Blame view
security/keys/internal.h
12.2 KB
2874c5fd2 treewide: Replace... |
1 |
/* SPDX-License-Identifier: GPL-2.0-or-later */ |
973c9f4f4 KEYS: Fix up comm... |
2 |
/* Authentication token and access key management internal defs |
1da177e4c Linux-2.6.12-rc2 |
3 |
* |
76181c134 KEYS: Make reques... |
4 |
* Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. |
1da177e4c Linux-2.6.12-rc2 |
5 |
* Written by David Howells (dhowells@redhat.com) |
1da177e4c Linux-2.6.12-rc2 |
6 7 8 9 |
*/ #ifndef _INTERNAL_H #define _INTERNAL_H |
d84f4f992 CRED: Inaugurate ... |
10 |
#include <linux/sched.h> |
5dd43ce2f sched/wait: Split... |
11 |
#include <linux/wait_bit.h> |
5b825c3af sched/headers: Pr... |
12 |
#include <linux/cred.h> |
76181c134 KEYS: Make reques... |
13 |
#include <linux/key-type.h> |
413cd3d9a keys: change keyc... |
14 |
#include <linux/task_work.h> |
ddbb41148 KEYS: Add KEYCTL_... |
15 |
#include <linux/keyctl.h> |
ddb99e118 security, keys: c... |
16 |
#include <linux/refcount.h> |
f7e47677e watch_queue: Add ... |
17 |
#include <linux/watch_queue.h> |
f1c316a3a KEYS: add SP800-5... |
18 |
#include <linux/compat.h> |
4f0882491 KEYS: Avoid false... |
19 20 |
#include <linux/mm.h> #include <linux/vmalloc.h> |
1da177e4c Linux-2.6.12-rc2 |
21 |
|
a27bb332c aio: don't includ... |
22 |
struct iovec; |
76181c134 KEYS: Make reques... |
23 24 |
#ifdef __KDEBUG #define kenter(FMT, ...) \ |
dd6f953ad security: replace... |
25 26 |
printk(KERN_DEBUG "==> %s("FMT") ", __func__, ##__VA_ARGS__) |
76181c134 KEYS: Make reques... |
27 |
#define kleave(FMT, ...) \ |
dd6f953ad security: replace... |
28 29 |
printk(KERN_DEBUG "<== %s()"FMT" ", __func__, ##__VA_ARGS__) |
76181c134 KEYS: Make reques... |
30 |
#define kdebug(FMT, ...) \ |
d84f4f992 CRED: Inaugurate ... |
31 32 |
printk(KERN_DEBUG " "FMT" ", ##__VA_ARGS__) |
3e30148c3 [PATCH] Keys: Mak... |
33 |
#else |
76181c134 KEYS: Make reques... |
34 |
#define kenter(FMT, ...) \ |
dd6f953ad security: replace... |
35 36 |
no_printk(KERN_DEBUG "==> %s("FMT") ", __func__, ##__VA_ARGS__) |
76181c134 KEYS: Make reques... |
37 |
#define kleave(FMT, ...) \ |
dd6f953ad security: replace... |
38 39 |
no_printk(KERN_DEBUG "<== %s()"FMT" ", __func__, ##__VA_ARGS__) |
76181c134 KEYS: Make reques... |
40 41 42 |
#define kdebug(FMT, ...) \ no_printk(KERN_DEBUG FMT" ", ##__VA_ARGS__) |
3e30148c3 [PATCH] Keys: Mak... |
43 |
#endif |
0c061b570 KEYS: Correctly d... |
44 |
extern struct key_type key_type_dead; |
1da177e4c Linux-2.6.12-rc2 |
45 |
extern struct key_type key_type_user; |
9f6ed2ca2 keys: add a "logo... |
46 |
extern struct key_type key_type_logon; |
1da177e4c Linux-2.6.12-rc2 |
47 48 49 |
/*****************************************************************************/ /* |
973c9f4f4 KEYS: Fix up comm... |
50 51 52 53 54 55 |
* Keep track of keys for a user. * * This needs to be separate to user_struct to avoid a refcount-loop * (user_struct pins some keyrings which pin this struct). * * We also keep track of keys under request from userspace for this UID here. |
1da177e4c Linux-2.6.12-rc2 |
56 57 58 |
*/ struct key_user { struct rb_node node; |
76181c134 KEYS: Make reques... |
59 |
