#include <linux/module.h>
#include <linux/init.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/seq_file.h>
#include <linux/err.h>
#include <keys/keyring-type.h>
#include <linux/uaccess.h>
#include "internal.h"

Macros
#define	rcu_dereference_locked_keyring(keyring)

#define	rcu_deref_link_locked(klist, index, keyring)

#define	MAX_KEYRING_LINKS

#define	KEY_LINK_FIXQUOTA 1UL

#define	KEYRING_SEARCH_MAX_DEPTH 6

#define	KEYRING_NAME_HASH_SIZE (1 << 5)

Functions
	EXPORT_SYMBOL (key_type_keyring)

struct key *	keyring_alloc (const char description, kuid_t uid, kgid_t gid, const struct cred cred, unsigned long flags, struct key *dest)

key_ref_t	keyring_search_aux (key_ref_t keyring_ref, const struct cred cred, struct key_type type, const void *description, key_match_func_t match, bool no_state_check)

key_ref_t	keyring_search (key_ref_t keyring, struct key_type type, const char description)

	EXPORT_SYMBOL (keyring_search)

key_ref_t	__keyring_search_one (key_ref_t keyring_ref, const struct key_type ktype, const char description, key_perm_t perm)

struct key *	find_keyring_by_name (const char *name, bool skip_perm_check)

int	__key_link_begin (struct key keyring, const struct key_type type, const char description, unsigned long _prealloc) __acquires(&keyring-> sem) __acquires(&keyring_serialise_link_sem)

int	__key_link_check_live_key (struct key keyring, struct key key)

void	__key_link (struct key keyring, struct key key, unsigned long *_prealloc)

void	__key_link_end (struct key keyring, struct key_type type, unsigned long prealloc) __releases(&keyring-> sem) __releases(&keyring_serialise_link_sem)

int	key_link (struct key keyring, struct key key)

	EXPORT_SYMBOL (key_link)

int	key_unlink (struct key keyring, struct key key)

	EXPORT_SYMBOL (key_unlink)

int	keyring_clear (struct key *keyring)

	EXPORT_SYMBOL (keyring_clear)

void	keyring_gc (struct key *keyring, time_t limit)

Variables
struct key_type	key_type_keyring

Macro Definition Documentation

#define KEY_LINK_FIXQUOTA 1UL

Definition at line 37 of file keyring.c.

#define KEYRING_NAME_HASH_SIZE (1 << 5)

Definition at line 48 of file keyring.c.

#define KEYRING_SEARCH_MAX_DEPTH 6

Definition at line 43 of file keyring.c.

#define MAX_KEYRING_LINKS

Value:

min_t(size_t, USHRT_MAX - 1, \

((PAGE_SIZE - sizeof(struct keyring_list)) / sizeof(struct key *)))

Definition at line 33 of file keyring.c.

#define rcu_deref_link_locked	(	klist,
		index,
		keyring
	)

Value:

(rcu_dereference_protected(                 \
        (klist)->keys[index],                   \
        rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))

Definition at line 28 of file keyring.c.

#define rcu_dereference_locked_keyring ( keyring )

Value:

(rcu_dereference_protected(                 \
        (keyring)->payload.subscriptions,           \
        rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))

Definition at line 23 of file keyring.c.

Function Documentation

void __key_link	(	struct key *	keyring,
		struct key *	key,
		unsigned long *	_prealloc
	)

Definition at line 900 of file keyring.c.

int __key_link_begin	(	struct key *	keyring,
		const struct key_type *	type,
		const char *	description,
		unsigned long *	_prealloc
	)		-> sem) __acquires(&keyring_serialise_link_sem)

Definition at line 751 of file keyring.c.

int __key_link_check_live_key	(	struct key *	keyring,
		struct key *	key
	)

Definition at line 883 of file keyring.c.

void __key_link_end	(	struct key *	keyring,
		struct key_type *	type,
		unsigned long	prealloc
	)		-> sem) __releases(&keyring_serialise_link_sem)

Definition at line 961 of file keyring.c.

key_ref_t __keyring_search_one	(	key_ref_t	keyring_ref,
		const struct key_type *	ktype,
		const char *	description,
		key_perm_t	perm
	)

Definition at line 541 of file keyring.c.

