102 lines
3.0 KiB
Groff
102 lines
3.0 KiB
Groff
Spnego {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) snego(2)}
|
|
-- (1.3.6.1.5.5.2)
|
|
DEFINITIONS ::=
|
|
|
|
BEGIN
|
|
|
|
MechType::= OBJECT IDENTIFIER
|
|
|
|
NegotiationToken ::= CHOICE {
|
|
negTokenInit [0] NegTokenInit,
|
|
negTokenTarg [1] NegTokenTarg }
|
|
|
|
MechTypeList ::= SEQUENCE OF MechType
|
|
|
|
--
|
|
-- In some cases, the mechListMIC is a sequence of GeneralString,
|
|
-- rather than an OCTET STRING. We define that sequence here so
|
|
-- that we can call its dissector.
|
|
-- The IRC discussion at
|
|
--
|
|
-- http://irc.vernstok.nl/samba-technical.dy
|
|
--
|
|
-- seems to suggest that it's a Kerberos principal of some sort, thanks
|
|
-- to some flavor of "embrace, extend, expectorate" sequence from
|
|
-- Microsoft.
|
|
--
|
|
PrincipalSeq ::= SEQUENCE {
|
|
principal [0] GeneralString
|
|
}
|
|
|
|
NegTokenInit ::= SEQUENCE {
|
|
mechTypes [0] MechTypeList OPTIONAL,
|
|
reqFlags [1] ContextFlags OPTIONAL,
|
|
mechToken [2] OCTET STRING OPTIONAL,
|
|
mechListMIC [3] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ContextFlags ::= BIT STRING {
|
|
delegFlag (0),
|
|
mutualFlag (1),
|
|
replayFlag (2),
|
|
sequenceFlag (3),
|
|
anonFlag (4),
|
|
confFlag (5),
|
|
integFlag (6)
|
|
}
|
|
|
|
NegTokenTarg ::= SEQUENCE {
|
|
negResult [0] ENUMERATED {
|
|
accept-completed (0),
|
|
accept-incomplete (1),
|
|
reject (2) } OPTIONAL,
|
|
supportedMech [1] MechType OPTIONAL,
|
|
responseToken [2] OCTET STRING OPTIONAL,
|
|
mechListMIC [3] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
--GSS-API DEFINITIONS ::=
|
|
--BEGIN
|
|
--MechType ::= OBJECT IDENTIFIER
|
|
-- data structure definitions
|
|
-- callers must be able to distinguish among
|
|
-- InitialContextToken, SubsequentContextToken,
|
|
-- PerMsgToken, and SealedMessage data elements
|
|
-- based on the usage in which they occur
|
|
InitialContextToken ::=
|
|
-- option indication (delegation, etc.) indicated within
|
|
-- mechanism-specific token
|
|
[APPLICATION 0] IMPLICIT SEQUENCE {
|
|
thisMech MechType,
|
|
innerContextToken InnerContextToken
|
|
-- DEFINED BY thisMech
|
|
-- contents mechanism-specific
|
|
-- ASN.1 structure not required
|
|
}
|
|
|
|
-- SubsequentContextToken ::= InnerContextToken
|
|
|
|
InnerContextToken ::= ANY
|
|
-- interpretation based on predecessor InitialContextToken
|
|
-- ASN.1 structure not required
|
|
|
|
-- PerMsgToken ::=
|
|
-- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC
|
|
-- ASN.1 structure not required
|
|
-- InnerMsgToken
|
|
|
|
-- InnerMsgToken ::= ANY
|
|
|
|
-- SealedMessage ::=
|
|
-- as emitted by GSS_Wrap and processed by GSS_Unwrap
|
|
-- includes internal, mechanism-defined indicator
|
|
-- of whether or not encrypted
|
|
-- ASN.1 structure not required
|
|
-- SealedUserData
|
|
|
|
-- SealedUserData ::= ANY
|
|
|
|
-- END GSS-API DEFINITIONS
|
|
|
|
END
|