)]}' { "log": [ { "commit": "46c6f1776e2f53eebb1fc361946877bab7533227", "tree": "ef326bf43e5b20dbe88f2506481c6bdb4487e3de", "parents": [ "964f3b3bf49eb84b5831121446a28b76de3fb23a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 15:17:32 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:50:13 2012 +1030" }, "message": "KEYS: Asymmetric key pluggable data parsers\n\nThe instantiation data passed to the asymmetric key type are expected to be\nformatted in some way, and there are several possible standard ways to format\nthe data.\n\nThe two obvious standards are OpenPGP keys and X.509 certificates. The latter\nis especially useful when dealing with UEFI, and the former might be useful\nwhen dealing with, say, eCryptfs.\n\nFurther, it might be desirable to provide formatted blobs that indicate\nhardware is to be accessed to retrieve the keys or that the keys live\nunretrievably in a hardware store, but that the keys can be used by means of\nthe hardware.\n\nFrom userspace, the keys can be loaded using the keyctl command, for example,\nan X.509 binary certificate:\n\n\tkeyctl padd asymmetric foo @s \u003cdhowells.pem\n\nor a PGP key:\n\n\tkeyctl padd asymmetric bar @s \u003cdhowells.pub\n\nor a pointer into the contents of the TPM:\n\n\tkeyctl add asymmetric zebra \"TPM:04982390582905f8\" @s\n\nInside the kernel, pluggable parsers register themselves and then get to\nexamine the payload data to see if they can handle it. If they can, they get\nto:\n\n (1) Propose a name for the key, to be used it the name is \"\" or NULL.\n\n (2) Specify the key subtype.\n\n (3) Provide the data for the subtype.\n\nThe key type asks the parser to do its stuff before a key is allocated and thus\nbefore the name is set. If successful, the parser stores the suggested data\ninto the key_preparsed_payload struct, which will be either used (if the key is\nsuccessfully created and instantiated or updated) or discarded.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "964f3b3bf49eb84b5831121446a28b76de3fb23a", "tree": "7d299f690c8323c931b59bc142c45ac75097963f", "parents": [ "9a83b46578df149160b1da057656d2f0cfcbb5b6" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 15:17:21 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:50:12 2012 +1030" }, "message": "KEYS: Implement asymmetric key type\n\nCreate a key type that can be used to represent an asymmetric key type for use\nin appropriate cryptographic operations, such as encryption, decryption,\nsignature generation and signature verification.\n\nThe key type is \"asymmetric\" and can provide access to a variety of\ncryptographic algorithms.\n\nPossibly, this would be better as \"public_key\" - but that has the disadvantage\nthat \"public key\" is an overloaded term.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "cf7f601c067994f371ba77721d1e45fce61a4569", "tree": "4ff5a12ae84cf47a9815c3e3979341a66360cb31", "parents": [ "9bb9c3be56834653878f766f471fa1c20e562f4c" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Sep 13 13:06:29 2012 +0100" }, "committer": { "name": "Rusty Russell", "email": "rusty@rustcorp.com.au", "time": "Mon Oct 08 13:49:48 2012 +1030" }, "message": "KEYS: Add payload preparsing opportunity prior to key instantiate or update\n\nGive the key type the opportunity to preparse the payload prior to the\ninstantiation and update routines being called. This is done with the\nprovision of two new key type operations:\n\n\tint (*preparse)(struct key_preparsed_payload *prep);\n\tvoid (*free_preparse)(struct key_preparsed_payload *prep);\n\nIf the first operation is present, then it is called before key creation (in\nthe add/update case) or before the key semaphore is taken (in the update and\ninstantiate cases). The second operation is called to clean up if the first\nwas called.\n\npreparse() is given the opportunity to fill in the following structure:\n\n\tstruct key_preparsed_payload {\n\t\tchar\t\t*description;\n\t\tvoid\t\t*type_data[2];\n\t\tvoid\t\t*payload;\n\t\tconst void\t*data;\n\t\tsize_t\t\tdatalen;\n\t\tsize_t\t\tquotalen;\n\t};\n\nBefore the preparser is called, the first three fields will have been cleared,\nthe payload pointer and size will be stored in data and datalen and the default\nquota size from the key_type struct will be stored into quotalen.