[GitHub/mt8127/android_kernel_alcatel_ttab.git] / include / linux / key.h

/* key.h: authentication token and access key management
 *
 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 *
 *
 * See Documentation/keys.txt for information on keys/keyrings.
 */

#ifndef _LINUX_KEY_H
#define _LINUX_KEY_H

#include <linux/types.h>
#include <linux/list.h>
#include <linux/rbtree.h>
#include <linux/rcupdate.h>
#include <asm/atomic.h>

#ifdef __KERNEL__

/* key handle serial number */
typedef int32_t key_serial_t;

/* key handle permissions mask */
typedef uint32_t key_perm_t;

struct key;

#ifdef CONFIG_KEYS

#undef KEY_DEBUGGING

#define KEY_POS_VIEW	0x01000000	/* possessor can view a key's attributes */
#define KEY_POS_READ	0x02000000	/* possessor can read key payload / view keyring */
#define KEY_POS_WRITE	0x04000000	/* possessor can update key payload / add link to keyring */
#define KEY_POS_SEARCH	0x08000000	/* possessor can find a key in search / search a keyring */
#define KEY_POS_LINK	0x10000000	/* possessor can create a link to a key/keyring */
#define KEY_POS_SETATTR	0x20000000	/* possessor can set key attributes */
#define KEY_POS_ALL	0x3f000000

#define KEY_USR_VIEW	0x00010000	/* user permissions... */
#define KEY_USR_READ	0x00020000
#define KEY_USR_WRITE	0x00040000
#define KEY_USR_SEARCH	0x00080000
#define KEY_USR_LINK	0x00100000
#define KEY_USR_SETATTR	0x00200000
#define KEY_USR_ALL	0x003f0000

#define KEY_GRP_VIEW	0x00000100	/* group permissions... */
#define KEY_GRP_READ	0x00000200
#define KEY_GRP_WRITE	0x00000400
#define KEY_GRP_SEARCH	0x00000800
#define KEY_GRP_LINK	0x00001000
#define KEY_GRP_SETATTR	0x00002000
#define KEY_GRP_ALL	0x00003f00

#define KEY_OTH_VIEW	0x00000001	/* third party permissions... */
#define KEY_OTH_READ	0x00000002
#define KEY_OTH_WRITE	0x00000004
#define KEY_OTH_SEARCH	0x00000008
#define KEY_OTH_LINK	0x00000010
#define KEY_OTH_SETATTR	0x00000020
#define KEY_OTH_ALL	0x0000003f

struct seq_file;
struct user_struct;
struct signal_struct;

struct key_type;
struct key_owner;
struct keyring_list;
struct keyring_name;

/*****************************************************************************/
/*
 * key reference with possession attribute handling
 *
 * NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
 * defined. This is because we abuse the bottom bit of the reference to carry a
 * flag to indicate whether the calling process possesses that key in one of
 * its keyrings.
 *
 * the key_ref_t has been made a separate type so that the compiler can reject
 * attempts to dereference it without proper conversion.
 *
 * the three functions are used to assemble and disassemble references
 */
typedef struct __key_reference_with_attributes *key_ref_t;

static inline key_ref_t make_key_ref(const struct key *key,
				     unsigned long possession)
{
	return (key_ref_t) ((unsigned long) key | possession);
}

static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
{
	return (struct key *) ((unsigned long) key_ref & ~1UL);
}

static inline unsigned long is_key_possessed(const key_ref_t key_ref)
{
	return (unsigned long) key_ref & 1UL;
}

/*****************************************************************************/
/*
 * authentication token / access credential / keyring
 * - types of key include:
 *   - keyrings
 *   - disk encryption IDs
 *   - Kerberos TGTs and tickets
 */
struct key {
	atomic_t		usage;		/* number of references */
	key_serial_t		serial;		/* key serial number */
	struct rb_node		serial_node;
	struct key_type		*type;		/* type of key */
	struct rw_semaphore	sem;		/* change vs change sem */
	struct key_user		*user;		/* owner of this key */
	void			*security;	/* security data for this key */
	time_t			expiry;		/* time at which key expires (or 0) */
	uid_t			uid;
	gid_t			gid;
	key_perm_t		perm;		/* access permissions */
	unsigned short		quotalen;	/* length added to quota */
	unsigned short		datalen;	/* payload data length
						 * - may not match RCU dereferenced payload
						 * - payload should contain own length
						 */

