aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/key.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2007-10-17 02:29:46 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-17 11:42:57 -0400
commit76181c134f87479fa13bf2548ddf2999055d34d4 (patch)
tree34694341c190e7ecdd3111ee48e4b98602ff012f /include/linux/key.h
parent398c95bdf2c24d7866692a40ba04425aef238cdd (diff)
KEYS: Make request_key() and co fundamentally asynchronous
Make request_key() and co fundamentally asynchronous to make it easier for NFS to make use of them. There are now accessor functions that do asynchronous constructions, a wait function to wait for construction to complete, and a completion function for the key type to indicate completion of construction. Note that the construction queue is now gone. Instead, keys under construction are linked in to the appropriate keyring in advance, and that anyone encountering one must wait for it to be complete before they can use it. This is done automatically for userspace. The following auxiliary changes are also made: (1) Key type implementation stuff is split from linux/key.h into linux/key-type.h. (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does not need to call key_instantiate_and_link() directly. (3) Adjust the debugging macros so that they're -Wformat checked even if they are disabled, and make it so they can be enabled simply by defining __KDEBUG to be consistent with other code of mine. (3) Documentation. [alan@lxorguk.ukuu.org.uk: keys: missing word in documentation] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r--include/linux/key.h99
1 files changed, 13 insertions, 86 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index a9220e75782e..fcdbd5ed227b 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -1,6 +1,6 @@
1/* key.h: authentication token and access key management 1/* Authentication token and access key management
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -175,78 +175,6 @@ struct key {
175 } payload; 175 } payload;
176}; 176};
177 177
178/*****************************************************************************/
179/*
180 * kernel managed key type definition
181 */
182typedef int (*request_key_actor_t)(struct key *key, struct key *authkey,
183 const char *op, void *aux);
184
185struct key_type {
186 /* name of the type */
187 const char *name;
188
189 /* default payload length for quota precalculation (optional)
190 * - this can be used instead of calling key_payload_reserve(), that
191 * function only needs to be called if the real datalen is different
192 */
193 size_t def_datalen;
194
195 /* instantiate a key of this type
196 * - this method should call key_payload_reserve() to determine if the
197 * user's quota will hold the payload
198 */
199 int (*instantiate)(struct key *key, const void *data, size_t datalen);
200
201 /* update a key of this type (optional)
202 * - this method should call key_payload_reserve() to recalculate the
203 * quota consumption
204 * - the key must be locked against read when modifying
205 */
206 int (*update)(struct key *key, const void *data, size_t datalen);
207
208 /* match a key against a description */
209 int (*match)(const struct key *key, const void *desc);
210
211 /* clear some of the data from a key on revokation (optional)
212 * - the key's semaphore will be write-locked by the caller
213 */
214 void (*revoke)(struct key *key);
215
216 /* clear the data from a key (optional) */
217 void (*destroy)(struct key *key);
218
219 /* describe a key */
220 void (*describe)(const struct key *key, struct seq_file *p);
221
222 /* read a key's data (optional)
223 * - permission checks will be done by the caller
224 * - the key's semaphore will be readlocked by the caller
225 * - should return the amount of data that could be read, no matter how
226 * much is copied into the buffer
227 * - shouldn't do the copy if the buffer is NULL
228 */
229 long (*read)(const struct key *key, char __user *buffer, size_t buflen);
230
231 /* handle request_key() for this type instead of invoking
232 * /sbin/request-key (optional)
233 * - key is the key to instantiate
234 * - authkey is the authority to assume when instantiating this key
235 * - op is the operation to be done, usually "create"
236 * - the call must not return until the instantiation process has run
237 * its course
238 */
239 request_key_actor_t request_key;
240
241 /* internal fields */
242 struct list_head link; /* link in types list */
243};
244
245extern struct key_type key_type_keyring;
246
247extern int register_key_type(struct key_type *ktype);
248extern void unregister_key_type(struct key_type *ktype);
249
250extern struct key *key_alloc(struct key_type *type, 178extern struct key *key_alloc(struct key_type *type,
251 const char *desc, 179 const char *desc,
252 uid_t uid, gid_t gid, 180 uid_t uid, gid_t gid,
@@ -259,16 +187,6 @@ extern struct key *key_alloc(struct key_type *type,
259#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ 187#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
260#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ 188#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
261 189
262extern int key_payload_reserve(struct key *key, size_t datalen);
263extern int key_instantiate_and_link(struct key *key,
264 const void *data,
265 size_t datalen,
266 struct key *keyring,
267 struct key *instkey);
268extern int key_negate_and_link(struct key *key,
269 unsigned timeout,
270 struct key *keyring,
271 struct key *instkey);
272extern void key_revoke(struct key *key); 190extern void key_revoke(struct key *key);
273extern void key_put(struct key *key); 191extern void key_put(struct key *key);
274 192
@@ -293,6 +211,17 @@ extern struct key *request_key_with_auxdata(struct key_type *type,
293 const char *callout_info, 211 const char *callout_info,
294 void *aux); 212 void *aux);
295 213
214extern struct key *request_key_async(struct key_type *type,
215 const char *description,
216 const char *callout_info);
217
218extern struct key *request_key_async_with_auxdata(struct key_type *type,
219 const char *description,
220 const char *callout_info,
221 void *aux);
222
223extern int wait_for_key_construction(struct key *key, bool intr);
224
296extern int key_validate(struct key *key); 225extern int key_validate(struct key *key);
297 226
298extern key_ref_t key_create_or_update(key_ref_t keyring, 227extern key_ref_t key_create_or_update(key_ref_t keyring,
@@ -328,8 +257,6 @@ extern int keyring_add_key(struct key *keyring,
328 257
329extern struct key *key_lookup(key_serial_t id); 258extern struct key *key_lookup(key_serial_t id);
330 259
331extern void keyring_replace_payload(struct key *key, void *replacement);
332
333#define key_serial(key) ((key) ? (key)->serial : 0) 260#define key_serial(key) ((key) ? (key)->serial : 0)
334 261
335/* 262/*