aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2007-10-17 02:29:46 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-17 11:42:57 -0400
commit76181c134f87479fa13bf2548ddf2999055d34d4 (patch)
tree34694341c190e7ecdd3111ee48e4b98602ff012f /include/linux
parent398c95bdf2c24d7866692a40ba04425aef238cdd (diff)
KEYS: Make request_key() and co fundamentally asynchronous
Make request_key() and co fundamentally asynchronous to make it easier for NFS to make use of them. There are now accessor functions that do asynchronous constructions, a wait function to wait for construction to complete, and a completion function for the key type to indicate completion of construction. Note that the construction queue is now gone. Instead, keys under construction are linked in to the appropriate keyring in advance, and that anyone encountering one must wait for it to be complete before they can use it. This is done automatically for userspace. The following auxiliary changes are also made: (1) Key type implementation stuff is split from linux/key.h into linux/key-type.h. (2) AF_RXRPC provides a way to allocate null rxrpc-type keys so that AFS does not need to call key_instantiate_and_link() directly. (3) Adjust the debugging macros so that they're -Wformat checked even if they are disabled, and make it so they can be enabled simply by defining __KDEBUG to be consistent with other code of mine. (3) Documentation. [alan@lxorguk.ukuu.org.uk: keys: missing word in documentation] Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Alan Cox <alan@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux')
-rw-r--r--include/linux/key-type.h112
-rw-r--r--include/linux/key.h99
2 files changed, 125 insertions, 86 deletions
diff --git a/include/linux/key-type.h b/include/linux/key-type.h
new file mode 100644
index 000000000000..65833d4d5998
--- /dev/null
+++ b/include/linux/key-type.h
@@ -0,0 +1,112 @@
1/* Definitions for key type implementations
2 *
3 * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
10 */
11
12#ifndef _LINUX_KEY_TYPE_H
13#define _LINUX_KEY_TYPE_H
14
15#include <linux/key.h>
16
17#ifdef CONFIG_KEYS
18
19/*
20 * key under-construction record
21 * - passed to the request_key actor if supplied
22 */
23struct key_construction {
24 struct key *key; /* key being constructed */
25 struct key *authkey;/* authorisation for key being constructed */
26};
27
28typedef int (*request_key_actor_t)(struct key_construction *key,
29 const char *op, void *aux);
30
31/*
32 * kernel managed key type definition
33 */
34struct key_type {
35 /* name of the type */
36 const char *name;
37
38 /* default payload length for quota precalculation (optional)
39 * - this can be used instead of calling key_payload_reserve(), that
40 * function only needs to be called if the real datalen is different
41 */
42 size_t def_datalen;
43
44 /* instantiate a key of this type
45 * - this method should call key_payload_reserve() to determine if the
46 * user's quota will hold the payload
47 */
48 int (*instantiate)(struct key *key, const void *data, size_t datalen);
49
50 /* update a key of this type (optional)
51 * - this method should call key_payload_reserve() to recalculate the
52 * quota consumption
53 * - the key must be locked against read when modifying
54 */
55 int (*update)(struct key *key, const void *data, size_t datalen);
56
57 /* match a key against a description */
58 int (*match)(const struct key *key, const void *desc);
59
60 /* clear some of the data from a key on revokation (optional)
61 * - the key's semaphore will be write-locked by the caller
62 */
63 void (*revoke)(struct key *key);
64
65 /* clear the data from a key (optional) */
66 void (*destroy)(struct key *key);
67
68 /* describe a key */
69 void (*describe)(const struct key *key, struct seq_file *p);
70
71 /* read a key's data (optional)
72 * - permission checks will be done by the caller
73 * - the key's semaphore will be readlocked by the caller
74 * - should return the amount of data that could be read, no matter how
75 * much is copied into the buffer
76 * - shouldn't do the copy if the buffer is NULL
77 */
78 long (*read)(const struct key *key, char __user *buffer, size_t buflen);
79
80 /* handle request_key() for this type instead of invoking
81 * /sbin/request-key (optional)
82 * - key is the key to instantiate
83 * - authkey is the authority to assume when instantiating this key
84 * - op is the operation to be done, usually "create"
85 * - the call must not return until the instantiation process has run
86 * its course
87 */
88 request_key_actor_t request_key;
89
90 /* internal fields */
91 struct list_head link; /* link in types list */
92};
93
94extern struct key_type key_type_keyring;
95
96extern int register_key_type(struct key_type *ktype);
97extern void unregister_key_type(struct key_type *ktype);
98
99extern int key_payload_reserve(struct key *key, size_t datalen);
100extern int key_instantiate_and_link(struct key *key,
101 const void *data,
102 size_t datalen,
103 struct key *keyring,
104 struct key *instkey);
105extern int key_negate_and_link(struct key *key,
106 unsigned timeout,
107 struct key *keyring,
108 struct key *instkey);
109extern void complete_request_key(struct key_construction *cons, int error);
110
111#endif /* CONFIG_KEYS */
112#endif /* _LINUX_KEY_TYPE_H */
diff --git a/include/linux/key.h b/include/linux/key.h
index a9220e75782e..fcdbd5ed227b 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -1,6 +1,6 @@
1/* key.h: authentication token and access key management 1/* Authentication token and access key management
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
5 * 5 *
6 * This program is free software; you can redistribute it and/or 6 * This program is free software; you can redistribute it and/or
@@ -175,78 +175,6 @@ struct key {
175 } payload; 175 } payload;
176}; 176};
177 177
178/*****************************************************************************/
179/*
180 * kernel managed key type definition
181 */
182typedef int (*request_key_actor_t)(struct key *key, struct key *authkey,
183 const char *op, void *aux);
184
185struct key_type {
186 /* name of the type */
187 const char *name;
188
189 /* default payload length for quota precalculation (optional)
190 * - this can be used instead of calling key_payload_reserve(), that
191 * function only needs to be called if the real datalen is different
192 */
193 size_t def_datalen;
194
195 /* instantiate a key of this type
196 * - this method should call key_payload_reserve() to determine if the
197 * user's quota will hold the payload
198 */
199 int (*instantiate)(struct key *key, const void *data, size_t datalen);
200
201 /* update a key of this type (optional)
202 * - this method should call key_payload_reserve() to recalculate the
203 * quota consumption
204 * - the key must be locked against read when modifying
205 */
206 int (*update)(struct key *key, const void *data, size_t datalen);
207
208 /* match a key against a description */
209 int (*match)(const struct key *key, const void *desc);
210
211 /* clear some of the data from a key on revokation (optional)
212 * - the key's semaphore will be write-locked by the caller
213 */
214 void (*revoke)(struct key *key);
215
216 /* clear the data from a key (optional) */
217 void (*destroy)(struct key *key);
218
219 /* describe a key */
220 void (*describe)(const struct key *key, struct seq_file *p);
221
222 /* read a key's data (optional)
223 * - permission checks will be done by the caller
224 * - the key's semaphore will be readlocked by the caller
225 * - should return the amount of data that could be read, no matter how
226 * much is copied into the buffer
227 * - shouldn't do the copy if the buffer is NULL
228 */
229 long (*read)(const struct key *key, char __user *buffer, size_t buflen);
230
231 /* handle request_key() for this type instead of invoking
232 * /sbin/request-key (optional)
233 * - key is the key to instantiate
234 * - authkey is the authority to assume when instantiating this key
235 * - op is the operation to be done, usually "create"
236 * - the call must not return until the instantiation process has run
237 * its course
238 */
239 request_key_actor_t request_key;
240
241 /* internal fields */
242 struct list_head link; /* link in types list */
243};
244
245extern struct key_type key_type_keyring;
246
247extern int register_key_type(struct key_type *ktype);
248extern void unregister_key_type(struct key_type *ktype);
249
250extern struct key *key_alloc(struct key_type *type, 178extern struct key *key_alloc(struct key_type *type,
251 const char *desc, 179 const char *desc,
252 uid_t uid, gid_t gid, 180 uid_t uid, gid_t gid,
@@ -259,16 +187,6 @@ extern struct key *key_alloc(struct key_type *type,
259#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ 187#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
260#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ 188#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
261 189
262extern int key_payload_reserve(struct key *key, size_t datalen);
263extern int key_instantiate_and_link(struct key *key,
264 const void *data,
265 size_t datalen,
266 struct key *keyring,
267 struct key *instkey);
268extern int key_negate_and_link(struct key *key,
269 unsigned timeout,
270 struct key *keyring,
271 struct key *instkey);
272extern void key_revoke(struct key *key); 190extern void key_revoke(struct key *key);
273extern void key_put(struct key *key); 191extern void key_put(struct key *key);
274 192
@@ -293,6 +211,17 @@ extern struct key *request_key_with_auxdata(struct key_type *type,
293 const char *callout_info, 211 const char *callout_info,
294 void *aux); 212 void *aux);
295 213
214extern struct key *request_key_async(struct key_type *type,
215 const char *description,
216 const char *callout_info);
217
218extern struct key *request_key_async_with_auxdata(struct key_type *type,
219 const char *description,
220 const char *callout_info,
221 void *aux);
222
223extern int wait_for_key_construction(struct key *key, bool intr);
224
296extern int key_validate(struct key *key); 225extern int key_validate(struct key *key);
297 226
298extern key_ref_t key_create_or_update(key_ref_t keyring, 227extern key_ref_t key_create_or_update(key_ref_t keyring,
@@ -328,8 +257,6 @@ extern int keyring_add_key(struct key *keyring,
328 257
329extern struct key *key_lookup(key_serial_t id); 258extern struct key *key_lookup(key_serial_t id);
330 259
331extern void keyring_replace_payload(struct key *key, void *replacement);
332
333#define key_serial(key) ((key) ? (key)->serial : 0) 260#define key_serial(key) ((key) ? (key)->serial : 0)
334 261
335/* 262/*