aboutsummaryrefslogtreecommitdiffstats
path: root/include/keys
diff options
context:
space:
mode:
Diffstat (limited to 'include/keys')
-rw-r--r--include/keys/rxrpc-type.h52
1 files changed, 52 insertions, 0 deletions
diff --git a/include/keys/rxrpc-type.h b/include/keys/rxrpc-type.h
index c0d91218fdd3..5eb23571b425 100644
--- a/include/keys/rxrpc-type.h
+++ b/include/keys/rxrpc-type.h
@@ -36,6 +36,54 @@ struct rxkad_key {
36}; 36};
37 37
38/* 38/*
39 * Kerberos 5 principal
40 * name/name/name@realm
41 */
42struct krb5_principal {
43 u8 n_name_parts; /* N of parts of the name part of the principal */
44 char **name_parts; /* parts of the name part of the principal */
45 char *realm; /* parts of the realm part of the principal */
46};
47
48/*
49 * Kerberos 5 tagged data
50 */
51struct krb5_tagged_data {
52 /* for tag value, see /usr/include/krb5/krb5.h
53 * - KRB5_AUTHDATA_* for auth data
54 * -
55 */
56 int32_t tag;
57 uint32_t data_len;
58 u8 *data;
59};
60
61/*
62 * RxRPC key for Kerberos V (type-5 security)
63 */
64struct rxk5_key {
65 uint64_t authtime; /* time at which auth token generated */
66 uint64_t starttime; /* time at which auth token starts */
67 uint64_t endtime; /* time at which auth token expired */
68 uint64_t renew_till; /* time to which auth token can be renewed */
69 int32_t is_skey; /* T if ticket is encrypted in another ticket's
70 * skey */
71 int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
72 struct krb5_principal client; /* client principal name */
73 struct krb5_principal server; /* server principal name */
74 uint16_t ticket_len; /* length of ticket */
75 uint16_t ticket2_len; /* length of second ticket */
76 u8 n_authdata; /* number of authorisation data elements */
77 u8 n_addresses; /* number of addresses */
78 struct krb5_tagged_data session; /* session data; tag is enctype */
79 struct krb5_tagged_data *addresses; /* addresses */
80 u8 *ticket; /* krb5 ticket */
81 u8 *ticket2; /* second krb5 ticket, if related to ticket (via
82 * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
83 struct krb5_tagged_data *authdata; /* authorisation data */
84};
85
86/*
39 * list of tokens attached to an rxrpc key 87 * list of tokens attached to an rxrpc key
40 */ 88 */
41struct rxrpc_key_token { 89struct rxrpc_key_token {
@@ -43,6 +91,7 @@ struct rxrpc_key_token {
43 struct rxrpc_key_token *next; /* the next token in the list */ 91 struct rxrpc_key_token *next; /* the next token in the list */
44 union { 92 union {
45 struct rxkad_key *kad; 93 struct rxkad_key *kad;
94 struct rxk5_key *k5;
46 }; 95 };
47}; 96};
48 97
@@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 {
64 * - based on openafs-1.4.10/src/auth/afs_token.xg 113 * - based on openafs-1.4.10/src/auth/afs_token.xg
65 */ 114 */
66#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ 115#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
116#define AFSTOKEN_STRING_MAX 256 /* max small string length */
117#define AFSTOKEN_DATA_MAX 64 /* max small data length */
67#define AFSTOKEN_CELL_MAX 64 /* max cellname length */ 118#define AFSTOKEN_CELL_MAX 64 /* max cellname length */
68#define AFSTOKEN_MAX 8 /* max tokens per payload */ 119#define AFSTOKEN_MAX 8 /* max tokens per payload */
120#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
69#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ 121#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
70#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ 122#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
71#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ 123#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */