From c0e8144c5d1e402b36ebe04b843eba62e7ab9958 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 9 Aug 2005 03:04:47 +0000
Subject: r9221: Try to merge Heimdal across from lorikeet-heimdal to samba4.

This is my first attempt at this, so there may be a few rough edges.

Andrew Bartlett
(This used to be commit 9a1d2f2fec67930975da856a2d365345cec46216)
---
 source4/heimdal/lib/asn1/k5.asn1 | 118 +++++++++++++++++++++++----------------
 1 file changed, 70 insertions(+), 48 deletions(-)

(limited to 'source4/heimdal/lib/asn1/k5.asn1')

diff --git a/source4/heimdal/lib/asn1/k5.asn1 b/source4/heimdal/lib/asn1/k5.asn1
index 802c0a4c77..dd49baf0ff 100644
--- a/source4/heimdal/lib/asn1/k5.asn1
+++ b/source4/heimdal/lib/asn1/k5.asn1
@@ -1,4 +1,4 @@
--- $Id: k5.asn1,v 1.43 2005/06/17 04:58:59 lha Exp $
+-- $Id: k5.asn1,v 1.45 2005/07/13 05:29:49 lha Exp $
 
 KERBEROS5 DEFINITIONS ::=
 BEGIN
@@ -11,7 +11,11 @@ NAME-TYPE ::= INTEGER {
 	KRB5_NT_SRV_XHST(4),	-- Service with host as remaining components
 	KRB5_NT_UID(5),		-- Unique ID
 	KRB5_NT_X500_PRINCIPAL(6), -- PKINIT
-	KRB5_NT_ENTERPRISE(10)	-- May be mapped to principal name
+	KRB5_NT_SMTP_NAME(7),	-- Name in form of SMTP email name
+	KRB5_NT_ENTERPRISE_PRINCIPAL(10), -- Windows 2000 UPN
+	KRB5_NT_ENT_PRINCIPAL_AND_ID(-130), -- Windows 2000 UPN and SID
+	KRB5_NT_MS_PRINCIPAL(-128), -- NT 4 style name
+	KRB5_NT_MS_PRINCIPAL_AND_ID(-129) -- NT style name and SID
 }
 
 -- message types
@@ -49,6 +53,7 @@ PADATA-TYPE ::= INTEGER {
 	KRB5-PADATA-SAM-RESPONSE(13), -- (sam/otp)
 	KRB5-PADATA-PK-AS-REQ-19(14), -- (PKINIT-19)
 	KRB5-PADATA-PK-AS-REP-19(15), -- (PKINIT-19)
+	KRB5-PADATA-PK-AS-REQ-WIN(15), -- (PKINIT - old number)
 	KRB5-PADATA-PK-AS-REQ(16), -- (PKINIT-25)
 	KRB5-PADATA-PK-AS-REP(17), -- (PKINIT-25)
 	KRB5-PADATA-ETYPE-INFO2(19),
@@ -58,7 +63,6 @@ PADATA-TYPE ::= INTEGER {
 	KRB5-PADATA-SAM-ETYPE-INFO(23),
 	KRB5-PADATA-SERVER-REFERRAL(25),
 	KRB5-PADATA-TD-KRB-PRINCIPAL(102),	-- PrincipalName
-	KRB5-PADATA-TD-KRB-REALM(103),		-- Realm
 	KRB5-PADATA-PK-TD-TRUSTED-CERTIFIERS(104), -- PKINIT
 	KRB5-PADATA-PK-TD-CERTIFICATE-INDEX(105), -- PKINIT
 	KRB5-PADATA-TD-APP-DEFINED-ERROR(106),	-- application specific
@@ -137,9 +141,13 @@ ENCTYPE ::= INTEGER {
 	ETYPE_DES3_CBC_NONE_CMS(-0x100a)
 }
 
+
+
+
 -- this is sugar to make something ASN1 does not have: unsigned
 
-UNSIGNED ::= INTEGER (0..4294967295)
+krb5uint32 ::= INTEGER (0..4294967295)
+krb5int32 ::= INTEGER (-2147483648..2147483647)
 
 KerberosString  ::= GeneralString
 
@@ -156,14 +164,14 @@ Principal ::= SEQUENCE {
 }
 
 HostAddress ::= SEQUENCE  {
-	addr-type[0]		INTEGER,
+	addr-type[0]		krb5int32,
 	address[1]		OCTET STRING
 }
 