EXPORT_SYMBOL ( key_type_keyring )

EXPORT_SYMBOL ( keyring_search )

EXPORT_SYMBOL ( key_link )

EXPORT_SYMBOL ( key_unlink )

EXPORT_SYMBOL ( keyring_clear )

struct key* find_keyring_by_name	(	const char *	name,
		bool	skip_perm_check
	)

read

Definition at line 596 of file keyring.c.

int key_link	(	struct key *	keyring,
		struct key *	key
	)

key_link - Link a key to a keyring : The keyring to make the link in. : The key to link to.

Make a link in a keyring to a key, such that the keyring holds a reference on that key and the key can potentially be found by searching that keyring.

This function will write-lock the keyring's semaphore and will consume some of the user's key data quota to hold the link.

Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is full, -EDQUOT if there is insufficient key data quota remaining to add another link or -ENOMEM if there's insufficient memory.

It is assumed that the caller has checked that it is permitted for a link to be made (the keyring should have Write permission and the key Link permission).

Definition at line 1003 of file keyring.c.

int key_unlink	(	struct key *	keyring,
		struct key *	key
	)

key_unlink - Unlink the first link to a key from a keyring. : The keyring to remove the link from. : The key the link is to.

Remove a link from a keyring to a key.

This function will write-lock the keyring's semaphore.

Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if the key isn't linked to by the keyring or -ENOMEM if there's insufficient memory.

It is assumed that the caller has checked that it is permitted for a link to be removed (the keyring should have Write permission; no permissions are required on the key).

Definition at line 1040 of file keyring.c.

struct key* keyring_alloc	(	const char *	description,
		kuid_t	uid,
		kgid_t	gid,
		const struct cred *	cred,
		unsigned long	flags,
		struct key *	dest
	)

read

Definition at line 259 of file keyring.c.

int keyring_clear ( struct key * keyring )

keyring_clear - Clear a keyring : The keyring to clear.

Clear the contents of the specified keyring.

Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.

Definition at line 1134 of file keyring.c.

void keyring_gc	(	struct key *	keyring,
		time_t	limit
	)

Definition at line 1195 of file keyring.c.

key_ref_t keyring_search	(	key_ref_t	keyring,
		struct key_type *	type,
		const char *	description
	)

keyring_search - Search the supplied keyring tree for a matching key : The root of the keyring tree to be searched. : The type of keyring we want to find. : The name of the keyring we want to find.

As keyring_search_aux() above, but using the current task's credentials and type's default matching function.

Definition at line 514 of file keyring.c.

key_ref_t keyring_search_aux	(	key_ref_t	keyring_ref,
		const struct cred *	cred,
		struct key_type *	type,
		const void *	description,
		key_match_func_t	match,
		bool	no_state_check
	)

keyring_search_aux - Search a keyring tree for a key matching some criteria : A pointer to the keyring with possession indicator. : The credentials to use for permissions checks. : The type of key to search for. : Parameter for . : Function to rule on whether or not a key is the one required. : Don't check if a matching key is bad

Search the supplied keyring tree for a key that matches the criteria given. The root keyring and any linked keyrings must grant Search permission to the caller to be searchable and keys can only be found if they too grant Search to the caller. The possession flag on the root keyring pointer controls use of the possessor bits in permissions checking of the entire tree. In addition, the LSM gets to forbid keyring searches and key matches.

The search is performed as a breadth-then-depth search up to the prescribed limit (KEYRING_SEARCH_MAX_DEPTH).

Keys are matched to the type provided and are then filtered by the match function, which is given the description to use in any way it sees fit. The match function may use any attributes of a key that it wishes to to determine the match. Normally the match function from the key type would be used.

RCU is used to prevent the keyring key lists from disappearing without the need to take lots of locks.

Returns a pointer to the found key and increments the key usage count if successful; -EAGAIN if no matching keys were found, or if expired or revoked keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the specified keyring wasn't a keyring.

In the case of a successful return, the possession attribute from is propagated to the returned key reference.

Definition at line 318 of file keyring.c.

Variable Documentation

struct key_type key_type_keyring

Initial value:

= {
    .name       = "keyring",
    .def_datalen    = sizeof(struct keyring_list),
    .instantiate    = keyring_instantiate,
    .match      = keyring_match,
    .revoke     = keyring_revoke,
    .destroy    = keyring_destroy,
    .describe   = keyring_describe,
    .read       = keyring_read,
}

Definition at line 77 of file keyring.c.

Macros

Functions

Variables

Macro Definition Documentation

Function Documentation

Variable Documentation