Provide the ability to query subsystem capabilities

Provide the ability to query the capabilities of the keyrings subsystem.

Signed-off-by: David Howells <dhowells@redhat.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/keyutils.h b/keyutils.h
index d3ef0e4..887cbf2 100644
--- a/keyutils.h
+++ b/keyutils.h
@@ -107,6 +107,7 @@ typedef uint32_t key_perm_t;
 #define KEYCTL_PKEY_VERIFY		28	/* Verify a public key signature */
 #define KEYCTL_RESTRICT_KEYRING		29	/* Restrict keys allowed to link to a keyring */
 #define KEYCTL_MOVE			30	/* Move keys between keyrings */
+#define KEYCTL_CAPABILITIES		31	/* Find capabilities of keyrings subsystem */
 
 /* keyctl structures */
 struct keyctl_dh_params {
@@ -150,6 +151,19 @@ struct keyctl_pkey_params {
 #define KEYCTL_MOVE_EXCL	0x00000001 /* Do not displace from the to-keyring */
 
 /*
+ * Capabilities flags.  The capabilities list is an array of 8-bit integers;
+ * each integer can carry up to 8 flags.
+ */
+#define KEYCTL_CAPS0_CAPABILITIES	0x01 /* KEYCTL_CAPABILITIES supported */
+#define KEYCTL_CAPS0_PERSISTENT_KEYRINGS 0x02 /* Persistent keyrings enabled */
+#define KEYCTL_CAPS0_DIFFIE_HELLMAN	0x04 /* Diffie-Hellman ops enabled */
+#define KEYCTL_CAPS0_PUBLIC_KEY		0x08 /* Public key ops enabled */
+#define KEYCTL_CAPS0_BIG_KEY		0x10 /* big_key-type enabled */
+#define KEYCTL_CAPS0_INVALIDATE		0x20 /* KEYCTL_INVALIDATE supported */
+#define KEYCTL_CAPS0_RESTRICT_KEYRING	0x40 /* KEYCTL_RESTRICT_KEYRING supported */
+#define KEYCTL_CAPS0_MOVE		0x80 /* KEYCTL_MOVE supported */
+
+/*
  * syscall wrappers
  */
 extern key_serial_t add_key(const char *type,
@@ -234,6 +248,7 @@ extern long keyctl_move(key_serial_t id,
 			key_serial_t from_ringid,
 			key_serial_t to_ringid,
 			unsigned int flags);
+extern long keyctl_capabilities(unsigned char *buffer, size_t buflen);
 
 /*
  * utilities