aboutsummaryrefslogtreecommitdiffstats
path: root/Documentation/keys.txt
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-06-29 02:24:28 -0700
committerLinus Torvalds <torvalds@g5.osdl.org>2006-06-29 10:26:20 -0700
commit4e54f08543d05e519e601368571cc3787fefae96 (patch)
tree0cd9d982e5bb25abcb9251d26c36ff11e7dc81a5 /Documentation/keys.txt
parent94583779e6625154e8d7fce33d097ae7d089e9de (diff)
downloadkernel_samsung_smdk4412-4e54f08543d05e519e601368571cc3787fefae96.tar.gz
kernel_samsung_smdk4412-4e54f08543d05e519e601368571cc3787fefae96.tar.bz2
kernel_samsung_smdk4412-4e54f08543d05e519e601368571cc3787fefae96.zip
[PATCH] Keys: Allow in-kernel key requestor to pass auxiliary data to upcaller
The proposed NFS key type uses its own method of passing key requests to userspace (upcalling) rather than invoking /sbin/request-key. This is because the responsible userspace daemon should already be running and will be contacted through rpc_pipefs. This patch permits the NFS filesystem to pass auxiliary data to the upcall operation (struct key_type::request_key) so that the upcaller can use a pre-existing communications channel more easily. Signed-off-by: David Howells <dhowells@redhat.com> Acked-By: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'Documentation/keys.txt')
-rw-r--r--Documentation/keys.txt29
1 files changed, 29 insertions, 0 deletions
diff --git a/Documentation/keys.txt b/Documentation/keys.txt
index 61c0fad2fe2..e373f021284 100644
--- a/Documentation/keys.txt
+++ b/Documentation/keys.txt
@@ -780,6 +780,17 @@ payload contents" for more information.
See also Documentation/keys-request-key.txt.
+(*) To search for a key, passing auxiliary data to the upcaller, call:
+
+ struct key *request_key_with_auxdata(const struct key_type *type,
+ const char *description,
+ const char *callout_string,
+ void *aux);
+
+ This is identical to request_key(), except that the auxiliary data is
+ passed to the key_type->request_key() op if it exists.
+
+
(*) When it is no longer required, the key should be released using:
void key_put(struct key *key);
@@ -1031,6 +1042,24 @@ The structure has a number of fields, some of which are mandatory:
as might happen when the userspace buffer is accessed.
+ (*) int (*request_key)(struct key *key, struct key *authkey, const char *op,
+ void *aux);
+
+ This method is optional. If provided, request_key() and
+ request_key_with_auxdata() will invoke this function rather than
+ upcalling to /sbin/request-key to operate upon a key of this type.
+
+ The aux parameter is as passed to request_key_with_auxdata() or is NULL
+ otherwise. Also passed are the key to be operated upon, the
+ authorisation key for this operation and the operation type (currently
+ only "create").
+
+ This function should return only when the upcall is complete. Upon return
+ the authorisation key will be revoked, and the target key will be
+ negatively instantiated if it is still uninstantiated. The error will be
+ returned to the caller of request_key*().
+
+
============================
REQUEST-KEY CALLBACK SERVICE
============================