]>
Commit | Line | Data |
---|---|---|
76181c13 | 1 | /* Request a key from userspace |
1da177e4 | 2 | * |
76181c13 | 3 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
fdb89bce | 19 | #include <linux/slab.h> |
1da177e4 LT |
20 | #include "internal.h" |
21 | ||
e9e349b0 DH |
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
23 | ||
76181c13 DH |
24 | /* |
25 | * wait_on_bit() sleep function for uninterruptible waiting | |
26 | */ | |
27 | static int key_wait_bit(void *flags) | |
28 | { | |
29 | schedule(); | |
30 | return 0; | |
31 | } | |
32 | ||
33 | /* | |
34 | * wait_on_bit() sleep function for interruptible waiting | |
35 | */ | |
36 | static int key_wait_bit_intr(void *flags) | |
37 | { | |
38 | schedule(); | |
39 | return signal_pending(current) ? -ERESTARTSYS : 0; | |
40 | } | |
41 | ||
42 | /* | |
43 | * call to complete the construction of a key | |
44 | */ | |
45 | void complete_request_key(struct key_construction *cons, int error) | |
46 | { | |
47 | kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); | |
1da177e4 | 48 | |
76181c13 DH |
49 | if (error < 0) |
50 | key_negate_and_link(cons->key, key_negative_timeout, NULL, | |
51 | cons->authkey); | |
52 | else | |
53 | key_revoke(cons->authkey); | |
54 | ||
55 | key_put(cons->key); | |
56 | key_put(cons->authkey); | |
57 | kfree(cons); | |
58 | } | |
59 | EXPORT_SYMBOL(complete_request_key); | |
1da177e4 | 60 | |
1da177e4 LT |
61 | /* |
62 | * request userspace finish the construction of a key | |
b5f545c8 | 63 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 64 | */ |
76181c13 | 65 | static int call_sbin_request_key(struct key_construction *cons, |
4e54f085 DH |
66 | const char *op, |
67 | void *aux) | |
1da177e4 | 68 | { |
86a264ab | 69 | const struct cred *cred = current_cred(); |
1da177e4 | 70 | key_serial_t prkey, sskey; |
93b4a44f DH |
71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring, |
72 | *session; | |
b5f545c8 | 73 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
1da177e4 | 74 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 75 | char desc[20]; |
3e30148c DH |
76 | int ret, i; |
77 | ||
b5f545c8 | 78 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 79 | |
8bbf4976 DH |
80 | ret = install_user_keyrings(); |
81 | if (ret < 0) | |
82 | goto error_alloc; | |
83 | ||
b5f545c8 DH |
84 | /* allocate a new session keyring */ |
85 | sprintf(desc, "_req.%u", key->serial); | |
86 | ||
d84f4f99 DH |
87 | cred = get_current_cred(); |
88 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | |
7e047ef5 | 89 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
d84f4f99 | 90 | put_cred(cred); |
b5f545c8 DH |
91 | if (IS_ERR(keyring)) { |
92 | ret = PTR_ERR(keyring); | |
93 | goto error_alloc; | |
3e30148c | 94 | } |
1da177e4 | 95 | |
b5f545c8 | 96 | /* attach the auth key to the session keyring */ |
896903c2 | 97 | ret = key_link(keyring, authkey); |
b5f545c8 DH |
98 | if (ret < 0) |
99 | goto error_link; | |
100 | ||
1da177e4 | 101 | /* record the UID and GID */ |
86a264ab DH |
102 | sprintf(uid_str, "%d", cred->fsuid); |
103 | sprintf(gid_str, "%d", cred->fsgid); | |
1da177e4 LT |
104 | |
105 | /* we say which key is under construction */ | |
106 | sprintf(key_str, "%d", key->serial); | |
107 | ||
108 | /* we specify the process's default keyrings */ | |
109 | sprintf(keyring_str[0], "%d", | |
d84f4f99 | 110 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
1da177e4 LT |
111 | |
112 | prkey = 0; | |
bb952bb9 DH |
113 | if (cred->tgcred->process_keyring) |
114 | prkey = cred->tgcred->process_keyring->serial; | |
1da177e4 | 115 | |
93b4a44f DH |
116 | rcu_read_lock(); |
117 | session = rcu_dereference(cred->tgcred->session_keyring); | |
118 | if (!session) | |
119 | session = cred->user->session_keyring; | |
120 | sskey = session->serial; | |
121 | rcu_read_unlock(); | |
1da177e4 | 122 | |
1da177e4 LT |
123 | sprintf(keyring_str[2], "%d", sskey); |
124 | ||
125 | /* set up a minimal environment */ | |
126 | i = 0; | |
127 | envp[i++] = "HOME=/"; | |
128 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
129 | envp[i] = NULL; | |
130 | ||
131 | /* set up the argument list */ | |
132 | i = 0; | |
133 | argv[i++] = "/sbin/request-key"; | |
134 | argv[i++] = (char *) op; | |
135 | argv[i++] = key_str; | |
136 | argv[i++] = uid_str; | |
137 | argv[i++] = gid_str; | |
138 | argv[i++] = keyring_str[0]; | |
139 | argv[i++] = keyring_str[1]; | |
140 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
141 | argv[i] = NULL; |
142 | ||
143 | /* do it */ | |
86313c48 JF |
144 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, |
145 | UMH_WAIT_PROC); | |
76181c13 DH |
146 | kdebug("usermode -> 0x%x", ret); |
147 | if (ret >= 0) { | |
148 | /* ret is the exit/wait code */ | |
149 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || | |
150 | key_validate(key) < 0) | |
151 | ret = -ENOKEY; | |
152 | else | |
153 | /* ignore any errors from userspace if the key was | |
154 | * instantiated */ | |
155 | ret = 0; | |
156 | } | |
3e30148c | 157 | |
b5f545c8 DH |
158 | error_link: |
159 | key_put(keyring); | |
3e30148c | 160 | |
b5f545c8 | 161 | error_alloc: |
76181c13 | 162 | complete_request_key(cons, ret); |
d84f4f99 | 163 | kleave(" = %d", ret); |
3e30148c | 164 | return ret; |
76181c13 | 165 | } |
1da177e4 | 166 | |
1da177e4 | 167 | /* |
76181c13 | 168 | * call out to userspace for key construction |
1da177e4 LT |
169 | * - we ignore program failure and go on key status instead |
170 | */ | |
4a38e122 | 171 | static int construct_key(struct key *key, const void *callout_info, |
8bbf4976 DH |
172 | size_t callout_len, void *aux, |
173 | struct key *dest_keyring) | |
1da177e4 | 174 | { |
76181c13 | 175 | struct key_construction *cons; |
b5f545c8 | 176 | request_key_actor_t actor; |
76181c13 DH |
177 | struct key *authkey; |
178 | int ret; | |
1da177e4 | 179 | |
4a38e122 | 180 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
3e30148c | 181 | |
76181c13 DH |
182 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
183 | if (!cons) | |
184 | return -ENOMEM; | |
1da177e4 | 185 | |
b5f545c8 | 186 | /* allocate an authorisation key */ |
8bbf4976 DH |
187 | authkey = request_key_auth_new(key, callout_info, callout_len, |
188 | dest_keyring); | |
b5f545c8 | 189 | if (IS_ERR(authkey)) { |
76181c13 | 190 | kfree(cons); |
b5f545c8 DH |
191 | ret = PTR_ERR(authkey); |
192 | authkey = NULL; | |
76181c13 DH |
193 | } else { |
194 | cons->authkey = key_get(authkey); | |
195 | cons->key = key_get(key); | |
196 | ||
197 | /* make the call */ | |
198 | actor = call_sbin_request_key; | |
199 | if (key->type->request_key) | |
200 | actor = key->type->request_key; | |
201 | ||
202 | ret = actor(cons, "create", aux); | |
203 | ||
204 | /* check that the actor called complete_request_key() prior to | |
205 | * returning an error */ | |
206 | WARN_ON(ret < 0 && | |
207 | !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); | |
208 | key_put(authkey); | |
1da177e4 LT |
209 | } |
210 | ||
76181c13 DH |
211 | kleave(" = %d", ret); |
