class ETypeInfoEntry(_K5Sequence): componentType = NamedTypes(_mfield('etype', 0, Integer()), _ofield('salt', 1, OctetString()))
class HostAddress(Sequence): componentType = NamedTypes( NamedType('addr-type', _c(0, Integer())), NamedType('address', _c(1, OctetString())))
class EncryptedData(Sequence): componentType = NamedTypes( NamedType('etype', _c(0, Integer())), OptionalNamedType('kvno', _c(1, Integer())), NamedType('cipher', _c(2, OctetString())))
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see <http://www.gnu.org/licenses/>. from pyasn1.type.univ import OctetString, Integer, Sequence from pyasn1.type.namedtype import NamedTypes, NamedType from pyasn1.type.constraint import ValueRangeConstraint from .controls import build_control # constants # maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- MAXINT = Integer(2147483647) # constraints rangeInt0ToMaxConstraint = ValueRangeConstraint(0, MAXINT) class Integer0ToMax(Integer): subtypeSpec = Integer.subtypeSpec + rangeInt0ToMaxConstraint class Size(Integer0ToMax): # Size INTEGER (0..maxInt) pass class Cookie(OctetString):
class KdcReq(Sequence): componentType = NamedTypes( NamedType('pvno', _c(1, Integer())), NamedType('msg-type', _c(2, Integer())), NamedType('padata', _c(3, SequenceOf(componentType=PAData()))), NamedType('req-body', _c(4, KdcReqBody())))
class DHParameter(Sequence): componentType = NamedTypes( NamedType('prime', Integer()), NamedType('base', Integer()))
class SdFlags(Sequence): # SDFlagsRequestValue ::= SEQUENCE { # Flags INTEGER # } componentType = NamedTypes(NamedType('Flags', Integer()))
def pkcs7_signed_msg(self, msg: bytes): """PKCS#7 signed with certificate Sign and encapsulate message """ signed = self.sign(msg) owner_cert_pub = der_decoder.decode(self.pub_data)[0] # signedData (PKCS #7) oi_pkcs7_signed = ObjectIdentifier((1, 2, 840, 113549, 1, 7, 2)) oi_pkcs7_data = ObjectIdentifier((1, 2, 840, 113549, 1, 7, 1)) oi_sha256 = ObjectIdentifier((2, 16, 840, 1, 101, 3, 4, 2, 1)) oi_pkcs7_rsa_enc = ObjectIdentifier((1, 2, 840, 113549, 1, 1, 1)) der = Sequence().setComponentByPosition(0, oi_pkcs7_signed) data = Sequence() data = data.setComponentByPosition(0, Integer(1)) data = data.setComponentByPosition( 1, Set().setComponentByPosition( 0, Sequence().setComponentByPosition( 0, oi_sha256).setComponentByPosition(1, Null('')))) data = data.setComponentByPosition( 2, Sequence().setComponentByPosition( 0, oi_pkcs7_data).setComponentByPosition( 1, Sequence().subtype(implicitTag=tag.Tag( tag.tagClassContext, tag.tagFormatSimple, 0)).setComponentByPosition( 0, OctetString(hexValue=msg.hex())))) data = data.setComponentByPosition( 3, Sequence().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).setComponentByPosition( 0, owner_cert_pub)) data4001 = Sequence().setComponentByPosition(0, owner_cert_pub[0][3]) data4001 = data4001.setComponentByPosition(1, owner_cert_pub[0][1]) data4002 = Sequence().setComponentByPosition( 0, oi_sha256).setComponentByPosition(1, Null('')) data4003 = Sequence().setComponentByPosition( 0, oi_pkcs7_rsa_enc).setComponentByPosition(1, Null('')) data4004 = OctetString(hexValue=signed.hex()) data = data.setComponentByPosition( 4, Set().setComponentByPosition( 0, Sequence().setComponentByPosition( 0, Integer(1)).setComponentByPosition( 1, data4001).setComponentByPosition( 2, data4002).setComponentByPosition( 3, data4003).setComponentByPosition(4, data4004))) der = der.setComponentByPosition( 1, Sequence().subtype( implicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0)).setComponentByPosition(0, data)) return der_encoder.encode(der)
class AlgorithmIdentifierData(Sequence): componentType = NamedTypes(NamedType('salt', OctetString()), NamedType('iteration', Integer()))
class KrbPriv(Sequence): tagSet = application(21) componentType = NamedTypes(NamedType('pvno', _c(0, Integer())), NamedType('msg-type', _c(1, Integer())), NamedType('enc-part', _c(3, EncryptedData())))
class APRep(Sequence): tagSet = application(15) componentType = NamedTypes(NamedType('pvno', _c(0, Integer())), NamedType('msg-type', _c(1, Integer())), NamedType('enc-part', _c(2, EncryptedData())))
async def async_turn_off(self, **kwargs): """Turn off the switch.""" if self._command_payload_on.isdigit(): await self._set(Integer(self._command_payload_off)) else: await self._set(self._command_payload_off)
class SdFlags(Sequence): componentType = NamedTypes(NamedType('Flags', Integer()))
class ETypeInfo2Entry(_K5Sequence): componentType = NamedTypes(_mfield('etype', 0, Integer()), _ofield('salt', 1, GeneralString()), _ofield('a2kparams', 2, OctetString()))
class TSRequest(Sequence): """ [MS-CSSP] 2.2.1 TSRequest https://msdn.microsoft.com/en-us/library/cc226780.aspx Top-most structure used by the client and server and contains various different types of data depending on the stage of the CredSSP protocol it is at. TSRequest ::= SEQUENCE { version [0] INTEGER, negoTokens [1] NegoData OPTIONAL, authInfo [2] OCTET STRING OPTIONAL, pubKeyAuth [3] OCTET STRING OPTIONAL, errorCode [4] INTEGER OPTIONAL, clientNonce [5] OCTER STRING OPTIONAL, } Fields: version: Specifies the support version of the CredSSP Protocol. Valid values for this field are 2 and 3 negoTokens: A NegoData structure that contains the SPEGNO tokens or Kerberos/NTLM messages. authInfo: A TSCredentials structure that contains the user's credentials that are delegated to the server pubKeyAuth: Contains the server's public key info to stop man in the middle attacks errorCode: When version is 3, the server can send the NTSTATUS failure codes (Only Server 2012 R2 and newer) clientNonce: A 32-byte array of cryptographically random bytes, only used in version 5 or higher of this protocol """ CLIENT_VERSION = 6 componentType = NamedTypes( NamedType( 'version', Integer().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 0) ) ), OptionalNamedType( 'negoTokens', NegoData().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 1) ) ), OptionalNamedType( 'authInfo', OctetString().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 2) ) ), OptionalNamedType( 'pubKeyAuth', OctetString().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 3) ) ), OptionalNamedType( 'errorCode', Integer().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 4) ) ), OptionalNamedType( 'clientNonce', OctetString().subtype( explicitTag=Tag(tagClassContext, tagFormatConstructed, 5) ) ) ) def __init__(self, **kwargs): super(TSRequest, self).__init__(**kwargs) self['version'] = self.CLIENT_VERSION def check_error_code(self): """ For CredSSP version of 3 or newer, the server can response with an NtStatus error code with details of what error occurred. This method will check if the error code exists and throws an NTStatusException if it is no STATUS_SUCCESS. """ # start off with STATUS_SUCCESS as a baseline status = NtStatusCodes.STATUS_SUCCESS error_code = self['errorCode'] if error_code.isValue: # ASN.1 Integer is stored as an signed integer, we need to # convert it to a unsigned integer status = ctypes.c_uint32(error_code).value if status != NtStatusCodes.STATUS_SUCCESS: raise NTStatusException(status)
class DERSignature(Sequence): componentType = NamedTypes( NamedType("r", Integer()), NamedType("s", Integer()), )
async def async_turn_off(self, **kwargs): """Turn off the switch.""" from pyasn1.type.univ import (Integer) await self._set(Integer(self._command_payload_off))
class EncryptionKey(Sequence): componentType = NamedTypes(NamedType('keytype', _c(0, Integer())), NamedType('keyvalue', _c(1, OctetString())))
def extended_dn_control(criticality=False, hex_format=False): control_value = ExtendedDN() control_value.setComponentByName('option', Integer(not hex_format)) return build_control('1.2.840.113556.1.4.529', criticality, control_value)
class CheckSum(Sequence): componentType = NamedTypes(NamedType('cksumtype', _c(0, Integer())), NamedType('checksum', _c(1, OctetString())))
class ExtendedDN(Sequence): # A flag value 0 specifies that the GUID and SID values be returned in hexadecimal string # A flag value of 1 will return the GUID and SID values in standard string format componentType = NamedTypes(NamedType('option', Integer()))
class Ticket(Sequence): tagSet = application(1) componentType = NamedTypes(NamedType('tkt-vno', _c(0, Integer())), NamedType('realm', _c(1, Realm())), NamedType('sname', _c(2, PrincipalName())), NamedType('enc-part', _c(3, EncryptedData())))
# -- this ASN.1 module is part of RFC 4511; see the RFC itself # -- for full legal notices. # DEFINITIONS # IMPLICIT TAGS # EXTENSIBILITY IMPLIED from pyasn1.type.univ import OctetString, Integer, Sequence, Choice, SequenceOf, Boolean, Null, Enumerated, SetOf from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType, DefaultedNamedType from pyasn1.type.constraint import ValueRangeConstraint, SingleValueConstraint, ValueSizeConstraint from pyasn1.type.namedval import NamedValues from pyasn1.type.tag import tagClassApplication, tagFormatConstructed, Tag, tagClassContext, tagFormatSimple # constants # maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- LDAP_MAX_INT = 2147483647 MAXINT = Integer(LDAP_MAX_INT) # constraints rangeInt0ToMaxConstraint = ValueRangeConstraint(0, MAXINT) rangeInt1To127Constraint = ValueRangeConstraint(1, 127) size1ToMaxConstraint = ValueSizeConstraint(1, MAXINT) responseValueConstraint = SingleValueConstraint( 0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 32, 33, 34, 36, 48, 49, 50, 51, 52, 53, 54, 64, 65, 66, 67, 68, 69, 71, 80, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 4096) # custom constraints numericOIDConstraint = None # TODO distinguishedNameConstraint = None # TODO nameComponentConstraint = None # TODO attributeDescriptionConstraint = None # TODO
class LastReq(SequenceOf): componentType = Sequence( componentType=NamedTypes(NamedType('lr-type', _c(0, Integer())), NamedType('lr-value', _c(1, KerberosTime()))))
class PrincipalName(Sequence): componentType = NamedTypes( NamedType('name-type', _c(0, Integer())), NamedType('name-string', _c(1, SequenceOf(componentType=KerberosString()))))
class TransitedEncoding(Sequence): componentType = NamedTypes(NamedType('tr-type', _c(0, Integer())), NamedType('contents', _c(1, OctetString())))
class PAData(Sequence): componentType = NamedTypes( NamedType('padata-type', _c(1, Integer())), NamedType('padata-value', _c(2, OctetString())))
class AuthorizationData(SequenceOf): componentType = Sequence( componentType=NamedTypes(NamedType('ad-type', _c(0, Integer())), NamedType('ad-data', _c(1, OctetString()))))
def turn_off(self): """Turn off the switch.""" from pyasn1.type.univ import (Integer) self._set(Integer(self._payload_off))
class PAEncTSEnc(_K5Sequence): componentType = NamedTypes(_mfield('patimestamp', 0, GeneralizedTime()), _ofield('pausec', 1, Integer()))