)]}' { "log": [ { "commit": "f009918a1c1bbf8607b8aab3959876913a30193a", "tree": "4d2417f7e1dcebd817393291310a00f5d90eab8c", "parents": [ "10003453479ef287a73f8a39593f8f42687ea565" ], "author": { "name": "Anton Blanchard", "email": "anton@au1.ibm.com", "time": "Mon Feb 28 03:27:53 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Mar 02 22:18:53 2011 -0800" }, "message": "RxRPC: Fix v1 keys\n\ncommit 339412841d7 (RxRPC: Allow key payloads to be passed in XDR form)\nbroke klog for me. I notice the v1 key struct had a kif_version field\nadded:\n\n-struct rxkad_key {\n- u16 security_index; /* RxRPC header security index */\n- u16 ticket_len; /* length of ticket[] */\n- u32 expiry; /* time at which expires */\n- u32 kvno; /* key version number */\n- u8 session_key[8]; /* DES session key */\n- u8 ticket[0]; /* the encrypted ticket */\n-};\n\n+struct rxrpc_key_data_v1 {\n+ u32 kif_version; /* 1 */\n+ u16 security_index;\n+ u16 ticket_length;\n+ u32 expiry; /* time_t */\n+ u32 kvno;\n+ u8 session_key[8];\n+ u8 ticket[0];\n+};\n\nHowever the code in rxrpc_instantiate strips it away:\n\n\tdata +\u003d sizeof(kver);\n\tdatalen -\u003d sizeof(kver);\n\nRemoving kif_version fixes my problem.\n\nSigned-off-by: Anton Blanchard \u003canton@samba.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7e70cb4978507cf31d76b90e4cfb4c28cad87f0c", "tree": "c5df493eef8d30dcb40d647b0528970eb4a391c6", "parents": [ "d00a1c72f7f4661212299e6cb132dfa58030bcdb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 18:55:35 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:29 2010 +1100" }, "message": "keys: add new key-type encrypted\n\nDefine a new kernel key-type called \u0027encrypted\u0027. Encrypted keys are kernel\ngenerated random numbers, which are encrypted/decrypted with a \u0027trusted\u0027\nsymmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.\nUserspace only ever sees/stores encrypted blobs.\n\nChangelog:\n- bug fix: replaced master-key rcu based locking with semaphore\n (reported by David Howells)\n- Removed memset of crypto_shash_digest() digest output\n- Replaced verification of \u0027key-type:key-desc\u0027 using strcspn(), with\n one based on string constants.\n- Moved documentation to Documentation/keys-trusted-encrypted.txt\n- Replace hash with shash (based on comments by David Howells)\n- Make lengths/counts size_t where possible (based on comments by David Howells)\n Could not convert most lengths, as crypto expects \u0027unsigned int\u0027\n (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)\n- Add \u0027const\u0027 where possible (based on comments by David Howells)\n- allocate derived_buf dynamically to support arbitrary length master key\n (fixed by Roberto Sassu)\n- wait until late_initcall for crypto libraries to be registered\n- cleanup security/Kconfig\n- Add missing \u0027update\u0027 keyword (reported/fixed by Roberto Sassu)\n- Free epayload on failure to create key (reported/fixed by Roberto Sassu)\n- Increase the data size limit (requested by Roberto Sassu)\n- Crypto return codes are always 0 on success and negative on failure,\n remove unnecessary tests.\n- Replaced kzalloc() with kmalloc()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nReviewed-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d00a1c72f7f4661212299e6cb132dfa58030bcdb", "tree": "2c873e461f42bbf3aea03b7b2e59cea8f941d841", "parents": [ "c749ba912e87ccebd674ae24b97462176c63732e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 17:50:34 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:25 2010 +1100" }, "message": "keys: add new trusted key-type\n\nDefine a new kernel key-type called \u0027trusted\u0027. Trusted keys are random\nnumber symmetric keys, generated and RSA-sealed by the TPM. The TPM\nonly unseals the keys, if the boot PCRs and other criteria match.\nUserspace can only ever see encrypted blobs.\n\nBased on suggestions by Jason Gunthorpe, several new options have been\nadded to support additional usages.\n\nThe new options are:\nmigratable\u003d designates that the key may/may not ever be updated\n (resealed under a new key, new pcrinfo or new auth.)\n\npcrlock\u003dn extends the designated PCR \u0027n\u0027 with a random value,\n so that a key sealed to that PCR may not be unsealed\n again until after a reboot.\n\nkeyhandle\u003d specifies the sealing/unsealing key handle.\n\nkeyauth\u003d specifies the sealing/unsealing key auth.\n\nblobauth\u003d specifies the sealed data auth.\n\nImplementation of a kernel reserved locality for trusted keys will be\ninvestigated for a possible future extension.\n\nChangelog:\n- Updated and added examples to Documentation/keys-trusted-encrypted.txt\n- Moved generic TPM constants to include/linux/tpm_command.h\n (David Howell\u0027s suggestion.)\n- trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure\n error handling, added const qualifiers where appropriate.\n- moved to late_initcall\n- updated from hash to shash (suggestion by David Howells)\n- reduced worst stack usage (tpm_seal) from 530 to 312 bytes\n- moved documentation to Documentation directory (suggestion by David Howells)\n- all the other code cleanups suggested by David Howells\n- Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)\n- New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on\n discussions with Jason Gunthorpe)\n- Free payload on failure to create key(reported/fixed by Roberto Sassu)\n- Updated Kconfig and other descriptions (based on Serge Hallyn\u0027s suggestion)\n- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a4240f4764ac78adbf4b0ebb49b3bd8c72ffa11", "tree": "7d9de5b071e7ab8a8355bdf7902db4c0a0e812b1", "parents": [ "ba5dadbf4e7b531bd7ccecffb4d3935c80a3372e" ], "author": { "name": "Wang Lei", "email": "wang840925@gmail.com", "time": "Wed Aug 04 15:16:33 2010 +0100" }, "committer": { "name": "Steve French", "email": "sfrench@us.ibm.com", "time": "Thu Aug 05 17:17:51 2010 +0000" }, "message": "DNS: Separate out CIFS DNS Resolver code\n\nSeparate out the DNS resolver key type from the CIFS filesystem into its own\nmodule so that it can be made available for general use, including the AFS\nfilesystem module.\n\nThis facility makes it possible for the kernel to upcall to userspace to have\nit issue DNS requests, package up the replies and present them to the kernel\nin a useful form. The kernel is then able to cache the DNS replies as keys\ncan be retained in keyrings.\n\nResolver keys are of type \"dns_resolver\" and have a case-insensitive\ndescription that is of the form \"[\u003ctype\u003e:]\u003cdomain_name\u003e\". The optional \u003ctype\u003e\nindicates the particular DNS lookup and packaging that\u0027s required. The\n\u003cdomain_name\u003e is the query to be made.\n\nIf \u003ctype\u003e isn\u0027t given, a basic hostname to IP address lookup is made, and the\nresult is stored in the key in the form of a printable string consisting of a\ncomma-separated list of IPv4 and IPv6 addresses.\n\nThis key type is supported by userspace helpers driven from /sbin/request-key\nand configured through /etc/request-key.conf. The cifs.upcall utility is\ninvoked for UNC path server name to IP address resolution.\n\nThe CIFS functionality is encapsulated by the dns_resolve_unc_to_ip() function,\nwhich is used to resolve a UNC path to an IP address for CIFS filesystem. This\npart remains in the CIFS module for now.\n\nSee the added Documentation/networking/dns_resolver.txt for more information.\n\nSigned-off-by: Wang Lei \u003cwang840925@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csfrench@us.ibm.com\u003e\n" }, { "commit": "4e36a95e591e9c58dd10bb4103c00993917c27fd", "tree": "e97be725f4aca0084e148cb68bd99552a480b47e", "parents": [ "634354d753898f9d9d146bd47628a1ef27f7dc98" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 16 00:01:13 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Sep 16 00:01:13 2009 -0700" }, "message": "RxRPC: Use uX/sX rather than uintX_t/intX_t types\n\nUse uX rather than uintX_t types for consistency.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "99455153d0670ba110e6a3b855b8369bcbd11120", "tree": "166ba6e3046654f7d1cd5f0debdcae1aa8938080", "parents": [ "ed6dd18b5aceb322da9840f01a68d648e91c8a72" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Sep 14 01:17:46 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 15 02:44:33 2009 -0700" }, "message": "RxRPC: Parse security index 5 keys (Kerberos 5)\n\nParse RxRPC security index 5 type keys (Kerberos 5 tokens).\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "339412841d7620f93fea805fbd7469f08186f458", "tree": "e2d385d76e3b9361671411442c5253417f95d5a6", "parents": [ "8b815477f382f96deefbe5bd4404fa7b31cf5dcf" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Sep 14 01:17:35 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 15 02:44:23 2009 -0700" }, "message": "RxRPC: Allow key payloads to be passed in XDR form\n\nAllow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as\ndescribed by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of\npassing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and\nallows for future expansion.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e9e349b051d98799b743ebf248cc2d986fedf090", "tree": "d59a46ae39d81d27bcf605663ce0e24d1c6db375", "parents": [ "76aac0e9a17742e60d408be1a706e9aaad370891" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:13 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:13 2008 +1100" }, "message": "KEYS: Disperse linux/key_ui.h\n\nDisperse the bits of linux/key_ui.h as the reason they were put here (keyfs)\ndidn\u0027t get in.