1973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells/* Authentication token and access key management internal defs 21da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * 376181c134f87479fa13bf2548ddf2999055d34d4David Howells * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. 41da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * Written by David Howells (dhowells@redhat.com) 51da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * 61da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * This program is free software; you can redistribute it and/or 71da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * modify it under the terms of the GNU General Public License 81da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * as published by the Free Software Foundation; either version 91da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * 2 of the License, or (at your option) any later version. 101da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */ 111da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 121da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#ifndef _INTERNAL_H 131da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#define _INTERNAL_H 141da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 15d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howells#include <linux/sched.h> 1676181c134f87479fa13bf2548ddf2999055d34d4David Howells#include <linux/key-type.h> 17413cd3d9abeaef590e5ce00564f7a443165db238Oleg Nesterov#include <linux/task_work.h> 181da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 19a27bb332c04cec8c4afd7912df0dc7890db27560Kent Overstreetstruct iovec; 20a27bb332c04cec8c4afd7912df0dc7890db27560Kent Overstreet 2176181c134f87479fa13bf2548ddf2999055d34d4David Howells#ifdef __KDEBUG 2276181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kenter(FMT, ...) \ 23dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 2476181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kleave(FMT, ...) \ 25dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 2676181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kdebug(FMT, ...) \ 27d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howells printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__) 283e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells#else 2976181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kenter(FMT, ...) \ 30dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) 3176181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kleave(FMT, ...) \ 32dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) 3376181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kdebug(FMT, ...) \ 3476181c134f87479fa13bf2548ddf2999055d34d4David Howells no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) 353e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells#endif 363e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 370c061b5707ab84ebfe8f18f1c9c3110ae5cd6073David Howellsextern struct key_type key_type_dead; 381da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct key_type key_type_user; 399f6ed2ca257fa8650b876377833e6f14e272848bJeff Laytonextern struct key_type key_type_logon; 401da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 411da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/*****************************************************************************/ 421da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/* 43973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * Keep track of keys for a user. 44973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * 45973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * This needs to be separate to user_struct to avoid a refcount-loop 46973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * (user_struct pins some keyrings which pin this struct). 47973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * 48973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * We also keep track of keys under request from userspace for this UID here. 491da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */ 501da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsstruct key_user { 511da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds struct rb_node node; 5276181c134f87479fa13bf2548ddf2999055d34d4David Howells struct mutex cons_lock; /* construction initiation lock */ 531da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds spinlock_t lock; 541da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds atomic_t usage; /* for accessing qnkeys & qnbytes */ 551da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds atomic_t nkeys; /* number of keys */ 561da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds atomic_t nikeys; /* number of instantiated keys */ 579a56c2db49e7349c7963f0ce66c1ef578d44ebd3Eric W. Biederman kuid_t uid; 581da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds int qnkeys; /* number of keys allocated to this user */ 591da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds int qnbytes; /* number of bytes allocated to this user */ 601da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds}; 611da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 621da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct rb_root key_user_tree; 631da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern spinlock_t key_user_lock; 641da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct key_user root_key_user; 651da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 669a56c2db49e7349c7963f0ce66c1ef578d44ebd3Eric W. Biedermanextern struct key_user *key_user_lookup(kuid_t uid); 671da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern void key_user_put(struct key_user *user); 681da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 690b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells/* 70973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * Key quota limits. 710b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells * - root has its own separate limits to everyone else 720b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells */ 730b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_root_maxkeys; 740b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_root_maxbytes; 750b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_maxkeys; 760b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_maxbytes; 770b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells 780b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells#define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */ 791da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 801da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 818bc16deabce7649e480e94b648c88d4e90c34352David Howellsextern struct kmem_cache *key_jar; 821da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct rb_root key_serial_tree; 831da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern spinlock_t key_serial_lock; 8476181c134f87479fa13bf2548ddf2999055d34d4David Howellsextern struct mutex key_construction_mutex; 851da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern wait_queue_head_t request_key_conswq; 861da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 871da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 88e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern struct key_type *key_type_lookup(const char *type); 89e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern void key_type_put(struct key_type *ktype); 90e9e349b051d98799b743ebf248cc2d986fedf090David Howells 91f70e2e06196ad4c1c762037da2f75354f6c16b81David Howellsextern int __key_link_begin(struct key *keyring, 9216feef4340172b7dbb9cba60850e78fa6388adf1David Howells const struct keyring_index_key *index_key, 93b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells struct assoc_array_edit **_edit); 94f70e2e06196ad4c1c762037da2f75354f6c16b81David Howellsextern int __key_link_check_live_key(struct key *keyring, struct key *key); 95b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howellsextern void __key_link(struct key *key, struct assoc_array_edit **_edit); 96f70e2e06196ad4c1c762037da2f75354f6c16b81David Howellsextern void __key_link_end(struct key *keyring, 9716feef4340172b7dbb9cba60850e78fa6388adf1David Howells const struct keyring_index_key *index_key, 98b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells struct assoc_array_edit *edit); 991da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 100b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howellsextern key_ref_t find_key_to_update(key_ref_t keyring_ref, 101b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells const struct keyring_index_key *index_key); 1021da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 1033e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *keyring_search_instkey(struct key *keyring, 1043e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells key_serial_t target_id); 1053e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 106b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howellsextern int iterate_over_keyring(const struct key *keyring, 107b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells int (*func)(const struct key *key, void *data), 108b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells void *data); 109b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells 1104bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howellsstruct keyring_search_context { 1114bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells struct keyring_index_key index_key; 1124bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells const struct cred *cred; 113462919591a1791e76042dc5c1e0148715df59bebDavid Howells struct key_match_data match_data; 1144bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells unsigned flags; 115614d8c39014c185aa0f7254f0a470cc33fc1b284David Howells#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */ 116614d8c39014c185aa0f7254f0a470cc33fc1b284David Howells#define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */ 117614d8c39014c185aa0f7254f0a470cc33fc1b284David Howells#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */ 118614d8c39014c185aa0f7254f0a470cc33fc1b284David Howells#define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */ 119614d8c39014c185aa0f7254f0a470cc33fc1b284David Howells#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */ 1200b0a84154eff56913e91df29de5c3a03a0029e38David Howells#define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */ 1214bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells 122b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells int (*iterator)(const void *object, void *iterator_data); 123b2a4df200d570b2c33a57e1ebfa5896e4bc81b69David Howells 1244bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells /* Internal stuff */ 1254bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells int skipped_ret; 1264bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells bool possessed; 1274bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells key_ref_t result; 1284bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells struct timespec now; 1294bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells}; 1304bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells 1310c903ab64feb0fe83eac9f67a06e2f5b9508de16David Howellsextern bool key_default_cmp(const struct key *key, 1320c903ab64feb0fe83eac9f67a06e2f5b9508de16David Howells const struct key_match_data *match_data); 133664cceb0093b755739e56572b836a99104ee8a75David Howellsextern key_ref_t keyring_search_aux(key_ref_t keyring_ref, 1344bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells struct keyring_search_context *ctx); 1354bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howells 1364bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howellsextern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx); 1374bdf0bc300314141e5475e145acb8b5ad846f00dDavid Howellsextern key_ref_t search_process_keyrings(struct keyring_search_context *ctx); 1381da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 13969664cf16af4f31cd54d77948a4baf9c7e0ca7b9David Howellsextern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); 1401da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 1418bbf4976b59fc9fc2861e79cab7beb3f6d647640David Howellsextern int install_user_keyrings(void); 142d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howellsextern int install_thread_keyring_to_cred(struct cred *); 143d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howellsextern int install_process_keyring_to_cred(struct cred *); 144685bfd2c48bb3284d31e73ff3151c957d76deda9Oleg Nesterovextern int install_session_keyring_to_cred(struct cred *, struct key *); 1453e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 1463e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *request_key_and_link(struct key_type *type, 1473e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells const char *description, 1484a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells const void *callout_info, 1494a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells size_t callout_len, 1504e54f08543d05e519e601368571cc3787fefae96David Howells void *aux, 1517e047ef5fe2d52e83020e856b1bf2556a6a2ce98David Howells struct key *dest_keyring, 1527e047ef5fe2d52e83020e856b1bf2556a6a2ce98David Howells unsigned long flags); 1533e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 1540c903ab64feb0fe83eac9f67a06e2f5b9508de16David Howellsextern bool lookup_user_key_possessed(const struct key *key, 1550c903ab64feb0fe83eac9f67a06e2f5b9508de16David Howells const struct key_match_data *match_data); 1565593122eec26b061cc0b6fbff32118f1aadf4a27David Howellsextern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, 157e9e349b051d98799b743ebf248cc2d986fedf090David Howells key_perm_t perm); 1585593122eec26b061cc0b6fbff32118f1aadf4a27David Howells#define KEY_LOOKUP_CREATE 0x01 1595593122eec26b061cc0b6fbff32118f1aadf4a27David Howells#define KEY_LOOKUP_PARTIAL 0x02 1605593122eec26b061cc0b6fbff32118f1aadf4a27David Howells#define KEY_LOOKUP_FOR_UNLINK 0x04 161e9e349b051d98799b743ebf248cc2d986fedf090David Howells 162e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern long join_session_keyring(const char *name); 16367d1214551e800f9fe7dc7c47a346d2df0fafed5Al Viroextern void key_change_session_keyring(struct callback_head *twork); 164e9e349b051d98799b743ebf248cc2d986fedf090David Howells 1650c061b5707ab84ebfe8f18f1c9c3110ae5cd6073David Howellsextern struct work_struct key_gc_work; 1665d135440faf7db8d566de0c6fab36b16cf9cfc3bDavid Howellsextern unsigned key_gc_delay; 1675d135440faf7db8d566de0c6fab36b16cf9cfc3bDavid Howellsextern void keyring_gc(struct key *keyring, time_t limit); 168fd75815f727f157a05f4c96b5294a4617c0557daDavid Howellsextern void key_schedule_gc(time_t gc_at); 169fd75815f727f157a05f4c96b5294a4617c0557daDavid Howellsextern void key_schedule_gc_links(void); 1700c061b5707ab84ebfe8f18f1c9c3110ae5cd6073David Howellsextern void key_gc_keytype(struct key_type *ktype); 1715d135440faf7db8d566de0c6fab36b16cf9cfc3bDavid Howells 172e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern int key_task_permission(const key_ref_t key_ref, 173d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howells const struct cred *cred, 174e9e349b051d98799b743ebf248cc2d986fedf090David Howells key_perm_t perm); 175e9e349b051d98799b743ebf248cc2d986fedf090David Howells 176973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells/* 177973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * Check to see whether permission is granted to use a key in the desired way. 178973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells */ 179f5895943d91b41b0368830cdb6eaffb8eda0f4c8David Howellsstatic inline int key_permission(const key_ref_t key_ref, unsigned perm) 180e9e349b051d98799b743ebf248cc2d986fedf090David Howells{ 181d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howells return key_task_permission(key_ref, current_cred(), perm); 182e9e349b051d98799b743ebf248cc2d986fedf090David Howells} 183e9e349b051d98799b743ebf248cc2d986fedf090David Howells 1843e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells/* 185973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * Authorisation record for request_key(). 1863e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells */ 1873e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsstruct request_key_auth { 1883e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells struct key *target_key; 1898bbf4976b59fc9fc2861e79cab7beb3f6d647640David Howells struct key *dest_keyring; 190d84f4f992cbd76e8f39c488cf0c5d123843923b1David Howells const struct cred *cred; 1914a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells void *callout_info; 1924a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells size_t callout_len; 1933e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells pid_t pid; 1943e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells}; 1953e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 1963e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key_type key_type_request_key_auth; 1973e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *request_key_auth_new(struct key *target, 1984a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells const void *callout_info, 1998bbf4976b59fc9fc2861e79cab7beb3f6d647640David Howells size_t callout_len, 2008bbf4976b59fc9fc2861e79cab7beb3f6d647640David Howells struct key *dest_keyring); 2013e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells 2023e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *key_get_instantiation_authkey(key_serial_t target_id); 2031da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2041da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/* 205fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells * Determine whether a key is dead. 206fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells */ 2077e55ca6dcd07b45619035df343c9614a3ab35034David Howellsstatic inline bool key_is_dead(const