212 | return ret; | |
213 | } | |
1da177e4 | 214 | |
3e30148c | 215 | /* |
8bbf4976 DH |
216 | * get the appropriate destination keyring for the request |
217 | * - we return whatever keyring we select with an extra reference upon it which | |
218 | * the caller must release | |
3e30148c | 219 | */ |
8bbf4976 | 220 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
3e30148c | 221 | { |
8bbf4976 | 222 | struct request_key_auth *rka; |
bb952bb9 | 223 | const struct cred *cred = current_cred(); |
8bbf4976 | 224 | struct key *dest_keyring = *_dest_keyring, *authkey; |
3e30148c | 225 | |
8bbf4976 | 226 | kenter("%p", dest_keyring); |
3e30148c DH |
227 | |
228 | /* find the appropriate keyring */ | |
8bbf4976 DH |
229 | if (dest_keyring) { |
230 | /* the caller supplied one */ | |
231 | key_get(dest_keyring); | |
232 | } else { | |
233 | /* use a default keyring; falling through the cases until we | |
234 | * find one that we actually have */ | |
bb952bb9 | 235 | switch (cred->jit_keyring) { |
3e30148c | 236 | case KEY_REQKEY_DEFL_DEFAULT: |
8bbf4976 | 237 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
bb952bb9 DH |
238 | if (cred->request_key_auth) { |
239 | authkey = cred->request_key_auth; | |
8bbf4976 DH |
240 | down_read(&authkey->sem); |
241 | rka = authkey->payload.data; | |
242 | if (!test_bit(KEY_FLAG_REVOKED, | |
243 | &authkey->flags)) | |
244 | dest_keyring = | |
245 | key_get(rka->dest_keyring); | |
246 | up_read(&authkey->sem); | |
247 | if (dest_keyring) | |
248 | break; | |
249 | } | |
250 | ||
3e30148c | 251 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
bb952bb9 | 252 | dest_keyring = key_get(cred->thread_keyring); |
3e30148c DH |
253 | if (dest_keyring) |
254 | break; | |
255 | ||
256 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
bb952bb9 | 257 | dest_keyring = key_get(cred->tgcred->process_keyring); |
3e30148c DH |
258 | if (dest_keyring) |
259 | break; | |
260 | ||
261 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
262 | rcu_read_lock(); | |
263 | dest_keyring = key_get( | |
bb952bb9 | 264 | rcu_dereference(cred->tgcred->session_keyring)); |
3e30148c | 265 | rcu_read_unlock(); |
3e30148c DH |
266 | |
267 | if (dest_keyring) | |
268 | break; | |
269 | ||
270 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
b6dff3ec | 271 | dest_keyring = |
bb952bb9 | 272 | key_get(cred->user->session_keyring); |
3e30148c DH |
273 | break; |
274 | ||
275 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
bb952bb9 | 276 | dest_keyring = key_get(cred->user->uid_keyring); |
3e30148c DH |
277 | break; |
278 | ||
279 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
280 | default: | |
281 | BUG(); | |
282 | } | |
283 | } | |
284 | ||
8bbf4976 DH |
285 | *_dest_keyring = dest_keyring; |
286 | kleave(" [dk %d]", key_serial(dest_keyring)); | |
287 | return; | |
76181c13 | 288 | } |
3e30148c | 289 | |
76181c13 DH |
290 | /* |
291 | * allocate a new key in under-construction state and attempt to link it in to | |
292 | * the requested place | |
293 | * - may return a key that's already under construction instead | |
294 | */ | |
295 | static int construct_alloc_key(struct key_type *type, | |
296 | const char *description, | |
297 | struct key *dest_keyring, | |
298 | unsigned long flags, | |
299 | struct key_user *user, | |
300 | struct key **_key) | |
301 | { | |
d84f4f99 | 302 | const struct cred *cred = current_cred(); |
76181c13 DH |
303 | struct key *key; |
304 | key_ref_t key_ref; | |
2b9e4688 | 305 | int ret; |
