request_key.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754
  1. /* Request a key from userspace
  2. *
  3. * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. *
  11. * See Documentation/security/keys-request-key.txt
  12. */
  13. #include <linux/module.h>
  14. #include <linux/sched.h>
  15. #include <linux/kmod.h>
  16. #include <linux/err.h>
  17. #include <linux/keyctl.h>
  18. #include <linux/slab.h>
  19. #include "internal.h"
  20. #define key_negative_timeout 60 /* default timeout on a negative key's existence */
  21. /**
  22. * complete_request_key - Complete the construction of a key.
  23. * @cons: The key construction record.
  24. * @error: The success or failute of the construction.
  25. *
  26. * Complete the attempt to construct a key. The key will be negated
  27. * if an error is indicated. The authorisation key will be revoked
  28. * unconditionally.
  29. */
  30. void complete_request_key(struct key_construction *cons, int error)
  31. {
  32. kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  33. if (error < 0)
  34. key_negate_and_link(cons->key, key_negative_timeout, NULL,
  35. cons->authkey);
  36. else
  37. key_revoke(cons->authkey);
  38. key_put(cons->key);
  39. key_put(cons->authkey);
  40. kfree(cons);
  41. }
  42. EXPORT_SYMBOL(complete_request_key);
  43. /*
  44. * Initialise a usermode helper that is going to have a specific session
  45. * keyring.
  46. *
  47. * This is called in context of freshly forked kthread before kernel_execve(),
  48. * so we can simply install the desired session_keyring at this point.
  49. */
  50. static int umh_keys_init(struct subprocess_info *info, struct cred *cred)
  51. {
  52. struct key *keyring = info->data;
  53. return install_session_keyring_to_cred(cred, keyring);
  54. }
  55. /*
  56. * Clean up a usermode helper with session keyring.
  57. */
  58. static void umh_keys_cleanup(struct subprocess_info *info)
  59. {
  60. struct key *keyring = info->data;
  61. key_put(keyring);
  62. }
  63. /*
  64. * Call a usermode helper with a specific session keyring.
  65. */
  66. static int call_usermodehelper_keys(char *path, char **argv, char **envp,
  67. struct key *session_keyring, int wait)
  68. {
  69. struct subprocess_info *info;
  70. info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL,
  71. umh_keys_init, umh_keys_cleanup,
  72. session_keyring);
  73. if (!info)
  74. return -ENOMEM;
  75. key_get(session_keyring);
  76. return call_usermodehelper_exec(info, wait);
  77. }
  78. /*
  79. * Request userspace finish the construction of a key
  80. * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  81. */
  82. static int call_sbin_request_key(struct key_construction *cons,
  83. const char *op,
  84. void *aux)
  85. {
  86. const struct cred *cred = current_cred();
  87. key_serial_t prkey, sskey;
  88. struct key *key = cons->key, *authkey = cons->authkey, *keyring,
  89. *session;
  90. char *argv[9], *envp[3], uid_str[12], gid_str[12];
  91. char key_str[12], keyring_str[3][12];
  92. char desc[20];
  93. int ret, i;
  94. kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
  95. ret = install_user_keyrings();
  96. if (ret < 0)
  97. goto error_alloc;
  98. /* allocate a new session keyring */
  99. sprintf(desc, "_req.%u", key->serial);
  100. cred = get_current_cred();
  101. keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
  102. KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
  103. KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
  104. put_cred(cred);
  105. if (IS_ERR(keyring)) {
  106. ret = PTR_ERR(keyring);
