Expand description
§Kerberos ASN1
This library defines the ASN1 structures used by the Kerberos protocol as Rust structs. Based in the red_asn1 library.
Each type defined in this library provides a method parse
to parse
an array of bytes and create the type, and a method build
to create
an array of bytes from the type and its values.
§Examples
Decoding a string of Kerberos:
use kerberos_asn1::KerberosString;
use red_asn1::Asn1Object;
let raw_string = &[
0x1b, 0x0e, 0x4b, 0x49, 0x4e, 0x47, 0x44, 0x4f, 0x4d, 0x2e,
0x48, 0x45, 0x41, 0x52, 0x54, 0x53,
];
let (rest_raw, kerberos_string) = KerberosString::parse(raw_string).unwrap();
assert_eq!("KINGDOM.HEARTS", kerberos_string);
§References
Structs§
- (AD-AND-OR) Type of AuthorizationData. Defined in RFC4120, section 5.2.6.3.
- (AD-KDCIssued) Type of AuthorizationData. Defined in RFC4120, section 5.2.6.2.
- (AP-REP) Response to AP-REQ, sent when mutual authentication is selected. Defined in RFC4120, section 5.5.2.
- (AP-REQ) Message sent to the application server to authenticate the client. Defined in RFC4120, section 5.5.1.
- (AS-REP) Message returned by KDC in response to AS-REQ.
- (AS-REQ) Message used to request a TGT.
- (Authenticator) Included in AP-REQ to certified the knowledge of the session key. Defined in RFC4120, section 5.5.1.
- Entry of the AuthorizationData
- (Checksum) Checksum of the related message. Defined in RFC4120, section 5.2.9.
- (EncAPRepPart) Encrypted part of the message AP-REP. Defined in RFC4120, section 5.5.2.
- (EncAsRepPart) Holds the data that is encrypted in AsRep
- (EncKdcRepPart) Holds the data that is encrypted in KdcRep
- (EncKrbCredPart) The encrypted part of the KRB-CRED message. Defined in RFC4120, section 5.8.1.
- (EncKrbPrivPart) Encripted part of the KRB-PRIV message. Defined in RFC4120, section 5.7.1.
- (EncTgsRepPart) Holds the data that is encrypted in TgsRep
- (EncTicketPart) Encrypted part of a Ticket. Defined in RFC4120, section 5.3.
- (EncryptedData) Chunck of data that is encrypted in Kerberos exchanges.
- (EncryptionKey) To represent the key of an encryption algorithm.
- (ETYPE-INFO2-ENTRY) Give information about an encryption algorithm.
- (ETYPE-INFO-ENTRY) Entry of ETYPE-INFO. Defined RFC4120, section 5.2.7.4.
- (HostAddress) Different types of addresses.
- (KDC-REQ) Base for AS-REQ and TGS-REQ
- (KDC-REQ-BODY) Holds the most part of data of requests.
- (KERB-AD-RESTRICTION-ENTRY) Specify additional restrictions for the client. Defined in MS-KILE, section 2.2.6.
- (KERB-ERROR-DATA) returned in e-data field of KRB-ERROR. Defined in MS-KILE, section 2.2.2.
- (KERB-PA-PAC-REQUEST) To indicate if PAC should be included in response. Defined in MS-KILE, section 2.2.3.
- (KerberosFlags) Flags used for different entities. Defined in RFC4120, section 5.2.8.
- (KerberosTime) For time representations in Kerberos.
- (KRB-CRED) Message used to send Kerberos credentials form one principal to another. Defined in RFC4120, section 5.8.1.
- (KrbCredInfo) Information of the ticket sent in EncKrbCredPart. Defined in RFC4120, section 5.8.1.
- (KRB-ERROR) Message used to indicate an error. Defined in RFC4120, section 5.9.1.
- (KRB-PRIV) To send a message securely and privately. Defined RFC4120, section 5.7.1.
- (KRB-SAFE) Used to send a tamper-proof message to a peer. Defined in RFC4120, section 5.6.1.
