24 Sep, 2013

1 commit

• f36f8c75a   KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches ... Browse Code »

  Add support for per-user_namespace registers of persistent per-UID kerberos
  caches held within the kernel.

  This allows the kerberos cache to be retained beyond the life of all a user's
  processes so that the user's cron jobs can work.

  The kerberos cache is envisioned as a keyring/key tree looking something like:

  struct user_namespace
  \___ .krb_cache keyring - The register
  \___ _krb.0 keyring - Root's Kerberos cache
  \___ _krb.5000 keyring - User 5000's Kerberos cache
  \___ _krb.5001 keyring - User 5001's Kerberos cache
  \___ tkt785 big_key - A ccache blob
  \___ tkt12345 big_key - Another ccache blob

  Or possibly:

  struct user_namespace
  \___ .krb_cache keyring - The register
  \___ _krb.0 keyring - Root's Kerberos cache
  \___ _krb.5000 keyring - User 5000's Kerberos cache
  \___ _krb.5001 keyring - User 5001's Kerberos cache
  \___ tkt785 keyring - A ccache
  \___ krbtgt/REDHAT.COM@REDHAT.COM big_key
  \___ http/REDHAT.COM@REDHAT.COM user
  \___ afs/REDHAT.COM@REDHAT.COM user
  \___ nfs/REDHAT.COM@REDHAT.COM user
  \___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key
  \___ http/KERNEL.ORG@KERNEL.ORG big_key

  What goes into a particular Kerberos cache is entirely up to userspace. Kernel
  support is limited to giving you the Kerberos cache keyring that you want.

  The user asks for their Kerberos cache by:

  krb_cache = keyctl_get_krbcache(uid, dest_keyring);

  The uid is -1 or the user's own UID for the user's own cache or the uid of some
  other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to
  mess with the cache.

  The cache returned is a keyring named "_krb." that the possessor can read,
  search, clear, invalidate, unlink from and add links to. Active LSMs get a
  chance to rule on whether the caller is permitted to make a link.

  Each uid's cache keyring is created when it first accessed and is given a
  timeout that is extended each time this function is called so that the keyring
  goes away after a while. The timeout is configurable by sysctl but defaults to
  three days.

  Each user_namespace struct gets a lazily-created keyring that serves as the
  register. The cache keyrings are added to it. This means that standard key
  search and garbage collection facilities are available.

  The user_namespace struct's register goes away when it does and anything left
  in it is then automatically gc'd.

  Signed-off-by: David Howells
  Tested-by: Simo Sorce
  cc: Serge E. Hallyn
  cc: Eric W. Biederman

  David Howells

  2013-09-24 17:35:19 +0800  

19 Nov, 2009

1 commit

• 6d4561110   sysctl: Drop & in front of every proc_handler. ... Browse Code »

  For consistency drop & in front of every proc_handler. Explicity
  taking the address is unnecessary and it prevents optimizations
  like stubbing the proc_handlers to NULL.

  Cc: Alexey Dobriyan
  Cc: Ingo Molnar
  Cc: Joe Perches
  Signed-off-by: Eric W. Biederman

  Eric W. Biederman

  2009-11-19 00:37:40 +0800  

12 Nov, 2009

1 commit

• 5cdb35557   sysctl security/keys: Remove dead binary sysctl support ... Browse Code »

  Now that sys_sysctl is a generic wrapper around /proc/sys .ctl_name
  and .strategy members of sysctl tables are dead code. Remove them.

  Cc: David Howells
  Signed-off-by: Eric W. Biederman

  Eric W. Biederman

  2009-11-12 18:04:56 +0800  

02 Sep, 2009

1 commit

• 5d135440f   KEYS: Add garbage collection for dead, revoked and expired keys. [try #6] ... Browse Code »

  Add garbage collection for dead, revoked and expired keys. This involved
  erasing all links to such keys from keyrings that point to them. At that
  point, the key will be deleted in the normal manner.

  Keyrings from which garbage collection occurs are shrunk and their quota
  consumption reduced as appropriate.

  Dead keys (for which the key type has been removed) will be garbage collected
  immediately.

  Revoked and expired keys will hang around for a number of seconds, as set in
  /proc/sys/kernel/keys/gc_delay before being automatically removed. The default
  is 5 minutes.

  Signed-off-by: David Howells
  Signed-off-by: James Morris

  David Howells

  2009-09-02 19:29:11 +0800  

29 Apr, 2008

1 commit

• 0b77f5bfb   keys: make the keyring quotas controllable through /proc/sys ... Browse Code »

  Make the keyring quotas controllable through /proc/sys files:

  (*) /proc/sys/kernel/keys/root_maxkeys
  /proc/sys/kernel/keys/root_maxbytes

  Maximum number of keys that root may have and the maximum total number of
  bytes of data that root may have stored in those keys.

  (*) /proc/sys/kernel/keys/maxkeys
  /proc/sys/kernel/keys/maxbytes

  Maximum number of keys that each non-root user may have and the maximum
  total number of bytes of data that each of those users may have stored in
  their keys.

  Also increase the quotas as a number of people have been complaining that it's
  not big enough. I'm not sure that it's big enough now either, but on the
  other hand, it can now be set in /etc/sysctl.conf.

  Signed-off-by: David Howells
  Cc:
  Cc:
  Cc:
  Signed-off-by: Andrew Morton
  Signed-off-by: Linus Torvalds

  David Howells

  2008-04-29 23:06:17 +0800