105 lines
3.2 KiB
Groff
105 lines
3.2 KiB
Groff
Spnego {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) snego(2)}
|
|
-- (1.3.6.1.5.5.2)
|
|
DEFINITIONS ::=
|
|
|
|
BEGIN
|
|
|
|
MechType::= OBJECT IDENTIFIER
|
|
|
|
NegotiationToken ::= CHOICE {
|
|
negTokenInit [0] NegTokenInit,
|
|
negTokenTarg [1] NegTokenTarg }
|
|
|
|
MechTypeList ::= SEQUENCE OF MechType
|
|
|
|
--
|
|
-- MS-SPNG tells us that the format of a negTokenInit is actually
|
|
-- negTokenInit2 if a negTokenInit is seen in a response. It might need
|
|
-- to be the first negTokenInit seen in a response, but I am not sure.
|
|
-- It will only occur in a NegotiateProtocol response in CIFS/SMB or SMB2.
|
|
--
|
|
NegTokenInit ::= SEQUENCE {
|
|
mechTypes [0] MechTypeList OPTIONAL,
|
|
reqFlags [1] ContextFlags OPTIONAL,
|
|
mechToken [2] OCTET STRING OPTIONAL,
|
|
mechListMIC [3] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
NegHints ::= SEQUENCE {
|
|
hintName [0] GeneralString OPTIONAL,
|
|
hintAddress [1] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
NegTokenInit2 ::= SEQUENCE {
|
|
mechTypes [0] MechTypeList OPTIONAL,
|
|
reqFlags [1] ContextFlags OPTIONAL,
|
|
mechToken [2] OCTET STRING OPTIONAL,
|
|
negHints [3] NegHints OPTIONAL,
|
|
mechListMIC [4] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
ContextFlags ::= BIT STRING {
|
|
delegFlag (0),
|
|
mutualFlag (1),
|
|
replayFlag (2),
|
|
sequenceFlag (3),
|
|
anonFlag (4),
|
|
confFlag (5),
|
|
integFlag (6)
|
|
}
|
|
|
|
NegTokenTarg ::= SEQUENCE {
|
|
negResult [0] ENUMERATED {
|
|
accept-completed (0),
|
|
accept-incomplete (1),
|
|
reject (2) } OPTIONAL,
|
|
supportedMech [1] MechType OPTIONAL,
|
|
responseToken [2] OCTET STRING OPTIONAL,
|
|
mechListMIC [3] OCTET STRING OPTIONAL
|
|
}
|
|
|
|
--GSS-API DEFINITIONS ::=
|
|
--BEGIN
|
|
--MechType ::= OBJECT IDENTIFIER
|
|
-- data structure definitions
|
|
-- callers must be able to distinguish among
|
|
-- InitialContextToken, SubsequentContextToken,
|
|
-- PerMsgToken, and SealedMessage data elements
|
|
-- based on the usage in which they occur
|
|
InitialContextToken ::=
|
|
-- option indication (delegation, etc.) indicated within
|
|
-- mechanism-specific token
|
|
[APPLICATION 0] IMPLICIT SEQUENCE {
|
|
thisMech MechType,
|
|
innerContextToken InnerContextToken
|
|
-- DEFINED BY thisMech
|
|
-- contents mechanism-specific
|
|
-- ASN.1 structure not required
|
|
}
|
|
|
|
-- SubsequentContextToken ::= InnerContextToken
|
|
|
|
InnerContextToken ::= ANY
|
|
-- interpretation based on predecessor InitialContextToken
|
|
-- ASN.1 structure not required
|
|
|
|
-- PerMsgToken ::=
|
|
-- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC
|
|
-- ASN.1 structure not required
|
|
-- InnerMsgToken
|
|
|
|
-- InnerMsgToken ::= ANY
|
|
|
|
-- SealedMessage ::=
|
|
-- as emitted by GSS_Wrap and processed by GSS_Unwrap
|
|
-- includes internal, mechanism-defined indicator
|
|
-- of whether or not encrypted
|
|
-- ASN.1 structure not required
|
|
-- SealedUserData
|
|
|
|
-- SealedUserData ::= ANY
|
|
|
|
-- END GSS-API DEFINITIONS
|
|
|
|
END
|