crypto/heimdal/lib/hdb/hdb.asn1

   1 -- $Id: hdb.asn1 20236 2007-02-16 23:52:29Z lha $
   2 HDB DEFINITIONS ::=
   3 BEGIN
   4
   5 IMPORTS EncryptionKey, KerberosTime, Principal FROM krb5;
   6
   7 HDB_DB_FORMAT INTEGER ::= 2     -- format of database,
   8                                 -- update when making changes
   9
  10 -- these must have the same value as the pa-* counterparts
  11 hdb-pw-salt     INTEGER ::= 3
  12 hdb-afs3-salt   INTEGER ::= 10
  13
  14 Salt ::= SEQUENCE {
  15         type[0]         INTEGER (0..4294967295),
  16         salt[1]         OCTET STRING
  17 }
  18
  19 Key ::= SEQUENCE {
  20         mkvno[0]        INTEGER (0..4294967295) OPTIONAL, -- master key version number
  21         key[1]          EncryptionKey,
  22         salt[2]         Salt OPTIONAL
  23 }
  24
  25 Event ::= SEQUENCE {
  26         time[0]         KerberosTime,
  27         principal[1]    Principal OPTIONAL
  28 }
  29
  30 HDBFlags ::= BIT STRING {
  31         initial(0),                     -- require as-req
  32         forwardable(1),                 -- may issue forwardable
  33         proxiable(2),                   -- may issue proxiable
  34         renewable(3),                   -- may issue renewable
  35         postdate(4),                    -- may issue postdatable
  36         server(5),                      -- may be server
  37         client(6),                      -- may be client
  38         invalid(7),                     -- entry is invalid
  39         require-preauth(8),             -- must use preauth
  40         change-pw(9),                   -- change password service
  41         require-hwauth(10),             -- must use hwauth
  42         ok-as-delegate(11),             -- as in TicketFlags
  43         user-to-user(12),               -- may use user-to-user auth
  44         immutable(13),                  -- may not be deleted
  45         trusted-for-delegation(14),     -- Trusted to print forwardabled tickets
  46         allow-kerberos4(15),            -- Allow Kerberos 4 requests
  47         allow-digest(16)                -- Allow digest requests
  48 }
  49
  50 GENERATION ::= SEQUENCE {
  51         time[0]         KerberosTime,                   -- timestamp
  52         usec[1]         INTEGER (0..4294967295),        -- microseconds
  53         gen[2]          INTEGER (0..4294967295)         -- generation number
  54 }
  55
  56 HDB-Ext-PKINIT-acl ::= SEQUENCE OF SEQUENCE {
  57         subject[0]      UTF8String,
  58         issuer[1]       UTF8String OPTIONAL,
  59         anchor[2]       UTF8String OPTIONAL
  60 }
  61
  62 HDB-Ext-PKINIT-hash ::= SEQUENCE OF SEQUENCE {
  63         digest-type[0] OBJECT IDENTIFIER,
  64         digest[1] OCTET STRING
  65 }
  66
  67 HDB-Ext-Constrained-delegation-acl ::= SEQUENCE OF Principal
  68
  69 -- hdb-ext-referrals ::= PA-SERVER-REFERRAL-DATA
  70
  71 HDB-Ext-Lan-Manager-OWF ::= OCTET STRING
  72
  73 HDB-Ext-Password ::= SEQUENCE {
  74         mkvno[0]        INTEGER (0..4294967295) OPTIONAL, -- master key version number
  75         password        OCTET STRING
  76 }
  77
  78 HDB-Ext-Aliases ::= SEQUENCE {
  79         case-insensitive[0]     BOOLEAN, -- case insensitive name allowed
  80         aliases[1]              SEQUENCE OF Principal -- all names, inc primary
  81 }
  82
  83
  84 HDB-extension ::= SEQUENCE {
  85         mandatory[0]    BOOLEAN,        -- kdc MUST understand this extension,
  86                                         --   if not the whole entry must
  87                                         --   be rejected
  88         data[1]          CHOICE {
  89                 pkinit-acl[0]                   HDB-Ext-PKINIT-acl,
  90                 pkinit-cert-hash[1]             HDB-Ext-PKINIT-hash,
  91                 allowed-to-delegate-to[2]   HDB-Ext-Constrained-delegation-acl,
  92 --              referral-info[3]                HDB-Ext-Referrals,
  93                 lm-owf[4]                       HDB-Ext-Lan-Manager-OWF,
  94                 password[5]                     HDB-Ext-Password,
  95                 aliases[6]                      HDB-Ext-Aliases,
  96                 last-pw-change[7]               KerberosTime,
  97                 ...
  98         },
  99         ...
 100 }
 101
 102 HDB-extensions ::= SEQUENCE OF HDB-extension
 103
 104
 105 hdb_entry ::= SEQUENCE {
 106         principal[0]    Principal  OPTIONAL, -- this is optional only
 107                                              -- for compatibility with libkrb5
 108         kvno[1]         INTEGER (0..4294967295),
 109         keys[2]         SEQUENCE OF Key,
 110         created-by[3]   Event,
 111         modified-by[4]  Event OPTIONAL,
 112         valid-start[5]  KerberosTime OPTIONAL,
 113         valid-end[6]    KerberosTime OPTIONAL,
 114         pw-end[7]       KerberosTime OPTIONAL,
 115         max-life[8]     INTEGER (0..4294967295) OPTIONAL,
 116         max-renew[9]    INTEGER (0..4294967295) OPTIONAL,
 117         flags[10]       HDBFlags,
 118         etypes[11]      SEQUENCE OF INTEGER (0..4294967295) OPTIONAL,
 119         generation[12]  GENERATION OPTIONAL,
 120         extensions[13]  HDB-extensions OPTIONAL
 121 }
 122
 123 hdb_entry_alias ::= [APPLICATION 0] SEQUENCE {
 124         principal[0]    Principal  OPTIONAL
 125 }
 126
 127 END