\n\nThe preparser may parse the payload in any way it likes and may store data in\nthe type_data[] and payload fields for use by the instantiate() and update()\nops.\n\nThe preparser may also propose a description for the key by attaching it as a\nstring to the description field. This can be used by passing a NULL or \"\"\ndescription to the add_key() system call or the key_create_or_update()\nfunction. This cannot work with request_key() as that required the description\nto tell the upcall about the key to be created.\n\nThis, for example permits keys that store PGP public keys to generate their own\nname from the user ID and public key fingerprint in the key.\n\nThe instantiate() and update() operations are then modified to look like this:\n\n\tint (*instantiate)(struct key *key, struct key_preparsed_payload *prep);\n\tint (*update)(struct key *key, struct key_preparsed_payload *prep);\n\nand the new payload data is passed in *prep, whether or not it was preparsed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Rusty Russell \u003crusty@rustcorp.com.au\u003e\n" }, { "commit": "233e4735f2a45d9e641c2488b8d7afeb1f377dac", "tree": "d273536aaea91cf4817dd305450f327ebb37059f", "parents": [ "65d87fe68abf2fc226a9e96be61160f65d6b4680" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "committer": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri May 11 10:56:56 2012 +0100" }, "message": "KEYS: Permit in-place link replacement in keyring list\n\nMake use of the previous patch that makes the garbage collector perform RCU\nsynchronisation before destroying defunct keys. Key pointers can now be\nreplaced in-place without creating a new keyring payload and replacing the\nwhole thing as the discarded keys will not be destroyed until all currently\nheld RCU read locks are released.\n\nIf the keyring payload space needs to be expanded or contracted, then a\nreplacement will still need allocating, and the original will still have to be\nfreed by RCU.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\n" }, { "commit": "9f6ed2ca257fa8650b876377833e6f14e272848b", "tree": "8b664dced5415a6d463a56c2bc98756bd5ea5e44", "parents": [ "ce91acb3acae26f4163c5a6f1f695d1a1e8d9009" ], "author": { "name": "Jeff Layton", "email": "jlayton@redhat.com", "time": "Tue Jan 17 16:09:11 2012 -0500" }, "committer": { "name": "Steve French", "email": "smfrench@gmail.com", "time": "Tue Jan 17 22:39:40 2012 -0600" }, "message": "keys: add a \"logon\" key type\n\nFor CIFS, we want to be able to store NTLM credentials (aka username\nand password) in the keyring. We do not, however want to allow users\nto fetch those keys back out of the keyring since that would be a\nsecurity risk.\n\nUnfortunately, due to the nuances of key permission bits, it\u0027s not\npossible to do this. We need to grant search permissions so the kernel\ncan find these keys, but that also implies permissions to read the\npayload.\n\nResolve this by adding a new key_type. This key type is essentially\nthe same as key_type_user, but does not define a .read op. This\nprevents the payload from ever being visible from userspace. This\nkey type also vets the description to ensure that it\u0027s \"qualified\"\nby checking to ensure that it has a \u0027:\u0027 in it that is preceded by\nother characters.\n\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csmfrench@gmail.com\u003e\n" }, { "commit": "4e561d388feff18e4b798cef6a1a84a2cc7f20c2", "tree": "9208588c7d0e5e75766dd2c98e960840fdc8681e", "parents": [ "7103dff0e598cd634767f17a2958302c515700ca" ], "author": { "name": "Roberto Sassu", "email": "roberto.sassu@polito.it", "time": "Mon Jun 27 13:45:42 2011 +0200" }, "committer": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Mon Jun 27 09:10:45 2011 -0400" }, "message": "encrypted-keys: add key format support\n\nThis patch introduces a new parameter, called \u0027format\u0027, that defines the\nformat of data stored by encrypted keys. The \u0027default\u0027 format identifies\nencrypted keys containing only the symmetric key, while other formats can\nbe defined to support additional information. The \u0027format\u0027 parameter is\nwritten in the datablob produced by commands \u0027keyctl print\u0027 or\n\u0027keyctl pipe\u0027 and is integrity protected by the HMAC.