KU_TGS_REP_ENC_PART_SUB_KEY,
KU_TGS_REQ_AUTH,
KU_TGS_REQ_AUTH_CKSUM,
+ KU_TGS_REQ_AUTH_DAT_SESSION,
+ KU_TGS_REQ_AUTH_DAT_SUBKEY,
KU_TICKET,
PADATA_ENC_TIMESTAMP,
PADATA_ETYPE_INFO,
nonce,
etypes,
addresses,
+ additional_tickets,
EncAuthorizationData,
EncAuthorizationData_key,
- additional_tickets,
+ EncAuthorizationData_usage,
asn1_print=None,
hexdump=None):
# KDC-REQ-BODY ::= SEQUENCE {
asn1Spec=krb5_asn1.AuthorizationData(),
asn1_print=asn1_print,
hexdump=hexdump)
- enc_ad = self.EncryptedData_create(
- EncAuthorizationData_key, enc_ad_plain)
+ enc_ad = self.EncryptedData_create(EncAuthorizationData_key,
+ EncAuthorizationData_usage,
+ enc_ad_plain)
else:
enc_ad = None
KDC_REQ_BODY_obj = {
nonce, # required
etypes, # required
addresses, # optional
- EncAuthorizationData,
- EncAuthorizationData_key,
additional_tickets,
native_decoded_only=True,
asn1_print=None,
nonce,
etypes,
addresses,
- EncAuthorizationData,
- EncAuthorizationData_key,
additional_tickets,
+ EncAuthorizationData=None,
+ EncAuthorizationData_key=None,
+ EncAuthorizationData_usage=None,
asn1_print=asn1_print,
hexdump=hexdump)
obj, decoded = self.KDC_REQ_create(
# -- NOTE: not empty
# }
+ if authenticator_subkey is not None:
+ EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SUBKEY
+ else:
+ EncAuthorizationData_usage = KU_TGS_REQ_AUTH_DAT_SESSION
+
req_body = self.KDC_REQ_BODY_create(
kdc_options=kdc_options,
cname=None,
nonce=nonce,
etypes=etypes,
addresses=addresses,
+ additional_tickets=additional_tickets,
EncAuthorizationData=EncAuthorizationData,
EncAuthorizationData_key=EncAuthorizationData_key,
- additional_tickets=additional_tickets)
+ EncAuthorizationData_usage=EncAuthorizationData_usage)
req_body_blob = self.der_encode(req_body,
asn1Spec=krb5_asn1.KDC_REQ_BODY(),
asn1_print=asn1_print, hexdump=hexdump)
nonce=None, # required
etypes=None, # required
addresses=None, # optional
+ additional_tickets=None, # optional
EncAuthorizationData=None, # optional
EncAuthorizationData_key=None, # optional
- additional_tickets=None): # optional
+ EncAuthorizationData_usage=None): # optional
check_error_fn = kdc_exchange_dict['check_error_fn']
check_rep_fn = kdc_exchange_dict['check_rep_fn']
nonce=nonce,
etypes=etypes,
addresses=addresses,
+ additional_tickets=additional_tickets,
EncAuthorizationData=EncAuthorizationData,
EncAuthorizationData_key=EncAuthorizationData_key,
- additional_tickets=additional_tickets)
+ EncAuthorizationData_usage=EncAuthorizationData_usage)
if generate_padata_fn is not None:
# This can alter req_body...
padata, req_body = generate_padata_fn(kdc_exchange_dict,