|
Linux Kernel
3.7.1
|
All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
|
Linux Kernel
3.7.1
|
Go to the source code of this file.
Data Structures | |
| struct | key_user |
| struct | request_key_auth |
Macros | |
| #define | kenter(FMT,...) no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
| #define | kleave(FMT,...) no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
| #define | kdebug(FMT,...) no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) |
| #define | KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */ |
| #define | KEY_LOOKUP_CREATE 0x01 |
| #define | KEY_LOOKUP_PARTIAL 0x02 |
| #define | KEY_LOOKUP_FOR_UNLINK 0x04 |
| #define | KEY_VIEW 0x01 /* require permission to view attributes */ |
| #define | KEY_READ 0x02 /* require permission to read content */ |
| #define | KEY_WRITE 0x04 /* require permission to update / modify */ |
| #define | KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ |
| #define | KEY_LINK 0x10 /* require permission to link */ |
| #define | KEY_SETATTR 0x20 /* require permission to change attributes */ |
| #define | KEY_ALL 0x3f /* all the above permissions */ |
| #define | key_check(key) do {} while(0) |
Typedefs | |
| typedef int(* | key_match_func_t )(const struct key *, const void *) |
Variables | |
| struct key_type | key_type_dead |
| struct key_type | key_type_user |
| struct key_type | key_type_logon |
| struct rb_root | key_user_tree |
| spinlock_t | key_user_lock |
| struct key_user | root_key_user |
| unsigned | key_quota_root_maxkeys |
| unsigned | key_quota_root_maxbytes |
| unsigned | key_quota_maxkeys |
| unsigned | key_quota_maxbytes |
| struct kmem_cache * | key_jar |
| struct rb_root | key_serial_tree |
| spinlock_t | key_serial_lock |
| struct mutex | key_construction_mutex |
| wait_queue_head_t | request_key_conswq |
| struct work_struct | key_gc_work |
| unsigned | key_gc_delay |
| struct key_type | key_type_request_key_auth |
| #define kdebug | ( | FMT, | |
| ... | |||
| ) | no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__) |
Definition at line 31 of file internal.h.
| #define kenter | ( | FMT, | |
| ... | |||
| ) | no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__) |
Definition at line 27 of file internal.h.
| #define KEY_ALL 0x3f /* all the above permissions */ |
Definition at line 178 of file internal.h.
| #define key_check | ( | key | ) | do {} while(0) |
Definition at line 260 of file internal.h.
| #define KEY_LINK 0x10 /* require permission to link */ |
Definition at line 176 of file internal.h.
| #define KEY_LOOKUP_CREATE 0x01 |
Definition at line 145 of file internal.h.
| #define KEY_LOOKUP_FOR_UNLINK 0x04 |
Definition at line 147 of file internal.h.
| #define KEY_LOOKUP_PARTIAL 0x02 |
Definition at line 146 of file internal.h.
| #define KEY_READ 0x02 /* require permission to read content */ |
Definition at line 173 of file internal.h.
| #define KEY_SEARCH 0x08 /* require permission to search (keyring) or find (key) */ |
Definition at line 175 of file internal.h.
| #define KEY_SETATTR 0x20 /* require permission to change attributes */ |
Definition at line 177 of file internal.h.
| #define KEY_VIEW 0x01 /* require permission to view attributes */ |
Definition at line 172 of file internal.h.
| #define KEY_WRITE 0x04 /* require permission to update / modify */ |
Definition at line 174 of file internal.h.
Definition at line 76 of file internal.h.
| #define kleave | ( | FMT, | |
| ... | |||
| ) | no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__) |
Definition at line 29 of file internal.h.
Definition at line 108 of file internal.h.
Definition at line 170 of file process_keys.c.
Definition at line 224 of file process_keys.c.
Definition at line 128 of file process_keys.c.
Definition at line 43 of file process_keys.c.
Definition at line 765 of file process_keys.c.
| void key_change_session_keyring | ( | struct callback_head * | twork | ) |
Definition at line 838 of file process_keys.c.
Definition at line 240 of file request_key_auth.c.
key_task_permission - Check a key can be used : The key to check. : The credentials to use. : The permissions to check for.
Check to see whether permission is granted to use a key in the desired way, but permit the security modules to override.
The caller must hold either a ref on cred or must hold the RCU readlock.
Returns 0 if successful, -EACCES if access is denied based on the permissions bits or the LSM check.
Definition at line 30 of file permission.c.
| long keyctl_negate_key | ( | key_serial_t | , |
| unsigned | , | ||
| key_serial_t | |||
| ) |
| long keyctl_reject_key | ( | key_serial_t | , |
| unsigned | , | ||
| unsigned | , | ||
| key_serial_t | |||
| ) |
| key_ref_t keyring_search_aux | ( | key_ref_t | keyring_ref, |
| const struct cred * | cred, | ||
| struct key_type * | type, | ||
| const void * | description, | ||
| key_match_func_t | match, | ||
| bool | no_state_check | ||
| ) |
keyring_search_aux - Search a keyring tree for a key matching some criteria : A pointer to the keyring with possession indicator. : The credentials to use for permissions checks. : The type of key to search for. : Parameter for . : Function to rule on whether or not a key is the one required. : Don't check if a matching key is bad
Search the supplied keyring tree for a key that matches the criteria given. The root keyring and any linked keyrings must grant Search permission to the caller to be searchable and keys can only be found if they too grant Search to the caller. The possession flag on the root keyring pointer controls use of the possessor bits in permissions checking of the entire tree. In addition, the LSM gets to forbid keyring searches and key matches.
The search is performed as a breadth-then-depth search up to the prescribed limit (KEYRING_SEARCH_MAX_DEPTH).
Keys are matched to the type provided and are then filtered by the match function, which is given the description to use in any way it sees fit. The match function may use any attributes of a key that it wishes to to determine the match. Normally the match function from the key type would be used.
RCU is used to prevent the keyring key lists from disappearing without the need to take lots of locks.
Returns a pointer to the found key and increments the key usage count if successful; -EAGAIN if no matching keys were found, or if expired or revoked keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the specified keyring wasn't a keyring.
In the case of a successful return, the possession attribute from is propagated to the returned key reference.
| key_ref_t lookup_user_key | ( | key_serial_t | id, |
| unsigned long | flags, | ||
| key_perm_t | perm | ||
| ) |
Definition at line 536 of file process_keys.c.
Definition at line 513 of file process_keys.c.
|
read |
request_key_and_link - Request a key and cache it in a keyring. : The type of key we want. : The searchable description of the key. : The data to pass to the instantiation upcall (or NULL). : The length of callout_info. : Auxiliary data for the upcall. : Where to cache the key. : Flags to key_alloc().
A key matching the specified criteria is searched for in the process's keyrings and returned with its usage count incremented if found. Otherwise, if callout_info is not NULL, a key will be allocated and some service (probably in userspace) will be asked to instantiate it.
If successfully found or created, the key will be linked to the destination keyring if one is provided.
Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was found; -ENOKEY if no key was found and no was given; -EDQUOT if insufficient key quota was available to create a new key; or -ENOMEM if insufficient memory was available.
If the returned key was created, then it may still be under construction, and wait_for_key_construction() should be used to wait for that to complete.
Definition at line 508 of file request_key.c.
|
read |
Definition at line 133 of file request_key_auth.c.
| key_ref_t search_my_process_keyrings | ( | struct key_type * | type, |
| const void * | description, | ||
| key_match_func_t | match, | ||
| bool | no_state_check, | ||
| const struct cred * | cred | ||
| ) |
Definition at line 332 of file process_keys.c.
| key_ref_t search_process_keyrings | ( | struct key_type * | type, |
| const void * | description, | ||
| key_match_func_t | match, | ||
| const struct cred * | cred | ||
| ) |
Definition at line 454 of file process_keys.c.
| struct work_struct key_gc_work |
| struct kmem_cache* key_jar |
| spinlock_t key_serial_lock |
| struct key_type key_type_logon |
Definition at line 46 of file user_defined.c.
| struct key_type key_type_request_key_auth |
Definition at line 32 of file request_key_auth.c.
| struct key_type key_type_user |
Definition at line 27 of file user_defined.c.
| spinlock_t key_user_lock |
| wait_queue_head_t request_key_conswq |
Definition at line 31 of file process_keys.c.
1.8.2