  107. goto error_alloc;
  108. }
  109. /* attach the auth key to the session keyring */
  110. ret = key_link(keyring, authkey);
  111. if (ret < 0)
  112. goto error_link;
  113. /* record the UID and GID */
  114. sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
  115. sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
  116. /* we say which key is under construction */
  117. sprintf(key_str, "%d", key->serial);
  118. /* we specify the process's default keyrings */
  119. sprintf(keyring_str[0], "%d",
  120. cred->thread_keyring ? cred->thread_keyring->serial : 0);
  121. prkey = 0;
  122. if (cred->process_keyring)
  123. prkey = cred->process_keyring->serial;
  124. sprintf(keyring_str[1], "%d", prkey);
  125. rcu_read_lock();
  126. session = rcu_dereference(cred->session_keyring);
  127. if (!session)
  128. session = cred->user->session_keyring;
  129. sskey = session->serial;
  130. rcu_read_unlock();
  131. sprintf(keyring_str[2], "%d", sskey);
  132. /* set up a minimal environment */
  133. i = 0;
  134. envp[i++] = "HOME=/";
  135. envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
  136. envp[i] = NULL;
  137. /* set up the argument list */
  138. i = 0;
  139. argv[i++] = "/sbin/request-key";
  140. argv[i++] = (char *) op;
  141. argv[i++] = key_str;
  142. argv[i++] = uid_str;
  143. argv[i++] = gid_str;
  144. argv[i++] = keyring_str[0];
  145. argv[i++] = keyring_str[1];
  146. argv[i++] = keyring_str[2];
  147. argv[i] = NULL;
  148. /* do it */
  149. ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
  150. UMH_WAIT_PROC);
  151. kdebug("usermode -> 0x%x", ret);
  152. if (ret >= 0) {
  153. /* ret is the exit/wait code */
  154. if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
  155. key_validate(key) < 0)
  156. ret = -ENOKEY;
  157. else
  158. /* ignore any errors from userspace if the key was
  159. * instantiated */
  160. ret = 0;
  161. }
  162. error_link:
  163. key_put(keyring);
  164. error_alloc:
  165. complete_request_key(cons, ret);
  166. kleave(" = %d", ret);
  167. return ret;
  168. }
  169. /*
  170. * Call out to userspace for key construction.
  171. *
  172. * Program failure is ignored in favour of key status.
  173. */
  174. static int construct_key(struct key *key, const void *callout_info,
  175. size_t callout_len, void *aux,
  176. struct key *dest_keyring)
  177. {
  178. struct key_construction *cons;
  179. request_key_actor_t actor;
  180. struct key *authkey;
  181. int ret;
  182. kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
  183. cons = kmalloc(sizeof(*cons), GFP_KERNEL);
  184. if (!cons)
  185. return -ENOMEM;
  186. /* allocate an authorisation key */
  187. authkey = request_key_auth_new(key, callout_info, callout_len,
  188. dest_keyring);
  189. if (IS_ERR(authkey)) {
  190. kfree(cons);
  191. ret = PTR_ERR(authkey);
  192. authkey = NULL;
  193. } else {
  194. cons->authkey = key_get(authkey);
  195. cons->key = key_get(key);
  196. /* make the call */
  197. actor = call_sbin_request_key;
  198. if (key->type->request_key)
  199. actor = key->type->request_key;
  200. ret = actor(cons, "create", aux);
  201. /* check that the actor called complete_request_key() prior to
  202. * returning an error */
  203. WARN_ON(ret < 0 &&
  204. !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
  205. key_put(authkey);
  206. }
  207. kleave(" = %d", ret);
  208. return ret;
  209. }
  210. /*
  211. * Get the appropriate destination keyring for the request.
  212. *
  213. * The keyring selected is returned with an extra reference upon it which the
  214. * caller must release.
  215. */
  216. static int construct_get_dest_keyring(struct key **_dest_keyring)
  217. {
  218. struct request_key_auth *rka;
  219. const struct cred *cred = current_cred();
  220. struct key *dest_keyring = *_dest_keyring, *authkey;
  221. int ret;
  222. kenter("%p", dest_keyring);
  223. /* find the appropriate keyring */
  224. if (dest_keyring) {
  225. /* the caller supplied one */
  226. key_get(dest_keyring);
  227. } else {
  228. bool do_perm_check = true;
  229. /* use a default keyring; falling through the cases until we
  230. * find one that we actually have */
  231. switch (cred->jit_keyring) {
  232. case KEY_REQKEY_DEFL_DEFAULT:
  233. case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
  234. if (cred->request_key_auth) {
  235. authkey = cred->request_key_auth;
  236. down_read(&authkey->sem);
  237. rka = authkey->payload.data[0];
  238. if (!test_bit(KEY_FLAG_REVOKED,
  239. &authkey->flags))
  240. dest_keyring =
  241. key_get(rka->dest_keyring);
  242. up_read(&authkey->sem);
  243. if (dest_keyring) {
  244. do_perm_check = false;
  245. break;
  246. }
  247. }
  248. case KEY_REQKEY_DEFL_THREAD_KEYRING:
  249. dest_keyring = key_get(cred->thread_keyring);
  250. if (dest_keyring)
  251. break;
  252. case KEY_REQKEY_DEFL_PROCESS_KEYRING:
  253. dest_keyring = key_get(cred->process_keyring);
  254. if (dest_keyring)
  255. break;
  256. case KEY_REQKEY_DEFL_SESSION_KEYRING:
  257. rcu_read_lock();
  258. dest_keyring = key_get(
  259. rcu_dereference(cred->session_keyring));
  260. rcu_read_unlock();
  261. if (dest_keyring)
  262. break;
  263. case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
  264. dest_keyring =
  265. key_get(cred->user->session_keyring);
  266. break;
  267. case KEY_REQKEY_DEFL_USER_KEYRING:
  268. dest_keyring = key_get(cred->user->uid_keyring);
  269. break;
  270. case KEY_REQKEY_DEFL_GROUP_KEYRING:
  271. default:
  272. BUG();
  273. }
  274. /*
  275. * Require Write permission on the keyring. This is essential
  276. * because the default keyring may be the session keyring, and
  277. * joining a keyring only requires Search permission.
  278. *
  279. * However, this check is skipped for the "requestor keyring" so
  280. * that /sbin/request-key can itself use request_key() to add
  281. * keys to the original requestor's destination keyring.
  282. */
  283. if (dest_keyring && do_perm_check) {
  284. ret = key_permission(make_key_ref(dest_keyring, 1),
  285. KEY_NEED_WRITE);
  286. if (ret) {
  287. key_put(dest_keyring);
  288. return ret;
  289. }
  290. }
  291. }
  292. *_dest_keyring = dest_keyring;
  293. kleave(" [dk %d]", key_serial(dest_keyring));
  294. return 0;
  295. }
  296. /*
  297. * Allocate a new key in under-construction state and attempt to link it in to
  298. * the requested keyring.
  299. *
  300. * May return a key that's already under construction instead if there was a
  301. * race between two thread calling request_key().
  302. */
  303. static int construct_alloc_key(struct keyring_search_context *ctx,
  304. struct key *dest_keyring,
  305. unsigned long flags,
  306. struct key_user *user,
  307. struct key **_key)
  308. {
  309. struct assoc_array_edit *edit;
  310. struct key *key;
  311. key_perm_t perm;
  312. key_ref_t key_ref;
  313. int ret;
  314. kenter("%s,%s,,,",
  315. ctx->index_key.type->name, ctx->index_key.description);
  316. *_key = NULL;
  317. mutex_lock(&user->cons_lock);
  318. perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
  319. perm |= KEY_USR_VIEW;
  320. if (ctx->index_key.type->read)
  321. perm |= KEY_POS_READ;
  322. if (ctx->index_key.type == &key_type_keyring ||
  323. ctx->index_key.type->update)
  324. perm |= KEY_POS_WRITE;
  325. key = key_alloc(ctx->index_key.type, ctx->index_key.description,
  326. ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