 -- This is from RFC1510.
 --
 -- HostAddresses ::= SEQUENCE OF SEQUENCE {
--- 	addr-type[0]		INTEGER,
+-- 	addr-type[0]		krb5int32,
 --	address[1]		OCTET STRING
 -- }
 
@@ -174,7 +182,7 @@ HostAddresses ::= SEQUENCE OF HostAddress
 KerberosTime ::= GeneralizedTime -- Specifying UTC time zone (Z)
 
 AuthorizationData ::= SEQUENCE OF SEQUENCE {
-	ad-type[0]		INTEGER,
+	ad-type[0]		krb5int32,
 	ad-data[1]		OCTET STRING
 }
 
@@ -243,23 +251,23 @@ LastReq ::= SEQUENCE OF SEQUENCE {
 
 EncryptedData ::= SEQUENCE {
 	etype[0] 		ENCTYPE, -- EncryptionType
-	kvno[1]			INTEGER OPTIONAL,
+	kvno[1]			krb5int32 OPTIONAL,
 	cipher[2]		OCTET STRING -- ciphertext
 }
 
 EncryptionKey ::= SEQUENCE {
-	keytype[0]		INTEGER,
+	keytype[0]		krb5int32,
 	keyvalue[1]		OCTET STRING
 }
 
 -- encoded Transited field
 TransitedEncoding ::= SEQUENCE {
-	tr-type[0]		INTEGER, -- must be registered
+	tr-type[0]		krb5int32, -- must be registered
 	contents[1]		OCTET STRING
 }
 
 Ticket ::= [APPLICATION 1] SEQUENCE {
-	tkt-vno[0]		INTEGER,
+	tkt-vno[0]		krb5int32,
 	realm[1]		Realm,
 	sname[2]		PrincipalName,
 	enc-part[3]		EncryptedData
@@ -285,14 +293,14 @@ Checksum ::= SEQUENCE {
 }
 
 Authenticator ::= [APPLICATION 2] SEQUENCE    {
-	authenticator-vno[0]	INTEGER,
+	authenticator-vno[0]	krb5int32,
 	crealm[1]		Realm,
 	cname[2]		PrincipalName,
 	cksum[3]		Checksum OPTIONAL,
-	cusec[4]		INTEGER,
+	cusec[4]		krb5int32,
 	ctime[5]		KerberosTime,
 	subkey[6]		EncryptionKey OPTIONAL,
-	seq-number[7]		UNSIGNED OPTIONAL,
+	seq-number[7]		krb5uint32 OPTIONAL,
 	authorization-data[8]	AuthorizationData OPTIONAL
 	}
 
@@ -305,7 +313,7 @@ PA-DATA ::= SEQUENCE {
 ETYPE-INFO-ENTRY ::= SEQUENCE {
 	etype[0]		ENCTYPE,
 	salt[1]			OCTET STRING OPTIONAL,
-	salttype[2]		INTEGER OPTIONAL
+	salttype[2]		krb5int32 OPTIONAL
 }
 
 ETYPE-INFO ::= SEQUENCE OF ETYPE-INFO-ENTRY
@@ -320,6 +328,13 @@ ETYPE-INFO2 ::= SEQUENCE OF ETYPE-INFO2-ENTRY
 
 METHOD-DATA ::= SEQUENCE OF PA-DATA
 
+TypedData ::=   SEQUENCE {
+	data-type[0]		krb5int32,
+	data-value[1]		OCTET STRING OPTIONAL
+}
+
+TYPED-DATA ::= SEQUENCE OF TypedData
+
 KDC-REQ-BODY ::= SEQUENCE {
 	kdc-options[0]		KDCOptions,
 	cname[1]		PrincipalName OPTIONAL, -- Used only in AS-REQ
@@ -329,7 +344,7 @@ KDC-REQ-BODY ::= SEQUENCE {
 	from[4]			KerberosTime OPTIONAL,
 	till[5]			KerberosTime OPTIONAL,
 	rtime[6]		KerberosTime OPTIONAL,
-	nonce[7]		INTEGER,
+	nonce[7]		krb5int32,
 	etype[8]		SEQUENCE OF ENCTYPE, -- EncryptionType,
 					-- in preference order
 	addresses[9]		HostAddresses OPTIONAL,
@@ -339,7 +354,7 @@ KDC-REQ-BODY ::= SEQUENCE {
 }
 
