LXR linux/security/keys/request

   1/* Request a key from userspace
   2 *
   3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * See Documentation/keys-request-key.txt
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/sched.h>
  16#include <linux/kmod.h>
  17#include <linux/err.h>
  18#include <linux/keyctl.h>
  19#include <linux/slab.h>
  20#include "internal.h"
  21
  22#define key_negative_timeout    60      /* default timeout on a negative key's existence */
  23
  24/*
  25 * wait_on_bit() sleep function for uninterruptible waiting
  26 */
  27static int key_wait_bit(void *flags)
  28{
  29        schedule();
  30        return 0;
  31}
  32
  33/*
  34 * wait_on_bit() sleep function for interruptible waiting
  35 */
  36static int key_wait_bit_intr(void *flags)
  37{
  38        schedule();
  39        return signal_pending(current) ? -ERESTARTSYS : 0;
  40}
  41
  42/**
  43 * complete_request_key - Complete the construction of a key.
  44 * @cons: The key construction record.
  45 * @error: The success or failute of the construction.
  46 *
  47 * Complete the attempt to construct a key.  The key will be negated
  48 * if an error is indicated.  The authorisation key will be revoked
  49 * unconditionally.
  50 */
  51void complete_request_key(struct key_construction *cons, int error)
  52{
  53        kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  54
  55        if (error < 0)
  56                key_negate_and_link(cons->key, key_negative_timeout, NULL,
  57                                    cons->authkey);
  58        else
  59                key_revoke(cons->authkey);
  60
  61        key_put(cons->key);
  62        key_put(cons->authkey);
  63        kfree(cons);
  64}
  65EXPORT_SYMBOL(complete_request_key);
  66
  67/*
  68 * Initialise a usermode helper that is going to have a specific session
  69 * keyring.
  70 *
  71 * This is called in context of freshly forked kthread before kernel_execve(),
  72 * so we can simply install the desired session_keyring at this point.
  73 */
  74static int umh_keys_init(struct subprocess_info *info)
  75{
  76        struct cred *cred = (struct cred*)current_cred();
  77        struct key *keyring = info->data;
  78
  79        return install_session_keyring_to_cred(cred, keyring);
  80}
  81
  82/*
  83 * Clean up a usermode helper with session keyring.
  84 */
  85static void umh_keys_cleanup(struct subprocess_info *info)
  86{
  87        struct key *keyring = info->data;
  88        key_put(keyring);
  89}
  90
  91/*
  92 * Call a usermode helper with a specific session keyring.
  93 */
  94static int call_usermodehelper_keys(char *path, char **argv, char **envp,
  95                         struct key *session_keyring, enum umh_wait wait)
  96{
  97        gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
  98        struct subprocess_info *info =
  99                call_usermodehelper_setup(path, argv, envp, gfp_mask);
 100
 101        if (!info)
 102                return -ENOMEM;
 103
 104        call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup,
 105                                        key_get(session_keyring));
 106        return call_usermodehelper_exec(info, wait);
 107}
 108
 109/*
 110 * Request userspace finish the construction of a key
 111 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
 112 */
 113static int call_sbin_request_key(struct key_construction *cons,
 114                                 const char *op,
 115                                 void *aux)
 116{
 117        const struct cred *cred = current_cred();
 118        key_serial_t prkey, sskey;
 119        struct key *key = cons->key, *authkey = cons->authkey, *keyring,
 120                *session;
 121        char *argv[9], *envp[3], uid_str[12], gid_str[12];
 122        char key_str[12], keyring_str[3][12];
 123        char desc[20];
 124        int ret, i;
 125
 126        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
 127
 128        ret = install_user_keyrings();
 129        if (ret < 0)
 130                goto error_alloc;
 131
 132        /* allocate a new session keyring */
 133        sprintf(desc, "_req.%u", key->serial);
 134
 135        cred = get_current_cred();
 136        keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
 137                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
 138        put_cred(cred);
 139        if (IS_ERR(keyring)) {
