diff options
author | David Howells <dhowells@redhat.com> | 2009-09-14 01:17:46 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2009-09-15 02:44:33 -0700 |
commit | 99455153d0670ba110e6a3b855b8369bcbd11120 (patch) | |
tree | 166ba6e3046654f7d1cd5f0debdcae1aa8938080 /include/keys | |
parent | ed6dd18b5aceb322da9840f01a68d648e91c8a72 (diff) | |
download | lwn-99455153d0670ba110e6a3b855b8369bcbd11120.tar.gz lwn-99455153d0670ba110e6a3b855b8369bcbd11120.zip |
RxRPC: Parse security index 5 keys (Kerberos 5)
Parse RxRPC security index 5 type keys (Kerberos 5 tokens).
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/keys')
-rw-r--r-- | include/keys/rxrpc-type.h | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index c0d91218fdd3..5eb23571b425 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h @@ -36,6 +36,54 @@ struct rxkad_key { }; /* + * Kerberos 5 principal + * name/name/name@realm + */ +struct krb5_principal { + u8 n_name_parts; /* N of parts of the name part of the principal */ + char **name_parts; /* parts of the name part of the principal */ + char *realm; /* parts of the realm part of the principal */ +}; + +/* + * Kerberos 5 tagged data + */ +struct krb5_tagged_data { + /* for tag value, see /usr/include/krb5/krb5.h + * - KRB5_AUTHDATA_* for auth data + * - + */ + int32_t tag; + uint32_t data_len; + u8 *data; +}; + +/* + * RxRPC key for Kerberos V (type-5 security) + */ +struct rxk5_key { + uint64_t authtime; /* time at which auth token generated */ + uint64_t starttime; /* time at which auth token starts */ + uint64_t endtime; /* time at which auth token expired */ + uint64_t renew_till; /* time to which auth token can be renewed */ + int32_t is_skey; /* T if ticket is encrypted in another ticket's + * skey */ + int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ + struct krb5_principal client; /* client principal name */ + struct krb5_principal server; /* server principal name */ + uint16_t ticket_len; /* length of ticket */ + uint16_t ticket2_len; /* length of second ticket */ + u8 n_authdata; /* number of authorisation data elements */ + u8 n_addresses; /* number of addresses */ + struct krb5_tagged_data session; /* session data; tag is enctype */ + struct krb5_tagged_data *addresses; /* addresses */ + u8 *ticket; /* krb5 ticket */ + u8 *ticket2; /* second krb5 ticket, if related to ticket (via + * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ + struct krb5_tagged_data *authdata; /* authorisation data */ +}; + +/* * list of tokens attached to an rxrpc key */ struct rxrpc_key_token { @@ -43,6 +91,7 @@ struct rxrpc_key_token { struct rxrpc_key_token *next; /* the next token in the list */ union { struct rxkad_key *kad; + struct rxk5_key *k5; }; }; @@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 { * - based on openafs-1.4.10/src/auth/afs_token.xg */ #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ +#define AFSTOKEN_STRING_MAX 256 /* max small string length */ +#define AFSTOKEN_DATA_MAX 64 /* max small data length */ #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ #define AFSTOKEN_MAX 8 /* max tokens per payload */ +#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ |