^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 1) /* SPDX-License-Identifier: GPL-2.0-or-later */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 2) /* Authentication token and access key management internal defs
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 3) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 4) * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 5) * Written by David Howells (dhowells@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 6) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 7)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 8) #ifndef _INTERNAL_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 9) #define _INTERNAL_H
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 10)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 11) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 12) #include <linux/wait_bit.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 13) #include <linux/cred.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 14) #include <linux/key-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 15) #include <linux/task_work.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 16) #include <linux/keyctl.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 17) #include <linux/refcount.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 18) #include <linux/watch_queue.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 19) #include <linux/compat.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 20) #include <linux/mm.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 21) #include <linux/vmalloc.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 22)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 23) struct iovec;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 24)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 25) #ifdef __KDEBUG
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 26) #define kenter(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 27) printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 28) #define kleave(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 29) printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 30) #define kdebug(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 31) printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 32) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 33) #define kenter(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 34) no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 35) #define kleave(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 36) no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 37) #define kdebug(FMT, ...) \
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 38) no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 39) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 40)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 41) extern struct key_type key_type_dead;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 42) extern struct key_type key_type_user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 43) extern struct key_type key_type_logon;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 44)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 45) /*****************************************************************************/
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 46) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 47) * Keep track of keys for a user.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 48) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 49) * This needs to be separate to user_struct to avoid a refcount-loop
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 50) * (user_struct pins some keyrings which pin this struct).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 51) *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 52) * We also keep track of keys under request from userspace for this UID here.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 53) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 54) struct key_user {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 55) struct rb_node node;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 56) struct mutex cons_lock; /* construction initiation lock */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 57) spinlock_t lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 58) refcount_t usage; /* for accessing qnkeys & qnbytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 59) atomic_t nkeys; /* number of keys */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 60) atomic_t nikeys; /* number of instantiated keys */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 61) kuid_t uid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 62) int qnkeys; /* number of keys allocated to this user */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 63) int qnbytes; /* number of bytes allocated to this user */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 64) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 65)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 66) extern struct rb_root key_user_tree;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 67) extern spinlock_t key_user_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 68) extern struct key_user root_key_user;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 69)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 70) extern struct key_user *key_user_lookup(kuid_t uid);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 71) extern void key_user_put(struct key_user *user);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 72)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 73) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 74) * Key quota limits.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 75) * - root has its own separate limits to everyone else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 76) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 77) extern unsigned key_quota_root_maxkeys;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 78) extern unsigned key_quota_root_maxbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 79) extern unsigned key_quota_maxkeys;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 80) extern unsigned key_quota_maxbytes;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 81)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 82) #define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 83)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 84)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 85) extern struct kmem_cache *key_jar;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 86) extern struct rb_root key_serial_tree;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 87) extern spinlock_t key_serial_lock;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 88) extern struct mutex key_construction_mutex;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 89) extern wait_queue_head_t request_key_conswq;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 90)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 91) extern void key_set_index_key(struct keyring_index_key *index_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 92) extern struct key_type *key_type_lookup(const char *type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 93) extern void key_type_put(struct key_type *ktype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 94)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 95) extern int __key_link_lock(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 96) const struct keyring_index_key *index_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 97) extern int __key_move_lock(struct key *l_keyring, struct key *u_keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 98) const struct keyring_index_key *index_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 99) extern int __key_link_begin(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) const struct keyring_index_key *index_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) struct assoc_array_edit **_edit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) extern int __key_link_check_live_key(struct key *keyring, struct key *key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) extern void __key_link(struct key *keyring, struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) struct assoc_array_edit **_edit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) extern void __key_link_end(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) const struct keyring_index_key *index_key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) struct assoc_array_edit *edit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) const struct keyring_index_key *index_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) extern struct key *keyring_search_instkey(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) key_serial_t target_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) extern int iterate_over_keyring(const struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) int (*func)(const struct key *key, void *data),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) void *data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) struct keyring_search_context {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) struct keyring_index_key index_key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) const struct cred *cred;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) struct key_match_data match_data;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) unsigned flags;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) #define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) #define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) #define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) #define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) #define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) #define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) #define KEYRING_SEARCH_RECURSE 0x0040 /* Search child keyrings also */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) int (*iterator)(const void *object, void *iterator_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) /* Internal stuff */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) int skipped_ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) bool possessed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) key_ref_t result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) time64_t now;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) extern bool key_default_cmp(const struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) const struct key_match_data *match_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) extern key_ref_t keyring_search_rcu(key_ref_t keyring_ref,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) struct keyring_search_context *ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) extern key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) extern key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) extern struct key *find_keyring_by_name(const char *name, bool uid_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) extern int look_up_user_keyrings(struct key **, struct key **);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) extern struct key *get_user_session_keyring_rcu(const struct cred *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) extern int install_thread_keyring_to_cred(struct cred *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) extern int install_process_keyring_to_cred(struct cred *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) extern int install_session_keyring_to_cred(struct cred *, struct key *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) extern struct key *request_key_and_link(struct key_type *type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158) const char *description,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) struct key_tag *domain_tag,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) const void *callout_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) size_t callout_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) void *aux,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) struct key *dest_keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) unsigned long flags);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) extern bool lookup_user_key_possessed(const struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) const struct key_match_data *match_data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) #define KEY_LOOKUP_CREATE 0x01
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) #define KEY_LOOKUP_PARTIAL 0x02
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) extern long join_session_keyring(const char *name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) extern void key_change_session_keyring(struct callback_head *twork);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) extern struct work_struct key_gc_work;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) extern unsigned key_gc_delay;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) extern void keyring_gc(struct key *keyring, time64_t limit);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) extern void keyring_restriction_gc(struct key *keyring,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) struct key_type *dead_type);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) extern void key_schedule_gc(time64_t gc_at);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) extern void key_schedule_gc_links(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) extern void key_gc_keytype(struct key_type *ktype);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) extern int key_task_permission(const key_ref_t key_ref,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) const struct cred *cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) enum key_need_perm need_perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) static inline void notify_key(struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) enum key_notification_subtype subtype, u32 aux)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) #ifdef CONFIG_KEY_NOTIFICATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) struct key_notification n = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) .watch.type = WATCH_TYPE_KEY_NOTIFY,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) .watch.subtype = subtype,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) .watch.info = watch_sizeof(n),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) .key_id = key_serial(key),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) .aux = aux,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) post_watch_notification(key->watchers, &n.watch, current_cred(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) n.key_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) * Check to see whether permission is granted to use a key in the desired way.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) static inline int key_permission(const key_ref_t key_ref,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) enum key_need_perm need_perm)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) return key_task_permission(key_ref, current_cred(), need_perm);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) extern struct key_type key_type_request_key_auth;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) extern struct key *request_key_auth_new(struct key *target,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) const char *op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) const void *callout_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) size_t callout_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) struct key *dest_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) * Determine whether a key is dead.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) static inline bool key_is_dead(const struct key *key, time64_t limit)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) return
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) key->flags & ((1 << KEY_FLAG_DEAD) |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) (1 << KEY_FLAG_INVALIDATED)) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) (key->expiry > 0 && key->expiry <= limit) ||
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) key->domain_tag->removed;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) * keyctl() functions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) extern long keyctl_get_keyring_ID(key_serial_t, int);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) extern long keyctl_join_session_keyring(const char __user *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) extern long keyctl_update_key(key_serial_t, const void __user *, size_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) extern long keyctl_revoke_key(key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) extern long keyctl_keyring_clear(key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) extern long keyctl_keyring_link(key_serial_t, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243) extern long keyctl_keyring_move(key_serial_t, key_serial_t, key_serial_t, unsigned int);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244) extern long keyctl_keyring_unlink(key_serial_t, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245) extern long keyctl_describe_key(key_serial_t, char __user *, size_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) extern long keyctl_keyring_search(key_serial_t, const char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) const char __user *, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) extern long keyctl_read_key(key_serial_t, char __user *, size_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) extern long keyctl_chown_key(key_serial_t, uid_t, gid_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) extern long keyctl_setperm_key(key_serial_t, key_perm_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) extern