scapy.layers.gssapi
Generic Security Services (GSS) API
Implements parts of:
GSSAPI: RFC4121 / RFC2743
GSSAPI C bindings: RFC2744
This is implemented in the following SSPs:
Note
You will find more complete documentation for this layer over at GSSAPI
- class scapy.layers.gssapi.ASN1F_GSSAPI_APPLICATION(*seq: Any, **kwargs: Any)[source]
Bases:
ASN1F_SEQUENCE- ASN1_tag = <ASN1Tag APPLICATION[96]>
- class scapy.layers.gssapi.ASN1_Class_GSSAPI[source]
Bases:
ASN1_Class_UNIVERSAL- ANY = <ASN1Tag ANY[0]>
- APPLICATION = <ASN1Tag APPLICATION[96]>
- BIT_STRING = <ASN1Tag BIT_STRING[3]>
- BMP_STRING = <ASN1Tag BMP_STRING[30]>
- BOOLEAN = <ASN1Tag BOOLEAN[1]>
- CHAR_STRING = <ASN1Tag CHAR_STRING[29]>
- COUNTER32 = <ASN1Tag COUNTER32[65]>
- COUNTER64 = <ASN1Tag COUNTER64[70]>
- EMBEDDED_PDF = <ASN1Tag EMBEDDED_PDF[11]>
- ENUMERATED = <ASN1Tag ENUMERATED[10]>
- ERROR = <ASN1Tag ERROR[-3]>
- EXTERNAL = <ASN1Tag EXTERNAL[8]>
- GAUGE32 = <ASN1Tag GAUGE32[66]>
- GENERALIZED_TIME = <ASN1Tag GENERALIZED_TIME[24]>
- GENERAL_STRING = <ASN1Tag GENERAL_STRING[27]>
- GRAPHIC_STRING = <ASN1Tag GRAPHIC_STRING[25]>
- IA5_STRING = <ASN1Tag IA5_STRING[22]>
- INTEGER = <ASN1Tag INTEGER[2]>
- IPADDRESS = <ASN1Tag IPADDRESS[64]>
- ISO646_STRING = <ASN1Tag ISO646_STRING[26]>
- NONE = <ASN1Tag NONE[-1]>
- NULL = <ASN1Tag NULL[5]>
- NUMERIC_STRING = <ASN1Tag NUMERIC_STRING[18]>
- OBJECT_DESCRIPTOR = <ASN1Tag OBJECT_DESCRIPTOR[7]>
- OID = <ASN1Tag OID[6]>
- PRINTABLE_STRING = <ASN1Tag PRINTABLE_STRING[19]>
- RAW = <ASN1Tag RAW[-2]>
- REAL = <ASN1Tag REAL[9]>
- RELATIVE_OID = <ASN1Tag RELATIVE_OID[13]>
- SEQUENCE = <ASN1Tag SEQUENCE[48]>
- SET = <ASN1Tag SET[49]>
- STRING = <ASN1Tag STRING[4]>
- T61_STRING = <ASN1Tag T61_STRING[20]>
- TIME_TICKS = <ASN1Tag TIME_TICKS[67]>
- UNIVERSAL_STRING = <ASN1Tag UNIVERSAL_STRING[28]>
- UTC_TIME = <ASN1Tag UTC_TIME[23]>
- UTF8_STRING = <ASN1Tag UTF8_STRING[12]>
- VIDEOTEX_STRING = <ASN1Tag VIDEOTEX_STRING[21]>
- name = 'GSSAPI'
- class scapy.layers.gssapi.ASN1_GSSAPI_APPLICATION(val: _K)[source]
Bases:
ASN1_SEQUENCE- tag = <ASN1Tag APPLICATION[96]>
- class scapy.layers.gssapi.BERcodec_GSSAPI_APPLICATION[source]
Bases:
BERcodec_SEQUENCE- tag = <ASN1Tag APPLICATION[96]>
- class scapy.layers.gssapi.GSSAPI_BLOB(_pkt, /, *, MechType=<ASN1_OID['SPNEGO - Simple Protected Negotiation']>, innerToken=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_GSSAPI_APPLICATION(<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes
- class scapy.layers.gssapi.GSSAPI_BLOB_SIGNATURE(_pkt, /, *, MechType=<ASN1_OID['SPNEGO - Simple Protected Negotiation']>, innerToken=None)[source]
Bases:
ASN1_Packet- ASN1_codec = <ASN1Codec BER[1]>
- ASN1_root = <ASN1F_GSSAPI_APPLICATION(<scapy.asn1fields.ASN1F_OID object>, <scapy.asn1fields.ASN1F_PACKET object>)>
- aliastypes
- class scapy.layers.gssapi.GSS_C_FLAGS(value, names=None, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntFlagAuthenticator Flags per RFC2744 req_flags
- GSS_C_CONF_FLAG = 16
- GSS_C_DCE_STYLE = 4096
- GSS_C_DELEG_FLAG = 1
- GSS_C_EXTENDED_ERROR_FLAG = 16384
- GSS_C_IDENTIFY_FLAG = 8192
- GSS_C_INTEG_FLAG = 32
- GSS_C_MUTUAL_FLAG = 2
- GSS_C_REPLAY_FLAG = 4
- GSS_C_SEQUENCE_FLAG = 8
- class scapy.layers.gssapi.GssBufferDesc(_pkt, /, *, length=None, value=b'')[source]
Bases:
Packet- aliastypes
- fields_desc
Display RFC-like schema
