Merge branch 'security-next-keys' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/security-keys into next-queue

As requested by David.
author: James Morris <james.l.morris@oracle.com> 2012-10-02 23:00:17 -0400
committer: James Morris <james.l.morris@oracle.com> 2012-10-02 23:00:17 -0400
commit: 61d335dd27c67d656f114c091a46cf95cbeeb77c (patch)
tree: 1e96f07fe903f992e1e2095f1a03b61243da59f0 /Documentation
parent: 87b526d349b04c31d7b3a40b434eb3f825d22305 (diff)
parent: 4442d7704c7311d1c42383d365e0b883e0075975 (diff)
1 files changed, 66 insertions, 1 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index aa0dbd74b71b..7b4145d00452 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -412,6 +412,10 @@ The main syscalls are:
     to the keyring. In this case, an error will be generated if the process
     does not have permission to write to the keyring.
+     If the key type supports it, if the description is NULL or an empty
+     string, the key type will try and generate a description from the content
+     of the payload.
     The payload is optional, and the pointer can be NULL if not required by
     the type. The payload is plen in size, and plen can be zero for an empty
     payload.
@@ -990,6 +994,23 @@ payload contents" for more information.
    reference pointer if successful.
+(*) A keyring can be created by:
+        struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
+                                  const struct cred *cred,
+                                  key_perm_t perm,
+                                  unsigned long flags,
+                                  struct key *dest);
+    This creates a keyring with the given attributes and returns it.  If dest
+    is not NULL, the new keyring will be linked into the keyring to which it
+    points.  No permission checks are made upon the destination keyring.
+    Error EDQUOT can be returned if the keyring would overload the quota (pass
+    KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
+    towards the user's quota).  Error ENOMEM can also be returned.
 (*) To check the validity of a key, this function can be called:
        int validate_key(struct key *key);
@@ -1114,12 +1135,53 @@ The structure has a number of fields, some of which are mandatory:
     it should return 0.
- (*) int (*instantiate)(struct key *key, const void *data, size_t datalen);
+ (*) int (*preparse)(struct key_preparsed_payload *prep);
+     This optional method permits the key type to attempt to parse payload
+     before a key is created (add key) or the key semaphore is taken (update or
+     instantiate key).  The structure pointed to by prep looks like:
+        struct key_preparsed_payload {
+                char            *description;
+                void            *type_data[2];
+                void            *payload;
+                const void      *data;
+                size_t          datalen;
+                size_t          quotalen;
+        };
+     Before calling the method, the caller will fill in data and datalen with
+     the payload blob parameters; quotalen will be filled in with the default
+     quota size from the key type and the rest will be cleared.
+     If a description can be proposed from the payload contents, that should be
+     attached as a string to the description field.  This will be used for the
+     key description if the caller of add_key() passes NULL or "".
+     The method can attach anything it likes to type_data[] and payload.  These
+     are merely passed along to the instantiate() or update() operations.
+     The method should return 0 if success ful or a negative error code
+     otherwise.
+     
+ (*) void (*free_preparse)(struct key_preparsed_payload *prep);
+     This method is only required if the preparse() method is provided,
+     otherwise it is unused.  It cleans up anything attached to the
+     description, type_data and payload fields of the key_preparsed_payload
+     struct as filled in by the preparse() method.
+ (*) int (*instantiate)(struct key *key, struct key_preparsed_payload *prep);
     This method is called to attach a payload to a key during construction.
     The payload attached need not bear any relation to the data passed to this
     function.
+     The prep->data and prep->datalen fields will define the original payload
+     blob.  If preparse() was supplied then other fields may be filled in also.
     If the amount of data attached to the key differs from the size in
     keytype->def_datalen, then key_payload_reserve() should be called.
@@ -1135,6 +1197,9 @@ The structure has a number of fields, some of which are mandatory:
     If this type of key can be updated, then this method should be provided.
     It is called to update a key's payload from the blob of data provided.
+     The prep->data and prep->datalen fields will define the original payload
+     blob.  If preparse() was supplied then other fields may be filled in also.
     key_payload_reserve() should be called if the data length might change
     before any changes are actually made. Note that if this succeeds, the type
     is committed to changing the key because it's already been altered, so all
author	James Morris <james.l.morris@oracle.com>	2012-10-02 23:00:17 -0400
committer	James Morris <james.l.morris@oracle.com>	2012-10-02 23:00:17 -0400
commit	61d335dd27c67d656f114c091a46cf95cbeeb77c (patch)
tree	1e96f07fe903f992e1e2095f1a03b61243da59f0 /Documentation
parent	87b526d349b04c31d7b3a40b434eb3f825d22305 (diff)
parent	4442d7704c7311d1c42383d365e0b883e0075975 (diff)

diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt index aa0dbd74b71b..7b4145d00452 100644 --- a/Documentation/security/keys.txt +++ b/Documentation/security/keys.txt
@@ -412,6 +412,10 @@ The main syscalls are:
412	to the keyring. In this case, an error will be generated if the process	412	to the keyring. In this case, an error will be generated if the process
413	does not have permission to write to the keyring.	413	does not have permission to write to the keyring.
414		414
		415	If the key type supports it, if the description is NULL or an empty
		416	string, the key type will try and generate a description from the content
		417	of the payload.
		418
415	The payload is optional, and the pointer can be NULL if not required by	419	The payload is optional, and the pointer can be NULL if not required by
416	the type. The payload is plen in size, and plen can be zero for an empty	420	the type. The payload is plen in size, and plen can be zero for an empty
417	payload.	421	payload.
@@ -990,6 +994,23 @@ payload contents" for more information.
990	reference pointer if successful.	994	reference pointer if successful.
991		995
992		996
		997	(*) A keyring can be created by:
		998
		999	struct key keyring_alloc(const char description, uid_t uid, gid_t gid,
		1000	const struct cred *cred,
		1001	key_perm_t perm,
		1002	unsigned long flags,
		1003	struct key *dest);
		1004
		1005	This creates a keyring with the given attributes and returns it. If dest
		1006	is not NULL, the new keyring will be linked into the keyring to which it
		1007	points. No permission checks are made upon the destination keyring.
		1008
		1009	Error EDQUOT can be returned if the keyring would overload the quota (pass
		1010	KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
		1011	towards the user's quota). Error ENOMEM can also be returned.
		1012
		1013
993	(*) To check the validity of a key, this function can be called:	1014	(*) To check the validity of a key, this function can be called:
994		1015
995	int validate_key(struct key *key);	1016	int validate_key(struct key *key);
@@ -1114,12 +1135,53 @@ The structure has a number of fields, some of which are mandatory:
1114	it should return 0.	1135	it should return 0.
1115		1136
1116		1137
1117	() int (instantiate)(struct key key, const void data, size_t datalen);	1138	() int (preparse)(struct key_preparsed_payload *prep);
		1139
		1140	This optional method permits the key type to attempt to parse payload
		1141	before a key is created (add key) or the key semaphore is taken (update or
		1142	instantiate key). The structure pointed to by prep looks like:
		1143
		1144	struct key_preparsed_payload {
		1145	char *description;
		1146	void *type_data[2];
		1147	void *payload;
		1148	const void *data;
		1149	size_t datalen;
		1150	size_t quotalen;
		1151	};
		1152
		1153	Before calling the method, the caller will fill in data and datalen with
		1154	the payload blob parameters; quotalen will be filled in with the default
		1155	quota size from the key type and the rest will be cleared.
		1156
		1157	If a description can be proposed from the payload contents, that should be
		1158	attached as a string to the description field. This will be used for the
		1159	key description if the caller of add_key() passes NULL or "".
		1160
		1161	The method can attach anything it likes to type_data[] and payload. These
		1162	are merely passed along to the instantiate() or update() operations.
		1163
		1164	The method should return 0 if success ful or a negative error code
		1165	otherwise.
		1166
		1167
		1168	() void (free_preparse)(struct key_preparsed_payload *prep);
		1169
		1170	This method is only required if the preparse() method is provided,
		1171	otherwise it is unused. It cleans up anything attached to the
		1172	description, type_data and payload fields of the key_preparsed_payload
		1173	struct as filled in by the preparse() method.
		1174
		1175
		1176	() int (instantiate)(struct key key, struct key_preparsed_payload prep);
1118		1177
1119	This method is called to attach a payload to a key during construction.	1178	This method is called to attach a payload to a key during construction.
1120	The payload attached need not bear any relation to the data passed to this	1179	The payload attached need not bear any relation to the data passed to this
1121	function.	1180	function.
1122		1181
		1182	The prep->data and prep->datalen fields will define the original payload
		1183	blob. If preparse() was supplied then other fields may be filled in also.
		1184
1123	If the amount of data attached to the key differs from the size in	1185	If the amount of data attached to the key differs from the size in
1124	keytype->def_datalen, then key_payload_reserve() should be called.	1186	keytype->def_datalen, then key_payload_reserve() should be called.
1125		1187
@@ -1135,6 +1197,9 @@ The structure has a number of fields, some of which are mandatory:
1135	If this type of key can be updated, then this method should be provided.	1197	If this type of key can be updated, then this method should be provided.
1136	It is called to update a key's payload from the blob of data provided.	1198	It is called to update a key's payload from the blob of data provided.
1137		1199
		1200	The prep->data and prep->datalen fields will define the original payload
		1201	blob. If preparse() was supplied then other fields may be filled in also.
		1202
1138	key_payload_reserve() should be called if the data length might change	1203	key_payload_reserve() should be called if the data length might change
1139	before any changes are actually made. Note that if this succeeds, the type	1204	before any changes are actually made. Note that if this succeeds, the type
1140	is committed to changing the key because it's already been altered, so all	1205	is committed to changing the key because it's already been altered, so all