]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* keyctl.c: userspace keyctl operations |
2 | * | |
3e30148c | 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/sched.h> | |
15 | #include <linux/slab.h> | |
16 | #include <linux/syscalls.h> | |
17 | #include <linux/keyctl.h> | |
18 | #include <linux/fs.h> | |
c59ede7b | 19 | #include <linux/capability.h> |
1da177e4 LT |
20 | #include <linux/err.h> |
21 | #include <asm/uaccess.h> | |
22 | #include "internal.h" | |
23 | ||
24 | /*****************************************************************************/ | |
25 | /* | |
26 | * extract the description of a new key from userspace and either add it as a | |
27 | * new key to the specified keyring or update a matching key in that keyring | |
28 | * - the keyring must be writable | |
29 | * - returns the new key's serial number | |
30 | * - implements add_key() | |
31 | */ | |
32 | asmlinkage long sys_add_key(const char __user *_type, | |
33 | const char __user *_description, | |
34 | const void __user *_payload, | |
35 | size_t plen, | |
36 | key_serial_t ringid) | |
37 | { | |
664cceb0 | 38 | key_ref_t keyring_ref, key_ref; |
1da177e4 LT |
39 | char type[32], *description; |
40 | void *payload; | |
41 | long dlen, ret; | |
42 | ||
43 | ret = -EINVAL; | |
44 | if (plen > 32767) | |
45 | goto error; | |
46 | ||
47 | /* draw all the data into kernel space */ | |
48 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | |
49 | if (ret < 0) | |
50 | goto error; | |
51 | type[31] = '\0'; | |
52 | ||
3e30148c DH |
53 | ret = -EPERM; |
54 | if (type[0] == '.') | |
55 | goto error; | |
56 | ||
1da177e4 LT |
57 | ret = -EFAULT; |
58 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | |
59 | if (dlen <= 0) | |
60 | goto error; | |
61 | ||
62 | ret = -EINVAL; | |
63 | if (dlen > PAGE_SIZE - 1) | |
64 | goto error; | |
65 | ||
66 | ret = -ENOMEM; | |
67 | description = kmalloc(dlen + 1, GFP_KERNEL); | |
68 | if (!description) | |
69 | goto error; | |
70 | ||
71 | ret = -EFAULT; | |
72 | if (copy_from_user(description, _description, dlen + 1) != 0) | |
73 | goto error2; | |
74 | ||
75 | /* pull the payload in if one was supplied */ | |
76 | payload = NULL; | |
77 | ||
78 | if (_payload) { | |
79 | ret = -ENOMEM; | |
80 | payload = kmalloc(plen, GFP_KERNEL); | |
81 | if (!payload) | |
82 | goto error2; | |
83 | ||
84 | ret = -EFAULT; | |
85 | if (copy_from_user(payload, _payload, plen) != 0) | |
86 | goto error3; | |
87 | } | |
88 | ||
89 | /* find the target keyring (which must be writable) */ | |
664cceb0 DH |
90 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); |
91 | if (IS_ERR(keyring_ref)) { | |
92 | ret = PTR_ERR(keyring_ref); | |
1da177e4 LT |
93 | goto error3; |
94 | } | |
95 | ||
96 | /* create or update the requested key and add it to the target | |
97 | * keyring */ | |
664cceb0 DH |
98 | key_ref = key_create_or_update(keyring_ref, type, description, |
99 | payload, plen, 0); | |
100 | if (!IS_ERR(key_ref)) { | |
101 | ret = key_ref_to_ptr(key_ref)->serial; | |
102 | key_ref_put(key_ref); | |
1da177e4 LT |
103 | } |
104 | else { | |
664cceb0 | 105 | ret = PTR_ERR(key_ref); |
1da177e4 LT |
106 | } |
107 | ||
664cceb0 | 108 | key_ref_put(keyring_ref); |
1da177e4 LT |
109 | error3: |
110 | kfree(payload); | |
111 | error2: | |
112 | kfree(description); | |
113 | error: | |
114 | return ret; | |
115 | ||
116 | } /* end sys_add_key() */ | |
117 | ||
118 | /*****************************************************************************/ | |
119 | /* | |
120 | * search the process keyrings for a matching key | |
