• David Howells's avatar
    watch_queue: Add a key/keyring notification facility · f7e47677
    David Howells authored
    Add a key/keyring change notification facility whereby notifications about
    changes in key and keyring content and attributes can be received.
    
    Firstly, an event queue needs to be created:
    
    	pipe2(fds, O_NOTIFICATION_PIPE);
    	ioctl(fds[1], IOC_WATCH_QUEUE_SET_SIZE, 256);
    
    then a notification can be set up to report notifications via that queue:
    
    	struct watch_notification_filter filter = {
    		.nr_filters = 1,
    		.filters = {
    			[0] = {
    				.type = WATCH_TYPE_KEY_NOTIFY,
    				.subtype_filter[0] = UINT_MAX,
    			},
    		},
    	};
    	ioctl(fds[1], IOC_WATCH_QUEUE_SET_FILTER, &filter);
    	keyctl_watch_key(KEY_SPEC_SESSION_KEYRING, fds[1], 0x01);
    
    After that, records will be placed into the queue when events occur in
    which keys are changed in some way.  Records are of the following format:
    
    	struct key_notification {
    		struct watch_notification watch;
    		__u32	key_id;
    		__u32	aux;
    	} *n;
    
    Where:
    
    	n->watch.type will be WATCH_TYPE_KEY_NOTIFY.
    
    	n->watch.subtype will indicate the type of event, such as
    	NOTIFY_KEY_REVOKED.
    
    	n->watch.info & WATCH_INFO_LENGTH will indicate the length of the
    	record.
    
    	n->watch.info & WATCH_INFO_ID will be the second argument to
    	keyctl_watch_key(), shifted.
    
    	n->key will be the ID of the affected key.
    
    	n->aux will hold subtype-dependent information, such as the key
    	being linked into the keyring specified by n->key in the case of
    	NOTIFY_KEY_LINKED.
    
    Note that it is permissible for event records to be of variable length -
    or, at least, the length may be dependent on the subtype.  Note also that
    the queue can be shared between multiple notifications of various types.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Reviewed-by: default avatarJames Morris <jamorris@linux.microsoft.com>
    f7e47677
gc.c 9.94 KB