long keyctl_instantiate_key(key_serial_t, const void __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) size_t, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) extern long keyctl_set_reqkey_keyring(int);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) extern long keyctl_set_timeout(key_serial_t, unsigned);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) extern long keyctl_assume_authority(key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) size_t buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) extern long keyctl_session_to_parent(void);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) extern long keyctl_instantiate_key_iov(key_serial_t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) const struct iovec __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) unsigned, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) extern long keyctl_invalidate_key(key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) extern long keyctl_restrict_keyring(key_serial_t id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) const char __user *_type,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) const char __user *_restriction);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) #ifdef CONFIG_PERSISTENT_KEYRINGS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) extern long keyctl_get_persistent(uid_t, key_serial_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) extern unsigned persistent_keyring_expiry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) #ifdef CONFIG_KEY_DH_OPERATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) extern long keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) size_t, struct keyctl_kdf_params __user *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) extern long __keyctl_dh_compute(struct keyctl_dh_params __user *, char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) size_t, struct keyctl_kdf_params *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) #ifdef CONFIG_COMPAT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 284) extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 285) char __user *buffer, size_t buflen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 286) struct compat_keyctl_kdf_params __user *kdf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 287) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 288) #define KEYCTL_KDF_MAX_OUTPUT_LEN 1024 /* max length of KDF output */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 289) #define KEYCTL_KDF_MAX_OI_LEN 64 /* max length of otherinfo */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 290) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 291) static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 292) char __user *buffer, size_t buflen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 293) struct keyctl_kdf_params __user *kdf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 294) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 295) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 296) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 297)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 298) #ifdef CONFIG_COMPAT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 299) static inline long compat_keyctl_dh_compute(
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 300) struct keyctl_dh_params __user *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 301) char __user *buffer, size_t buflen,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 302) struct keyctl_kdf_params __user *kdf)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 303) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 304) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 305) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 306) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 307) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 308)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 309) #ifdef CONFIG_ASYMMETRIC_KEY_TYPE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 310) extern long keyctl_pkey_query(key_serial_t,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 311) const char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 312) struct keyctl_pkey_query __user *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 313)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 314) extern long keyctl_pkey_verify(const struct keyctl_pkey_params __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 315) const char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 316) const void __user *, const void __user *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 317)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 318) extern long keyctl_pkey_e_d_s(int,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 319) const struct keyctl_pkey_params __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 320) const char __user *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 321) const void __user *, void __user *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 322) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 323) static inline long keyctl_pkey_query(key_serial_t id,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 324) const char __user *_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 325) struct keyctl_pkey_query __user *_res)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 326) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 327) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 328) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 329)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 330) static inline long keyctl_pkey_verify(const struct keyctl_pkey_params __user *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 331) const char __user *_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 332) const void __user *_in,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 333) const void __user *_in2)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 334) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 335) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 336) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 337)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 338) static inline long keyctl_pkey_e_d_s(int op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 339) const struct keyctl_pkey_params __user *params,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 340) const char __user *_info,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 341) const void __user *_in,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 342) void __user *_out)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 343) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 344) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 345) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 346) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 347)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 348) extern long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 349)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 350) #ifdef CONFIG_KEY_NOTIFICATIONS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 351) extern long keyctl_watch_key(key_serial_t, int, int);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 352) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 353) static inline long keyctl_watch_key(key_serial_t key_id, int watch_fd, int watch_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 354) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 355) return -EOPNOTSUPP;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 356) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 357) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 358)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 359) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 360) * Debugging key validation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 361) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 362) #ifdef KEY_DEBUGGING
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 363) extern void __key_check(const struct key *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 364)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 365) static inline void key_check(const struct key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 366) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 367) if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 368) __key_check(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 369) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 370)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 371) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 372)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 373) #define key_check(key) do {} while(0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 374)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 375) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 376) #endif /* _INTERNAL_H */
Orange Pi5 kernel
Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards
3 Commits
0 Branches
0 Tags