\n\nSigned-off-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nAcked-by: Gianluca Ramunno \u003cramunno@polito.it\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@linux.vnet.ibm.com\u003e\n" }, { "commit": "4b2a58abd1e17c0ee53c8dded879e015917cca67", "tree": "585a02b8e3e36f7e6069d43000355e75aba097d3", "parents": [ "e2c3d29b4295c3eec18294bc34f0c99a7b9ae413" ], "author": { "name": "Tommi Virtanen", "email": "tommi.virtanen@dreamhost.com", "time": "Mon Mar 28 14:59:38 2011 -0700" }, "committer": { "name": "Sage Weil", "email": "sage@newdream.net", "time": "Tue Mar 29 12:11:24 2011 -0700" }, "message": "libceph: Create a new key type \"ceph\".\n\nThis allows us to use existence of the key type as a feature test,\nfrom userspace.\n\nSigned-off-by: Tommi Virtanen \u003ctommi.virtanen@dreamhost.com\u003e\nSigned-off-by: Sage Weil \u003csage@newdream.net\u003e\n" }, { "commit": "f009918a1c1bbf8607b8aab3959876913a30193a", "tree": "4d2417f7e1dcebd817393291310a00f5d90eab8c", "parents": [ "10003453479ef287a73f8a39593f8f42687ea565" ], "author": { "name": "Anton Blanchard", "email": "anton@au1.ibm.com", "time": "Mon Feb 28 03:27:53 2011 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Mar 02 22:18:53 2011 -0800" }, "message": "RxRPC: Fix v1 keys\n\ncommit 339412841d7 (RxRPC: Allow key payloads to be passed in XDR form)\nbroke klog for me. I notice the v1 key struct had a kif_version field\nadded:\n\n-struct rxkad_key {\n- u16 security_index; /* RxRPC header security index */\n- u16 ticket_len; /* length of ticket[] */\n- u32 expiry; /* time at which expires */\n- u32 kvno; /* key version number */\n- u8 session_key[8]; /* DES session key */\n- u8 ticket[0]; /* the encrypted ticket */\n-};\n\n+struct rxrpc_key_data_v1 {\n+ u32 kif_version; /* 1 */\n+ u16 security_index;\n+ u16 ticket_length;\n+ u32 expiry; /* time_t */\n+ u32 kvno;\n+ u8 session_key[8];\n+ u8 ticket[0];\n+};\n\nHowever the code in rxrpc_instantiate strips it away:\n\n\tdata +\u003d sizeof(kver);\n\tdatalen -\u003d sizeof(kver);\n\nRemoving kif_version fixes my problem.\n\nSigned-off-by: Anton Blanchard \u003canton@samba.org\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "7e70cb4978507cf31d76b90e4cfb4c28cad87f0c", "tree": "c5df493eef8d30dcb40d647b0528970eb4a391c6", "parents": [ "d00a1c72f7f4661212299e6cb132dfa58030bcdb" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 18:55:35 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:29 2010 +1100" }, "message": "keys: add new key-type encrypted\n\nDefine a new kernel key-type called \u0027encrypted\u0027. Encrypted keys are kernel\ngenerated random numbers, which are encrypted/decrypted with a \u0027trusted\u0027\nsymmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.\nUserspace only ever sees/stores encrypted blobs.\n\nChangelog:\n- bug fix: replaced master-key rcu based locking with semaphore\n (reported by David Howells)\n- Removed memset of crypto_shash_digest() digest output\n- Replaced verification of \u0027key-type:key-desc\u0027 using strcspn(), with\n one based on string constants.\n- Moved documentation to Documentation/keys-trusted-encrypted.txt\n- Replace hash with shash (based on comments by David Howells)\n- Make lengths/counts size_t where possible (based on comments by David Howells)\n Could not convert most lengths, as crypto expects \u0027unsigned int\u0027\n (size_t: on 32 bit is defined as unsigned int, but on 64 bit is unsigned long)\n- Add \u0027const\u0027 where possible (based on comments by David Howells)\n- allocate derived_buf dynamically to support arbitrary length master key\n (fixed by Roberto Sassu)\n- wait until late_initcall for crypto libraries to be registered\n- cleanup security/Kconfig\n- Add missing \u0027update\u0027 keyword (reported/fixed by Roberto Sassu)\n- Free epayload on failure to create key (reported/fixed by Roberto Sassu)\n- Increase the data size limit (requested by Roberto Sassu)\n- Crypto return codes are always 0 on success and negative on failure,\n remove unnecessary tests.