76181c13 DH |
306 | |
307 | kenter("%s,%s,,,", type->name, description); | |
308 | ||
309 | mutex_lock(&user->cons_lock); | |
310 | ||
d84f4f99 DH |
311 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
312 | KEY_POS_ALL, flags); | |
76181c13 DH |
313 | if (IS_ERR(key)) |
314 | goto alloc_failed; | |
315 | ||
316 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | |
317 | ||
34574dd1 DH |
318 | if (dest_keyring) |
319 | down_write(&dest_keyring->sem); | |
76181c13 DH |
320 | |
321 | /* attach the key to the destination keyring under lock, but we do need | |
322 | * to do another check just in case someone beat us to it whilst we | |
323 | * waited for locks */ | |
324 | mutex_lock(&key_construction_mutex); | |
325 | ||
d84f4f99 | 326 | key_ref = search_process_keyrings(type, description, type->match, cred); |
76181c13 DH |
327 | if (!IS_ERR(key_ref)) |
328 | goto key_already_present; | |
329 | ||
34574dd1 DH |
330 | if (dest_keyring) |
331 | __key_link(dest_keyring, key); | |
76181c13 DH |
332 | |
333 | mutex_unlock(&key_construction_mutex); | |
34574dd1 DH |
334 | if (dest_keyring) |
335 | up_write(&dest_keyring->sem); | |
76181c13 DH |
336 | mutex_unlock(&user->cons_lock); |
337 | *_key = key; | |
338 | kleave(" = 0 [%d]", key_serial(key)); | |
339 | return 0; | |
340 | ||
2b9e4688 DH |
341 | /* the key is now present - we tell the caller that we found it by |
342 | * returning -EINPROGRESS */ | |
76181c13 DH |
343 | key_already_present: |
344 | mutex_unlock(&key_construction_mutex); | |
2b9e4688 | 345 | ret = 0; |
03449cd9 | 346 | if (dest_keyring) { |
2b9e4688 | 347 | ret = __key_link(dest_keyring, key_ref_to_ptr(key_ref)); |
76181c13 | 348 | up_write(&dest_keyring->sem); |
03449cd9 | 349 | } |
76181c13 DH |
350 | mutex_unlock(&user->cons_lock); |
351 | key_put(key); | |
2b9e4688 DH |
352 | if (ret < 0) { |
353 | key_ref_put(key_ref); | |
354 | *_key = NULL; | |
355 | kleave(" = %d [link]", ret); | |
356 | return ret; | |
357 | } | |
76181c13 DH |
358 | *_key = key = key_ref_to_ptr(key_ref); |
359 | kleave(" = -EINPROGRESS [%d]", key_serial(key)); | |
360 | return -EINPROGRESS; | |
361 | ||
362 | alloc_failed: | |
363 | mutex_unlock(&user->cons_lock); | |
364 | *_key = NULL; | |
365 | kleave(" = %ld", PTR_ERR(key)); | |
366 | return PTR_ERR(key); | |
367 | } | |
368 | ||
369 | /* | |
370 | * commence key construction | |
371 | */ | |
372 | static struct key *construct_key_and_link(struct key_type *type, | |
373 | const char *description, | |
374 | const char *callout_info, | |
4a38e122 | 375 | size_t callout_len, |
76181c13 DH |
376 | void *aux, |
377 | struct key *dest_keyring, | |
378 | unsigned long flags) | |
379 | { | |
380 | struct key_user *user; | |
381 | struct key *key; | |
382 | int ret; | |
383 | ||
d84f4f99 DH |
384 | kenter(""); |
385 | ||
1d1e9756 | 386 | user = key_user_lookup(current_fsuid(), current_user_ns()); |
76181c13 DH |
387 | if (!user) |
388 | return ERR_PTR(-ENOMEM); | |
389 | ||
8bbf4976 DH |
390 | construct_get_dest_keyring(&dest_keyring); |
391 | ||
76181c13 DH |
392 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
393 | &key); | |
394 | key_user_put(user); | |
395 | ||
396 | if (ret == 0) { | |
8bbf4976 DH |
397 | ret = construct_key(key, callout_info, callout_len, aux, |
398 | dest_keyring); | |
d84f4f99 DH |
399 | if (ret < 0) { |
400 | kdebug("cons failed"); | |
76181c13 | 401 | goto construction_failed; |
d84f4f99 | 402 | } |
2b9e4688 DH |
403 | } else if (ret == -EINPROGRESS) { |
404 | ret = 0; | |
