[PATCH] Bits to make the key management API more usable

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] Bits to make the key management API more usable
@ 2004-09-24 17:36 David Howells
  0 siblings, 0 replies; only message in thread
From: David Howells @ 2004-09-24 17:36 UTC (permalink / raw)
  To: akpm; +Cc: linux-kernel


The attached patch adds some bits to make the key management API more usable.

Signed-Off-By: David Howells <dhowells@redhat.com>
---

 linux-2.6.9-rc2-mm2-afskey/include/linux/key.h         |   15 +++++++++-
 linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c |   24 +++++++++--------
 linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt      |   24 +++++++++++++++--
 3 files changed, 49 insertions(+), 14 deletions(-)

diff -uNrp linux-2.6.9-rc2-mm2/include/linux/key.h linux-2.6.9-rc2-mm2-afskey/include/linux/key.h
--- linux-2.6.9-rc2-mm2/include/linux/key.h	2004-09-23 10:20:02.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/include/linux/key.h	2004-09-23 14:50:01.000000000 +0100
@@ -29,6 +29,8 @@ typedef int32_t key_serial_t;
 /* key handle permissions mask */
 typedef uint32_t key_perm_t;
 
+struct key;
+
 #ifdef CONFIG_KEYS
 
 #undef KEY_DEBUGGING
@@ -57,7 +59,6 @@ typedef uint32_t key_perm_t;
 struct seq_file;
 struct user_struct;
 
-struct key;
 struct key_type;
 struct key_owner;
 struct keyring_list;
@@ -201,6 +202,13 @@ extern int key_negate_and_link(struct ke
 extern void key_revoke(struct key *key);
 extern void key_put(struct key *key);
 
+static inline struct key *key_get(struct key *key)
+{
+	if (key)
+		atomic_inc(&key->usage);
+	return key;
+}
+
 extern struct key *request_key(struct key_type *type,
 			       const char *description,
 			       const char *callout_info);
@@ -241,6 +249,8 @@ extern int keyring_add_key(struct key *k
 
 extern struct key *key_lookup(key_serial_t id);
 
+#define key_serial(key) ((key) ? (key)->serial : 0)
+
 /*
  * the userspace interface
  */
@@ -256,6 +266,9 @@ extern void key_fsgid_changed(struct tas
 
 #else /* CONFIG_KEYS */
 
+#define key_validate(k)			0
+#define key_serial(k)			0
+#define key_get(k) 			NULL
 #define key_put(k)			do { } while(0)
 #define alloc_uid_keyring(u)		0
 #define switch_uid_keyring(u)		do { } while(0)
diff -uNrp linux-2.6.9-rc2-mm2/security/keys/request_key.c linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c
--- linux-2.6.9-rc2-mm2/security/keys/request_key.c	2004-09-23 10:20:05.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c	2004-09-23 13:21:41.000000000 +0100
@@ -312,19 +312,21 @@ EXPORT_SYMBOL(request_key);
 int key_validate(struct key *key)
 {
 	struct timespec now;
-	int ret;
+	int ret = 0;
 
-	/* check it's still accessible */
-	ret = -EKEYREVOKED;
-	if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
-		goto error;
+	if (key) {
+		/* check it's still accessible */
+		ret = -EKEYREVOKED;
+		if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
+			goto error;
 
-	/* check it hasn't expired */
-	ret = 0;
-	if (key->expiry) {
-		now = current_kernel_time();
-		if (now.tv_sec >= key->expiry)
-			ret = -EKEYEXPIRED;
+		/* check it hasn't expired */
+		ret = 0;
+		if (key->expiry) {
+			now = current_kernel_time();
+			if (now.tv_sec >= key->expiry)
+				ret = -EKEYEXPIRED;
+		}
 	}
 
  error:
diff -uNrp linux-2.6.9-rc2-mm3/Documentation/keys.txt linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt
--- linux-2.6.9-rc2-mm3/Documentation/keys.txt	2004-09-24 12:38:24.000000000 +0100
+++ linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt	2004-09-24 18:33:52.991140246 +0100
@@ -630,7 +630,26 @@ locked, or else the data may be changed 
 
 	void key_put(struct key *key);
 
-    This can be called from interrupt context.
+    This can be called from interrupt context. If CONFIG_KEYS is not set then
+    the argument will not be parsed.
+
+
+(*) Extra references can be made to a key by calling the following function:
+
+	struct key *key_get(struct key *key);
+
+    These need to be disposed of by calling key_put() when they've been
+    finished with. The key pointer passed in will be returned. If the pointer
+    is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
+    no increment will take place.
+
+
+(*) A key's serial number can be obtained by calling:
+
+	key_serial_t key_serial(struct key *key);
+
+    If key is NULL or if CONFIG_KEYS is not set then 0 will be returned (in the
+    latter case without parsing the argument).
 
 
 (*) If a keyring was found in the search, this can be further searched by:
@@ -650,7 +669,8 @@ locked, or else the data may be changed 
 
     This checks that the key in question hasn't expired or and hasn't been
     revoked. Should the key be invalid, error EKEYEXPIRED or EKEYREVOKED will
-    be returned.
+    be returned. If the key is NULL or if CONFIG_KEYS is not set then 0 will be
+    returned (in the latter case without parsing the argument).
 
 
 (*) To register a key type, the following function should be called:

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2004-09-24 17:38 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-09-24 17:36 [PATCH] Bits to make the key management API more usable David Howells

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.