Commit 99455153 authored by David Howells's avatar David Howells Committed by David S. Miller

RxRPC: Parse security index 5 keys (Kerberos 5)

Parse RxRPC security index 5 type keys (Kerberos 5 tokens).
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ed6dd18b
...@@ -35,6 +35,54 @@ struct rxkad_key { ...@@ -35,6 +35,54 @@ struct rxkad_key {
u8 ticket[0]; /* the encrypted ticket */ u8 ticket[0]; /* the encrypted ticket */
}; };
/*
* Kerberos 5 principal
* name/name/name@realm
*/
struct krb5_principal {
u8 n_name_parts; /* N of parts of the name part of the principal */
char **name_parts; /* parts of the name part of the principal */
char *realm; /* parts of the realm part of the principal */
};
/*
* Kerberos 5 tagged data
*/
struct krb5_tagged_data {
/* for tag value, see /usr/include/krb5/krb5.h
* - KRB5_AUTHDATA_* for auth data
* -
*/
int32_t tag;
uint32_t data_len;
u8 *data;
};
/*
* RxRPC key for Kerberos V (type-5 security)
*/
struct rxk5_key {
uint64_t authtime; /* time at which auth token generated */
uint64_t starttime; /* time at which auth token starts */
uint64_t endtime; /* time at which auth token expired */
uint64_t renew_till; /* time to which auth token can be renewed */
int32_t is_skey; /* T if ticket is encrypted in another ticket's
* skey */
int32_t flags; /* mask of TKT_FLG_* bits (krb5/krb5.h) */
struct krb5_principal client; /* client principal name */
struct krb5_principal server; /* server principal name */
uint16_t ticket_len; /* length of ticket */
uint16_t ticket2_len; /* length of second ticket */
u8 n_authdata; /* number of authorisation data elements */
u8 n_addresses; /* number of addresses */
struct krb5_tagged_data session; /* session data; tag is enctype */
struct krb5_tagged_data *addresses; /* addresses */
u8 *ticket; /* krb5 ticket */
u8 *ticket2; /* second krb5 ticket, if related to ticket (via
* DUPLICATE-SKEY or ENC-TKT-IN-SKEY) */
struct krb5_tagged_data *authdata; /* authorisation data */
};
/* /*
* list of tokens attached to an rxrpc key * list of tokens attached to an rxrpc key
*/ */
...@@ -43,6 +91,7 @@ struct rxrpc_key_token { ...@@ -43,6 +91,7 @@ struct rxrpc_key_token {
struct rxrpc_key_token *next; /* the next token in the list */ struct rxrpc_key_token *next; /* the next token in the list */
union { union {
struct rxkad_key *kad; struct rxkad_key *kad;
struct rxk5_key *k5;
}; };
}; };
...@@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 { ...@@ -64,8 +113,11 @@ struct rxrpc_key_data_v1 {
* - based on openafs-1.4.10/src/auth/afs_token.xg * - based on openafs-1.4.10/src/auth/afs_token.xg
*/ */
#define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */ #define AFSTOKEN_LENGTH_MAX 16384 /* max payload size */
#define AFSTOKEN_STRING_MAX 256 /* max small string length */
#define AFSTOKEN_DATA_MAX 64 /* max small data length */
#define AFSTOKEN_CELL_MAX 64 /* max cellname length */ #define AFSTOKEN_CELL_MAX 64 /* max cellname length */
#define AFSTOKEN_MAX 8 /* max tokens per payload */ #define AFSTOKEN_MAX 8 /* max tokens per payload */
#define AFSTOKEN_BDATALN_MAX 16384 /* max big data length */
#define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */ #define AFSTOKEN_RK_TIX_MAX 12000 /* max RxKAD ticket size */
#define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */ #define AFSTOKEN_GK_KEY_MAX 64 /* max GSSAPI key size */
#define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */ #define AFSTOKEN_GK_TOKEN_MAX 16384 /* max GSSAPI token size */
......
This diff is collapsed.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment