Add authorization data types for enctype negotiation implementation

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14442 ec53bebd-3082-4978-b11e-865c3cabbd6b
2005-01-04 13:52:30 +00:00
parent 49984b436b
commit 3891343759
2 changed files with 44 additions and 0 deletions
--- a/lib/asn1/Makefile.am
+++ b/lib/asn1/Makefile.am
@@ -15,6 +15,10 @@ BUILT_SOURCES =			\
 	asn1_err.c

 gen_files =					\
+	asn1_AD_AND_OR.x			\
+	asn1_AD_IF_RELEVANT.x			\
+	asn1_AD_KDCIssued.x			\
+	asn1_AD_MANDATORY_FOR_KDC.x		\
 	asn1_APOptions.x			\
 	asn1_AP_REP.x				\
 	asn1_AP_REQ.x				\
@@ -22,6 +26,7 @@ gen_files =					\
 	asn1_AS_REQ.x				\
 	asn1_Authenticator.x			\
 	asn1_AuthorizationData.x		\
+	asn1_AUTHDATA_TYPE.x			\
 	asn1_CBCParameter.x			\
 	asn1_CKSUMTYPE.x			\
 	asn1_ChangePasswdDataMS.x		\
@@ -40,6 +45,7 @@ gen_files =					\
 	asn1_EncTicketPart.x			\
 	asn1_EncryptedData.x			\
 	asn1_EncryptionKey.x			\
+	asn1_EtypeList.x			\
 	asn1_HostAddress.x			\
 	asn1_HostAddresses.x			\
 	asn1_KDCOptions.x			\
--- a/lib/asn1/k5.asn1
+++ b/lib/asn1/k5.asn1
@@ -67,6 +67,22 @@ PADATA-TYPE ::= INTEGER {
 	KRB5-PADATA-PA-PAC-REQUEST(128)		-- jbrezak@exchange.microsoft.com
 }

+AUTHDATA-TYPE ::= INTEGER {
+	KRB5-AUTHDATA-IF-RELEVANT(1),
+	KRB5-AUTHDATA-INTENDED-FOR_SERVER(2),
+	KRB5-AUTHDATA-INTENDED-FOR-APPLICATION-CLASS(3),
+	KRB5-AUTHDATA-KDC-ISSUED(4),
+	KRB5-AUTHDATA-AND-OR(5),
+	KRB5-AUTHDATA-MANDATORY-TICKET-EXTENSIONS(6),
+	KRB5-AUTHDATA-IN-TICKET-EXTENSIONS(7),
+	KRB5-AUTHDATA-MANDATORY-FOR-KDC(8),
+	KRB5-AUTHDATA-OSF-DCE(64),
+	KRB5-AUTHDATA-SESAME(65),
+	KRB5-AUTHDATA-OSF-DCE-PKI-CERTID(66),
+	KRB5-AUTHDATA-WIN2K-PAC(128),
+	KRB5-AUTHDATA-GSS-API-ETYPE-NEGOTIATION(129) -- Authenticator only
+}
+
 -- checksumtypes

 CKSUMTYPE ::= INTEGER {
@@ -480,12 +496,34 @@ ChangePasswdDataMS ::= SEQUENCE {
 	targrealm[2]		Realm OPTIONAL
 }

+EtypeList ::= SEQUENCE OF INTEGER
+	-- the client's proposed enctype list in
+	-- decreasing preference order, favorite choice first
+
 pvno INTEGER ::= 5 -- current Kerberos protocol version number

 -- transited encodings

 DOMAIN-X500-COMPRESS	INTEGER ::= 1

+-- authorization data primitives
+
+AD-IF-RELEVANT ::= AuthorizationData
+
+AD-KDCIssued ::= SEQUENCE {
+	ad-checksum[0]		Checksum,
+	i-realm[1]		Realm OPTIONAL,
+	i-sname[2]		PrincipalName OPTIONAL,
+	elements[3]		AuthorizationData
+}
+
+AD-AND-OR ::= SEQUENCE {
+	condition-count[0]	INTEGER,
+	elements[1]		AuthorizationData
+}
+
+AD-MANDATORY-FOR-KDC ::= AuthorizationData
+
 -- PA-SAM-RESPONSE-2/PA-SAM-RESPONSE-2

 PA-SAM-TYPE ::= INTEGER {