\n- Replaced kzalloc() with kmalloc()\n\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nReviewed-by: Roberto Sassu \u003croberto.sassu@polito.it\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "d00a1c72f7f4661212299e6cb132dfa58030bcdb", "tree": "2c873e461f42bbf3aea03b7b2e59cea8f941d841", "parents": [ "c749ba912e87ccebd674ae24b97462176c63732e" ], "author": { "name": "Mimi Zohar", "email": "zohar@linux.vnet.ibm.com", "time": "Tue Nov 23 17:50:34 2010 -0500" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Mon Nov 29 08:55:25 2010 +1100" }, "message": "keys: add new trusted key-type\n\nDefine a new kernel key-type called \u0027trusted\u0027. Trusted keys are random\nnumber symmetric keys, generated and RSA-sealed by the TPM. The TPM\nonly unseals the keys, if the boot PCRs and other criteria match.\nUserspace can only ever see encrypted blobs.\n\nBased on suggestions by Jason Gunthorpe, several new options have been\nadded to support additional usages.\n\nThe new options are:\nmigratable\u003d designates that the key may/may not ever be updated\n (resealed under a new key, new pcrinfo or new auth.)\n\npcrlock\u003dn extends the designated PCR \u0027n\u0027 with a random value,\n so that a key sealed to that PCR may not be unsealed\n again until after a reboot.\n\nkeyhandle\u003d specifies the sealing/unsealing key handle.\n\nkeyauth\u003d specifies the sealing/unsealing key auth.\n\nblobauth\u003d specifies the sealed data auth.\n\nImplementation of a kernel reserved locality for trusted keys will be\ninvestigated for a possible future extension.\n\nChangelog:\n- Updated and added examples to Documentation/keys-trusted-encrypted.txt\n- Moved generic TPM constants to include/linux/tpm_command.h\n (David Howell\u0027s suggestion.)\n- trusted_defined.c: replaced kzalloc with kmalloc, added pcrlock failure\n error handling, added const qualifiers where appropriate.\n- moved to late_initcall\n- updated from hash to shash (suggestion by David Howells)\n- reduced worst stack usage (tpm_seal) from 530 to 312 bytes\n- moved documentation to Documentation directory (suggestion by David Howells)\n- all the other code cleanups suggested by David Howells\n- Add pcrlock CAP_SYS_ADMIN dependency (based on comment by Jason Gunthorpe)\n- New options: migratable, pcrlock, keyhandle, keyauth, blobauth (based on\n discussions with Jason Gunthorpe)\n- Free payload on failure to create key(reported/fixed by Roberto Sassu)\n- Updated Kconfig and other descriptions (based on Serge Hallyn\u0027s suggestion)\n- Replaced kzalloc() with kmalloc() (reported by Serge Hallyn)\n\nSigned-off-by: David Safford \u003csafford@watson.ibm.com\u003e\nSigned-off-by: Mimi Zohar \u003czohar@us.ibm.com\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "1a4240f4764ac78adbf4b0ebb49b3bd8c72ffa11", "tree": "7d9de5b071e7ab8a8355bdf7902db4c0a0e812b1", "parents": [ "ba5dadbf4e7b531bd7ccecffb4d3935c80a3372e" ], "author": { "name": "Wang Lei", "email": "wang840925@gmail.com", "time": "Wed Aug 04 15:16:33 2010 +0100" }, "committer": { "name": "Steve French", "email": "sfrench@us.ibm.com", "time": "Thu Aug 05 17:17:51 2010 +0000" }, "message": "DNS: Separate out CIFS DNS Resolver code\n\nSeparate out the DNS resolver key type from the CIFS filesystem into its own\nmodule so that it can be made available for general use, including the AFS\nfilesystem module.\n\nThis facility makes it possible for the kernel to upcall to userspace to have\nit issue DNS requests, package up the replies and present them to the kernel\nin a useful form. The kernel is then able to cache the DNS replies as keys\ncan be retained in keyrings.\n\nResolver keys are of type \"dns_resolver\" and have a case-insensitive\ndescription that is of the form \"[\u003ctype\u003e:]\u003cdomain_name\u003e\". The optional \u003ctype\u003e\nindicates the particular DNS lookup and packaging that\u0027s required. The\n\u003cdomain_name\u003e is the query to be made.\n\nIf \u003ctype\u003e isn\u0027t given, a basic hostname to IP address lookup is made, and the\nresult is stored in the key in the form of a printable string consisting of a\ncomma-separated list of IPv4 and IPv6 addresses.\n\nThis key type is supported by userspace helpers driven from /sbin/request-key\nand configured through /etc/request-key.conf. The cifs.upcall utility is\ninvoked for UNC path server name to IP address resolution.\n\nThe CIFS functionality is encapsulated by the dns_resolve_unc_to_ip() function,\nwhich is used to resolve a UNC path to an IP address for CIFS filesystem. This\npart remains in the CIFS module for now.\n\nSee the added Documentation/networking/dns_resolver.txt for more information.\n\nSigned-off-by: Wang Lei \u003cwang840925@gmail.com\u003e\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nAcked-by: Jeff Layton \u003cjlayton@redhat.com\u003e\nSigned-off-by: Steve French \u003csfrench@us.ibm.com\u003e\n" }, { "commit": "4e36a95e591e9c58dd10bb4103c00993917c27fd", "tree": "e97be725f4aca0084e148cb68bd99552a480b47e", "parents": [ "634354d753898f9d9d146bd47628a1ef27f7dc98" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Wed Sep 16 00:01:13 2009 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Wed Sep 16 00:01:13 2009 -0700" }, "message": "RxRPC: Use uX/sX rather than uintX_t/intX_t types\n\nUse uX rather than uintX_t types for consistency.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "99455153d0670ba110e6a3b855b8369bcbd11120", "tree": "166ba6e3046654f7d1cd5f0debdcae1aa8938080", "parents": [ "ed6dd18b5aceb322da9840f01a68d648e91c8a72" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Sep 14 01:17:46 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 15 02:44:33 2009 -0700" }, "message": "RxRPC: Parse security index 5 keys (Kerberos 5)\n\nParse RxRPC security index 5 type keys (Kerberos 5 tokens).\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "339412841d7620f93fea805fbd7469f08186f458", "tree": "e2d385d76e3b9361671411442c5253417f95d5a6", "parents": [ "8b815477f382f96deefbe5bd4404fa7b31cf5dcf" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Sep 14 01:17:35 2009 +0000" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Tue Sep 15 02:44:23 2009 -0700" }, "message": "RxRPC: Allow key payloads to be passed in XDR form\n\nAllow add_key() and KEYCTL_INSTANTIATE to accept key payloads in XDR form as\ndescribed by openafs-1.4.10/src/auth/afs_token.xg. This provides a way of\npassing kaserver, Kerberos 4, Kerberos 5 and GSSAPI keys from userspace, and\nallows for future expansion.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "e9e349b051d98799b743ebf248cc2d986fedf090", "tree": "d59a46ae39d81d27bcf605663ce0e24d1c6db375", "parents": [ "76aac0e9a17742e60d408be1a706e9aaad370891" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Nov 14 10:39:13 2008 +1100" }, "committer": { "name": "James Morris", "email": "jmorris@namei.org", "time": "Fri Nov 14 10:39:13 2008 +1100" }, "message": "KEYS: Disperse linux/key_ui.h\n\nDisperse the bits of linux/key_ui.h as the reason they were put here (keyfs)\ndidn\u0027t get in.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nReviewed-by: James Morris \u003cjmorris@namei.org\u003e\nSigned-off-by: James Morris \u003cjmorris@namei.org\u003e\n" }, { "commit": "dd89db1df98003fadafa711ab8bc497aaf92980a", "tree": "b63eac0e4e6285362a167001a4d0b6b8a6fc560a", "parents": [ "fdefa4d87e2f07ffe5888a7c2ed87dd12f9cfe37" ], "author": { "name": "Robert P. J. Day", "email": "rpjday@crashcourse.ca", "time": "Mon Apr 21 22:43:55 2008 +0000" }, "committer": { "name": "Jesper Juhl", "email": "juhl@hera.kernel.org", "time": "Mon Apr 21 22:43:55 2008 +0000" }, "message": "KEYS: Fix the comment to match the file name in rxrpc-type.h.\n\nSigned-off-by: Robert P. J. Day \u003crpjday@crashcourse.ca\u003e\nAcked-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Jesper Juhl \u003cjesper.juhl@gmail.com\u003e\n" }, { "commit": "76181c134f87479fa13bf2548ddf2999055d34d4", "tree": "34694341c190e7ecdd3111ee48e4b98602ff012f", "parents": [ "398c95bdf2c24d7866692a40ba04425aef238cdd" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Tue Oct 16 23:29:46 2007 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@woody.linux-foundation.org", "time": "Wed Oct 17 08:42:57 2007 -0700" }, "message": "KEYS: Make request_key() and co fundamentally asynchronous\n\nMake request_key() and co fundamentally asynchronous to make it easier for\nNFS to make use of them. There are now accessor functions that do\nasynchronous constructions, a wait function to wait for construction to\ncomplete, and a completion function for the key type to indicate completion\nof construction.