405 | } else { | |
406 | key = ERR_PTR(ret); | |
76181c13 DH |
407 | } |
408 | ||
8bbf4976 | 409 | key_put(dest_keyring); |
d84f4f99 | 410 | kleave(" = key %d", key_serial(key)); |
76181c13 DH |
411 | return key; |
412 | ||
413 | construction_failed: | |
414 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | |
415 | key_put(key); | |
8bbf4976 | 416 | key_put(dest_keyring); |
d84f4f99 | 417 | kleave(" = %d", ret); |
76181c13 DH |
418 | return ERR_PTR(ret); |
419 | } | |
3e30148c | 420 | |
1da177e4 LT |
421 | /* |
422 | * request a key | |
423 | * - search the process's keyrings | |
424 | * - check the list of keys being created or updated | |
3e30148c DH |
425 | * - call out to userspace for a key if supplementary info was provided |
426 | * - cache the key in an appropriate keyring | |
1da177e4 | 427 | */ |
3e30148c DH |
428 | struct key *request_key_and_link(struct key_type *type, |
429 | const char *description, | |
4a38e122 DH |
430 | const void *callout_info, |
431 | size_t callout_len, | |
4e54f085 | 432 | void *aux, |
7e047ef5 DH |
433 | struct key *dest_keyring, |
434 | unsigned long flags) | |
1da177e4 | 435 | { |
d84f4f99 | 436 | const struct cred *cred = current_cred(); |
1da177e4 | 437 | struct key *key; |
664cceb0 | 438 | key_ref_t key_ref; |
2b9e4688 | 439 | int ret; |
1da177e4 | 440 | |
4a38e122 DH |
441 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
442 | type->name, description, callout_info, callout_len, aux, | |
4e54f085 | 443 | dest_keyring, flags); |
3e30148c | 444 | |
1da177e4 | 445 | /* search all the process keyrings for a key */ |
664cceb0 | 446 | key_ref = search_process_keyrings(type, description, type->match, |
d84f4f99 | 447 | cred); |
1da177e4 | 448 | |
664cceb0 DH |
449 | if (!IS_ERR(key_ref)) { |
450 | key = key_ref_to_ptr(key_ref); | |
03449cd9 DH |
451 | if (dest_keyring) { |
452 | construct_get_dest_keyring(&dest_keyring); | |
2b9e4688 | 453 | ret = key_link(dest_keyring, key); |
03449cd9 | 454 | key_put(dest_keyring); |
2b9e4688 DH |
455 | if (ret < 0) { |
456 | key_put(key); | |
457 | key = ERR_PTR(ret); | |
458 | goto error; | |
459 | } | |
03449cd9 | 460 | } |
76181c13 | 461 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
e231c2ee | 462 | key = ERR_CAST(key_ref); |
76181c13 | 463 | } else { |
1da177e4 LT |
464 | /* the search failed, but the keyrings were searchable, so we |
465 | * should consult userspace if we can */ | |
466 | key = ERR_PTR(-ENOKEY); | |
467 | if (!callout_info) | |
468 | goto error; | |
469 | ||
76181c13 | 470 | key = construct_key_and_link(type, description, callout_info, |
4a38e122 DH |
471 | callout_len, aux, dest_keyring, |
472 | flags); | |
1da177e4 LT |
473 | } |
474 | ||
3e30148c DH |
475 | error: |
476 | kleave(" = %p", key); | |
1da177e4 | 477 | return key; |
76181c13 | 478 | } |
1da177e4 | 479 | |
76181c13 DH |
480 | /* |
481 | * wait for construction of a key to complete | |
482 | */ | |
483 | int wait_for_key_construction(struct key *key, bool intr) | |
484 | { | |
485 | int ret; | |
3e30148c | 486 | |
76181c13 DH |
487 | ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, |
488 | intr ? key_wait_bit_intr : key_wait_bit, | |
489 | intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); | |
490 | if (ret < 0) | |
491 | return ret; | |
492 | return key_validate(key); | |
493 | } | |
494 | EXPORT_SYMBOL(wait_for_key_construction); | |
3e30148c | 495 | |
3e30148c DH |
496 | /* |
497 | * request a key | |
498 | * - search the process's keyrings | |
