blob: 5eb23571b42508a2f03c2c9ff2c2db21d5196f12 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/* RxRPC key type
*
* Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
#ifndef _KEYS_RXRPC_TYPE_H
#define _KEYS_RXRPC_TYPE_H
#include <linux/key.h>
/*
* key type for AF_RXRPC keys
*/
extern struct key_type key_type_rxrpc;
extern struct key *rxrpc_get_null_key(const char *);
/*
* RxRPC key for Kerberos IV (type-2 security)
*/
struct rxkad_key {
u32 vice_id;
u32 start; /* time at which ticket starts */
u32 expiry; /* time at which ticket expires */
u32 kvno; /* key version number */
u8 primary_flag; /* T if key for primary cell for this user */
u16 ticket_len; /* length of ticket[] */
u8 session_key[8]; /* DES session key */
u8 ticket[0]; /* the encrypted ticket */
};
/*
* Kerberos 5 principal
* name/name/name@realm
*/
struct krb5_principal {
u8 n_name_parts; /* N of parts of the name part of the principal */
char **name_parts; /* parts of the name part of the principal */
char *realm; /* parts of the realm part of the principal */
};
/*
* Kerberos 5 tagged data
*/
struct krb5_tagged_data {
/* for tag value, see /usr/include/krb5/krb5.h
* - KRB5_AUTHDATA_* for auth data
* -
*/
int32_t tag;
uint32_t data_len;
u8 *data;
};
/*
* RxRPC key for Kerberos V (type-5 security)
*/
struct rxk5_key {
uint64_t authtime; /* time at which auth token generated */
uint64_t starttime; /* time at which auth token starts */
uint64_t endtime; /* time at which auth token expired */
uint64_t renew_till; /* time to which auth token can be renewed */
int32_t is_skey; /* T if ticket is encrypted in another ticket's
* skey */
int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
struct krb5_principal client; /* client principal name */
struct krb5_principal server; /* server principal name */
uint16_t ticket_len; /* length of ticket */
uint16_t ticket2_len; /* length of second ticket */
u8 n_authdata; /* number of authorisation data elements */
u8 n_addresses; /* number of addresses */
struct krb5_tagged_data session; /* session data; tag is enctype */
struct krb5_tagged_data *addresses; /* addresses */
u8 *ticket; /* krb5 ticket */
u8 *ticket2; /* second krb5 ticket, if related to ticket (via
* DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
struct krb5_tagged_data *authdata; /* authorisation data */
};
/*
* list of tokens attached to an rxrpc key
*/
struct rxrpc_key_token {
u16 security_index; /* RxRPC header security index */
struct rxrpc_key_token *next; /* the next token in the list */
union {
struct rxkad_key *kad;
struct rxk5_key *k5;
};
};
/*
* structure of raw payloads passed to add_key() or instantiate key
*/
struct rxrpc_key_data_v1 {
u32 kif_version; /* 1 */
u16 security_index;
u16 ticket_length;
u32 expiry; /* time_t */
u32 kvno;
u8 session_key[8];
u8 ticket[0];
};
/*
* AF_RXRPC key payload derived from XDR format
* - based on openafs-1.4.10/src/auth/afs_token.xg
*/
#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
#define AFSTOKEN_STRING_MAX 256 /* max small string length */
#define AFSTOKEN_DATA_MAX 64 /* max small data length */
#define AFSTOKEN_CELL_MAX 64 /* max cellname length */
#define AFSTOKEN_MAX 8 /* max tokens per payload */
#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
#define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
#define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
#define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
#define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
#define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
#define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */
#endif /* _KEYS_RXRPC_TYPE_H */
|