struct key *key, time_t limit) 208fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells{ 209fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells return 210fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells key->flags & ((1 << KEY_FLAG_DEAD) | 211fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells (1 << KEY_FLAG_INVALIDATED)) || 212fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells (key->expiry > 0 && key->expiry <= limit); 213fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells} 214fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells 215fd75815f727f157a05f4c96b5294a4617c0557daDavid Howells/* 216973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * keyctl() functions 2171da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */ 2181da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_get_keyring_ID(key_serial_t, int); 2191da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_join_session_keyring(const char __user *); 2201da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_update_key(key_serial_t, const void __user *, size_t); 2211da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_revoke_key(key_serial_t); 2221da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_clear(key_serial_t); 2231da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_link(key_serial_t, key_serial_t); 2241da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_unlink(key_serial_t, key_serial_t); 2251da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_describe_key(key_serial_t, char __user *, size_t); 2261da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_search(key_serial_t, const char __user *, 2271da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds const char __user *, key_serial_t); 2281da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_read_key(key_serial_t, char __user *, size_t); 2291da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_chown_key(key_serial_t, uid_t, gid_t); 2301da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_setperm_key(key_serial_t, key_perm_t); 2311da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_instantiate_key(key_serial_t, const void __user *, 2321da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds size_t, key_serial_t); 2331da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); 2343e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern long keyctl_set_reqkey_keyring(int); 235017679c4d45783158dba1dd6f79e712c22bb3d9aDavid Howellsextern long keyctl_set_timeout(key_serial_t, unsigned); 236b5f545c880a2a47947ba2118b2509644ab7a2969David Howellsextern long keyctl_assume_authority(key_serial_t); 23770a5bb72b55e82fbfbf1e22cae6975fac58a1e2dDavid Howellsextern long keyctl_get_security(key_serial_t keyid, char __user *buffer, 23870a5bb72b55e82fbfbf1e22cae6975fac58a1e2dDavid Howells size_t buflen); 239ee18d64c1f632043a02e6f5ba5e045bb26a5465fDavid Howellsextern long keyctl_session_to_parent(void); 240fdd1b94581782a2ddf9124414e5b7a5f48ce2f9cDavid Howellsextern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t); 241ee009e4a0d4555ed522a631bae9896399674f064David Howellsextern long keyctl_instantiate_key_iov(key_serial_t, 242ee009e4a0d4555ed522a631bae9896399674f064David Howells const struct iovec __user *, 243ee009e4a0d4555ed522a631bae9896399674f064David Howells unsigned, key_serial_t); 244fd75815f727f157a05f4c96b5294a4617c0557daDavid Howellsextern long keyctl_invalidate_key(key_serial_t); 245ee009e4a0d4555ed522a631bae9896399674f064David Howells 246ee009e4a0d4555ed522a631bae9896399674f064David Howellsextern long keyctl_instantiate_key_common(key_serial_t, 247423b9788023263364ea5de04189f02bd9b6a12dbDavid Howells const struct iovec *, 248ee009e4a0d4555ed522a631bae9896399674f064David Howells unsigned, size_t, key_serial_t); 249f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells#ifdef CONFIG_PERSISTENT_KEYRINGS 250f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howellsextern long keyctl_get_persistent(uid_t, key_serial_t); 251f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howellsextern unsigned persistent_keyring_expiry; 252f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells#else 253f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howellsstatic inline long keyctl_get_persistent(uid_t uid, key_serial_t destring) 254f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells{ 255f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells return -EOPNOTSUPP; 256f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells} 257f36f8c75ae2e7d4da34f4c908cebdb4aa42c977eDavid Howells#endif 2581da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2591da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/* 260973c9f4f49ca96a53bcf6384c4c59ccd26c33906David Howells * Debugging key validation 2611da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */ 2621da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#ifdef KEY_DEBUGGING 2631da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern void __key_check(const struct key *); 2641da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2651da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsstatic inline void key_check(const struct key *key) 2661da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds{ 2671da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC)) 2681da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds __key_check(key); 2691da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds} 2701da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2711da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#else 2721da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2731da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#define key_check(key) do {} while(0) 2741da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2751da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#endif 2761da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds 2771da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#endif /* _INTERNAL_H */ 278