internal.h revision 0c061b5707ab84ebfe8f18f1c9c3110ae5cd6073 
1/* Authentication token and access key management internal defs
2 *
3 * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#ifndef _INTERNAL_H
13#define _INTERNAL_H
14
15#include <linux/sched.h>
16#include <linux/key-type.h>
17
18#ifdef __KDEBUG
19#define kenter(FMT, ...) \
20	printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
21#define kleave(FMT, ...) \
22	printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
23#define kdebug(FMT, ...) \
24	printk(KERN_DEBUG "   "FMT"\n", ##__VA_ARGS__)
25#else
26#define kenter(FMT, ...) \
27	no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
28#define kleave(FMT, ...) \
29	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
30#define kdebug(FMT, ...) \
31	no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)
32#endif
33
34extern struct key_type key_type_dead;
35extern struct key_type key_type_user;
36
37/*****************************************************************************/
38/*
39 * Keep track of keys for a user.
40 *
41 * This needs to be separate to user_struct to avoid a refcount-loop
42 * (user_struct pins some keyrings which pin this struct).
43 *
44 * We also keep track of keys under request from userspace for this UID here.
45 */
46struct key_user {
47	struct rb_node		node;
48	struct mutex		cons_lock;	/* construction initiation lock */
49	spinlock_t		lock;
50	atomic_t		usage;		/* for accessing qnkeys & qnbytes */
51	atomic_t		nkeys;		/* number of keys */
52	atomic_t		nikeys;		/* number of instantiated keys */
53	uid_t			uid;
54	struct user_namespace	*user_ns;
55	int			qnkeys;		/* number of keys allocated to this user */
56	int			qnbytes;	/* number of bytes allocated to this user */
57};
58
59extern struct rb_root	key_user_tree;
60extern spinlock_t	key_user_lock;
61extern struct key_user	root_key_user;
62
63extern struct key_user *key_user_lookup(uid_t uid,
64					struct user_namespace *user_ns);
65extern void key_user_put(struct key_user *user);
66
67/*
68 * Key quota limits.
69 * - root has its own separate limits to everyone else
70 */
71extern unsigned key_quota_root_maxkeys;
72extern unsigned key_quota_root_maxbytes;
73extern unsigned key_quota_maxkeys;
74extern unsigned key_quota_maxbytes;
75
76#define KEYQUOTA_LINK_BYTES	4		/* a link in a keyring is worth 4 bytes */
77
78
79extern struct kmem_cache *key_jar;
80extern struct rb_root key_serial_tree;
81extern spinlock_t key_serial_lock;
82extern struct mutex key_construction_mutex;
83extern wait_queue_head_t request_key_conswq;
84
85
86extern struct key_type *key_type_lookup(const char *type);
87extern void key_type_put(struct key_type *ktype);
88
89extern int __key_link_begin(struct key *keyring,
90			    const struct key_type *type,
91			    const char *description,
92			    unsigned long *_prealloc);
93extern int __key_link_check_live_key(struct key *keyring, struct key *key);
94extern void __key_link(struct key *keyring, struct key *key,
95		       unsigned long *_prealloc);
96extern void __key_link_end(struct key *keyring,
97			   struct key_type *type,
98			   unsigned long prealloc);
99
100extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
101				      const struct key_type *type,
102				      const char *description,
103				      key_perm_t perm);
104
105extern struct key *keyring_search_instkey(struct key *keyring,
106					  key_serial_t target_id);
107
108typedef int (*key_match_func_t)(const struct key *, const void *);
109
110extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
111				    const struct cred *cred,
112				    struct key_type *type,
113				    const void *description,
114				    key_match_func_t match,
115				    bool no_state_check);
116
117extern key_ref_t search_my_process_keyrings(struct key_type *type,
118					    const void *description,
119					    key_match_func_t match,
120					    bool no_state_check,
121					    const struct cred *cred);
122extern key_ref_t search_process_keyrings(struct key_type *type,
123					 const void *description,
124					 key_match_func_t match,
125					 const struct cred *cred);
126
127extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
128
129extern int install_user_keyrings(void);
130extern int install_thread_keyring_to_cred(struct cred *);
131extern int install_process_keyring_to_cred(struct cred *);
132extern int install_session_keyring_to_cred(struct cred *, struct key *);
133
134extern struct key *request_key_and_link(struct key_type *type,
135					const char *description,
136					const void *callout_info,
137					size_t callout_len,
138					void *aux,
139					struct key *dest_keyring,
140					unsigned long flags);
141
142extern int lookup_user_key_possessed(const struct key *key, const void *target);
143extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
144				 key_perm_t perm);
145#define KEY_LOOKUP_CREATE	0x01
146#define KEY_LOOKUP_PARTIAL	0x02
147#define KEY_LOOKUP_FOR_UNLINK	0x04
148
149extern long join_session_keyring(const char *name);
150
151extern struct work_struct key_gc_work;
152extern unsigned key_gc_delay;
153extern void keyring_gc(struct key *keyring, time_t limit);
154extern void key_schedule_gc(time_t expiry_at);
155extern void key_gc_keytype(struct key_type *ktype);
156
157extern int key_task_permission(const key_ref_t key_ref,
158			       const struct cred *cred,
159			       key_perm_t perm);
160
161/*
162 * Check to see whether permission is granted to use a key in the desired way.
163 */
164static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
165{
166	return key_task_permission(key_ref, current_cred(), perm);
167}
168
169/* required permissions */
170#define	KEY_VIEW	0x01	/* require permission to view attributes */
171#define	KEY_READ	0x02	/* require permission to read content */
172#define	KEY_WRITE	0x04	/* require permission to update / modify */
173#define	KEY_SEARCH	0x08	/* require permission to search (keyring) or find (key) */
174#define	KEY_LINK	0x10	/* require permission to link */
175#define	KEY_SETATTR	0x20	/* require permission to change attributes */
176#define	KEY_ALL		0x3f	/* all the above permissions */
177
178/*
179 * Authorisation record for request_key().
180 */
181struct request_key_auth {
182	struct key		*target_key;
183	struct key		*dest_keyring;
184	const struct cred	*cred;
185	void			*callout_info;
186	size_t			callout_len;
187	pid_t			pid;
188};
189
190extern struct key_type key_type_request_key_auth;
191extern struct key *request_key_auth_new(struct key *target,
192					const void *callout_info,
193					size_t callout_len,
194					struct key *dest_keyring);
195
196extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
197
198/*
199 * keyctl() functions
200 */
201extern long keyctl_get_keyring_ID(key_serial_t, int);
202extern long keyctl_join_session_keyring(const char __user *);
203extern long keyctl_update_key(key_serial_t, const void __user *, size_t);
204extern long keyctl_revoke_key(key_serial_t);
205extern long keyctl_keyring_clear(key_serial_t);
206extern long keyctl_keyring_link(key_serial_t, key_serial_t);
207extern long keyctl_keyring_unlink(key_serial_t, key_serial_t);
208extern long keyctl_describe_key(key_serial_t, char __user *, size_t);
209extern long keyctl_keyring_search(key_serial_t, const char __user *,
210				  const char __user *, key_serial_t);
211extern long keyctl_read_key(key_serial_t, char __user *, size_t);
212extern long keyctl_chown_key(key_serial_t, uid_t, gid_t);
213extern long keyctl_setperm_key(key_serial_t, key_perm_t);
214extern long keyctl_instantiate_key(key_serial_t, const void __user *,
215				   size_t, key_serial_t);
216extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
217extern long keyctl_set_reqkey_keyring(int);
218extern long keyctl_set_timeout(key_serial_t, unsigned);
219extern long keyctl_assume_authority(key_serial_t);
220extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
221				size_t buflen);
222extern long keyctl_session_to_parent(void);
223extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t);
224extern long keyctl_instantiate_key_iov(key_serial_t,
225				       const struct iovec __user *,
226				       unsigned, key_serial_t);
227
228extern long keyctl_instantiate_key_common(key_serial_t,
229					  const struct iovec __user *,
230					  unsigned, size_t, key_serial_t);
231
232/*
233 * Debugging key validation
234 */
235#ifdef KEY_DEBUGGING
236extern void __key_check(const struct key *);
237
238static inline void key_check(const struct key *key)
239{
240	if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC))
241		__key_check(key);
242}
243
244#else
245
246#define key_check(key) do {} while(0)
247
248#endif
249
250#endif /* _INTERNAL_H */
251