From 38913437596588940939d354753fe218673dd2b8 Mon Sep 17 00:00:00 2001
From: Luke Howard <lukeh@padl.com>
Date: Tue, 4 Jan 2005 13:52:30 +0000
Subject: [PATCH] Add authorization data types for enctype negotiation
 implementation

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14442 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/asn1/Makefile.am |  6 ++++++
 lib/asn1/k5.asn1     | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/lib/asn1/Makefile.am b/lib/asn1/Makefile.am
index e0d170ebd..8fb459d81 100644
--- a/lib/asn1/Makefile.am
+++ b/lib/asn1/Makefile.am
@@ -15,6 +15,10 @@ BUILT_SOURCES =			\
 	asn1_err.c
 
 gen_files =					\
+	asn1_AD_AND_OR.x			\
+	asn1_AD_IF_RELEVANT.x			\
+	asn1_AD_KDCIssued.x			\
+	asn1_AD_MANDATORY_FOR_KDC.x		\
 	asn1_APOptions.x			\
 	asn1_AP_REP.x				\
 	asn1_AP_REQ.x				\
@@ -22,6 +26,7 @@ gen_files =					\
 	asn1_AS_REQ.x				\
 	asn1_Authenticator.x			\
 	asn1_AuthorizationData.x		\
+	asn1_AUTHDATA_TYPE.x			\
 	asn1_CBCParameter.x			\
 	asn1_CKSUMTYPE.x			\
 	asn1_ChangePasswdDataMS.x		\
@@ -40,6 +45,7 @@ gen_files =					\
 	asn1_EncTicketPart.x			\
 	asn1_EncryptedData.x			\
 	asn1_EncryptionKey.x			\
+	asn1_EtypeList.x			\
 	asn1_HostAddress.x			\
 	asn1_HostAddresses.x			\
 	asn1_KDCOptions.x			\
diff --git a/lib/asn1/k5.asn1 b/lib/asn1/k5.asn1
index c10d3f337..031ff6917 100644
--- a/lib/asn1/k5.asn1
+++ b/lib/asn1/k5.asn1
@@ -67,6 +67,22 @@ PADATA-TYPE ::= INTEGER {
 	KRB5-PADATA-PA-PAC-REQUEST(128)		-- jbrezak@exchange.microsoft.com
 }
 
+AUTHDATA-TYPE ::= INTEGER {
+	KRB5-AUTHDATA-IF-RELEVANT(1),
+	KRB5-AUTHDATA-INTENDED-FOR_SERVER(2),
+	KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
+	KRB5-AUTHDATA-KDC-ISSUED(4),
+	KRB5-AUTHDATA-AND-OR(5),
+	KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
+	KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
+	KRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
+	KRB5-AUTHDATA-OSF-DCE(64),
+	KRB5-AUTHDATA-SESAME(65),
+	KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
+	KRB5-AUTHDATA-WIN2K-PAC(128),
+	KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129) -- Authenticator only
+}
+
 -- checksumtypes
 
 CKSUMTYPE ::= INTEGER {
@@ -480,12 +496,34 @@ ChangePasswdDataMS ::= SEQUENCE {
 	targrealm[2]		Realm OPTIONAL
 }
 
+EtypeList ::= SEQUENCE OF INTEGER
+	-- the client's proposed enctype list in
+	-- decreasing preference order, favorite choice first
+
 pvno INTEGER ::= 5 -- current Kerberos protocol version number
 
 -- transited encodings
 
 DOMAIN-X500-COMPRESS	INTEGER ::= 1
 
+-- authorization data primitives
+
+AD-IF-RELEVANT ::= AuthorizationData
+
+AD-KDCIssued ::= SEQUENCE {
+	ad-checksum[0]		Checksum,
+	i-realm[1]		Realm OPTIONAL,
+	i-sname[2]		PrincipalName OPTIONAL,
+	elements[3]		AuthorizationData
+}
+
+AD-AND-OR ::= SEQUENCE {
+	condition-count[0]	INTEGER,
+	elements[1]		AuthorizationData
+}
+
+AD-MANDATORY-FOR-KDC ::= AuthorizationData
+
 -- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2
 
 PA-SAM-TYPE ::= INTEGER {