Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type

[PATCH 0/3] Fix y2038 issues for security/keys subsystem · Baolin Wang <hidden> · 2017-08-09
[PATCH 1/3] security: keys: Replace time_t/timespec with time64_t · Baolin Wang <hidden> · 2017-08-09
[PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · Baolin Wang <hidden> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · Arnd Bergmann <arnd@arndb.de> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · David Howells <dhowells@redhat.com> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · Arnd Bergmann <arnd@arndb.de> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · David Howells <dhowells@redhat.com> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · Arnd Bergmann <arnd@arndb.de> · 2017-08-09
Re: [PATCH 3/3] net: rxrpc: Replace time_t type with time64_t type · David Howells <dhowells@redhat.com> · 2017-08-09
[PATCH 2/3] security: keys: Replace time_t with time64_t for struct key_preparsed_payload · Baolin Wang <hidden> · 2017-08-09
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · David Howells <dhowells@redhat.com> · 2017-08-09
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · Baolin Wang <hidden> · 2017-08-10
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · Baolin Wang <hidden> · 2017-08-21
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · Baolin Wang <hidden> · 2017-09-15
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · Arnd Bergmann <arnd@arndb.de> · 2017-08-09
Re: [PATCH 0/3] Fix y2038 issues for security/keys subsystem · Baolin Wang <hidden> · 2017-08-10

From: Arnd Bergmann <arnd@arndb.de>
Date: 2017-08-09 15:13:02
Also in: keyrings, linux-security-module, lkml

On Wed, Aug 9, 2017 at 3:26 PM, David Howells [off-list ref] wrote:

Arnd Bergmann [off-list ref] wrote:

quoted

Do you know which format is used in practice? Are both kad and k5 common
among rxrpc users?

The aklog program I'm using uses the non-XDR interface to push a Kerberos 5
ticket to the kernel, so it doesn't actually invoke rxrpc_preparse_xdr() from
rxrpc_preparse().

Ah, I'm slowly starting to understand how this fits together. So you can add
a key either through key_add() from local user space, or through an rxrpc
socket.

From what I can tell, the program you have at

http://people.redhat.com/~dhowells/rxrpc/klog.c will keep working beyond
2038 but not beyond 2106 on all 64-bit architectures and on those
32-bit systems that have a libc with 64-bit time_t. It could be modified
to use the xdr_rxk5 key format, which would make it use 64-bit time
values (and require the kernel fix mentioned above).

In contrast, the rxrpc socket interface would need a major rework to
support 64-bit expiration times. It receives a kerberos ticket with a
32-bit issue time
that gets used to calculate the expiry time in rxkad_decrypt_ticket, and from
there we pass it through a  rxrpc_key_data_v1 into key_instantiate_and_link(),
which calls rxrpc_preparse() and that just takes the expiry out again and sticks
it into another 32-bit field in struct rxkad_key, from where it
finally gets copied
into the (now 64-bit) key_preparsed_payload->expiry field.

Does my understanding match what you intended for the interfaces? Is there
a need to extend the rxrpc socket interface to support xdr_rxk5 keys as well?

         Arnd

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help