• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/linux/linux-2.6/include/linux/
1/* Authentication token and access key management
2 *
3 * Copyright (C) 2004, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 *
12 * See Documentation/keys.txt for information on keys/keyrings.
13 */
14
15#ifndef _LINUX_KEY_H
16#define _LINUX_KEY_H
17
18#include <linux/types.h>
19#include <linux/list.h>
20#include <linux/rbtree.h>
21#include <linux/rcupdate.h>
22#include <linux/sysctl.h>
23#include <linux/rwsem.h>
24#include <asm/atomic.h>
25
26#ifdef __KERNEL__
27
28/* key handle serial number */
29typedef int32_t key_serial_t;
30
31/* key handle permissions mask */
32typedef uint32_t key_perm_t;
33
34struct key;
35
36#ifdef CONFIG_KEYS
37
38#undef KEY_DEBUGGING
39
40#define KEY_POS_VIEW	0x01000000	/* possessor can view a key's attributes */
41#define KEY_POS_READ	0x02000000	/* possessor can read key payload / view keyring */
42#define KEY_POS_WRITE	0x04000000	/* possessor can update key payload / add link to keyring */
43#define KEY_POS_SEARCH	0x08000000	/* possessor can find a key in search / search a keyring */
44#define KEY_POS_LINK	0x10000000	/* possessor can create a link to a key/keyring */
45#define KEY_POS_SETATTR	0x20000000	/* possessor can set key attributes */
46#define KEY_POS_ALL	0x3f000000
47
48#define KEY_USR_VIEW	0x00010000	/* user permissions... */
49#define KEY_USR_READ	0x00020000
50#define KEY_USR_WRITE	0x00040000
51#define KEY_USR_SEARCH	0x00080000
52#define KEY_USR_LINK	0x00100000
53#define KEY_USR_SETATTR	0x00200000
54#define KEY_USR_ALL	0x003f0000
55
56#define KEY_GRP_VIEW	0x00000100	/* group permissions... */
57#define KEY_GRP_READ	0x00000200
58#define KEY_GRP_WRITE	0x00000400
59#define KEY_GRP_SEARCH	0x00000800
60#define KEY_GRP_LINK	0x00001000
61#define KEY_GRP_SETATTR	0x00002000
62#define KEY_GRP_ALL	0x00003f00
63
64#define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
65#define KEY_OTH_READ	0x00000002
66#define KEY_OTH_WRITE	0x00000004
67#define KEY_OTH_SEARCH	0x00000008
68#define KEY_OTH_LINK	0x00000010
69#define KEY_OTH_SETATTR	0x00000020
70#define KEY_OTH_ALL	0x0000003f
71
72#define KEY_PERM_UNDEF	0xffffffff
73
74struct seq_file;
75struct user_struct;
76struct signal_struct;
77struct cred;
78
79struct key_type;
80struct key_owner;
81struct keyring_list;
82struct keyring_name;
83
84/*****************************************************************************/
85/*
86 * key reference with possession attribute handling
87 *
88 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
89 * defined. This is because we abuse the bottom bit of the reference to carry a
90 * flag to indicate whether the calling process possesses that key in one of
91 * its keyrings.
92 *
93 * the key_ref_t has been made a separate type so that the compiler can reject
94 * attempts to dereference it without proper conversion.
95 *
96 * the three functions are used to assemble and disassemble references
97 */
98typedef struct __key_reference_with_attributes *key_ref_t;
99
100static inline key_ref_t make_key_ref(const struct key *key,
101				     unsigned long possession)
102{
103	return (key_ref_t) ((unsigned long) key | possession);
104}
105
106static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
107{
108	return (struct key *) ((unsigned long) key_ref & ~1UL);
109}
110
111static inline unsigned long is_key_possessed(const key_ref_t key_ref)
112{
113	return (unsigned long) key_ref & 1UL;
114}
115
116/*****************************************************************************/
117/*
118 * authentication token / access credential / keyring
119 * - types of key include:
120 *   - keyrings
121 *   - disk encryption IDs
122 *   - Kerberos TGTs and tickets
123 */
124struct key {
125	atomic_t		usage;		/* number of references */
126	key_serial_t		serial;		/* key serial number */
127	struct rb_node		serial_node;
128	struct key_type		*type;		/* type of key */
129	struct rw_semaphore	sem;		/* change vs change sem */
130	struct key_user		*user;		/* owner of this key */
131	void			*security;	/* security data for this key */
132	union {
133		time_t		expiry;		/* time at which key expires (or 0) */
134		time_t		revoked_at;	/* time at which key was revoked */
135	};
136	uid_t			uid;
137	gid_t			gid;
138	key_perm_t		perm;		/* access permissions */
139	unsigned short		quotalen;	/* length added to quota */
140	unsigned short		datalen;	/* payload data length
141						 * - may not match RCU dereferenced payload
142						 * - payload should contain own length
143						 */
144
145#ifdef KEY_DEBUGGING
146	unsigned		magic;
147#define KEY_DEBUG_MAGIC		0x18273645u
148#define KEY_DEBUG_MAGIC_X	0xf8e9dacbu
149#endif
150
151	unsigned long		flags;		/* status flags (change with bitops) */
152#define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
153#define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
154#define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
155#define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
156#define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
157#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */
158
159	/* the description string
160	 * - this is used to match a key against search criteria
161	 * - this should be a printable string
162	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
163	 */
164	char			*description;
165
166	/* type specific data
167	 * - this is used by the keyring type to index the name
168	 */
169	union {
170		struct list_head	link;
171		unsigned long		x[2];
172		void			*p[2];
173	} type_data;
174
175	/* key data
176	 * - this is used to hold the data actually used in cryptography or
177	 *   whatever
178	 */
179	union {
180		unsigned long		value;
181		void			*data;
182		struct keyring_list	*subscriptions;
183	} payload;
184};
185
186extern struct key *key_alloc(struct key_type *type,
187			     const char *desc,
188			     uid_t uid, gid_t gid,
189			     const struct cred *cred,
190			     key_perm_t perm,
191			     unsigned long flags);
192
193
194#define KEY_ALLOC_IN_QUOTA	0x0000	/* add to quota, reject if would overrun */
195#define KEY_ALLOC_QUOTA_OVERRUN	0x0001	/* add to quota, permit even if overrun */
196#define KEY_ALLOC_NOT_IN_QUOTA	0x0002	/* not in quota */
197
198extern void key_revoke(struct key *key);
199extern void key_put(struct key *key);
200
201static inline struct key *key_get(struct key *key)
202{
203	if (key)
204		atomic_inc(&key->usage);
205	return key;
206}
207
208static inline void key_ref_put(key_ref_t key_ref)
209{
210	key_put(key_ref_to_ptr(key_ref));
211}
212
213extern struct key *request_key(struct key_type *type,
214			       const char *description,
215			       const char *callout_info);
216
217extern struct key *request_key_with_auxdata(struct key_type *type,
218					    const char *description,
219					    const void *callout_info,
220					    size_t callout_len,
221					    void *aux);
222
223extern struct key *request_key_async(struct key_type *type,
224				     const char *description,
225				     const void *callout_info,
226				     size_t callout_len);
227
228extern struct key *request_key_async_with_auxdata(struct key_type *type,
229						  const char *description,
230						  const void *callout_info,
231						  size_t callout_len,
232						  void *aux);
233
234extern int wait_for_key_construction(struct key *key, bool intr);
235
236extern int key_validate(struct key *key);
237
238extern key_ref_t key_create_or_update(key_ref_t keyring,
239				      const char *type,
240				      const char *description,
241				      const void *payload,
242				      size_t plen,
243				      key_perm_t perm,
244				      unsigned long flags);
245
246extern int key_update(key_ref_t key,
247		      const void *payload,
248		      size_t plen);
249
250extern int key_link(struct key *keyring,
251		    struct key *key);
252
253extern int key_unlink(struct key *keyring,
254		      struct key *key);
255
256extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
257				 const struct cred *cred,
258				 unsigned long flags,
259				 struct key *dest);
260
261extern int keyring_clear(struct key *keyring);
262
263extern key_ref_t keyring_search(key_ref_t keyring,
264				struct key_type *type,
265				const char *description);
266
267extern int keyring_add_key(struct key *keyring,
268			   struct key *key);
269
270extern struct key *key_lookup(key_serial_t id);
271
272static inline key_serial_t key_serial(struct key *key)
273{
274	return key ? key->serial : 0;
275}
276
277#ifdef CONFIG_SYSCTL
278extern ctl_table key_sysctls[];
279#endif
280
281extern void key_replace_session_keyring(void);
282
283/*
284 * the userspace interface
285 */
286extern int install_thread_keyring_to_cred(struct cred *cred);
287extern void key_fsuid_changed(struct task_struct *tsk);
288extern void key_fsgid_changed(struct task_struct *tsk);
289extern void key_init(void);
290
291#else /* CONFIG_KEYS */
292
293#define key_validate(k)			0
294#define key_serial(k)			0
295#define key_get(k) 			({ NULL; })
296#define key_revoke(k)			do { } while(0)
297#define key_put(k)			do { } while(0)
298#define key_ref_put(k)			do { } while(0)
299#define make_key_ref(k, p)		NULL
300#define key_ref_to_ptr(k)		NULL
301#define is_key_possessed(k)		0
302#define key_fsuid_changed(t)		do { } while(0)
303#define key_fsgid_changed(t)		do { } while(0)
304#define key_init()			do { } while(0)
305#define key_replace_session_keyring()	do { } while(0)
306
307#endif /* CONFIG_KEYS */
308#endif /* __KERNEL__ */
309#endif /* _LINUX_KEY_H */
310