Commit | Line | Data |
---|---|---|
76181c13 | 1 | /* Request a key from userspace |
1da177e4 | 2 | * |
76181c13 | 3 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
fdb89bce | 19 | #include <linux/slab.h> |
1da177e4 LT |
20 | #include "internal.h" |
21 | ||
e9e349b0 DH |
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
23 | ||
76181c13 DH |
24 | /* |
25 | * wait_on_bit() sleep function for uninterruptible waiting | |
26 | */ | |
27 | static int key_wait_bit(void *flags) | |
28 | { | |
29 | schedule(); | |
30 | return 0; | |
31 | } | |
32 | ||
33 | /* | |
34 | * wait_on_bit() sleep function for interruptible waiting | |
35 | */ | |
36 | static int key_wait_bit_intr(void *flags) | |
37 | { | |
38 | schedule(); | |
39 | return signal_pending(current) ? -ERESTARTSYS : 0; | |
40 | } | |
41 | ||
42 | /* | |
43 | * call to complete the construction of a key | |
44 | */ | |
45 | void complete_request_key(struct key_construction *cons, int error) | |
46 | { | |
47 | kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); | |
1da177e4 | 48 | |
76181c13 DH |
49 | if (error < 0) |
50 | key_negate_and_link(cons->key, key_negative_timeout, NULL, | |
51 | cons->authkey); | |
52 | else | |
53 | key_revoke(cons->authkey); | |
54 | ||
55 | key_put(cons->key); | |
56 | key_put(cons->authkey); | |
57 | kfree(cons); | |
58 | } | |
59 | EXPORT_SYMBOL(complete_request_key); | |
1da177e4 | 60 | |
1da177e4 LT |
61 | /* |
62 | * request userspace finish the construction of a key | |
b5f545c8 | 63 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 64 | */ |
76181c13 | 65 | static int call_sbin_request_key(struct key_construction *cons, |
4e54f085 DH |
66 | const char *op, |
67 | void *aux) | |
1da177e4 | 68 | { |
86a264ab | 69 | const struct cred *cred = current_cred(); |
1da177e4 | 70 | key_serial_t prkey, sskey; |
76181c13 | 71 | struct key *key = cons->key, *authkey = cons->authkey, *keyring; |
b5f545c8 | 72 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
1da177e4 | 73 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 74 | char desc[20]; |
3e30148c DH |
75 | int ret, i; |
76 | ||
b5f545c8 | 77 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 78 | |
8bbf4976 DH |
79 | ret = install_user_keyrings(); |
80 | if (ret < 0) | |
81 | goto error_alloc; | |
82 | ||
b5f545c8 DH |
83 | /* allocate a new session keyring */ |
84 | sprintf(desc, "_req.%u", key->serial); | |
85 | ||
d84f4f99 DH |
86 | cred = get_current_cred(); |
87 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | |
7e047ef5 | 88 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
d84f4f99 | 89 | put_cred(cred); |
b5f545c8 DH |
90 | if (IS_ERR(keyring)) { |
91 | ret = PTR_ERR(keyring); | |
92 | goto error_alloc; | |
3e30148c | 93 | } |
1da177e4 | 94 | |
b5f545c8 DH |
95 | /* attach the auth key to the session keyring */ |
96 | ret = __key_link(keyring, authkey); | |
97 | if (ret < 0) | |
98 | goto error_link; | |
99 | ||
1da177e4 | 100 | /* record the UID and GID */ |
86a264ab DH |
101 | sprintf(uid_str, "%d", cred->fsuid); |
102 | sprintf(gid_str, "%d", cred->fsgid); | |
1da177e4 LT |
103 | |
104 | /* we say which key is under construction */ | |
105 | sprintf(key_str, "%d", key->serial); | |
106 | ||
107 | /* we specify the process's default keyrings */ | |
108 | sprintf(keyring_str[0], "%d", | |
d84f4f99 | 109 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
1da177e4 LT |
110 | |
111 | prkey = 0; | |
bb952bb9 DH |
112 | if (cred->tgcred->process_keyring) |
113 | prkey = cred->tgcred->process_keyring->serial; | |
1da177e4 | 114 | |
bb952bb9 DH |
115 | if (cred->tgcred->session_keyring) |
116 | sskey = rcu_dereference(cred->tgcred->session_keyring)->serial; | |
117 | else | |
86a264ab | 118 | sskey = cred->user->session_keyring->serial; |
1da177e4 | 119 | |
1da177e4 LT |
120 | sprintf(keyring_str[2], "%d", sskey); |
121 | ||
122 | /* set up a minimal environment */ | |
123 | i = 0; | |
124 | envp[i++] = "HOME=/"; | |
