f36f8c75ae
Add support for per-user_namespace registers of persistent per-UID kerberos caches held within the kernel. This allows the kerberos cache to be retained beyond the life of all a user's processes so that the user's cron jobs can work. The kerberos cache is envisioned as a keyring/key tree looking something like: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 big_key - A ccache blob \___ tkt12345 big_key - Another ccache blob Or possibly: struct user_namespace \___ .krb_cache keyring - The register \___ _krb.0 keyring - Root's Kerberos cache \___ _krb.5000 keyring - User 5000's Kerberos cache \___ _krb.5001 keyring - User 5001's Kerberos cache \___ tkt785 keyring - A ccache \___ krbtgt/REDHAT.COM@REDHAT.COM big_key \___ http/REDHAT.COM@REDHAT.COM user \___ afs/REDHAT.COM@REDHAT.COM user \___ nfs/REDHAT.COM@REDHAT.COM user \___ krbtgt/KERNEL.ORG@KERNEL.ORG big_key \___ http/KERNEL.ORG@KERNEL.ORG big_key What goes into a particular Kerberos cache is entirely up to userspace. Kernel support is limited to giving you the Kerberos cache keyring that you want. The user asks for their Kerberos cache by: krb_cache = keyctl_get_krbcache(uid, dest_keyring); The uid is -1 or the user's own UID for the user's own cache or the uid of some other user's cache (requires CAP_SETUID). This permits rpc.gssd or whatever to mess with the cache. The cache returned is a keyring named "_krb.<uid>" that the possessor can read, search, clear, invalidate, unlink from and add links to. Active LSMs get a chance to rule on whether the caller is permitted to make a link. Each uid's cache keyring is created when it first accessed and is given a timeout that is extended each time this function is called so that the keyring goes away after a while. The timeout is configurable by sysctl but defaults to three days. Each user_namespace struct gets a lazily-created keyring that serves as the register. The cache keyrings are added to it. This means that standard key search and garbage collection facilities are available. The user_namespace struct's register goes away when it does and anything left in it is then automatically gc'd. Signed-off-by: David Howells <dhowells@redhat.com> Tested-by: Simo Sorce <simo@redhat.com> cc: Serge E. Hallyn <serge.hallyn@ubuntu.com> cc: Eric W. Biederman <ebiederm@xmission.com>
62 lines
3 KiB
C
62 lines
3 KiB
C
/* keyctl.h: keyctl command IDs
|
|
*
|
|
* Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
#ifndef _LINUX_KEYCTL_H
|
|
#define _LINUX_KEYCTL_H
|
|
|
|
/* special process keyring shortcut IDs */
|
|
#define KEY_SPEC_THREAD_KEYRING -1 /* - key ID for thread-specific keyring */
|
|
#define KEY_SPEC_PROCESS_KEYRING -2 /* - key ID for process-specific keyring */
|
|
#define KEY_SPEC_SESSION_KEYRING -3 /* - key ID for session-specific keyring */
|
|
#define KEY_SPEC_USER_KEYRING -4 /* - key ID for UID-specific keyring */
|
|
#define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */
|
|
#define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */
|
|
#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */
|
|
#define KEY_SPEC_REQUESTOR_KEYRING -8 /* - key ID for request_key() dest keyring */
|
|
|
|
/* request-key default keyrings */
|
|
#define KEY_REQKEY_DEFL_NO_CHANGE -1
|
|
#define KEY_REQKEY_DEFL_DEFAULT 0
|
|
#define KEY_REQKEY_DEFL_THREAD_KEYRING 1
|
|
#define KEY_REQKEY_DEFL_PROCESS_KEYRING 2
|
|
#define KEY_REQKEY_DEFL_SESSION_KEYRING 3
|
|
#define KEY_REQKEY_DEFL_USER_KEYRING 4
|
|
#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING 5
|
|
#define KEY_REQKEY_DEFL_GROUP_KEYRING 6
|
|
#define KEY_REQKEY_DEFL_REQUESTOR_KEYRING 7
|
|
|
|
/* keyctl commands */
|
|
#define KEYCTL_GET_KEYRING_ID 0 /* ask for a keyring's ID */
|
|
#define KEYCTL_JOIN_SESSION_KEYRING 1 /* join or start named session keyring */
|
|
#define KEYCTL_UPDATE 2 /* update a key */
|
|
#define KEYCTL_REVOKE 3 /* revoke a key */
|
|
#define KEYCTL_CHOWN 4 /* set ownership of a key */
|
|
#define KEYCTL_SETPERM 5 /* set perms on a key */
|
|
#define KEYCTL_DESCRIBE 6 /* describe a key */
|
|
#define KEYCTL_CLEAR 7 /* clear contents of a keyring */
|
|
#define KEYCTL_LINK 8 /* link a key into a keyring */
|
|
#define KEYCTL_UNLINK 9 /* unlink a key from a keyring */
|
|
#define KEYCTL_SEARCH 10 /* search for a key in a keyring */
|
|
#define KEYCTL_READ 11 /* read a key or keyring's contents */
|
|
#define KEYCTL_INSTANTIATE 12 /* instantiate a partially constructed key */
|
|
#define KEYCTL_NEGATE 13 /* negate a partially constructed key */
|
|
#define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */
|
|
#define KEYCTL_SET_TIMEOUT 15 /* set key timeout */
|
|
#define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */
|
|
#define KEYCTL_GET_SECURITY 17 /* get key security label */
|
|
#define KEYCTL_SESSION_TO_PARENT 18 /* apply session keyring to parent process */
|
|
#define KEYCTL_REJECT 19 /* reject a partially constructed key */
|
|
#define KEYCTL_INSTANTIATE_IOV 20 /* instantiate a partially constructed key */
|
|
#define KEYCTL_INVALIDATE 21 /* invalidate a key */
|
|
#define KEYCTL_GET_PERSISTENT 22 /* get a user's persistent keyring */
|
|
|
|
#endif /* _LINUX_KEYCTL_H */
|