diff options
-rw-r--r-- | include/keys/keyring-type.h | 31 | ||||
-rw-r--r-- | include/linux/key-ui.h | 66 | ||||
-rw-r--r-- | security/keys/internal.h | 31 | ||||
-rw-r--r-- | security/keys/keyring.c | 1 | ||||
-rw-r--r-- | security/keys/request_key.c | 2 |
5 files changed, 64 insertions, 67 deletions
diff --git a/include/keys/keyring-type.h b/include/keys/keyring-type.h new file mode 100644 index 000000000000..843f872a4b63 --- /dev/null +++ b/include/keys/keyring-type.h | |||
@@ -0,0 +1,31 @@ | |||
1 | /* Keyring key type | ||
2 | * | ||
3 | * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _KEYS_KEYRING_TYPE_H | ||
13 | #define _KEYS_KEYRING_TYPE_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | #include <linux/rcupdate.h> | ||
17 | |||
18 | /* | ||
19 | * the keyring payload contains a list of the keys to which the keyring is | ||
20 | * subscribed | ||
21 | */ | ||
22 | struct keyring_list { | ||
23 | struct rcu_head rcu; /* RCU deletion hook */ | ||
24 | unsigned short maxkeys; /* max keys this list can hold */ | ||
25 | unsigned short nkeys; /* number of keys currently held */ | ||
26 | unsigned short delkey; /* key to be unlinked by RCU */ | ||
27 | struct key *keys[0]; | ||
28 | }; | ||
29 | |||
30 | |||
31 | #endif /* _KEYS_KEYRING_TYPE_H */ | ||
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h deleted file mode 100644 index e8b8a7a5c496..000000000000 --- a/include/linux/key-ui.h +++ /dev/null | |||
@@ -1,66 +0,0 @@ | |||
1 | /* key-ui.h: key userspace interface stuff | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _LINUX_KEY_UI_H | ||
13 | #define _LINUX_KEY_UI_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | |||
17 | /* the key tree */ | ||
18 | extern struct rb_root key_serial_tree; | ||
19 | extern spinlock_t key_serial_lock; | ||
20 | |||
21 | /* required permissions */ | ||
22 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
23 | #define KEY_READ 0x02 /* require permission to read content */ | ||
24 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
25 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
26 | #define KEY_LINK 0x10 /* require permission to link */ | ||
27 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
28 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
29 | |||
30 | /* | ||
31 | * the keyring payload contains a list of the keys to which the keyring is | ||
32 | * subscribed | ||
33 | */ | ||
34 | struct keyring_list { | ||
35 | struct rcu_head rcu; /* RCU deletion hook */ | ||
36 | unsigned short maxkeys; /* max keys this list can hold */ | ||
37 | unsigned short nkeys; /* number of keys currently held */ | ||
38 | unsigned short delkey; /* key to be unlinked by RCU */ | ||
39 | struct key *keys[0]; | ||
40 | }; | ||
41 | |||
42 | /* | ||
43 | * check to see whether permission is granted to use a key in the desired way | ||
44 | */ | ||
45 | extern int key_task_permission(const key_ref_t key_ref, | ||
46 | struct task_struct *context, | ||
47 | key_perm_t perm); | ||
48 | |||
49 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
50 | { | ||
51 | return key_task_permission(key_ref, current, perm); | ||
52 | } | ||
53 | |||
54 | extern key_ref_t lookup_user_key(struct task_struct *context, | ||
55 | key_serial_t id, int create, int partial, | ||
56 | key_perm_t perm); | ||
57 | |||
58 | extern long join_session_keyring(const char *name); | ||
59 | |||
60 | extern struct key_type *key_type_lookup(const char *type); | ||
61 | extern void key_type_put(struct key_type *ktype); | ||
62 | |||
63 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
64 | |||
65 | |||
66 | #endif /* _LINUX_KEY_UI_H */ | ||
diff --git a/security/keys/internal.h b/security/keys/internal.h index b39f5c2e2c4b..a60c68138b4d 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h | |||
