request_key.c 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740
  1. /* Request a key from userspace
  2. *
  3. * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. *
  11. * See Documentation/security/keys/request-key.rst
  12. */
  13. #include <linux/module.h>
  14. #include <linux/sched.h>
  15. #include <linux/kmod.h>
  16. #include <linux/err.h>
  17. #include <linux/keyctl.h>
  18. #include <linux/slab.h>
  19. #include "internal.h"
  20. #include <keys/request_key_auth-type.h>
  21. #define key_negative_timeout 60 /* default timeout on a negative key's existence */
  22. /**
  23. * complete_request_key - Complete the construction of a key.
  24. * @auth_key: The authorisation key.
  25. * @error: The success or failute of the construction.
  26. *
  27. * Complete the attempt to construct a key. The key will be negated
  28. * if an error is indicated. The authorisation key will be revoked
  29. * unconditionally.
  30. */
  31. void complete_request_key(struct key *authkey, int error)
  32. {
  33. struct request_key_auth *rka = get_request_key_auth(authkey);
  34. struct key *key = rka->target_key;
  35. kenter("%d{%d},%d", authkey->serial, key->serial, error);
  36. if (error < 0)
  37. key_negate_and_link(key, key_negative_timeout, NULL, authkey);
  38. else
  39. key_revoke(authkey);
  40. }
  41. EXPORT_SYMBOL(complete_request_key);
  42. /*
  43. * Initialise a usermode helper that is going to have a specific session
  44. * keyring.
  45. *
  46. * This is called in context of freshly forked kthread before kernel_execve(),
  47. * so we can simply install the desired session_keyring at this point.
  48. */
  49. static int umh_keys_init(struct subprocess_info *info, struct cred *cred)
  50. {
  51. struct key *keyring = info->data;
  52. return install_session_keyring_to_cred(cred, keyring);
  53. }
  54. /*
  55. * Clean up a usermode helper with session keyring.
  56. */
  57. static void umh_keys_cleanup(struct subprocess_info *info)
  58. {
  59. struct key *keyring = info->data;
  60. key_put(keyring);
  61. }
  62. /*
  63. * Call a usermode helper with a specific session keyring.
  64. */
  65. static int call_usermodehelper_keys(const char *path, char **argv, char **envp,
  66. struct key *session_keyring, int wait)
  67. {
  68. struct subprocess_info *info;
  69. info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL,
  70. umh_keys_init, umh_keys_cleanup,
  71. session_keyring);
  72. if (!info)
  73. return -ENOMEM;
  74. key_get(session_keyring);
  75. return call_usermodehelper_exec(info, wait);
  76. }
  77. /*
  78. * Request userspace finish the construction of a key
  79. * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  80. */
  81. static int call_sbin_request_key(struct key *authkey, void *aux)
  82. {
  83. static char const request_key[] = "/sbin/request-key";
  84. struct request_key_auth *rka = get_request_key_auth(authkey);
  85. const struct cred *cred = current_cred();
  86. key_serial_t prkey, sskey;
  87. struct key *key = rka->target_key, *keyring, *session;
  88. char *argv[9], *envp[3], uid_str[12], gid_str[12];
  89. char key_str[12], keyring_str[3][12];
  90. char desc[20];
  91. int ret, i;
  92. kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op);
  93. ret = install_user_keyrings();
  94. if (ret < 0)
  95. goto error_alloc;
  96. /* allocate a new session keyring */
  97. sprintf(desc, "_req.%u", key->serial);
  98. cred = get_current_cred();
  99. keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
  100. KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
  101. KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
  102. put_cred(cred);
  103. if (IS_ERR(keyring)) {
  104. ret = PTR_ERR(keyring);
  105. goto error_alloc;
  106. }
  107. /* attach the auth key to the session keyring */
  108. ret = key_link(keyring, authkey);
  109. if (ret < 0)
  110. goto error_link;
  111. /* record the UID and GID */
  112. sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
  113. sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
  114. /* we say which key is under construction */
  115. sprintf(key_str, "%d", key->serial);
  116. /* we specify the process's default keyrings */
  117. sprintf(keyring_str[0], "%d",
  118. cred->thread_keyring ? cred->thread_keyring->serial : 0);
  119. prkey = 0;
  120. if (cred->process_keyring)
  121. prkey = cred->process_keyring->serial;
  122. sprintf(keyring_str[1], "%d", prkey);
  123. rcu_read_lock();
  124. session = rcu_dereference(cred->session_keyring);
  125. if (!session)
  126. session = cred->user->session_keyring;
  127. sskey = session->serial;
  128. rcu_read_unlock();
  129. sprintf(keyring_str[2], "%d", sskey);
  130. /* set up a minimal environment */
  131. i = 0;
  132. envp[i++] = "HOME=/";
  133. envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
  134. envp[i] = NULL;
  135. /* set up the argument list */
  136. i = 0;
  137. argv[i++] = (char *)request_key;
  138. argv[i++] = (char *)rka->op;
  139. argv[i++] = key_str;
  140. argv[i++] = uid_str;
  141. argv[i++] = gid_str;
  142. argv[i++] = keyring_str[0];
  143. argv[i++] = keyring_str[1];
  144. argv[i++] = keyring_str[2];
  145. argv[i] = NULL;
  146. /* do it */
  147. ret = call_usermodehelper_keys(request_key, argv, envp, keyring,
  148. UMH_WAIT_PROC);
  149. kdebug("usermode -> 0x%x", ret);
  150. if (ret >= 0) {
  151. /* ret is the exit/wait code */
  152. if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
  153. key_validate(key) < 0)
  154. ret = -ENOKEY;
  155. else
  156. /* ignore any errors from userspace if the key was
  157. * instantiated */
  158. ret = 0;
  159. }
  160. error_link:
  161. key_put(keyring);
  162. error_alloc:
  163. complete_request_key(authkey, ret);
  164. kleave(" = %d", ret);
  165. return ret;
  166. }
  167. /*
  168. * Call out to userspace for key construction.
  169. *
  170. * Program failure is ignored in favour of key status.
  171. */
  172. static int construct_key(struct key *key, const void *callout_info,
  173. size_t callout_len, void *aux,
  174. struct key *dest_keyring)
  175. {
  176. request_key_actor_t actor;
  177. struct key *authkey;
  178. int ret;
  179. kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
  180. /* allocate an authorisation key */
  181. authkey = request_key_auth_new(key, "create", callout_info, callout_len,
  182. dest_keyring);
  183. if (IS_ERR(authkey))
  184. return PTR_ERR(authkey);
  185. /* Make the call */
  186. actor = call_sbin_request_key;
  187. if (key->type->request_key)
  188. actor = key->type->request_key;
  189. ret = actor(authkey, aux);
  190. /* check that the actor called complete_request_key() prior to
  191. * returning an error */
  192. WARN_ON(ret < 0 &&
  193. !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
  194. key_put(authkey);
  195. kleave(" = %d", ret);
  196. return ret;
  197. }
  198. /*
  199. * Get the appropriate destination keyring for the request.
  200. *
  201. * The keyring selected is returned with an extra reference upon it which the
  202. * caller must release.
  203. */
  204. static int construct_get_dest_keyring(struct key **_dest_keyring)
  205. {
  206. struct request_key_auth *rka;
  207. const struct cred *cred = current_cred();
  208. struct key *dest_keyring = *_dest_keyring, *authkey;
  209. int ret;
  210. kenter("%p", dest_keyring);
  211. /* find the appropriate keyring */
  212. if (dest_keyring) {
  213. /* the caller supplied one */
  214. key_get(dest_keyring);
  215. } else {
  216. bool do_perm_check = true;
  217. /* use a default keyring; falling through the cases until we
  218. * find one that we actually have */
  219. switch (cred->jit_keyring) {
  220. case KEY_REQKEY_DEFL_DEFAULT:
  221. case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
  222. if (cred->request_key_auth) {
  223. authkey = cred->request_key_auth;
  224. down_read(&authkey->sem);
  225. rka = get_request_key_auth(authkey);
  226. if (!test_bit(KEY_FLAG_REVOKED,
  227. &authkey->flags))
  228. dest_keyring =
  229. key_get(rka->dest_keyring);
  230. up_read(&authkey->sem);
  231. if (dest_keyring) {
  232. do_perm_check = false;
  233. break;
  234. }
  235. }
  236. case KEY_REQKEY_DEFL_THREAD_KEYRING:
  237. dest_keyring = key_get(cred->thread_keyring);
  238. if (dest_keyring)
  239. break;
  240. case KEY_REQKEY_DEFL_PROCESS_KEYRING:
  241. dest_keyring = key_get(cred->process_keyring);
  242. if (dest_keyring)
  243. break;
  244. case KEY_REQKEY_DEFL_SESSION_KEYRING:
  245. rcu_read_lock();
  246. dest_keyring = key_get(
  247. rcu_dereference(cred->session_keyring));
  248. rcu_read_unlock();
  249. if (dest_keyring)
  250. break;
  251. case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
  252. dest_keyring =
  253. key_get(cred->user->session_keyring);
  254. break;
  255. case KEY_REQKEY_DEFL_USER_KEYRING:
  256. dest_keyring = key_get(cred->user->uid_keyring);
  257. break;
  258. case KEY_REQKEY_DEFL_GROUP_KEYRING:
  259. default:
  260. BUG();
  261. }
  262. /*
  263. * Require Write permission on the keyring. This is essential
  264. * because the default keyring may be the session keyring, and
  265. * joining a keyring only requires Search permission.
  266. *
  267. * However, this check is skipped for the "requestor keyring" so
  268. * that /sbin/request-key can itself use request_key() to add
  269. * keys to the original requestor's destination keyring.
  270. */
  271. if (dest_keyring && do_perm_check) {
  272. ret = key_permission(make_key_ref(dest_keyring, 1),
  273. KEY_NEED_WRITE);
  274. if (ret) {
  275. key_put(dest_keyring);
  276. return ret;
  277. }
  278. }
  279. }
  280. *_dest_keyring = dest_keyring;
  281. kleave(" [dk %d]", key_serial(dest_keyring));
  282. return 0;
  283. }
  284. /*
  285. * Allocate a new key in under-construction state and attempt to link it in to
  286. * the requested keyring.
  287. *
  288. * May return a key that's already under construction instead if there was a
  289. * race between two thread calling request_key().
  290. */
  291. static int construct_alloc_key(struct keyring_search_context *ctx,
  292. struct key *dest_keyring,
  293. unsigned long flags,
  294. struct key_user *user,
  295. struct key **_key)
  296. {
  297. struct assoc_array_edit *edit;
  298. struct key *key;
  299. key_perm_t perm;
  300. key_ref_t key_ref;
  301. int ret;
  302. kenter("%s,%s,,,",
  303. ctx->index_key.type->name, ctx->index_key.description);
  304. *_key = NULL;
  305. mutex_lock(&user->cons_lock);
  306. perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
  307. perm |= KEY_USR_VIEW;
  308. if (ctx->index_key.type->read)
  309. perm |= KEY_POS_READ;
  310. if (ctx->index_key.type == &key_type_keyring ||
  311. ctx->index_key.type->update)
  312. perm |= KEY_POS_WRITE;
  313. key = key_alloc(ctx->index_key.type, ctx->index_key.description,
  314. ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
  315. perm, flags, NULL);
  316. if (IS_ERR(key))
  317. goto alloc_failed;
  318. set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
  319. if (dest_keyring) {
  320. ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
  321. if (ret < 0)
  322. goto link_prealloc_failed;
  323. }
  324. /* attach the key to the destination keyring under lock, but we do need
  325. * to do another check just in case someone beat us to it whilst we
  326. * waited for locks */
  327. mutex_lock(&key_construction_mutex);
  328. key_ref = search_process_keyrings(ctx);
  329. if (!IS_ERR(key_ref))
  330. goto key_already_present;
  331. if (dest_keyring)
  332. __key_link(key, &edit);
  333. mutex_unlock(&key_construction_mutex);
  334. if (dest_keyring)
  335. __key_link_end(dest_keyring, &ctx->index_key, edit);
  336. mutex_unlock(&user->cons_lock);
  337. *_key = key;
  338. kleave(" = 0 [%d]", key_serial(key));
  339. return 0;
  340. /* the key is now present - we tell the caller that we found it by
  341. * returning -EINPROGRESS */
  342. key_already_present:
  343. key_put(key);
  344. mutex_unlock(&key_construction_mutex);
  345. key = key_ref_to_ptr(key_ref);
  346. if (dest_keyring) {
  347. ret = __key_link_check_live_key(dest_keyring, key);
  348. if (ret == 0)
  349. __key_link(key, &edit);
  350. __key_link_end(dest_keyring, &ctx->index_key, edit);
  351. if (ret < 0)
  352. goto link_check_failed;
  353. }
  354. mutex_unlock(&user->cons_lock);
  355. *_key = key;
  356. kleave(" = -EINPROGRESS [%d]", key_serial(key));
  357. return -EINPROGRESS;
  358. link_check_failed:
  359. mutex_unlock(&user->cons_lock);
  360. key_put(key);
  361. kleave(" = %d [linkcheck]", ret);
  362. return ret;
  363. link_prealloc_failed:
  364. mutex_unlock(&user->cons_lock);
  365. key_put(key);
  366. kleave(" = %d [prelink]", ret);
  367. return ret;
  368. alloc_failed:
  369. mutex_unlock(&user->cons_lock);
  370. kleave(" = %ld", PTR_ERR(key));
  371. return PTR_ERR(key);
  372. }
  373. /*
  374. * Commence key construction.
  375. */
  376. static struct key *construct_key_and_link(struct keyring_search_context *ctx,
  377. const char *callout_info,
  378. size_t callout_len,
  379. void *aux,
  380. struct key *dest_keyring,
  381. unsigned long flags)
  382. {
  383. struct key_user *user;
  384. struct key *key;
  385. int ret;
  386. kenter("");
  387. if (ctx->index_key.type == &key_type_keyring)
  388. return ERR_PTR(-EPERM);
  389. ret = construct_get_dest_keyring(&dest_keyring);
  390. if (ret)
  391. goto error;
  392. user = key_user_lookup(current_fsuid());
  393. if (!user) {
  394. ret = -ENOMEM;
  395. goto error_put_dest_keyring;
  396. }
  397. ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
  398. key_user_put(user);
  399. if (ret == 0) {
  400. ret = construct_key(key, callout_info, callout_len, aux,
  401. dest_keyring);
  402. if (ret < 0) {
  403. kdebug("cons failed");
  404. goto construction_failed;
  405. }
  406. } else if (ret == -EINPROGRESS) {
  407. ret = 0;
  408. } else {
  409. goto error_put_dest_keyring;
  410. }
  411. key_put(dest_keyring);
  412. kleave(" = key %d", key_serial(key));
  413. return key;
  414. construction_failed:
  415. key_negate_and_link(key, key_negative_timeout, NULL, NULL);
  416. key_put(key);
  417. error_put_dest_keyring:
  418. key_put(dest_keyring);
  419. error:
  420. kleave(" = %d", ret);
  421. return ERR_PTR(ret);
  422. }
  423. /**
  424. * request_key_and_link - Request a key and cache it in a keyring.
  425. * @type: The type of key we want.
  426. * @description: The searchable description of the key.
  427. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  428. * @callout_len: The length of callout_info.
  429. * @aux: Auxiliary data for the upcall.
  430. * @dest_keyring: Where to cache the key.
  431. * @flags: Flags to key_alloc().
  432. *
  433. * A key matching the specified criteria is searched for in the process's
  434. * keyrings and returned with its usage count incremented if found. Otherwise,
  435. * if callout_info is not NULL, a key will be allocated and some service
  436. * (probably in userspace) will be asked to instantiate it.
  437. *
  438. * If successfully found or created, the key will be linked to the destination
  439. * keyring if one is provided.
  440. *
  441. * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
  442. * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
  443. * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
  444. * if insufficient key quota was available to create a new key; or -ENOMEM if
  445. * insufficient memory was available.
  446. *
  447. * If the returned key was created, then it may still be under construction,
  448. * and wait_for_key_construction() should be used to wait for that to complete.
  449. */
  450. struct key *request_key_and_link(struct key_type *type,
  451. const char *description,
  452. const void *callout_info,
  453. size_t callout_len,
  454. void *aux,
  455. struct key *dest_keyring,
  456. unsigned long flags)
  457. {
  458. struct keyring_search_context ctx = {
  459. .index_key.type = type,
  460. .index_key.description = description,
  461. .index_key.desc_len = strlen(description),
  462. .cred = current_cred(),
  463. .match_data.cmp = key_default_cmp,
  464. .match_data.raw_data = description,
  465. .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
  466. .flags = (KEYRING_SEARCH_DO_STATE_CHECK |
  467. KEYRING_SEARCH_SKIP_EXPIRED),
  468. };
  469. struct key *key;
  470. key_ref_t key_ref;
  471. int ret;
  472. kenter("%s,%s,%p,%zu,%p,%p,%lx",
  473. ctx.index_key.type->name, ctx.index_key.description,
  474. callout_info, callout_len, aux, dest_keyring, flags);
  475. if (type->match_preparse) {
  476. ret = type->match_preparse(&ctx.match_data);
  477. if (ret < 0) {
  478. key = ERR_PTR(ret);
  479. goto error;
  480. }
  481. }
  482. /* search all the process keyrings for a key */
  483. key_ref = search_process_keyrings(&ctx);
  484. if (!IS_ERR(key_ref)) {
  485. key = key_ref_to_ptr(key_ref);
  486. if (dest_keyring) {
  487. ret = key_link(dest_keyring, key);
  488. if (ret < 0) {
  489. key_put(key);
  490. key = ERR_PTR(ret);
  491. goto error_free;
  492. }
  493. }
  494. } else if (PTR_ERR(key_ref) != -EAGAIN) {
  495. key = ERR_CAST(key_ref);
  496. } else {
  497. /* the search failed, but the keyrings were searchable, so we
  498. * should consult userspace if we can */
  499. key = ERR_PTR(-ENOKEY);
  500. if (!callout_info)
  501. goto error_free;
  502. key = construct_key_and_link(&ctx, callout_info, callout_len,
  503. aux, dest_keyring, flags);
  504. }
  505. error_free:
  506. if (type->match_free)
  507. type->match_free(&ctx.match_data);
  508. error:
  509. kleave(" = %p", key);
  510. return key;
  511. }
  512. /**
  513. * wait_for_key_construction - Wait for construction of a key to complete
  514. * @key: The key being waited for.
  515. * @intr: Whether to wait interruptibly.
  516. *
  517. * Wait for a key to finish being constructed.
  518. *
  519. * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
  520. * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
  521. * revoked or expired.
  522. */
  523. int wait_for_key_construction(struct key *key, bool intr)
  524. {
  525. int ret;
  526. ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
  527. intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
  528. if (ret)
  529. return -ERESTARTSYS;
  530. ret = key_read_state(key);
  531. if (ret < 0)
  532. return ret;
  533. return key_validate(key);
  534. }
  535. EXPORT_SYMBOL(wait_for_key_construction);
  536. /**
  537. * request_key - Request a key and wait for construction
  538. * @type: Type of key.
  539. * @description: The searchable description of the key.
  540. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  541. *
  542. * As for request_key_and_link() except that it does not add the returned key
  543. * to a keyring if found, new keys are always allocated in the user's quota,
  544. * the callout_info must be a NUL-terminated string and no auxiliary data can
  545. * be passed.
  546. *
  547. * Furthermore, it then works as wait_for_key_construction() to wait for the
  548. * completion of keys undergoing construction with a non-interruptible wait.
  549. */
  550. struct key *request_key(struct key_type *type,
  551. const char *description,
  552. const char *callout_info)
  553. {
  554. struct key *key;
  555. size_t callout_len = 0;
  556. int ret;
  557. if (callout_info)
  558. callout_len = strlen(callout_info);
  559. key = request_key_and_link(type, description, callout_info, callout_len,
  560. NULL, NULL, KEY_ALLOC_IN_QUOTA);
  561. if (!IS_ERR(key)) {
  562. ret = wait_for_key_construction(key, false);
  563. if (ret < 0) {
  564. key_put(key);
  565. return ERR_PTR(ret);
  566. }
  567. }
  568. return key;
  569. }
  570. EXPORT_SYMBOL(request_key);
  571. /**
  572. * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
  573. * @type: The type of key we want.
  574. * @description: The searchable description of the key.
  575. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  576. * @callout_len: The length of callout_info.
  577. * @aux: Auxiliary data for the upcall.
  578. *
  579. * As for request_key_and_link() except that it does not add the returned key
  580. * to a keyring if found and new keys are always allocated in the user's quota.
  581. *
  582. * Furthermore, it then works as wait_for_key_construction() to wait for the
  583. * completion of keys undergoing construction with a non-interruptible wait.
  584. */
  585. struct key *request_key_with_auxdata(struct key_type *type,
  586. const char *description,
  587. const void *callout_info,
  588. size_t callout_len,
  589. void *aux)
  590. {
  591. struct key *key;
  592. int ret;
  593. key = request_key_and_link(type, description, callout_info, callout_len,
  594. aux, NULL, KEY_ALLOC_IN_QUOTA);
  595. if (!IS_ERR(key)) {
  596. ret = wait_for_key_construction(key, false);
  597. if (ret < 0) {
  598. key_put(key);
  599. return ERR_PTR(ret);
  600. }
  601. }
  602. return key;
  603. }
  604. EXPORT_SYMBOL(request_key_with_auxdata);
  605. /*
  606. * request_key_async - Request a key (allow async construction)
  607. * @type: Type of key.
  608. * @description: The searchable description of the key.
  609. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  610. * @callout_len: The length of callout_info.
  611. *
  612. * As for request_key_and_link() except that it does not add the returned key
  613. * to a keyring if found, new keys are always allocated in the user's quota and
  614. * no auxiliary data can be passed.
  615. *
  616. * The caller should call wait_for_key_construction() to wait for the
  617. * completion of the returned key if it is still undergoing construction.
  618. */
  619. struct key *request_key_async(struct key_type *type,
  620. const char *description,
  621. const void *callout_info,
  622. size_t callout_len)
  623. {
  624. return request_key_and_link(type, description, callout_info,
  625. callout_len, NULL, NULL,
  626. KEY_ALLOC_IN_QUOTA);
  627. }
  628. EXPORT_SYMBOL(request_key_async);
  629. /*
  630. * request a key with auxiliary data for the upcaller (allow async construction)
  631. * @type: Type of key.
  632. * @description: The searchable description of the key.
  633. * @callout_info: The data to pass to the instantiation upcall (or NULL).
  634. * @callout_len: The length of callout_info.
  635. * @aux: Auxiliary data for the upcall.
  636. *
  637. * As for request_key_and_link() except that it does not add the returned key
  638. * to a keyring if found and new keys are always allocated in the user's quota.
  639. *
  640. * The caller should call wait_for_key_construction() to wait for the
  641. * completion of the returned key if it is still undergoing construction.
  642. */
  643. struct key *request_key_async_with_auxdata(struct key_type *type,
  644. const char *description,
  645. const void *callout_info,
  646. size_t callout_len,
  647. void *aux)
  648. {
  649. return request_key_and_link(type, description, callout_info,
  650. callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
  651. }
  652. EXPORT_SYMBOL(request_key_async_with_auxdata);