[linux-2.6-block.git] / include / linux / key.h

/* key.h: authentication token and access key management
 *
 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 *
 *
 * See Documentation/keys.txt for information on keys/keyrings.
 */

#ifndef _LINUX_KEY_H
#define _LINUX_KEY_H

#include <linux/types.h>
#include <linux/list.h>
#include <linux/rbtree.h>
#include <linux/rcupdate.h>
#include <asm/atomic.h>

#ifdef __KERNEL__

/* key handle serial number */
typedef int32_t key_serial_t;

/* key handle permissions mask */
typedef uint32_t key_perm_t;

struct key;

#ifdef CONFIG_KEYS

#undef KEY_DEBUGGING

#define KEY_USR_VIEW	0x00010000	/* user can view a key's attributes */
#define KEY_USR_READ	0x00020000	/* user can read key payload / view keyring */
#define KEY_USR_WRITE	0x00040000	/* user can update key payload / add link to keyring */
#define KEY_USR_SEARCH	0x00080000	/* user can find a key in search / search a keyring */
#define KEY_USR_LINK	0x00100000	/* user can create a link to a key/keyring */
#define KEY_USR_ALL	0x001f0000

#define KEY_GRP_VIEW	0x00000100	/* group permissions... */
#define KEY_GRP_READ	0x00000200
#define KEY_GRP_WRITE	0x00000400
#define KEY_GRP_SEARCH	0x00000800
#define KEY_GRP_LINK	0x00001000
#define KEY_GRP_ALL	0x00001f00

#define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
#define KEY_OTH_READ	0x00000002
#define KEY_OTH_WRITE	0x00000004
#define KEY_OTH_SEARCH	0x00000008
#define KEY_OTH_LINK	0x00000010
#define KEY_OTH_ALL	0x0000001f

struct seq_file;
struct user_struct;
struct signal_struct;

struct key_type;
struct key_owner;
struct keyring_list;
struct keyring_name;

/*****************************************************************************/
/*
 * authentication token / access credential / keyring
 * - types of key include:
 *   - keyrings
 *   - disk encryption IDs
 *   - Kerberos TGTs and tickets
 */
struct key {
	atomic_t		usage;		/* number of references */
	key_serial_t		serial;		/* key serial number */
	struct rb_node		serial_node;
	struct key_type		*type;		/* type of key */
	struct rw_semaphore	sem;		/* change vs change sem */
	struct key_user		*user;		/* owner of this key */
	time_t			expiry;		/* time at which key expires (or 0) */
	uid_t			uid;
	gid_t			gid;
	key_perm_t		perm;		/* access permissions */
	unsigned short		quotalen;	/* length added to quota */
	unsigned short		datalen;	/* payload data length
						 * - may not match RCU dereferenced payload
						 * - payload should contain own length
						 */

#ifdef KEY_DEBUGGING
	unsigned		magic;
#define KEY_DEBUG_MAGIC		0x18273645u
#define KEY_DEBUG_MAGIC_X	0xf8e9dacbu
#endif

	unsigned long		flags;		/* status flags (change with bitops) */
#define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
#define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
#define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
#define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
#define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */

	/* the description string
	 * - this is used to match a key against search criteria
	 * - this should be a printable string
	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
	 */
	char			*description;

	/* type specific data
	 * - this is used by the keyring type to index the name
	 */
	union {
		struct list_head	link;
	} type_data;

	/* key data
	 * - this is used to hold the data actually used in cryptography or
	 *   whatever
	 */
	union {
		unsigned long		value;
		void			*data;
		struct keyring_list	*subscriptions;
	} payload;
};

/*****************************************************************************/
/*
 * kernel managed key type definition
 */
struct key_type {
	/* name of the type */
	const char *name;

	/* default payload length for quota precalculation (optional)
	 * - this can be used instead of calling key_payload_reserve(), that
	 *   function only needs to be called if the real datalen is different
	 */
	size_t def_datalen;

	/* instantiate a key of this type
	 * - this method should call key_payload_reserve() to determine if the
	 *   user's quota will hold the payload
	 */
	int (*instantiate)(struct key *key, const void *data, size_t datalen);

	/* duplicate a key of this type (optional)
	 * - the source key will be locked against change
	 * - the new description will be attached
	 * - the quota will have been adjusted automatically from
	 *   source->quotalen
	 */
	int (*duplicate)(struct key *key, const struct key *source);

	/* update a key of this type (optional)
	 * - this method should call key_payload_reserve() to recalculate the
	 *   quota consumption
	 * - the key must be locked against read when modifying
	 */
	int (*update)(struct key *key, const void *data, size_t datalen);

	/* match a key against a description */
	int (*match)(const struct key *key, const void *desc);

	/* clear the data from a key (optional) */
	void (*destroy)(struct key *key);

