LXR linux/security/keys/request

   1/* Request a key from userspace
   2 *
   3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * See Documentation/security/keys-request-key.txt
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/sched.h>
  16#include <linux/kmod.h>
  17#include <linux/err.h>
  18#include <linux/keyctl.h>
  19#include <linux/slab.h>
  20#include "internal.h"
  21
  22#define key_negative_timeout    60      /* default timeout on a negative key's existence */
  23
  24/*
  25 * wait_on_bit() sleep function for uninterruptible waiting
  26 */
  27static int key_wait_bit(void *flags)
  28{
  29        schedule();
  30        return 0;
  31}
  32
  33/*
  34 * wait_on_bit() sleep function for interruptible waiting
  35 */
  36static int key_wait_bit_intr(void *flags)
  37{
  38        schedule();
  39        return signal_pending(current) ? -ERESTARTSYS : 0;
  40}
  41
  42/**
  43 * complete_request_key - Complete the construction of a key.
  44 * @cons: The key construction record.
  45 * @error: The success or failute of the construction.
  46 *
  47 * Complete the attempt to construct a key.  The key will be negated
  48 * if an error is indicated.  The authorisation key will be revoked
  49 * unconditionally.
  50 */
  51void complete_request_key(struct key_construction *cons, int error)
  52{
  53        kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  54
  55        if (error < 0)
  56                key_negate_and_link(cons->key, key_negative_timeout, NULL,
  57                                    cons->authkey);
  58        else
  59                key_revoke(cons->authkey);
  60
  61        key_put(cons->key);
  62        key_put(cons->authkey);
  63        kfree(cons);
  64}
  65EXPORT_SYMBOL(complete_request_key);
  66
  67/*
  68 * Initialise a usermode helper that is going to have a specific session
  69 * keyring.
  70 *
  71 * This is called in context of freshly forked kthread before kernel_execve(),
  72 * so we can simply install the desired session_keyring at this point.
  73 */
  74static int umh_keys_init(struct subprocess_info *info, struct cred *cred)
  75{
  76        struct key *keyring = info->data;
  77
  78        return install_session_keyring_to_cred(cred, keyring);
  79}
  80
  81/*
  82 * Clean up a usermode helper with session keyring.
  83 */
  84static void umh_keys_cleanup(struct subprocess_info *info)
  85{
  86        struct key *keyring = info->data;
  87        key_put(keyring);
  88}
  89
  90/*
  91 * Call a usermode helper with a specific session keyring.
  92 */
  93static int call_usermodehelper_keys(char *path, char **argv, char **envp,
  94                                        struct key *session_keyring, int wait)
  95{
  96        struct subprocess_info *info;
  97
  98        info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL,
  99                                          umh_keys_init, umh_keys_cleanup,
 100                                          session_keyring);
 101        if (!info)
 102                return -ENOMEM;
 103
 104        key_get(session_keyring);
 105        return call_usermodehelper_exec(info, wait);
 106}
 107
 108/*
 109 * Request userspace finish the construction of a key
 110 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
 111 */
 112static int call_sbin_request_key(struct key_construction *cons,
 113                                 const char *op,
 114                                 void *aux)
 115{
 116        const struct cred *cred = current_cred();
 117        key_serial_t prkey, sskey;
 118        struct key *key = cons->key, *authkey = cons->authkey, *keyring,
 119                *session;
 120        char *argv[9], *envp[3], uid_str[12], gid_str[12];
 121        char key_str[12], keyring_str[3][12];
 122        char desc[20];
 123        int ret, i;
 124
 125        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
 126
 127        ret = install_user_keyrings();
 128        if (ret < 0)
 129                goto error_alloc;
 130
 131        /* allocate a new session keyring */
 132        sprintf(desc, "_req.%u", key->serial);
 133
 134        cred = get_current_cred();
 135        keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
 136                                KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
 137                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
 138        put_cred(cred);
 139        if (IS_ERR(keyring)) {
 140                ret = PTR_ERR(keyring);
 141                goto error_alloc;
 142        }
 143
 144        /* attach the auth key to the session keyring */
 145        ret = key_link(keyring, authkey);
 146        if (ret < 0)
 147                goto error_link;
 148
 149        /* record the UID and GID */
 150        sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
 151        sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
 152
 153        /* we say which key is under construction */
 154        sprintf(key_str, "%d", key->serial);
 155
 156        /* we specify the process's default keyrings */
 157        sprintf(keyring_str[0], "%d",
 158                cred->thread_keyring ? cred->thread_keyring->serial : 0);
 159
 160        prkey = 0;
 161        if (cred->process_keyring)
 162                prkey = cred->process_keyring->serial;
 163        sprintf(keyring_str[1], "%d", prkey);
 164
 165        rcu_read_lock();
 166        session = rcu_dereference(cred->session_keyring);
 167        if (!session)
 168                session = cred->user->session_keyring;
 169        sskey = session->serial;
 170        rcu_read_unlock();
 171
 172        sprintf(keyring_str[2], "%d", sskey);
 173
 174        /* set up a minimal environment */
 175        i = 0;
 176        envp[i++] = "HOME=/";
 177        envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
 178        envp[i] = NULL;
 179
 180        /* set up the argument list */
 181        i = 0;
 182        argv[i++] = "/sbin/request-key";
 183        argv[i++] = (char *) op;
 184        argv[i++] = key_str;
 185        argv[i++] = uid_str;
 186        argv[i++] = gid_str;
 187        argv[i++] = keyring_str[0];
 188        argv[i++] = keyring_str[1];
 189        argv[i++] = keyring_str[2];
 190        argv[i] = NULL;
 191
 192        /* do it */
 193        ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
 194                                       UMH_WAIT_PROC);
 195        kdebug("usermode -> 0x%x", ret);
 196        if (ret >= 0) {
 197                /* ret is the exit/wait code */
 198                if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
 199                    key_validate(key) < 0)
 200                        ret = -ENOKEY;
 201                else
 202                        /* ignore any errors from userspace if the key was
 203                         * instantiated */
 204                        ret = 0;
 205        }
 206
 207error_link:
 208        key_put(keyring);
 209
 210error_alloc:
 211        complete_request_key(cons, ret);
 212        kleave(" = %d", ret);
 213        return ret;
 214}
 215
 216/*
 217 * Call out to userspace for key construction.
 218 *
 219 * Program failure is ignored in favour of key status.
 220 */
 221static int construct_key(struct key *key, const void *callout_info,
 222                         size_t callout_len, void *aux,
 223                         struct key *dest_keyring)
 224{
 225        struct key_construction *cons;
 226        request_key_actor_t actor;
 227        struct key *authkey;
 228        int ret;
 229
 230        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
 231
 232        cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 233        if (!cons)
 234                return -ENOMEM;
 235
 236        /* allocate an authorisation key */
 237        authkey = request_key_auth_new(key, callout_info, callout_len,
 238                                       dest_keyring);
 239        if (IS_ERR(authkey)) {
 240                kfree(cons);
 241                ret = PTR_ERR(authkey);
 242                authkey = NULL;
 243        } else {
 244                cons->authkey = key_get(authkey);
 245                cons->key = key_get(key);
 246
 247                /* make the call */
 248                actor = call_sbin_request_key;
 249                if (key->type->request_key)
 250                        actor = key->type->request_key;
 251
 252                ret = actor(cons, "create", aux);
 253
 254                /* check that the actor called complete_request_key() prior to
 255                 * returning an error */
 256                WARN_ON(ret < 0 &&
 257                        !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 258                key_put(authkey);
 259        }
 260
 261        kleave(" = %d", ret);
 262        return ret;
 263}
 264
 265/*
 266 * Get the appropriate destination keyring for the request.
 267 *
 268 * The keyring selected is returned with an extra reference upon it which the
 269 * caller must release.
 270 */
 271static void construct_get_dest_keyring(struct key **_dest_keyring)
 272{
 273        struct request_key_auth *rka;
 274        const struct cred *cred = current_cred();
 275        struct key *dest_keyring = *_dest_keyring, *authkey;
 276
 277        kenter("%p", dest_keyring);
 278
 279        /* find the appropriate keyring */
 280        if (dest_keyring) {
 281                /* the caller supplied one */
 282                key_get(dest_keyring);
 283        } else {
 284                /* use a default keyring; falling through the cases until we
 285                 * find one that we actually have */
 286                switch (cred->jit_keyring) {
 287                case KEY_REQKEY_DEFL_DEFAULT:
 288                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
 289                        if (cred->request_key_auth) {
 290                                authkey = cred->request_key_auth;
 291                                down_read(&authkey->sem);
 292                                rka = authkey->payload.data;
 293                                if (!test_bit(KEY_FLAG_REVOKED,
 294                                              &authkey->flags))
 295                                        dest_keyring =
 296                                                key_get(rka->dest_keyring);
 297                                up_read(&authkey->sem);
 298                                if (dest_keyring)
 299                                        break;
 300                        }
 301
 302                case KEY_REQKEY_DEFL_THREAD_KEYRING:
 303                        dest_keyring = key_get(cred->thread_keyring);
 304                        if (dest_keyring)
 305                                break;
 306
 307                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 308                        dest_keyring = key_get(cred->process_keyring);
 309                        if (dest_keyring)
 310                                break;
 311
 312                case KEY_REQKEY_DEFL_SESSION_KEYRING:
 313                        rcu_read_lock();
 314                        dest_keyring = key_get(
 315                                rcu_dereference(cred->session_keyring));
 316                        rcu_read_unlock();
 317
 318                        if (dest_keyring)
 319                                break;
 320
 321                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 322                        dest_keyring =
 323                                key_get(cred->user->session_keyring);
 324                        break;
 325
 326                case KEY_REQKEY_DEFL_USER_KEYRING:
 327                        dest_keyring = key_get(cred->user->uid_keyring);
 328                        break;
 329
 330                case KEY_REQKEY_DEFL_GROUP_KEYRING:
 331                default:
 332                        BUG();
 333                }
 334        }
 335
 336        *_dest_keyring = dest_keyring;
 337        kleave(" [dk %d]", key_serial(dest_keyring));
 338        return;
 339}
 340
 341/*
 342 * Allocate a new key in under-construction state and attempt to link it in to
 343 * the requested keyring.
 344 *
 345 * May return a key that's already under construction instead if there was a
 346 * race between two thread calling request_key().
 347 */
 348static int construct_alloc_key(struct key_type *type,
 349                               const char *description,
 350                               struct key *dest_keyring,
 351                               unsigned long flags,
 352                               struct key_user *user,
 353                               struct key **_key)
 354{
 355        const struct cred *cred = current_cred();
 356        unsigned long prealloc;
 357        struct key *key;
 358        key_perm_t perm;
 359        key_ref_t key_ref;
 360        int ret;
 361
 362        kenter("%s,%s,,,", type->name, description);
 363
 364        *_key = NULL;
 365        mutex_lock(&user->cons_lock);
 366
 367        perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 368        perm |= KEY_USR_VIEW;
 369        if (type->read)
 370                perm |= KEY_POS_READ;
 371        if (type == &key_type_keyring || type->update)
 372                perm |= KEY_POS_WRITE;
 373
 374        key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
 375                        perm, flags);
 376        if (IS_ERR(key))
 377                goto alloc_failed;
 378
 379        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 380
 381        if (dest_keyring) {
 382                ret = __key_link_begin(dest_keyring, type, description,
 383                                       &prealloc);
 384                if (ret < 0)
 385                        goto link_prealloc_failed;
 386        }
 387
 388        /* attach the key to the destination keyring under lock, but we do need
 389         * to do another check just in case someone beat us to it whilst we
 390         * waited for locks */
 391        mutex_lock(&key_construction_mutex);
 392
 393        key_ref = search_process_keyrings(type, description, type->match, cred);
 394        if (!IS_ERR(key_ref))
 395                goto key_already_present;
 396
 397        if (dest_keyring)
 398                __key_link(dest_keyring, key, &prealloc);
 399
 400        mutex_unlock(&key_construction_mutex);
 401        if (dest_keyring)
 402                __key_link_end(dest_keyring, type, prealloc);
 403        mutex_unlock(&user->cons_lock);
 404        *_key = key;
 405        kleave(" = 0 [%d]", key_serial(key));
 406        return 0;
 407
 408        /* the key is now present - we tell the caller that we found it by
 409         * returning -EINPROGRESS  */
 410key_already_present:
 411        key_put(key);
 412        mutex_unlock(&key_construction_mutex);
 413        key = key_ref_to_ptr(key_ref);
 414        if (dest_keyring) {
 415                ret = __key_link_check_live_key(dest_keyring, key);
 416                if (ret == 0)
 417                        __key_link(dest_keyring, key, &prealloc);
 418                __key_link_end(dest_keyring, type, prealloc);
 419                if (ret < 0)
 420                        goto link_check_failed;
 421        }
 422        mutex_unlock(&user->cons_lock);
 423        *_key = key;
 424        kleave(" = -EINPROGRESS [%d]", key_serial(key));
 425        return -EINPROGRESS;
 426
 427link_check_failed:
 428        mutex_unlock(&user->cons_lock);
 429        key_put(key);
 430        kleave(" = %d [linkcheck]", ret);
 431        return ret;
 432
 433link_prealloc_failed:
 434        mutex_unlock(&user->cons_lock);
 435        kleave(" = %d [prelink]", ret);
 436        return ret;
 437
 438alloc_failed:
 439        mutex_unlock(&user->cons_lock);
 440        kleave(" = %ld", PTR_ERR(key));
 441        return PTR_ERR(key);
 442}
 443
 444/*
 445 * Commence key construction.
 446 */
 447static struct key *construct_key_and_link(struct key_type *type,
 448                                          const char *description,
 449                                          const char *callout_info,
 450                                          size_t callout_len,
 451                                          void *aux,
 452                                          struct key *dest_keyring,
 453                                          unsigned long flags)
 454{
 455        struct key_user *user;
 456        struct key *key;
 457        int ret;
 458
 459        kenter("");
 460
 461        user = key_user_lookup(current_fsuid());
 462        if (!user)
 463                return ERR_PTR(-ENOMEM);
 464
 465        construct_get_dest_keyring(&dest_keyring);
 466
 467        ret = construct_alloc_key(type, description, dest_keyring, flags, user,
 468                                  &key);
 469        key_user_put(user);
 470
 471        if (ret == 0) {
 472                ret = construct_key(key, callout_info, callout_len, aux,
 473                                    dest_keyring);
 474                if (ret < 0) {
 475                        kdebug("cons failed");
 476                        goto construction_failed;
 477                }
 478        } else if (ret == -EINPROGRESS) {
 479                ret = 0;
 480        } else {
 481                goto couldnt_alloc_key;
 482        }
 483
 484        key_put(dest_keyring);
 485        kleave(" = key %d", key_serial(key));
 486        return key;
 487
 488construction_failed:
 489        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
 490        key_put(key);
 491couldnt_alloc_key:
 492        key_put(dest_keyring);
 493        kleave(" = %d", ret);
 494        return ERR_PTR(ret);
 495}
 496
 497/**
 498 * request_key_and_link - Request a key and cache it in a keyring.
 499 * @type: The type of key we want.
 500 * @description: The searchable description of the key.
 501 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 502 * @callout_len: The length of callout_info.
 503 * @aux: Auxiliary data for the upcall.
 504 * @dest_keyring: Where to cache the key.
 505 * @flags: Flags to key_alloc().
 506 *
 507 * A key matching the specified criteria is searched for in the process's
 508 * keyrings and returned with its usage count incremented if found.  Otherwise,
 509 * if callout_info is not NULL, a key will be allocated and some service
 510 * (probably in userspace) will be asked to instantiate it.
 511 *
 512 * If successfully found or created, the key will be linked to the destination
 513 * keyring if one is provided.
 514 *
 515 * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
 516 * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
 517 * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
 518 * if insufficient key quota was available to create a new key; or -ENOMEM if
 519 * insufficient memory was available.
 520 *
 521 * If the returned key was created, then it may still be under construction,
 522 * and wait_for_key_construction() should be used to wait for that to complete.
 523 */
 524struct key *request_key_and_link(struct key_type *type,
 525                                 const char *description,
 526                                 const void *callout_info,
 527                                 size_t callout_len,
 528                                 void *aux,
 529                                 struct key *dest_keyring,
 530                                 unsigned long flags)
 531{
 532        const struct cred *cred = current_cred();
 533        struct key *key;
 534        key_ref_t key_ref;
 535        int ret;
 536
 537        kenter("%s,%s,%p,%zu,%p,%p,%lx",
 538               type->name, description, callout_info, callout_len, aux,
 539               dest_keyring, flags);
 540
 541        /* search all the process keyrings for a key */
 542        key_ref = search_process_keyrings(type, description, type->match, cred);
 543
 544        if (!IS_ERR(key_ref)) {
 545                key = key_ref_to_ptr(key_ref);
 546                if (dest_keyring) {
 547                        construct_get_dest_keyring(&dest_keyring);
 548                        ret = key_link(dest_keyring, key);
 549                        key_put(dest_keyring);
 550                        if (ret < 0) {
 551                                key_put(key);
 552                                key = ERR_PTR(ret);
 553                                goto error;
 554                        }
 555                }
 556        } else if (PTR_ERR(key_ref) != -EAGAIN) {
 557                key = ERR_CAST(key_ref);
 558        } else  {
 559                /* the search failed, but the keyrings were searchable, so we
 560                 * should consult userspace if we can */
 561                key = ERR_PTR(-ENOKEY);
 562                if (!callout_info)
 563                        goto error;
 564
 565                key = construct_key_and_link(type, description, callout_info,
 566                                             callout_len, aux, dest_keyring,
 567                                             flags);
 568        }
 569
 570error:
 571        kleave(" = %p", key);
 572        return key;
 573}
 574
 575/**
 576 * wait_for_key_construction - Wait for construction of a key to complete
 577 * @key: The key being waited for.
 578 * @intr: Whether to wait interruptibly.
 579 *
 580 * Wait for a key to finish being constructed.
 581 *
 582 * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
 583 * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
 584 * revoked or expired.
 585 */
 586int wait_for_key_construction(struct key *key, bool intr)
 587{
 588        int ret;
 589
 590        ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
 591                          intr ? key_wait_bit_intr : key_wait_bit,
 592                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
 593        if (ret < 0)
 594                return ret;
 595        if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
 596                return key->type_data.reject_error;
 597        return key_validate(key);
 598}
 599EXPORT_SYMBOL(wait_for_key_construction);
 600
 601/**
 602 * request_key - Request a key and wait for construction
 603 * @type: Type of key.
 604 * @description: The searchable description of the key.
 605 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 606 *
 607 * As for request_key_and_link() except that it does not add the returned key
 608 * to a keyring if found, new keys are always allocated in the user's quota,
 609 * the callout_info must be a NUL-terminated string and no auxiliary data can
 610 * be passed.
 611 *
 612 * Furthermore, it then works as wait_for_key_construction() to wait for the
 613 * completion of keys undergoing construction with a non-interruptible wait.
 614 */
 615struct key *request_key(struct key_type *type,
 616                        const char *description,
 617                        const char *callout_info)
 618{
 619        struct key *key;
 620        size_t callout_len = 0;
 621        int ret;
 622
 623        if (callout_info)
 624                callout_len = strlen(callout_info);
 625        key = request_key_and_link(type, description, callout_info, callout_len,
 626                                   NULL, NULL, KEY_ALLOC_IN_QUOTA);
 627        if (!IS_ERR(key)) {
 628                ret = wait_for_key_construction(key, false);
 629                if (ret < 0) {
 630                        key_put(key);
 631                        return ERR_PTR(ret);
 632                }
 633        }
 634        return key;
 635}
 636EXPORT_SYMBOL(request_key);
 637
 638/**
 639 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
 640 * @type: The type of key we want.
 641 * @description: The searchable description of the key.
 642 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 643 * @callout_len: The length of callout_info.
 644 * @aux: Auxiliary data for the upcall.
 645 *
 646 * As for request_key_and_link() except that it does not add the returned key
 647 * to a keyring if found and new keys are always allocated in the user's quota.
 648 *
 649 * Furthermore, it then works as wait_for_key_construction() to wait for the
 650 * completion of keys undergoing construction with a non-interruptible wait.
 651 */
 652struct key *request_key_with_auxdata(struct key_type *type,
 653                                     const char *description,
 654                                     const void *callout_info,
 655                                     size_t callout_len,
 656                                     void *aux)
 657{
 658        struct key *key;
 659        int ret;
 660
 661        key = request_key_and_link(type, description, callout_info, callout_len,
 662                                   aux, NULL, KEY_ALLOC_IN_QUOTA);
 663        if (!IS_ERR(key)) {
 664                ret = wait_for_key_construction(key, false);
 665                if (ret < 0) {
 666                        key_put(key);
 667                        return ERR_PTR(ret);
 668                }
 669        }
 670        return key;
 671}
 672EXPORT_SYMBOL(request_key_with_auxdata);
 673
 674/*
 675 * request_key_async - Request a key (allow async construction)
 676 * @type: Type of key.
 677 * @description: The searchable description of the key.
 678 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 679 * @callout_len: The length of callout_info.
 680 *
 681 * As for request_key_and_link() except that it does not add the returned key
 682 * to a keyring if found, new keys are always allocated in the user's quota and
 683 * no auxiliary data can be passed.
 684 *
 685 * The caller should call wait_for_key_construction() to wait for the
 686 * completion of the returned key if it is still undergoing construction.
 687 */
 688struct key *request_key_async(struct key_type *type,
 689                              const char *description,
 690                              const void *callout_info,
 691                              size_t callout_len)
 692{
 693        return request_key_and_link(type, description, callout_info,
 694                                    callout_len, NULL, NULL,
 695                                    KEY_ALLOC_IN_QUOTA);
 696}
 697EXPORT_SYMBOL(request_key_async);
 698
 699/*
 700 * request a key with auxiliary data for the upcaller (allow async construction)
 701 * @type: Type of key.
 702 * @description: The searchable description of the key.
 703 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 704 * @callout_len: The length of callout_info.
 705 * @aux: Auxiliary data for the upcall.
 706 *
 707 * As for request_key_and_link() except that it does not add the returned key
 708 * to a keyring if found and new keys are always allocated in the user's quota.
 709 *
 710 * The caller should call wait_for_key_construction() to wait for the
 711 * completion of the returned key if it is still undergoing construction.
 712 */
 713struct key *request_key_async_with_auxdata(struct key_type *type,
 714                                           const char *description,
 715                                           const void *callout_info,
 716                                           size_t callout_len,
 717                                           void *aux)
 718{
 719        return request_key_and_link(type, description, callout_info,
 720                                    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
 721}
 722EXPORT_SYMBOL(request_key_async_with_auxdata);
 723