LXR linux/security/keys/request

   1/* Request a key from userspace
   2 *
   3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * See Documentation/security/keys-request-key.txt
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/sched.h>
  16#include <linux/kmod.h>
  17#include <linux/err.h>
  18#include <linux/keyctl.h>
  19#include <linux/slab.h>
  20#include "internal.h"
  21
  22#define key_negative_timeout    60      /* default timeout on a negative key's existence */
  23
  24/*
  25 * wait_on_bit() sleep function for uninterruptible waiting
  26 */
  27static int key_wait_bit(void *flags)
  28{
  29        schedule();
  30        return 0;
  31}
  32
  33/*
  34 * wait_on_bit() sleep function for interruptible waiting
  35 */
  36static int key_wait_bit_intr(void *flags)
  37{
  38        schedule();
  39        return signal_pending(current) ? -ERESTARTSYS : 0;
  40}
  41
  42/**
  43 * complete_request_key - Complete the construction of a key.
  44 * @cons: The key construction record.
  45 * @error: The success or failute of the construction.
  46 *
  47 * Complete the attempt to construct a key.  The key will be negated
  48 * if an error is indicated.  The authorisation key will be revoked
  49 * unconditionally.
  50 */
  51void complete_request_key(struct key_construction *cons, int error)
  52{
  53        kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  54
  55        if (error < 0)
  56                key_negate_and_link(cons->key, key_negative_timeout, NULL,
  57                                    cons->authkey);
  58        else
  59                key_revoke(cons->authkey);
  60
  61        key_put(cons->key);
  62        key_put(cons->authkey);
  63        kfree(cons);
  64}
  65EXPORT_SYMBOL(complete_request_key);
  66
  67/*
  68 * Initialise a usermode helper that is going to have a specific session
  69 * keyring.
  70 *
  71 * This is called in context of freshly forked kthread before kernel_execve(),
  72 * so we can simply install the desired session_keyring at this point.
  73 */
  74static int umh_keys_init(struct subprocess_info *info, struct cred *cred)
  75{
  76        struct key *keyring = info->data;
  77
  78        return install_session_keyring_to_cred(cred, keyring);
  79}
  80
  81/*
  82 * Clean up a usermode helper with session keyring.
  83 */
  84static void umh_keys_cleanup(struct subprocess_info *info)
  85{
  86        struct key *keyring = info->data;
  87        key_put(keyring);
  88}
  89
  90/*
  91 * Call a usermode helper with a specific session keyring.
  92 */
  93static int call_usermodehelper_keys(char *path, char **argv, char **envp,
  94                         struct key *session_keyring, enum umh_wait wait)
  95{
  96        gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
  97        struct subprocess_info *info =
  98                call_usermodehelper_setup(path, argv, envp, gfp_mask);
  99
 100        if (!info)
 101                return -ENOMEM;
 102
 103        call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup,
 104                                        key_get(session_keyring));
 105        return call_usermodehelper_exec(info, wait);
 106}
 107
 108/*
 109 * Request userspace finish the construction of a key
 110 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
 111 */
 112static int call_sbin_request_key(struct key_construction *cons,
 113                                 const char *op,
 114                                 void *aux)
 115{
 116        const struct cred *cred = current_cred();
 117        key_serial_t prkey, sskey;
 118        struct key *key = cons->key, *authkey = cons->authkey, *keyring,
 119                *session;
 120        char *argv[9], *envp[3], uid_str[12], gid_str[12];
 121        char key_str[12], keyring_str[3][12];
 122        char desc[20];
 123        int ret, i;
 124
 125        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
 126
 127        ret = install_user_keyrings();
 128        if (ret < 0)
 129                goto error_alloc;
 130
 131        /* allocate a new session keyring */
 132        sprintf(desc, "_req.%u", key->serial);
 133
 134        cred = get_current_cred();
 135        keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
 136                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
 137        put_cred(cred);
 138        if (IS_ERR(keyring)) {
 139                ret = PTR_ERR(keyring);
 140                goto error_alloc;
 141        }
 142
 143        /* attach the auth key to the session keyring */
 144        ret = key_link(keyring, authkey);
 145        if (ret < 0)
 146                goto error_link;
 147
 148        /* record the UID and GID */
 149        sprintf(uid_str, "%d", cred->fsuid);
 150        sprintf(gid_str, "%d", cred->fsgid);
 151
 152        /* we say which key is under construction */
 153        sprintf(key_str, "%d", key->serial);
 154
 155        /* we specify the process's default keyrings */
 156        sprintf(keyring_str[0], "%d",
 157                cred->thread_keyring ? cred->thread_keyring->serial : 0);
 158
 159        prkey = 0;
 160        if (cred->tgcred->process_keyring)
 161                prkey = cred->tgcred->process_keyring->serial;
 162        sprintf(keyring_str[1], "%d", prkey);
 163
 164        rcu_read_lock();
 165        session = rcu_dereference(cred->tgcred->session_keyring);
 166        if (!session)
 167                session = cred->user->session_keyring;
 168        sskey = session->serial;
 169        rcu_read_unlock();
 170
 171        sprintf(keyring_str[2], "%d", sskey);
 172
 173        /* set up a minimal environment */
 174        i = 0;
 175        envp[i++] = "HOME=/";
 176        envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
 177        envp[i] = NULL;
 178
 179        /* set up the argument list */
 180        i = 0;
 181        argv[i++] = "/sbin/request-key";
 182        argv[i++] = (char *) op;
 183        argv[i++] = key_str;
 184        argv[i++] = uid_str;
 185        argv[i++] = gid_str;
 186        argv[i++] = keyring_str[0];
 187        argv[i++] = keyring_str[1];
 188        argv[i++] = keyring_str[2];
 189        argv[i] = NULL;
 190
 191        /* do it */
 192        ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
 193                                       UMH_WAIT_PROC);
 194        kdebug("usermode -> 0x%x", ret);
 195        if (ret >= 0) {
 196                /* ret is the exit/wait code */
 197                if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
 198                    key_validate(key) < 0)
 199                        ret = -ENOKEY;
 200                else
 201                        /* ignore any errors from userspace if the key was
 202                         * instantiated */
 203                        ret = 0;
 204        }
 205
 206error_link:
 207        key_put(keyring);
 208
 209error_alloc:
 210        complete_request_key(cons, ret);
 211        kleave(" = %d", ret);
 212        return ret;
 213}
 214
 215/*
 216 * Call out to userspace for key construction.
 217 *
 218 * Program failure is ignored in favour of key status.
 219 */
 220static int construct_key(struct key *key, const void *callout_info,
 221                         size_t callout_len, void *aux,
 222                         struct key *dest_keyring)
 223{
 224        struct key_construction *cons;
 225        request_key_actor_t actor;
 226        struct key *authkey;
 227        int ret;
 228
 229        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
 230
 231        cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 232        if (!cons)
 233                return -ENOMEM;
 234
 235        /* allocate an authorisation key */
 236        authkey = request_key_auth_new(key, callout_info, callout_len,
 237                                       dest_keyring);
 238        if (IS_ERR(authkey)) {
 239                kfree(cons);
 240                ret = PTR_ERR(authkey);
 241                authkey = NULL;
 242        } else {
 243                cons->authkey = key_get(authkey);
 244                cons->key = key_get(key);
 245
 246                /* make the call */
 247                actor = call_sbin_request_key;
 248                if (key->type->request_key)
 249                        actor = key->type->request_key;
 250
 251                ret = actor(cons, "create", aux);
 252
 253                /* check that the actor called complete_request_key() prior to
 254                 * returning an error */
 255                WARN_ON(ret < 0 &&
 256                        !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 257                key_put(authkey);
 258        }
 259
 260        kleave(" = %d", ret);
 261        return ret;
 262}
 263
 264/*
 265 * Get the appropriate destination keyring for the request.
 266 *
 267 * The keyring selected is returned with an extra reference upon it which the
 268 * caller must release.
 269 */
 270static void construct_get_dest_keyring(struct key **_dest_keyring)
 271{
 272        struct request_key_auth *rka;
 273        const struct cred *cred = current_cred();
 274        struct key *dest_keyring = *_dest_keyring, *authkey;
 275
 276        kenter("%p", dest_keyring);
 277
 278        /* find the appropriate keyring */
 279        if (dest_keyring) {
 280                /* the caller supplied one */
 281                key_get(dest_keyring);
 282        } else {
 283                /* use a default keyring; falling through the cases until we
 284                 * find one that we actually have */
 285                switch (cred->jit_keyring) {
 286                case KEY_REQKEY_DEFL_DEFAULT:
 287                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
 288                        if (cred->request_key_auth) {
 289                                authkey = cred->request_key_auth;
 290                                down_read(&authkey->sem);
 291                                rka = authkey->payload.data;
 292                                if (!test_bit(KEY_FLAG_REVOKED,
 293                                              &authkey->flags))
 294                                        dest_keyring =
 295                                                key_get(rka->dest_keyring);
 296                                up_read(&authkey->sem);
 297                                if (dest_keyring)
 298                                        break;
 299                        }
 300
 301                case KEY_REQKEY_DEFL_THREAD_KEYRING:
 302                        dest_keyring = key_get(cred->thread_keyring);
 303                        if (dest_keyring)
 304                                break;
 305
 306                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 307                        dest_keyring = key_get(cred->tgcred->process_keyring);
 308                        if (dest_keyring)
 309                                break;
 310
 311                case KEY_REQKEY_DEFL_SESSION_KEYRING:
 312                        rcu_read_lock();
 313                        dest_keyring = key_get(
 314                                rcu_dereference(cred->tgcred->session_keyring));
 315                        rcu_read_unlock();
 316
 317                        if (dest_keyring)
 318                                break;
 319
 320                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 321                        dest_keyring =
 322                                key_get(cred->user->session_keyring);
 323                        break;
 324
 325                case KEY_REQKEY_DEFL_USER_KEYRING:
 326                        dest_keyring = key_get(cred->user->uid_keyring);
 327                        break;
 328
 329                case KEY_REQKEY_DEFL_GROUP_KEYRING:
 330                default:
 331                        BUG();
 332                }
 333        }
 334
 335        *_dest_keyring = dest_keyring;
 336        kleave(" [dk %d]", key_serial(dest_keyring));
 337        return;
 338}
 339
 340/*
 341 * Allocate a new key in under-construction state and attempt to link it in to
 342 * the requested keyring.
 343 *
 344 * May return a key that's already under construction instead if there was a
 345 * race between two thread calling request_key().
 346 */
 347static int construct_alloc_key(struct key_type *type,
 348                               const char *description,
 349                               struct key *dest_keyring,
 350                               unsigned long flags,
 351                               struct key_user *user,
 352                               struct key **_key)
 353{
 354        const struct cred *cred = current_cred();
 355        unsigned long prealloc;
 356        struct key *key;
 357        key_ref_t key_ref;
 358        int ret;
 359
 360        kenter("%s,%s,,,", type->name, description);
 361
 362        *_key = NULL;
 363        mutex_lock(&user->cons_lock);
 364
 365        key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
 366                        KEY_POS_ALL, flags);
 367        if (IS_ERR(key))
 368                goto alloc_failed;
 369
 370        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 371
 372        if (dest_keyring) {
 373                ret = __key_link_begin(dest_keyring, type, description,
 374                                       &prealloc);
 375                if (ret < 0)
 376                        goto link_prealloc_failed;
 377        }
 378
 379        /* attach the key to the destination keyring under lock, but we do need
 380         * to do another check just in case someone beat us to it whilst we
 381         * waited for locks */
 382        mutex_lock(&key_construction_mutex);
 383
 384        key_ref = search_process_keyrings(type, description, type->match, cred);
 385        if (!IS_ERR(key_ref))
 386                goto key_already_present;
 387
 388        if (dest_keyring)
 389                __key_link(dest_keyring, key, &prealloc);
 390
 391        mutex_unlock(&key_construction_mutex);
 392        if (dest_keyring)
 393                __key_link_end(dest_keyring, type, prealloc);
 394        mutex_unlock(&user->cons_lock);
 395        *_key = key;
 396        kleave(" = 0 [%d]", key_serial(key));
 397        return 0;
 398
 399        /* the key is now present - we tell the caller that we found it by
 400         * returning -EINPROGRESS  */
 401key_already_present:
 402        key_put(key);
 403        mutex_unlock(&key_construction_mutex);
 404        key = key_ref_to_ptr(key_ref);
 405        if (dest_keyring) {
 406                ret = __key_link_check_live_key(dest_keyring, key);
 407                if (ret == 0)
 408                        __key_link(dest_keyring, key, &prealloc);
 409                __key_link_end(dest_keyring, type, prealloc);
 410                if (ret < 0)
 411                        goto link_check_failed;
 412        }
 413        mutex_unlock(&user->cons_lock);
 414        *_key = key;
 415        kleave(" = -EINPROGRESS [%d]", key_serial(key));
 416        return -EINPROGRESS;
 417
 418link_check_failed:
 419        mutex_unlock(&user->cons_lock);
 420        key_put(key);
 421        kleave(" = %d [linkcheck]", ret);
 422        return ret;
 423
 424link_prealloc_failed:
 425        mutex_unlock(&user->cons_lock);
 426        kleave(" = %d [prelink]", ret);
 427        return ret;
 428
 429alloc_failed:
 430        mutex_unlock(&user->cons_lock);
 431        kleave(" = %ld", PTR_ERR(key));
 432        return PTR_ERR(key);
 433}
 434
 435/*
 436 * Commence key construction.
 437 */
 438static struct key *construct_key_and_link(struct key_type *type,
 439                                          const char *description,
 440                                          const char *callout_info,
 441                                          size_t callout_len,
 442                                          void *aux,
 443                                          struct key *dest_keyring,
 444                                          unsigned long flags)
 445{
 446        struct key_user *user;
 447        struct key *key;
 448        int ret;
 449
 450        kenter("");
 451
 452        user = key_user_lookup(current_fsuid(), current_user_ns());
 453        if (!user)
 454                return ERR_PTR(-ENOMEM);
 455
 456        construct_get_dest_keyring(&dest_keyring);
 457
 458        ret = construct_alloc_key(type, description, dest_keyring, flags, user,
 459                                  &key);
 460        key_user_put(user);
 461
 462        if (ret == 0) {
 463                ret = construct_key(key, callout_info, callout_len, aux,
 464                                    dest_keyring);
 465                if (ret < 0) {
 466                        kdebug("cons failed");
 467                        goto construction_failed;
 468                }
 469        } else if (ret == -EINPROGRESS) {
 470                ret = 0;
 471        } else {
 472                goto couldnt_alloc_key;
 473        }
 474
 475        key_put(dest_keyring);
 476        kleave(" = key %d", key_serial(key));
 477        return key;
 478
 479construction_failed:
 480        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
 481        key_put(key);
 482couldnt_alloc_key:
 483        key_put(dest_keyring);
 484        kleave(" = %d", ret);
 485        return ERR_PTR(ret);
 486}
 487
 488/**
 489 * request_key_and_link - Request a key and cache it in a keyring.
 490 * @type: The type of key we want.
 491 * @description: The searchable description of the key.
 492 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 493 * @callout_len: The length of callout_info.
 494 * @aux: Auxiliary data for the upcall.
 495 * @dest_keyring: Where to cache the key.
 496 * @flags: Flags to key_alloc().
 497 *
 498 * A key matching the specified criteria is searched for in the process's
 499 * keyrings and returned with its usage count incremented if found.  Otherwise,
 500 * if callout_info is not NULL, a key will be allocated and some service
 501 * (probably in userspace) will be asked to instantiate it.
 502 *
 503 * If successfully found or created, the key will be linked to the destination
 504 * keyring if one is provided.
 505 *
 506 * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
 507 * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
 508 * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
 509 * if insufficient key quota was available to create a new key; or -ENOMEM if
 510 * insufficient memory was available.
 511 *
 512 * If the returned key was created, then it may still be under construction,
 513 * and wait_for_key_construction() should be used to wait for that to complete.
 514 */
 515struct key *request_key_and_link(struct key_type *type,
 516                                 const char *description,
 517                                 const void *callout_info,
 518                                 size_t callout_len,
 519                                 void *aux,
 520                                 struct key *dest_keyring,
 521                                 unsigned long flags)
 522{
 523        const struct cred *cred = current_cred();
 524        struct key *key;
 525        key_ref_t key_ref;
 526        int ret;
 527
 528        kenter("%s,%s,%p,%zu,%p,%p,%lx",
 529               type->name, description, callout_info, callout_len, aux,
 530               dest_keyring, flags);
 531
 532        /* search all the process keyrings for a key */
 533        key_ref = search_process_keyrings(type, description, type->match, cred);
 534
 535        if (!IS_ERR(key_ref)) {
 536                key = key_ref_to_ptr(key_ref);
 537                if (dest_keyring) {
 538                        construct_get_dest_keyring(&dest_keyring);
 539                        ret = key_link(dest_keyring, key);
 540                        key_put(dest_keyring);
 541                        if (ret < 0) {
 542                                key_put(key);
 543                                key = ERR_PTR(ret);
 544                                goto error;
 545                        }
 546                }
 547        } else if (PTR_ERR(key_ref) != -EAGAIN) {
 548                key = ERR_CAST(key_ref);
 549        } else  {
 550                /* the search failed, but the keyrings were searchable, so we
 551                 * should consult userspace if we can */
 552                key = ERR_PTR(-ENOKEY);
 553                if (!callout_info)
 554                        goto error;
 555
 556                key = construct_key_and_link(type, description, callout_info,
 557                                             callout_len, aux, dest_keyring,
 558                                             flags);
 559        }
 560
 561error:
 562        kleave(" = %p", key);
 563        return key;
 564}
 565
 566/**
 567 * wait_for_key_construction - Wait for construction of a key to complete
 568 * @key: The key being waited for.
 569 * @intr: Whether to wait interruptibly.
 570 *
 571 * Wait for a key to finish being constructed.
 572 *
 573 * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
 574 * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
 575 * revoked or expired.
 576 */
 577int wait_for_key_construction(struct key *key, bool intr)
 578{
 579        int ret;
 580
 581        ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
 582                          intr ? key_wait_bit_intr : key_wait_bit,
 583                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
 584        if (ret < 0)
 585                return ret;
 586        if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
 587                return key->type_data.reject_error;
 588        return key_validate(key);
 589}
 590EXPORT_SYMBOL(wait_for_key_construction);
 591
 592/**
 593 * request_key - Request a key and wait for construction
 594 * @type: Type of key.
 595 * @description: The searchable description of the key.
 596 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 597 *
 598 * As for request_key_and_link() except that it does not add the returned key
 599 * to a keyring if found, new keys are always allocated in the user's quota,
 600 * the callout_info must be a NUL-terminated string and no auxiliary data can
 601 * be passed.
 602 *
 603 * Furthermore, it then works as wait_for_key_construction() to wait for the
 604 * completion of keys undergoing construction with a non-interruptible wait.
 605 */
 606struct key *request_key(struct key_type *type,
 607                        const char *description,
 608                        const char *callout_info)
 609{
 610        struct key *key;
 611        size_t callout_len = 0;
 612        int ret;
 613
 614        if (callout_info)
 615                callout_len = strlen(callout_info);
 616        key = request_key_and_link(type, description, callout_info, callout_len,
 617                                   NULL, NULL, KEY_ALLOC_IN_QUOTA);
 618        if (!IS_ERR(key)) {
 619                ret = wait_for_key_construction(key, false);
 620                if (ret < 0) {
 621                        key_put(key);
 622                        return ERR_PTR(ret);
 623                }
 624        }
 625        return key;
 626}
 627EXPORT_SYMBOL(request_key);
 628
 629/**
 630 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
 631 * @type: The type of key we want.
 632 * @description: The searchable description of the key.
 633 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 634 * @callout_len: The length of callout_info.
 635 * @aux: Auxiliary data for the upcall.
 636 *
 637 * As for request_key_and_link() except that it does not add the returned key
 638 * to a keyring if found and new keys are always allocated in the user's quota.
 639 *
 640 * Furthermore, it then works as wait_for_key_construction() to wait for the
 641 * completion of keys undergoing construction with a non-interruptible wait.
 642 */
 643struct key *request_key_with_auxdata(struct key_type *type,
 644                                     const char *description,
 645                                     const void *callout_info,
 646                                     size_t callout_len,
 647                                     void *aux)
 648{
 649        struct key *key;
 650        int ret;
 651
 652        key = request_key_and_link(type, description, callout_info, callout_len,
 653                                   aux, NULL, KEY_ALLOC_IN_QUOTA);
 654        if (!IS_ERR(key)) {
 655                ret = wait_for_key_construction(key, false);
 656                if (ret < 0) {
 657                        key_put(key);
 658                        return ERR_PTR(ret);
 659                }
 660        }
 661        return key;
 662}
 663EXPORT_SYMBOL(request_key_with_auxdata);
 664
 665/*
 666 * request_key_async - Request a key (allow async construction)
 667 * @type: Type of key.
 668 * @description: The searchable description of the key.
 669 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 670 * @callout_len: The length of callout_info.
 671 *
 672 * As for request_key_and_link() except that it does not add the returned key
 673 * to a keyring if found, new keys are always allocated in the user's quota and
 674 * no auxiliary data can be passed.
 675 *
 676 * The caller should call wait_for_key_construction() to wait for the
 677 * completion of the returned key if it is still undergoing construction.
 678 */
 679struct key *request_key_async(struct key_type *type,
 680                              const char *description,
 681                              const void *callout_info,
 682                              size_t callout_len)
 683{
 684        return request_key_and_link(type, description, callout_info,
 685                                    callout_len, NULL, NULL,
 686                                    KEY_ALLOC_IN_QUOTA);
 687}
 688EXPORT_SYMBOL(request_key_async);
 689
 690/*
 691 * request a key with auxiliary data for the upcaller (allow async construction)
 692 * @type: Type of key.
 693 * @description: The searchable description of the key.
 694 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 695 * @callout_len: The length of callout_info.
 696 * @aux: Auxiliary data for the upcall.
 697 *
 698 * As for request_key_and_link() except that it does not add the returned key
 699 * to a keyring if found and new keys are always allocated in the user's quota.
 700 *
 701 * The caller should call wait_for_key_construction() to wait for the
 702 * completion of the returned key if it is still undergoing construction.
 703 */
 704struct key *request_key_async_with_auxdata(struct key_type *type,
 705                                           const char *description,
 706                                           const void *callout_info,
 707                                           size_t callout_len,
 708                                           void *aux)
 709{
 710        return request_key_and_link(type, description, callout_info,
 711                                    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
 712}
 713EXPORT_SYMBOL(request_key_async_with_auxdata);
 714