Hide keyboard shortcuts

Hot-keys on this page

r m x p   toggle line displays

j k   next/prev highlighted chunk

0   (zero) top of page

1   (one) first highlighted chunk

1# Copyright (c) 2013, Marc Horowitz 

2# All rights reserved. 

3# 

4# Redistribution and use in source and binary forms, with or without 

5# modification, are permitted provided that the following conditions are 

6# met: 

7# 

8# Redistributions of source code must retain the above copyright notice, 

9# this list of conditions and the following disclaimer. 

10# 

11# Redistributions in binary form must reproduce the above copyright 

12# notice, this list of conditions and the following disclaimer in the 

13# documentation and/or other materials provided with the distribution. 

14# 

15# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 

16# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 

17# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 

18# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 

19# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 

20# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 

21# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 

22# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 

23# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 

24# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 

25# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 

26# 

27# Altered source by Alberto Solino (@agsolino) 

28# 

29# Changed some of the classes names to match the RFC 4120 

30# Added [MS-KILE] data 

31# Adapted to Enum 

32# 

33 

34 

35from pyasn1.type import tag, namedtype, univ, constraint, char, useful 

36 

37from . import constants 

38 

39 

40def _application_tag(tag_value): 

41 return univ.Sequence.tagSet.tagExplicitly( 

42 tag.Tag(tag.tagClassApplication, tag.tagFormatConstructed, 

43 int(tag_value))) 

44 

45def _vno_component(tag_value, name="pvno"): 

46 return _sequence_component( 

47 name, tag_value, univ.Integer(), 

48 subtypeSpec=constraint.ValueRangeConstraint(5, 5)) 

49 

50def _msg_type_component(tag_value, values): 

51 c = constraint.ConstraintsUnion( 

52 *(constraint.SingleValueConstraint(int(v)) for v in values)) 

53 return _sequence_component('msg-type', tag_value, univ.Integer(), 

54 subtypeSpec=c) 

55 

56def _sequence_component(name, tag_value, type, **subkwargs): 

57 return namedtype.NamedType(name, type.subtype( 

58 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 

59 tag_value), 

60 **subkwargs)) 

61 

62def _sequence_optional_component(name, tag_value, type, **subkwargs): 

63 return namedtype.OptionalNamedType(name, type.subtype( 

64 explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 

65 tag_value), 

66 **subkwargs)) 

67 

68def seq_set(seq, name, builder=None, *args, **kwargs): 

69 component = seq.setComponentByName(name).getComponentByName(name) 

70 if builder is not None: 

71 seq.setComponentByName(name, builder(component, *args, **kwargs)) 

72 else: 

73 seq.setComponentByName(name) 

74 return seq.getComponentByName(name) 

75 

76def seq_set_dict(seq, name, pairs, *args, **kwargs): 

77 component = seq.setComponentByName(name).getComponentByName(name) 

78 for k, v in pairs.items(): 

79 component.setComponentByName(k, v) 

80 

81def seq_set_iter(seq, name, iterable): 

82 component = seq.setComponentByName(name).getComponentByName(name) 

83 for pos, v in enumerate(iterable): 

84 component.setComponentByPosition(pos, v) 

85 

86def seq_set_flags(seq, name, flags): 

87 seq_set(seq, name, flags.to_asn1) 

88 

89def seq_append(seq, name, pairs): 

90 component = seq.getComponentByName(name) 

91 if component is None: 

92 component = seq.setComponentByName(name).getComponentByName(name) 

93 index = len(component) 

94 element = component.setComponentByPosition(index 

95 ).getComponentByPosition(index) 

96 for k, v in pairs.items(): 

97 element.setComponentByName(k, v) 

98 

99class Int32(univ.Integer): 

100 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

101 -2147483648, 2147483647) 

102 

103class UInt32(univ.Integer): 

104 pass 

105# subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

106# 0, 4294967295) 

107 

108class Microseconds(univ.Integer): 

109 subtypeSpec = univ.Integer.subtypeSpec + constraint.ValueRangeConstraint( 

110 0, 999999) 

111 

112class KerberosString(char.GeneralString): 

113 # TODO marc: I'm not sure how to express this constraint in the API. 

