diff options
Diffstat (limited to 'asn1/spnego/spnego.asn')
-rw-r--r-- | asn1/spnego/spnego.asn | 91 |
1 files changed, 47 insertions, 44 deletions
diff --git a/asn1/spnego/spnego.asn b/asn1/spnego/spnego.asn index 190b3f1555..b62973df2f 100644 --- a/asn1/spnego/spnego.asn +++ b/asn1/spnego/spnego.asn @@ -13,21 +13,11 @@ NegotiationToken ::= CHOICE { MechTypeList ::= SEQUENCE OF MechType -- --- In some cases, the mechListMIC is a sequence of GeneralString, --- rather than an OCTET STRING. We define that sequence here so --- that we can call its dissector. --- The IRC discussion at +-- MS-SPNG tells us that the format of a negTokenInit is actually +-- negTokenInit2 if a negTokenInit is seen in a response. It might need +-- to be the first negTokenInit seen in a response, but I am not sure. +-- It will only occur in a NegotiateProtocol response in CIFS/SMB or SMB2. -- --- http://irc.vernstok.nl/samba-technical.dy --- --- seems to suggest that it's a Kerberos principal of some sort, thanks --- to some flavor of "embrace, extend, expectorate" sequence from --- Microsoft. --- -PrincipalSeq ::= SEQUENCE { - principal [0] GeneralString -} - NegTokenInit ::= SEQUENCE { mechTypes [0] MechTypeList OPTIONAL, reqFlags [1] ContextFlags OPTIONAL, @@ -35,6 +25,19 @@ NegTokenInit ::= SEQUENCE { mechListMIC [3] OCTET STRING OPTIONAL } +NegHints ::= SEQUENCE { + hintName [0] GeneralString OPTIONAL, + hintAddress [1] OCTET STRING OPTIONAL +} + +NegTokenInit2 ::= SEQUENCE { + mechTypes [0] MechTypeList OPTIONAL, + reqFlags [1] ContextFlags OPTIONAL, + mechToken [2] OCTET STRING OPTIONAL, + negHints [3] NegHints OPTIONAL, + mechListMIC [4] OCTET STRING OPTIONAL +} + ContextFlags ::= BIT STRING { delegFlag (0), mutualFlag (1), @@ -55,46 +58,46 @@ NegTokenTarg ::= SEQUENCE { mechListMIC [3] OCTET STRING OPTIONAL } ---GSS-API DEFINITIONS ::= ---BEGIN ---MechType ::= OBJECT IDENTIFIER --- data structure definitions --- callers must be able to distinguish among --- InitialContextToken, SubsequentContextToken, --- PerMsgToken, and SealedMessage data elements --- based on the usage in which they occur -InitialContextToken ::= - -- option indication (delegation, etc.) indicated within - -- mechanism-specific token -[APPLICATION 0] IMPLICIT SEQUENCE { - thisMech MechType, - innerContextToken InnerContextToken - -- DEFINED BY thisMech - -- contents mechanism-specific +--GSS-API DEFINITIONS ::= +--BEGIN +--MechType ::= OBJECT IDENTIFIER +-- data structure definitions +-- callers must be able to distinguish among +-- InitialContextToken, SubsequentContextToken, +-- PerMsgToken, and SealedMessage data elements +-- based on the usage in which they occur +InitialContextToken ::= + -- option indication (delegation, etc.) indicated within + -- mechanism-specific token +[APPLICATION 0] IMPLICIT SEQUENCE { + thisMech MechType, + innerContextToken InnerContextToken + -- DEFINED BY thisMech + -- contents mechanism-specific -- ASN.1 structure not required - } + } -- SubsequentContextToken ::= InnerContextToken InnerContextToken ::= ANY --- interpretation based on predecessor InitialContextToken --- ASN.1 structure not required +-- interpretation based on predecessor InitialContextToken +-- ASN.1 structure not required --- PerMsgToken ::= --- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC --- ASN.1 structure not required +-- PerMsgToken ::= +-- as emitted by GSS_GetMIC and processed by GSS_VerifyMIC +-- ASN.1 structure not required -- InnerMsgToken -- InnerMsgToken ::= ANY --- SealedMessage ::= --- as emitted by GSS_Wrap and processed by GSS_Unwrap --- includes internal, mechanism-defined indicator --- of whether or not encrypted --- ASN.1 structure not required --- SealedUserData - --- SealedUserData ::= ANY +-- SealedMessage ::= +-- as emitted by GSS_Wrap and processed by GSS_Unwrap +-- includes internal, mechanism-defined indicator +-- of whether or not encrypted +-- ASN.1 structure not required +-- SealedUserData + +-- SealedUserData ::= ANY -- END GSS-API DEFINITIONS |