struct mutex cons_lock; /* construction initiation lock */ |
1da177e4c Linux-2.6.12-rc2 |
60 |
spinlock_t lock; |
ddb99e118 security, keys: c... |
61 |
refcount_t usage; /* for accessing qnkeys & qnbytes */ |
1da177e4c Linux-2.6.12-rc2 |
62 63 |
atomic_t nkeys; /* number of keys */ atomic_t nikeys; /* number of instantiated keys */ |
9a56c2db4 userns: Convert s... |
64 |
kuid_t uid; |
1da177e4c Linux-2.6.12-rc2 |
65 66 67 |
int qnkeys; /* number of keys allocated to this user */ int qnbytes; /* number of bytes allocated to this user */ }; |
1da177e4c Linux-2.6.12-rc2 |
68 69 70 |
extern struct rb_root key_user_tree; extern spinlock_t key_user_lock; extern struct key_user root_key_user; |
9a56c2db4 userns: Convert s... |
71 |
extern struct key_user *key_user_lookup(kuid_t uid); |
1da177e4c Linux-2.6.12-rc2 |
72 |
extern void key_user_put(struct key_user *user); |
0b77f5bfb keys: make the ke... |
73 |
/* |
973c9f4f4 KEYS: Fix up comm... |
74 |
* Key quota limits. |
0b77f5bfb keys: make the ke... |
75 76 77 78 79 80 81 82 |
* - root has its own separate limits to everyone else */ extern unsigned key_quota_root_maxkeys; extern unsigned key_quota_root_maxbytes; extern unsigned key_quota_maxkeys; extern unsigned key_quota_maxbytes; #define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */ |
1da177e4c Linux-2.6.12-rc2 |
83 |
|
8bc16deab KEYS: Move the un... |
84 |
extern struct kmem_cache *key_jar; |
1da177e4c Linux-2.6.12-rc2 |
85 86 |
extern struct rb_root key_serial_tree; extern spinlock_t key_serial_lock; |
76181c134 KEYS: Make reques... |
87 |
extern struct mutex key_construction_mutex; |
1da177e4c Linux-2.6.12-rc2 |
88 |
extern wait_queue_head_t request_key_conswq; |
355ef8e15 keys: Cache the h... |
89 |
extern void key_set_index_key(struct keyring_index_key *index_key); |
e9e349b05 KEYS: Disperse li... |
90 91 |
extern struct key_type *key_type_lookup(const char *type); extern void key_type_put(struct key_type *ktype); |
df593ee23 keys: Hoist locki... |
92 93 |
extern int __key_link_lock(struct key *keyring, const struct keyring_index_key *index_key); |
ed0ac5c7e keys: Add a keyct... |
94 95 |
extern int __key_move_lock(struct key *l_keyring, struct key *u_keyring, const struct keyring_index_key *index_key); |
f70e2e061 KEYS: Do prealloc... |
96 |
extern int __key_link_begin(struct key *keyring, |
16feef434 KEYS: Consolidate... |
97 |
const struct keyring_index_key *index_key, |
b2a4df200 KEYS: Expand the ... |
98 |
struct assoc_array_edit **_edit); |
f70e2e061 KEYS: Do prealloc... |
99 |
extern int __key_link_check_live_key(struct key *keyring, struct key *key); |
f7e47677e watch_queue: Add ... |
100 101 |
extern void __key_link(struct key *keyring, struct key *key, struct assoc_array_edit **_edit); |
f70e2e061 KEYS: Do prealloc... |
102 |
extern void __key_link_end(struct key *keyring, |
16feef434 KEYS: Consolidate... |
103 |
const struct keyring_index_key *index_key, |
b2a4df200 KEYS: Expand the ... |
104 |
struct assoc_array_edit *edit); |
1da177e4c Linux-2.6.12-rc2 |
105 |
|
b2a4df200 KEYS: Expand the ... |
106 107 |
extern key_ref_t find_key_to_update(key_ref_t keyring_ref, const struct keyring_index_key *index_key); |
1da177e4c Linux-2.6.12-rc2 |
108 |
|
3e30148c3 [PATCH] Keys: Mak... |
109 110 |
extern struct key *keyring_search_instkey(struct key *keyring, key_serial_t target_id); |
b2a4df200 KEYS: Expand the ... |
111 112 113 |
extern int iterate_over_keyring(const struct key *keyring, int (*func)(const struct key *key, void *data), void *data); |
4bdf0bc30 KEYS: Introduce a... |
114 115 116 |
struct keyring_search_context { struct keyring_index_key index_key; const struct cred *cred; |
462919591 KEYS: Preparse ma... |
117 |
struct key_match_data match_data; |
4bdf0bc30 KEYS: Introduce a... |
118 |
unsigned flags; |
614d8c390 KEYS: Remove key_... |
119 120 121 122 123 |
#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */ #define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */ #define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */ #define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */ #define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */ |
0b0a84154 KEYS: request_key... |
124 |
#define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */ |
dcf49dbc8 keys: Add a 'recu... |
125 |
#define KEYRING_SEARCH_RECURSE 0x0040 /* Search child keyrings also */ |
4bdf0bc30 KEYS: Introduce a... |
126 |
|
b2a4df200 KEYS: Expand the ... |
127 |
int (*iterator)(const void *object, void *iterator_data); |
4bdf0bc30 KEYS: Introduce a... |
128 129 130 131 |
/* Internal stuff */ int skipped_ret; bool possessed; key_ref_t result; |
074d58989 security: keys: R... |
132 |
time64_t now; |
4bdf0bc30 KEYS: Introduce a... |
133 |
}; |
0c903ab64 KEYS: Make the ke... |
134 135 |
extern bool key_default_cmp(const struct key *key, const struct key_match_data *match_data); |
e59428f72 keys: Move the RC... |
136 |
extern key_ref_t keyring_search_rcu(key_ref_t keyring_ref, |
4bdf0bc30 KEYS: Introduce a... |
137 |
struct keyring_search_context *ctx); |
e59428f72 keys: Move the RC... |
138 139 |
extern key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx); extern key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx); |
1da177e4c Linux-2.6.12-rc2 |
140 |
|
237bbd29f KEYS: prevent cre... |
141 |
extern struct key *find_keyring_by_name(const char *name, bool uid_keyring); |
1da177e4c Linux-2.6.12-rc2 |
142 |
|
0f44e4d97 keys: Move the us... |
143 144 |
extern int look_up_user_keyrings(struct key **, struct key **); extern struct key *get_user_session_keyring_rcu(const struct cred *); |
d84f4f992 CRED: Inaugurate ... |
145 146 |
extern int install_thread_keyring_to_cred(struct cred *); extern int install_process_keyring_to_cred(struct cred *); |
685bfd2c4 umh: creds: conve... |
147 |
extern int install_session_keyring_to_cred(struct cred *, struct key *); |
3e30148c3 [PATCH] Keys: Mak... |
148 149 150 |
extern struct key *request_key_and_link(struct key_type *type, const char *description, |
a58946c15 keys: Pass the ne... |
151 |
struct key_tag *domain_tag, |
4a38e122e keys: allow the c... |
152 153 |
const void *callout_info, size_t callout_len, |
4e54f0854 [PATCH] Keys: All... |
154 |
void *aux, |
7e047ef5f [PATCH] keys: sor... |
155 156 |
struct key *dest_keyring, unsigned long flags); |
3e30148c3 [PATCH] Keys: Mak... |
157 |
|
0c903ab64 KEYS: Make the ke... |
158 159 |
extern bool lookup_user_key_possessed(const struct key *key, const struct key_match_data *match_data); |
5593122ee KEYS: Deal with d... |
160 161 |
#define KEY_LOOKUP_CREATE 0x01 #define KEY_LOOKUP_PARTIAL 0x02 |
e9e349b05 KEYS: Disperse li... |
162 163 |
extern long join_session_keyring(const char *name); |
67d121455 merge task_work a... |
164 |
extern void key_change_session_keyring(struct callback_head *twork); |
e9e349b05 KEYS: Disperse li... |
165 |
|
0c061b570 KEYS: Correctly d... |
166 |
extern struct work_struct key_gc_work; |
5d135440f KEYS: Add garbage... |
167 |
extern unsigned key_gc_delay; |
074d58989 security: keys: R... |
168 |
extern void keyring_gc(struct key *keyring, time64_t limit); |
2b6aa412f KEYS: Use structu... |
169 170 |
extern void keyring_restriction_gc(struct key *keyring, struct key_type *dead_type); |
074d58989 security: keys: R... |
171 |
extern void key_schedule_gc(time64_t gc_at); |
fd75815f7 KEYS: Add invalid... |
172 |
extern void key_schedule_gc_links(void); |
0c061b570 KEYS: Correctly d... |
173 |
extern void key_gc_keytype(struct key_type *ktype); |
5d135440f KEYS: Add garbage... |
174 |
|
e9e349b05 KEYS: Disperse li... |
175 |
extern int key_task_permission(const key_ref_t key_ref, |
d84f4f992 CRED: Inaugurate ... |
176 |
const struct cred *cred, |
8c0637e95 keys: Make the KE... |
177 |
enum key_need_perm need_perm); |
e9e349b05 KEYS: Disperse li... |
178 |
|
f7e47677e watch_queue: Add ... |
179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 |
static inline void notify_key(struct key *key, enum key_notification_subtype subtype, u32 aux) { #ifdef CONFIG_KEY_NOTIFICATIONS struct key_notification n = { .watch.type = WATCH_TYPE_KEY_NOTIFY, .watch.subtype = subtype, .watch.info = watch_sizeof(n), .key_id = key_serial(key), .aux = aux, }; post_watch_notification(key->watchers, &n.watch, current_cred(), n.key_id); #endif } |
e9e349b05 KEYS: Disperse li... |
195 |
|
973c9f4f4 KEYS: Fix up comm... |
196 197 198 |
/* * Check to see whether permission is granted to use a key in the desired way. */ |
8c0637e95 keys: Make the KE... |
199 200 |
static inline int key_permission(const key_ref_t key_ref, enum key_need_perm need_perm) |
e9e349b05 KEYS: Disperse li... |
201 |
{ |
8c0637e95 keys: Make the KE... |
202 |
return key_task_permission(key_ref, current_cred(), need_perm); |
e9e349b05 KEYS: Disperse li... |
203 |
} |
3e30148c3 [PATCH] Keys: Mak... |
204 205 |
extern struct key_type key_type_request_key_auth; extern struct key *request_key_auth_new(struct key *target, |
822ad64d7 keys: Fix depende... |
206 |
const char *op, |
4a38e122e keys: allow the c... |
207 |
const void *callout_info, |
8bbf4976b KEYS: Alter use o... |
208 209 |
size_t callout_len, struct key *dest_keyring); |
3e30148c3 [PATCH] Keys: Mak... |
210 211 |
extern struct key *key_get_instantiation_authkey(key_serial_t target_id); |
1da177e4c Linux-2.6.12-rc2 |
212 213 |
/* |
fd75815f7 KEYS: Add invalid... |
214 215 |
* Determine whether a key is dead. */ |
074d58989 security: keys: R... |
216 |
static inline bool key_is_dead(const struct key *key, time64_t limit) |
fd75815f7 KEYS: Add invalid... |
217 218 219 220 |
{ return key->flags & ((1 << KEY_FLAG_DEAD) | (1 << KEY_FLAG_INVALIDATED)) || |
218e6424e keys: Garbage col... |
221 222 |
(key->expiry > 0 && key->expiry <= limit) || key->domain_tag->removed; |
fd75815f7 KEYS: Add invalid... |
223 224 225 |
} /* |
973c9f4f4 KEYS: Fix up comm... |
226 |
* keyctl() functions |
1da177e4c Linux-2.6.12-rc2 |
227 228 229 230 231 232 233 |
*/ extern long keyctl_get_keyring_ID(key_serial_t, int); extern long keyctl_join_session_keyring(const char __user *); extern long keyctl_update_key(key_serial_t, const void __user *, size_t); extern long keyctl_revoke_key(key_serial_t); extern long keyctl_keyring_clear(key_serial_t); extern long keyctl_keyring_link(key_serial_t, key_serial_t); |
ed0ac5c7e keys: Add a keyct... |
234 |
extern long keyctl_keyring_move(key_serial_t, key_serial_t, key_serial_t, unsigned int); |
1da177e4c Linux-2.6.12-rc2 |
235 236 237 238 239 240 |
extern long keyctl_keyring_unlink(key_serial_t, key_serial_t); extern long keyctl_describe_key(key_serial_t, char __user *, size_t); extern long keyctl_keyring_search(key_serial_t, const char __user *, const char __user *, key_serial_t); extern long keyctl_read_key(key_serial_t, char __user *, size_t); extern long keyctl_chown_key(key_serial_t, uid_t, gid_t); |
028db3e29 Revert "Merge tag... |
241 |
extern long keyctl_setperm_key(key_serial_t, key_perm_t); |
1da177e4c Linux-2.6.12-rc2 |
242 243 244 |
extern long keyctl_instantiate_key(key_serial_t, const void __user *, size_t, key_serial_t); extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); |
3e30148c3 [PATCH] Keys: Mak... |
245 |
extern long keyctl_set_reqkey_keyring(int); |
017679c4d [PATCH] keys: Per... |
246 |
extern long keyctl_set_timeout(key_serial_t, unsigned); |
b5f545c88 [PATCH] keys: Per... |
247 |
extern long keyctl_assume_authority(key_serial_t); |
70a5bb72b keys: add keyctl ... |
248 249 |
extern long keyctl_get_security(key_serial_t keyid, char __user *buffer, size_t buflen); |
ee18d64c1 KEYS: Add a keyct... |
250 |
extern long keyctl_session_to_parent(void); |
fdd1b9458 KEYS: Add a new k... |
251 |
extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t); |
ee009e4a0 KEYS: Add an iove... |
252 253 254 |
extern long keyctl_instantiate_key_iov(key_serial_t, const struct iovec __user *, unsigned, key_serial_t); |
fd75815f7 KEYS: Add invalid... |
255 |
extern long keyctl_invalidate_key(key_serial_t); |
6563c91fd KEYS: Add KEYCTL_... |
256 257 258 |
extern long keyctl_restrict_keyring(key_serial_t id, const char __user *_type, const char __user *_restriction); |
f36f8c75a KEYS: Add per-use... |
259 260 261 262 263 264 265 266 267 |
#ifdef CONFIG_PERSISTENT_KEYRINGS extern long keyctl_get_persistent(uid_t, key_serial_t); extern unsigned persistent_keyring_expiry; #else static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring) { return -EOPNOTSUPP; } #endif |
1da177e4c Linux-2.6.12-rc2 |
268 |
|
ddbb41148 KEYS: Add KEYCTL_... |
269 270 |
#ifdef CONFIG_KEY_DH_OPERATIONS extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *, |
f1c316a3a KEYS: add SP800-5... |
271 272 273 |
size_t, struct keyctl_kdf_params __user *); extern long __keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *, size_t, struct keyctl_kdf_params *); |
601f0093f KEYS: remove CONF... |
274 |
#ifdef CONFIG_COMPAT |
f1c316a3a KEYS: add SP800-5... |
275 276 277 278 279 280 |
extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params, char __user *buffer, size_t buflen, struct compat_keyctl_kdf_params __user *kdf); #endif #define KEYCTL_KDF_MAX_OUTPUT_LEN 1024 /* max length of KDF output */ #define KEYCTL_KDF_MAX_OI_LEN 64 /* max length of otherinfo */ |
ddbb41148 KEYS: Add KEYCTL_... |
281 282 |
#else static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params, |
4693fc734 KEYS: Add placeho... |
283 |
char __user *buffer, size_t buflen, |
f1c316a3a KEYS: add SP800-5... |
284 285 286 287 |
struct keyctl_kdf_params __user *kdf) { return -EOPNOTSUPP; } |
601f0093f KEYS: remove CONF... |
288 |
#ifdef CONFIG_COMPAT |
f1c316a3a KEYS: add SP800-5... |
289 290 291 292 |
static inline long compat_keyctl_dh_compute( struct keyctl_dh_params __user *params, char __user *buffer, size_t buflen, struct keyctl_kdf_params __user *kdf) |
ddbb41148 KEYS: Add KEYCTL_... |
293 294 295 296 |
{ return -EOPNOTSUPP; } #endif |
f1c316a3a KEYS: add SP800-5... |
297 |
#endif |
ddbb41148 KEYS: Add KEYCTL_... |
298 |
|
00d60fd3b KEYS: Provide key... |
299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 |
#ifdef CONFIG_ASYMMETRIC_KEY_TYPE extern long keyctl_pkey_query(key_serial_t, const char __user *, struct keyctl_pkey_query __user *); extern long keyctl_pkey_verify(const struct keyctl_pkey_params __user *, const char __user *, const void __user *, const void __user *); extern long keyctl_pkey_e_d_s(int, const struct keyctl_pkey_params __user *, const char __user *, const void __user *, void __user *); #else static inline long keyctl_pkey_query(key_serial_t id, const char __user *_info, struct keyctl_pkey_query __user *_res) { return -EOPNOTSUPP; } static inline long keyctl_pkey_verify(const struct keyctl_pkey_params __user *params, const char __user *_info, const void __user *_in, const void __user *_in2) { return -EOPNOTSUPP; } static inline long keyctl_pkey_e_d_s(int op, const struct keyctl_pkey_params __user *params, const char __user *_info, const void __user *_in, void __user *_out) { return -EOPNOTSUPP; } #endif |
45e0f30c3 keys: Add capabil... |
337 |
extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen); |
f7e47677e watch_queue: Add ... |
338 339 340 341 342 343 344 345 |
#ifdef CONFIG_KEY_NOTIFICATIONS extern long keyctl_watch_key(key_serial_t, int, int); #else static inline long keyctl_watch_key(key_serial_t key_id, int watch_fd, int watch_id) { return -EOPNOTSUPP; } #endif |
1da177e4c Linux-2.6.12-rc2 |
346 |
/* |
973c9f4f4 KEYS: Fix up comm... |
347 |
* Debugging key validation |
1da177e4c Linux-2.6.12-rc2 |
348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 |
*/ #ifdef KEY_DEBUGGING extern void __key_check(const struct key *); static inline void key_check(const struct key *key) { if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC)) __key_check(key); } #else #define key_check(key) do {} while(0) #endif |
1da177e4c Linux-2.6.12-rc2 |
363 |
#endif /* _INTERNAL_H */ |