internal.h revision e9e349b051d98799b743ebf248cc2d986fedf090 
11da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/* internal.h: authentication token and access key management internal defs
21da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds *
376181c134f87479fa13bf2548ddf2999055d34d4David Howells * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
41da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * Written by David Howells (dhowells@redhat.com)
51da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds *
61da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * This program is free software; you can redistribute it and/or
71da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * modify it under the terms of the GNU General Public License
81da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * as published by the Free Software Foundation; either version
91da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * 2 of the License, or (at your option) any later version.
101da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */
111da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
121da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#ifndef _INTERNAL_H
131da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#define _INTERNAL_H
141da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1576181c134f87479fa13bf2548ddf2999055d34d4David Howells#include <linux/key-type.h>
161da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1776181c134f87479fa13bf2548ddf2999055d34d4David Howellsstatic inline __attribute__((format(printf, 1, 2)))
1876181c134f87479fa13bf2548ddf2999055d34d4David Howellsvoid no_printk(const char *fmt, ...)
1976181c134f87479fa13bf2548ddf2999055d34d4David Howells{
2076181c134f87479fa13bf2548ddf2999055d34d4David Howells}
2176181c134f87479fa13bf2548ddf2999055d34d4David Howells
2276181c134f87479fa13bf2548ddf2999055d34d4David Howells#ifdef __KDEBUG
2376181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kenter(FMT, ...) \
24dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison	printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
2576181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kleave(FMT, ...) \
26dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison	printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
2776181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kdebug(FMT, ...) \
2876181c134f87479fa13bf2548ddf2999055d34d4David Howells	printk(KERN_DEBUG "xxx" FMT"yyy\n", ##__VA_ARGS__)
293e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells#else
3076181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kenter(FMT, ...) \
31dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison	no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
3276181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kleave(FMT, ...) \
33dd6f953adb5c4deb9cd7b6a5054e7d5eafe4ed71Harvey Harrison	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
3476181c134f87479fa13bf2548ddf2999055d34d4David Howells#define kdebug(FMT, ...) \
3576181c134f87479fa13bf2548ddf2999055d34d4David Howells	no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)
363e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells#endif
373e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
381da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct key_type key_type_user;
391da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
401da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/*****************************************************************************/
411da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/*
421da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * keep track of keys for a user
431da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * - this needs to be separate to user_struct to avoid a refcount-loop
441da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds *   (user_struct pins some keyrings which pin this struct)
451da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * - this also keeps track of keys under request from userspace for this UID
461da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */
471da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsstruct key_user {
481da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	struct rb_node		node;
4976181c134f87479fa13bf2548ddf2999055d34d4David Howells	struct mutex		cons_lock;	/* construction initiation lock */
501da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	spinlock_t		lock;
511da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	atomic_t		usage;		/* for accessing qnkeys & qnbytes */
521da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	atomic_t		nkeys;		/* number of keys */
531da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	atomic_t		nikeys;		/* number of instantiated keys */
541da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	uid_t			uid;
551da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	int			qnkeys;		/* number of keys allocated to this user */
561da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	int			qnbytes;	/* number of bytes allocated to this user */
571da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds};
581da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
591da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct rb_root	key_user_tree;
601da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern spinlock_t	key_user_lock;
611da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct key_user	root_key_user;
621da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
631da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct key_user *key_user_lookup(uid_t uid);
641da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern void key_user_put(struct key_user *user);
651da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
660b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells/*
670b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells * key quota limits
680b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells * - root has its own separate limits to everyone else
690b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells */
700b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_root_maxkeys;
710b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_root_maxbytes;
720b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_maxkeys;
730b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howellsextern unsigned key_quota_maxbytes;
740b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells
750b77f5bfb45c13e1e5142374f9d6ca75292252a4David Howells#define KEYQUOTA_LINK_BYTES	4		/* a link in a keyring is worth 4 bytes */
761da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
771da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
781da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern struct rb_root key_serial_tree;
791da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern spinlock_t key_serial_lock;
8076181c134f87479fa13bf2548ddf2999055d34d4David Howellsextern struct mutex key_construction_mutex;
811da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern wait_queue_head_t request_key_conswq;
821da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
831da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
84e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern struct key_type *key_type_lookup(const char *type);
85e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern void key_type_put(struct key_type *ktype);
86e9e349b051d98799b743ebf248cc2d986fedf090David Howells
871da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern int __key_link(struct key *keyring, struct key *key);
881da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
89664cceb0093b755739e56572b836a99104ee8a75David Howellsextern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
90664cceb0093b755739e56572b836a99104ee8a75David Howells				      const struct key_type *type,
91664cceb0093b755739e56572b836a99104ee8a75David Howells				      const char *description,
92664cceb0093b755739e56572b836a99104ee8a75David Howells				      key_perm_t perm);
931da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
943e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *keyring_search_instkey(struct key *keyring,
953e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells					  key_serial_t target_id);
963e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
971da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldstypedef int (*key_match_func_t)(const struct key *, const void *);
981da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
99664cceb0093b755739e56572b836a99104ee8a75David Howellsextern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
100664cceb0093b755739e56572b836a99104ee8a75David Howells				    struct task_struct *tsk,
101664cceb0093b755739e56572b836a99104ee8a75David Howells				    struct key_type *type,
102664cceb0093b755739e56572b836a99104ee8a75David Howells				    const void *description,
103664cceb0093b755739e56572b836a99104ee8a75David Howells				    key_match_func_t match);
1041da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
105664cceb0093b755739e56572b836a99104ee8a75David Howellsextern key_ref_t search_process_keyrings(struct key_type *type,
106664cceb0093b755739e56572b836a99104ee8a75David Howells					 const void *description,
107664cceb0093b755739e56572b836a99104ee8a75David Howells					 key_match_func_t match,
108664cceb0093b755739e56572b836a99104ee8a75David Howells					 struct task_struct *tsk);
1091da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
11069664cf16af4f31cd54d77948a4baf9c7e0ca7b9David Howellsextern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
1111da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1121da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern int install_thread_keyring(struct task_struct *tsk);
1133e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern int install_process_keyring(struct task_struct *tsk);
1143e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
1153e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *request_key_and_link(struct key_type *type,
1163e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells					const char *description,
1174a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells					const void *callout_info,
1184a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells					size_t callout_len,
1194e54f08543d05e519e601368571cc3787fefae96David Howells					void *aux,
1207e047ef5fe2d52e83020e856b1bf2556a6a2ce98David Howells					struct key *dest_keyring,
1217e047ef5fe2d52e83020e856b1bf2556a6a2ce98David Howells					unsigned long flags);
1223e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
123e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern key_ref_t lookup_user_key(struct task_struct *context,
124e9e349b051d98799b743ebf248cc2d986fedf090David Howells				 key_serial_t id, int create, int partial,
125e9e349b051d98799b743ebf248cc2d986fedf090David Howells				 key_perm_t perm);
126e9e349b051d98799b743ebf248cc2d986fedf090David Howells
127e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern long join_session_keyring(const char *name);
128e9e349b051d98799b743ebf248cc2d986fedf090David Howells
129e9e349b051d98799b743ebf248cc2d986fedf090David Howells/*
130e9e349b051d98799b743ebf248cc2d986fedf090David Howells * check to see whether permission is granted to use a key in the desired way
131e9e349b051d98799b743ebf248cc2d986fedf090David Howells */
132e9e349b051d98799b743ebf248cc2d986fedf090David Howellsextern int key_task_permission(const key_ref_t key_ref,
133e9e349b051d98799b743ebf248cc2d986fedf090David Howells			       struct task_struct *context,
134e9e349b051d98799b743ebf248cc2d986fedf090David Howells			       key_perm_t perm);
135e9e349b051d98799b743ebf248cc2d986fedf090David Howells
136e9e349b051d98799b743ebf248cc2d986fedf090David Howellsstatic inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
137e9e349b051d98799b743ebf248cc2d986fedf090David Howells{
138e9e349b051d98799b743ebf248cc2d986fedf090David Howells	return key_task_permission(key_ref, current, perm);
139e9e349b051d98799b743ebf248cc2d986fedf090David Howells}
140e9e349b051d98799b743ebf248cc2d986fedf090David Howells
141e9e349b051d98799b743ebf248cc2d986fedf090David Howells/* required permissions */
142e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_VIEW	0x01	/* require permission to view attributes */
143e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_READ	0x02	/* require permission to read content */
144e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_WRITE	0x04	/* require permission to update / modify */
145e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_SEARCH	0x08	/* require permission to search (keyring) or find (key) */
146e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_LINK	0x10	/* require permission to link */
147e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_SETATTR	0x20	/* require permission to change attributes */
148e9e349b051d98799b743ebf248cc2d986fedf090David Howells#define	KEY_ALL		0x3f	/* all the above permissions */
149e9e349b051d98799b743ebf248cc2d986fedf090David Howells
1503e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells/*
1513e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells * request_key authorisation
1523e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells */
1533e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsstruct request_key_auth {
1543e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells	struct key		*target_key;
1553e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells	struct task_struct	*context;
1564a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells	void			*callout_info;
1574a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells	size_t			callout_len;
1583e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells	pid_t			pid;
1593e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells};
1603e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
1613e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key_type key_type_request_key_auth;
1623e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *request_key_auth_new(struct key *target,
1634a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells					const void *callout_info,
1644a38e122e2cc6294779021ff4ccc784a3997059eDavid Howells					size_t callout_len);
1653e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howells
1663e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern struct key *key_get_instantiation_authkey(key_serial_t target_id);
1671da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1681da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/*
1691da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * keyctl functions
1701da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */
1711da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_get_keyring_ID(key_serial_t, int);
1721da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_join_session_keyring(const char __user *);
1731da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_update_key(key_serial_t, const void __user *, size_t);
1741da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_revoke_key(key_serial_t);
1751da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_clear(key_serial_t);
1761da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_link(key_serial_t, key_serial_t);
1771da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_unlink(key_serial_t, key_serial_t);
1781da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_describe_key(key_serial_t, char __user *, size_t);
1791da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_keyring_search(key_serial_t, const char __user *,
1801da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds				  const char __user *, key_serial_t);
1811da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_read_key(key_serial_t, char __user *, size_t);
1821da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_chown_key(key_serial_t, uid_t, gid_t);
1831da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_setperm_key(key_serial_t, key_perm_t);
1841da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_instantiate_key(key_serial_t, const void __user *,
1851da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds				   size_t, key_serial_t);
1861da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
1873e30148c3d524a9c1c63ca28261bc24c457eb07aDavid Howellsextern long keyctl_set_reqkey_keyring(int);
188017679c4d45783158dba1dd6f79e712c22bb3d9aDavid Howellsextern long keyctl_set_timeout(key_serial_t, unsigned);
189b5f545c880a2a47947ba2118b2509644ab7a2969David Howellsextern long keyctl_assume_authority(key_serial_t);
19070a5bb72b55e82fbfbf1e22cae6975fac58a1e2dDavid Howellsextern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
19170a5bb72b55e82fbfbf1e22cae6975fac58a1e2dDavid Howells				size_t buflen);
1921da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1931da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds/*
1941da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds * debugging key validation
1951da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds */
1961da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#ifdef KEY_DEBUGGING
1971da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsextern void __key_check(const struct key *);
1981da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
1991da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvaldsstatic inline void key_check(const struct key *key)
2001da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds{
2011da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds	if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC))
2021da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds		__key_check(key);
2031da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds}
2041da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
2051da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#else
2061da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
2071da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#define key_check(key) do {} while(0)
2081da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
2091da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#endif
2101da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds
2111da177e4c3f41524e886b7f1b8a0c1fc7321cacLinus Torvalds#endif /* _INTERNAL_H */
212