RxRPC: Allow key payloads to be passed in XDR form

Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and allows for future expansion. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: David Howells <dhowells@redhat.com> 2009-09-13 21:17:35 -0400
committer: David S. Miller <davem@davemloft.net> 2009-09-15 05:44:23 -0400
commit: 339412841d7620f93fea805fbd7469f08186f458 (patch)
tree: e2d385d76e3b9361671411442c5253417f95d5a6 /include/keys
parent: 8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff)
1 files changed, 55 insertions, 0 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index 7609365577f1..c0d91218fdd3 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -21,4 +21,59 @@ extern struct key_type key_type_rxrpc;
 extern struct key *rxrpc_get_null_key(const char *);
+/*
+ * RxRPC key for Kerberos IV (type-2 security)
+ */
+struct rxkad_key {
+        u32     vice_id;
+        u32     start;                  /* time at which ticket starts */
+        u32     expiry;                 /* time at which ticket expires */
+        u32     kvno;                   /* key version number */
+        u8      primary_flag;           /* T if key for primary cell for this user */
+        u16     ticket_len;             /* length of ticket[] */
+        u8      session_key[8];         /* DES session key */
+        u8      ticket[0];              /* the encrypted ticket */
+};
+/*
+ * list of tokens attached to an rxrpc key
+ */
+struct rxrpc_key_token {
+        u16     security_index;         /* RxRPC header security index */
+        struct rxrpc_key_token *next;   /* the next token in the list */
+        union {
+                struct rxkad_key *kad;
+        };
+};
+/*
+ * structure of raw payloads passed to add_key() or instantiate key
+ */
+struct rxrpc_key_data_v1 {
+        u32             kif_version;            /* 1 */
+        u16             security_index;
+        u16             ticket_length;
+        u32             expiry;                 /* time_t */
+        u32             kvno;
+        u8              session_key[8];
+        u8              ticket[0];
+};
+/*
+ * AF_RXRPC key payload derived from XDR format
+ * - based on openafs-1.4.10/src/auth/afs_token.xg
+ */
+#define AFSTOKEN_LENGTH_MAX             16384   /* max payload size */
+#define AFSTOKEN_CELL_MAX               64      /* max cellname length */
+#define AFSTOKEN_MAX                    8       /* max tokens per payload */
+#define AFSTOKEN_RK_TIX_MAX             12000   /* max RxKAD ticket size */
+#define AFSTOKEN_GK_KEY_MAX             64      /* max GSSAPI key size */
+#define AFSTOKEN_GK_TOKEN_MAX           16384   /* max GSSAPI token size */
+#define AFSTOKEN_K5_COMPONENTS_MAX      16      /* max K5 components */
+#define AFSTOKEN_K5_NAME_MAX            128     /* max K5 name length */
+#define AFSTOKEN_K5_REALM_MAX           64      /* max K5 realm name length */
+#define AFSTOKEN_K5_TIX_MAX             16384   /* max K5 ticket size */
+#define AFSTOKEN_K5_ADDRESSES_MAX       16      /* max K5 addresses */
+#define AFSTOKEN_K5_AUTHDATA_MAX        16      /* max K5 pieces of auth data */
 #endif /* _KEYS_RXRPC_TYPE_H */
author	David Howells <dhowells@redhat.com>	2009-09-13 21:17:35 -0400
committer	David S. Miller <davem@davemloft.net>	2009-09-15 05:44:23 -0400
commit	339412841d7620f93fea805fbd7469f08186f458 (patch)
tree	e2d385d76e3b9361671411442c5253417f95d5a6 /include/keys
parent	8b815477f382f96deefbe5bd4404fa7b31cf5dcf (diff)

diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h index 7609365577f1..c0d91218fdd3 100644 --- a/include/keys/rxrpc-type.h +++ b/include/keys/rxrpc-type.h
@@ -21,4 +21,59 @@ extern struct key_type key_type_rxrpc;
21		21
22	extern struct key rxrpc_get_null_key(const char );	22	extern struct key rxrpc_get_null_key(const char );
23		23
		24	/*
		25	* RxRPC key for Kerberos IV (type-2 security)
		26	*/
		27	struct rxkad_key {
		28	u32 vice_id;
		29	u32 start; /* time at which ticket starts */
		30	u32 expiry; /* time at which ticket expires */
		31	u32 kvno; /* key version number */
		32	u8 primary_flag; /* T if key for primary cell for this user */
		33	u16 ticket_len; /* length of ticket[] */
		34	u8 session_key[8]; /* DES session key */
		35	u8 ticket[0]; /* the encrypted ticket */
		36	};
		37
		38	/*
		39	* list of tokens attached to an rxrpc key
		40	*/
		41	struct rxrpc_key_token {
		42	u16 security_index; /* RxRPC header security index */
		43	struct rxrpc_key_token next; / the next token in the list */
		44	union {
		45	struct rxkad_key *kad;
		46	};
		47	};
		48
		49	/*
		50	* structure of raw payloads passed to add_key() or instantiate key
		51	*/
		52	struct rxrpc_key_data_v1 {
		53	u32 kif_version; /* 1 */
		54	u16 security_index;
		55	u16 ticket_length;
		56	u32 expiry; /* time_t */
		57	u32 kvno;
		58	u8 session_key[8];
		59	u8 ticket[0];
		60	};
		61
		62	/*
		63	* AF_RXRPC key payload derived from XDR format
		64	* - based on openafs-1.4.10/src/auth/afs_token.xg
		65	*/
		66	#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
		67	#define AFSTOKEN_CELL_MAX 64 /* max cellname length */
		68	#define AFSTOKEN_MAX 8 /* max tokens per payload */
		69	#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
		70	#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
		71	#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
		72	#define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */
		73	#define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */
		74	#define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */
		75	#define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */
		76	#define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */
		77	#define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */
		78
24	#endif /* _KEYS_RXRPC_TYPE_H */	79	#endif /* _KEYS_RXRPC_TYPE_H */