Root/
1 | /* RxRPC key type |
2 | * |
3 | * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #ifndef _KEYS_RXRPC_TYPE_H |
13 | #define _KEYS_RXRPC_TYPE_H |
14 | |
15 | #include <linux/key.h> |
16 | |
17 | /* |
18 | * key type for AF_RXRPC keys |
19 | */ |
20 | extern struct key_type key_type_rxrpc; |
21 | |
22 | extern struct key *rxrpc_get_null_key(const char *); |
23 | |
24 | /* |
25 | * RxRPC key for Kerberos IV (type-2 security) |
26 | */ |
27 | struct rxkad_key { |
28 | u32 vice_id; |
29 | u32 start; /* time at which ticket starts */ |
30 | u32 expiry; /* time at which ticket expires */ |
31 | u32 kvno; /* key version number */ |
32 | u8 primary_flag; /* T if key for primary cell for this user */ |
33 | u16 ticket_len; /* length of ticket[] */ |
34 | u8 session_key[8]; /* DES session key */ |
35 | u8 ticket[0]; /* the encrypted ticket */ |
36 | }; |
37 | |
38 | /* |
39 | * Kerberos 5 principal |
40 | * name/name/name@realm |
41 | */ |
42 | struct krb5_principal { |
43 | u8 n_name_parts; /* N of parts of the name part of the principal */ |
44 | char **name_parts; /* parts of the name part of the principal */ |
45 | char *realm; /* parts of the realm part of the principal */ |
46 | }; |
47 | |
48 | /* |
49 | * Kerberos 5 tagged data |
50 | */ |
51 | struct krb5_tagged_data { |
52 | /* for tag value, see /usr/include/krb5/krb5.h |
53 | * - KRB5_AUTHDATA_* for auth data |
54 | * - |
55 | */ |
56 | s32 tag; |
57 | u32 data_len; |
58 | u8 *data; |
59 | }; |
60 | |
61 | /* |
62 | * RxRPC key for Kerberos V (type-5 security) |
63 | */ |
64 | struct rxk5_key { |
65 | u64 authtime; /* time at which auth token generated */ |
66 | u64 starttime; /* time at which auth token starts */ |
67 | u64 endtime; /* time at which auth token expired */ |
68 | u64 renew_till; /* time to which auth token can be renewed */ |
69 | s32 is_skey; /* T if ticket is encrypted in another ticket's |
70 | * skey */ |
71 | s32 flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */ |
72 | struct krb5_principal client; /* client principal name */ |
73 | struct krb5_principal server; /* server principal name */ |
74 | u16 ticket_len; /* length of ticket */ |
75 | u16 ticket2_len; /* length of second ticket */ |
76 | u8 n_authdata; /* number of authorisation data elements */ |
77 | u8 n_addresses; /* number of addresses */ |
78 | struct krb5_tagged_data session; /* session data; tag is enctype */ |
79 | struct krb5_tagged_data *addresses; /* addresses */ |
80 | u8 *ticket; /* krb5 ticket */ |
81 | u8 *ticket2; /* second krb5 ticket, if related to ticket (via |
82 | * DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */ |
83 | struct krb5_tagged_data *authdata; /* authorisation data */ |
84 | }; |
85 | |
86 | /* |
87 | * list of tokens attached to an rxrpc key |
88 | */ |
89 | struct rxrpc_key_token { |
90 | u16 security_index; /* RxRPC header security index */ |
91 | struct rxrpc_key_token *next; /* the next token in the list */ |
92 | union { |
93 | struct rxkad_key *kad; |
94 | struct rxk5_key *k5; |
95 | }; |
96 | }; |
97 | |
98 | /* |
99 | * structure of raw payloads passed to add_key() or instantiate key |
100 | */ |
101 | struct rxrpc_key_data_v1 { |
102 | u32 kif_version; /* 1 */ |
103 | u16 security_index; |
104 | u16 ticket_length; |
105 | u32 expiry; /* time_t */ |
106 | u32 kvno; |
107 | u8 session_key[8]; |
108 | u8 ticket[0]; |
109 | }; |
110 | |
111 | /* |
112 | * AF_RXRPC key payload derived from XDR format |
113 | * - based on openafs-1.4.10/src/auth/afs_token.xg |
114 | */ |
115 | #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ |
116 | #define AFSTOKEN_STRING_MAX 256 /* max small string length */ |
117 | #define AFSTOKEN_DATA_MAX 64 /* max small data length */ |
118 | #define AFSTOKEN_CELL_MAX 64 /* max cellname length */ |
119 | #define AFSTOKEN_MAX 8 /* max tokens per payload */ |
120 | #define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */ |
121 | #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ |
122 | #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ |
123 | #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ |
124 | #define AFSTOKEN_K5_COMPONENTS_MAX 16 /* max K5 components */ |
125 | #define AFSTOKEN_K5_NAME_MAX 128 /* max K5 name length */ |
126 | #define AFSTOKEN_K5_REALM_MAX 64 /* max K5 realm name length */ |
127 | #define AFSTOKEN_K5_TIX_MAX 16384 /* max K5 ticket size */ |
128 | #define AFSTOKEN_K5_ADDRESSES_MAX 16 /* max K5 addresses */ |
129 | #define AFSTOKEN_K5_AUTHDATA_MAX 16 /* max K5 pieces of auth data */ |
130 | |
131 | #endif /* _KEYS_RXRPC_TYPE_H */ |
132 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9