1 files changed, 47 insertions, 27 deletions
diff --git a/security/keys/internal.h b/security/keys/internal.h
index d4f1468b9b50..80b2aac4f50c 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -89,42 +89,53 @@ extern struct key_type *key_type_lookup(const char *type);
 extern void key_type_put(struct key_type *ktype);
 extern int __key_link_begin(struct key *keyring,
-                            const struct key_type *type,
+                            const struct keyring_index_key *index_key,
-                            const char *description,
+                            struct assoc_array_edit **_edit);
-                            unsigned long *_prealloc);
 extern int __key_link_check_live_key(struct key *keyring, struct key *key);
-extern void __key_link(struct key *keyring, struct key *key,
+extern void __key_link(struct key *key, struct assoc_array_edit **_edit);
-                       unsigned long *_prealloc);
 extern void __key_link_end(struct key *keyring,
-                           struct key_type *type,
+                           const struct keyring_index_key *index_key,
-                           unsigned long prealloc);
+                           struct assoc_array_edit *edit);
-extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,
+extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
-                                      const struct key_type *type,
+                                    const struct keyring_index_key *index_key);
-                                      const char *description,
-                                      key_perm_t perm);
 extern struct key *keyring_search_instkey(struct key *keyring,
                                          key_serial_t target_id);
+extern int iterate_over_keyring(const struct key *keyring,
+                                int (*func)(const struct key *key, void *data),
+                                void *data);
 typedef int (*key_match_func_t)(const struct key *, const void *);
+struct keyring_search_context {
+        struct keyring_index_key index_key;
+        const struct cred       *cred;
+        key_match_func_t        match;
+        const void              *match_data;
+        unsigned                flags;
+#define KEYRING_SEARCH_LOOKUP_TYPE      0x0001  /* [as type->def_lookup_type] */
+#define KEYRING_SEARCH_NO_STATE_CHECK   0x0002  /* Skip state checks */
+#define KEYRING_SEARCH_DO_STATE_CHECK   0x0004  /* Override NO_STATE_CHECK */
+#define KEYRING_SEARCH_NO_UPDATE_TIME   0x0008  /* Don't update times */
+#define KEYRING_SEARCH_NO_CHECK_PERM    0x0010  /* Don't check permissions */
+#define KEYRING_SEARCH_DETECT_TOO_DEEP  0x0020  /* Give an error on excessive depth */
+        int (*iterator)(const void *object, void *iterator_data);
+        /* Internal stuff */
+        int                     skipped_ret;
+        bool                    possessed;
+        key_ref_t               result;
+        struct timespec         now;
+};
 extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
-                                    const struct cred *cred,
+                                    struct keyring_search_context *ctx);
-                                    struct key_type *type,
-                                    const void *description,
+extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
-                                    key_match_func_t match,
+extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
-                                    bool no_state_check);
-extern key_ref_t search_my_process_keyrings(struct key_type *type,
-                                            const void *description,
-                                            key_match_func_t match,
-                                            bool no_state_check,
-                                            const struct cred *cred);
-extern key_ref_t search_process_keyrings(struct key_type *type,
-                                         const void *description,
-                                         key_match_func_t match,
-                                         const struct cred *cred);
 extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check);
@@ -202,7 +213,7 @@ extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
 /*
 * Determine whether a key is dead.
 */
-static inline bool key_is_dead(struct key *key, time_t limit)
+static inline bool key_is_dead(const struct key *key, time_t limit)
 {
        return
                key->flags & ((1 << KEY_FLAG_DEAD) |
@@ -244,6 +255,15 @@ extern long keyctl_invalidate_key(key_serial_t);
 extern long keyctl_instantiate_key_common(key_serial_t,
                                          const struct iovec *,
                                          unsigned, size_t, key_serial_t);
+#ifdef CONFIG_PERSISTENT_KEYRINGS
+extern long keyctl_get_persistent(uid_t, key_serial_t);
+extern unsigned persistent_keyring_expiry;
+#else
+static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
+{
+        return -EOPNOTSUPP;
+}
+#endif
 /*
 * Debugging key validation

diff --git a/security/keys/internal.h b/security/keys/internal.h index d4f1468b9b50..80b2aac4f50c 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h
@@ -89,42 +89,53 @@ extern struct key_type key_type_lookup(const char type);
89	extern void key_type_put(struct key_type *ktype);	89	extern void key_type_put(struct key_type *ktype);
90		90
91	extern int __key_link_begin(struct key *keyring,	91	extern int __key_link_begin(struct key *keyring,
92	const struct key_type *type,	92	const struct keyring_index_key *index_key,
93	const char *description,	93	struct assoc_array_edit **_edit);
94	unsigned long *_prealloc);
95	extern int __key_link_check_live_key(struct key keyring, struct key key);	94	extern int __key_link_check_live_key(struct key keyring, struct key key);
96	extern void __key_link(struct key keyring, struct key key,	95	extern void __key_link(struct key key, struct assoc_array_edit *_edit);
97	unsigned long *_prealloc);
98	extern void __key_link_end(struct key *keyring,	96	extern void __key_link_end(struct key *keyring,
99	struct key_type *type,	97	const struct keyring_index_key *index_key,
100	unsigned long prealloc);	98	struct assoc_array_edit *edit);
101		99
102	extern key_ref_t __keyring_search_one(key_ref_t keyring_ref,	100	extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
103	const struct key_type *type,	101	const struct keyring_index_key *index_key);
104	const char *description,
105	key_perm_t perm);
106		102
107	extern struct key keyring_search_instkey(struct key keyring,	103	extern struct key keyring_search_instkey(struct key keyring,
108	key_serial_t target_id);	104	key_serial_t target_id);
109		105
		106	extern int iterate_over_keyring(const struct key *keyring,
		107	int (func)(const struct key key, void *data),
		108	void *data);
		109
110	typedef int (key_match_func_t)(const struct key , const void *);	110	typedef int (key_match_func_t)(const struct key , const void *);
111		111
		112	struct keyring_search_context {
		113	struct keyring_index_key index_key;
		114	const struct cred *cred;
		115	key_match_func_t match;
		116	const void *match_data;
		117	unsigned flags;
		118	#define KEYRING_SEARCH_LOOKUP_TYPE 0x0001 /* [as type->def_lookup_type] */
		119	#define KEYRING_SEARCH_NO_STATE_CHECK 0x0002 /* Skip state checks */
		120	#define KEYRING_SEARCH_DO_STATE_CHECK 0x0004 /* Override NO_STATE_CHECK */
		121	#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0008 /* Don't update times */
		122	#define KEYRING_SEARCH_NO_CHECK_PERM 0x0010 /* Don't check permissions */
		123	#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0020 /* Give an error on excessive depth */
		124
		125	int (iterator)(const void object, void *iterator_data);
		126
		127	/* Internal stuff */
		128	int skipped_ret;
		129	bool possessed;
		130	key_ref_t result;
		131	struct timespec now;
		132	};
		133
112	extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,	134	extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
113	const struct cred *cred,	135	struct keyring_search_context *ctx);
114	struct key_type *type,	136
115	const void *description,	137	extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
116	key_match_func_t match,	138	extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
117	bool no_state_check);
118
119	extern key_ref_t search_my_process_keyrings(struct key_type *type,
120	const void *description,
121	key_match_func_t match,
122	bool no_state_check,
123	const struct cred *cred);
124	extern key_ref_t search_process_keyrings(struct key_type *type,
125	const void *description,
126	key_match_func_t match,
127	const struct cred *cred);
128		139
129	extern struct key find_keyring_by_name(const char name, bool skip_perm_check);	140	extern struct key find_keyring_by_name(const char name, bool skip_perm_check);
130		141
@@ -202,7 +213,7 @@ extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
202	/*	213	/*
203	* Determine whether a key is dead.	214	* Determine whether a key is dead.
204	*/	215	*/
205	static inline bool key_is_dead(struct key *key, time_t limit)	216	static inline bool key_is_dead(const struct key *key, time_t limit)
206	{	217	{
207	return	218	return
208	key->flags & ((1 << KEY_FLAG_DEAD) \|	219	key->flags & ((1 << KEY_FLAG_DEAD) \|
@@ -244,6 +255,15 @@ extern long keyctl_invalidate_key(key_serial_t);
244	extern long keyctl_instantiate_key_common(key_serial_t,	255	extern long keyctl_instantiate_key_common(key_serial_t,
245	const struct iovec *,	256	const struct iovec *,
246	unsigned, size_t, key_serial_t);	257	unsigned, size_t, key_serial_t);
		258	#ifdef CONFIG_PERSISTENT_KEYRINGS
		259	extern long keyctl_get_persistent(uid_t, key_serial_t);
		260	extern unsigned persistent_keyring_expiry;
		261	#else
		262	static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
		263	{
		264	return -EOPNOTSUPP;
		265	}
		266	#endif
247		267
248	/*	268	/*
249	* Debugging key validation	269	* Debugging key validation