125 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
126 | envp[i] = NULL; | |
127 | ||
128 | /* set up the argument list */ | |
129 | i = 0; | |
130 | argv[i++] = "/sbin/request-key"; | |
131 | argv[i++] = (char *) op; | |
132 | argv[i++] = key_str; | |
133 | argv[i++] = uid_str; | |
134 | argv[i++] = gid_str; | |
135 | argv[i++] = keyring_str[0]; | |
136 | argv[i++] = keyring_str[1]; | |
137 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
138 | argv[i] = NULL; |
139 | ||
140 | /* do it */ | |
86313c48 JF |
141 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, |
142 | UMH_WAIT_PROC); | |
76181c13 DH |
143 | kdebug("usermode -> 0x%x", ret); |
144 | if (ret >= 0) { | |
145 | /* ret is the exit/wait code */ | |
146 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || | |
147 | key_validate(key) < 0) | |
148 | ret = -ENOKEY; | |
149 | else | |
150 | /* ignore any errors from userspace if the key was | |
151 | * instantiated */ | |
152 | ret = 0; | |
153 | } | |
3e30148c | 154 | |
b5f545c8 DH |
155 | error_link: |
156 | key_put(keyring); | |
3e30148c | 157 | |
b5f545c8 | 158 | error_alloc: |
76181c13 | 159 | complete_request_key(cons, ret); |
d84f4f99 | 160 | kleave(" = %d", ret); |
3e30148c | 161 | return ret; |
76181c13 | 162 | } |
1da177e4 | 163 | |
1da177e4 | 164 | /* |
76181c13 | 165 | * call out to userspace for key construction |
1da177e4 LT |
166 | * - we ignore program failure and go on key status instead |
167 | */ | |
4a38e122 | 168 | static int construct_key(struct key *key, const void *callout_info, |
8bbf4976 DH |
169 | size_t callout_len, void *aux, |
170 | struct key *dest_keyring) | |
1da177e4 | 171 | { |
76181c13 | 172 | struct key_construction *cons; |
b5f545c8 | 173 | request_key_actor_t actor; |
76181c13 DH |
174 | struct key *authkey; |
175 | int ret; | |
1da177e4 | 176 | |
4a38e122 | 177 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
3e30148c | 178 | |
76181c13 DH |
179 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
180 | if (!cons) | |
181 | return -ENOMEM; | |
1da177e4 | 182 | |
b5f545c8 | 183 | /* allocate an authorisation key */ |
8bbf4976 DH |
184 | authkey = request_key_auth_new(key, callout_info, callout_len, |
185 | dest_keyring); | |
b5f545c8 | 186 | if (IS_ERR(authkey)) { |
76181c13 | 187 | kfree(cons); |
b5f545c8 DH |
188 | ret = PTR_ERR(authkey); |
189 | authkey = NULL; | |
76181c13 DH |
190 | } else { |
191 | cons->authkey = key_get(authkey); | |
192 | cons->key = key_get(key); | |
193 | ||
194 | /* make the call */ | |
195 | actor = call_sbin_request_key; | |
196 | if (key->type->request_key) | |
197 | actor = key->type->request_key; | |
198 | ||
199 | ret = actor(cons, "create", aux); | |
200 | ||
201 | /* check that the actor called complete_request_key() prior to | |
202 | * returning an error */ | |
203 | WARN_ON(ret < 0 && | |
204 | !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); | |
205 | key_put(authkey); | |
1da177e4 LT |
206 | } |
207 | ||
76181c13 DH |
208 | kleave(" = %d", ret); |
209 | return ret; | |
210 | } | |
1da177e4 | 211 | |
3e30148c | 212 | /* |
8bbf4976 DH |
213 | * get the appropriate destination keyring for the request |
214 | * - we return whatever keyring we select with an extra reference upon it which | |
215 | * the caller must release | |
3e30148c | 216 | */ |
8bbf4976 | 217 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
3e30148c | 218 | { |
8bbf4976 | 219 | struct request_key_auth *rka; |
bb952bb9 | 220 | const struct cred *cred = current_cred(); |
8bbf4976 | 221 | struct key *dest_keyring = *_dest_keyring, *authkey; |
3e30148c | 222 | |
8bbf4976 | 223 | kenter("%p", dest_keyring); |
3e30148c DH |
224 | |
225 | /* find the appropriate keyring */ | |
8bbf4976 DH |
226 | if (dest_keyring) { |
227 | /* the caller supplied one */ | |
228 | key_get(dest_keyring); | |
229 | } else { | |
230 | /* use a default keyring; falling through the cases until we | |
231 | * find one that we actually have */ | |
bb952bb9 | 232 | switch (cred->jit_keyring) { |