 140                ret = PTR_ERR(keyring);
 141                goto error_alloc;
 142        }
 143
 144        /* attach the auth key to the session keyring */
 145        ret = key_link(keyring, authkey);
 146        if (ret < 0)
 147                goto error_link;
 148
 149        /* record the UID and GID */
 150        sprintf(uid_str, "%d", cred->fsuid);
 151        sprintf(gid_str, "%d", cred->fsgid);
 152
 153        /* we say which key is under construction */
 154        sprintf(key_str, "%d", key->serial);
 155
 156        /* we specify the process's default keyrings */
 157        sprintf(keyring_str[0], "%d",
 158                cred->thread_keyring ? cred->thread_keyring->serial : 0);
 159
 160        prkey = 0;
 161        if (cred->tgcred->process_keyring)
 162                prkey = cred->tgcred->process_keyring->serial;
 163        sprintf(keyring_str[1], "%d", prkey);
 164
 165        rcu_read_lock();
 166        session = rcu_dereference(cred->tgcred->session_keyring);
 167        if (!session)
 168                session = cred->user->session_keyring;
 169        sskey = session->serial;
 170        rcu_read_unlock();
 171
 172        sprintf(keyring_str[2], "%d", sskey);
 173
 174        /* set up a minimal environment */
 175        i = 0;
 176        envp[i++] = "HOME=/";
 177        envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
 178        envp[i] = NULL;
 179
 180        /* set up the argument list */
 181        i = 0;
 182        argv[i++] = "/sbin/request-key";
 183        argv[i++] = (char *) op;
 184        argv[i++] = key_str;
 185        argv[i++] = uid_str;
 186        argv[i++] = gid_str;
 187        argv[i++] = keyring_str[0];
 188        argv[i++] = keyring_str[1];
 189        argv[i++] = keyring_str[2];
 190        argv[i] = NULL;
 191
 192        /* do it */
 193        ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
 194                                       UMH_WAIT_PROC);
 195        kdebug("usermode -> 0x%x", ret);
 196        if (ret >= 0) {
 197                /* ret is the exit/wait code */
 198                if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
 199                    key_validate(key) < 0)
 200                        ret = -ENOKEY;
 201                else
 202                        /* ignore any errors from userspace if the key was
 203                         * instantiated */
 204                        ret = 0;
 205        }
 206
 207error_link:
 208        key_put(keyring);
 209
 210error_alloc:
 211        complete_request_key(cons, ret);
 212        kleave(" = %d", ret);
 213        return ret;
 214}
 215
 216/*
 217 * Call out to userspace for key construction.
 218 *
 219 * Program failure is ignored in favour of key status.
 220 */
 221static int construct_key(struct key *key, const void *callout_info,
 222                         size_t callout_len, void *aux,
 223                         struct key *dest_keyring)
 224{
 225        struct key_construction *cons;
 226        request_key_actor_t actor;
 227        struct key *authkey;
 228        int ret;
 229
 230        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
 231
 232        cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 233        if (!cons)
 234                return -ENOMEM;
 235
 236        /* allocate an authorisation key */
 237        authkey = request_key_auth_new(key, callout_info, callout_len,
 238                                       dest_keyring);
 239        if (IS_ERR(authkey)) {
 240                kfree(cons);
 241                ret = PTR_ERR(authkey);
 242                authkey = NULL;
 243        } else {
 244                cons->authkey = key_get(authkey);
 245                cons->key = key_get(key);
 246
 247                /* make the call */
 248                actor = call_sbin_request_key;
 249                if (key->type->request_key)
 250                        actor = key->type->request_key;
 251
 252                ret = actor(cons, "create", aux);
 253
 254                /* check that the actor called complete_request_key() prior to
 255                 * returning an error */
 256                WARN_ON(ret < 0 &&
 257                        !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 258                key_put(authkey);
 259        }
 260
 261        kleave(" = %d", ret);
 262        return ret;
 263}
 264
 265/*
 266 * Get the appropriate destination keyring for the request.
 267 *
 268 * The keyring selected is returned with an extra reference upon it which the
 269 * caller must release.
 270 */
 271static void construct_get_dest_keyring(struct key **_dest_keyring)
 272{
 273        struct request_key_auth *rka;
 274        const struct cred *cred = current_cred();
 275        struct key *dest_keyring = *_dest_keyring, *authkey;
 276
 277        kenter("%p", dest_keyring);
 278
 279        /* find the appropriate keyring */
 280        if (dest_keyring) {
 281                /* the caller supplied one */
 282                key_get(dest_keyring);
 283        } else {
 284                /* use a default keyring; falling through the cases until we
 285                 * find one that we actually have */
 286                switch (cred->jit_keyring) {
 287                case KEY_REQKEY_DEFL_DEFAULT:
 288                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
 289                        if (cred->request_key_auth) {
 290                                authkey = cred->request_key_auth;
 291                                down_read(&authkey->sem);
 292                                rka = authkey->payload.data;
 293                                if (!test_bit(KEY_FLAG_REVOKED,
 294                                              &authkey->flags))
 295                                        dest_keyring =
 296                                                key_get(rka->dest_keyring);
 297                                up_read(&authkey->sem);
 298                                if (dest_keyring)
 299                                        break;
 300                        }
 301
 302                case KEY_REQKEY_DEFL_THREAD_KEYRING:
 303                        dest_keyring = key_get(cred->thread_keyring);
 304                        if (dest_keyring)
 305                                break;
 306
 307                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 308                        dest_keyring = key_get(cred->tgcred->process_keyring);
 309                        if (dest_keyring)
 310                                break;
 311
 312                case KEY_REQKEY_DEFL_SESSION_KEYRING:
 313                        rcu_read_lock();
 314                        dest_keyring = key_get(
 315                                rcu_dereference(cred->tgcred->session_keyring));
 316                        rcu_read_unlock();
 317
 318                        if (dest_keyring)
 319                                break;
 320
 321                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 322                        dest_keyring =
 323                                key_get(cred->user->session_keyring);
 324                        break;
 325
 326                case KEY_REQKEY_DEFL_USER_KEYRING:
 327                        dest_keyring = key_get(cred->user->uid_keyring);
 328                        break;
 329
 330                case KEY_REQKEY_DEFL_GROUP_KEYRING:
 331                default:
 332                        BUG();
 333                }
 334        }
 335
 336        *_dest_keyring = dest_keyring;
 337        kleave(" [dk %d]", key_serial(dest_keyring));
 338        return;
 339}
 340
 341/*
 342 * Allocate a new key in under-construction state and attempt to link it in to
 343 * the requested keyring.
 344 *
 345 * May return a key that's already under construction instead if there was a
 346 * race between two thread calling request_key().
 347 */
 348static int construct_alloc_key(struct key_type *type,
 349                               const char *description,
 350                               struct key *dest_keyring,
 351                               unsigned long flags,
 352                               struct key_user *user,
 353                               struct key **_key)
 354{
 355        const struct cred *cred = current_cred();
 356        unsigned long prealloc;
 357        struct key *key;
 358        key_ref_t key_ref;
 359        int ret;
 360
 361        kenter("%s,%s,,,", type->name, description);
 362
 363        *_key = NULL;
 364        mutex_lock(&user->cons_lock);
 365
 366        key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
 367                        KEY_POS_ALL, flags);
 368        if (IS_ERR(key))
 369                goto alloc_failed;
 370
 371        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 372
 373        if (dest_keyring) {
 374                ret = __key_link_begin(dest_keyring, type, description,
 375                                       &prealloc);
 376                if (ret < 0)
 377                        goto link_prealloc_failed;
 378        }
 379
 380        /* attach the key to the destination keyring under lock, but we do need
 381         * to do another check just in case someone beat us to it whilst we
 382         * waited for locks */
 383        mutex_lock(&key_construction_mutex);
 384
 385        key_ref = search_process_keyrings(type, description, type->match, cred);
 386        if (!IS_ERR(key_ref))
 387                goto key_already_present;
 388
 389        if (dest_keyring)
 390                __key_link(dest_keyring, key, &prealloc);
 391
 392        mutex_unlock(&key_construction_mutex);
 393        if (dest_keyring)
 394                __key_link_end(dest_keyring, type, prealloc);
 395        mutex_unlock(&user->cons_lock);
 396        *_key = key;
 397        kleave(" = 0 [%d]", key_serial(key));
 398        return 0;
 399
 400        /* the key is now present - we tell the caller that we found it by
 401         * returning -EINPROGRESS  */
 402key_already_present:
 403        key_put(key);
 404        mutex_unlock(&key_construction_mutex);
 405        key = key_ref_to_ptr(key_ref);
 406        if (dest_keyring) {
 407                ret = __key_link_check_live_key(dest_keyring, key);
 408                if (ret == 0)
 409                        __key_link(dest_keyring, key, &prealloc);
 410                __key_link_end(dest_keyring, type, prealloc);
 411                if (ret < 0)
 412                        goto link_check_failed;
 413        }
 414        mutex_unlock(&user->cons_lock);
 415        *_key = key;
 416        kleave(" = -EINPROGRESS [%d]", key_serial(key));
 417        return -EINPROGRESS;
 418
 419link_check_failed:
 420        mutex_unlock(&user->cons_lock);
 421        key_put(key);
 422        kleave(" = %d [linkcheck]", ret);
 423        return ret;
 424
 425link_prealloc_failed:
 426        mutex_unlock(&user->cons_lock);
 427        kleave(" = %d [prelink]", ret);
 428        return ret;
 429
 430alloc_failed:
 431        mutex_unlock(&user->cons_lock);
 432        kleave(" = %ld", PTR_ERR(key));
 433        return PTR_ERR(key);
 434}
 435
 436/*
 437 * Commence key construction.
 438 */
 439static struct key *construct_key_and_link(struct key_type *type,
 440                                          const char *description,
 441                                          const char *callout_info,
 442                                          size_t callout_len,
 443                                          void *aux,
 444                                          struct key *dest_keyring,
 445                                          unsigned long flags)
 446{
 447        struct key_user *user;
 448        struct key *key;
 449        int ret;
 450
 451        kenter("");
 452
 453        user = key_user_lookup(current_fsuid(), current_user_ns());
 454        if (!user)
 455                return ERR_PTR(-ENOMEM);
 456
 457        construct_get_dest_keyring(&dest_keyring);
 458
 459        ret = construct_alloc_key(type, description, dest_keyring, flags, user,
 460                                  &key);
 461        key_user_put(user);
 462
 463        if (ret == 0) {
 464                ret = construct_key(key, callout_info, callout_len, aux,
 465                                    dest_keyring);
 466                if (ret < 0) {
 467                        kdebug("cons failed");
 468                        goto construction_failed;
 469                }
 470        } else if (ret == -EINPROGRESS) {
 471                ret = 0;
 472        } else {
 473                key = ERR_PTR(ret);
 474        }
 475
 476        key_put(dest_keyring);
 477        kleave(" = key %d", key_serial(key));
 478        return key;
 479
 480construction_failed:
 481        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
 482        key_put(key);
 483        key_put(dest_keyring);
 484        kleave(" = %d", ret);
 485        return ERR_PTR(ret);
 486}
 487
 488/**
 489 * request_key_and_link - Request a key and cache it in a keyring.
 490 * @type: The type of key we want.
 491 * @description: The searchable description of the key.
 492 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 493 * @callout_len: The length of callout_info.
 494 * @aux: Auxiliary data for the upcall.