@@ -13,7 +13,6 @@ | |||
13 | #define _INTERNAL_H | 13 | #define _INTERNAL_H |
14 | 14 | ||
15 | #include <linux/key-type.h> | 15 | #include <linux/key-type.h> |
16 | #include <linux/key-ui.h> | ||
17 | 16 | ||
18 | static inline __attribute__((format(printf, 1, 2))) | 17 | static inline __attribute__((format(printf, 1, 2))) |
19 | void no_printk(const char *fmt, ...) | 18 | void no_printk(const char *fmt, ...) |
@@ -82,6 +81,9 @@ extern struct mutex key_construction_mutex; | |||
82 | extern wait_queue_head_t request_key_conswq; | 81 | extern wait_queue_head_t request_key_conswq; |
83 | 82 | ||
84 | 83 | ||
84 | extern struct key_type *key_type_lookup(const char *type); | ||
85 | extern void key_type_put(struct key_type *ktype); | ||
86 | |||
85 | extern int __key_link(struct key *keyring, struct key *key); | 87 | extern int __key_link(struct key *keyring, struct key *key); |
86 | 88 | ||
87 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, | 89 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
@@ -118,6 +120,33 @@ extern struct key *request_key_and_link(struct key_type *type, | |||
118 | struct key *dest_keyring, | 120 | struct key *dest_keyring, |
119 | unsigned long flags); | 121 | unsigned long flags); |
120 | 122 | ||
123 | extern key_ref_t lookup_user_key(struct task_struct *context, | ||
124 | key_serial_t id, int create, int partial, | ||
125 | key_perm_t perm); | ||
126 | |||
127 | extern long join_session_keyring(const char *name); | ||
128 | |||
129 | /* | ||
130 | * check to see whether permission is granted to use a key in the desired way | ||
131 | */ | ||
132 | extern int key_task_permission(const key_ref_t key_ref, | ||
133 | struct task_struct *context, | ||
134 | key_perm_t perm); | ||
135 | |||
136 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) | ||
137 | { | ||
138 | return key_task_permission(key_ref, current, perm); | ||
139 | } | ||
140 | |||
141 | /* required permissions */ | ||
142 | #define KEY_VIEW 0x01 /* require permission to view attributes */ | ||
143 | #define KEY_READ 0x02 /* require permission to read content */ | ||
144 | #define KEY_WRITE 0x04 /* require permission to update / modify */ | ||
145 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ | ||
146 | #define KEY_LINK 0x10 /* require permission to link */ | ||
147 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ | ||
148 | #define KEY_ALL 0x3f /* all the above permissions */ | ||
149 | |||
121 | /* | 150 | /* |
122 | * request_key authorisation | 151 | * request_key authorisation |
123 | */ | 152 | */ |
diff --git a/security/keys/keyring.c b/security/keys/keyring.c index a9ab8affc092..fdf75f901991 100644 --- a/security/keys/keyring.c +++ b/security/keys/keyring.c | |||
@@ -16,6 +16,7 @@ | |||
16 | #include <linux/security.h> | 16 | #include <linux/security.h> |
17 | #include <linux/seq_file.h> | 17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> | 18 | #include <linux/err.h> |
19 | #include <keys/keyring-type.h> | ||
19 | #include <asm/uaccess.h> | 20 | #include <asm/uaccess.h> |
20 | #include "internal.h" | 21 | #include "internal.h" |
21 | 22 | ||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index a8ebc9520cac..91953c814497 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
@@ -19,6 +19,8 @@ | |||
19 | #include <linux/slab.h> | 19 | #include <linux/slab.h> |
20 | #include "internal.h" | 20 | #include "internal.h" |
21 | 21 | ||
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ | ||
23 | |||
22 | /* | 24 | /* |
23 | * wait_on_bit() sleep function for uninterruptible waiting | 25 | * wait_on_bit() sleep function for uninterruptible waiting |
24 | */ | 26 | */ |