git://bbs.cooldavid.org / net-next-2.6.git / blame
| Commit | Line | Data |
|---|---|---|
| 17926a79 DH |
1 | /* RxRPC key type |
| 2 | * | |
| 3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. | |
| 4 | * Written by David Howells (dhowells@redhat.com) | |
| 5 | * | |
| 6 | * This program is free software; you can redistribute it and/or | |
| 7 | * modify it under the terms of the GNU General Public License | |
| 8 | * as published by the Free Software Foundation; either version | |
| 9 | * 2 of the License, or (at your option) any later version. | |
| 10 | */ | |
| 11 | ||
| 12 | #ifndef _KEYS_RXRPC_TYPE_H | |
| 13 | #define _KEYS_RXRPC_TYPE_H | |
| 14 | ||
| 15 | #include <linux/key.h> | |
| 16 | ||
| 17 | /* | |
| 18 | * key type for AF_RXRPC keys | |
| 19 | */ | |
| 20 | extern struct key_type key_type_rxrpc; | |
| 21 | ||
| 76181c13 DH |
22 | extern struct key *rxrpc_get_null_key(const char *); |
| 23 | ||
| 33941284 DH |
24 | /* |
| 25 | * RxRPC key for Kerberos IV (type-2 security) | |
| 26 | */ | |
| 27 | struct rxkad_key { | |
| 28 | u32 vice_id; | |
| 29 | u32 start; /* time at which ticket starts */ | |
| 30 | u32 expiry; /* time at which ticket expires */ | |
| 31 | u32 kvno; /* key version number */ | |
| 32 | u8 primary_flag; /* T if key for primary cell for this user */ | |
| 33 | u16 ticket_len; /* length of ticket[] */ | |
| 34 | u8 session_key[8]; /* DES session key */ | |
| 35 | u8 ticket[0]; /* the encrypted ticket */ | |
| 36 | }; | |
| 37 | ||
| 99455153 DH |
38 | /* |
| 39 | * Kerberos 5 principal | |
| 40 | * name/name/name@realm | |
| 41 | */ | |
| 42 | struct krb5_principal { | |
| 43 | u8 n_name_parts; /* N of parts of the name part of the principal */ | |
| 44 | char **name_parts; /* parts of the name part of the principal */ | |
| 45 | char *realm; /* parts of the realm part of the principal */ | |
| 46 | }; | |
| 47 | ||
| 48 | /* | |
| 49 | * Kerberos 5 tagged data | |
| 50 | */ | |
| 51 | struct krb5_tagged_data { | |
| 52 | /* for tag value, see /usr/include/krb5/krb5.h | |
| 53 | * - KRB5_AUTHDATA_* for auth data | |
| 54 | * - | |
| 55 | */ | |
| 4e36a95e DH |
56 | s32 tag; |
| 57 | u32 data_len; | |
| 99455153 DH |
58 | u8 *data; |
| 59 | }; | |
| 60 | ||
| 61 | /* | |
| 62 | * RxRPC key for Kerberos V (type-5 security) | |
| 63 | */ | |
| 64 | struct rxk5_key { | |
| 4e36a95e DH |
65 | u64 authtime; /* time at which auth token generated */ |
| 66 | u64 starttime; /* time at which auth token starts */ | |
| 67 | u64 endtime; /* time at which auth token expired */ | |
| 68 | u64 renew_till; /* time to which auth token can be renewed */ | |
| 69 | s32 is_skey; /* T if ticket is encrypted in another ticket's | |
| 99455153 | 70 | * skey */ |
| 4e36a95e | 71 | s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ |
| 99455153 DH |
72 | struct krb5_principal client; /* client principal name */ |
| 73 | struct krb5_principal server; /* server principal name */ | |
| 4e36a95e DH |
74 | u16 ticket_len; /* length of ticket */ |
| 75 | u16 ticket2_len; /* length of second ticket */ | |
| 99455153 DH |
76 | u8 n_authdata; /* number of authorisation data elements */ |
| 77 | u8 n_addresses; /* number of addresses */ | |
| 78 | struct krb5_tagged_data session; /* session data; tag is enctype */ | |
| 79 | struct krb5_tagged_data *addresses; /* addresses */ | |
| 80 | u8 *ticket; /* krb5 ticket */ | |
| 81 | u8 *ticket2; /* second krb5 ticket, if related to ticket (via | |
| 82 | * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ | |
| 83 | struct krb5_tagged_data *authdata; /* authorisation data */ | |
| 84 | }; | |
| 85 | ||
| 33941284 DH |
86 | /* |
| 87 | * list of tokens attached to an rxrpc key | |
| 88 | */ | |
| 89 | struct rxrpc_key_token { | |
| 90 | u16 security_index; /* RxRPC header security index */ | |
| 91 | struct rxrpc_key_token *next; /* the next token in the list */ | |
| 92 | union { | |
| 93 | struct rxkad_key *kad; | |
| 99455153 | 94 | struct rxk5_key *k5; |
| 33941284 DH |
95 | }; |
| 96 | }; | |
| 97 | ||
| 98 | /* | |
| 99 | * structure of raw payloads passed to add_key() or instantiate key | |
| 100 | */ | |
| 101 | struct rxrpc_key_data_v1 { | |
| 102 | u32 kif_version; /* 1 */ | |
| 103 | u16 security_index; | |
| 104 | u16 ticket_length; | |
| 105 | u32 expiry; /* time_t */ | |
| 106 | u32 kvno; | |
| 107 | u8 session_key[8]; | |
| 108 | u8 ticket[0]; | |
| 109 | }; | |
| 110 | ||
| 111 | /* | |
| 112 | * AF_RXRPC key payload derived from XDR format | |
| 113 | * - based on openafs-1.4.10/src/auth/afs_token.xg | |
| 114 | */ | |
| 115 | #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ | |
| 99455153 DH |
116 | #define AFSTOKEN_STRING_MAX 256 /* max small string length */ |
| 117 | #define AFSTOKEN_DATA_MAX 64 /* max small data length */ | |
| 33941284 DH |
118 | #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ |
| 119 | #define AFSTOKEN_MAX 8 /* max tokens per payload */ | |
| 99455153 | 120 | #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ |
| 33941284 DH |
121 | #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ |
| 122 | #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ | |
| 123 | #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ | |
| 124 | #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ | |
| 125 | #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ | |
| 126 | #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ | |
| 127 | #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ | |
| 128 | #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ | |
| 129 | #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ | |
| 130 | ||
| dd89db1d | 131 | #endif /* _KEYS_RXRPC_TYPE_H */ |