summaryrefslogtreecommitdiffstats
path: root/Documentation/security/keys.txt
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2014-07-18 19:56:34 +0200
committerDavid Howells <dhowells@redhat.com>2014-07-22 22:46:08 +0200
commit7dfa0ca6a95de65b7a7760630cdbd7d30f204bfa (patch)
treee97786b11796e13f91b205dbb8adb3727e88789d /Documentation/security/keys.txt
parentKEYS: struct key_preparsed_payload should have two payload pointers (diff)
downloadlinux-7dfa0ca6a95de65b7a7760630cdbd7d30f204bfa.tar.xz
linux-7dfa0ca6a95de65b7a7760630cdbd7d30f204bfa.zip
KEYS: Allow expiry time to be set when preparsing a key
Allow a key type's preparsing routine to set the expiry time for a key. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: Steve Dickson <steved@redhat.com> Acked-by: Jeff Layton <jlayton@primarydata.com> Reviewed-by: Sage Weil <sage@redhat.com>
Diffstat (limited to 'Documentation/security/keys.txt')
-rw-r--r--Documentation/security/keys.txt10
1 files changed, 7 insertions, 3 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index a4c33f1a7c6d..315cf96a41a2 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -1150,20 +1150,24 @@ The structure has a number of fields, some of which are mandatory:
const void *data;
size_t datalen;
size_t quotalen;
+ time_t expiry;
};
Before calling the method, the caller will fill in data and datalen with
the payload blob parameters; quotalen will be filled in with the default
- quota size from the key type and the rest will be cleared.
+ quota size from the key type; expiry will be set to TIME_T_MAX and the
+ rest will be cleared.
If a description can be proposed from the payload contents, that should be
attached as a string to the description field. This will be used for the
key description if the caller of add_key() passes NULL or "".
The method can attach anything it likes to type_data[] and payload. These
- are merely passed along to the instantiate() or update() operations.
+ are merely passed along to the instantiate() or update() operations. If
+ set, the expiry time will be applied to the key if it is instantiated from
+ this data.
- The method should return 0 if success ful or a negative error code
+ The method should return 0 if successful or a negative error code
otherwise.