 KDC-REQ ::= SEQUENCE {
-	pvno[1]			INTEGER,
+	pvno[1]			krb5int32,
 	msg-type[2]		MESSAGE-TYPE,
 	padata[3]		METHOD-DATA OPTIONAL,
 	req-body[4]		KDC-REQ-BODY
@@ -353,7 +368,7 @@ TGS-REQ ::= [APPLICATION 12] KDC-REQ
 
 PA-ENC-TS-ENC ::= SEQUENCE {
 	patimestamp[0]		KerberosTime, -- client's time
-	pausec[1]		INTEGER OPTIONAL
+	pausec[1]		krb5int32 OPTIONAL
 }
 
 -- draft-brezak-win2k-krb-authz-01
@@ -362,8 +377,11 @@ PA-PAC-REQUEST ::= SEQUENCE {
 					-- should be included or not
 }
 
+-- PacketCable provisioning server location, PKT-SP-SEC-I09-030728.pdf
+PROV-SRV-LOCATION ::= GeneralString
+
 KDC-REP ::= SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	padata[2]		METHOD-DATA OPTIONAL,
 	crealm[3]		Realm,
@@ -378,7 +396,7 @@ TGS-REP ::= [APPLICATION 13] KDC-REP
 EncKDCRepPart ::= SEQUENCE {
 	key[0]			EncryptionKey,
 	last-req[1]		LastReq,
-	nonce[2]		INTEGER,
+	nonce[2]		krb5int32,
 	key-expiration[3]	KerberosTime OPTIONAL,
 	flags[4]		TicketFlags,
 	authtime[5]		KerberosTime,
@@ -394,7 +412,7 @@ EncASRepPart ::= [APPLICATION 25] EncKDCRepPart
 EncTGSRepPart ::= [APPLICATION 26] EncKDCRepPart
 
 AP-REQ ::= [APPLICATION 14] SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	ap-options[2]		APOptions,
 	ticket[3]		Ticket,
@@ -402,50 +420,50 @@ AP-REQ ::= [APPLICATION 14] SEQUENCE {
 }
 
 AP-REP ::= [APPLICATION 15] SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	enc-part[2]		EncryptedData
 }
 
 EncAPRepPart ::= [APPLICATION 27]     SEQUENCE {
 	ctime[0]		KerberosTime,
-	cusec[1]		INTEGER,
+	cusec[1]		krb5int32,
 	subkey[2]		EncryptionKey OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL
+	seq-number[3]		krb5uint32 OPTIONAL
 }
 
 KRB-SAFE-BODY ::= SEQUENCE {
 	user-data[0]		OCTET STRING,
 	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			INTEGER OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL,
+	usec[2]			krb5int32 OPTIONAL,
+	seq-number[3]		krb5uint32 OPTIONAL,
 	s-address[4]		HostAddress OPTIONAL,
 	r-address[5]		HostAddress OPTIONAL
 }
 
 KRB-SAFE ::= [APPLICATION 20] SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	safe-body[2]		KRB-SAFE-BODY,
 	cksum[3]		Checksum
 }
 
 KRB-PRIV ::= [APPLICATION 21] SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	enc-part[3]		EncryptedData
 }
 EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE {
 	user-data[0]		OCTET STRING,
 	timestamp[1]		KerberosTime OPTIONAL,
-	usec[2]			INTEGER OPTIONAL,
-	seq-number[3]		UNSIGNED OPTIONAL,
+	usec[2]			krb5int32 OPTIONAL,
+	seq-number[3]		krb5uint32 OPTIONAL,
 	s-address[4]		HostAddress OPTIONAL, -- sender's addr
 	r-address[5]		HostAddress OPTIONAL  -- recip's addr
 }
 
 KRB-CRED ::= [APPLICATION 22]   SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE, -- KRB_CRED
 	tickets[2]		SEQUENCE OF Ticket,
 	enc-part[3]		EncryptedData
@@ -467,21 +485,21 @@ KrbCredInfo ::= SEQUENCE {
 
 EncKrbCredPart ::= [APPLICATION 29]   SEQUENCE {
 	ticket-info[0]		SEQUENCE OF KrbCredInfo,
-	nonce[1]		INTEGER OPTIONAL,
+	nonce[1]		krb5int32 OPTIONAL,
 	timestamp[2]		KerberosTime OPTIONAL,
-	usec[3]			INTEGER OPTIONAL,
+	usec[3]			krb5int32 OPTIONAL,
 	s-address[4]		HostAddress OPTIONAL,
 	r-address[5]		HostAddress OPTIONAL
 }
 
 KRB-ERROR ::= [APPLICATION 30] SEQUENCE {
-	pvno[0]			INTEGER,
+	pvno[0]			krb5int32,
 	msg-type[1]		MESSAGE-TYPE,
 	ctime[2]		KerberosTime OPTIONAL,
-	cusec[3]		INTEGER OPTIONAL,
+	cusec[3]		krb5int32 OPTIONAL,
 	stime[4]		KerberosTime,
-	susec[5]		INTEGER,
-	error-code[6]		INTEGER,
+	susec[5]		krb5int32,
+	error-code[6]		krb5int32,
 	crealm[7]		Realm OPTIONAL,
 	cname[8]		PrincipalName OPTIONAL,
 	realm[9]		Realm, -- Correct realm
@@ -496,15 +514,15 @@ ChangePasswdDataMS ::= SEQUENCE {
 	targrealm[2]		Realm OPTIONAL
 }
 
-EtypeList ::= SEQUENCE OF INTEGER
+EtypeList ::= SEQUENCE OF krb5int32
 	-- the client's proposed enctype list in
 	-- decreasing preference order, favorite choice first
 
-krb5-pvno INTEGER ::= 5 -- current Kerberos protocol version number
+krb5-pvno krb5int32 ::= 5 -- current Kerberos protocol version number
 
 -- transited encodings
 
-DOMAIN-X500-COMPRESS	INTEGER ::= 1
+DOMAIN-X500-COMPRESS	krb5int32 ::= 1
 
 -- authorization data primitives
 
@@ -544,7 +562,7 @@ SAMFlags ::= BIT STRING {
 }
 
 PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
-	sam-type[0]		INTEGER,
+	sam-type[0]		krb5int32,
 	sam-flags[1]		SAMFlags,
 	sam-type-name[2]	GeneralString OPTIONAL,
 	sam-track-id[3]		GeneralString OPTIONAL,
@@ -552,8 +570,8 @@ PA-SAM-CHALLENGE-2-BODY ::= SEQUENCE {
 	sam-challenge[5]	GeneralString OPTIONAL,
 	sam-response-prompt[6]	GeneralString OPTIONAL,
 	sam-pk-for-sad[7]	EncryptionKey OPTIONAL,
-	sam-nonce[8]		INTEGER,
-	sam-etype[9]		INTEGER,
+	sam-nonce[8]		krb5int32,
+	sam-etype[9]		krb5int32,
 	...
 }
 
@@ -564,27 +582,31 @@ PA-SAM-CHALLENGE-2 ::= SEQUENCE {
 }
 
 PA-SAM-RESPONSE-2 ::= SEQUENCE {
-	sam-type[0]		INTEGER,
+	sam-type[0]		krb5int32,
 	sam-flags[1]		SAMFlags,
 	sam-track-id[2]		GeneralString OPTIONAL,
 	sam-enc-nonce-or-sad[3]	EncryptedData, -- PA-ENC-SAM-RESPONSE-ENC
-	sam-nonce[4]		INTEGER,
+	sam-nonce[4]		krb5int32,
 	...
 }
 
 PA-ENC-SAM-RESPONSE-ENC ::= SEQUENCE {
-	sam-nonce[0]		INTEGER,
+	sam-nonce[0]		krb5int32,
 	sam-sad[1]		GeneralString OPTIONAL,
 	...
 }
 
+-- This is really part of CMS, but its here because KCRYPTO provides
+-- the crypto framework for CMS glue in heimdal.
+
 RC2CBCParameter ::= SEQUENCE {
-	rc2ParameterVersion	[0] INTEGER,
-	iv			[1] OCTET STRING -- exactly 8 octets
+	rc2ParameterVersion	krb5int32,
+	iv			OCTET STRING -- exactly 8 octets
 }
 
 CBCParameter ::= OCTET STRING
 
+
 END
 
 -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' k5.asn1
-- 
cgit