| 1 | -- $Id$
|
|---|
| 2 |
|
|---|
| 3 | SETCHGPW2 DEFINITIONS ::=
|
|---|
| 4 | BEGIN
|
|---|
| 5 |
|
|---|
| 6 | IMPORTS PrincipalName, Realm, ENCTYPE FROM krb5;
|
|---|
| 7 |
|
|---|
| 8 | ProtocolErrorCode ::= ENUMERATED {
|
|---|
| 9 | generic-error(0),
|
|---|
| 10 | unsupported-major-version(1),
|
|---|
| 11 | unsupported-minor-version(2),
|
|---|
| 12 | unsupported-operation(3),
|
|---|
| 13 | authorization-failed(4),
|
|---|
| 14 | initial-ticket-required(5),
|
|---|
| 15 | target-principal-unknown(6),
|
|---|
| 16 | ...
|
|---|
| 17 | }
|
|---|
| 18 |
|
|---|
| 19 | Key ::= SEQUENCE {
|
|---|
| 20 | enc-type[0] INTEGER,
|
|---|
| 21 | key[1] OCTET STRING,
|
|---|
| 22 | ...
|
|---|
| 23 | }
|
|---|
| 24 |
|
|---|
| 25 | Language-Tag ::= UTF8String -- Constrained by RFC3066
|
|---|
| 26 |
|
|---|
| 27 | LangTaggedText ::= SEQUENCE {
|
|---|
| 28 | language[0] Language-Tag OPTIONAL,
|
|---|
| 29 | text[1] UTF8String,
|
|---|
| 30 | ...
|
|---|
| 31 | }
|
|---|
| 32 |
|
|---|
| 33 | -- NULL Op
|
|---|
| 34 |
|
|---|
| 35 | Req-null ::= NULL
|
|---|
| 36 | Rep-null ::= NULL
|
|---|
| 37 | Err-null ::= NULL
|
|---|
| 38 |
|
|---|
| 39 | -- Change password
|
|---|
| 40 | Req-change-pw ::= SEQUENCE {
|
|---|
| 41 | old-pw[0] UTF8String,
|
|---|
| 42 | new-pw[1] UTF8String OPTIONAL,
|
|---|
| 43 | etypes[2] SEQUENCE OF ENCTYPE OPTIONAL,
|
|---|
| 44 | ...
|
|---|
| 45 | }
|
|---|
| 46 |
|
|---|
| 47 | Rep-change-pw ::= SEQUENCE {
|
|---|
| 48 | info-text[0] UTF8String OPTIONAL,
|
|---|
| 49 | new-pw[1] UTF8String OPTIONAL,
|
|---|
| 50 | etypes[2] SEQUENCE OF ENCTYPE OPTIONAL
|
|---|
| 51 | }
|
|---|
| 52 |
|
|---|
| 53 | Err-change-pw ::= SEQUENCE {
|
|---|
| 54 | help-text[0] UTF8String OPTIONAL,
|
|---|
| 55 | code[1] ENUMERATED {
|
|---|
| 56 | generic(0),
|
|---|
| 57 | wont-generate-new-pw(1),
|
|---|
| 58 | old-pw-incorrect(2),
|
|---|
| 59 | new-pw-rejected-geneneric(3),
|
|---|
| 60 | pw-change-too-short(4),
|
|---|
| 61 | ...
|
|---|
| 62 | },
|
|---|
| 63 | suggested-new-pw[2] UTF8String OPTIONAL,
|
|---|
| 64 | ...
|
|---|
| 65 | }
|
|---|
| 66 |
|
|---|
| 67 | -- Change/Set keys
|
|---|
| 68 | Req-set-keys ::= SEQUENCE {
|
|---|
| 69 | etypes[0] SEQUENCE OF ENCTYPE,
|
|---|
| 70 | entropy[1] OCTET STRING,
|
|---|
| 71 | ...
|
|---|
| 72 | }
|
|---|
| 73 |
|
|---|
| 74 | Rep-set-keys ::= SEQUENCE {
|
|---|
| 75 | info-text[0] UTF8String OPTIONAL,
|
|---|
| 76 | kvno[1] INTEGER,
|
|---|
| 77 | keys[2] SEQUENCE OF Key,
|
|---|
| 78 | aliases[3] SEQUENCE OF SEQUENCE {
|
|---|
| 79 | name[0] PrincipalName,
|
|---|
| 80 | realm[1] Realm OPTIONAL,
|
|---|
| 81 | ...
|
|---|
| 82 | },
|
|---|
| 83 | ...
|
|---|
| 84 | }
|
|---|
| 85 |
|
|---|
| 86 | Err-set-keys ::= SEQUENCE {
|
|---|
| 87 | help-text[0] UTF8String OPTIONAL,
|
|---|
| 88 | enctypes[1] SEQUENCE OF ENCTYPE OPTIONAL,
|
|---|
| 89 | code[1] ENUMERATED {
|
|---|
| 90 | etype-no-support(0),
|
|---|
| 91 | ...
|
|---|
| 92 | },
|
|---|
| 93 | ...
|
|---|
| 94 | }
|
|---|
| 95 |
|
|---|
| 96 | -- Get password policy
|
|---|
| 97 | Req-get-pw-policy ::= NULL
|
|---|
| 98 |
|
|---|
| 99 | Rep-get-pw-policy ::= SEQUENCE {
|
|---|
| 100 | help-text[0] UTF8String OPTIONAL,
|
|---|
| 101 | policy-name[1] UTF8String OPTIONAL,
|
|---|
| 102 | description[2] UTF8String OPTIONAL,
|
|---|
| 103 | ...
|
|---|
| 104 | }
|
|---|
| 105 |
|
|---|
| 106 | Err-get-pw-policy ::= NULL
|
|---|
| 107 |
|
|---|
| 108 | -- Get principal aliases
|
|---|
| 109 | Req-get-princ-aliases ::= NULL
|
|---|
| 110 |
|
|---|
| 111 | Rep-get-princ-aliases ::= SEQUENCE {
|
|---|
| 112 | help-text[0] UTF8String OPTIONAL,
|
|---|
| 113 | aliases[1] SEQUENCE OF SEQUENCE {
|
|---|
| 114 | name[0] PrincipalName,
|
|---|
| 115 | realm[1] Realm OPTIONAL,
|
|---|
| 116 | ...
|
|---|
| 117 | } OPTIONAL,
|
|---|
| 118 | ...
|
|---|
| 119 | }
|
|---|
| 120 |
|
|---|
| 121 | Err-get-princ-aliases ::= NULL
|
|---|
| 122 |
|
|---|
| 123 | -- Get list of encryption types supported by KDC for new types
|
|---|
| 124 | Req-get-supported-etypes ::= NULL
|
|---|
| 125 |
|
|---|
| 126 | Rep-get-supported-etypes ::= SEQUENCE OF ENCTYPE
|
|---|
| 127 |
|
|---|
| 128 | Err-get-supported-etypes ::= NULL
|
|---|
| 129 |
|
|---|
| 130 | -- Choice switch
|
|---|
| 131 |
|
|---|
| 132 | Op-req ::= CHOICE {
|
|---|
| 133 | null[0] Req-null,
|
|---|
| 134 | change-pw[1] Req-change-pw,
|
|---|
| 135 | set-keys[2] Req-set-keys,
|
|---|
| 136 | get-pw-policy[3] Req-get-pw-policy,
|
|---|
| 137 | get-princ-aliases[4] Req-get-princ-aliases,
|
|---|
| 138 | get-supported-etypes[5] Req-get-supported-etypes,
|
|---|
| 139 | ...
|
|---|
| 140 | }
|
|---|
| 141 |
|
|---|
| 142 | Op-rep ::= CHOICE {
|
|---|
| 143 | null[0] Rep-null,
|
|---|
| 144 | change-pw[1] Rep-change-pw,
|
|---|
| 145 | set-keys[2] Rep-set-keys,
|
|---|
| 146 | get-pw-policy[3] Rep-get-pw-policy,
|
|---|
| 147 | get-princ-aliases[4] Rep-get-princ-aliases,
|
|---|
| 148 | get-supported-etypes[5] Rep-get-supported-etypes,
|
|---|
| 149 | ...
|
|---|
| 150 | }
|
|---|
| 151 |
|
|---|
| 152 | Op-error ::= CHOICE {
|
|---|
| 153 | null[0] Err-null,
|
|---|
| 154 | change-pw[1] Err-change-pw,
|
|---|
| 155 | set-keys[2] Err-set-keys,
|
|---|
| 156 | get-pw-policy[3] Err-get-pw-policy,
|
|---|
| 157 | get-princ-aliases[4] Err-get-princ-aliases,
|
|---|
| 158 | get-supported-etypes[5] Err-get-supported-etypes,
|
|---|
| 159 | ...
|
|---|
| 160 | }
|
|---|
| 161 |
|
|---|
| 162 |
|
|---|
| 163 | Request ::= [ APPLICATION 0 ] SEQUENCE {
|
|---|
| 164 | pvno-major[0] INTEGER DEFAULT 2,
|
|---|
| 165 | pvno-minor[1] INTEGER DEFAULT 0,
|
|---|
| 166 | languages[2] SEQUENCE OF Language-Tag OPTIONAL,
|
|---|
| 167 | targ-name[3] PrincipalName OPTIONAL,
|
|---|
| 168 | targ-realm[4] Realm OPTIONAL,
|
|---|
| 169 | operation[5] Op-Req,
|
|---|
| 170 | ...
|
|---|
| 171 | }
|
|---|
| 172 |
|
|---|
| 173 | Response ::= [ APPLICATION 1 ] SEQUENCE {
|
|---|
| 174 | pvno-major[0] INTEGER DEFAULT 2,
|
|---|
| 175 | pvno-minor[1] INTEGER DEFAULT 0,
|
|---|
| 176 | language[2] Language-Tag DEFAULT "i-default",
|
|---|
| 177 | result[3] Op-rep OPTIONAL,
|
|---|
| 178 | ...
|
|---|
| 179 | }
|
|---|
| 180 |
|
|---|
| 181 | Error-Response ::= [ APPLICATION 2 ] SEQUENCE {
|
|---|
| 182 | pvno-major[0] INTEGER DEFAULT 2,
|
|---|
| 183 | pvno-minor[1] INTEGER DEFAULT 0,
|
|---|
| 184 | language[2] Language-Tag DEFAULT "i-default",
|
|---|
| 185 | error-code[3] ProtocolErrorCode,
|
|---|
| 186 | help-text[4] UTF8String OPTIONAL,
|
|---|
| 187 | op-error[5] Op-error OP-ERROR,
|
|---|
| 188 | ...
|
|---|
| 189 | }
|
|---|
| 190 |
|
|---|
| 191 | END
|
|---|
| 192 |
|
|---|
| 193 | -- etags -r '/\([A-Za-z][-A-Za-z0-9]*\).*::=/\1/' setchgpw2.asn1
|
|---|