 495 * @dest_keyring: Where to cache the key.
 496 * @flags: Flags to key_alloc().
 497 *
 498 * A key matching the specified criteria is searched for in the process's
 499 * keyrings and returned with its usage count incremented if found.  Otherwise,
 500 * if callout_info is not NULL, a key will be allocated and some service
 501 * (probably in userspace) will be asked to instantiate it.
 502 *
 503 * If successfully found or created, the key will be linked to the destination
 504 * keyring if one is provided.
 505 *
 506 * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
 507 * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
 508 * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
 509 * if insufficient key quota was available to create a new key; or -ENOMEM if
 510 * insufficient memory was available.
 511 *
 512 * If the returned key was created, then it may still be under construction,
 513 * and wait_for_key_construction() should be used to wait for that to complete.
 514 */
 515struct key *request_key_and_link(struct key_type *type,
 516                                 const char *description,
 517                                 const void *callout_info,
 518                                 size_t callout_len,
 519                                 void *aux,
 520                                 struct key *dest_keyring,
 521                                 unsigned long flags)
 522{
 523        const struct cred *cred = current_cred();
 524        struct key *key;
 525        key_ref_t key_ref;
 526        int ret;
 527
 528        kenter("%s,%s,%p,%zu,%p,%p,%lx",
 529               type->name, description, callout_info, callout_len, aux,
 530               dest_keyring, flags);
 531
 532        /* search all the process keyrings for a key */
 533        key_ref = search_process_keyrings(type, description, type->match,
 534                                          cred);
 535
 536        if (!IS_ERR(key_ref)) {
 537                key = key_ref_to_ptr(key_ref);
 538                if (dest_keyring) {
 539                        construct_get_dest_keyring(&dest_keyring);
 540                        ret = key_link(dest_keyring, key);
 541                        key_put(dest_keyring);
 542                        if (ret < 0) {
 543                                key_put(key);
 544                                key = ERR_PTR(ret);
 545                                goto error;
 546                        }
 547                }
 548        } else if (PTR_ERR(key_ref) != -EAGAIN) {
 549                key = ERR_CAST(key_ref);
 550        } else  {
 551                /* the search failed, but the keyrings were searchable, so we
 552                 * should consult userspace if we can */
 553                key = ERR_PTR(-ENOKEY);
 554                if (!callout_info)
 555                        goto error;
 556
 557                key = construct_key_and_link(type, description, callout_info,
 558                                             callout_len, aux, dest_keyring,
 559                                             flags);
 560        }
 561
 562error:
 563        kleave(" = %p", key);
 564        return key;
 565}
 566
 567/**
 568 * wait_for_key_construction - Wait for construction of a key to complete
 569 * @key: The key being waited for.
 570 * @intr: Whether to wait interruptibly.
 571 *
 572 * Wait for a key to finish being constructed.
 573 *
 574 * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
 575 * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
 576 * revoked or expired.
 577 */
 578int wait_for_key_construction(struct key *key, bool intr)
 579{
 580        int ret;
 581
 582        ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
 583                          intr ? key_wait_bit_intr : key_wait_bit,
 584                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
 585        if (ret < 0)
 586                return ret;
 587        if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
 588                return key->type_data.reject_error;
 589        return key_validate(key);
 590}
 591EXPORT_SYMBOL(wait_for_key_construction);
 592
 593/**
 594 * request_key - Request a key and wait for construction
 595 * @type: Type of key.
 596 * @description: The searchable description of the key.
 597 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 598 *
 599 * As for request_key_and_link() except that it does not add the returned key
 600 * to a keyring if found, new keys are always allocated in the user's quota,
 601 * the callout_info must be a NUL-terminated string and no auxiliary data can
 602 * be passed.
 603 *
 604 * Furthermore, it then works as wait_for_key_construction() to wait for the
 605 * completion of keys undergoing construction with a non-interruptible wait.