#ifdef KEY_DEBUGGING
	unsigned		magic;
#define KEY_DEBUG_MAGIC		0x18273645u
#define KEY_DEBUG_MAGIC_X	0xf8e9dacbu
#endif

	unsigned long		flags;		/* status flags (change with bitops) */
#define KEY_FLAG_INSTANTIATED	0	/* set if key has been instantiated */
#define KEY_FLAG_DEAD		1	/* set if key type has been deleted */
#define KEY_FLAG_REVOKED	2	/* set if key had been revoked */
#define KEY_FLAG_IN_QUOTA	3	/* set if key consumes quota */
#define KEY_FLAG_USER_CONSTRUCT	4	/* set if key is being constructed in userspace */
#define KEY_FLAG_NEGATIVE	5	/* set if key is negative */

	/* the description string
	 * - this is used to match a key against search criteria
	 * - this should be a printable string
	 * - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
	 */
	char			*description;

	/* type specific data
	 * - this is used by the keyring type to index the name
	 */
	union {
		struct list_head	link;
	} type_data;

	/* key data
	 * - this is used to hold the data actually used in cryptography or
	 *   whatever
	 */
	union {
		unsigned long		value;
		void			*data;
		struct keyring_list	*subscriptions;
	} payload;
};

/*****************************************************************************/
/*
 * kernel managed key type definition
 */
typedef int (*request_key_actor_t)(struct key *key, struct key *authkey,
				   const char *op, void *aux);

struct key_type {
	/* name of the type */
	const char *name;

	/* default payload length for quota precalculation (optional)
	 * - this can be used instead of calling key_payload_reserve(), that
	 *   function only needs to be called if the real datalen is different
	 */
	size_t def_datalen;

	/* instantiate a key of this type
	 * - this method should call key_payload_reserve() to determine if the
	 *   user's quota will hold the payload
	 */
	int (*instantiate)(struct key *key, const void *data, size_t datalen);

	/* update a key of this type (optional)
	 * - this method should call key_payload_reserve() to recalculate the
	 *   quota consumption
	 * - the key must be locked against read when modifying
	 */
	int (*update)(struct key *key, const void *data, size_t datalen);

	/* match a key against a description */
	int (*match)(const struct key *key, const void *desc);

	/* clear some of the data from a key on revokation (optional)
	 * - the key's semaphore will be write-locked by the caller
	 */
	void (*revoke)(struct key *key);

	/* clear the data from a key (optional) */
	void (*destroy)(struct key *key);

	/* describe a key */
	void (*describe)(const struct key *key, struct seq_file *p);

	/* read a key's data (optional)
	 * - permission checks will be done by the caller
	 * - the key's semaphore will be readlocked by the caller
	 * - should return the amount of data that could be read, no matter how
	 *   much is copied into the buffer
	 * - shouldn't do the copy if the buffer is NULL
	 */
	long (*read)(const struct key *key, char __user *buffer, size_t buflen);

	/* handle request_key() for this type instead of invoking
	 * /sbin/request-key (optional)
	 * - key is the key to instantiate
	 * - authkey is the authority to assume when instantiating this key
	 * - op is the operation to be done, usually "create"
	 * - the call must not return until the instantiation process has run
	 *   its course
	 */
	request_key_actor_t request_key;

	/* internal fields */
	struct list_head	link;		/* link in types list */
};

extern struct key_type key_type_keyring;

extern int register_key_type(struct key_type *ktype);
extern void unregister_key_type(struct key_type *ktype);

extern struct key *key_alloc(struct key_type *type,
			     const char *desc,
			     uid_t uid, gid_t gid,
			     struct task_struct *ctx,
			     key_perm_t perm,
			     unsigned long flags);


#define KEY_ALLOC_IN_QUOTA	0x0000	/* add to quota, reject if would overrun */
#define KEY_ALLOC_QUOTA_OVERRUN	0x0001	/* add to quota, permit even if overrun */
#define KEY_ALLOC_NOT_IN_QUOTA	0x0002	/* not in quota */

extern int key_payload_reserve(struct key *key, size_t datalen);
extern int key_instantiate_and_link(struct key *key,
				    const void *data,
				    size_t datalen,
				    struct key *keyring,
				    struct key *instkey);
extern int key_negate_and_link(struct key *key,
			       unsigned timeout,
			       struct key *keyring,
			       struct key *instkey);
extern void key_revoke(struct key *key);
extern void key_put(struct key *key);

static inline struct key *key_get(struct key *key)
{
	if (key)
		atomic_inc(&key->usage);
	return key;
}

static inline void key_ref_put(key_ref_t key_ref)
{
	key_put(key_ref_to_ptr(key_ref));
}

extern struct key *request_key(struct key_type *type,
			       const char *description,
			       const char *callout_info);

extern struct key *request_key_with_auxdata(struct key_type *type,
					    const char *description,
					    const char *callout_info,
					    void *aux);

extern int key_validate(struct key *key);

extern key_ref_t key_create_or_update(key_ref_t keyring,
				      const char *type,
				      const char *description,
				      const void *payload,
				      size_t plen,
				      unsigned long flags);

extern int key_update(key_ref_t key,
		      const void *payload,
		      size_t plen);

extern int key_link(struct key *keyring,
		    struct key *key);

extern int key_unlink(struct key *keyring,
		      struct key *key);

extern struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
				 struct task_struct *ctx,
				 unsigned long flags,
				 struct key *dest);

extern int keyring_clear(struct key *keyring);

extern key_ref_t keyring_search(key_ref_t keyring,
				struct key_type *type,
				const char *description);

extern int keyring_add_key(struct key *keyring,
			   struct key *key);

extern struct key *key_lookup(key_serial_t id);

extern void keyring_replace_payload(struct key *key, void *replacement);

#define key_serial(key) ((key) ? (key)->serial : 0)

/*
 * the userspace interface
 */
extern struct key root_user_keyring, root_session_keyring;
extern int alloc_uid_keyring(struct user_struct *user,
			     struct task_struct *ctx);
extern void switch_uid_keyring(struct user_struct *new_user);
extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
extern int copy_thread_group_keys(struct task_struct *tsk);
extern void exit_keys(struct task_struct *tsk);
extern void exit_thread_group_keys(struct signal_struct *tg);
extern int suid_keys(struct task_struct *tsk);
extern int exec_keys(struct task_struct *tsk);
extern void key_fsuid_changed(struct task_struct *tsk);
extern void key_fsgid_changed(struct task_struct *tsk);
extern void key_init(void);

#define __install_session_keyring(tsk, keyring)			\
({								\
	struct key *old_session = tsk->signal->session_keyring;	\
	tsk->signal->session_keyring = keyring;			\
	old_session;						\
})

#else /* CONFIG_KEYS */

#define key_validate(k)			0
#define key_serial(k)			0
#define key_get(k) 			({ NULL; })
#define key_put(k)			do { } while(0)
#define key_ref_put(k)			do { } while(0)
#define make_key_ref(k)			({ NULL; })
#define key_ref_to_ptr(k)		({ NULL; })
#define is_key_possessed(k)		0
#define alloc_uid_keyring(u,c)		0
#define switch_uid_keyring(u)		do { } while(0)
#define __install_session_keyring(t, k)	({ NULL; })
#define copy_keys(f,t)			0
#define copy_thread_group_keys(t)	0
#define exit_keys(t)			do { } while(0)
#define exit_thread_group_keys(tg)	do { } while(0)
#define suid_keys(t)			do { } while(0)
#define exec_keys(t)			do { } while(0)
#define key_fsuid_changed(t)		do { } while(0)
#define key_fsgid_changed(t)		do { } while(0)
#define key_init()			do { } while(0)

/* Initial keyrings */
extern struct key root_user_keyring;
extern struct key root_session_keyring;

#endif /* CONFIG_KEYS */
#endif /* __KERNEL__ */
#endif /* _LINUX_KEY_H */
Commit	Line	Data
1da177e4 LT	1	/* key.h: authentication token and access key management
	2	*
	3	* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
	4	* Written by David Howells (dhowells@redhat.com)
	5	*
	6	* This program is free software; you can redistribute it and/or
	7	* modify it under the terms of the GNU General Public License
	8	* as published by the Free Software Foundation; either version
	9	* 2 of the License, or (at your option) any later version.
	10	*
	11	*
	12	* See Documentation/keys.txt for information on keys/keyrings.
	13	*/
	14
	15	#ifndef _LINUX_KEY_H
	16	#define _LINUX_KEY_H
	17
	18	#include <linux/types.h>
	19	#include <linux/list.h>
	20	#include <linux/rbtree.h>
76d8aeab	21	#include <linux/rcupdate.h>
1da177e4 LT	22	#include <asm/atomic.h>
	23
	24	#ifdef __KERNEL__
	25
	26	/* key handle serial number */
	27	typedef int32_t key_serial_t;
	28
	29	/* key handle permissions mask */
	30	typedef uint32_t key_perm_t;
	31
	32	struct key;
	33
	34	#ifdef CONFIG_KEYS
	35
	36	#undef KEY_DEBUGGING
	37
664cceb0 DH	38	#define KEY_POS_VIEW 0x01000000 /* possessor can view a key's attributes */
	39	#define KEY_POS_READ 0x02000000 /* possessor can read key payload / view keyring */
	40	#define KEY_POS_WRITE 0x04000000 /* possessor can update key payload / add link to keyring */
	41	#define KEY_POS_SEARCH 0x08000000 /* possessor can find a key in search / search a keyring */
	42	#define KEY_POS_LINK 0x10000000 /* possessor can create a link to a key/keyring */
29db9190 DH	43	#define KEY_POS_SETATTR 0x20000000 /* possessor can set key attributes */
29db9190 DH	44	#define KEY_POS_ALL 0x3f000000
664cceb0 DH	45
	46	#define KEY_USR_VIEW 0x00010000 /* user permissions... */
	47	#define KEY_USR_READ 0x00020000
	48	#define KEY_USR_WRITE 0x00040000
	49	#define KEY_USR_SEARCH 0x00080000
	50	#define KEY_USR_LINK 0x00100000
29db9190 DH	51	#define KEY_USR_SETATTR 0x00200000
29db9190 DH	52	#define KEY_USR_ALL 0x003f0000
1da177e4 LT	53
	54	#define KEY_GRP_VIEW 0x00000100 /* group permissions... */
	55	#define KEY_GRP_READ 0x00000200
	56	#define KEY_GRP_WRITE 0x00000400
	57	#define KEY_GRP_SEARCH 0x00000800
	58	#define KEY_GRP_LINK 0x00001000
29db9190 DH	59	#define KEY_GRP_SETATTR 0x00002000
29db9190 DH	60	#define KEY_GRP_ALL 0x00003f00
1da177e4 LT	61
	62	#define KEY_OTH_VIEW 0x00000001 /* third party permissions... */
	63	#define KEY_OTH_READ 0x00000002
	64	#define KEY_OTH_WRITE 0x00000004
	65	#define KEY_OTH_SEARCH 0x00000008
	66	#define KEY_OTH_LINK 0x00000010
29db9190 DH	67	#define KEY_OTH_SETATTR 0x00000020
29db9190 DH	68	#define KEY_OTH_ALL 0x0000003f
1da177e4 LT	69
	70	struct seq_file;
	71	struct user_struct;
	72	struct signal_struct;
	73
	74	struct key_type;
	75	struct key_owner;
	76	struct keyring_list;
	77	struct keyring_name;
	78
664cceb0 DH	79	/*****************************************************************************/
	80	/*
	81	* key reference with possession attribute handling
	82	*
	83	* NOTE! key_ref_t is a typedef'd pointer to a type that is not actually
	84	* defined. This is because we abuse the bottom bit of the reference to carry a
	85	* flag to indicate whether the calling process possesses that key in one of
	86	* its keyrings.
	87	*
	88	* the key_ref_t has been made a separate type so that the compiler can reject
	89	* attempts to dereference it without proper conversion.
	90	*
	91	* the three functions are used to assemble and disassemble references
	92	*/
	93	typedef struct __key_reference_with_attributes *key_ref_t;
