f36f8c75ae
Add support for per-user_namespace registers of persistent per-UID kerberos caches held within the kernel. This allows the kerberos cache to be retained beyond the life of all a user's processes so that the user's cron jobs can work. The kerberos cache is envisioned as a keyring/key tree looking something like: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 big_key - A ccache blob \___ tkt12345 big_key - Another ccache blob Or possibly: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 keyring - A ccache \___ krbtgt/REDHAT.COM@REDHAT.COM big_key \___ http/REDHAT.COM@REDHAT.COM user \___ afs/REDHAT.COM@REDHAT.COM user \___ nfs/REDHAT.COM@REDHAT.COM user \___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key \___ http/KERNEL.ORG@KERNEL.ORG big_key What goes into a particular Kerberos cache is entirely up to userspace. Kernel support is limited to giving you the Kerberos cache keyring that you want. The user asks for their Kerberos cache by: krb_cache = keyctl_get_krbcache(uid, dest_keyring); The uid is -1 or the user's own UID for the user's own cache or the uid of some other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to mess with the cache. The cache returned is a keyring named "_krb.<uid>" that the possessor can read, search, clear, invalidate, unlink from and add links to. Active LSMs get a chance to rule on whether the caller is permitted to make a link. Each uid's cache keyring is created when it first accessed and is given a timeout that is extended each time this function is called so that the keyring goes away after a while. The timeout is configurable by sysctl but defaults to three days. Each user_namespace struct gets a lazily-created keyring that serves as the register. The cache keyrings are added to it. This means that standard key search and garbage collection facilities are available. The user_namespace struct's register goes away when it does and anything left in it is then automatically gc'd. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Simo Sorce <simo@redhat.com> cc: Serge E. Hallyn <serge.hallyn@ubuntu.com> cc: Eric W. Biederman <ebiederm@xmission.com>
77 lines
1.8 KiB
C
77 lines
1.8 KiB
C
/* Key management controls
|
|
*
|
|
* Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public Licence
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the Licence, or (at your option) any later version.
|
|
*/
|
|
|
|
#include <linux/key.h>
|
|
#include <linux/sysctl.h>
|
|
#include "internal.h"
|
|
|
|
static const int zero, one = 1, max = INT_MAX;
|
|
|
|
ctl_table key_sysctls[] = {
|
|
{
|
|
.procname = "maxkeys",
|
|
.data = &key_quota_maxkeys,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.procname = "maxbytes",
|
|
.data = &key_quota_maxbytes,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.procname = "root_maxkeys",
|
|
.data = &key_quota_root_maxkeys,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.procname = "root_maxbytes",
|
|
.data = &key_quota_root_maxbytes,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &one,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
{
|
|
.procname = "gc_delay",
|
|
.data = &key_gc_delay,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &zero,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
#ifdef CONFIG_PERSISTENT_KEYRINGS
|
|
{
|
|
.procname = "persistent_keyring_expiry",
|
|
.data = &persistent_keyring_expiry,
|
|
.maxlen = sizeof(unsigned),
|
|
.mode = 0644,
|
|
.proc_handler = proc_dointvec_minmax,
|
|
.extra1 = (void *) &zero,
|
|
.extra2 = (void *) &max,
|
|
},
|
|
#endif
|
|
{ }
|
|
};
|