114 # For now, we will be liberal in what we accept. 

115 # subtypeSpec = constraint.PermittedAlphabetConstraint(char.IA5String()) 

116 pass 

117 

118class Realm(KerberosString): 

119 pass 

120 

121class PrincipalName(univ.Sequence): 

122 componentType = namedtype.NamedTypes( 

123 _sequence_component("name-type", 0, Int32()), 

124 _sequence_component("name-string", 1, 

125 univ.SequenceOf(componentType=KerberosString())) 

126 ) 

127 

128class KerberosTime(useful.GeneralizedTime): 

129 pass 

130 

131class HostAddress(univ.Sequence): 

132 componentType = namedtype.NamedTypes( 

133 _sequence_component("addr-type", 0, Int32()), 

134 _sequence_component("address", 1, univ.OctetString()) 

135 ) 

136 

137class HostAddresses(univ.SequenceOf): 

138 componentType = HostAddress() 

139 

140class AuthorizationData(univ.SequenceOf): 

141 componentType = univ.Sequence(componentType=namedtype.NamedTypes( 

142 _sequence_component('ad-type', 0, Int32()), 

143 _sequence_component('ad-data', 1, univ.OctetString()) 

144 )) 

145 

146class PA_DATA(univ.Sequence): 

147 componentType = namedtype.NamedTypes( 

148 _sequence_component('padata-type', 1, Int32()), 

149 _sequence_component('padata-value', 2, univ.OctetString()) 

150 ) 

151 

152class KerberosFlags(univ.BitString): 

153 # TODO marc: it doesn't look like there's any way to specify the 

154 # SIZE (32.. MAX) parameter to the encoder. However, we can 

155 # arrange at a higher layer to pass in >= 32 bits to the encoder. 

156 pass 

157 

158class EncryptedData(univ.Sequence): 

159 componentType = namedtype.NamedTypes( 

160 _sequence_component("etype", 0, Int32()), 

161 _sequence_optional_component("kvno", 1, UInt32()), 

162 _sequence_component("cipher", 2, univ.OctetString()) 

163 ) 

164 

165class EncryptionKey(univ.Sequence): 

166 componentType = namedtype.NamedTypes( 

167 _sequence_component('keytype', 0, Int32()), 

168 _sequence_component('keyvalue', 1, univ.OctetString())) 

169 

170class Checksum(univ.Sequence): 

171 componentType = namedtype.NamedTypes( 

172 _sequence_component('cksumtype', 0, Int32()), 

173 _sequence_component('checksum', 1, univ.OctetString())) 

174 

175class Ticket(univ.Sequence): 

176 tagSet = _application_tag(constants.ApplicationTagNumbers.Ticket.value) 

177 componentType = namedtype.NamedTypes( 

178 _vno_component(name="tkt-vno", tag_value=0), 

179 _sequence_component("realm", 1, Realm()), 

180 _sequence_component("sname", 2, PrincipalName()), 

181 _sequence_component("enc-part", 3, EncryptedData()) 

182 ) 

183 

184class TicketFlags(KerberosFlags): 

185 pass 

186 

187class TransitedEncoding(univ.Sequence): 

188 componentType = namedtype.NamedTypes( 

189 _sequence_component('tr-type', 0, Int32()), 

190 _sequence_component('contents', 1, univ.OctetString())) 

191 

192class EncTicketPart(univ.Sequence): 

193 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTicketPart.value) 

