aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/key.h
diff options
context:
space:
mode:
Diffstat (limited to 'include/linux/key.h')
-rw-r--r--include/linux/key.h39
1 files changed, 25 insertions, 14 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index e45212f2777e..0c9b93b0d1f7 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -23,6 +23,7 @@
23#include <linux/rwsem.h> 23#include <linux/rwsem.h>
24#include <linux/atomic.h> 24#include <linux/atomic.h>
25#include <linux/assoc_array.h> 25#include <linux/assoc_array.h>
26#include <linux/refcount.h>
26 27
27#ifdef __KERNEL__ 28#ifdef __KERNEL__
28#include <linux/uidgid.h> 29#include <linux/uidgid.h>
@@ -126,6 +127,17 @@ static inline bool is_key_possessed(const key_ref_t key_ref)
126 return (unsigned long) key_ref & 1UL; 127 return (unsigned long) key_ref & 1UL;
127} 128}
128 129
130typedef int (*key_restrict_link_func_t)(struct key *dest_keyring,
131 const struct key_type *type,
132 const union key_payload *payload,
133 struct key *restriction_key);
134
135struct key_restriction {
136 key_restrict_link_func_t check;
137 struct key *key;
138 struct key_type *keytype;
139};
140
129/*****************************************************************************/ 141/*****************************************************************************/
130/* 142/*
131 * authentication token / access credential / keyring 143 * authentication token / access credential / keyring
@@ -135,7 +147,7 @@ static inline bool is_key_possessed(const key_ref_t key_ref)
135 * - Kerberos TGTs and tickets 147 * - Kerberos TGTs and tickets
136 */ 148 */
137struct key { 149struct key {
138 atomic_t usage; /* number of references */ 150 refcount_t usage; /* number of references */
139 key_serial_t serial; /* key serial number */ 151 key_serial_t serial; /* key serial number */
140 union { 152 union {
141 struct list_head graveyard_link; 153 struct list_head graveyard_link;
@@ -205,18 +217,17 @@ struct key {
205 }; 217 };
206 218
207 /* This is set on a keyring to restrict the addition of a link to a key 219 /* This is set on a keyring to restrict the addition of a link to a key
208 * to it. If this method isn't provided then it is assumed that the 220 * to it. If this structure isn't provided then it is assumed that the
209 * keyring is open to any addition. It is ignored for non-keyring 221 * keyring is open to any addition. It is ignored for non-keyring
210 * keys. 222 * keys. Only set this value using keyring_restrict(), keyring_alloc(),
223 * or key_alloc().
211 * 224 *
212 * This is intended for use with rings of trusted keys whereby addition 225 * This is intended for use with rings of trusted keys whereby addition
213 * to the keyring needs to be controlled. KEY_ALLOC_BYPASS_RESTRICTION 226 * to the keyring needs to be controlled. KEY_ALLOC_BYPASS_RESTRICTION
214 * overrides this, allowing the kernel to add extra keys without 227 * overrides this, allowing the kernel to add extra keys without
215 * restriction. 228 * restriction.
216 */ 229 */
217 int (*restrict_link)(struct key *keyring, 230 struct key_restriction *restrict_link;
218 const struct key_type *type,
219 const union key_payload *payload);
220}; 231};
221 232
222extern struct key *key_alloc(struct key_type *type, 233extern struct key *key_alloc(struct key_type *type,
@@ -225,9 +236,7 @@ extern struct key *key_alloc(struct key_type *type,
225 const struct cred *cred, 236 const struct cred *cred,
226 key_perm_t perm, 237 key_perm_t perm,
227 unsigned long flags, 238 unsigned long flags,
228 int (*restrict_link)(struct key *, 239 struct key_restriction *restrict_link);
229 const struct key_type *,
230 const union key_payload *));
231 240
232 241
233#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ 242#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
@@ -242,7 +251,7 @@ extern void key_put(struct key *key);
242 251
243static inline struct key *__key_get(struct key *key) 252static inline struct key *__key_get(struct key *key)
244{ 253{
245 atomic_inc(&key->usage); 254 refcount_inc(&key->usage);
246 return key; 255 return key;
247} 256}
248 257
@@ -303,14 +312,13 @@ extern struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid
303 const struct cred *cred, 312 const struct cred *cred,
304 key_perm_t perm, 313 key_perm_t perm,
305 unsigned long flags, 314 unsigned long flags,
306 int (*restrict_link)(struct key *, 315 struct key_restriction *restrict_link,
307 const struct key_type *,
308 const union key_payload *),
309 struct key *dest); 316 struct key *dest);
310 317
311extern int restrict_link_reject(struct key *keyring, 318extern int restrict_link_reject(struct key *keyring,
312 const struct key_type *type, 319 const struct key_type *type,
313 const union key_payload *payload); 320 const union key_payload *payload,
321 struct key *restriction_key);
314 322
315extern int keyring_clear(struct key *keyring); 323extern int keyring_clear(struct key *keyring);
316 324
@@ -321,6 +329,9 @@ extern key_ref_t keyring_search(key_ref_t keyring,
321extern int keyring_add_key(struct key *keyring, 329extern int keyring_add_key(struct key *keyring,
322 struct key *key); 330 struct key *key);
323 331
332extern int keyring_restrict(key_ref_t keyring, const char *type,
333 const char *restriction);
334
324extern struct key *key_lookup(key_serial_t id); 335extern struct key *key_lookup(key_serial_t id);
325 336
326static inline key_serial_t key_serial(const struct key *key) 337static inline key_serial_t key_serial(const struct key *key)
generated by cgit v1.2.2 (git 2.25.0) at 2025-04-26 05:54:23 -0400