RxRPC: Parse security index 5 keys (Kerberos 5)

Parse RxRPC security index 5 type keys (Kerberos 5 tokens). Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David Howells <dhowells@redhat.com> 2009-09-13 21:17:46 -0400
committer: David S. Miller <davem@davemloft.net> 2009-09-15 05:44:33 -0400
commit: 99455153d0670ba110e6a3b855b8369bcbd11120 (patch)
tree: 166ba6e3046654f7d1cd5f0debdcae1aa8938080 /include/keys
parent: ed6dd18b5aceb322da9840f01a68d648e91c8a72 (diff)
1 files changed, 52 insertions, 0 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index c0d91218fdd3..5eb23571b425 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -36,6 +36,54 @@ struct rxkad_key {
 };
 /*
+ * Kerberos 5 principal
+ *      name/name/name@realm
+ */
+struct krb5_principal {
+        u8      n_name_parts;           /* N of parts of the name part of the principal */
+        char    **name_parts;           /* parts of the name part of the principal */
+        char    *realm;                 /* parts of the realm part of the principal */
+};
+/*
+ * Kerberos 5 tagged data
+ */
+struct krb5_tagged_data {
+        /* for tag value, see /usr/include/krb5/krb5.h
+         * - KRB5_AUTHDATA_* for auth data
+         * - 
+         */
+        int32_t         tag;
+        uint32_t        data_len;
+        u8              *data;
+};
+/*
+ * RxRPC key for Kerberos V (type-5 security)
+ */
+struct rxk5_key {
+        uint64_t                authtime;       /* time at which auth token generated */
+        uint64_t                starttime;      /* time at which auth token starts */
+        uint64_t                endtime;        /* time at which auth token expired */
+        uint64_t                renew_till;     /* time to which auth token can be renewed */
+        int32_t                 is_skey;        /* T if ticket is encrypted in another ticket's
+                                                 * skey */
+        int32_t                 flags;          /* mask of TKT_FLG_* bits (krb5/krb5.h) */
+        struct krb5_principal   client;         /* client principal name */
+        struct krb5_principal   server;         /* server principal name */
+        uint16_t                ticket_len;     /* length of ticket */
+        uint16_t                ticket2_len;    /* length of second ticket */
+        u8                      n_authdata;     /* number of authorisation data elements */
+        u8                      n_addresses;    /* number of addresses */
+        struct krb5_tagged_data session;        /* session data; tag is enctype */
+        struct krb5_tagged_data *addresses;     /* addresses */
+        u8                      *ticket;        /* krb5 ticket */
+        u8                      *ticket2;       /* second krb5 ticket, if related to ticket (via
+                                                 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
+        struct krb5_tagged_data *authdata;      /* authorisation data */
+};
+/*
 * list of tokens attached to an rxrpc key
 */
 struct rxrpc_key_token {
@@ -43,6 +91,7 @@ struct rxrpc_key_token {
        struct rxrpc_key_token *next;   /* the next token in the list */
        union {
                struct rxkad_key *kad;
+                struct rxk5_key *k5;
        };
 };
@@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 {
 * - based on openafs-1.4.10/src/auth/afs_token.xg
 */
 #define AFSTOKEN_LENGTH_MAX             16384   /* max payload size */
+#define AFSTOKEN_STRING_MAX             256     /* max small string length */
+#define AFSTOKEN_DATA_MAX               64      /* max small data length */
 #define AFSTOKEN_CELL_MAX               64      /* max cellname length */
 #define AFSTOKEN_MAX                    8       /* max tokens per payload */
+#define AFSTOKEN_BDATALN_MAX            16384   /* max big data length */
 #define AFSTOKEN_RK_TIX_MAX             12000   /* max RxKAD ticket size */
