Blame - src/kernel/linux/v4.14/security/keys/internal.h - T103

blob: d479ca71137ea5feb5c9270789e2351553f8c9f7 [file] [log] [blame]

rjw	1f88458	2022-01-06 17:20:42 +0800	[diff] [blame^]	1	/* Authentication token and access key management internal defs
				2	*
				3	* Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
				4	* Written by David Howells (dhowells@redhat.com)
				5	*
				6	* This program is free software; you can redistribute it and/or
				7	* modify it under the terms of the GNU General Public License
				8	* as published by the Free Software Foundation; either version
				9	* 2 of the License, or (at your option) any later version.
				10	*/
				11
				12	#ifndef _INTERNAL_H
				13	#define _INTERNAL_H
				14
				15	#include <linux/sched.h>
				16	#include <linux/wait_bit.h>
				17	#include <linux/cred.h>
				18	#include <linux/key-type.h>
				19	#include <linux/task_work.h>
				20	#include <linux/keyctl.h>
				21	#include <linux/refcount.h>
				22	#include <linux/compat.h>
				23	#include <linux/mm.h>
				24	#include <linux/vmalloc.h>
				25
				26	struct iovec;
				27
				28	#ifdef __KDEBUG
				29	#define kenter(FMT, ...) \
				30	printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
				31	#define kleave(FMT, ...) \
				32	printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
				33	#define kdebug(FMT, ...) \
				34	printk(KERN_DEBUG " "FMT"\n", ##__VA_ARGS__)
				35	#else
				36	#define kenter(FMT, ...) \
				37	no_printk(KERN_DEBUG "==> %s("FMT")\n", __func__, ##__VA_ARGS__)
				38	#define kleave(FMT, ...) \
				39	no_printk(KERN_DEBUG "<== %s()"FMT"\n", __func__, ##__VA_ARGS__)
				40	#define kdebug(FMT, ...) \
				41	no_printk(KERN_DEBUG FMT"\n", ##__VA_ARGS__)
				42	#endif
				43
				44	extern struct key_type key_type_dead;
				45	extern struct key_type key_type_user;
				46	extern struct key_type key_type_logon;
				47
				48	/*****************************************************************************/
				49	/*
				50	* Keep track of keys for a user.
				51	*
				52	* This needs to be separate to user_struct to avoid a refcount-loop
				53	* (user_struct pins some keyrings which pin this struct).
				54	*
				55	* We also keep track of keys under request from userspace for this UID here.
				56	*/
				57	struct key_user {
				58	struct rb_node node;
				59	struct mutex cons_lock; /* construction initiation lock */
				60	spinlock_t lock;
				61	refcount_t usage; /* for accessing qnkeys & qnbytes */
				62	atomic_t nkeys; /* number of keys */
				63	atomic_t nikeys; /* number of instantiated keys */
				64	kuid_t uid;
				65	int qnkeys; /* number of keys allocated to this user */
				66	int qnbytes; /* number of bytes allocated to this user */
				67	};
				68
				69	extern struct rb_root key_user_tree;
				70	extern spinlock_t key_user_lock;
				71	extern struct key_user root_key_user;
				72
				73	extern struct key_user *key_user_lookup(kuid_t uid);
				74	extern void key_user_put(struct key_user *user);
				75
				76	/*
				77	* Key quota limits.
				78	* - root has its own separate limits to everyone else
				79	*/
				80	extern unsigned key_quota_root_maxkeys;
				81	extern unsigned key_quota_root_maxbytes;
				82	extern unsigned key_quota_maxkeys;
				83	extern unsigned key_quota_maxbytes;
				84
				85	#define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */
				86
				87
				88	extern struct kmem_cache *key_jar;
				89	extern struct rb_root key_serial_tree;
				90	extern spinlock_t key_serial_lock;
				91	extern struct mutex key_construction_mutex;
				92	extern wait_queue_head_t request_key_conswq;
				93
				94
				95	extern struct key_type key_type_lookup(const char type);
				96	extern void key_type_put(struct key_type *ktype);
				97
				98	extern int __key_link_begin(struct key *keyring,
				99	const struct keyring_index_key *index_key,
				100	struct assoc_array_edit **_edit);
				101	extern int __key_link_check_live_key(struct key keyring, struct key key);
				102	extern void __key_link(struct key key, struct assoc_array_edit *_edit);
				103	extern void __key_link_end(struct key *keyring,
				104	const struct keyring_index_key *index_key,
				105	struct assoc_array_edit *edit);
				106
				107	extern key_ref_t find_key_to_update(key_ref_t keyring_ref,
				108	const struct keyring_index_key *index_key);
				109
				110	extern struct key keyring_search_instkey(struct key keyring,
				111	key_serial_t target_id);
				112
				113	extern int iterate_over_keyring(const struct key *keyring,
				114	int (func)(const struct key key, void *data),
				115	void *data);
				116
				117	struct keyring_search_context {
				118	struct keyring_index_key index_key;
				119	const struct cred *cred;
				120	struct key_match_data match_data;
				121	unsigned flags;
				122	#define KEYRING_SEARCH_NO_STATE_CHECK 0x0001 /* Skip state checks */
				123	#define KEYRING_SEARCH_DO_STATE_CHECK 0x0002 /* Override NO_STATE_CHECK */
				124	#define KEYRING_SEARCH_NO_UPDATE_TIME 0x0004 /* Don't update times */
				125	#define KEYRING_SEARCH_NO_CHECK_PERM 0x0008 /* Don't check permissions */
				126	#define KEYRING_SEARCH_DETECT_TOO_DEEP 0x0010 /* Give an error on excessive depth */
				127	#define KEYRING_SEARCH_SKIP_EXPIRED 0x0020 /* Ignore expired keys (intention to replace) */
				128
				129	int (iterator)(const void object, void *iterator_data);
				130
				131	/* Internal stuff */
				132	int skipped_ret;
				133	bool possessed;
				134	key_ref_t result;
				135	struct timespec now;
				136	};
				137
				138	extern bool key_default_cmp(const struct key *key,
				139	const struct key_match_data *match_data);
				140	extern key_ref_t keyring_search_aux(key_ref_t keyring_ref,
				141	struct keyring_search_context *ctx);
				142
				143	extern key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx);
				144	extern key_ref_t search_process_keyrings(struct keyring_search_context *ctx);
				145
				146	extern struct key find_keyring_by_name(const char name, bool uid_keyring);
				147
				148	extern int install_user_keyrings(void);
				149	extern int install_thread_keyring_to_cred(struct cred *);
				150	extern int install_process_keyring_to_cred(struct cred *);
				151	extern int install_session_keyring_to_cred(struct cred , struct key );
				152
				153	extern struct key request_key_and_link(struct key_type type,
				154	const char *description,
				155	const void *callout_info,
				156	size_t callout_len,
				157	void *aux,
				158	struct key *dest_keyring,
				159	unsigned long flags);
				160
				161	extern bool lookup_user_key_possessed(const struct key *key,
				162	const struct key_match_data *match_data);
				163	extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
				164	key_perm_t perm);
				165	#define KEY_LOOKUP_CREATE 0x01
				166	#define KEY_LOOKUP_PARTIAL 0x02
				167	#define KEY_LOOKUP_FOR_UNLINK 0x04
				168
				169	extern long join_session_keyring(const char *name);
				170	extern void key_change_session_keyring(struct callback_head *twork);
				171
				172	extern struct work_struct key_gc_work;
				173	extern unsigned key_gc_delay;
				174	extern void keyring_gc(struct key *keyring, time_t limit);
				175	extern void keyring_restriction_gc(struct key *keyring,
				176	struct key_type *dead_type);
				177	extern void key_schedule_gc(time_t gc_at);
				178	extern void key_schedule_gc_links(void);
				179	extern void key_gc_keytype(struct key_type *ktype);
				180
				181	extern int key_task_permission(const key_ref_t key_ref,
				182	const struct cred *cred,
				183	key_perm_t perm);
				184
				185	/*
				186	* Check to see whether permission is granted to use a key in the desired way.
				187	*/
				188	static inline int key_permission(const key_ref_t key_ref, unsigned perm)
				189	{
				190	return key_task_permission(key_ref, current_cred(), perm);
				191	}
				192
				193	extern struct key_type key_type_request_key_auth;
				194	extern struct key request_key_auth_new(struct key target,
				195	const char *op,
				196	const void *callout_info,
				197	size_t callout_len,
				198	struct key *dest_keyring);
				199
				200	extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
				201
				202	/*
				203	* Determine whether a key is dead.
				204	*/
				205	static inline bool key_is_dead(const struct key *key, time_t limit)
				206	{
				207	return
				208	key->flags & ((1 << KEY_FLAG_DEAD) \|
				209	(1 << KEY_FLAG_INVALIDATED)) \|\|
				210	(key->expiry > 0 && key->expiry <= limit);
				211	}
				212
				213	/*
				214	* keyctl() functions
				215	*/
				216	extern long keyctl_get_keyring_ID(key_serial_t, int);
				217	extern long keyctl_join_session_keyring(const char __user *);
				218	extern long keyctl_update_key(key_serial_t, const void __user *, size_t);
				219	extern long keyctl_revoke_key(key_serial_t);
				220	extern long keyctl_keyring_clear(key_serial_t);
				221	extern long keyctl_keyring_link(key_serial_t, key_serial_t);
				222	extern long keyctl_keyring_unlink(key_serial_t, key_serial_t);
				223	extern long keyctl_describe_key(key_serial_t, char __user *, size_t);
				224	extern long keyctl_keyring_search(key_serial_t, const char __user *,
				225	const char __user *, key_serial_t);
				226	extern long keyctl_read_key(key_serial_t, char __user *, size_t);
				227	extern long keyctl_chown_key(key_serial_t, uid_t, gid_t);
				228	extern long keyctl_setperm_key(key_serial_t, key_perm_t);
				229	extern long keyctl_instantiate_key(key_serial_t, const void __user *,
				230	size_t, key_serial_t);
				231	extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t);
				232	extern long keyctl_set_reqkey_keyring(int);
				233	extern long keyctl_set_timeout(key_serial_t, unsigned);
				234	extern long keyctl_assume_authority(key_serial_t);
				235	extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
				236	size_t buflen);
				237	extern long keyctl_session_to_parent(void);
				238	extern long keyctl_reject_key(key_serial_t, unsigned, unsigned, key_serial_t);
				239	extern long keyctl_instantiate_key_iov(key_serial_t,
				240	const struct iovec __user *,
				241	unsigned, key_serial_t);
				242	extern long keyctl_invalidate_key(key_serial_t);
				243
				244	struct iov_iter;
				245	extern long keyctl_instantiate_key_common(key_serial_t,
				246	struct iov_iter *,
				247	key_serial_t);
				248	extern long keyctl_restrict_keyring(key_serial_t id,
				249	const char __user *_type,
				250	const char __user *_restriction);
				251	#ifdef CONFIG_PERSISTENT_KEYRINGS
				252	extern long keyctl_get_persistent(uid_t, key_serial_t);
				253	extern unsigned persistent_keyring_expiry;
				254	#else
				255	static inline long keyctl_get_persistent(uid_t uid, key_serial_t destring)
				256	{
				257	return -EOPNOTSUPP;
				258	}
				259	#endif
				260
				261	#ifdef CONFIG_KEY_DH_OPERATIONS
				262	extern long keyctl_dh_compute(struct keyctl_dh_params __user , char __user ,
				263	size_t, struct keyctl_kdf_params __user *);
				264	extern long __keyctl_dh_compute(struct keyctl_dh_params __user , char __user ,
				265	size_t, struct keyctl_kdf_params *);
				266	#ifdef CONFIG_KEYS_COMPAT
				267	extern long compat_keyctl_dh_compute(struct keyctl_dh_params __user *params,
				268	char __user *buffer, size_t buflen,
				269	struct compat_keyctl_kdf_params __user *kdf);
				270	#endif
				271	#define KEYCTL_KDF_MAX_OUTPUT_LEN 1024 /* max length of KDF output */
				272	#define KEYCTL_KDF_MAX_OI_LEN 64 /* max length of otherinfo */
				273	#else
				274	static inline long keyctl_dh_compute(struct keyctl_dh_params __user *params,
				275	char __user *buffer, size_t buflen,
				276	struct keyctl_kdf_params __user *kdf)
				277	{
				278	return -EOPNOTSUPP;
				279	}
				280
				281	#ifdef CONFIG_KEYS_COMPAT
				282	static inline long compat_keyctl_dh_compute(
				283	struct keyctl_dh_params __user *params,
				284	char __user *buffer, size_t buflen,
				285	struct keyctl_kdf_params __user *kdf)
				286	{
				287	return -EOPNOTSUPP;
				288	}
				289	#endif
				290	#endif
				291
				292	/*
				293	* Debugging key validation
				294	*/
				295	#ifdef KEY_DEBUGGING
				296	extern void __key_check(const struct key *);
				297
				298	static inline void key_check(const struct key *key)
				299	{
				300	if (key && (IS_ERR(key) \|\| key->magic != KEY_DEBUG_MAGIC))
				301	__key_check(key);
				302	}
				303
				304	#else
				305
				306	#define key_check(key) do {} while(0)
				307
				308	#endif
				309	#endif /* _INTERNAL_H */