	94
	95	static inline key_ref_t make_key_ref(const struct key *key,
	96	unsigned long possession)
	97	{
	98	return (key_ref_t) ((unsigned long) key \| possession);
	99	}
	100
	101	static inline struct key *key_ref_to_ptr(const key_ref_t key_ref)
	102	{
	103	return (struct key *) ((unsigned long) key_ref & ~1UL);
	104	}
	105
	106	static inline unsigned long is_key_possessed(const key_ref_t key_ref)
	107	{
	108	return (unsigned long) key_ref & 1UL;
	109	}
	110
1da177e4 LT	111	/*****************************************************************************/
	112	/*
	113	* authentication token / access credential / keyring
	114	* - types of key include:
	115	* - keyrings
	116	* - disk encryption IDs
	117	* - Kerberos TGTs and tickets
	118	*/
	119	struct key {
	120	atomic_t usage; /* number of references */
	121	key_serial_t serial; /* key serial number */
	122	struct rb_node serial_node;
	123	struct key_type type; / type of key */
1da177e4 LT	124	struct rw_semaphore sem; /* change vs change sem */
1da177e4 LT	125	struct key_user user; / owner of this key */
29db9190	126	void security; / security data for this key */
1da177e4 LT	127	time_t expiry; /* time at which key expires (or 0) */
	128	uid_t uid;
	129	gid_t gid;
	130	key_perm_t perm; /* access permissions */
	131	unsigned short quotalen; /* length added to quota */
76d8aeab DH	132	unsigned short datalen; /* payload data length
	133	* - may not match RCU dereferenced payload
	134	* - payload should contain own length
	135	*/
1da177e4 LT	136
	137	#ifdef KEY_DEBUGGING
	138	unsigned magic;
	139	#define KEY_DEBUG_MAGIC 0x18273645u
	140	#define KEY_DEBUG_MAGIC_X 0xf8e9dacbu
	141	#endif
	142
76d8aeab DH	143	unsigned long flags; /* status flags (change with bitops) */
	144	#define KEY_FLAG_INSTANTIATED 0 /* set if key has been instantiated */
	145	#define KEY_FLAG_DEAD 1 /* set if key type has been deleted */
	146	#define KEY_FLAG_REVOKED 2 /* set if key had been revoked */
	147	#define KEY_FLAG_IN_QUOTA 3 /* set if key consumes quota */
	148	#define KEY_FLAG_USER_CONSTRUCT 4 /* set if key is being constructed in userspace */
	149	#define KEY_FLAG_NEGATIVE 5 /* set if key is negative */
	150
1da177e4 LT	151	/* the description string
	152	* - this is used to match a key against search criteria
	153	* - this should be a printable string
	154	* - eg: for krb5 AFS, this might be "afs@REDHAT.COM"
	155	*/
	156	char *description;
	157
	158	/* type specific data
	159	* - this is used by the keyring type to index the name
	160	*/
	161	union {
	162	struct list_head link;
	163	} type_data;
	164
	165	/* key data
	166	* - this is used to hold the data actually used in cryptography or
	167	* whatever
	168	*/
	169	union {
	170	unsigned long value;
	171	void *data;
	172	struct keyring_list *subscriptions;
	173	} payload;
	174	};
	175
	176	/*****************************************************************************/
	177	/*
	178	* kernel managed key type definition
	179	*/
4e54f085 DH	180	typedef int (request_key_actor_t)(struct key key, struct key *authkey,
4e54f085 DH	181	const char op, void aux);
b5f545c8	182
1da177e4 LT	183	struct key_type {
	184	/* name of the type */
	185	const char *name;
	186
	187	/* default payload length for quota precalculation (optional)
	188	* - this can be used instead of calling key_payload_reserve(), that
	189	* function only needs to be called if the real datalen is different
	190	*/
	191	size_t def_datalen;
	192
	193	/* instantiate a key of this type
	194	* - this method should call key_payload_reserve() to determine if the
	195	* user's quota will hold the payload
	196	*/
	197	int (instantiate)(struct key key, const void *data, size_t datalen);
	198
1da177e4 LT	199	/* update a key of this type (optional)
	200	* - this method should call key_payload_reserve() to recalculate the
	201	* quota consumption
	202	* - the key must be locked against read when modifying
	203	*/
	204	int (update)(struct key key, const void *data, size_t datalen);
	205
	206	/* match a key against a description */
	207	int (match)(const struct key key, const void *desc);
	208
04c567d9 DH	209	/* clear some of the data from a key on revokation (optional)
	210	* - the key's semaphore will be write-locked by the caller
	211	*/
	212	void (revoke)(struct key key);
	213
1da177e4 LT	214	/* clear the data from a key (optional) */
	215	void (destroy)(struct key key);
	216
	217	/* describe a key */
	218	void (describe)(const struct key key, struct seq_file *p);
	219
	220	/* read a key's data (optional)
	221	* - permission checks will be done by the caller
	222	* - the key's semaphore will be readlocked by the caller
	223	* - should return the amount of data that could be read, no matter how
	224	* much is copied into the buffer
	225	* - shouldn't do the copy if the buffer is NULL
	226	*/
	227	long (read)(const struct key key, char __user *buffer, size_t buflen);
	228
b5f545c8 DH	229	/* handle request_key() for this type instead of invoking
	230	* /sbin/request-key (optional)
	231	* - key is the key to instantiate
	232	* - authkey is the authority to assume when instantiating this key
	233	* - op is the operation to be done, usually "create"
	234	* - the call must not return until the instantiation process has run
	235	* its course
	236	*/
	237	request_key_actor_t request_key;
	238
1da177e4 LT	239	/* internal fields */
	240	struct list_head link; /* link in types list */
	241	};
	242
	243	extern struct key_type key_type_keyring;
	244
	245	extern int register_key_type(struct key_type *ktype);
	246	extern void unregister_key_type(struct key_type *ktype);
	247
	248	extern struct key key_alloc(struct key_type type,
	249	const char *desc,
d720024e ML	250	uid_t uid, gid_t gid,
d720024e ML	251	struct task_struct *ctx,
7e047ef5 DH	252	key_perm_t perm,
	253	unsigned long flags);
	254
	255
	256	#define KEY_ALLOC_IN_QUOTA 0x0000 /* add to quota, reject if would overrun */
	257	#define KEY_ALLOC_QUOTA_OVERRUN 0x0001 /* add to quota, permit even if overrun */
	258	#define KEY_ALLOC_NOT_IN_QUOTA 0x0002 /* not in quota */
	259
1da177e4 LT	260	extern int key_payload_reserve(struct key *key, size_t datalen);
	261	extern int key_instantiate_and_link(struct key *key,
	262	const void *data,
	263	size_t datalen,
3e30148c DH	264	struct key *keyring,
3e30148c DH	265	struct key *instkey);
1da177e4 LT	266	extern int key_negate_and_link(struct key *key,
1da177e4 LT	267	unsigned timeout,
3e30148c DH	268	struct key *keyring,
3e30148c DH	269	struct key *instkey);
1da177e4 LT	270	extern void key_revoke(struct key *key);
	271	extern void key_put(struct key *key);
	272
	273	static inline struct key key_get(struct key key)
	274	{
	275	if (key)
	276	atomic_inc(&key->usage);
	277	return key;
	278	}
	279
664cceb0 DH	280	static inline void key_ref_put(key_ref_t key_ref)
	281	{
	282	key_put(key_ref_to_ptr(key_ref));
	283	}
	284
1da177e4 LT	285	extern struct key request_key(struct key_type type,
	286	const char *description,
	287	const char *callout_info);
	288
4e54f085 DH	289	extern struct key request_key_with_auxdata(struct key_type type,
	290	const char *description,
	291	const char *callout_info,
	292	void *aux);
	293
1da177e4 LT	294	extern int key_validate(struct key *key);
1da177e4 LT	295
664cceb0 DH	296	extern key_ref_t key_create_or_update(key_ref_t keyring,
	297	const char *type,
	298	const char *description,
	299	const void *payload,
	300	size_t plen,
7e047ef5	301	unsigned long flags);
1da177e4	302
664cceb0	303	extern int key_update(key_ref_t key,
1da177e4 LT	304	const void *payload,
	305	size_t plen);
	306
	307	extern int key_link(struct key *keyring,
	308	struct key *key);
	309
	310	extern int key_unlink(struct key *keyring,
	311	struct key *key);
	312
	313	extern struct key keyring_alloc(const char description, uid_t uid, gid_t gid,
d720024e	314	struct task_struct *ctx,
7e047ef5	315	unsigned long flags,
d720024e	316	struct key *dest);
1da177e4 LT	317
	318	extern int keyring_clear(struct key *keyring);
	319
664cceb0 DH	320	extern key_ref_t keyring_search(key_ref_t keyring,
	321	struct key_type *type,
	322	const char *description);
1da177e4	323
1da177e4 LT	324	extern int keyring_add_key(struct key *keyring,
	325	struct key *key);
	326
	327	extern struct key *key_lookup(key_serial_t id);
	328
76d8aeab DH	329	extern void keyring_replace_payload(struct key key, void replacement);
76d8aeab DH	330
1da177e4 LT	331	#define key_serial(key) ((key) ? (key)->serial : 0)
	332
	333	/*
	334	* the userspace interface
	335	*/
	336	extern struct key root_user_keyring, root_session_keyring;
d720024e ML	337	extern int alloc_uid_keyring(struct user_struct *user,
d720024e ML	338	struct task_struct *ctx);
1da177e4 LT	339	extern void switch_uid_keyring(struct user_struct *new_user);
	340	extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
	341	extern int copy_thread_group_keys(struct task_struct *tsk);
	342	extern void exit_keys(struct task_struct *tsk);
	343	extern void exit_thread_group_keys(struct signal_struct *tg);
	344	extern int suid_keys(struct task_struct *tsk);
	345	extern int exec_keys(struct task_struct *tsk);
	346	extern void key_fsuid_changed(struct task_struct *tsk);
	347	extern void key_fsgid_changed(struct task_struct *tsk);
	348	extern void key_init(void);
	349
7888e7ff DH	350	#define __install_session_keyring(tsk, keyring) \
	351	({ \
	352	struct key *old_session = tsk->signal->session_keyring; \
	353	tsk->signal->session_keyring = keyring; \
	354	old_session; \
	355	})
	356
1da177e4 LT	357	#else /* CONFIG_KEYS */
	358
	359	#define key_validate(k) 0
	360	#define key_serial(k) 0
7888e7ff	361	#define key_get(k) ({ NULL; })
1da177e4	362	#define key_put(k) do { } while(0)
664cceb0 DH	363	#define key_ref_put(k) do { } while(0)
	364	#define make_key_ref(k) ({ NULL; })
	365	#define key_ref_to_ptr(k) ({ NULL; })
	366	#define is_key_possessed(k) 0
d720024e	367	#define alloc_uid_keyring(u,c) 0
1da177e4	368	#define switch_uid_keyring(u) do { } while(0)
7888e7ff	369	#define __install_session_keyring(t, k) ({ NULL; })
1da177e4 LT	370	#define copy_keys(f,t) 0
	371	#define copy_thread_group_keys(t) 0
	372	#define exit_keys(t) do { } while(0)
	373	#define exit_thread_group_keys(tg) do { } while(0)
	374	#define suid_keys(t) do { } while(0)
	375	#define exec_keys(t) do { } while(0)
	376	#define key_fsuid_changed(t) do { } while(0)
	377	#define key_fsgid_changed(t) do { } while(0)
	378	#define key_init() do { } while(0)
	379
d720024e ML	380	/* Initial keyrings */
	381	extern struct key root_user_keyring;
	382	extern struct key root_session_keyring;
	383
1da177e4 LT	384	#endif /* CONFIG_KEYS */
	385	#endif /* __KERNEL__ */
	386	#endif /* _LINUX_KEY_H */