499 | * - check the list of keys being created or updated | |
500 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 501 | * - waits uninterruptible for creation to complete |
3e30148c DH |
502 | */ |
503 | struct key *request_key(struct key_type *type, | |
504 | const char *description, | |
505 | const char *callout_info) | |
506 | { | |
76181c13 | 507 | struct key *key; |
4a38e122 | 508 | size_t callout_len = 0; |
76181c13 DH |
509 | int ret; |
510 | ||
4a38e122 DH |
511 | if (callout_info) |
512 | callout_len = strlen(callout_info); | |
513 | key = request_key_and_link(type, description, callout_info, callout_len, | |
514 | NULL, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
515 | if (!IS_ERR(key)) { |
516 | ret = wait_for_key_construction(key, false); | |
517 | if (ret < 0) { | |
518 | key_put(key); | |
519 | return ERR_PTR(ret); | |
520 | } | |
521 | } | |
522 | return key; | |
523 | } | |
1da177e4 | 524 | EXPORT_SYMBOL(request_key); |
4e54f085 | 525 | |
4e54f085 DH |
526 | /* |
527 | * request a key with auxiliary data for the upcaller | |
528 | * - search the process's keyrings | |
529 | * - check the list of keys being created or updated | |
530 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 531 | * - waits uninterruptible for creation to complete |
4e54f085 DH |
532 | */ |
533 | struct key *request_key_with_auxdata(struct key_type *type, | |
534 | const char *description, | |
4a38e122 DH |
535 | const void *callout_info, |
536 | size_t callout_len, | |
4e54f085 DH |
537 | void *aux) |
538 | { | |
76181c13 DH |
539 | struct key *key; |
540 | int ret; | |
541 | ||
4a38e122 DH |
542 | key = request_key_and_link(type, description, callout_info, callout_len, |
543 | aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
544 | if (!IS_ERR(key)) { |
545 | ret = wait_for_key_construction(key, false); | |
546 | if (ret < 0) { | |
547 | key_put(key); | |
548 | return ERR_PTR(ret); | |
549 | } | |
550 | } | |
551 | return key; | |
552 | } | |
553 | EXPORT_SYMBOL(request_key_with_auxdata); | |
4e54f085 | 554 | |
76181c13 DH |
555 | /* |
556 | * request a key (allow async construction) | |
557 | * - search the process's keyrings | |
558 | * - check the list of keys being created or updated | |
559 | * - call out to userspace for a key if supplementary info was provided | |
560 | */ | |
561 | struct key *request_key_async(struct key_type *type, | |
562 | const char *description, | |
4a38e122 DH |
563 | const void *callout_info, |
564 | size_t callout_len) | |
76181c13 | 565 | { |
4a38e122 DH |
566 | return request_key_and_link(type, description, callout_info, |
567 | callout_len, NULL, NULL, | |
568 | KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
569 | } |
570 | EXPORT_SYMBOL(request_key_async); | |
4e54f085 | 571 | |
76181c13 DH |
572 | /* |
573 | * request a key with auxiliary data for the upcaller (allow async construction) | |
574 | * - search the process's keyrings | |
575 | * - check the list of keys being created or updated | |
576 | * - call out to userspace for a key if supplementary info was provided | |
577 | */ | |
578 | struct key *request_key_async_with_auxdata(struct key_type *type, | |
579 | const char *description, | |
4a38e122 DH |
580 | const void *callout_info, |
581 | size_t callout_len, | |
76181c13 DH |
582 | void *aux) |
583 | { | |
4a38e122 DH |
584 | return request_key_and_link(type, description, callout_info, |
585 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
586 | } |
587 | EXPORT_SYMBOL(request_key_async_with_auxdata); |