 606 */
 607struct key *request_key(struct key_type *type,
 608                        const char *description,
 609                        const char *callout_info)
 610{
 611        struct key *key;
 612        size_t callout_len = 0;
 613        int ret;
 614
 615        if (callout_info)
 616                callout_len = strlen(callout_info);
 617        key = request_key_and_link(type, description, callout_info, callout_len,
 618                                   NULL, NULL, KEY_ALLOC_IN_QUOTA);
 619        if (!IS_ERR(key)) {
 620                ret = wait_for_key_construction(key, false);
 621                if (ret < 0) {
 622                        key_put(key);
 623                        return ERR_PTR(ret);
 624                }
 625        }
 626        return key;
 627}
 628EXPORT_SYMBOL(request_key);
 629
 630/**
 631 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
 632 * @type: The type of key we want.
 633 * @description: The searchable description of the key.
 634 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 635 * @callout_len: The length of callout_info.
 636 * @aux: Auxiliary data for the upcall.
 637 *
 638 * As for request_key_and_link() except that it does not add the returned key
 639 * to a keyring if found and new keys are always allocated in the user's quota.
 640 *
 641 * Furthermore, it then works as wait_for_key_construction() to wait for the
 642 * completion of keys undergoing construction with a non-interruptible wait.
 643 */
 644struct key *request_key_with_auxdata(struct key_type *type,
 645                                     const char *description,
 646                                     const void *callout_info,
 647                                     size_t callout_len,
 648                                     void *aux)
 649{
 650        struct key *key;
 651        int ret;
 652
 653        key = request_key_and_link(type, description, callout_info, callout_len,
 654                                   aux, NULL, KEY_ALLOC_IN_QUOTA);
 655        if (!IS_ERR(key)) {
 656                ret = wait_for_key_construction(key, false);
 657                if (ret < 0) {
 658                        key_put(key);
 659                        return ERR_PTR(ret);
 660                }
 661        }
 662        return key;
 663}
 664EXPORT_SYMBOL(request_key_with_auxdata);
 665
 666/*
 667 * request_key_async - Request a key (allow async construction)
 668 * @type: Type of key.
 669 * @description: The searchable description of the key.
 670 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 671 * @callout_len: The length of callout_info.
 672 *
 673 * As for request_key_and_link() except that it does not add the returned key
 674 * to a keyring if found, new keys are always allocated in the user's quota and
 675 * no auxiliary data can be passed.
 676 *
 677 * The caller should call wait_for_key_construction() to wait for the
 678 * completion of the returned key if it is still undergoing construction.
 679 */
 680struct key *request_key_async(struct key_type *type,
 681                              const char *description,
 682                              const void *callout_info,
 683                              size_t callout_len)
 684{
 685        return request_key_and_link(type, description, callout_info,
 686                                    callout_len, NULL, NULL,
 687                                    KEY_ALLOC_IN_QUOTA);
 688}
 689EXPORT_SYMBOL(request_key_async);
 690
 691/*
 692 * request a key with auxiliary data for the upcaller (allow async construction)
 693 * @type: Type of key.
 694 * @description: The searchable description of the key.
 695 * @callout_info: The data to pass to the instantiation upcall (or NULL).
 696 * @callout_len: The length of callout_info.
 697 * @aux: Auxiliary data for the upcall.
 698 *
 699 * As for request_key_and_link() except that it does not add the returned key
 700 * to a keyring if found and new keys are always allocated in the user's quota.
 701 *
 702 * The caller should call wait_for_key_construction() to wait for the
 703 * completion of the returned key if it is still undergoing construction.
 704 */
 705struct key *request_key_async_with_auxdata(struct key_type *type,
 706                                           const char *description,
 707                                           const void *callout_info,
 708                                           size_t callout_len,
 709                                           void *aux)
 710{
 711        return request_key_and_link(type, description, callout_info,
 712                                    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
 713}
 714EXPORT_SYMBOL(request_key_async_with_auxdata);
 715