diff options
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/key.h | 12 | ||||
| -rw-r--r-- | include/linux/keyctl.h | 2 | ||||
| -rw-r--r-- | include/linux/sched.h | 1 |
3 files changed, 15 insertions, 0 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 4d189e51bc6..cbf464ad958 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -177,6 +177,8 @@ struct key { /* * kernel managed key type definition */ +typedef int (*request_key_actor_t)(struct key *key, struct key *authkey, const char *op); + struct key_type { /* name of the type */ const char *name; @@ -218,6 +220,16 @@ struct key_type { */ long (*read)(const struct key *key, char __user *buffer, size_t buflen); + /* handle request_key() for this type instead of invoking + * /sbin/request-key (optional) + * - key is the key to instantiate + * - authkey is the authority to assume when instantiating this key + * - op is the operation to be done, usually "create" + * - the call must not return until the instantiation process has run + * its course + */ + request_key_actor_t request_key; + /* internal fields */ struct list_head link; /* link in types list */ }; diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h index ec8f3d622a8..3365945640c 100644 --- a/include/linux/keyctl.h +++ b/include/linux/keyctl.h @@ -19,6 +19,7 @@ #define KEY_SPEC_USER_KEYRING -4 /* - key ID for UID-specific keyring */ #define KEY_SPEC_USER_SESSION_KEYRING -5 /* - key ID for UID-session keyring */ #define KEY_SPEC_GROUP_KEYRING -6 /* - key ID for GID-specific keyring */ +#define KEY_SPEC_REQKEY_AUTH_KEY -7 /* - key ID for assumed request_key auth key */ /* request-key default keyrings */ #define KEY_REQKEY_DEFL_NO_CHANGE -1 @@ -47,5 +48,6 @@ #define KEYCTL_NEGATE 13 /* negate a partially constructed key */ #define KEYCTL_SET_REQKEY_KEYRING 14 /* set default request-key keyring */ #define KEYCTL_SET_TIMEOUT 15 /* set key timeout */ +#define KEYCTL_ASSUME_AUTHORITY 16 /* assume request_key() authorisation */ #endif /* _LINUX_KEYCTL_H */ diff --git a/include/linux/sched.h b/include/linux/sched.h index 20bd7074910..78eb92ae4d9 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h @@ -771,6 +771,7 @@ struct task_struct { unsigned keep_capabilities:1; struct user_struct *user; #ifdef CONFIG_KEYS + struct key *request_key_auth; /* assumed request_key authority */ struct key *thread_keyring; /* keyring private to this thread */ unsigned char jit_keyring; /* default keyring to attach requested keys to */ #endif |