[OpenAFS-devel] Preliminary LKI (Linux Key Infrastructure)
Kyle Moffett
mrmacman_g4@mac.com
Fri, 23 Jul 2004 18:12:28 -0400
Here is my starting work on a key architecture for the kernel. This
hasn't even
been test compiled yet, so there are still bugs galore, but if anyone
wants to
have a look, here it is:
Linux Key Infrastructure: <http://www.tjhsst.edu/~kmoffett/lki.tar.bz2>
Implemented:
- lki_key_t
A single key implemented with a generic blob
- lki_keytype_t
A keytype, either auto-generated by calling from user-space or
registered by a kernel module with lki_keytype_register
- lki_key_create, lki_key_destroy
Kernel functions to create and destroy keys. They allocate from
a number pool.
- lki_key_hash_add, lki_key_hash_remove, lki_key_hash_search
Kernel functions to look up keys by number.
In progress:
- lki_key_handle_t
This will be tied to a file-descriptor for access by user processes.
If
a process "revokes" a given file-descriptor that it has open, then
that
key file-descriptor and any that it created (children) through dup()
or
being passed to another process will be destroyed.
- Permissions on lki_key_t
I'm still learning about this posix_acl_t stuff. It would be nice if
somebody could write a patch to seperate the POSIX ACL functions
from inodes so they could be applied to lki_key_t objects even when
the keyfs(TODO) isn't mounted
Not yet started:
- key-rings
They'll be a special case of a key where the BLOB contains a list of
lki_key_handle_t and some extra metadata.
- keyfs
I'm not ready to open _that_ can of worms yet
- syscall "keyctl"
Once I get the kernel-side interfaces finalized, I'll build keyctl to
match.
Cheers,
Kyle Moffett
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCM/CS/IT/U d- s++: a17 C++++>$ UB/L/X/*++++(+)>$ P+++(++++)>$
L++++(+++) E W++(+) N+++(++) o? K? w--- O? M++ V? PS+() PE+(-) Y+
PGP+++ t+(+++) 5 X R? tv-(--) b++++(++) DI+ D+ G e->++++$ h!*()>++$ r
!y?(-)
------END GEEK CODE BLOCK------