194 componentType = namedtype.NamedTypes( 

195 _sequence_component("flags", 0, TicketFlags()), 

196 _sequence_component("key", 1, EncryptionKey()), 

197 _sequence_component("crealm", 2, Realm()), 

198 _sequence_component("cname", 3, PrincipalName()), 

199 _sequence_component("transited", 4, TransitedEncoding()), 

200 _sequence_component("authtime", 5, KerberosTime()), 

201 _sequence_optional_component("starttime", 6, KerberosTime()), 

202 _sequence_component("endtime", 7, KerberosTime()), 

203 _sequence_optional_component("renew-till", 8, KerberosTime()), 

204 _sequence_optional_component("caddr", 9, HostAddresses()), 

205 _sequence_optional_component("authorization-data", 10, AuthorizationData()) 

206 ) 

207 

208class KDCOptions(KerberosFlags): 

209 pass 

210 

211class KDC_REQ_BODY(univ.Sequence): 

212 componentType = namedtype.NamedTypes( 

213 _sequence_component('kdc-options', 0, KDCOptions()), 

214 _sequence_optional_component('cname', 1, PrincipalName()), 

215 _sequence_component('realm', 2, Realm()), 

216 _sequence_optional_component('sname', 3, PrincipalName()), 

217 _sequence_optional_component('from', 4, KerberosTime()), 

218 _sequence_component('till', 5, KerberosTime()), 

219 _sequence_optional_component('rtime', 6, KerberosTime()), 

220 _sequence_component('nonce', 7, UInt32()), 

221 _sequence_component('etype', 8, 

222 univ.SequenceOf(componentType=Int32())), 

223 _sequence_optional_component('addresses', 9, HostAddresses()), 

224 _sequence_optional_component('enc-authorization-data', 10, 

225 EncryptedData()), 

226 _sequence_optional_component('additional-tickets', 11, 

227 univ.SequenceOf(componentType=Ticket())) 

228 ) 

229 

230class KDC_REQ(univ.Sequence): 

231 componentType = namedtype.NamedTypes( 

232 _vno_component(1), 

233 _msg_type_component(2, (constants.ApplicationTagNumbers.AS_REQ.value, 

234 constants.ApplicationTagNumbers.TGS_REQ.value)), 

235 _sequence_optional_component('padata', 3, 

236 univ.SequenceOf(componentType=PA_DATA())), 

237 _sequence_component('req-body', 4, KDC_REQ_BODY()) 

238 ) 

239 

240class AS_REQ(KDC_REQ): 

241 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REQ.value) 

242 

243class TGS_REQ(KDC_REQ): 

244 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REQ.value) 

245 

246class KDC_REP(univ.Sequence): 

247 componentType = namedtype.NamedTypes( 

248 _vno_component(0), 

249 _msg_type_component(1, (constants.ApplicationTagNumbers.AS_REP.value, 

250 constants.ApplicationTagNumbers.TGS_REP.value)), 

251 _sequence_optional_component('padata', 2, 

252 univ.SequenceOf(componentType=PA_DATA())), 

253 _sequence_component('crealm', 3, Realm()), 

254 _sequence_component('cname', 4, PrincipalName()), 

255 _sequence_component('ticket', 5, Ticket()), 

256 _sequence_component('enc-part', 6, EncryptedData()) 

257 ) 

258 

259class LastReq(univ.SequenceOf): 

260 componentType = univ.Sequence(componentType=namedtype.NamedTypes( 

261 _sequence_component('lr-type', 0, Int32()), 

262 _sequence_component('lr-value', 1, KerberosTime()) 

263 )) 

264 

265class METHOD_DATA(univ.SequenceOf): 

266 componentType = PA_DATA() 

267 

268class EncKDCRepPart(univ.Sequence): 

269 componentType = namedtype.NamedTypes( 

270 _sequence_component('key', 0, EncryptionKey()), 

271 _sequence_component('last-req', 1, LastReq()), 

272 _sequence_component('nonce', 2, UInt32()), 

273 _sequence_optional_component('key-expiration', 3, KerberosTime()), 

274 _sequence_component('flags', 4, TicketFlags()), 

275 _sequence_component('authtime', 5, KerberosTime()), 

276 _sequence_optional_component('starttime', 6, KerberosTime()), 

277 _sequence_component('endtime', 7, KerberosTime()), 

278 _sequence_optional_component('renew-till', 8, KerberosTime()), 

279 _sequence_component('srealm', 9, Realm()), 

280 _sequence_component('sname', 10, PrincipalName()), 

281 _sequence_optional_component('caddr', 11, HostAddresses()), 

282 _sequence_optional_component('encrypted_pa_data', 12, METHOD_DATA()) 

283 ) 

284 

285class EncASRepPart(EncKDCRepPart): 

286 tagSet = _application_tag(constants.ApplicationTagNumbers.EncASRepPart.value) 

287 

288class EncTGSRepPart(EncKDCRepPart): 

289 tagSet = _application_tag(constants.ApplicationTagNumbers.EncTGSRepPart.value) 

290 

291class AS_REP(KDC_REP): 

292 tagSet = _application_tag(constants.ApplicationTagNumbers.AS_REP.value) 

293 

294class TGS_REP(KDC_REP): 

295 tagSet = _application_tag(constants.ApplicationTagNumbers.TGS_REP.value) 

296 

297class APOptions(KerberosFlags): 

298 pass 

299 

300class Authenticator(univ.Sequence): 

301 tagSet = _application_tag(constants.ApplicationTagNumbers.Authenticator.value) 

302 componentType = namedtype.NamedTypes( 

303 _vno_component(name='authenticator-vno', tag_value=0), 

304 _sequence_component('crealm', 1, Realm()), 

305 _sequence_component('cname', 2, PrincipalName()), 

306 _sequence_optional_component('cksum', 3, Checksum()), 

307 _sequence_component('cusec', 4, Microseconds()), 

308 _sequence_component('ctime', 5, KerberosTime()), 

309 _sequence_optional_component('subkey', 6, EncryptionKey()), 

310 _sequence_optional_component('seq-number', 7, UInt32()), 

311 _sequence_optional_component('authorization-data', 8, 

312 AuthorizationData()) 

313 ) 

314 

315class AP_REQ(univ.Sequence): 

316 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REQ.value) 

317 componentType = namedtype.NamedTypes( 

318 _vno_component(0), 

319 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REQ.value,)), 

320 _sequence_component('ap-options', 2, APOptions()), 

321 _sequence_component('ticket', 3, Ticket()), 

322 _sequence_component('authenticator', 4, EncryptedData()) 

323 ) 

324 

325class AP_REP(univ.Sequence): 

326 tagSet = _application_tag(constants.ApplicationTagNumbers.AP_REP.value) 

327 componentType = namedtype.NamedTypes( 

328 _vno_component(0), 

329 _msg_type_component(1, (constants.ApplicationTagNumbers.AP_REP.value,)), 

330 _sequence_component('enc-part', 2, EncryptedData()), 

331 ) 

332 

333class EncAPRepPart(univ.Sequence): 

334 tagSet = _application_tag(constants.ApplicationTagNumbers.EncApRepPart.value) 

335 componentType = namedtype.NamedTypes( 

336 _sequence_component('ctime', 0, KerberosTime()), 

337 _sequence_component('cusec', 1, Microseconds()), 

338 _sequence_optional_component('subkey', 2, EncryptionKey()), 

339 _sequence_optional_component('seq-number', 3, UInt32()), 

340 ) 

341 

342class KRB_SAFE_BODY(univ.Sequence): 

343 componentType = namedtype.NamedTypes( 

344 _sequence_component('user-data', 0, univ.OctetString()), 

345 _sequence_optional_component('timestamp', 1, KerberosTime()), 

346 _sequence_optional_component('usec', 2, Microseconds()), 

347 _sequence_optional_component('seq-number', 3, UInt32()), 

348 _sequence_component('s-address', 4, HostAddress()), 

349 _sequence_optional_component('r-address', 5, HostAddress()), 

350 ) 

351 

352class KRB_SAFE(univ.Sequence): 

353 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_SAFE.value) 

354 componentType = namedtype.NamedTypes( 

355 _vno_component(0), 

356 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_SAFE.value,)), 

357 _sequence_component('safe-body', 2, KRB_SAFE_BODY()), 

358 _sequence_component('cksum', 3, Checksum()), 

359 ) 

360 

361class KRB_PRIV(univ.Sequence): 

362 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_PRIV.value) 

363 componentType = namedtype.NamedTypes( 

364 _vno_component(0), 

365 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_PRIV.value,)), 

366 _sequence_component('enc-part', 3, EncryptedData()), 

367 ) 

368 

369class EncKrbPrivPart(univ.Sequence): 

370 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbPrivPart.value) 

371 componentType = namedtype.NamedTypes( 

372 _sequence_component('user-data', 0, univ.OctetString()), 

373 _sequence_optional_component('timestamp', 1, KerberosTime()), 

374 _sequence_optional_component('cusec', 2, Microseconds()), 

375 _sequence_optional_component('seq-number', 3, UInt32()), 

376 _sequence_component('s-address', 4, HostAddress()), 

377 _sequence_optional_component('r-address', 5, HostAddress()), 

378 ) 

379 

380class KRB_CRED(univ.Sequence): 

381 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_CRED.value) 

382 componentType = namedtype.NamedTypes( 

383 _vno_component(0), 

384 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_CRED.value,)), 

385 _sequence_optional_component('tickets', 2, 

386 univ.SequenceOf(componentType=Ticket())), 

387 _sequence_component('enc-part', 3, EncryptedData()), 

388 ) 

389 

390class KrbCredInfo(univ.Sequence): 

391 componentType = namedtype.NamedTypes( 

392 _sequence_component('key', 0, EncryptionKey()), 

393 _sequence_optional_component('prealm', 1, Realm()), 

394 _sequence_optional_component('pname', 2, PrincipalName()), 

395 _sequence_optional_component('flags', 3, TicketFlags()), 

396 _sequence_optional_component('authtime', 4, KerberosTime()), 

397 _sequence_optional_component('starttime', 5, KerberosTime()), 

398 _sequence_optional_component('endtime', 6, KerberosTime()), 

399 _sequence_optional_component('renew-till', 7, KerberosTime()), 

400 _sequence_optional_component('srealm', 8, Realm()), 

401 _sequence_optional_component('sname', 9, PrincipalName()), 

402 _sequence_optional_component('caddr', 10, HostAddresses()), 

403 ) 

404 

405class EncKrbCredPart(univ.Sequence): 

406 tagSet = _application_tag(constants.ApplicationTagNumbers.EncKrbCredPart.value) 

407 componentType = namedtype.NamedTypes( 

408 _sequence_component('ticket-info', 0, univ.SequenceOf(componentType=KrbCredInfo())), 

409 _sequence_optional_component('nonce', 1, UInt32()), 

410 _sequence_optional_component('timestamp', 2, KerberosTime()), 

411 _sequence_optional_component('usec', 3, Microseconds()), 

412 _sequence_optional_component('s-address', 4, HostAddress()), 

413 _sequence_optional_component('r-address', 5, HostAddress()), 

414 ) 

415 

416class KRB_ERROR(univ.Sequence): 

417 tagSet = _application_tag(constants.ApplicationTagNumbers.KRB_ERROR.value) 

418 componentType = namedtype.NamedTypes( 

419 _vno_component(0), 

420 _msg_type_component(1, (constants.ApplicationTagNumbers.KRB_ERROR.value,)), 

421 _sequence_optional_component('ctime', 2, KerberosTime()), 

422 _sequence_optional_component('cusec', 3, Microseconds()), 

423 _sequence_component('stime', 4, KerberosTime()), 

424 _sequence_component('susec', 5, Microseconds()), 

425 _sequence_component('error-code', 6, Int32()), 

426 _sequence_optional_component('crealm', 7, Realm()), 

427 _sequence_optional_component('cname', 8, PrincipalName()), 

428 _sequence_component('realm', 9, Realm()), 

429 _sequence_component('sname', 10, PrincipalName()), 

430 _sequence_optional_component('e-text', 11, KerberosString()), 

431 _sequence_optional_component('e-data', 12, univ.OctetString()) 