- (KRB-SAFE-BODY) Included in KRB-SAFE. Defined in RFC4120, section 5.6.1.
- Entry of LastReq. Pseudotype defined in this library. Defined in RFC4120, 5.4.2.
- (PA-DATA) Container that encapsules different types of preauthentication data structures.
- (PA-ENC-TS-ENC) Timestamp that is encrypted with client Key.
- (PA-FOR-USER) Used in S4U2Self, to specify user to impersonate. Defined in MS-SFU, section 2.2.1.
- (PA-PAC-OPTIONS) To request options of the PAC. Defined in MS-KILE, section 2.2.10 and MS-SFU, section 2.2.5.
- (PA-S4U-X509-USER) Used in S4U2Self, to specify the user certificate. Defined MS-SFU, section 2.2.2.
- (PrincipalName) Name of some Kerberos entity.
- (S4UUserID) Used in PA-S4U-X509-USER, to specify the user certificate. Defined in MS-SFU, section 2.2.2.
- (TGS-REP) Message returned by KDC in response to TGS-REQ.
- (TGS-REQ) Message used to request a TGS.
- (Ticket) Represents a Kerberos ticket.
- (TransitedEncoding) Lists the names of the Kerberos realms that took part in the client authentication. Defined in RFC4120, section 5.3.
- Entry of TYPED-DATA. Pseudotype type defined in this library for implementation.
Enums§
- Error in ASN1-DER parse/build operations
- Enum with the different tag classes
Constants§
Traits§
- A trait to allow objects to be built/parsed from ASN1-DER
Functions§
- Helper to add the correct padding to a NetBIOS Host-Address
Type Aliases§
- (AD-IF-RELEVANT) Type of AuthorizationData. Defined in RFC4120, section 5.2.6.1.
- (AD-MANDATORY-FOR-KDC) Type of AuthorizationData. Defined in RFC4120, section 5.2.6.4.
- (ApOptions) Options used in AP-REQ. Defined in RFC4120, section 5.5.1.
- (AuthorizationData) Defined in RFC4120, section 5.2.6.
- (ETYPE-INFO) Sent in KRB-ERROR to require additional pre-authentication. Defined RFC4120, section 5.2.7.4.
- (ETYPE-INFO2) Array of EtypeInfo2Entry that indicates the available encryption algorithms.
- (HostAddresses) Array of HostAddress
- (Int32) Kerberos i32. Defined in RFC4120, section 5.2.4.
- (KDCOptions) Options used in Kerberos requests.
- (KERB-KEY-LIST-REP) Contains a list of key types the KDC has supplied to the client to support single sign-on capabilities in legacy protocols. Defined in MS-KILE, section 2.2.12.
- (KERB-KEY-LIST-REQ) Used to request a list of key types the KDC can supply to the client to support single sign-on capabilities in legacy protocols. Defined in MS-KILE, section 2.2.11.
- (KERB-LOCAL) contain implementation-specific data used when the Kerberos client and application server are on the same host. Defined in MS-KILE, 2.2.4.
- (KerberosString) String used in Kerberos. Defined in RFC4120, section 5.2.1.
- (LastReq) Register of time of a request to KDC. Defined in RFC4120, 5.4.2.
- (METHOD-DATA) Sequence of PA-DATA. Defined in RFC4120, section 5.9.1.
- (Microseconds) Kerberos Microseconds. Defined in RFC4120, section 5.2.4.
- (PA-ENC-TIMESTAMP) Encrypted PA-ENC-TS-ENC. Defined in RFC4120, section 5.2.7.2.
- (PA-SUPPORTED-ENCTYPES) specify the encryption types supported. Defined in MS-KILE, section 2.2.8.
- (Realm) Kerberos realm.
- Result that encapsulates the Error type of this library
- (TicketFlags) Flags for tickets.
- (TYPED-DATA) For add information to errors in KRB-ERROR. Defined in RFC4120, section 5.9.1.
- (UInt32) Kerberos u32. Defined RFC4120, section 5.2.4.