aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/internal.h
diff options
context:
space:
mode:
Diffstat (limited to 'security/keys/internal.h')
-rw-r--r--security/keys/internal.h26
1 files changed, 14 insertions, 12 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 56a133d8f37d..edfa50dbd6f5 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -1,4 +1,4 @@
1/* internal.h: authentication token and access key management internal defs 1/* Authentication token and access key management internal defs
2 * 2 *
3 * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -35,10 +35,12 @@ extern struct key_type key_type_user;
35 35
36/*****************************************************************************/ 36/*****************************************************************************/
37/* 37/*
38 * keep track of keys for a user 38 * Keep track of keys for a user.
39 * - this needs to be separate to user_struct to avoid a refcount-loop 39 *
40 * (user_struct pins some keyrings which pin this struct) 40 * This needs to be separate to user_struct to avoid a refcount-loop
41 * - this also keeps track of keys under request from userspace for this UID 41 * (user_struct pins some keyrings which pin this struct).
42 *
43 * We also keep track of keys under request from userspace for this UID here.
42 */ 44 */
43struct key_user { 45struct key_user {
44 struct rb_node node; 46 struct rb_node node;
@@ -62,7 +64,7 @@ extern struct key_user *key_user_lookup(uid_t uid,
62extern void key_user_put(struct key_user *user); 64extern void key_user_put(struct key_user *user);
63 65
64/* 66/*
65 * key quota limits 67 * Key quota limits.
66 * - root has its own separate limits to everyone else 68 * - root has its own separate limits to everyone else
67 */ 69 */
68extern unsigned key_quota_root_maxkeys; 70extern unsigned key_quota_root_maxkeys;
@@ -146,13 +148,13 @@ extern unsigned key_gc_delay;
146extern void keyring_gc(struct key *keyring, time_t limit); 148extern void keyring_gc(struct key *keyring, time_t limit);
147extern void key_schedule_gc(time_t expiry_at); 149extern void key_schedule_gc(time_t expiry_at);
148 150
149/*
150 * check to see whether permission is granted to use a key in the desired way
151 */
152extern int key_task_permission(const key_ref_t key_ref, 151extern int key_task_permission(const key_ref_t key_ref,
153 const struct cred *cred, 152 const struct cred *cred,
154 key_perm_t perm); 153 key_perm_t perm);
155 154
155/*
156 * Check to see whether permission is granted to use a key in the desired way.
157 */
156static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) 158static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
157{ 159{
158 return key_task_permission(key_ref, current_cred(), perm); 160 return key_task_permission(key_ref, current_cred(), perm);
@@ -168,7 +170,7 @@ static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
168#define KEY_ALL 0x3f /* all the above permissions */ 170#define KEY_ALL 0x3f /* all the above permissions */
169 171
170/* 172/*
171 * request_key authorisation 173 * Authorisation record for request_key().
172 */ 174 */
173struct request_key_auth { 175struct request_key_auth {
174 struct key *target_key; 176 struct key *target_key;
@@ -188,7 +190,7 @@ extern struct key *request_key_auth_new(struct key *target,
188extern struct key *key_get_instantiation_authkey(key_serial_t target_id); 190extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
189 191
190/* 192/*
191 * keyctl functions 193 * keyctl() functions
192 */ 194 */
193extern long keyctl_get_keyring_ID(key_serial_t, int); 195extern long keyctl_get_keyring_ID(key_serial_t, int);
194extern long keyctl_join_session_keyring(const char __user *); 196extern long keyctl_join_session_keyring(const char __user *);
@@ -214,7 +216,7 @@ extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
214extern long keyctl_session_to_parent(void); 216extern long keyctl_session_to_parent(void);
215 217
216/* 218/*
217 * debugging key validation 219 * Debugging key validation
218 */ 220 */
219#ifdef KEY_DEBUGGING 221#ifdef KEY_DEBUGGING
220extern void __key_check(const struct key *); 222extern void __key_check(const struct key *);