432 ) 

433 

434class TYPED_DATA(univ.SequenceOf): 

435 componentType = namedtype.NamedTypes( 

436 _sequence_component('data-type', 0, Int32()), 

437 _sequence_optional_component('data-value', 1, univ.OctetString()), 

438 ) 

439 

440class PA_ENC_TIMESTAMP(EncryptedData): 

441 pass 

442 

443class PA_ENC_TS_ENC(univ.Sequence): 

444 componentType = namedtype.NamedTypes( 

445 _sequence_component('patimestamp', 0, KerberosTime()), 

446 _sequence_optional_component('pausec', 1, Microseconds())) 

447 

448class ETYPE_INFO_ENTRY(univ.Sequence): 

449 componentType = namedtype.NamedTypes( 

450 _sequence_component('etype', 0, Int32()), 

451 _sequence_optional_component('salt', 1, univ.OctetString())) 

452 

453class ETYPE_INFO(univ.SequenceOf): 

454 componentType = ETYPE_INFO_ENTRY() 

455 

456class ETYPE_INFO2_ENTRY(univ.Sequence): 

457 componentType = namedtype.NamedTypes( 

458 _sequence_component('etype', 0, Int32()), 

459 _sequence_optional_component('salt', 1, KerberosString()), 

460 _sequence_optional_component('s2kparams', 2, univ.OctetString())) 

461 

462class ETYPE_INFO2(univ.SequenceOf): 

463 componentType = ETYPE_INFO2_ENTRY() 

464 

465class AD_IF_RELEVANT(AuthorizationData): 

466 pass 

467 

468class AD_KDCIssued(univ.Sequence): 

469 componentType = namedtype.NamedTypes( 

470 _sequence_component('ad-checksum', 0, Checksum()), 

471 _sequence_optional_component('i-realm', 1, Realm()), 

472 _sequence_optional_component('i-sname', 2, PrincipalName()), 

473 _sequence_component('elements', 3, AuthorizationData())) 

474 

475class AD_AND_OR(univ.Sequence): 

476 componentType = namedtype.NamedTypes( 

477 _sequence_component('condition-count', 0, Int32()), 

478 _sequence_optional_component('elements', 1, AuthorizationData())) 

479 

480class AD_MANDATORY_FOR_KDC(AuthorizationData): 

481 pass 

482 

483class KERB_PA_PAC_REQUEST(univ.Sequence): 

484 componentType = namedtype.NamedTypes( 

485 namedtype.NamedType('include-pac', univ.Boolean().subtype(explicitTag=tag.Tag(tag.tagClassContext, tag.tagFormatSimple, 0))), 

486 ) 

487 

488class PA_FOR_USER_ENC(univ.Sequence): 

489 componentType = namedtype.NamedTypes( 

490 _sequence_component('userName', 0, PrincipalName()), 

491 _sequence_optional_component('userRealm', 1, Realm()), 

492 _sequence_optional_component('cksum', 2, Checksum()), 

493 _sequence_optional_component('auth-package', 3, KerberosString())) 

494 

495class KERB_ERROR_DATA(univ.Sequence): 

496 componentType = namedtype.NamedTypes( 

497 _sequence_component('data-type', 1, Int32()), 

498 _sequence_component('data-value', 2, univ.OctetString())) 

499 

500class PA_PAC_OPTIONS(univ.Sequence): 

501 componentType = namedtype.NamedTypes( 

502 _sequence_component('flags', 0, KerberosFlags()), 

503 ) 

504 

505class KERB_KEY_LIST_REQ(univ.SequenceOf): 

506 componentType = Int32() 

507 

508class KERB_KEY_LIST_REP(univ.SequenceOf): 

509 componentType = EncryptionKey()