From: David Howells <dhowells@redhat.com>
To: akpm@osdl.org
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Bits to make the key management API more usable
Date: Fri, 24 Sep 2004 18:36:46 +0100 [thread overview]
Message-ID: <28741.1096047406@redhat.com> (raw)
The attached patch adds some bits to make the key management API more usable.
Signed-Off-By: David Howells <dhowells@redhat.com>
---
linux-2.6.9-rc2-mm2-afskey/include/linux/key.h | 15 +++++++++-
linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c | 24 +++++++++--------
linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt | 24 +++++++++++++++--
3 files changed, 49 insertions(+), 14 deletions(-)
diff -uNrp linux-2.6.9-rc2-mm2/include/linux/key.h linux-2.6.9-rc2-mm2-afskey/include/linux/key.h
--- linux-2.6.9-rc2-mm2/include/linux/key.h 2004-09-23 10:20:02.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/include/linux/key.h 2004-09-23 14:50:01.000000000 +0100
@@ -29,6 +29,8 @@ typedef int32_t key_serial_t;
/* key handle permissions mask */
typedef uint32_t key_perm_t;
+struct key;
+
#ifdef CONFIG_KEYS
#undef KEY_DEBUGGING
@@ -57,7 +59,6 @@ typedef uint32_t key_perm_t;
struct seq_file;
struct user_struct;
-struct key;
struct key_type;
struct key_owner;
struct keyring_list;
@@ -201,6 +202,13 @@ extern int key_negate_and_link(struct ke
extern void key_revoke(struct key *key);
extern void key_put(struct key *key);
+static inline struct key *key_get(struct key *key)
+{
+ if (key)
+ atomic_inc(&key->usage);
+ return key;
+}
+
extern struct key *request_key(struct key_type *type,
const char *description,
const char *callout_info);
@@ -241,6 +249,8 @@ extern int keyring_add_key(struct key *k
extern struct key *key_lookup(key_serial_t id);
+#define key_serial(key) ((key) ? (key)->serial : 0)
+
/*
* the userspace interface
*/
@@ -256,6 +266,9 @@ extern void key_fsgid_changed(struct tas
#else /* CONFIG_KEYS */
+#define key_validate(k) 0
+#define key_serial(k) 0
+#define key_get(k) NULL
#define key_put(k) do { } while(0)
#define alloc_uid_keyring(u) 0
#define switch_uid_keyring(u) do { } while(0)
diff -uNrp linux-2.6.9-rc2-mm2/security/keys/request_key.c linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c
--- linux-2.6.9-rc2-mm2/security/keys/request_key.c 2004-09-23 10:20:05.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c 2004-09-23 13:21:41.000000000 +0100
@@ -312,19 +312,21 @@ EXPORT_SYMBOL(request_key);
int key_validate(struct key *key)
{
struct timespec now;
- int ret;
+ int ret = 0;
- /* check it's still accessible */
- ret = -EKEYREVOKED;
- if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
- goto error;
+ if (key) {
+ /* check it's still accessible */
+ ret = -EKEYREVOKED;
+ if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
+ goto error;
- /* check it hasn't expired */
- ret = 0;
- if (key->expiry) {
- now = current_kernel_time();
- if (now.tv_sec >= key->expiry)
- ret = -EKEYEXPIRED;
+ /* check it hasn't expired */
+ ret = 0;
+ if (key->expiry) {
+ now = current_kernel_time();
+ if (now.tv_sec >= key->expiry)
+ ret = -EKEYEXPIRED;
+ }
}
error:
diff -uNrp linux-2.6.9-rc2-mm3/Documentation/keys.txt linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt
--- linux-2.6.9-rc2-mm3/Documentation/keys.txt 2004-09-24 12:38:24.000000000 +0100
+++ linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt 2004-09-24 18:33:52.991140246 +0100
@@ -630,7 +630,26 @@ locked, or else the data may be changed
void key_put(struct key *key);
- This can be called from interrupt context.
+ This can be called from interrupt context. If CONFIG_KEYS is not set then
+ the argument will not be parsed.
+
+
+(*) Extra references can be made to a key by calling the following function:
+
+ struct key *key_get(struct key *key);
+
+ These need to be disposed of by calling key_put() when they've been
+ finished with. The key pointer passed in will be returned. If the pointer
+ is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
+ no increment will take place.
+
+
+(*) A key's serial number can be obtained by calling:
+
+ key_serial_t key_serial(struct key *key);
+
+ If key is NULL or if CONFIG_KEYS is not set then 0 will be returned (in the
+ latter case without parsing the argument).
(*) If a keyring was found in the search, this can be further searched by:
@@ -650,7 +669,8 @@ locked, or else the data may be changed
This checks that the key in question hasn't expired or and hasn't been
revoked. Should the key be invalid, error EKEYEXPIRED or EKEYREVOKED will
- be returned.
+ be returned. If the key is NULL or if CONFIG_KEYS is not set then 0 will be
+ returned (in the latter case without parsing the argument).
(*) To register a key type, the following function should be called:
reply other threads:[~2004-09-24 17:38 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28741.1096047406@redhat.com \
--to=dhowells@redhat.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox