oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
Files
921d528d8bc2e90ee9bc790e7a4e1dc012fac4f3
heimdal/lib/gssapi/oid.txt
Luke Howard 921d528d8b gss: add mechanism-force-mechListMIC hook to SPNEGO 
NTLM erroneously requires a mechListMIC at the SPNEGO layer if an internal MIC
in the NTLM protocol was used. Add a private interface between SPNEGO and the
Samba NTLM mechanism to allow the mechanism to signal that a mechListMIC is
required even if it otherwise would not be.

This interface is the same as that supported by MIT.

Note that only the Samba NTLM mechanism currently implements this feature, it
is not implemented by the Heimdal NTLM mechanism (which does not support NTLM
authenticate message MICs).
2020-02-04 17:28:35 +11:00

147 lines
6.4 KiB
Plaintext
Raw Blame History

# /* contact Love Hörnquist Åstrand <lha@h5l.org> for new oid arcs */
# /*
# * 1.2.752.43.13 Heimdal GSS-API Extensions
# */
oid base GSS_KRB5_COPY_CCACHE_X 1.2.752.43.13.1
oid base GSS_KRB5_GET_TKT_FLAGS_X 1.2.752.43.13.2
oid base GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X 1.2.752.43.13.3
oid base GSS_KRB5_COMPAT_DES3_MIC_X 1.2.752.43.13.4
oid base GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X 1.2.752.43.13.5
oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_X 1.2.752.43.13.6
oid base GSS_KRB5_EXPORT_LUCID_CONTEXT_V1_X 1.2.752.43.13.6.1
oid base GSS_KRB5_SET_DNS_CANONICALIZE_X 1.2.752.43.13.7
oid base GSS_KRB5_GET_SUBKEY_X 1.2.752.43.13.8
oid base GSS_KRB5_GET_INITIATOR_SUBKEY_X 1.2.752.43.13.9
oid base GSS_KRB5_GET_ACCEPTOR_SUBKEY_X 1.2.752.43.13.10
oid base GSS_KRB5_SEND_TO_KDC_X 1.2.752.43.13.11
oid base GSS_KRB5_GET_AUTHTIME_X 1.2.752.43.13.12
oid base GSS_KRB5_GET_SERVICE_KEYBLOCK_X 1.2.752.43.13.13
oid base GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X 1.2.752.43.13.14
oid base GSS_KRB5_SET_DEFAULT_REALM_X 1.2.752.43.13.15
oid base GSS_KRB5_CCACHE_NAME_X 1.2.752.43.13.16
oid base GSS_KRB5_SET_TIME_OFFSET_X 1.2.752.43.13.17
oid base GSS_KRB5_GET_TIME_OFFSET_X 1.2.752.43.13.18
oid base GSS_KRB5_PLUGIN_REGISTER_X 1.2.752.43.13.19
oid base GSS_NTLM_GET_SESSION_KEY_X 1.2.752.43.13.20
oid base GSS_C_NT_NTLM 1.2.752.43.13.21
oid base GSS_C_NT_DN 1.2.752.43.13.22
oid base GSS_KRB5_NT_PRINCIPAL_NAME_REFERRAL 1.2.752.43.13.23
oid base GSS_C_NTLM_AVGUEST 1.2.752.43.13.24
oid base GSS_C_NTLM_V1 1.2.752.43.13.25
oid base GSS_C_NTLM_V2 1.2.752.43.13.26
oid base GSS_C_NTLM_SESSION_KEY 1.2.752.43.13.27
oid base GSS_C_NTLM_FORCE_V1 1.2.752.43.13.28
oid base GSS_KRB5_CRED_NO_CI_FLAGS_X 1.2.752.43.13.29
oid base GSS_KRB5_IMPORT_CRED_X 1.2.752.43.13.30
# /* glue for gss_inquire_saslname_for_mech */
oid base GSS_C_MA_SASL_MECH_NAME 1.2.752.43.13.100
oid base GSS_C_MA_MECH_NAME 1.2.752.43.13.101
oid base GSS_C_MA_MECH_DESCRIPTION 1.2.752.43.13.102
#/* Heimdal mechanisms - 1.2.752.43.14 */
oid base GSS_SASL_DIGEST_MD5_MECHANISM 1.2.752.43.14.1
oid base GSS_NETLOGON_MECHANISM 1.2.752.43.14.2
oid base GSS_NETLOGON_SET_SESSION_KEY_X 1.2.752.43.14.3
oid base GSS_NETLOGON_SET_SIGN_ALGORITHM_X 1.2.752.43.14.4
oid base GSS_NETLOGON_NT_NETBIOS_DNS_NAME 1.2.752.43.14.5
#/* GSS_KRB5_EXTRACT_AUTHZ_DATA_FROM_SEC_CONTEXT_X.128 */
oid base GSS_C_INQ_WIN2K_PAC_X 1.2.752.43.13.3.128
oid base GSS_C_INQ_SSPI_SESSION_KEY 1.2.840.113554.1.2.2.5.5
oid base GSS_C_INQ_NEGOEX_KEY 1.2.840.113554.1.2.2.5.16
oid base GSS_C_INQ_NEGOEX_VERIFY_KEY 1.2.840.113554.1.2.2.5.17
oid base GSS_C_INQ_REQUIRE_MECHLIST_MIC 1.3.6.1.4.1.7165.655.1.2
#/*
# * "Standard" mechs
# */
oid base GSS_KRB5_MECHANISM 1.2.840.113554.1.2.2
oid base GSS_NTLM_MECHANISM 1.3.6.1.4.1.311.2.2.10
oid base GSS_SPNEGO_MECHANISM 1.3.6.1.5.5.2
# /* From Luke Howard */
oid base GSS_C_PEER_HAS_UPDATED_SPNEGO 1.3.6.1.4.1.5322.19.5
oid base GSS_C_NTLM_RESET_CRYPTO 1.3.6.1.4.1.7165.655.1.3
oid base GSS_NEGOEX_MECHANISM 1.3.6.1.4.1.311.2.2.30
#/*
# * OID mappings with name and short description and and slightly longer description
# */
desc mech GSS_KRB5_MECHANISM "Kerberos 5" "Heimdal Kerberos 5 mechanism"
desc mech GSS_NTLM_MECHANISM "NTLM" "Heimdal NTLM mechanism"
desc mech GSS_SPNEGO_MECHANISM "SPNEGO" "Heimdal SPNEGO mechanism"
desc ma GSS_C_MA_MECH_NAME "GSS mech name" "The name of the GSS-API mechanism"
desc ma GSS_C_MA_SASL_MECH_NAME "SASL mechanism name" "The name of the SASL mechanism"
desc ma GSS_C_MA_MECH_DESCRIPTION "Mech description" "The long description of the mechanism"
#/*
# * RFC5587
# */
oid base GSS_C_MA_MECH_CONCRETE 1.3.6.1.5.5.13.1
oid base GSS_C_MA_MECH_PSEUDO 1.3.6.1.5.5.13.2
oid base GSS_C_MA_MECH_COMPOSITE 1.3.6.1.5.5.13.3
oid base GSS_C_MA_MECH_NEGO 1.3.6.1.5.5.13.4
oid base GSS_C_MA_MECH_GLUE 1.3.6.1.5.5.13.5
oid base GSS_C_MA_NOT_MECH 1.3.6.1.5.5.13.6
oid base GSS_C_MA_DEPRECATED 1.3.6.1.5.5.13.7
oid base GSS_C_MA_NOT_DFLT_MECH 1.3.6.1.5.5.13.8
oid base GSS_C_MA_ITOK_FRAMED 1.3.6.1.5.5.13.9
oid base GSS_C_MA_AUTH_INIT 1.3.6.1.5.5.13.10
oid base GSS_C_MA_AUTH_TARG 1.3.6.1.5.5.13.11
oid base GSS_C_MA_AUTH_INIT_INIT 1.3.6.1.5.5.13.12
oid base GSS_C_MA_AUTH_TARG_INIT 1.3.6.1.5.5.13.13
oid base GSS_C_MA_AUTH_INIT_ANON 1.3.6.1.5.5.13.14
oid base GSS_C_MA_AUTH_TARG_ANON 1.3.6.1.5.5.13.15
oid base GSS_C_MA_DELEG_CRED 1.3.6.1.5.5.13.16
oid base GSS_C_MA_INTEG_PROT 1.3.6.1.5.5.13.17
oid base GSS_C_MA_CONF_PROT 1.3.6.1.5.5.13.18
oid base GSS_C_MA_MIC 1.3.6.1.5.5.13.19
oid base GSS_C_MA_WRAP 1.3.6.1.5.5.13.20
oid base GSS_C_MA_PROT_READY 1.3.6.1.5.5.13.21
oid base GSS_C_MA_REPLAY_DET 1.3.6.1.5.5.13.22
oid base GSS_C_MA_OOS_DET 1.3.6.1.5.5.13.23
oid base GSS_C_MA_CBINDINGS 1.3.6.1.5.5.13.24
oid base GSS_C_MA_PFS 1.3.6.1.5.5.13.25
oid base GSS_C_MA_COMPRESS 1.3.6.1.5.5.13.26
oid base GSS_C_MA_CTX_TRANS 1.3.6.1.5.5.13.27
oid base GSS_C_MA_NEGOEX_AND_SPNEGO 1.2.840.113554.1.2.2.5.18
desc ma GSS_C_MA_MECH_CONCRETE "concrete-mech" "Indicates that a mech is neither a pseudo-mechanism nor a composite mechanism"
desc ma GSS_C_MA_MECH_PSEUDO "pseudo-mech" ""
desc ma GSS_C_MA_MECH_COMPOSITE "composite-mech" ""
desc ma GSS_C_MA_MECH_NEGO "mech-negotiation-mech" ""
desc ma GSS_C_MA_MECH_GLUE "mech-glue" ""
desc ma GSS_C_MA_NOT_MECH "not-mech" ""
desc ma GSS_C_MA_DEPRECATED "mech-deprecated" ""
desc ma GSS_C_MA_NOT_DFLT_MECH "mech-not-default" ""
desc ma GSS_C_MA_ITOK_FRAMED "initial-is-framed" ""
desc ma GSS_C_MA_AUTH_INIT "auth-init-princ" ""
desc ma GSS_C_MA_AUTH_TARG "auth-targ-princ" ""
desc ma GSS_C_MA_AUTH_INIT_INIT "auth-init-princ-initial" ""
desc ma GSS_C_MA_AUTH_TARG_INIT "auth-targ-princ-initial" ""
desc ma GSS_C_MA_AUTH_INIT_ANON "auth-init-princ-anon" ""
desc ma GSS_C_MA_AUTH_TARG_ANON "auth-targ-princ-anon" ""
desc ma GSS_C_MA_DELEG_CRED "deleg-cred" ""
desc ma GSS_C_MA_INTEG_PROT "integ-prot" ""
desc ma GSS_C_MA_CONF_PROT "conf-prot" ""
desc ma GSS_C_MA_MIC "mic" ""
desc ma GSS_C_MA_WRAP "wrap" ""
desc ma GSS_C_MA_PROT_READY "prot-ready" ""
desc ma GSS_C_MA_REPLAY_DET "replay-detection" ""
desc ma GSS_C_MA_OOS_DET "oos-detection" ""
desc ma GSS_C_MA_CBINDINGS "channel-bindings" ""
desc ma GSS_C_MA_PFS "pfs" ""
desc ma GSS_C_MA_COMPRESS "compress" ""
desc ma GSS_C_MA_CTX_TRANS "context-transfer" ""
desc ma GSS_C_MA_NEGOEX_AND_SPNEGO "negoex-and-spnego" "Indicates that a mechanism supports both NegoEx and SPNEGO"
Reference in New Issue View Git Blame Copy Permalink