Root/
1 | /* Authentication token and access key management internal defs |
2 | * |
3 | * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #ifndef _INTERNAL_H |
13 | #define _INTERNAL_H |
14 | |
15 | #include <linux/sched.h> |
16 | #include <linux/key-type.h> |
17 | |
18 | #ifdef __KDEBUG |
19 | #define kenter(FMT, ...) \ |
20 | printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
21 | #define kleave(FMT, ...) \ |
22 | printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
23 | #define kdebug(FMT, ...) \ |
24 | printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__) |
25 | #else |
26 | #define kenter(FMT, ...) \ |
27 | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
28 | #define kleave(FMT, ...) \ |
29 | no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
30 | #define kdebug(FMT, ...) \ |
31 | no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) |
32 | #endif |
33 | |
34 | extern struct key_type key_type_user; |
35 | |
36 | /*****************************************************************************/ |
37 | /* |
38 | * Keep track of keys for a user. |
39 | * |
40 | * This needs to be separate to user_struct to avoid a refcount-loop |
41 | * (user_struct pins some keyrings which pin this struct). |
42 | * |
43 | * We also keep track of keys under request from userspace for this UID here. |
44 | */ |
45 | struct key_user { |
46 | struct rb_node node; |
47 | struct mutex cons_lock; /* construction initiation lock */ |
48 | spinlock_t lock; |
49 | atomic_t usage; /* for accessing qnkeys & qnbytes */ |
50 | atomic_t nkeys; /* number of keys */ |
51 | atomic_t nikeys; /* number of instantiated keys */ |
52 | uid_t uid; |
53 | struct user_namespace *user_ns; |
54 | int qnkeys; /* number of keys allocated to this user */ |
55 | int qnbytes; /* number of bytes allocated to this user */ |
56 | }; |
57 | |
58 | extern struct rb_root key_user_tree; |
59 | extern spinlock_t key_user_lock; |
60 | extern struct key_user root_key_user; |
61 | |
62 | extern struct key_user *key_user_lookup(uid_t uid, |
63 | struct user_namespace *user_ns); |
64 | extern void key_user_put(struct key_user *user); |
65 | |
66 | /* |
67 | * Key quota limits. |
68 | * - root has its own separate limits to everyone else |
69 | */ |
70 | extern unsigned key_quota_root_maxkeys; |
71 | extern unsigned key_quota_root_maxbytes; |
72 | extern unsigned key_quota_maxkeys; |
73 | extern unsigned key_quota_maxbytes; |
74 | |
75 | #define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */ |
76 | |
77 | |
78 | extern struct rb_root key_serial_tree; |
79 | extern spinlock_t key_serial_lock; |
80 | extern struct mutex key_construction_mutex; |
81 | extern wait_queue_head_t request_key_conswq; |
82 | |
83 | |
84 | extern struct key_type *key_type_lookup(const char *type); |
85 | extern void key_type_put(struct key_type *ktype); |
86 | |
87 | extern int __key_link_begin(struct key *keyring, |
88 | const struct key_type *type, |
89 | const char *description, |
90 | unsigned long *_prealloc); |
91 | extern int __key_link_check_live_key(struct key *keyring, struct key *key); |
92 | extern void __key_link(struct key *keyring, struct key *key, |
93 | unsigned long *_prealloc); |
94 | extern void __key_link_end(struct key *keyring, |
95 | struct key_type *type, |
96 | unsigned long prealloc); |
97 | |
98 | extern key_ref_t __keyring_search_one(key_ref_t keyring_ref, |
99 | const struct key_type *type, |
100 | const char *description, |
101 | key_perm_t perm); |
102 | |
103 | extern struct key *keyring_search_instkey(struct key *keyring, |
104 | key_serial_t target_id); |
105 | |
106 | typedef int (*key_match_func_t)(const struct key *, const void *); |
107 | |
108 | extern key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
109 | const struct cred *cred, |
110 | struct key_type *type, |
111 | const void *description, |
112 | key_match_func_t match); |
113 | |
114 | extern key_ref_t search_my_process_keyrings(struct key_type *type, |
115 | const void *description, |
116 | key_match_func_t match, |
117 | const struct cred *cred); |
118 | extern key_ref_t search_process_keyrings(struct key_type *type, |
119 | const void *description, |
120 | key_match_func_t match, |
121 | const struct cred *cred); |
122 | |
123 | extern struct key *find_keyring_by_name(const char *name, bool skip_perm_check); |
124 | |
125 | extern int install_user_keyrings(void); |
126 | extern int install_thread_keyring_to_cred(struct cred *); |
127 | extern int install_process_keyring_to_cred(struct cred *); |
128 | extern int install_session_keyring_to_cred(struct cred *, struct key *); |
129 | |
130 | extern struct key *request_key_and_link(struct key_type *type, |
131 | const char *description, |
132 | const void *callout_info, |
133 | size_t callout_len, |
134 | void *aux, |
135 | struct key *dest_keyring, |
136 | unsigned long flags); |
137 | |
138 | extern int lookup_user_key_possessed(const struct key *key, const void *target); |
139 | extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags, |
140 | key_perm_t perm); |
141 | #define KEY_LOOKUP_CREATE 0x01 |
142 | #define KEY_LOOKUP_PARTIAL 0x02 |
143 | #define KEY_LOOKUP_FOR_UNLINK 0x04 |
144 | |
145 | extern long join_session_keyring(const char *name); |
146 | |
147 | extern unsigned key_gc_delay; |
148 | extern void keyring_gc(struct key *keyring, time_t limit); |
149 | extern void key_schedule_gc(time_t expiry_at); |
150 | |
151 | extern int key_task_permission(const key_ref_t key_ref, |
152 | const struct cred *cred, |
153 | key_perm_t perm); |
154 | |
155 | /* |
156 | * Check to see whether permission is granted to use a key in the desired way. |
157 | */ |
158 | static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) |
159 | { |
160 | return key_task_permission(key_ref, current_cred(), perm); |
161 | } |
162 | |
163 | /* required permissions */ |
164 | #define KEY_VIEW 0x01 /* require permission to view attributes */ |
165 | #define KEY_READ 0x02 /* require permission to read content */ |
166 | #define KEY_WRITE 0x04 /* require permission to update / modify */ |
167 | #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ |
168 | #define KEY_LINK 0x10 /* require permission to link */ |
169 | #define KEY_SETATTR 0x20 /* require permission to change attributes */ |
170 | #define KEY_ALL 0x3f /* all the above permissions */ |
171 | |
172 | /* |
173 | * Authorisation record for request_key(). |
174 | */ |
175 | struct request_key_auth { |
176 | struct key *target_key; |
177 | struct key *dest_keyring; |
178 | const struct cred *cred; |
179 | void *callout_info; |
180 | size_t callout_len; |
181 | pid_t pid; |
182 | }; |
183 | |
184 | extern struct key_type key_type_request_key_auth; |
185 | extern struct key *request_key_auth_new(struct key *target, |
186 | const void *callout_info, |
187 | size_t callout_len, |
188 | struct key *dest_keyring); |
189 | |
190 | extern struct key *key_get_instantiation_authkey(key_serial_t target_id); |
191 | |
192 | /* |
193 | * keyctl() functions |
194 | */ |
195 | extern long keyctl_get_keyring_ID(key_serial_t, int); |
196 | extern long keyctl_join_session_keyring(const char __user *); |
197 | extern long keyctl_update_key(key_serial_t, const void __user *, size_t); |
198 | extern long keyctl_revoke_key(key_serial_t); |
199 | extern long keyctl_keyring_clear(key_serial_t); |
200 | extern long keyctl_keyring_link(key_serial_t, key_serial_t); |
201 | extern long keyctl_keyring_unlink(key_serial_t, key_serial_t); |
202 | extern long keyctl_describe_key(key_serial_t, char __user *, size_t); |
203 | extern long keyctl_keyring_search(key_serial_t, const char __user *, |
204 | const char __user *, key_serial_t); |
205 | extern long keyctl_read_key(key_serial_t, char __user *, size_t); |
206 | extern long keyctl_chown_key(key_serial_t, uid_t, gid_t); |
207 | extern long keyctl_setperm_key(key_serial_t, key_perm_t); |
208 | extern long keyctl_instantiate_key(key_serial_t, const void __user *, |
209 | size_t, key_serial_t); |
210 | extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); |
211 | extern long keyctl_set_reqkey_keyring(int); |
212 | extern long keyctl_set_timeout(key_serial_t, unsigned); |
213 | extern long keyctl_assume_authority(key_serial_t); |
214 | extern long keyctl_get_security(key_serial_t keyid, char __user *buffer, |
215 | size_t buflen); |
216 | extern long keyctl_session_to_parent(void); |
217 | |
218 | /* |
219 | * Debugging key validation |
220 | */ |
221 | #ifdef KEY_DEBUGGING |
222 | extern void __key_check(const struct key *); |
223 | |
224 | static inline void key_check(const struct key *key) |
225 | { |
226 | if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC)) |
227 | __key_check(key); |
228 | } |
229 | |
230 | #else |
231 | |
232 | #define key_check(key) do {} while(0) |
233 | |
234 | #endif |
235 | |
236 | #endif /* _INTERNAL_H */ |
237 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9