From: Jakub Kicinski <kuba@kernel.org>
To: David Howells <dhowells@redhat.com>
Cc: netdev@vger.kernel.org, linux-afs@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH net 00/17] rxrpc: Prelude to gssapi support
Date: Tue, 24 Nov 2020 12:08:59 -0800 [thread overview]
Message-ID: <20201124120859.10037dd6@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com> (raw)
In-Reply-To: <160616220405.830164.2239716599743995145.stgit@warthog.procyon.org.uk>
On Mon, 23 Nov 2020 20:10:04 +0000 David Howells wrote:
> Here are some patches that do some reorganisation of the security class
> handling in rxrpc to allow implementation of the RxGK security class that
> will allow AF_RXRPC to use GSSAPI-negotiated tokens and better crypto. The
> RxGK security class is not included in this patchset.
>
> It does the following things:
>
> (1) Add a keyrings patch to provide the original key description, as
> provided to add_key(), to the payload preparser so that it can
> interpret the content on that basis. Unfortunately, the rxrpc_s key
> type wasn't written to interpret its payload as anything other than a
> string of bytes comprising a key, but for RxGK, more information is
> required as multiple Kerberos enctypes are supported.
>
> (2) Remove the rxk5 security class key parsing. The rxk5 class never got
> rolled out in OpenAFS and got replaced with rxgk.
>
> (3) Support the creation of rxrpc keys with multiple tokens of different
> types. If some types are not supported, the ENOPKG error is
> suppressed if at least one other token's type is supported.
>
> (4) Punt the handling of server keys (rxrpc_s type) to the appropriate
> security class.
>
> (5) Organise the security bits in the rxrpc_connection struct into a
> union to make it easier to override for other classes.
>
> (6) Move some bits from core code into rxkad that won't be appropriate to
> rxgk.
Pulled into net-next, thank you!
prev parent reply other threads:[~2020-11-24 20:09 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-23 20:10 [PATCH net 00/17] rxrpc: Prelude to gssapi support David Howells
2020-11-23 20:10 ` [PATCH net-next 01/17] keys: Provide the original description to the key preparser David Howells
2020-11-23 20:10 ` [PATCH net-next 02/17] rxrpc: Remove the rxk5 security class as it's now defunct David Howells
2020-11-23 20:10 ` [PATCH net-next 03/17] rxrpc: List the held token types in the key description in /proc/keys David Howells
2020-11-23 20:10 ` [PATCH net-next 04/17] rxrpc: Support keys with multiple authentication tokens David Howells
2020-11-23 20:10 ` [PATCH net-next 05/17] rxrpc: Don't retain the server key in the connection David Howells
2020-11-23 20:10 ` [PATCH net-next 06/17] rxrpc: Split the server key type (rxrpc_s) into its own file David Howells
2020-11-23 20:10 ` [PATCH net-next 07/17] rxrpc: Hand server key parsing off to the security class David Howells
2020-11-23 20:11 ` [PATCH net-next 08/17] rxrpc: Don't leak the service-side session key to userspace David Howells
2020-11-23 20:11 ` [PATCH net-next 09/17] rxrpc: Allow security classes to give more info on server keys David Howells
2020-11-23 20:11 ` [PATCH net-next 10/17] rxrpc: Make the parsing of xdr payloads more coherent David Howells
2020-11-23 20:11 ` [PATCH net-next 11/17] rxrpc: Ignore unknown tokens in key payload unless no known tokens David Howells
2020-11-23 20:11 ` [PATCH net-next 12/17] rxrpc: Fix example key name in a comment David Howells
2020-11-23 20:11 ` [PATCH net-next 13/17] rxrpc: Merge prime_packet_security into init_connection_security David Howells
2020-11-23 20:11 ` [PATCH net-next 14/17] rxrpc: Don't reserve security header in Tx DATA skbuff David Howells
2020-11-23 20:11 ` [PATCH net-next 15/17] rxrpc: Organise connection security to use a union David Howells
2020-11-23 20:25 ` Joe Perches
2020-11-23 21:08 ` David Howells
2020-11-23 20:11 ` [PATCH net-next 16/17] rxrpc: rxkad: Don't use pskb_pull() to advance through the response packet David Howells
2020-11-23 20:12 ` [PATCH net-next 17/17] rxrpc: Ask the security class how much space to allow in a packet David Howells
2020-11-24 20:08 ` Jakub Kicinski [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201124120859.10037dd6@kicinski-fedora-pc1c0hjn.dhcp.thefacebook.com \
--to=kuba@kernel.org \
--cc=dhowells@redhat.com \
--cc=linux-afs@lists.infradead.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).