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd89db1df98003fadafa711ab8bc497aaf92980a", "tree": "b63eac0e4e6285362a167001a4d0b6b8a6fc560a", "parents": [ "fdefa4d87e2f07ffe5888a7c2ed87dd12f9cfe37" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@crashcourse.ca", "time": "Mon Apr 21 22:43:55 2008 +0000" }, "committer": { "name": "Jesper Juhl", "email": "juhl@hera.kernel.org", "time": "Mon Apr 21 22:43:55 2008 +0000" }, "message": "KEYS: Fix the comment to match the file name in rxrpc-type.h.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@crashcourse.ca\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\n" }, { "commit": "76181c134f87479fa13bf2548ddf2999055d34d4", "tree": "34694341c190e7ecdd3111ee48e4b98602ff012f", "parents": [ "398c95bdf2c24d7866692a40ba04425aef238cdd" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 16 23:29:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:57 2007 -0700" }, "message": "KEYS: Make request_key() and co fundamentally asynchronous\n\nMake request_key() and co fundamentally asynchronous to make it easier for\nNFS to make use of them. There are now accessor functions that do\nasynchronous constructions, a wait function to wait for construction to\ncomplete, and a completion function for the key type to indicate completion\nof construction.\n\nNote that the construction queue is now gone. Instead, keys under\nconstruction are linked in to the appropriate keyring in advance, and that\nanyone encountering one must wait for it to be complete before they can use\nit. This is done automatically for userspace.\n\nThe following auxiliary changes are also made:\n\n (1) Key type implementation stuff is split from linux/key.h into\n linux/key-type.h.\n\n (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does\n not need to call key_instantiate_and_link() directly.\n\n (3) Adjust the debugging macros so that they\u0027re -Wformat checked even if\n they are disabled, and make it so they can be enabled simply by defining\n __KDEBUG to be consistent with other code of mine.\n\n (3) Documentation.\n\n[alan@lxorguk.ukuu.org.uk: keys: missing word in documentation]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17926a79320afa9b95df6b977b40cca6d8713cea", "tree": "5cedff43b69520ad17b86783d3752053686ec99c", "parents": [ "e19dff1fdd99a25819af74cf0710e147fff4fd3a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "message": "[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both\n\nProvide AF_RXRPC sockets that can be used to talk to AFS servers, or serve\nanswers to AFS clients. KerberosIV security is fully supported. The patches\nand some example test programs can be found in:\n\n\thttp://people.redhat.com/~dhowells/rxrpc/\n\nThis will eventually replace the old implementation of kernel-only RxRPC\ncurrently resident in net/rxrpc/.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31204ed925b067d2bb65adb89501656f8274a32a", "tree": "a5c3e5101e9f79bf39672f02c0eea573e7a47cb8", "parents": [ "7e047ef5fe2d52e83020e856b1bf2556a6a2ce98" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Jun 26 00:24:51 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: discard the contents of a key on revocation\n\nCause the keys linked to a keyring to be unlinked from it when revoked and it\ncauses the data attached to a user-defined key to be discarded when revoked.\n\nThis frees up most of the quota a key occupied at that point, rather than\nwaiting for the key to actually be destroyed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8d9067bda99c68e1a17d93e78cf3a5a3f67e0c35", "tree": "6f3c7fe665012c456b57840c290eafd4deabbeb2", "parents": [ "32725ad8430b58e42c5d54757ce7871e680d05cb" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jan 06 00:11:24 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:29 2006 -0800" }, "message": "[PATCH] Keys: Remove key duplication\n\nRemove the key duplication stuff since there\u0027s nothing that uses it, no way\nto get at it and it\u0027s awkward to deal with for LSM purposes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2aa349f6e37ce030060c994d3aebbff4ab703565", "tree": "7a0937469f0376931b82d9c3392727dba13c9d45", "parents": [ "1426d7a81dea8e9d85f9d69de85ab04ba37018ab" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Oct 30 15:02:42 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:22 2005 -0800" }, "message": "[PATCH] Keys: Export user-defined keyring operations\n\nExport user-defined key operations so that those who wish to define their\nown key type based on the user-defined key operations may do so (as has\nbeen requested).\n\nThe header file created has been placed into include/keys/user-type.h, thus\ncreating a directory where other key types may also be placed. Any\nobjections to doing this?\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-Off-By: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ] }