diff options
Diffstat (limited to 'include/linux/key.h')
| -rw-r--r-- | include/linux/key.h | 52 |
1 files changed, 37 insertions, 15 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 4dfde1161c5e..80d677483e31 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -22,6 +22,7 @@ | |||
| 22 | #include <linux/sysctl.h> | 22 | #include <linux/sysctl.h> |
| 23 | #include <linux/rwsem.h> | 23 | #include <linux/rwsem.h> |
| 24 | #include <linux/atomic.h> | 24 | #include <linux/atomic.h> |
| 25 | #include <linux/assoc_array.h> | ||
| 25 | 26 | ||
| 26 | #ifdef __KERNEL__ | 27 | #ifdef __KERNEL__ |
| 27 | #include <linux/uidgid.h> | 28 | #include <linux/uidgid.h> |
| @@ -82,6 +83,12 @@ struct key_owner; | |||
| 82 | struct keyring_list; | 83 | struct keyring_list; |
| 83 | struct keyring_name; | 84 | struct keyring_name; |
| 84 | 85 | ||
| 86 | struct keyring_index_key { | ||
| 87 | struct key_type *type; | ||
| 88 | const char *description; | ||
| 89 | size_t desc_len; | ||
| 90 | }; | ||
| 91 | |||
| 85 | /*****************************************************************************/ | 92 | /*****************************************************************************/ |
| 86 | /* | 93 | /* |
| 87 | * key reference with possession attribute handling | 94 | * key reference with possession attribute handling |
| @@ -99,7 +106,7 @@ struct keyring_name; | |||
| 99 | typedef struct __key_reference_with_attributes *key_ref_t; | 106 | typedef struct __key_reference_with_attributes *key_ref_t; |
| 100 | 107 | ||
| 101 | static inline key_ref_t make_key_ref(const struct key *key, | 108 | static inline key_ref_t make_key_ref(const struct key *key, |
| 102 | unsigned long possession) | 109 | bool possession) |
| 103 | { | 110 | { |
| 104 | return (key_ref_t) ((unsigned long) key | possession); | 111 | return (key_ref_t) ((unsigned long) key | possession); |
| 105 | } | 112 | } |
| @@ -109,7 +116,7 @@ static inline struct key *key_ref_to_ptr(const key_ref_t key_ref) | |||
| 109 | return (struct key *) ((unsigned long) key_ref & ~1UL); | 116 | return (struct key *) ((unsigned long) key_ref & ~1UL); |
| 110 | } | 117 | } |
| 111 | 118 | ||
| 112 | static inline unsigned long is_key_possessed(const key_ref_t key_ref) | 119 | static inline bool is_key_possessed(const key_ref_t key_ref) |
| 113 | { | 120 | { |
| 114 | return (unsigned long) key_ref & 1UL; | 121 | return (unsigned long) key_ref & 1UL; |
| 115 | } | 122 | } |
| @@ -129,7 +136,6 @@ struct key { | |||
| 129 | struct list_head graveyard_link; | 136 | struct list_head graveyard_link; |
| 130 | struct rb_node serial_node; | 137 | struct rb_node serial_node; |
| 131 | }; | 138 | }; |
| 132 | struct key_type *type; /* type of key */ | ||
| 133 | struct rw_semaphore sem; /* change vs change sem */ | 139 | struct rw_semaphore sem; /* change vs change sem */ |
| 134 | struct key_user *user; /* owner of this key */ | 140 | struct key_user *user; /* owner of this key */ |
| 135 | void *security; /* security data for this key */ | 141 | void *security; /* security data for this key */ |
| @@ -162,13 +168,21 @@ struct key { | |||
| 162 | #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ | 168 | #define KEY_FLAG_NEGATIVE 5 /* set if key is negative */ |
| 163 | #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ | 169 | #define KEY_FLAG_ROOT_CAN_CLEAR 6 /* set if key can be cleared by root without permission */ |
| 164 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ | 170 | #define KEY_FLAG_INVALIDATED 7 /* set if key has been invalidated */ |
| 171 | #define KEY_FLAG_TRUSTED 8 /* set if key is trusted */ | ||
| 172 | #define KEY_FLAG_TRUSTED_ONLY 9 /* set if keyring only accepts links to trusted keys */ | ||
| 165 | 173 | ||
| 166 | /* the description string | 174 | /* the key type and key description string |
| 167 | * - this is used to match a key against search criteria | 175 | * - the desc is used to match a key against search criteria |
| 168 | * - this should be a printable string | 176 | * - it should be a printable string |
| 169 | * - eg: for krb5 AFS, this might be "afs@REDHAT.COM" | 177 | * - eg: for krb5 AFS, this might be "afs@REDHAT.COM" |
| 170 | */ | 178 | */ |
| 171 | char *description; | 179 | union { |
| 180 | struct keyring_index_key index_key; | ||
| 181 | struct { | ||
| 182 | struct key_type *type; /* type of key */ | ||
| 183 | char *description; | ||
| 184 | }; | ||
| 185 | }; | ||
| 172 | 186 | ||
| 173 | /* type specific data | 187 | /* type specific data |
| 174 | * - this is used by the keyring type to index the name | 188 | * - this is used by the keyring type to index the name |
| @@ -185,11 +199,14 @@ struct key { | |||
| 185 | * whatever | 199 | * whatever |
| 186 | */ | 200 | */ |
| 187 | union { | 201 | union { |
| 188 | unsigned long value; | 202 | union { |
| 189 | void __rcu *rcudata; | 203 | unsigned long value; |
| 190 | void *data; | 204 | void __rcu *rcudata; |
| 191 | struct keyring_list __rcu *subscriptions; | 205 | void *data; |
| 192 | } payload; | 206 | void *data2[2]; |
| 207 | } payload; | ||
| 208 | struct assoc_array keys; | ||
| 209 | }; | ||
| 193 | }; | 210 | }; |
| 194 | 211 | ||
| 195 | extern struct key *key_alloc(struct key_type *type, | 212 | extern struct key *key_alloc(struct key_type *type, |
| @@ -203,18 +220,23 @@ extern struct key *key_alloc(struct key_type *type, | |||
| 203 | #define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ | 220 | #define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */ |
| 204 | #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ | 221 | #define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */ |
| 205 | #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ | 222 | #define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */ |
| 223 | #define KEY_ALLOC_TRUSTED 0x0004 /* Key should be flagged as trusted */ | ||
| 206 | 224 | ||
| 207 | extern void key_revoke(struct key *key); | 225 | extern void key_revoke(struct key *key); |
| 208 | extern void key_invalidate(struct key *key); | 226 | extern void key_invalidate(struct key *key); |
| 209 | extern void key_put(struct key *key); | 227 | extern void key_put(struct key *key); |
| 210 | 228 | ||
| 211 | static inline struct key *key_get(struct key *key) | 229 | static inline struct key *__key_get(struct key *key) |
| 212 | { | 230 | { |
| 213 | if (key) | 231 | atomic_inc(&key->usage); |
| 214 | atomic_inc(&key->usage); | ||
| 215 | return key; | 232 | return key; |
| 216 | } | 233 | } |
| 217 | 234 | ||
| 235 | static inline struct key *key_get(struct key *key) | ||
| 236 | { | ||
| 237 | return key ? __key_get(key) : key; | ||
| 238 | } | ||
| 239 | |||
| 218 | static inline void key_ref_put(key_ref_t key_ref) | 240 | static inline void key_ref_put(key_ref_t key_ref) |
| 219 | { | 241 | { |
| 220 | key_put(key_ref_to_ptr(key_ref)); | 242 | key_put(key_ref_to_ptr(key_ref)); |