	/* describe a key */
	void (*describe)(const struct key *key, struct seq_file *p);

	/* read a key's data (optional)
	 * - permission checks will be done by the caller
	 * - the key's semaphore will be readlocked by the caller
	 * - should return the amount of data that could be read, no matter how
	 *   much is copied into the buffer
	 * - shouldn't do the copy if the buffer is NULL
	 */
	long (*read)(const struct key *key, char __user *buffer, size_t buflen);

	/* internal fields */
	struct list_head	link;		/* link in types list */
};

extern struct key_type key_type_keyring;

extern int register_key_type(struct key_type *ktype);
extern void unregister_key_type(struct key_type *ktype);

extern struct key *key_alloc(struct key_type *type,
			     const char *desc,
			     uid_t uid, gid_t gid, key_perm_t perm,
			     int not_in_quota);
extern int key_payload_reserve(struct key *key, size_t datalen);
extern int key_instantiate_and_link(struct key *key,
				    const void *data,
				    size_t datalen,
				    struct key *keyring);
extern int key_negate_and_link(struct key *key,
			       unsigned timeout,
			       struct key *keyring);
extern void key_revoke(struct key *key);
extern void key_put(struct key *key);

static inline struct key *key_get(struct key *key)
{
	if (key)
		atomic_inc(&key->usage);
	return key;
}

extern struct key *request_key(struct key_type *type,
			       const char *description,
			       const char *callout_info);

extern int key_validate(struct key *key);

extern struct key *key_create_or_update(struct key *keyring,
					const char *type,
					const char *description,
					const void *payload,
					size_t plen,
					int not_in_quota);

extern int key_update(struct key *key,
		      const void *payload,
		      size_t plen);

extern int key_link(struct key *keyring,
		    struct key *key);

extern int key_unlink(struct key *keyring,
		      struct key *key);

extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
				 int not_in_quota, struct key *dest);

extern int keyring_clear(struct key *keyring);

extern struct key *keyring_search(struct key *keyring,
				  struct key_type *type,
				  const char *description);

extern struct key *search_process_keyrings(struct key_type *type,
					   const char *description);

extern int keyring_add_key(struct key *keyring,
			   struct key *key);

extern struct key *key_lookup(key_serial_t id);

extern void keyring_replace_payload(struct key *key, void *replacement);

#define key_serial(key) ((key) ? (key)->serial : 0)

/*
 * the userspace interface
 */
extern struct key root_user_keyring, root_session_keyring;
extern int alloc_uid_keyring(struct user_struct *user);
extern void switch_uid_keyring(struct user_struct *new_user);
extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
extern int copy_thread_group_keys(struct task_struct *tsk);
extern void exit_keys(struct task_struct *tsk);
extern void exit_thread_group_keys(struct signal_struct *tg);
extern int suid_keys(struct task_struct *tsk);
extern int exec_keys(struct task_struct *tsk);
extern void key_fsuid_changed(struct task_struct *tsk);
extern void key_fsgid_changed(struct task_struct *tsk);
extern void key_init(void);

#else /* CONFIG_KEYS */

#define key_validate(k)			0
#define key_serial(k)			0
#define key_get(k) 			NULL
#define key_put(k)			do { } while(0)
#define alloc_uid_keyring(u)		0
#define switch_uid_keyring(u)		do { } while(0)
#define copy_keys(f,t)			0
#define copy_thread_group_keys(t)	0
#define exit_keys(t)			do { } while(0)
#define exit_thread_group_keys(tg)	do { } while(0)
#define suid_keys(t)			do { } while(0)
#define exec_keys(t)			do { } while(0)
#define key_fsuid_changed(t)		do { } while(0)
#define key_fsgid_changed(t)		do { } while(0)
#define key_init()			do { } while(0)

#endif /* CONFIG_KEYS */
#endif /* __KERNEL__ */
#endif /* _LINUX_KEY_H */
Commit	Line	Data
1da177e4 LT	1	/* key.h: authentication token and access key management
	2	*
	3	* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*
	11	*
	12	* See Documentation/keys.txt for information on keys/keyrings.
	13	*/
	14
	15	#ifndef _LINUX_KEY_H
	16	#define _LINUX_KEY_H
	17
	18	#include <linux/types.h>
	19	#include <linux/list.h>
	20	#include <linux/rbtree.h>
76d8aeab	21	#include <linux/rcupdate.h>
1da177e4 LT	22	#include <asm/atomic.h>
	23
	24	#ifdef __KERNEL__
	25
	26	/* key handle serial number */
	27	typedef int32_t key_serial_t;
	28
	29	/* key handle permissions mask */
	30	typedef uint32_t key_perm_t;
	31
	32	struct key;
	33
	34	#ifdef CONFIG_KEYS
	35
	36	#undef KEY_DEBUGGING
	37
	38	#define KEY_USR_VIEW 0x00010000 /* user can view a key's attributes */
	39	#define KEY_USR_READ 0x00020000 /* user can read key payload / view keyring */
	40	#define KEY_USR_WRITE 0x00040000 /* user can update key payload / add link to keyring */
	41	#define KEY_USR_SEARCH 0x00080000 /* user can find a key in search / search a keyring */
	42	#define KEY_USR_LINK 0x00100000 /* user can create a link to a key/keyring */
	43	#define KEY_USR_ALL 0x001f0000
	44
	45	#define KEY_GRP_VIEW 0x00000100 /* group permissions... */
	46	#define KEY_GRP_READ 0x00000200
	47	#define KEY_GRP_WRITE 0x00000400
	48	#define KEY_GRP_SEARCH 0x00000800
	49	#define KEY_GRP_LINK 0x00001000
	50	#define KEY_GRP_ALL 0x00001f00
	51
	52	#define KEY_OTH_VIEW 0x00000001 /* third party permissions... */
	53	#define KEY_OTH_READ 0x00000002
	54	#define KEY_OTH_WRITE 0x00000004
	55	#define KEY_OTH_SEARCH 0x00000008
	56	#define KEY_OTH_LINK 0x00000010
	57	#define KEY_OTH_ALL 0x0000001f
	58
	59	struct seq_file;
	60	struct user_struct;
	61	struct signal_struct;
	62
	63	struct key_type;
	64	struct key_owner;
	65	struct keyring_list;
	66	struct keyring_name;
	67
	68	/*****************************************************************************/
	69	/*
	70	* authentication token / access credential / keyring
	71	* - types of key include:
	72	* - keyrings
	73	* - disk encryption IDs
	74	* - Kerberos TGTs and tickets
	75	*/
	76	struct key {
	77	atomic_t usage; /* number of references */
	78	key_serial_t serial; /* key serial number */
	79	struct rb_node serial_node;
	80	struct key_type type; / type of key */
1da177e4 LT	81	struct rw_semaphore sem; /* change vs change sem */
	82	struct key_user user; / owner of this key */
	83	time_t expiry; /* time at which key expires (or 0) */
	84	uid_t uid;
	85	gid_t gid;
	86	key_perm_t perm; /* access permissions */
	87	unsigned short quotalen; /* length added to quota */
76d8aeab DH	88	unsigned short datalen; /* payload data length
	89	* - may not match RCU dereferenced payload
	90	* - payload should contain own length
	91	*/
1da177e4 LT	92
	93	#ifdef KEY_DEBUGGING
	94	unsigned magic;
	95	#define KEY_DEBUG_MAGIC 0x18273645u
	96	#define KEY_DEBUG_MAGIC_X 0xf8e9dacbu
	97	#endif
	98
76d8aeab DH	99	unsigned long flags; /* status flags (change with bitops) */
	100	#define KEY_FLAG_INSTANTIATED 0 /* set if key has been instantiated */
	101	#define KEY_FLAG_DEAD 1 /* set if key type has been deleted */
	102	#define KEY_FLAG_REVOKED 2 /* set if key had been revoked */
	103	#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
	104	#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
	105	#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
	106
1da177e4 LT	107	/* the description string
	108	* - this is used to match a key against search criteria
	109	* - this should be a printable string
	110	* - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
	111	*/
	112	char *description;
	113
	114	/* type specific data
	115	* - this is used by the keyring type to index the name
	116	*/
	117	union {
	118	struct list_head link;
	119	} type_data;
	120
	121	/* key data
	122	* - this is used to hold the data actually used in cryptography or
	123	* whatever
	124	*/
	125	union {
	126	unsigned long value;
	127	void *data;
	128	struct keyring_list *subscriptions;
	129	} payload;
	130	};
	131
	132	/*****************************************************************************/
	133	/*
	134	* kernel managed key type definition
	135	*/
	136	struct key_type {
	137	/* name of the type */
	138	const char *name;
	139
	140	/* default payload length for quota precalculation (optional)
	141	* - this can be used instead of calling key_payload_reserve(), that
	142	* function only needs to be called if the real datalen is different
	143	*/
	144	size_t def_datalen;
	145
	146	/* instantiate a key of this type
	147	* - this method should call key_payload_reserve() to determine if the
	148	* user's quota will hold the payload
	149	*/
	150	int (instantiate)(struct key key, const void *data, size_t datalen);
	151
	152	/* duplicate a key of this type (optional)
	153	* - the source key will be locked against change