3e30148c | 233 | case KEY_REQKEY_DEFL_DEFAULT: |
8bbf4976 | 234 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
bb952bb9 DH |
235 | if (cred->request_key_auth) { |
236 | authkey = cred->request_key_auth; | |
8bbf4976 DH |
237 | down_read(&authkey->sem); |
238 | rka = authkey->payload.data; | |
239 | if (!test_bit(KEY_FLAG_REVOKED, | |
240 | &authkey->flags)) | |
241 | dest_keyring = | |
242 | key_get(rka->dest_keyring); | |
243 | up_read(&authkey->sem); | |
244 | if (dest_keyring) | |
245 | break; | |
246 | } | |
247 | ||
3e30148c | 248 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
bb952bb9 | 249 | dest_keyring = key_get(cred->thread_keyring); |
3e30148c DH |
250 | if (dest_keyring) |
251 | break; | |
252 | ||
253 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
bb952bb9 | 254 | dest_keyring = key_get(cred->tgcred->process_keyring); |
3e30148c DH |
255 | if (dest_keyring) |
256 | break; | |
257 | ||
258 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
259 | rcu_read_lock(); | |
260 | dest_keyring = key_get( | |
bb952bb9 | 261 | rcu_dereference(cred->tgcred->session_keyring)); |
3e30148c | 262 | rcu_read_unlock(); |
3e30148c DH |
263 | |
264 | if (dest_keyring) | |
265 | break; | |
266 | ||
267 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
b6dff3ec | 268 | dest_keyring = |
bb952bb9 | 269 | key_get(cred->user->session_keyring); |
3e30148c DH |
270 | break; |
271 | ||
272 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
bb952bb9 | 273 | dest_keyring = key_get(cred->user->uid_keyring); |
3e30148c DH |
274 | break; |
275 | ||
276 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
277 | default: | |
278 | BUG(); | |
279 | } | |
280 | } | |
281 | ||
8bbf4976 DH |
282 | *_dest_keyring = dest_keyring; |
283 | kleave(" [dk %d]", key_serial(dest_keyring)); | |
284 | return; | |
76181c13 | 285 | } |
3e30148c | 286 | |
76181c13 DH |
287 | /* |
288 | * allocate a new key in under-construction state and attempt to link it in to | |
289 | * the requested place | |
290 | * - may return a key that's already under construction instead | |
291 | */ | |
292 | static int construct_alloc_key(struct key_type *type, | |
293 | const char *description, | |
294 | struct key *dest_keyring, | |
295 | unsigned long flags, | |
296 | struct key_user *user, | |
297 | struct key **_key) | |
298 | { | |
d84f4f99 | 299 | const struct cred *cred = current_cred(); |
76181c13 DH |
300 | struct key *key; |
301 | key_ref_t key_ref; | |
302 | ||
303 | kenter("%s,%s,,,", type->name, description); | |
304 | ||
305 | mutex_lock(&user->cons_lock); | |
306 | ||
d84f4f99 DH |
307 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
308 | KEY_POS_ALL, flags); | |
76181c13 DH |
309 | if (IS_ERR(key)) |
310 | goto alloc_failed; | |
311 | ||
312 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | |
313 | ||
8bbf4976 | 314 | down_write(&dest_keyring->sem); |
76181c13 DH |
315 | |
316 | /* attach the key to the destination keyring under lock, but we do need | |
317 | * to do another check just in case someone beat us to it whilst we | |
318 | * waited for locks */ | |
319 | mutex_lock(&key_construction_mutex); | |
320 | ||
d84f4f99 | 321 | key_ref = search_process_keyrings(type, description, type->match, cred); |
76181c13 DH |
322 | if (!IS_ERR(key_ref)) |
323 | goto key_already_present; | |
324 | ||
8bbf4976 | 325 | __key_link(dest_keyring, key); |
76181c13 DH |
326 | |
327 | mutex_unlock(&key_construction_mutex); | |
8bbf4976 | 328 | up_write(&dest_keyring->sem); |
76181c13 DH |
329 | mutex_unlock(&user->cons_lock); |
330 | *_key = key; | |
331 | kleave(" = 0 [%d]", key_serial(key)); | |
332 | return 0; | |
333 | ||
334 | key_already_present: | |
335 | mutex_unlock(&key_construction_mutex); | |
336 | if (dest_keyring) | |
337 | up_write(&dest_keyring->sem); | |
338 | mutex_unlock(&user->cons_lock); | |
339 | key_put(key); | |
340 | *_key = key = key_ref_to_ptr(key_ref); | |
341 | kleave(" = -EINPROGRESS [%d]", key_serial(key)); | |
342 | return -EINPROGRESS; | |
343 | ||
344 | alloc_failed: | |
345 | mutex_unlock(&user->cons_lock); | |
346 | *_key = NULL; | |
347 | kleave(" = %ld", PTR_ERR(key)); | |
348 | return PTR_ERR(key); | |
349 | } | |
350 | ||
351 | /* | |
352 | * commence key construction | |
353 | */ | |
354 | static struct key *construct_key_and_link(struct key_type *type, | |
355 | const char *description, | |
356 | const char *callout_info, | |
4a38e122 | 357 | size_t callout_len, |
76181c13 DH |
358 | void *aux, |
359 | struct key *dest_keyring, | |
360 | unsigned long flags) | |
361 | { | |
362 | struct key_user *user; | |
363 | struct key *key; | |
364 | int ret; | |
365 | ||
d84f4f99 DH |
366 | kenter(""); |
367 | ||
47d804bf | 368 | user = key_user_lookup(current_fsuid()); |
76181c13 DH |
369 | if (!user) |
370 | return ERR_PTR(-ENOMEM); | |
371 | ||
8bbf4976 DH |
372 | construct_get_dest_keyring(&dest_keyring); |
373 | ||
76181c13 DH |
374 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
375 | &key); | |
376 | key_user_put(user); | |
377 | ||
378 | if (ret == 0) { | |
8bbf4976 DH |
379 | ret = construct_key(key, callout_info, callout_len, aux, |
380 | dest_keyring); | |
d84f4f99 DH |
381 | if (ret < 0) { |
382 | kdebug("cons failed"); | |
76181c13 | 383 | goto construction_failed; |
d84f4f99 | 384 | } |
76181c13 DH |
385 | } |
386 | ||
8bbf4976 | 387 | key_put(dest_keyring); |
d84f4f99 | 388 | kleave(" = key %d", key_serial(key)); |
76181c13 DH |
389 | return key; |
390 | ||
391 | construction_failed: | |
392 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | |
393 | key_put(key); | |
8bbf4976 | 394 | key_put(dest_keyring); |
d84f4f99 | 395 | kleave(" = %d", ret); |
76181c13 DH |
396 | return ERR_PTR(ret); |
397 | } | |
3e30148c | 398 | |
1da177e4 LT |
399 | /* |
400 | * request a key | |
401 | * - search the process's keyrings | |
402 | * - check the list of keys being created or updated | |
3e30148c DH |
403 | * - call out to userspace for a key if supplementary info was provided |
404 | * - cache the key in an appropriate keyring | |
1da177e4 | 405 | */ |
3e30148c DH |
406 | struct key *request_key_and_link(struct key_type *type, |
407 | const char *description, | |
4a38e122 DH |
408 | const void *callout_info, |
409 | size_t callout_len, | |
4e54f085 | 410 | void *aux, |
7e047ef5 DH |
411 | struct key *dest_keyring, |
412 | unsigned long flags) | |
1da177e4 | 413 | { |
d84f4f99 | 414 | const struct cred *cred = current_cred(); |
1da177e4 | 415 | struct key *key; |
664cceb0 | 416 | key_ref_t key_ref; |
1da177e4 | 417 | |
4a38e122 DH |
418 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
419 | type->name, description, callout_info, callout_len, aux, | |
4e54f085 | 420 | dest_keyring, flags); |
3e30148c | 421 | |
1da177e4 | 422 | /* search all the process keyrings for a key */ |
664cceb0 | 423 | key_ref = search_process_keyrings(type, description, type->match, |
d84f4f99 | 424 | cred); |
1da177e4 | 425 | |
664cceb0 DH |
426 | if (!IS_ERR(key_ref)) { |
427 | key = key_ref_to_ptr(key_ref); | |
76181c13 | 428 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
e231c2ee | 429 | key = ERR_CAST(key_ref); |
76181c13 | 430 | } else { |
1da177e4 LT |
431 | /* the search failed, but the keyrings were searchable, so we |
432 | * should consult userspace if we can */ | |
433 | key = ERR_PTR(-ENOKEY); | |
434 | if (!callout_info) | |
435 | goto error; | |
436 | ||
76181c13 | 437 | key = construct_key_and_link(type, description, callout_info, |
4a38e122 DH |
438 | callout_len, aux, dest_keyring, |
439 | flags); | |
1da177e4 LT |
440 | } |
441 | ||
3e30148c DH |
442 | error: |
443 | kleave(" = %p", key); | |
1da177e4 | 444 | return key; |
76181c13 | 445 | } |
1da177e4 | 446 | |
76181c13 DH |
447 | /* |
448 | * wait for construction of a key to complete | |
449 | */ | |
450 | int wait_for_key_construction(struct key *key, bool intr) | |
451 | { | |
452 | int ret; | |
3e30148c | 453 | |
76181c13 DH |
454 | ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, |
455 | intr ? key_wait_bit_intr : key_wait_bit, | |
456 | intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); | |
457 | if (ret < 0) | |
458 | return ret; | |
459 | return key_validate(key); | |
460 | } | |
461 | EXPORT_SYMBOL(wait_for_key_construction); | |
3e30148c | 462 | |
3e30148c DH |
463 | /* |
464 | * request a key | |
465 | * - search the process's keyrings | |
466 | * - check the list of keys being created or updated | |
467 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 468 | * - waits uninterruptible for creation to complete |
3e30148c DH |
469 | */ |
470 | struct key *request_key(struct key_type *type, | |
471 | const char *description, | |
472 | const char *callout_info) | |
473 | { | |
76181c13 | 474 | struct key *key; |
4a38e122 | 475 | size_t callout_len = 0; |
76181c13 DH |
476 | int ret; |
477 | ||
4a38e122 DH |
478 | if (callout_info) |
479 | callout_len = strlen(callout_info); | |
480 | key = request_key_and_link(type, description, callout_info, callout_len, | |
481 | NULL, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
482 | if (!IS_ERR(key)) { |
483 | ret = wait_for_key_construction(key, false); | |
484 | if (ret < 0) { | |
485 | key_put(key); | |
486 | return ERR_PTR(ret); | |
487 | } | |
488 | } | |
489 | return key; | |
490 | } | |
1da177e4 | 491 | EXPORT_SYMBOL(request_key); |
4e54f085 | 492 | |
4e54f085 DH |
493 | /* |
494 | * request a key with auxiliary data for the upcaller | |
495 | * - search the process's keyrings | |
496 | * - check the list of keys being created or updated | |
497 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 498 | * - waits uninterruptible for creation to complete |
4e54f085 DH |
499 | */ |
500 | struct key *request_key_with_auxdata(struct key_type *type, | |
501 | const char *description, | |
4a38e122 DH |
502 | const void *callout_info, |
503 | size_t callout_len, | |
4e54f085 DH |
504 | void *aux) |
505 | { | |
76181c13 DH |
506 | struct key *key; |
507 | int ret; | |
508 | ||
4a38e122 DH |
509 | key = request_key_and_link(type, description, callout_info, callout_len, |
510 | aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
511 | if (!IS_ERR(key)) { |
512 | ret = wait_for_key_construction(key, false); | |
513 | if (ret < 0) { | |
514 | key_put(key); | |
515 | return ERR_PTR(ret); | |
516 | } | |
517 | } | |
518 | return key; | |
519 | } | |
520 | EXPORT_SYMBOL(request_key_with_auxdata); | |
4e54f085 | 521 | |
76181c13 DH |
522 | /* |
523 | * request a key (allow async construction) | |
524 | * - search the process's keyrings | |
525 | * - check the list of keys being created or updated | |
526 | * - call out to userspace for a key if supplementary info was provided | |
527 | */ | |
528 | struct key *request_key_async(struct key_type *type, | |
529 | const char *description, | |
4a38e122 DH |
530 | const void *callout_info, |
531 | size_t callout_len) | |
76181c13 | 532 | { |
4a38e122 DH |
533 | return request_key_and_link(type, description, callout_info, |
534 | callout_len, NULL, NULL, | |
535 | KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
536 | } |
537 | EXPORT_SYMBOL(request_key_async); | |
4e54f085 | 538 | |
76181c13 DH |
539 | /* |
540 | * request a key with auxiliary data for the upcaller (allow async construction) | |
541 | * - search the process's keyrings | |
542 | * - check the list of keys being created or updated | |
543 | * - call out to userspace for a key if supplementary info was provided | |
544 | */ | |
545 | struct key *request_key_async_with_auxdata(struct key_type *type, | |
546 | const char *description, | |
4a38e122 DH |
547 | const void *callout_info, |
548 | size_t callout_len, | |
76181c13 DH |
549 | void *aux) |
550 | { | |
4a38e122 DH |
551 | return request_key_and_link(type, description, callout_info, |
552 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
553 | } |
554 | EXPORT_SYMBOL(request_key_async_with_auxdata); |