Linux Kernel
3.7.1
|
#include <linux/module.h>
#include <linux/init.h>
#include <linux/poison.h>
#include <linux/sched.h>
#include <linux/slab.h>
#include <linux/security.h>
#include <linux/workqueue.h>
#include <linux/random.h>
#include <linux/err.h>
#include "internal.h"
Go to the source code of this file.
Variables | |
struct kmem_cache * | key_jar |
struct rb_root | key_serial_tree |
struct rb_root | key_user_tree |
unsigned int | key_quota_root_maxkeys = 200 |
unsigned int | key_quota_root_maxbytes = 20000 |
unsigned int | key_quota_maxkeys = 200 |
unsigned int | key_quota_maxbytes = 20000 |
DEFINE_MUTEX | ( | key_construction_mutex | ) |
DEFINE_SPINLOCK | ( | key_serial_lock | ) |
DEFINE_SPINLOCK | ( | key_user_lock | ) |
EXPORT_SYMBOL | ( | key_alloc | ) |
EXPORT_SYMBOL | ( | key_payload_reserve | ) |
EXPORT_SYMBOL | ( | key_instantiate_and_link | ) |
EXPORT_SYMBOL | ( | key_reject_and_link | ) |
EXPORT_SYMBOL | ( | key_put | ) |
EXPORT_SYMBOL | ( | key_create_or_update | ) |
EXPORT_SYMBOL | ( | key_update | ) |
EXPORT_SYMBOL | ( | key_revoke | ) |
EXPORT_SYMBOL | ( | key_invalidate | ) |
EXPORT_SYMBOL | ( | register_key_type | ) |
EXPORT_SYMBOL | ( | unregister_key_type | ) |
EXPORT_SYMBOL_GPL | ( | key_set_timeout | ) |
|
read |
key_alloc - Allocate a key of the specified type. : The type of key to allocate. : The key description to allow the key to be searched out. : The owner of the new key. : The group ID for the new key's group permissions. : The credentials specifying UID namespace. : The permissions mask of the new key. : Flags specifying quota properties.
Allocate a key of the specified type with the attributes given. The key is returned in an uninstantiated state and the caller needs to instantiate the key before returning.
The user's key count quota is updated to reflect the creation of the key and the user's key data quota has the default for the key type reserved. The instantiation function should amend this as necessary. If insufficient quota is available, -EDQUOT will be returned.
The LSM security modules can prevent a key being created, in which case -EACCES will be returned.
Returns a pointer to the new key if successful and an error code otherwise.
Note that the caller needs to ensure the key type isn't uninstantiated. Internally this can be done by locking key_types_sem. Externally, this can be done by either never unregistering the key type, or making sure key_alloc() calls don't race with module unloading.
key_ref_t key_create_or_update | ( | key_ref_t | keyring_ref, |
const char * | type, | ||
const char * | description, | ||
const void * | payload, | ||
size_t | plen, | ||
key_perm_t | perm, | ||
unsigned long | flags | ||
) |
key_create_or_update - Update or create and instantiate a key. : A pointer to the destination keyring with possession flag. : The type of key. : The searchable description for the key. : The data to use to instantiate or update the key. : The length of . : The permissions mask for a new key. : The quota flags for a new key.
Search the destination keyring for a key of the same description and if one is found, update it, otherwise create and instantiate a new one and create a link to it from that keyring.
If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be concocted.
Returns a pointer to the new key if successful, -ENODEV if the key type wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the caller isn't permitted to modify the keyring or the LSM did not permit creation of the key.
On success, the possession flag from the keyring ref will be tacked on to the key ref before it is returned.
int key_instantiate_and_link | ( | struct key * | key, |
const void * | data, | ||
size_t | datalen, | ||
struct key * | keyring, | ||
struct key * | authkey | ||
) |
key_instantiate_and_link - Instantiate a key and link it into the keyring. : The key to instantiate. : The data to use to instantiate the keyring. : The length of . : Keyring to create a link in on success (or NULL). : The authorisation token permitting instantiation.
Instantiate a key that's in the uninstantiated state using the provided data and, if successful, link it in to the destination keyring if one is supplied.
If successful, 0 is returned, the authorisation token is revoked and anyone waiting for the key is woken up. If the key was already instantiated, -EBUSY will be returned.
key_payload_reserve - Adjust data quota reservation for the key's payload : The key to make the reservation for. : The amount of data payload the caller now wants.
Adjust the amount of the owning user's key data quota that a key reserves. If the amount is increased, then -EDQUOT may be returned if there isn't enough free quota available.
If successful, 0 is returned.
int key_reject_and_link | ( | struct key * | key, |
unsigned | timeout, | ||
unsigned | error, | ||
struct key * | keyring, | ||
struct key * | authkey | ||
) |
key_reject_and_link - Negatively instantiate a key and link it into the keyring. : The key to instantiate. : The timeout on the negative key. : The error to return when the key is hit. : Keyring to create a link in on success (or NULL). : The authorisation token permitting instantiation.
Negatively instantiate a key that's in the uninstantiated state and, if successful, set its timeout and stored error and link it in to the destination keyring if one is supplied. The key and any links to the key will be automatically garbage collected after the timeout expires.
Negative keys are used to rate limit repeated request_key() calls by causing them to return the stored error code (typically ENOKEY) until the negative key expires.
If successful, 0 is returned, the authorisation token is revoked and anyone waiting for the key is woken up. If the key was already instantiated, -EBUSY will be returned.
key_update - Update a key's contents. : The pointer (plus possession flag) to the key. : The data to be used to update the key. : The length of .
Attempt to update the contents of a key with the given payload data. The caller must be granted Write permission on the key. Negative keys can be instantiated by this method.
Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key type does not support updating. The key type may return other errors.
struct kmem_cache* key_jar |