\n\nNote that the construction queue is now gone. Instead, keys under\nconstruction are linked in to the appropriate keyring in advance, and that\nanyone encountering one must wait for it to be complete before they can use\nit. This is done automatically for userspace.\n\nThe following auxiliary changes are also made:\n\n (1) Key type implementation stuff is split from linux/key.h into\n linux/key-type.h.\n\n (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does\n not need to call key_instantiate_and_link() directly.\n\n (3) Adjust the debugging macros so that they\u0027re -Wformat checked even if\n they are disabled, and make it so they can be enabled simply by defining\n __KDEBUG to be consistent with other code of mine.\n\n (3) Documentation.\n\n[alan@lxorguk.ukuu.org.uk: keys: missing word in documentation]\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Alan Cox \u003calan@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@linux-foundation.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@linux-foundation.org\u003e\n" }, { "commit": "17926a79320afa9b95df6b977b40cca6d8713cea", "tree": "5cedff43b69520ad17b86783d3752053686ec99c", "parents": [ "e19dff1fdd99a25819af74cf0710e147fff4fd3a" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "committer": { "name": "David S. Miller", "email": "davem@davemloft.net", "time": "Thu Apr 26 15:48:28 2007 -0700" }, "message": "[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both\n\nProvide AF_RXRPC sockets that can be used to talk to AFS servers, or serve\nanswers to AFS clients. KerberosIV security is fully supported. The patches\nand some example test programs can be found in:\n\n\thttp://people.redhat.com/~dhowells/rxrpc/\n\nThis will eventually replace the old implementation of kernel-only RxRPC\ncurrently resident in net/rxrpc/.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n" }, { "commit": "31204ed925b067d2bb65adb89501656f8274a32a", "tree": "a5c3e5101e9f79bf39672f02c0eea573e7a47cb8", "parents": [ "7e047ef5fe2d52e83020e856b1bf2556a6a2ce98" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Mon Jun 26 00:24:51 2006 -0700" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Mon Jun 26 09:58:18 2006 -0700" }, "message": "[PATCH] keys: discard the contents of a key on revocation\n\nCause the keys linked to a keyring to be unlinked from it when revoked and it\ncauses the data attached to a user-defined key to be discarded when revoked.\n\nThis frees up most of the quota a key occupied at that point, rather than\nwaiting for the key to actually be destroyed.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "8d9067bda99c68e1a17d93e78cf3a5a3f67e0c35", "tree": "6f3c7fe665012c456b57840c290eafd4deabbeb2", "parents": [ "32725ad8430b58e42c5d54757ce7871e680d05cb" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Fri Jan 06 00:11:24 2006 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Fri Jan 06 08:33:29 2006 -0800" }, "message": "[PATCH] Keys: Remove key duplication\n\nRemove the key duplication stuff since there\u0027s nothing that uses it, no way\nto get at it and it\u0027s awkward to deal with for LSM purposes.\n\nSigned-off-by: David Howells \u003cdhowells@redhat.com\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" }, { "commit": "2aa349f6e37ce030060c994d3aebbff4ab703565", "tree": "7a0937469f0376931b82d9c3392727dba13c9d45", "parents": [ "1426d7a81dea8e9d85f9d69de85ab04ba37018ab" ], "author": { "name": "David Howells", "email": "dhowells@redhat.com", "time": "Sun Oct 30 15:02:42 2005 -0800" }, "committer": { "name": "Linus Torvalds", "email": "torvalds@g5.osdl.org", "time": "Sun Oct 30 17:37:22 2005 -0800" }, "message": "[PATCH] Keys: Export user-defined keyring operations\n\nExport user-defined key operations so that those who wish to define their\nown key type based on the user-defined key operations may do so (as has\nbeen requested).\n\nThe header file created has been placed into include/keys/user-type.h, thus\ncreating a directory where other key types may also be placed. Any\nobjections to doing this?\n\nSigned-Off-By: David Howells \u003cdhowells@redhat.com\u003e\nSigned-Off-By: Arjan van de Ven \u003carjan@infradead.org\u003e\nSigned-off-by: Andrew Morton \u003cakpm@osdl.org\u003e\nSigned-off-by: Linus Torvalds \u003ctorvalds@osdl.org\u003e\n" } ] }