diff options
Diffstat (limited to 'include/linux/key.h')
-rw-r--r-- | include/linux/key.h | 291 |
1 files changed, 291 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h new file mode 100644 index 000000000000..6aa46d0e812f --- /dev/null +++ b/include/linux/key.h | |||
@@ -0,0 +1,291 @@ | |||
1 | /* key.h: authentication token and access key management | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | * | ||
11 | * | ||
12 | * See Documentation/keys.txt for information on keys/keyrings. | ||
13 | */ | ||
14 | |||
15 | #ifndef _LINUX_KEY_H | ||
16 | #define _LINUX_KEY_H | ||
17 | |||
18 | #include <linux/types.h> | ||
19 | #include <linux/list.h> | ||
20 | #include <linux/rbtree.h> | ||
21 | #include <linux/spinlock.h> | ||
22 | #include <asm/atomic.h> | ||
23 | |||
24 | #ifdef __KERNEL__ | ||
25 | |||
26 | /* key handle serial number */ | ||
27 | typedef int32_t key_serial_t; | ||
28 | |||
29 | /* key handle permissions mask */ | ||
30 | typedef uint32_t key_perm_t; | ||
31 | |||
32 | struct key; | ||
33 | |||
34 | #ifdef CONFIG_KEYS | ||
35 | |||
36 | #undef KEY_DEBUGGING | ||
37 | |||
38 | #define KEY_USR_VIEW 0x00010000 /* user can view a key's attributes */ | ||
39 | #define KEY_USR_READ 0x00020000 /* user can read key payload / view keyring */ | ||
40 | #define KEY_USR_WRITE 0x00040000 /* user can update key payload / add link to keyring */ | ||
41 | #define KEY_USR_SEARCH 0x00080000 /* user can find a key in search / search a keyring */ | ||
42 | #define KEY_USR_LINK 0x00100000 /* user can create a link to a key/keyring */ | ||
43 | #define KEY_USR_ALL 0x001f0000 | ||
44 | |||
45 | #define KEY_GRP_VIEW 0x00000100 /* group permissions... */ | ||
46 | #define KEY_GRP_READ 0x00000200 | ||
47 | #define KEY_GRP_WRITE 0x00000400 | ||
48 | #define KEY_GRP_SEARCH 0x00000800 | ||
49 | #define KEY_GRP_LINK 0x00001000 | ||
50 | #define KEY_GRP_ALL 0x00001f00 | ||
51 | |||
52 | #define KEY_OTH_VIEW 0x00000001 /* third party permissions... */ | ||
53 | #define KEY_OTH_READ 0x00000002 | ||
54 | #define KEY_OTH_WRITE 0x00000004 | ||
55 | #define KEY_OTH_SEARCH 0x00000008 | ||
56 | #define KEY_OTH_LINK 0x00000010 | ||
57 | #define KEY_OTH_ALL 0x0000001f | ||
58 | |||
59 | struct seq_file; | ||
60 | struct user_struct; | ||
61 | struct signal_struct; | ||
62 | |||
63 | struct key_type; | ||
64 | struct key_owner; | ||
65 | struct keyring_list; | ||
66 | struct keyring_name; | ||
67 | |||
68 | /*****************************************************************************/ | ||
69 | /* | ||
70 | * authentication token / access credential / keyring | ||
71 | * - types of key include: | ||
72 | * - keyrings | ||
73 | * - disk encryption IDs | ||
74 | * - Kerberos TGTs and tickets | ||
75 | */ | ||
76 | struct key { | ||
77 | atomic_t usage; /* number of references */ | ||
78 | key_serial_t serial; /* key serial number */ | ||
79 | struct rb_node serial_node; | ||
80 | struct key_type *type; /* type of key */ | ||
81 | rwlock_t lock; /* examination vs change lock */ | ||
82 | struct rw_semaphore sem; /* change vs change sem */ | ||
83 | struct key_user *user; /* owner of this key */ | ||
84 | time_t expiry; /* time at which key expires (or 0) */ | ||
85 | uid_t uid; | ||
86 | gid_t gid; | ||
87 | key_perm_t perm; /* access permissions */ | ||
88 | unsigned short quotalen; /* length added to quota */ | ||
89 | unsigned short datalen; /* payload data length */ | ||
90 | unsigned short flags; /* status flags (change with lock writelocked) */ | ||
91 | #define KEY_FLAG_INSTANTIATED 0x00000001 /* set if key has been instantiated */ | ||
92 | #define KEY_FLAG_DEAD 0x00000002 /* set if key type has been deleted */ | ||
93 | #define KEY_FLAG_REVOKED 0x00000004 /* set if key had been revoked */ | ||
94 | #define KEY_FLAG_IN_QUOTA 0x00000008 /* set if key consumes quota */ | ||
95 | #define KEY_FLAG_USER_CONSTRUCT 0x00000010 /* set if key is being constructed in userspace */ | ||
96 | #define KEY_FLAG_NEGATIVE 0x00000020 /* set if key is negative */ | ||
97 | |||
98 | #ifdef KEY_DEBUGGING | ||
99 | unsigned magic; | ||
100 | #define KEY_DEBUG_MAGIC 0x18273645u | ||
101 | #define KEY_DEBUG_MAGIC_X 0xf8e9dacbu | ||
102 | #endif | ||
103 | |||
104 | /* the description string | ||
105 | * - this is used to match a key against search criteria | ||
106 | * - this should be a printable string | ||
107 | * - eg: for krb5 AFS, this might be "afs@REDHAT.COM" | ||
108 | */ | ||
109 | char *description; | ||
110 | |||
111 | /* type specific data | ||
112 | * - this is used by the keyring type to index the name | ||
113 | */ | ||
114 | union { | ||
115 | struct list_head link; | ||
116 | } type_data; | ||
117 | |||
118 | /* key data | ||
119 | * - this is used to hold the data actually used in cryptography or | ||
120 | * whatever | ||
121 | */ | ||
122 | union { | ||
123 | unsigned long value; | ||
124 | void *data; | ||
125 | struct keyring_list *subscriptions; | ||
126 | } payload; | ||
127 | }; | ||
128 | |||
129 | /*****************************************************************************/ | ||
130 | /* | ||
131 | * kernel managed key type definition | ||
132 | */ | ||
133 | struct key_type { | ||
134 | /* name of the type */ | ||
135 | const char *name; | ||
136 | |||
137 | /* default payload length for quota precalculation (optional) | ||
138 | * - this can be used instead of calling key_payload_reserve(), that | ||
139 | * function only needs to be called if the real datalen is different | ||
140 | */ | ||
141 | size_t def_datalen; | ||
142 | |||
143 | /* instantiate a key of this type | ||
144 | * - this method should call key_payload_reserve() to determine if the | ||
145 | * user's quota will hold the payload | ||
146 | */ | ||
147 | int (*instantiate)(struct key *key, const void *data, size_t datalen); | ||
148 | |||
149 | /* duplicate a key of this type (optional) | ||
150 | * - the source key will be locked against change | ||
151 | * - the new description will be attached | ||
152 | * - the quota will have been adjusted automatically from | ||
153 | * source->quotalen | ||
154 | */ | ||
155 | int (*duplicate)(struct key *key, const struct key *source); | ||
156 | |||
157 | /* update a key of this type (optional) | ||
158 | * - this method should call key_payload_reserve() to recalculate the | ||
159 | * quota consumption | ||
160 | * - the key must be locked against read when modifying | ||
161 | */ | ||
162 | int (*update)(struct key *key, const void *data, size_t datalen); | ||
163 | |||
164 | /* match a key against a description */ | ||
165 | int (*match)(const struct key *key, const void *desc); | ||
166 | |||
167 | /* clear the data from a key (optional) */ | ||
168 | void (*destroy)(struct key *key); | ||
169 | |||
170 | /* describe a key */ | ||
171 | void (*describe)(const struct key *key, struct seq_file *p); | ||
172 | |||
173 | /* read a key's data (optional) | ||
174 | * - permission checks will be done by the caller | ||
175 | * - the key's semaphore will be readlocked by the caller | ||
176 | * - should return the amount of data that could be read, no matter how | ||
177 | * much is copied into the buffer | ||
178 | * - shouldn't do the copy if the buffer is NULL | ||
179 | */ | ||
180 | long (*read)(const struct key *key, char __user *buffer, size_t buflen); | ||
181 | |||
182 | /* internal fields */ | ||
183 | struct list_head link; /* link in types list */ | ||
184 | }; | ||
185 | |||
186 | extern struct key_type key_type_keyring; | ||
187 | |||
188 | extern int register_key_type(struct key_type *ktype); | ||
189 | extern void unregister_key_type(struct key_type *ktype); | ||
190 | |||
191 | extern struct key *key_alloc(struct key_type *type, | ||
192 | const char *desc, | ||
193 | uid_t uid, gid_t gid, key_perm_t perm, | ||
194 | int not_in_quota); | ||
195 | extern int key_payload_reserve(struct key *key, size_t datalen); | ||
196 | extern int key_instantiate_and_link(struct key *key, | ||
197 | const void *data, | ||
198 | size_t datalen, | ||
199 | struct key *keyring); | ||
200 | extern int key_negate_and_link(struct key *key, | ||
201 | unsigned timeout, | ||
202 | struct key *keyring); | ||
203 | extern void key_revoke(struct key *key); | ||
204 | extern void key_put(struct key *key); | ||
205 | |||
206 | static inline struct key *key_get(struct key *key) | ||
207 | { | ||
208 | if (key) | ||
209 | atomic_inc(&key->usage); | ||
210 | return key; | ||
211 | } | ||
212 | |||
213 | extern struct key *request_key(struct key_type *type, | ||
214 | const char *description, | ||
215 | const char *callout_info); | ||
216 | |||
217 | extern int key_validate(struct key *key); | ||
218 | |||
219 | extern struct key *key_create_or_update(struct key *keyring, | ||
220 | const char *type, | ||
221 | const char *description, | ||
222 | const void *payload, | ||
223 | size_t plen, | ||
224 | int not_in_quota); | ||
225 | |||
226 | extern int key_update(struct key *key, | ||
227 | const void *payload, | ||
228 | size_t plen); | ||
229 | |||
230 | extern int key_link(struct key *keyring, | ||
231 | struct key *key); | ||
232 | |||
233 | extern int key_unlink(struct key *keyring, | ||
234 | struct key *key); | ||
235 | |||
236 | extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | ||
237 | int not_in_quota, struct key *dest); | ||
238 | |||
239 | extern int keyring_clear(struct key *keyring); | ||
240 | |||
241 | extern struct key *keyring_search(struct key *keyring, | ||
242 | struct key_type *type, | ||
243 | const char *description); | ||
244 | |||
245 | extern struct key *search_process_keyrings(struct key_type *type, | ||
246 | const char *description); | ||
247 | |||
248 | extern int keyring_add_key(struct key *keyring, | ||
249 | struct key *key); | ||
250 | |||
251 | extern struct key *key_lookup(key_serial_t id); | ||
252 | |||
253 | #define key_serial(key) ((key) ? (key)->serial : 0) | ||
254 | |||
255 | /* | ||
256 | * the userspace interface | ||
257 | */ | ||
258 | extern struct key root_user_keyring, root_session_keyring; | ||
259 | extern int alloc_uid_keyring(struct user_struct *user); | ||
260 | extern void switch_uid_keyring(struct user_struct *new_user); | ||
261 | extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); | ||
262 | extern int copy_thread_group_keys(struct task_struct *tsk); | ||
263 | extern void exit_keys(struct task_struct *tsk); | ||
264 | extern void exit_thread_group_keys(struct signal_struct *tg); | ||
265 | extern int suid_keys(struct task_struct *tsk); | ||
266 | extern int exec_keys(struct task_struct *tsk); | ||
267 | extern void key_fsuid_changed(struct task_struct *tsk); | ||
268 | extern void key_fsgid_changed(struct task_struct *tsk); | ||
269 | extern void key_init(void); | ||
270 | |||
271 | #else /* CONFIG_KEYS */ | ||
272 | |||
273 | #define key_validate(k) 0 | ||
274 | #define key_serial(k) 0 | ||
275 | #define key_get(k) NULL | ||
276 | #define key_put(k) do { } while(0) | ||
277 | #define alloc_uid_keyring(u) 0 | ||
278 | #define switch_uid_keyring(u) do { } while(0) | ||
279 | #define copy_keys(f,t) 0 | ||
280 | #define copy_thread_group_keys(t) 0 | ||
281 | #define exit_keys(t) do { } while(0) | ||
282 | #define exit_thread_group_keys(tg) do { } while(0) | ||
283 | #define suid_keys(t) do { } while(0) | ||
284 | #define exec_keys(t) do { } while(0) | ||
285 | #define key_fsuid_changed(t) do { } while(0) | ||
286 | #define key_fsgid_changed(t) do { } while(0) | ||
287 | #define key_init() do { } while(0) | ||
288 | |||
289 | #endif /* CONFIG_KEYS */ | ||
290 | #endif /* __KERNEL__ */ | ||
291 | #endif /* _LINUX_KEY_H */ | ||