From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner+willy=40w.ods.org-S268966AbUIXRiF@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S268966AbUIXRiF (ORCPT <rfc822;willy@w.ods.org>);
	Fri, 24 Sep 2004 13:38:05 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S268959AbUIXRiF
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Fri, 24 Sep 2004 13:38:05 -0400
Received: from mx1.redhat.com ([66.187.233.31]:18412 "EHLO mx1.redhat.com")
	by vger.kernel.org with ESMTP id S268944AbUIXRhC (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Fri, 24 Sep 2004 13:37:02 -0400
From: David Howells <dhowells@redhat.com>
To: akpm@osdl.org
cc: linux-kernel@vger.kernel.org
Subject: [PATCH] Bits to make the key management API more usable
User-Agent: EMH/1.14.1 SEMI/1.14.5 (Awara-Onsen) FLIM/1.14.5 (Demachiyanagi) APEL/10.6 Emacs/21.3 (i386-redhat-linux-gnu) MULE/5.0 (SAKAKI)
MIME-Version: 1.0 (generated by SEMI 1.14.5 - "Awara-Onsen")
Content-Type: text/plain; charset=US-ASCII
Date: Fri, 24 Sep 2004 18:36:46 +0100
Message-ID: <28741.1096047406@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org


The attached patch adds some bits to make the key management API more usable.

Signed-Off-By: David Howells <dhowells@redhat.com>
---

 linux-2.6.9-rc2-mm2-afskey/include/linux/key.h         |   15 +++++++++-
 linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c |   24 +++++++++--------
 linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt      |   24 +++++++++++++++--
 3 files changed, 49 insertions(+), 14 deletions(-)

diff -uNrp linux-2.6.9-rc2-mm2/include/linux/key.h linux-2.6.9-rc2-mm2-afskey/include/linux/key.h
--- linux-2.6.9-rc2-mm2/include/linux/key.h	2004-09-23 10:20:02.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/include/linux/key.h	2004-09-23 14:50:01.000000000 +0100
@@ -29,6 +29,8 @@ typedef int32_t key_serial_t;
 /* key handle permissions mask */
 typedef uint32_t key_perm_t;
 
+struct key;
+
 #ifdef CONFIG_KEYS
 
 #undef KEY_DEBUGGING
@@ -57,7 +59,6 @@ typedef uint32_t key_perm_t;
 struct seq_file;
 struct user_struct;
 
-struct key;
 struct key_type;
 struct key_owner;
 struct keyring_list;
@@ -201,6 +202,13 @@ extern int key_negate_and_link(struct ke
 extern void key_revoke(struct key *key);
 extern void key_put(struct key *key);
 
+static inline struct key *key_get(struct key *key)
+{
+	if (key)
+		atomic_inc(&key->usage);
+	return key;
+}
+
 extern struct key *request_key(struct key_type *type,
 			       const char *description,
 			       const char *callout_info);
@@ -241,6 +249,8 @@ extern int keyring_add_key(struct key *k
 
 extern struct key *key_lookup(key_serial_t id);
 
+#define key_serial(key) ((key) ? (key)->serial : 0)
+
 /*
  * the userspace interface
  */
@@ -256,6 +266,9 @@ extern void key_fsgid_changed(struct tas
 
 #else /* CONFIG_KEYS */
 
+#define key_validate(k)			0
+#define key_serial(k)			0
+#define key_get(k) 			NULL
 #define key_put(k)			do { } while(0)
 #define alloc_uid_keyring(u)		0
 #define switch_uid_keyring(u)		do { } while(0)
diff -uNrp linux-2.6.9-rc2-mm2/security/keys/request_key.c linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c
--- linux-2.6.9-rc2-mm2/security/keys/request_key.c	2004-09-23 10:20:05.000000000 +0100
+++ linux-2.6.9-rc2-mm2-afskey/security/keys/request_key.c	2004-09-23 13:21:41.000000000 +0100
@@ -312,19 +312,21 @@ EXPORT_SYMBOL(request_key);
 int key_validate(struct key *key)
 {
 	struct timespec now;
-	int ret;
+	int ret = 0;
 
-	/* check it's still accessible */
-	ret = -EKEYREVOKED;
-	if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
-		goto error;
+	if (key) {
+		/* check it's still accessible */
+		ret = -EKEYREVOKED;
+		if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD))
+			goto error;
 
-	/* check it hasn't expired */
-	ret = 0;
-	if (key->expiry) {
-		now = current_kernel_time();
-		if (now.tv_sec >= key->expiry)
-			ret = -EKEYEXPIRED;
+		/* check it hasn't expired */
+		ret = 0;
+		if (key->expiry) {
+			now = current_kernel_time();
+			if (now.tv_sec >= key->expiry)
+				ret = -EKEYEXPIRED;
+		}
 	}
 
  error:
diff -uNrp linux-2.6.9-rc2-mm3/Documentation/keys.txt linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt
--- linux-2.6.9-rc2-mm3/Documentation/keys.txt	2004-09-24 12:38:24.000000000 +0100
+++ linux-2.6.9-rc2-mm3-afskey/Documentation/keys.txt	2004-09-24 18:33:52.991140246 +0100
@@ -630,7 +630,26 @@ locked, or else the data may be changed 
 
 	void key_put(struct key *key);
 
-    This can be called from interrupt context.
+    This can be called from interrupt context. If CONFIG_KEYS is not set then
+    the argument will not be parsed.
+
+
+(*) Extra references can be made to a key by calling the following function:
+
+	struct key *key_get(struct key *key);
+
+    These need to be disposed of by calling key_put() when they've been
+    finished with. The key pointer passed in will be returned. If the pointer
+    is NULL or CONFIG_KEYS is not set then the key will not be dereferenced and
+    no increment will take place.
+
+
+(*) A key's serial number can be obtained by calling:
+
+	key_serial_t key_serial(struct key *key);
+
+    If key is NULL or if CONFIG_KEYS is not set then 0 will be returned (in the
+    latter case without parsing the argument).
 
 
 (*) If a keyring was found in the search, this can be further searched by:
@@ -650,7 +669,8 @@ locked, or else the data may be changed 
 
     This checks that the key in question hasn't expired or and hasn't been
     revoked. Should the key be invalid, error EKEYEXPIRED or EKEYREVOKED will
-    be returned.
+    be returned. If the key is NULL or if CONFIG_KEYS is not set then 0 will be
+    returned (in the latter case without parsing the argument).
 
 
 (*) To register a key type, the following function should be called: