06 Aug, 2010
1 commit
-
Separate out the DNS resolver key type from the CIFS filesystem into its own
module so that it can be made available for general use, including the AFS
filesystem module.This facility makes it possible for the kernel to upcall to userspace to have
it issue DNS requests, package up the replies and present them to the kernel
in a useful form. The kernel is then able to cache the DNS replies as keys
can be retained in keyrings.Resolver keys are of type "dns_resolver" and have a case-insensitive
description that is of the form "[:]". The optional
indicates the particular DNS lookup and packaging that's required. The
is the query to be made.If isn't given, a basic hostname to IP address lookup is made, and the
result is stored in the key in the form of a printable string consisting of a
comma-separated list of IPv4 and IPv6 addresses.This key type is supported by userspace helpers driven from /sbin/request-key
and configured through /etc/request-key.conf. The cifs.upcall utility is
invoked for UNC path server name to IP address resolution.The CIFS functionality is encapsulated by the dns_resolve_unc_to_ip() function,
which is used to resolve a UNC path to an IP address for CIFS filesystem. This
part remains in the CIFS module for now.See the added Documentation/networking/dns_resolver.txt for more information.
Signed-off-by: Wang Lei
Signed-off-by: David Howells
Acked-by: Jeff Layton
Signed-off-by: Steve French
16 Sep, 2009
1 commit
-
Use uX rather than uintX_t types for consistency.
Signed-off-by: David Howells
Signed-off-by: David S. Miller
15 Sep, 2009
2 commits
-
Parse RxRPC security index 5 type keys (Kerberos 5 tokens).
Signed-off-by: David Howells
Signed-off-by: David S. Miller -
Allow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as
described by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of
passing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and
allows for future expansion.Signed-off-by: David Howells
Signed-off-by: David S. Miller
14 Nov, 2008
1 commit
-
Disperse the bits of linux/key_ui.h as the reason they were put here (keyfs)
didn't get in.Signed-off-by: David Howells
Reviewed-by: James Morris
Signed-off-by: James Morris
22 Apr, 2008
1 commit
-
Signed-off-by: Robert P. J. Day
Acked-by: David Howells
Signed-off-by: Jesper Juhl
17 Oct, 2007
1 commit
-
Make request_key() and co fundamentally asynchronous to make it easier for
NFS to make use of them. There are now accessor functions that do
asynchronous constructions, a wait function to wait for construction to
complete, and a completion function for the key type to indicate completion
of construction.Note that the construction queue is now gone. Instead, keys under
construction are linked in to the appropriate keyring in advance, and that
anyone encountering one must wait for it to be complete before they can use
it. This is done automatically for userspace.The following auxiliary changes are also made:
(1) Key type implementation stuff is split from linux/key.h into
linux/key-type.h.(2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does
not need to call key_instantiate_and_link() directly.(3) Adjust the debugging macros so that they're -Wformat checked even if
they are disabled, and make it so they can be enabled simply by defining
__KDEBUG to be consistent with other code of mine.(3) Documentation.
[alan@lxorguk.ukuu.org.uk: keys: missing word in documentation]
Signed-off-by: David Howells
Signed-off-by: Alan Cox
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
27 Apr, 2007
1 commit
-
Provide AF_RXRPC sockets that can be used to talk to AFS servers, or serve
answers to AFS clients. KerberosIV security is fully supported. The patches
and some example test programs can be found in:http://people.redhat.com/~dhowells/rxrpc/
This will eventually replace the old implementation of kernel-only RxRPC
currently resident in net/rxrpc/.Signed-off-by: David Howells
Signed-off-by: David S. Miller
27 Jun, 2006
1 commit
-
Cause the keys linked to a keyring to be unlinked from it when revoked and it
causes the data attached to a user-defined key to be discarded when revoked.This frees up most of the quota a key occupied at that point, rather than
waiting for the key to actually be destroyed.Signed-off-by: David Howells
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
07 Jan, 2006
1 commit
-
Remove the key duplication stuff since there's nothing that uses it, no way
to get at it and it's awkward to deal with for LSM purposes.Signed-off-by: David Howells
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
31 Oct, 2005
1 commit
-
Export user-defined key operations so that those who wish to define their
own key type based on the user-defined key operations may do so (as has
been requested).The header file created has been placed into include/keys/user-type.h, thus
creating a directory where other key types may also be placed. Any
objections to doing this?Signed-Off-By: David Howells
Signed-Off-By: Arjan van de Ven
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds