LXR linux/security/keys/request

   1/* Request a key from userspace
   2 *
   3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * See Documentation/security/keys/request-key.rst
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/sched.h>
  16#include <linux/kmod.h>
  17#include <linux/err.h>
  18#include <linux/keyctl.h>
  19#include <linux/slab.h>
  20#include "internal.h"
  21
  22#define key_negative_timeout    60      /* default timeout on a negative key's existence */
  23
  24/**
  25 * complete_request_key - Complete the construction of a key.
  26 * @cons: The key construction record.
  27 * @error: The success or failute of the construction.
  28 *
  29 * Complete the attempt to construct a key.  The key will be negated
  30 * if an error is indicated.  The authorisation key will be revoked
  31 * unconditionally.
  32 */
  33void complete_request_key(struct key_construction *cons, int error)
  34{
  35        kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  36
  37        if (error < 0)
  38                key_negate_and_link(cons->key, key_negative_timeout, NULL,
  39                                    cons->authkey);
  40        else
  41                key_revoke(cons->authkey);
  42
  43        key_put(cons->key);
  44        key_put(cons->authkey);
  45        kfree(cons);
  46}
  47EXPORT_SYMBOL(complete_request_key);
  48
  49/*
  50 * Initialise a usermode helper that is going to have a specific session
  51 * keyring.
  52 *
  53 * This is called in context of freshly forked kthread before kernel_execve(),
  54 * so we can simply install the desired session_keyring at this point.
  55 */
  56static int umh_keys_init(struct subprocess_info *info, struct cred *cred)
  57{
  58        struct key *keyring = info->data;
  59
  60        return install_session_keyring_to_cred(cred, keyring);
  61}
  62
  63/*
  64 * Clean up a usermode helper with session keyring.
  65 */
  66static void umh_keys_cleanup(struct subprocess_info *info)
  67{
  68        struct key *keyring = info->data;
  69        key_put(keyring);
  70}
  71
  72/*
  73 * Call a usermode helper with a specific session keyring.
  74 */
  75static int call_usermodehelper_keys(const char *path, char **argv, char **envp,
  76                                        struct key *session_keyring, int wait)
  77{
  78        struct subprocess_info *info;
  79
  80        info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL,
  81                                          umh_keys_init, umh_keys_cleanup,
  82                                          session_keyring);
  83        if (!info)
  84                return -ENOMEM;
  85
  86        key_get(session_keyring);
  87        return call_usermodehelper_exec(info, wait);
  88}
  89
  90/*
  91 * Request userspace finish the construction of a key
  92 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  93 */
  94static int call_sbin_request_key(struct key_construction *cons,
  95                                 const char *op,
  96                                 void *aux)
  97{
  98        static char const request_key[] = "/sbin/request-key";
  99        const struct cred *cred = current_cred();
 100        key_serial_t prkey, sskey;
 101        struct key *key = cons->key, *authkey = cons->authkey, *keyring,
 102                *session;
 103        char *argv[9], *envp[3], uid_str[12], gid_str[12];
 104        char key_str[12], keyring_str[3][12];
 105        char desc[20];
 106        int ret, i;
 107
 108        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
 109
 110        ret = install_user_keyrings();
 111        if (ret < 0)
 112                goto error_alloc;
 113
 114        /* allocate a new session keyring */
 115        sprintf(desc, "_req.%u", key->serial);
 116
 117        cred = get_current_cred();
 118        keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
 119                                KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
 120                                KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL);
 121        put_cred(cred);
 122        if (IS_ERR(keyring)) {
 123                ret = PTR_ERR(keyring);
 124                goto error_alloc;
 125        }
 126
 127        /* attach the auth key to the session keyring */
 128        ret = key_link(keyring, authkey);
 129        if (ret < 0)
 130                goto error_link;
 131
 132        /* record the UID and GID */
 133        sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid));
 134        sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid));
 135
 136        /* we say which key is under construction */
 137        sprintf(key_str, "%d", key->serial);
 138
 139        /* we specify the process's default keyrings */
 140        sprintf(keyring_str[0], "%d",
 141                cred->thread_keyring ? cred->thread_keyring->serial : 0);
 142
 143        prkey = 0;
 144        if (cred->process_keyring)
 145                prkey = cred->process_keyring->serial;
 146        sprintf(keyring_str[1], "%d", prkey);
 147
 148        rcu_read_lock();
 149        session = rcu_dereference(cred->session_keyring);
 150        if (!session)
 151                session = cred->user->session_keyring;
 152        sskey = session->serial;
 153        rcu_read_unlock();
 154
 155        sprintf(keyring_str[2], "%d", sskey);
 156
 157        /* set up a minimal environment */
 158        i = 0;
 159        envp[i++] = "HOME=/";
 160        envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
 161        envp[i] = NULL;
 162
 163        /* set up the argument list */
 164        i = 0;
 165        argv[i++] = (char *)request_key;
 166        argv[i++] = (char *) op;
 167        argv[i++] = key_str;
 168        argv[i++] = uid_str;
 169        argv[i++] = gid_str;
 170        argv[i++] = keyring_str[0];
 171        argv[i++] = keyring_str[1];
 172        argv[i++] = keyring_str[2];
 173        argv[i] = NULL;
 174
 175        /* do it */
 176        ret = call_usermodehelper_keys(request_key, argv, envp, keyring,
 177                                       UMH_WAIT_PROC);
 178        kdebug("usermode -> 0x%x", ret);
 179        if (ret >= 0) {
 180                /* ret is the exit/wait code */
 181                if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
 182                    key_validate(key) < 0)
 183                        ret = -ENOKEY;
 184                else
 185                        /* ignore any errors from userspace if the key was
 186                         * instantiated */
 187                        ret = 0;
 188        }
 189
 190error_link:
 191        key_put(keyring);
 192
 193error_alloc:
 194        complete_request_key(cons, ret);
 195        kleave(" = %d", ret);
 196        return ret;
 197}
 198
 199/*
 200 * Call out to userspace for key construction.
 201 *
 202 * Program failure is ignored in favour of key status.
 203 */
 204static int construct_key(struct key *key, const void *callout_info,
 205                         size_t callout_len, void *aux,
 206                         struct key *dest_keyring)
 207{
 208        struct key_construction *cons;
 209        request_key_actor_t actor;
 210        struct key *authkey;
 211        int ret;
 212
 213        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
 214
 215        cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 216        if (!cons)
 217                return -ENOMEM;
 218
 219        /* allocate an authorisation key */
 220        authkey = request_key_auth_new(key, callout_info, callout_len,
 221                                       dest_keyring);
 222        if (IS_ERR(authkey)) {
 223                kfree(cons);
 224                ret = PTR_ERR(authkey);
 225                authkey = NULL;
 226        } else {
 227                cons->authkey = key_get(authkey);
 228                cons->key = key_get(key);
 229
 230                /* make the call */
 231                actor = call_sbin_request_key;
 232                if (key->type->request_key)
 233                        actor = key->type->request_key;
 234
 235                ret = actor(cons, "create", aux);
 236
 237                /* check that the actor called complete_request_key() prior to
 238                 * returning an error */
 239                WARN_ON(ret < 0 &&
 240                        !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 241                key_put(authkey);
 242        }
 243
 244        kleave(" = %d", ret);
 245        return ret;
 246}
 247
 248/*
 249 * Get the appropriate destination keyring for the request.
 250 *
 251 * The keyring selected is returned with an extra reference upon it which the
 252 * caller must release.
 253 */
 254static void construct_get_dest_keyring(struct key **_dest_keyring)
 255{
 256        struct request_key_auth *rka;
 257        const struct cred *cred = current_cred();
 258        struct key *dest_keyring = *_dest_keyring, *authkey;
 259
 260        kenter("%p", dest_keyring);
 261
 262        /* find the appropriate keyring */
 263        if (dest_keyring) {
 264                /* the caller supplied one */
 265                key_get(dest_keyring);
 266        } else {
 267                /* use a default keyring; falling through the cases until we
 268                 * find one that we actually have */
 269                switch (cred->jit_keyring) {
 270                case KEY_REQKEY_DEFL_DEFAULT:
 271                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
 272                        if (cred->request_key_auth) {
 273                                authkey = cred->request_key_auth;
 274                                down_read(&authkey->sem);
 275                                rka = authkey->payload.data[0];
 276                                if (!test_bit(KEY_FLAG_REVOKED,
 277                                              &authkey->flags))
 278                                        dest_keyring =
 279                                                key_get(rka->dest_keyring);
 280                                up_read(&authkey->sem);
 281                                if (dest_keyring)
 282                                        break;
 283                        }
 284
 285                case KEY_REQKEY_DEFL_THREAD_KEYRING:
 286                        dest_keyring = key_get(cred->thread_keyring);
 287                        if (dest_keyring)
 288                                break;
 289
 290                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 291                        dest_keyring = key_get(cred->process_keyring);
 292                        if (dest_keyring)
 293                                break;
 294
 295                case KEY_REQKEY_DEFL_SESSION_KEYRING:
 296                        rcu_read_lock();
 297                        dest_keyring = key_get(
 298                                rcu_dereference(cred->session_keyring));
 299                        rcu_read_unlock();
 300
 301                        if (dest_keyring)
 302                                break;
 303
 304                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 305                        dest_keyring =
 306                                key_get(cred->user->session_keyring);
 307                        break;
 308
 309                case KEY_REQKEY_DEFL_USER_KEYRING:
 310                        dest_keyring = key_get(cred->user->uid_keyring);
 311                        break;
 312
 313                case KEY_REQKEY_DEFL_GROUP_KEYRING:
 314                default:
 315                        BUG();
 316                }
 317        }
 318
 319        *_dest_keyring = dest_keyring;
 320        kleave(" [dk %d]", key_serial(dest_keyring));
 321        return;
 322}
 323
 324/*
 325 * Allocate a new key in under-construction state and attempt to link it in to
 326 * the requested keyring.
 327 *
 328 * May return a key that's already under construction instead if there was a
 329 * race between two thread calling request_key().
 330 */
 331static int construct_alloc_key(struct keyring_search_context *ctx,
 332                               struct key *dest_keyring,
 333                               unsigned long flags,
 334                               struct key_user *user,
 335                               struct key **_key)
 336{
 337        struct assoc_array_edit *edit;
 338        struct key *key;
 339        key_perm_t perm;
 340        key_ref_t key_ref;
 341        int ret;
 342
 343        kenter("%s,%s,,,",
 344               ctx->index_key.type->name, ctx->index_key.description);
 345
 346        *_key = NULL;
 347        mutex_lock(&user->cons_lock);
 348
 349        perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR;
 350        perm |= KEY_USR_VIEW;
 351        if (ctx->index_key.type->read)
 352                perm |= KEY_POS_READ;
 353        if (ctx->index_key.type == &key_type_keyring ||
 354            ctx->index_key.type->update)
 355                perm |= KEY_POS_WRITE;
 356
 357        key = key_alloc(ctx->index_key.type, ctx->index_key.description,
 358                        ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred,
 359                        perm, flags, NULL);
 360        if (IS_ERR(key))
 361                goto alloc_failed;
 362
 363        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 364
 365        if (dest_keyring) {
 366                ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit);
 367                if (ret < 0)
 368                        goto link_prealloc_failed;
 369        }
 370
 371        /* attach the key to the destination keyring under lock, but we do need
 372         * to do another check just in case someone beat us to it whilst we
 373         * waited for locks */
 374        mutex_lock(&key_construction_mutex);
 375
 376        key_ref = search_process_keyrings(ctx);
 377        if (!IS_ERR(key_ref))
 378                goto key_already_present;
 379
 380        if (dest_keyring)
 381                __key_link(key, &edit);
 382
 383        mutex_unlock(&key_construction_mutex);
 384        if (dest_keyring)
 385                __key_link_end(dest_keyring, &ctx->index_key, edit);
 386        mutex_unlock(&user->cons_lock);
 387        *_key = key;
 388        kleave(" = 0 [%d]", key_serial(key));
 389        return 0;
 390
 391        /* the key is now present - we tell the caller that we found it by
 392         * returning -EINPROGRESS  */
 393key_already_present:
 394        key_put(key);
 395        mutex_unlock(&key_construction_mutex);
 396        key = key_ref_to_ptr(key_ref);
 397        if (dest_keyring) {
 398                ret = __key_link_check_live_key(dest_keyring, key);
 399                if (ret == 0)
 400                        __key_link(key, &edit);
 401                __key_link_end(dest_keyring, &ctx->index_key, edit);
 402                if (ret < 0)
 403                        goto link_check_failed;
 404        }
 405        mutex_unlock(&user->cons_lock);
 406        *_key = key;
 407        kleave(" = -EINPROGRESS [%d]", key_serial(key));
 408        return -EINPROGRESS;
 409
 410link_check_failed:
 411        mutex_unlock(&user->cons_lock);
 412        key_put(key);
 413        kleave(" = %d [linkcheck]", ret);
 414        return ret;
 415
 416link_prealloc_failed:
 417        mutex_unlock(&user->cons_lock);
 418        key_put(key);
 419        kleave(" = %d [prelink]", ret);
 420        return ret;
 421
 422alloc_failed:
 423        mutex_unlock(&user->cons_lock);
 424        kleave(" = %ld", PTR_ERR(key));
 425        return PTR_ERR(key);
 426}
 427
 428/*
 429 * Commence key construction.
 430 */
 431static struct key *construct_key_and_link(struct keyring_search_context *ctx,
 432                                          const char *callout_info,
 433                                          size_t callout_len,
 434                                          void *aux,
 435                                          struct key *dest_keyring,
 436                                          unsigned long flags)
 437{
 438        struct key_user *user;
 439        struct key *key;
 440        int ret;
 441
 442        kenter("");
 443
 444        if (ctx->index_key.type == &key_type_keyring)
 445                return ERR_PTR(-EPERM);
 446
 447        user = key_user_lookup(current_fsuid());
 448        if (!user)
 449                return ERR_PTR(-ENOMEM);
 450
 451        construct_get_dest_keyring(&dest_keyring);
 452
 453        ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key);
 454        key_user_put(user);
 455
 456        if (ret == 0) {
 457                ret = construct_key(key, callout_info, callout_len, aux,
 458                                    dest_keyring);
 459                if (ret < 0) {
 460                        kdebug("cons failed");
 461                        goto construction_failed;
 462                }
 463        } else if (ret == -EINPROGRESS) {
 464                ret = 0;
 465        } else {
 466                goto couldnt_alloc_key;
 467        }
 468
 469        key_put(dest_keyring);
 470        kleave(" = key %d", key_serial(key));
 471        return key;
 472
 473construction_failed:
 474        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
 475        key_put(key);
 476couldnt_alloc_key:
 477        key_put(dest_keyring);
 478        kleave(" = %d", ret);
 479        return ERR_PTR(ret);
 480}
 481
 482/**
 483 * request_key_and_link - Request a key and cache it in a keyring.
 484 * @type: The type of key we want.
 485 * @description: The searchable description of the key.
 486 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 487 * @callout_len: The length of callout_info.
 488 * @aux: Auxiliary data for the upcall.
 489 * @dest_keyring: Where to cache the key.
 490 * @flags: Flags to key_alloc().
 491 *
 492 * A key matching the specified criteria is searched for in the process's
 493 * keyrings and returned with its usage count incremented if found.  Otherwise,
 494 * if callout_info is not NULL, a key will be allocated and some service
 495 * (probably in userspace) will be asked to instantiate it.
 496 *
 497 * If successfully found or created, the key will be linked to the destination
 498 * keyring if one is provided.
 499 *
 500 * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
 501 * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
 502 * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
 503 * if insufficient key quota was available to create a new key; or -ENOMEM if
 504 * insufficient memory was available.
 505 *
 506 * If the returned key was created, then it may still be under construction,
 507 * and wait_for_key_construction() should be used to wait for that to complete.
 508 */
 509struct key *request_key_and_link(struct key_type *type,
 510                                 const char *description,
 511                                 const void *callout_info,
 512                                 size_t callout_len,
 513                                 void *aux,
 514                                 struct key *dest_keyring,
 515                                 unsigned long flags)
 516{
 517        struct keyring_search_context ctx = {
 518                .index_key.type         = type,
 519                .index_key.description  = description,
 520                .cred                   = current_cred(),
 521                .match_data.cmp         = key_default_cmp,
 522                .match_data.raw_data    = description,
 523                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
 524                .flags                  = (KEYRING_SEARCH_DO_STATE_CHECK |
 525                                           KEYRING_SEARCH_SKIP_EXPIRED),
 526        };
 527        struct key *key;
 528        key_ref_t key_ref;
 529        int ret;
 530
 531        kenter("%s,%s,%p,%zu,%p,%p,%lx",
 532               ctx.index_key.type->name, ctx.index_key.description,
 533               callout_info, callout_len, aux, dest_keyring, flags);
 534
 535        if (type->match_preparse) {
 536                ret = type->match_preparse(&ctx.match_data);
 537                if (ret < 0) {
 538                        key = ERR_PTR(ret);
 539                        goto error;
 540                }
 541        }
 542
 543        /* search all the process keyrings for a key */
 544        key_ref = search_process_keyrings(&ctx);
 545
 546        if (!IS_ERR(key_ref)) {
 547                key = key_ref_to_ptr(key_ref);
 548                if (dest_keyring) {
 549                        construct_get_dest_keyring(&dest_keyring);
 550                        ret = key_link(dest_keyring, key);
 551                        key_put(dest_keyring);
 552                        if (ret < 0) {
 553                                key_put(key);
 554                                key = ERR_PTR(ret);
 555                                goto error_free;
 556                        }
 557                }
 558        } else if (PTR_ERR(key_ref) != -EAGAIN) {
 559                key = ERR_CAST(key_ref);
 560        } else  {
 561                /* the search failed, but the keyrings were searchable, so we
 562                 * should consult userspace if we can */
 563                key = ERR_PTR(-ENOKEY);
 564                if (!callout_info)
 565                        goto error_free;
 566
 567                key = construct_key_and_link(&ctx, callout_info, callout_len,
 568                                             aux, dest_keyring, flags);
 569        }
 570
 571error_free:
 572        if (type->match_free)
 573                type->match_free(&ctx.match_data);
 574error:
 575        kleave(" = %p", key);
 576        return key;
 577}
 578
 579/**
 580 * wait_for_key_construction - Wait for construction of a key to complete
 581 * @key: The key being waited for.
 582 * @intr: Whether to wait interruptibly.
 583 *
 584 * Wait for a key to finish being constructed.
 585 *
 586 * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
 587 * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
 588 * revoked or expired.
 589 */
 590int wait_for_key_construction(struct key *key, bool intr)
 591{
 592        int ret;
 593
 594        ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
 595                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
 596        if (ret)
 597                return -ERESTARTSYS;
 598        if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
 599                smp_rmb();
 600                return key->reject_error;
 601        }
 602        return key_validate(key);
 603}
 604EXPORT_SYMBOL(wait_for_key_construction);
 605
 606/**
 607 * request_key - Request a key and wait for construction
 608 * @type: Type of key.
 609 * @description: The searchable description of the key.
 610 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 611 *
 612 * As for request_key_and_link() except that it does not add the returned key
 613 * to a keyring if found, new keys are always allocated in the user's quota,
 614 * the callout_info must be a NUL-terminated string and no auxiliary data can
 615 * be passed.
 616 *
 617 * Furthermore, it then works as wait_for_key_construction() to wait for the
 618 * completion of keys undergoing construction with a non-interruptible wait.
 619 */
 620struct key *request_key(struct key_type *type,
 621                        const char *description,
 622                        const char *callout_info)
 623{
 624        struct key *key;
 625        size_t callout_len = 0;
 626        int ret;
 627
 628        if (callout_info)
 629                callout_len = strlen(callout_info);
 630        key = request_key_and_link(type, description, callout_info, callout_len,
 631                                   NULL, NULL, KEY_ALLOC_IN_QUOTA);
 632        if (!IS_ERR(key)) {
 633                ret = wait_for_key_construction(key, false);
 634                if (ret < 0) {
 635                        key_put(key);
 636                        return ERR_PTR(ret);
 637                }
 638        }
 639        return key;
 640}
 641EXPORT_SYMBOL(request_key);
 642
 643/**
 644 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
 645 * @type: The type of key we want.
 646 * @description: The searchable description of the key.
 647 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 648 * @callout_len: The length of callout_info.
 649 * @aux: Auxiliary data for the upcall.
 650 *
 651 * As for request_key_and_link() except that it does not add the returned key
 652 * to a keyring if found and new keys are always allocated in the user's quota.
 653 *
 654 * Furthermore, it then works as wait_for_key_construction() to wait for the
 655 * completion of keys undergoing construction with a non-interruptible wait.
 656 */
 657struct key *request_key_with_auxdata(struct key_type *type,
 658                                     const char *description,
 659                                     const void *callout_info,
 660                                     size_t callout_len,
 661                                     void *aux)
 662{
 663        struct key *key;
 664        int ret;
 665
 666        key = request_key_and_link(type, description, callout_info, callout_len,
 667                                   aux, NULL, KEY_ALLOC_IN_QUOTA);
 668        if (!IS_ERR(key)) {
 669                ret = wait_for_key_construction(key, false);
 670                if (ret < 0) {
 671                        key_put(key);
 672                        return ERR_PTR(ret);
 673                }
 674        }
 675        return key;
 676}
 677EXPORT_SYMBOL(request_key_with_auxdata);
 678
 679/*
 680 * request_key_async - Request a key (allow async construction)
 681 * @type: Type of key.
 682 * @description: The searchable description of the key.
 683 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 684 * @callout_len: The length of callout_info.
 685 *
 686 * As for request_key_and_link() except that it does not add the returned key
 687 * to a keyring if found, new keys are always allocated in the user's quota and
 688 * no auxiliary data can be passed.
 689 *
 690 * The caller should call wait_for_key_construction() to wait for the
 691 * completion of the returned key if it is still undergoing construction.
 692 */
 693struct key *request_key_async(struct key_type *type,
 694                              const char *description,
 695                              const void *callout_info,
 696                              size_t callout_len)
 697{
 698        return request_key_and_link(type, description, callout_info,
 699                                    callout_len, NULL, NULL,
 700                                    KEY_ALLOC_IN_QUOTA);
 701}
 702EXPORT_SYMBOL(request_key_async);
 703
 704/*
 705 * request a key with auxiliary data for the upcaller (allow async construction)
 706 * @type: Type of key.
 707 * @description: The searchable description of the key.
 708 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 709 * @callout_len: The length of callout_info.
 710 * @aux: Auxiliary data for the upcall.
 711 *
 712 * As for request_key_and_link() except that it does not add the returned key
 713 * to a keyring if found and new keys are always allocated in the user's quota.
 714 *
 715 * The caller should call wait_for_key_construction() to wait for the
 716 * completion of the returned key if it is still undergoing construction.
 717 */
 718struct key *request_key_async_with_auxdata(struct key_type *type,
 719                                           const char *description,
 720                                           const void *callout_info,
 721                                           size_t callout_len,
 722                                           void *aux)
 723{
 724        return request_key_and_link(type, description, callout_info,
 725                                    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
 726}
 727EXPORT_SYMBOL(request_key_async_with_auxdata);
 728