 #define AFSTOKEN_GK_KEY_MAX             64      /* max GSSAPI key size */
 #define AFSTOKEN_GK_TOKEN_MAX           16384   /* max GSSAPI token size */
author	David Howells <dhowells@redhat.com>	2009-09-13 21:17:46 -0400
committer	David S. Miller <davem@davemloft.net>	2009-09-15 05:44:33 -0400
commit	99455153d0670ba110e6a3b855b8369bcbd11120 (patch)
tree	166ba6e3046654f7d1cd5f0debdcae1aa8938080 /include/keys
parent	ed6dd18b5aceb322da9840f01a68d648e91c8a72 (diff)

diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index c0d91218fdd3..5eb23571b425 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h
@@ -36,6 +36,54 @@ struct rxkad_key {
36	};	36	};
37		37
38	/*	38	/*
		39	* Kerberos 5 principal
		40	* name/name/name@realm
		41	*/
		42	struct krb5_principal {
		43	u8 n_name_parts; /* N of parts of the name part of the principal */
		44	char *name_parts; / parts of the name part of the principal */
		45	char realm; / parts of the realm part of the principal */
		46	};
		47
		48	/*
		49	* Kerberos 5 tagged data
		50	*/
		51	struct krb5_tagged_data {
		52	/* for tag value, see /usr/include/krb5/krb5.h
		53	* - KRB5_AUTHDATA_* for auth data
		54	* -
		55	*/
		56	int32_t tag;
		57	uint32_t data_len;
		58	u8 *data;
		59	};
		60
		61	/*
		62	* RxRPC key for Kerberos V (type-5 security)
		63	*/
		64	struct rxk5_key {
		65	uint64_t authtime; /* time at which auth token generated */
		66	uint64_t starttime; /* time at which auth token starts */
		67	uint64_t endtime; /* time at which auth token expired */
		68	uint64_t renew_till; /* time to which auth token can be renewed */
		69	int32_t is_skey; /* T if ticket is encrypted in another ticket's
		70	* skey */
		71	int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
		72	struct krb5_principal client; /* client principal name */
		73	struct krb5_principal server; /* server principal name */
		74	uint16_t ticket_len; /* length of ticket */
		75	uint16_t ticket2_len; /* length of second ticket */
		76	u8 n_authdata; /* number of authorisation data elements */
		77	u8 n_addresses; /* number of addresses */
		78	struct krb5_tagged_data session; /* session data; tag is enctype */
		79	struct krb5_tagged_data addresses; / addresses */
		80	u8 ticket; / krb5 ticket */
		81	u8 ticket2; / second krb5 ticket, if related to ticket (via
		82	* DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
		83	struct krb5_tagged_data authdata; / authorisation data */
		84	};
		85
		86	/*
39	* list of tokens attached to an rxrpc key	87	* list of tokens attached to an rxrpc key
40	*/	88	*/
41	struct rxrpc_key_token {	89	struct rxrpc_key_token {
@@ -43,6 +91,7 @@ struct rxrpc_key_token {
43	struct rxrpc_key_token next; / the next token in the list */	91	struct rxrpc_key_token next; / the next token in the list */
44	union {	92	union {
45	struct rxkad_key *kad;	93	struct rxkad_key *kad;
		94	struct rxk5_key *k5;
46	};	95	};
47	};	96	};
48		97
@@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 {
64	* - based on openafs-1.4.10/src/auth/afs_token.xg	113	* - based on openafs-1.4.10/src/auth/afs_token.xg
65	*/	114	*/
66	#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */	115	#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
		116	#define AFSTOKEN_STRING_MAX 256 /* max small string length */
		117	#define AFSTOKEN_DATA_MAX 64 /* max small data length */
67	#define AFSTOKEN_CELL_MAX 64 /* max cellname length */	118	#define AFSTOKEN_CELL_MAX 64 /* max cellname length */
68	#define AFSTOKEN_MAX 8 /* max tokens per payload */	119	#define AFSTOKEN_MAX 8 /* max tokens per payload */
		120	#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
69	#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */	121	#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
70	#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */	122	#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
71	#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */	123	#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */