)]}' { "log": [ { "commit": "4a38e122e2cc6294779021ff4ccc784a3997059e", "tree": "84b401b44e0550b04f831d98a91eacfd7cffb51d", "parents": [ "dceba9944181b1fd5993417b5c8fa0e3dda38f8d" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Apr 29 01:01:24 2008 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@linux-foundation.org", "time": "Tue Apr 29 08:06:16 2008 -0700" }, "message": "keys: allow the callout data to be passed as a blob rather than a string\n\nAllow the callout data to be passed as a blob rather than a string for\ninternal kernel services that call any request_key_*() interface other than\nrequest_key(). request_key() itself still takes a NUL-terminated string.\n\nThe functions that change are:\n\n\trequest_key_with_auxdata()\n\trequest_key_async()\n\trequest_key_async_with_auxdata()\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Paul Moore \u003cpaul.moore@hp.com\u003e\nCc: Chris Wright \u003cchrisw@sous-sol.org\u003e\nCc: Stephen Smalley \u003csds@tycho.nsa.gov\u003e\nCc: James Morris \u003cjmorris@namei.org\u003e\nCc: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "76181c134f87479fa13bf2548ddf2999055d34d4", "tree": "34694341c190e7ecdd3111ee48e4b98602ff012f", "parents": [ "398c95bdf2c24d7866692a40ba04425aef238cdd" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 16 23:29:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:57 2007 -0700" }, "message": "KEYS: Make request_key() and co fundamentally asynchronous\n\nMake request_key() and co fundamentally asynchronous to make it easier for\nNFS to make use of them. There are now accessor functions that do\nasynchronous constructions, a wait function to wait for construction to\ncomplete, and a completion function for the key type to indicate completion\nof construction.\n\nNote that the construction queue is now gone. Instead, keys under\nconstruction are linked in to the appropriate keyring in advance, and that\nanyone encountering one must wait for it to be complete before they can use\nit. This is done automatically for userspace.\n\nThe following auxiliary changes are also made:\n\n (1) Key type implementation stuff is split from linux/key.h into\n linux/key-type.h.\n\n (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does\n not need to call key_instantiate_and_link() directly.\n\n (3) Adjust the debugging macros so that they\u0027re -Wformat checked even if\n they are disabled, and make it so they can be enabled simply by defining\n __KDEBUG to be consistent with other code of mine.\n\n (3) Documentation.\n\n[alan@lxorguk.ukuu.org.uk: keys: missing word in documentation]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "4e54f08543d05e519e601368571cc3787fefae96", "tree": "0cd9d982e5bb25abcb9251d26c36ff11e7dc81a5", "parents": [ "94583779e6625154e8d7fce33d097ae7d089e9de" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Jun 29 02:24:28 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Thu Jun 29 10:26:20 2006 -0700" }, "message": "[PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller\n\nThe proposed NFS key type uses its own method of passing key requests to\nuserspace (upcalling) rather than invoking /sbin/request-key. This is\nbecause the responsible userspace daemon should already be running and will\nbe contacted through rpc_pipefs.\n\nThis patch permits the NFS filesystem to pass auxiliary data to the upcall\noperation (struct key_type::request_key) so that the upcaller can use a\npre-existing communications channel more easily.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-By: Kevin Coffman \u003ckwc@citi.umich.edu\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "b5f545c880a2a47947ba2118b2509644ab7a2969", "tree": "8720e02262b0ff6309ae79603f6c63965296d378", "parents": [ "cab8eb594e84b434d20412fc5a3985b0bee3ab9f" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Jan 08 01:02:47 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Jan 08 20:13:53 2006 -0800" }, "message": "[PATCH] keys: Permit running process to instantiate keys\n\nMake it possible for a running process (such as gssapid) to be able to\ninstantiate a key, as was requested by Trond Myklebust for NFS4.\n\nThe patch makes the following changes:\n\n (1) A new, optional key type method has been added. This permits a key type\n to intercept requests at the point /sbin/request-key is about to be\n spawned and do something else with them - passing them over the\n rpc_pipefs files or netlink sockets for instance.\n\n The uninstantiated key, the authorisation key and the intended operation\n name are passed to the method.\n\n (2) The callout_info is no longer passed as an argument to /sbin/request-key\n to prevent unauthorised viewing of this data using ps or by looking in\n /proc/pid/cmdline.\n\n This means that the old /sbin/request-key program will not work with the\n patched kernel as it will expect to see an extra argument that is no\n longer there.\n\n A revised keyutils package will be made available tomorrow.\n\n (3) The callout_info is now attached to the authorisation key. Reading this\n key will retrieve the information.\n\n (4) A new field has been added to the task_struct. This holds the\n authorisation key currently active for a thread. Searches now look here\n for the caller\u0027s set of keys rather than looking for an auth key in the\n lowest level of the session keyring.\n\n This permits a thread to be servicing multiple requests at once and to\n switch between them. Note that this is per-thread, not per-process, and\n so is usable in multithreaded programs.\n\n The setting of this field is inherited across fork and exec.\n\n (5) A new keyctl function (KEYCTL_ASSUME_AUTHORITY) has been added that\n permits a thread to assume the authority to deal with an uninstantiated\n key. Assumption is only permitted if the authorisation key associated\n with the uninstantiated key is somewhere in the thread\u0027s keyrings.\n\n This function can also clear the assumption.\n\n (6) A new magic key specifier has been added to refer to the currently\n assumed authorisation key (KEY_SPEC_REQKEY_AUTH_KEY).\n\n (7) Instantiation will only proceed if the appropriate authorisation key is\n assumed first. The assumed authorisation key is discarded if\n instantiation is successful.\n\n (8) key_validate() is moved from the file of request_key functions to the\n file of permissions functions.\n\n (9) The documentation is updated.\n\nFrom: \u003cValdis.Kletnieks@vt.edu\u003e\n\n Build fix.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nCc: Trond Myklebust \u003ctrond.myklebust@fys.uio.no\u003e\nCc: Alexander Zangerl \u003caz@bond.edu.au\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "f1a9badcf6ecad9975240d94514721cb93932151", "tree": "dc37fe427d645dd84331b7385523b39efa41ffad", "parents": [ "74fd92c511bd4a0771ac0faaaef38bb1be3a29f6" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Oct 07 15:04:52 2005 +0100" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sat Oct 08 14:53:31 2005 -0700" }, "message": "[PATCH] Keys: Add request-key process documentation\n\nThe attached patch adds documentation for the process by which request-key\nworks, including how it permits helper processes to gain access to the\nrequestor\u0027s keyrings.\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ] }