diff options
author | Andrew Bartlett <abartlet@samba.org> | 2005-08-09 03:04:47 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:31:33 -0500 |
commit | c0e8144c5d1e402b36ebe04b843eba62e7ab9958 (patch) | |
tree | 1b885ceee1a88e8cb2822051690b023c8f8acb78 /source4/heimdal/lib/asn1/k5.asn1 | |
parent | 4b93e377cd9809199487e20fa53d8a2c98ad32ea (diff) | |
download | samba-c0e8144c5d1e402b36ebe04b843eba62e7ab9958.tar.gz samba-c0e8144c5d1e402b36ebe04b843eba62e7ab9958.tar.bz2 samba-c0e8144c5d1e402b36ebe04b843eba62e7ab9958.zip |
r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.
This is my first attempt at this, so there may be a few rough edges.
Andrew Bartlett
(This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
Diffstat (limited to 'source4/heimdal/lib/asn1/k5.asn1')
-rw-r--r-- | source4/heimdal/lib/asn1/k5.asn1 | 118 |
1 files changed, 70 insertions, 48 deletions
diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1 index 802c0a4c77..dd49baf0ff 100644 --- a/source4/heimdal/lib/asn1/k5.asn1 +++ b/source4/heimdal/lib/asn1/k5.asn1 @@ -1,4 +1,4 @@ --- $Id: k5.asn1,v 1.43 2005/06/17 04:58:59 lha Exp $ +-- $Id: k5.asn1,v 1.45 2005/07/13 05:29:49 lha Exp $ KERBEROS5 DEFINITIONS ::= BEGIN @@ -11,7 +11,11 @@ NAME-TYPE ::= INTEGER { KRB5_NT_SRV_XHST(4), -- Service with host as remaining components KRB5_NT_UID(5), -- Unique ID KRB5_NT_X500_PRINCIPAL(6), -- PKINIT - KRB5_NT_ENTERPRISE(10) -- May be mapped to principal name + KRB5_NT_SMTP_NAME(7), -- Name in form of SMTP email name + KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN + KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID + KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name + KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID } -- message types @@ -49,6 +53,7 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp) KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19) KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19) + KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number) KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25) KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25) KRB5-PADATA-ETYPE-INFO2(19), @@ -58,7 +63,6 @@ PADATA-TYPE ::= INTEGER { KRB5-PADATA-SAM-ETYPE-INFO(23), KRB5-PADATA-SERVER-REFERRAL(25), KRB5-PADATA-TD-KRB-PRINCIPAL(102), -- PrincipalName - KRB5-PADATA-TD-KRB-REALM(103), -- Realm KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT KRB5-PADATA-TD-APP-DEFINED-ERROR(106), -- application specific @@ -137,9 +141,13 @@ ENCTYPE ::= INTEGER { ETYPE_DES3_CBC_NONE_CMS(-0x100a) } + + + -- this is sugar to make something ASN1 does not have: unsigned -UNSIGNED ::= INTEGER (0..4294967295) +krb5uint32 ::= INTEGER (0..4294967295) +krb5int32 ::= INTEGER (-2147483648..2147483647) KerberosString ::= GeneralString @@ -156,14 +164,14 @@ Principal ::= SEQUENCE { } HostAddress ::= SEQUENCE { - addr-type[0] INTEGER, + addr-type[0] krb5int32, address[1] OCTET STRING } -- This is from RFC1510. -- -- HostAddresses ::= SEQUENCE OF SEQUENCE { --- addr-type[0] INTEGER, +-- addr-type[0] krb5int32, -- address[1] OCTET STRING -- } @@ -174,7 +182,7 @@ HostAddresses ::= SEQUENCE OF HostAddress KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z) AuthorizationData ::= SEQUENCE OF SEQUENCE { - ad-type[0] INTEGER, + ad-type[0] krb5int32, ad-data[1] OCTET STRING } @@ -243,23 +251,23 @@ LastReq ::= SEQUENCE OF SEQUENCE { EncryptedData ::= SEQUENCE { etype[0] ENCTYPE, -- EncryptionType - kvno[1] INTEGER OPTIONAL, + kvno[1] krb5int32 OPTIONAL, cipher[2] OCTET STRING -- ciphertext } EncryptionKey ::= SEQUENCE { - keytype[0] INTEGER, + keytype[0] krb5int32, keyvalue[1] OCTET STRING } -- encoded Transited field TransitedEncoding ::= SEQUENCE { - tr-type[0] INTEGER, -- must be registered + tr-type[0] krb5int32, -- must be registered contents[1] OCTET STRING } Ticket ::= [APPLICATION 1] SEQUENCE { - tkt-vno[0] INTEGER, + tkt-vno[0] krb5int32, realm[1] Realm, sname[2] PrincipalName, enc-part[3] EncryptedData @@ -285,14 +293,14 @@ Checksum ::= SEQUENCE { } Authenticator ::= [APPLICATION 2] SEQUENCE { - authenticator-vno[0] INTEGER, + authenticator-vno[0] krb5int32, crealm[1] Realm, cname[2] PrincipalName, cksum[3] Checksum OPTIONAL, - cusec[4] INTEGER, + cusec[4] krb5int32, ctime[5] KerberosTime, subkey[6] EncryptionKey OPTIONAL, - seq-number[7] UNSIGNED OPTIONAL, + seq-number[7] krb5uint32 OPTIONAL, authorization-data[8] AuthorizationData OPTIONAL } @@ -305,7 +313,7 @@ PA-DATA ::= SEQUENCE { ETYPE-INFO-ENTRY ::= SEQUENCE { etype[0] ENCTYPE, salt[1] OCTET STRING OPTIONAL, - salttype[2] INTEGER OPTIONAL + salttype[2] krb5int32 OPTIONAL } ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY @@ -320,6 +328,13 @@ ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY METHOD-DATA ::= SEQUENCE OF PA-DATA +TypedData ::= SEQUENCE { + data-type[0] krb5int32, + data-value[1] OCTET STRING OPTIONAL +} + +TYPED-DATA ::= SEQUENCE OF TypedData + KDC-REQ-BODY ::= SEQUENCE { kdc-options[0] KDCOptions, cname[1] PrincipalName OPTIONAL, -- Used only in AS-REQ @@ -329,7 +344,7 @@ KDC-REQ-BODY ::= SEQUENCE { from[4] KerberosTime OPTIONAL, till[5] KerberosTime OPTIONAL, rtime[6] KerberosTime OPTIONAL, - nonce[7] INTEGER, + nonce[7] krb5int32, etype[8] SEQUENCE OF ENCTYPE, -- EncryptionType, -- in preference order addresses[9] HostAddresses OPTIONAL, @@ -339,7 +354,7 @@ KDC-REQ-BODY ::= SEQUENCE { } KDC-REQ ::= SEQUENCE { - pvno[1] INTEGER, + pvno[1] krb5int32, msg-type[2] MESSAGE-TYPE, padata[3] METHOD-DATA OPTIONAL, req-body[4] KDC-REQ-BODY @@ -353,7 +368,7 @@ TGS-REQ ::= [APPLICATION 12] KDC-REQ PA-ENC-TS-ENC ::= SEQUENCE { patimestamp[0] KerberosTime, -- client's time - pausec[1] INTEGER OPTIONAL + pausec[1] krb5int32 OPTIONAL } -- draft-brezak-win2k-krb-authz-01 @@ -362,8 +377,11 @@ PA-PAC-REQUEST ::= SEQUENCE { -- should be included or not } +-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf +PROV-SRV-LOCATION ::= GeneralString + KDC-REP ::= SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, padata[2] METHOD-DATA OPTIONAL, crealm[3] Realm, @@ -378,7 +396,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP EncKDCRepPart ::= SEQUENCE { key[0] EncryptionKey, last-req[1] LastReq, - nonce[2] INTEGER, + nonce[2] krb5int32, key-expiration[3] KerberosTime OPTIONAL, flags[4] TicketFlags, authtime[5] KerberosTime, @@ -394,7 +412,7 @@ EncASRepPart ::= [APPLICATION 25] EncKDCRepPart EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart AP-REQ ::= [APPLICATION 14] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ap-options[2] APOptions, ticket[3] Ticket, @@ -402,50 +420,50 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE { } AP-REP ::= [APPLICATION 15] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[2] EncryptedData } EncAPRepPart ::= [APPLICATION 27] SEQUENCE { ctime[0] KerberosTime, - cusec[1] INTEGER, + cusec[1] krb5int32, subkey[2] EncryptionKey OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL + seq-number[3] krb5uint32 OPTIONAL } KRB-SAFE-BODY ::= SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, - usec[2] INTEGER OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL, + usec[2] krb5int32 OPTIONAL, + seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL } KRB-SAFE ::= [APPLICATION 20] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, safe-body[2] KRB-SAFE-BODY, cksum[3] Checksum } KRB-PRIV ::= [APPLICATION 21] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, enc-part[3] EncryptedData } EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE { user-data[0] OCTET STRING, timestamp[1] KerberosTime OPTIONAL, - usec[2] INTEGER OPTIONAL, - seq-number[3] UNSIGNED OPTIONAL, + usec[2] krb5int32 OPTIONAL, + seq-number[3] krb5uint32 OPTIONAL, s-address[4] HostAddress OPTIONAL, -- sender's addr r-address[5] HostAddress OPTIONAL -- recip's addr } KRB-CRED ::= [APPLICATION 22] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, -- KRB_CRED tickets[2] SEQUENCE OF Ticket, enc-part[3] EncryptedData @@ -467,21 +485,21 @@ KrbCredInfo ::= SEQUENCE { EncKrbCredPart ::= [APPLICATION 29] SEQUENCE { ticket-info[0] SEQUENCE OF KrbCredInfo, - nonce[1] INTEGER OPTIONAL, + nonce[1] krb5int32 OPTIONAL, timestamp[2] KerberosTime OPTIONAL, - usec[3] INTEGER OPTIONAL, + usec[3] krb5int32 OPTIONAL, s-address[4] HostAddress OPTIONAL, r-address[5] HostAddress OPTIONAL } KRB-ERROR ::= [APPLICATION 30] SEQUENCE { - pvno[0] INTEGER, + pvno[0] krb5int32, msg-type[1] MESSAGE-TYPE, ctime[2] KerberosTime OPTIONAL, - cusec[3] INTEGER OPTIONAL, + cusec[3] krb5int32 OPTIONAL, stime[4] KerberosTime, - susec[5] INTEGER, - error-code[6] INTEGER, + susec[5] krb5int32, + error-code[6] krb5int32, crealm[7] Realm OPTIONAL, cname[8] PrincipalName OPTIONAL, realm[9] Realm, -- Correct realm @@ -496,15 +514,15 @@ ChangePasswdDataMS ::= SEQUENCE { targrealm[2] Realm OPTIONAL } -EtypeList ::= SEQUENCE OF INTEGER +EtypeList ::= SEQUENCE OF krb5int32 -- the client's proposed enctype list in -- decreasing preference order, favorite choice first -krb5-pvno INTEGER ::= 5 -- current Kerberos protocol version number +krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number -- transited encodings -DOMAIN-X500-COMPRESS INTEGER ::= 1 +DOMAIN-X500-COMPRESS krb5int32 ::= 1 -- authorization data primitives @@ -544,7 +562,7 @@ SAMFlags ::= BIT STRING { } PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { - sam-type[0] INTEGER, + sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-type-name[2] GeneralString OPTIONAL, sam-track-id[3] GeneralString OPTIONAL, @@ -552,8 +570,8 @@ PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE { sam-challenge[5] GeneralString OPTIONAL, sam-response-prompt[6] GeneralString OPTIONAL, sam-pk-for-sad[7] EncryptionKey OPTIONAL, - sam-nonce[8] INTEGER, - sam-etype[9] INTEGER, + sam-nonce[8] krb5int32, + sam-etype[9] krb5int32, ... } @@ -564,27 +582,31 @@ PA-SAM-CHALLENGE-2 ::= SEQUENCE { } PA-SAM-RESPONSE-2 ::= SEQUENCE { - sam-type[0] INTEGER, + sam-type[0] krb5int32, sam-flags[1] SAMFlags, sam-track-id[2] GeneralString OPTIONAL, sam-enc-nonce-or-sad[3] EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC - sam-nonce[4] INTEGER, + sam-nonce[4] krb5int32, ... } PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE { - sam-nonce[0] INTEGER, + sam-nonce[0] krb5int32, sam-sad[1] GeneralString OPTIONAL, ... } +-- This is really part of CMS, but its here because KCRYPTO provides +-- the crypto framework for CMS glue in heimdal. + RC2CBCParameter ::= SEQUENCE { - rc2ParameterVersion [0] INTEGER, - iv [1] OCTET STRING -- exactly 8 octets + rc2ParameterVersion krb5int32, + iv OCTET STRING -- exactly 8 octets } CBCParameter ::= OCTET STRING + END -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1 |