diff options
| author | David Howells <dhowells@redhat.com> | 2006-06-29 05:24:28 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-06-29 13:26:20 -0400 |
| commit | 4e54f08543d05e519e601368571cc3787fefae96 (patch) | |
| tree | 0cd9d982e5bb25abcb9251d26c36ff11e7dc81a5 /Documentation/keys.txt | |
| parent | 94583779e6625154e8d7fce33d097ae7d089e9de (diff) | |
[PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller
The proposed NFS key type uses its own method of passing key requests to
userspace (upcalling) rather than invoking /sbin/request-key. This is
because the responsible userspace daemon should already be running and will
be contacted through rpc_pipefs.
This patch permits the NFS filesystem to pass auxiliary data to the upcall
operation (struct key_type::request_key) so that the upcaller can use a
pre-existing communications channel more easily.
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-By: Kevin Coffman <kwc@citi.umich.edu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
| -rw-r--r-- | Documentation/keys.txt | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt index 61c0fad2fe2f..e373f0212843 100644 --- a/Documentation/keys.txt +++ b/Documentation/keys.txt | |||
| @@ -780,6 +780,17 @@ payload contents" for more information. | |||
| 780 | See also Documentation/keys-request-key.txt. | 780 | See also Documentation/keys-request-key.txt. |
| 781 | 781 | ||
| 782 | 782 | ||
| 783 | (*) To search for a key, passing auxiliary data to the upcaller, call: | ||
| 784 | |||
| 785 | struct key *request_key_with_auxdata(const struct key_type *type, | ||
| 786 | const char *description, | ||
| 787 | const char *callout_string, | ||
| 788 | void *aux); | ||
| 789 | |||
| 790 | This is identical to request_key(), except that the auxiliary data is | ||
| 791 | passed to the key_type->request_key() op if it exists. | ||
| 792 | |||
| 793 | |||
| 783 | (*) When it is no longer required, the key should be released using: | 794 | (*) When it is no longer required, the key should be released using: |
| 784 | 795 | ||
| 785 | void key_put(struct key *key); | 796 | void key_put(struct key *key); |
| @@ -1031,6 +1042,24 @@ The structure has a number of fields, some of which are mandatory: | |||
| 1031 | as might happen when the userspace buffer is accessed. | 1042 | as might happen when the userspace buffer is accessed. |
| 1032 | 1043 | ||
| 1033 | 1044 | ||
| 1045 | (*) int (*request_key)(struct key *key, struct key *authkey, const char *op, | ||
| 1046 | void *aux); | ||
| 1047 | |||
| 1048 | This method is optional. If provided, request_key() and | ||
| 1049 | request_key_with_auxdata() will invoke this function rather than | ||
| 1050 | upcalling to /sbin/request-key to operate upon a key of this type. | ||
| 1051 | |||
| 1052 | The aux parameter is as passed to request_key_with_auxdata() or is NULL | ||
| 1053 | otherwise. Also passed are the key to be operated upon, the | ||
| 1054 | authorisation key for this operation and the operation type (currently | ||
| 1055 | only "create"). | ||
| 1056 | |||
| 1057 | This function should return only when the upcall is complete. Upon return | ||
| 1058 | the authorisation key will be revoked, and the target key will be | ||
| 1059 | negatively instantiated if it is still uninstantiated. The error will be | ||
| 1060 | returned to the caller of request_key*(). | ||
| 1061 | |||
| 1062 | |||
| 1034 | ============================ | 1063 | ============================ |
| 1035 | REQUEST-KEY CALLBACK SERVICE | 1064 | REQUEST-KEY CALLBACK SERVICE |
| 1036 | ============================ | 1065 | ============================ |