  327. perm, flags, NULL);
  328. if (IS_ERR(key))
  329. goto alloc_failed;
  330. set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
  331. if (dest_keyring) {
  332. ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
  333. if (ret < 0)
  334. goto link_prealloc_failed;
  335. }
  336. /* attach the key to the destination keyring under lock, but we do need
  337. * to do another check just in case someone beat us to it whilst we
  338. * waited for locks */
  339. mutex_lock(&key_construction_mutex);
  340. key_ref = search_process_keyrings(ctx);
  341. if (!IS_ERR(key_ref))
  342. goto key_already_present;
  343. if (dest_keyring)
  344. __key_link(key, &edit);
  345. mutex_unlock(&key_construction_mutex);
  346. if (dest_keyring)
  347. __key_link_end(dest_keyring, &ctx->index_key, edit);
  348. mutex_unlock(&user->cons_lock);
  349. *_key = key;
  350. kleave(" = 0 [%d]", key_serial(key));
  351. return 0;
  352. /* the key is now present - we tell the caller that we found it by
  353. * returning -EINPROGRESS */
  354. key_already_present:
  355. key_put(key);
  356. mutex_unlock(&key_construction_mutex);
  357. key = key_ref_to_ptr(key_ref);
  358. if (dest_keyring) {
  359. ret = __key_link_check_live_key(dest_keyring, key);
  360. if (ret == 0)
  361. __key_link(key, &edit);
  362. __key_link_end(dest_keyring, &ctx->index_key, edit);
  363. if (ret < 0)
  364. goto link_check_failed;
  365. }
  366. mutex_unlock(&user->cons_lock);
  367. *_key = key;
  368. kleave(" = -EINPROGRESS [%d]", key_serial(key));
  369. return -EINPROGRESS;
  370. link_check_failed:
  371. mutex_unlock(&user->cons_lock);
  372. key_put(key);
  373. kleave(" = %d [linkcheck]", ret);
  374. return ret;
  375. link_prealloc_failed:
  376. mutex_unlock(&user->cons_lock);
  377. key_put(key);
  378. kleave(" = %d [prelink]", ret);
  379. return ret;
  380. alloc_failed:
  381. mutex_unlock(&user->cons_lock);
  382. kleave(" = %ld", PTR_ERR(key));
  383. return PTR_ERR(key);
  384. }
  385. /*
  386. * Commence key construction.
  387. */
  388. static struct key *construct_key_and_link(struct keyring_search_context *ctx,
  389. const char *callout_info,
  390. size_t callout_len,
  391. void *aux,
  392. struct key *dest_keyring,
  393. unsigned long flags)
  394. {
  395. struct key_user *user;
  396. struct key *key;
  397. int ret;
  398. kenter("");
  399. if (ctx->index_key.type == &key_type_keyring)
  400. return ERR_PTR(-EPERM);
  401. ret = construct_get_dest_keyring(&dest_keyring);
  402. if (ret)
  403. goto error;
  404. user = key_user_lookup(current_fsuid());
  405. if (!user) {
  406. ret = -ENOMEM;
  407. goto error_put_dest_keyring;
  408. }
  409. ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
  410. key_user_put(user);
  411. if (ret == 0) {
  412. ret = construct_key(key, callout_info, callout_len, aux,
  413. dest_keyring);
  414. if (ret < 0) {
  415. kdebug("cons failed");
  416. goto construction_failed;
  417. }
  418. } else if (ret == -EINPROGRESS) {
  419. ret = 0;
  420. } else {
  421. goto error_put_dest_keyring;
  422. }
  423. key_put(dest_keyring);
  424. kleave(" = key %d", key_serial(key));
  425. return key;
  426. construction_failed:
  427. key_negate_and_link(key, key_negative_timeout, NULL, NULL);
  428. key_put(key);
  429. error_put_dest_keyring:
  430. key_put(dest_keyring);
  431. error:
  432. kleave(" = %d", ret);
  433. return ERR_PTR(ret);
  434. }
  435. /**
  436. * request_key_and_link - Request a key and cache it in a keyring.
  437. * @type: The type of key we want.
  438. * @description: The searchable description of the key.
  439. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  440. * @callout_len: The length of callout_info.
  441. * @aux: Auxiliary data for the upcall.
  442. * @dest_keyring: Where to cache the key.
  443. * @flags: Flags to key_alloc().
  444. *
  445. * A key matching the specified criteria is searched for in the process's
  446. * keyrings and returned with its usage count incremented if found. Otherwise,
  447. * if callout_info is not NULL, a key will be allocated and some service
  448. * (probably in userspace) will be asked to instantiate it.
  449. *
  450. * If successfully found or created, the key will be linked to the destination
  451. * keyring if one is provided.
  452. *
  453. * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
  454. * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
  455. * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
  456. * if insufficient key quota was available to create a new key; or -ENOMEM if
  457. * insufficient memory was available.
  458. *
  459. * If the returned key was created, then it may still be under construction,
  460. * and wait_for_key_construction() should be used to wait for that to complete.
  461. */
  462. struct key *request_key_and_link(struct key_type *type,
  463. const char *description,
  464. const void *callout_info,
  465. size_t callout_len,
  466. void *aux,
  467. struct key *dest_keyring,
  468. unsigned long flags)
  469. {
  470. struct keyring_search_context ctx = {
  471. .index_key.type = type,
  472. .index_key.description = description,
  473. .cred = current_cred(),
  474. .match_data.cmp = key_default_cmp,
  475. .match_data.raw_data = description,
  476. .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
  477. .flags = (KEYRING_SEARCH_DO_STATE_CHECK |
  478. KEYRING_SEARCH_SKIP_EXPIRED),
  479. };
  480. struct key *key;
  481. key_ref_t key_ref;
  482. int ret;
  483. kenter("%s,%s,%p,%zu,%p,%p,%lx",
  484. ctx.index_key.type->name, ctx.index_key.description,
  485. callout_info, callout_len, aux, dest_keyring, flags);
  486. if (type->match_preparse) {
  487. ret = type->match_preparse(&ctx.match_data);
  488. if (ret < 0) {
  489. key = ERR_PTR(ret);
  490. goto error;
  491. }
  492. }
  493. /* search all the process keyrings for a key */
  494. key_ref = search_process_keyrings(&ctx);
  495. if (!IS_ERR(key_ref)) {
  496. key = key_ref_to_ptr(key_ref);
  497. if (dest_keyring) {
  498. construct_get_dest_keyring(&dest_keyring);
  499. ret = key_link(dest_keyring, key);
  500. key_put(dest_keyring);
  501. if (ret < 0) {
  502. key_put(key);
  503. key = ERR_PTR(ret);
  504. goto error_free;
  505. }
  506. }
  507. } else if (PTR_ERR(key_ref) != -EAGAIN) {
  508. key = ERR_CAST(key_ref);
  509. } else {
  510. /* the search failed, but the keyrings were searchable, so we
  511. * should consult userspace if we can */
  512. key = ERR_PTR(-ENOKEY);
  513. if (!callout_info)
  514. goto error_free;
  515. key = construct_key_and_link(&ctx, callout_info, callout_len,
  516. aux, dest_keyring, flags);
  517. }
  518. error_free:
  519. if (type->match_free)
  520. type->match_free(&ctx.match_data);
  521. error:
  522. kleave(" = %p", key);
  523. return key;
  524. }
  525. /**
  526. * wait_for_key_construction - Wait for construction of a key to complete
  527. * @key: The key being waited for.
  528. * @intr: Whether to wait interruptibly.
  529. *
  530. * Wait for a key to finish being constructed.
  531. *
  532. * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
  533. * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
  534. * revoked or expired.
  535. */
  536. int wait_for_key_construction(struct key *key, bool intr)
  537. {
  538. int ret;
  539. ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
  540. intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
  541. if (ret)
  542. return -ERESTARTSYS;
  543. ret = key_read_state(key);
  544. if (ret < 0)
  545. return ret;
  546. return key_validate(key);
  547. }
  548. EXPORT_SYMBOL(wait_for_key_construction);
  549. /**
  550. * request_key - Request a key and wait for construction
  551. * @type: Type of key.
  552. * @description: The searchable description of the key.
  553. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  554. *
  555. * As for request_key_and_link() except that it does not add the returned key
  556. * to a keyring if found, new keys are always allocated in the user's quota,
  557. * the callout_info must be a NUL-terminated string and no auxiliary data can
  558. * be passed.
  559. *
  560. * Furthermore, it then works as wait_for_key_construction() to wait for the
  561. * completion of keys undergoing construction with a non-interruptible wait.
  562. */
  563. struct key *request_key(struct key_type *type,
  564. const char *description,
  565. const char *callout_info)
  566. {
  567. struct key *key;
  568. size_t callout_len = 0;
  569. int ret;
  570. if (callout_info)
  571. callout_len = strlen(callout_info);
  572. key = request_key_and_link(type, description, callout_info, callout_len,
  573. NULL, NULL, KEY_ALLOC_IN_QUOTA);
  574. if (!IS_ERR(key)) {
  575. ret = wait_for_key_construction(key, false);
  576. if (ret < 0) {
  577. key_put(key);
  578. return ERR_PTR(ret);
  579. }
  580. }
  581. return key;
  582. }
  583. EXPORT_SYMBOL(request_key);
  584. /**
  585. * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
  586. * @type: The type of key we want.
  587. * @description: The searchable description of the key.
  588. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  589. * @callout_len: The length of callout_info.
  590. * @aux: Auxiliary data for the upcall.
  591. *
  592. * As for request_key_and_link() except that it does not add the returned key
  593. * to a keyring if found and new keys are always allocated in the user's quota.
  594. *
  595. * Furthermore, it then works as wait_for_key_construction() to wait for the
  596. * completion of keys undergoing construction with a non-interruptible wait.
  597. */
  598. struct key *request_key_with_auxdata(struct key_type *type,
  599. const char *description,
  600. const void *callout_info,
  601. size_t callout_len,
  602. void *aux)
  603. {
  604. struct key *key;
  605. int ret;
  606. key = request_key_and_link(type, description, callout_info, callout_len,
  607. aux, NULL, KEY_ALLOC_IN_QUOTA);
  608. if (!IS_ERR(key)) {
  609. ret = wait_for_key_construction(key, false);
  610. if (ret < 0) {
  611. key_put(key);
  612. return ERR_PTR(ret);
  613. }
  614. }
  615. return key;
  616. }
  617. EXPORT_SYMBOL(request_key_with_auxdata);
  618. /*
  619. * request_key_async - Request a key (allow async construction)
  620. * @type: Type of key.
  621. * @description: The searchable description of the key.
  622. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  623. * @callout_len: The length of callout_info.
  624. *
  625. * As for request_key_and_link() except that it does not add the returned key
  626. * to a keyring if found, new keys are always allocated in the user's quota and
  627. * no auxiliary data can be passed.
  628. *
  629. * The caller should call wait_for_key_construction() to wait for the
  630. * completion of the returned key if it is still undergoing construction.
  631. */
  632. struct key *request_key_async(struct key_type *type,
  633. const char *description,
  634. const void *callout_info,
  635. size_t callout_len)
  636. {
  637. return request_key_and_link(type, description, callout_info,
  638. callout_len, NULL, NULL,
  639. KEY_ALLOC_IN_QUOTA);
  640. }
  641. EXPORT_SYMBOL(request_key_async);
  642. /*
  643. * request a key with auxiliary data for the upcaller (allow async construction)
  644. * @type: Type of key.
  645. * @description: The searchable description of the key.
  646. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  647. * @callout_len: The length of callout_info.
  648. * @aux: Auxiliary data for the upcall.
  649. *
  650. * As for request_key_and_link() except that it does not add the returned key
  651. * to a keyring if found and new keys are always allocated in the user's quota.
  652. *
  653. * The caller should call wait_for_key_construction() to wait for the
  654. * completion of the returned key if it is still undergoing construction.
  655. */
  656. struct key *request_key_async_with_auxdata(struct key_type *type,
  657. const char *description,
  658. const void *callout_info,
  659. size_t callout_len,
  660. void *aux)
  661. {
  662. return request_key_and_link(type, description, callout_info,
  663. callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
  664. }
  665. EXPORT_SYMBOL(request_key_async_with_auxdata);