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | LENGTH | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | VALUE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fig. GssBufferDescGssBufferDesc fields length
Nonevalue
b''
- class scapy.layers.gssapi.GssChannelBindings(_pkt, /, *, initiator_addrtype=0, initiator_address=<GssBufferDesc |>, acceptor_addrtype=0, acceptor_address=<GssBufferDesc |>, application_data=None)[source]
Bases:
Packet- aliastypes
- fields_desc
Display RFC-like schema
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | INITIATOR ADDRTYPE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | INITIATOR ADDRESS | ACCEPTOR ADDRTYPE | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | | ACCEPTOR ADDRESS | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | APPLICATION DATA | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Fig. GssChannelBindingsGssChannelBindings fields initiator_addrtype
0initiator_address
<GssBufferDesc |>acceptor_addrtype
0acceptor_address
<GssBufferDesc |>application_data
None
- class scapy.layers.gssapi.SSP(**kwargs)[source]
Bases:
objectThe general SSP class
- class CONTEXT(req_flags: GSS_C_FLAGS | None = None)[source]
Bases:
objectA Security context i.e. the ‘state’ of the secure negotiation
- flags
- passive
- state
- abstract GSS_Accept_sec_context(Context: CONTEXT, val=None)[source]
GSS_Accept_sec_context: server-side call for the SSP
- abstract GSS_GetMICEx(Context: CONTEXT, msgs: List[MIC_MSG], qop_req: int = 0) Any[source]
- Parameters:
Context – the SSP context
qop_req – int (0 specifies default QOP)
msgs – list of VERIF_MSG
- Returns:
signature
- abstract GSS_Init_sec_context(Context: CONTEXT, val=None, req_flags: GSS_C_FLAGS | None = None)[source]
GSS_Init_sec_context: client-side call for the SSP
- abstract GSS_Passive(Context: CONTEXT, val=None)[source]
GSS_Passive: client/server call for the SSP in passive mode
- GSS_Passive_set_Direction(Context: CONTEXT, IsAcceptor=False)[source]
GSS_Passive_set_Direction: used to swap the direction in passive mode
- abstract GSS_UnwrapEx(Context: CONTEXT, msgs: List[WRAP_MSG], signature) List[WRAP_MSG][source]
- Parameters:
Context – the SSP context
msgs – list of WRAP_MSG
signature – the signature
- Raises:
ValueError – if MIC failure.
- Returns:
data
- abstract GSS_VerifyMICEx(Context: CONTEXT, msgs: List[MIC_MSG], signature) None[source]
- Parameters:
Context – the SSP context
msgs – list of VERIF_MSG
signature – the signature
- Raises:
ValueError – if MIC failure.
- abstract GSS_WrapEx(Context: CONTEXT, msgs: List[WRAP_MSG], qop_req: int = 0) Tuple[List[WRAP_MSG], Any][source]
- Parameters:
Context – the SSP context
qop_req – int (0 specifies default QOP)
msgs – list of WRAP_MSG
- Returns:
(data, signature)
- LegsAmount(Context: CONTEXT)[source]
Returns the amount of ‘legs’ (how MS calls it) of the SSP.
i.e. 2 for Kerberos, 3 for NTLM and Netlogon
- abstract MaximumSignatureLength(Context: CONTEXT)[source]
Returns the Maximum Signature length.
This will be used in auth_len in DceRpc5, and is necessary for PFC_SUPPORT_HEADER_SIGN to work properly.
- class STATE(value, names=None, *values, module=None, qualname=None, type=None, start=1, boundary=None)[source]
Bases:
IntEnumAn Enum that contains the states of an SSP
- class WRAP_MSG(conf_req_flag: bool, sign: bool, data: bytes)[source]
Bases:
object- conf_req_flag: bool
- data: bytes
- sign: bool
- auth_type = 0