 

383 _sequence_optional_component('timestamp', 1, KerberosTime()), 

384 _sequence_optional_component('cusec', 2, Microseconds()), 

385 _sequence_optional_component('seq-number', 3, UInt32()), 

386 _sequence_component('s-address', 4, HostAddress()), 

387 _sequence_optional_component('r-address', 5, HostAddress()), 

388 ) 

389 

390class KRB_CRED(univ.Sequence): 

391 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_CRED.value) 

392 componentType = namedtype.NamedTypes( 

393 _vno_component(0), 

394 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_CRED.value,)), 

395 _sequence_optional_component('tickets', 2, 

396 univ.SequenceOf(componentType=Ticket())), 

397 _sequence_component('enc-part', 3, EncryptedData()), 

398 ) 

399 

400class KrbCredInfo(univ.Sequence): 

401 componentType = namedtype.NamedTypes( 

402 _sequence_component('key', 0, EncryptionKey()), 

403 _sequence_optional_component('prealm', 1, Realm()), 

404 _sequence_optional_component('pname', 2, PrincipalName()), 

405 _sequence_optional_component('flags', 3, TicketFlags()), 

406 _sequence_optional_component('authtime', 4, KerberosTime()), 

407 _sequence_optional_component('starttime', 5, KerberosTime()), 

408 _sequence_optional_component('endtime', 6, KerberosTime()), 

409 _sequence_optional_component('renew-till', 7, KerberosTime()), 

410 _sequence_optional_component('srealm', 8, Realm()), 

411 _sequence_optional_component('sname', 9, PrincipalName()), 

412 _sequence_optional_component('caddr', 10, HostAddresses()), 

413 ) 

414 

415class EncKrbCredPart(univ.Sequence): 

416 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbCredPart.value) 

417 componentType = namedtype.NamedTypes( 

418 _sequence_component('ticket-info', 0, univ.SequenceOf(componentType=KrbCredInfo())), 

419 _sequence_optional_component('nonce', 1, UInt32()), 

420 _sequence_optional_component('timestamp', 2, KerberosTime()), 

421 _sequence_optional_component('usec', 3, Microseconds()), 

422 _sequence_optional_component('s-address', 4, HostAddress()), 

423 _sequence_optional_component('r-address', 5, HostAddress()), 

424 ) 

425 

426class KRB_ERROR(univ.Sequence): 

427 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_ERROR.value) 

428 componentType = namedtype.NamedTypes( 

429 _vno_component(0), 

430 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_ERROR.value,)), 

431 _sequence_optional_component('ctime', 2, KerberosTime()), 

432 _sequence_optional_component('cusec', 3, Microseconds()), 

433 _sequence_component('stime', 4, KerberosTime()), 

434 _sequence_component('susec', 5, Microseconds()), 

435 _sequence_component('error-code', 6, Int32()), 

436 _sequence_optional_component('crealm', 7, Realm()), 

437 _sequence_optional_component('cname', 8, PrincipalName()), 

438 _sequence_component('realm', 9, Realm()), 

439 _sequence_component('sname', 10, PrincipalName()), 

440 _sequence_optional_component('e-text', 11, KerberosString()), 

441 _sequence_optional_component('e-data', 12, univ.OctetString()) 

442 ) 

443 

444class TYPED_DATA(univ.SequenceOf): 

445 componentType = namedtype.NamedTypes( 

446 _sequence_component('data-type', 0, Int32()), 

447 _sequence_optional_component('data-value', 1, univ.OctetString()), 

448 ) 

449 

450class PA_ENC_TIMESTAMP(EncryptedData): 

451 pass 

452 

453class PA_ENC_TS_ENC(univ.Sequence): 

454 componentType = namedtype.NamedTypes( 

455 _sequence_component('patimestamp', 0, KerberosTime()), 

456 _sequence_optional_component('pausec', 1, Microseconds())) 

457 

458class ETYPE_INFO_ENTRY(univ.Sequence): 

459 componentType = namedtype.NamedTypes( 

460 _sequence_component('etype', 0, Int32()), 

461 _sequence_optional_component('salt', 1, univ.OctetString())) 

462 

463class ETYPE_INFO(univ.SequenceOf): 

464 componentType = ETYPE_INFO_ENTRY() 

465 

466class ETYPE_INFO2_ENTRY(univ.Sequence): 

467 componentType = namedtype.NamedTypes( 

468 _sequence_component('etype', 0, Int32()), 

469 _sequence_optional_component('salt', 1, KerberosString()), 

470 _sequence_optional_component('s2kparams', 2, univ.OctetString())) 

471 

472class ETYPE_INFO2(univ.SequenceOf): 

473 componentType = ETYPE_INFO2_ENTRY() 

474 

475class AD_IF_RELEVANT(AuthorizationData): 

476 pass 

477 

478class AD_KDCIssued(univ.Sequence): 

479 componentType = namedtype.NamedTypes( 

480 _sequence_component('ad-checksum', 0, Checksum()), 

481 _sequence_optional_component('i-realm', 1, Realm()), 

482 _sequence_optional_component('i-sname', 2, PrincipalName()), 

483 _sequence_component('elements', 3, AuthorizationData())) 

484 

485class AD_AND_OR(univ.Sequence): 

486 componentType = namedtype.NamedTypes( 

487 _sequence_component('condition-count', 0, Int32()), 

488 _sequence_optional_component('elements', 1, AuthorizationData())) 

489 

490class AD_MANDATORY_FOR_KDC(AuthorizationData): 

491 pass 

492 

493class KERB_PA_PAC_REQUEST(univ.Sequence): 

494 componentType = namedtype.NamedTypes( 

495 namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 

496 ) 

497 

498class PA_FOR_USER_ENC(univ.Sequence): 

499 componentType = namedtype.NamedTypes( 

500 _sequence_component('userName', 0, PrincipalName()), 

501 _sequence_optional_component('userRealm', 1, Realm()), 

502 _sequence_optional_component('cksum', 2, Checksum()), 

503 _sequence_optional_component('auth-package', 3, KerberosString())) 

504 

505class KERB_ERROR_DATA(univ.Sequence): 

506 componentType = namedtype.NamedTypes( 

507 _sequence_component('data-type', 1, Int32()), 

508 _sequence_component('data-value', 2, univ.OctetString())) 

509 

510class PA_PAC_OPTIONS(univ.Sequence): 

511 componentType = namedtype.NamedTypes( 

512 _sequence_component('flags', 0, KerberosFlags()), 

513 ) 

514 

515class KERB_KEY_LIST_REQ(univ.SequenceOf): 

516 componentType = Int32() 

517 

518class KERB_KEY_LIST_REP(univ.SequenceOf): 

519 componentType = EncryptionKey()