	154	* - the new description will be attached
	155	* - the quota will have been adjusted automatically from
	156	* source->quotalen
	157	*/
	158	int (duplicate)(struct key key, const struct key *source);
	159
	160	/* update a key of this type (optional)
	161	* - this method should call key_payload_reserve() to recalculate the
	162	* quota consumption
	163	* - the key must be locked against read when modifying
	164	*/
	165	int (update)(struct key key, const void *data, size_t datalen);
	166
	167	/* match a key against a description */
	168	int (match)(const struct key key, const void *desc);
	169
	170	/* clear the data from a key (optional) */
171	void (destroy)(struct key key);
172
173	/* describe a key */
174	void (describe)(const struct key key, struct seq_file *p);
175
176	/* read a key's data (optional)
177	* - permission checks will be done by the caller
178	* - the key's semaphore will be readlocked by the caller
179	* - should return the amount of data that could be read, no matter how
180	* much is copied into the buffer
181	* - shouldn't do the copy if the buffer is NULL
182	*/
183	long (read)(const struct key key, char __user *buffer, size_t buflen);
184
185	/* internal fields */
186	struct list_head link; /* link in types list */
187	};
188
189	extern struct key_type key_type_keyring;
190
191	extern int register_key_type(struct key_type *ktype);
192	extern void unregister_key_type(struct key_type *ktype);
193
194	extern struct key key_alloc(struct key_type type,
195	const char *desc,
196	uid_t uid, gid_t gid, key_perm_t perm,
197	int not_in_quota);
198	extern int key_payload_reserve(struct key *key, size_t datalen);
199	extern int key_instantiate_and_link(struct key *key,
200	const void *data,
201	size_t datalen,
202	struct key *keyring);
203	extern int key_negate_and_link(struct key *key,
204	unsigned timeout,
205	struct key *keyring);
206	extern void key_revoke(struct key *key);
207	extern void key_put(struct key *key);
208
209	static inline struct key key_get(struct key key)
210	{
211	if (key)
212	atomic_inc(&key->usage);
213	return key;
214	}
215
216	extern struct key request_key(struct key_type type,
217	const char *description,
218	const char *callout_info);
219
220	extern int key_validate(struct key *key);
221
222	extern struct key key_create_or_update(struct key keyring,
223	const char *type,
224	const char *description,
225	const void *payload,
226	size_t plen,
227	int not_in_quota);
228
229	extern int key_update(struct key *key,
230	const void *payload,
231	size_t plen);
232
233	extern int key_link(struct key *keyring,
234	struct key *key);
235
236	extern int key_unlink(struct key *keyring,
237	struct key *key);
238
239	extern struct key keyring_alloc(const char description, uid_t uid, gid_t gid,
240	int not_in_quota, struct key *dest);
241
242	extern int keyring_clear(struct key *keyring);
243
244	extern struct key keyring_search(struct key keyring,
245	struct key_type *type,
246	const char *description);
247
248	extern struct key search_process_keyrings(struct key_type type,
249	const char *description);
250
251	extern int keyring_add_key(struct key *keyring,
252	struct key *key);
253
254	extern struct key *key_lookup(key_serial_t id);
255
76d8aeab DH	256	extern void keyring_replace_payload(struct key key, void replacement);
76d8aeab DH	257
1da177e4 LT	258	#define key_serial(key) ((key) ? (key)->serial : 0)
	259
	260	/*
	261	* the userspace interface
	262	*/
	263	extern struct key root_user_keyring, root_session_keyring;
	264	extern int alloc_uid_keyring(struct user_struct *user);
	265	extern void switch_uid_keyring(struct user_struct *new_user);
	266	extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
	267	extern int copy_thread_group_keys(struct task_struct *tsk);
	268	extern void exit_keys(struct task_struct *tsk);
	269	extern void exit_thread_group_keys(struct signal_struct *tg);
	270	extern int suid_keys(struct task_struct *tsk);
	271	extern int exec_keys(struct task_struct *tsk);
	272	extern void key_fsuid_changed(struct task_struct *tsk);
	273	extern void key_fsgid_changed(struct task_struct *tsk);
	274	extern void key_init(void);
	275
	276	#else /* CONFIG_KEYS */
	277
	278	#define key_validate(k) 0
	279	#define key_serial(k) 0
	280	#define key_get(k) NULL
	281	#define key_put(k) do { } while(0)
	282	#define alloc_uid_keyring(u) 0
	283	#define switch_uid_keyring(u) do { } while(0)
	284	#define copy_keys(f,t) 0
	285	#define copy_thread_group_keys(t) 0
	286	#define exit_keys(t) do { } while(0)
	287	#define exit_thread_group_keys(tg) do { } while(0)
	288	#define suid_keys(t) do { } while(0)
	289	#define exec_keys(t) do { } while(0)
	290	#define key_fsuid_changed(t) do { } while(0)
	291	#define key_fsgid_changed(t) do { } while(0)
	292	#define key_init() do { } while(0)
	293
	294	#endif /* CONFIG_KEYS */
	295	#endif /* __KERNEL__ */
	296	#endif /* _LINUX_KEY_H */