LCOV - code coverage report
Current view: top level - include/linux - key.h (source / functions) Hit Total Coverage
Test: coverage.info Lines: 1 1 100.0 %
Date: 2017-01-25 Functions: 0 0 -

          Line data    Source code
       1             : /* Authentication token and access key management
       2             :  *
       3             :  * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
       4             :  * Written by David Howells (dhowells@redhat.com)
       5             :  *
       6             :  * This program is free software; you can redistribute it and/or
       7             :  * modify it under the terms of the GNU General Public License
       8             :  * as published by the Free Software Foundation; either version
       9             :  * 2 of the License, or (at your option) any later version.
      10             :  *
      11             :  *
      12             :  * See Documentation/keys.txt for information on keys/keyrings.
      13             :  */
      14             : 
      15             : #ifndef _LINUX_KEY_H
      16             : #define _LINUX_KEY_H
      17             : 
      18             : #include <linux/types.h>
      19             : #include <linux/list.h>
      20             : #include <linux/rbtree.h>
      21             : #include <linux/rcupdate.h>
      22             : #include <linux/sysctl.h>
      23             : #include <linux/rwsem.h>
      24             : #include <asm/atomic.h>
      25             : 
      26             : #ifdef __KERNEL__
      27             : 
      28             : /* key handle serial number */
      29             : typedef int32_t key_serial_t;
      30             : 
      31             : /* key handle permissions mask */
      32             : typedef uint32_t key_perm_t;
      33             : 
      34           1 : struct key;
      35             : 
      36             : #ifdef CONFIG_KEYS
      37             : 
      38             : #undef KEY_DEBUGGING
      39             : 
      40             : #define KEY_POS_VIEW    0x01000000      /* possessor can view a key's attributes */
      41             : #define KEY_POS_READ    0x02000000      /* possessor can read key payload / view keyring */
      42             : #define KEY_POS_WRITE   0x04000000      /* possessor can update key payload / add link to keyring */
      43             : #define KEY_POS_SEARCH  0x08000000      /* possessor can find a key in search / search a keyring */
      44             : #define KEY_POS_LINK    0x10000000      /* possessor can create a link to a key/keyring */
      45             : #define KEY_POS_SETATTR 0x20000000      /* possessor can set key attributes */
      46             : #define KEY_POS_ALL     0x3f000000
      47             : 
      48             : #define KEY_USR_VIEW    0x00010000      /* user permissions... */
      49             : #define KEY_USR_READ    0x00020000
      50             : #define KEY_USR_WRITE   0x00040000
      51             : #define KEY_USR_SEARCH  0x00080000
      52             : #define KEY_USR_LINK    0x00100000
      53             : #define KEY_USR_SETATTR 0x00200000
      54             : #define KEY_USR_ALL     0x003f0000
      55             : 
      56             : #define KEY_GRP_VIEW    0x00000100      /* group permissions... */
      57             : #define KEY_GRP_READ    0x00000200
      58             : #define KEY_GRP_WRITE   0x00000400
      59             : #define KEY_GRP_SEARCH  0x00000800
      60             : #define KEY_GRP_LINK    0x00001000
      61             : #define KEY_GRP_SETATTR 0x00002000
      62             : #define KEY_GRP_ALL     0x00003f00
      63             : 
      64             : #define KEY_OTH_VIEW    0x00000001      /* third party permissions... */
      65             : #define KEY_OTH_READ    0x00000002
      66             : #define KEY_OTH_WRITE   0x00000004
      67             : #define KEY_OTH_SEARCH  0x00000008
      68             : #define KEY_OTH_LINK    0x00000010
      69             : #define KEY_OTH_SETATTR 0x00000020
      70             : #define KEY_OTH_ALL     0x0000003f
      71             : 
      72             : #define KEY_PERM_UNDEF  0xffffffff
      73             : 
      74             : struct seq_file;
      75             : struct user_struct;
      76             : struct signal_struct;
      77             : struct cred;
      78             : 
      79             : struct key_type;
      80             : struct key_owner;
      81             : struct keyring_list;
      82             : struct keyring_name;
      83             : 
      84             : /*****************************************************************************/
      85             : /*
      86             :  * key reference with possession attribute handling
      87             :  *
      88             :  * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
      89             :  * defined. This is because we abuse the bottom bit of the reference to carry a
      90             :  * flag to indicate whether the calling process possesses that key in one of
      91             :  * its keyrings.
      92             :  *
      93             :  * the key_ref_t has been made a separate type so that the compiler can reject
      94             :  * attempts to dereference it without proper conversion.
      95             :  *
      96             :  * the three functions are used to assemble and disassemble references
      97             :  */
      98             : typedef struct __key_reference_with_attributes *key_ref_t;
      99             : 
     100             : static inline key_ref_t make_key_ref(const struct key *key,
     101             :                                      unsigned long possession)
     102             : {
     103             :         return (key_ref_t) ((unsigned long) key | possession);
     104             : }
     105             : 
     106             : static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
     107             : {
     108             :         return (struct key *) ((unsigned long) key_ref & ~1UL);
     109             : }
     110             : 
     111             : static inline unsigned long is_key_possessed(const key_ref_t key_ref)
     112             : {
     113             :         return (unsigned long) key_ref & 1UL;
     114             : }
     115             : 
     116             : /*****************************************************************************/
     117             : /*
     118             :  * authentication token / access credential / keyring
     119             :  * - types of key include:
     120             :  *   - keyrings
     121             :  *   - disk encryption IDs
     122             :  *   - Kerberos TGTs and tickets
     123             :  */
     124             : struct key {
     125             :         atomic_t                usage;          /* number of references */
     126             :         key_serial_t            serial;         /* key serial number */
     127             :         struct rb_node          serial_node;
     128             :         struct key_type         *type;          /* type of key */
     129             :         struct rw_semaphore     sem;            /* change vs change sem */
     130             :         struct key_user         *user;          /* owner of this key */
     131             :         void                    *security;      /* security data for this key */
     132             :         union {
     133             :                 time_t          expiry;         /* time at which key expires (or 0) */
     134             :                 time_t          revoked_at;     /* time at which key was revoked */
     135             :         };
     136             :         uid_t                   uid;
     137             :         gid_t                   gid;
     138             :         key_perm_t              perm;           /* access permissions */
     139             :         unsigned short          quotalen;       /* length added to quota */
     140             :         unsigned short          datalen;        /* payload data length
     141             :                                                  * - may not match RCU dereferenced payload
     142             :                                                  * - payload should contain own length
     143             :                                                  */
     144             : 
     145             : #ifdef KEY_DEBUGGING
     146             :         unsigned                magic;
     147             : #define KEY_DEBUG_MAGIC         0x18273645u
     148             : #define KEY_DEBUG_MAGIC_X       0xf8e9dacbu
     149             : #endif
     150             : 
     151             :         unsigned long           flags;          /* status flags (change with bitops) */
     152             : #define KEY_FLAG_INSTANTIATED   0       /* set if key has been instantiated */
     153             : #define KEY_FLAG_DEAD           1       /* set if key type has been deleted */
     154             : #define KEY_FLAG_REVOKED        2       /* set if key had been revoked */
     155             : #define KEY_FLAG_IN_QUOTA       3       /* set if key consumes quota */
     156             : #define KEY_FLAG_USER_CONSTRUCT 4       /* set if key is being constructed in userspace */
     157             : #define KEY_FLAG_NEGATIVE       5       /* set if key is negative */
     158             : 
     159             :         /* the description string
     160             :          * - this is used to match a key against search criteria
     161             :          * - this should be a printable string
     162             :          * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
     163             :          */
     164             :         char                    *description;
     165             : 
     166             :         /* type specific data
     167             :          * - this is used by the keyring type to index the name
     168             :          */
     169             :         union {
     170             :                 struct list_head        link;
     171             :                 unsigned long           x[2];
     172             :                 void                    *p[2];
     173             :         } type_data;
     174             : 
     175             :         /* key data
     176             :          * - this is used to hold the data actually used in cryptography or
     177             :          *   whatever
     178             :          */
     179             :         union {
     180             :                 unsigned long           value;
     181             :                 void                    *data;
     182             :                 struct keyring_list     *subscriptions;
     183             :         } payload;
     184             : };
     185             : 
     186             : extern struct key *key_alloc(struct key_type *type,
     187             :                              const char *desc,
     188             :                              uid_t uid, gid_t gid,
     189             :                              const struct cred *cred,
     190             :                              key_perm_t perm,
     191             :                              unsigned long flags);
     192             : 
     193             : 
     194             : #define KEY_ALLOC_IN_QUOTA      0x0000  /* add to quota, reject if would overrun */
     195             : #define KEY_ALLOC_QUOTA_OVERRUN 0x0001  /* add to quota, permit even if overrun */
     196             : #define KEY_ALLOC_NOT_IN_QUOTA  0x0002  /* not in quota */
     197             : 
     198             : extern void key_revoke(struct key *key);
     199             : extern void key_put(struct key *key);
     200             : 
     201             : static inline struct key *key_get(struct key *key)
     202             : {
     203             :         if (key)
     204             :                 atomic_inc(&key->usage);
     205             :         return key;
     206             : }
     207             : 
     208             : static inline void key_ref_put(key_ref_t key_ref)
     209             : {
     210             :         key_put(key_ref_to_ptr(key_ref));
     211             : }
     212             : 
     213             : extern struct key *request_key(struct key_type *type,
     214             :                                const char *description,
     215             :                                const char *callout_info);
     216             : 
     217             : extern struct key *request_key_with_auxdata(struct key_type *type,
     218             :                                             const char *description,
     219             :                                             const void *callout_info,
     220             :                                             size_t callout_len,
     221             :                                             void *aux);
     222             : 
     223             : extern struct key *request_key_async(struct key_type *type,
     224             :                                      const char *description,
     225             :                                      const void *callout_info,
     226             :                                      size_t callout_len);
     227             : 
     228             : extern struct key *request_key_async_with_auxdata(struct key_type *type,
     229             :                                                   const char *description,
     230             :                                                   const void *callout_info,
     231             :                                                   size_t callout_len,
     232             :                                                   void *aux);
     233             : 
     234             : extern int wait_for_key_construction(struct key *key, bool intr);
     235             : 
     236             : extern int key_validate(struct key *key);
     237             : 
     238             : extern key_ref_t key_create_or_update(key_ref_t keyring,
     239             :                                       const char *type,
     240             :                                       const char *description,
     241             :                                       const void *payload,
     242             :                                       size_t plen,
     243             :                                       key_perm_t perm,
     244             :                                       unsigned long flags);
     245             : 
     246             : extern int key_update(key_ref_t key,
     247             :                       const void *payload,
     248             :                       size_t plen);
     249             : 
     250             : extern int key_link(struct key *keyring,
     251             :                     struct key *key);
     252             : 
     253             : extern int key_unlink(struct key *keyring,
     254             :                       struct key *key);
     255             : 
     256             : extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
     257             :                                  const struct cred *cred,
     258             :                                  unsigned long flags,
     259             :                                  struct key *dest);
     260             : 
     261             : extern int keyring_clear(struct key *keyring);
     262             : 
     263             : extern key_ref_t keyring_search(key_ref_t keyring,
     264             :                                 struct key_type *type,
     265             :                                 const char *description);
     266             : 
     267             : extern int keyring_add_key(struct key *keyring,
     268             :                            struct key *key);
     269             : 
     270             : extern struct key *key_lookup(key_serial_t id);
     271             : 
     272             : static inline key_serial_t key_serial(struct key *key)
     273             : {
     274             :         return key ? key->serial : 0;
     275             : }
     276             : 
     277             : #ifdef CONFIG_SYSCTL
     278             : extern ctl_table key_sysctls[];
     279             : #endif
     280             : 
     281             : extern void key_replace_session_keyring(void);
     282             : 
     283             : /*
     284             :  * the userspace interface
     285             :  */
     286             : extern int install_thread_keyring_to_cred(struct cred *cred);
     287             : extern void key_fsuid_changed(struct task_struct *tsk);
     288             : extern void key_fsgid_changed(struct task_struct *tsk);
     289             : extern void key_init(void);
     290             : 
     291             : #else /* CONFIG_KEYS */
     292             : 
     293             : #define key_validate(k)                 0
     294             : #define key_serial(k)                   0
     295             : #define key_get(k)                      ({ NULL; })
     296             : #define key_revoke(k)                   do { } while(0)
     297             : #define key_put(k)                      do { } while(0)
     298             : #define key_ref_put(k)                  do { } while(0)
     299             : #define make_key_ref(k, p)              NULL
     300             : #define key_ref_to_ptr(k)               NULL
     301             : #define is_key_possessed(k)             0
     302             : #define key_fsuid_changed(t)            do { } while(0)
     303             : #define key_fsgid_changed(t)            do { } while(0)
     304             : #define key_init()                      do { } while(0)
     305             : #define key_replace_session_keyring()   do { } while(0)
     306             : 
     307             : #endif /* CONFIG_KEYS */
     308             : #endif /* __KERNEL__ */
     309             : #endif /* _LINUX_KEY_H */

Generated by: LCOV version 1.10