121 | * - nested keyrings may also be searched if they have Search permission | |
122 | * - if a key is found, it will be attached to the destination keyring if | |
123 | * there's one specified | |
124 | * - /sbin/request-key will be invoked if _callout_info is non-NULL | |
125 | * - the _callout_info string will be passed to /sbin/request-key | |
126 | * - if the _callout_info string is empty, it will be rendered as "-" | |
127 | * - implements request_key() | |
128 | */ | |
129 | asmlinkage long sys_request_key(const char __user *_type, | |
130 | const char __user *_description, | |
131 | const char __user *_callout_info, | |
132 | key_serial_t destringid) | |
133 | { | |
134 | struct key_type *ktype; | |
664cceb0 DH |
135 | struct key *key; |
136 | key_ref_t dest_ref; | |
1da177e4 LT |
137 | char type[32], *description, *callout_info; |
138 | long dlen, ret; | |
139 | ||
140 | /* pull the type into kernel space */ | |
141 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | |
142 | if (ret < 0) | |
143 | goto error; | |
144 | type[31] = '\0'; | |
145 | ||
1260f801 DH |
146 | ret = -EPERM; |
147 | if (type[0] == '.') | |
148 | goto error; | |
149 | ||
1da177e4 LT |
150 | /* pull the description into kernel space */ |
151 | ret = -EFAULT; | |
152 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | |
153 | if (dlen <= 0) | |
154 | goto error; | |
155 | ||
156 | ret = -EINVAL; | |
157 | if (dlen > PAGE_SIZE - 1) | |
158 | goto error; | |
159 | ||
160 | ret = -ENOMEM; | |
161 | description = kmalloc(dlen + 1, GFP_KERNEL); | |
162 | if (!description) | |
163 | goto error; | |
164 | ||
165 | ret = -EFAULT; | |
166 | if (copy_from_user(description, _description, dlen + 1) != 0) | |
167 | goto error2; | |
168 | ||
169 | /* pull the callout info into kernel space */ | |
170 | callout_info = NULL; | |
171 | if (_callout_info) { | |
172 | ret = -EFAULT; | |
173 | dlen = strnlen_user(_callout_info, PAGE_SIZE - 1); | |
174 | if (dlen <= 0) | |
175 | goto error2; | |
176 | ||
177 | ret = -EINVAL; | |
178 | if (dlen > PAGE_SIZE - 1) | |
179 | goto error2; | |
180 | ||
181 | ret = -ENOMEM; | |
182 | callout_info = kmalloc(dlen + 1, GFP_KERNEL); | |
183 | if (!callout_info) | |
184 | goto error2; | |
185 | ||
186 | ret = -EFAULT; | |
187 | if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0) | |
188 | goto error3; | |
189 | } | |
190 | ||
191 | /* get the destination keyring if specified */ | |
664cceb0 | 192 | dest_ref = NULL; |
1da177e4 | 193 | if (destringid) { |
664cceb0 DH |
194 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); |
195 | if (IS_ERR(dest_ref)) { | |
196 | ret = PTR_ERR(dest_ref); | |
1da177e4 LT |
197 | goto error3; |
198 | } | |
199 | } | |
200 | ||
201 | /* find the key type */ | |
202 | ktype = key_type_lookup(type); | |
203 | if (IS_ERR(ktype)) { | |
204 | ret = PTR_ERR(ktype); | |
205 | goto error4; | |
206 | } | |
207 | ||
208 | /* do the search */ | |
664cceb0 DH |
209 | key = request_key_and_link(ktype, description, callout_info, |
210 | key_ref_to_ptr(dest_ref)); | |
1da177e4 LT |
211 | if (IS_ERR(key)) { |
212 | ret = PTR_ERR(key); | |
213 | goto error5; | |
214 | } | |
215 | ||
1da177e4 LT |
216 | ret = key->serial; |
217 | ||
3e30148c | 218 | key_put(key); |
1da177e4 LT |
219 | error5: |
220 | key_type_put(ktype); | |
221 | error4: | |
664cceb0 | 222 | key_ref_put(dest_ref); |
1da177e4 LT |
223 | error3: |
224 | kfree(callout_info); | |
225 | error2: | |
226 | kfree(description); | |
227 | error: | |
228 | return ret; | |
229 | ||
230 | } /* end sys_request_key() */ | |
231 | ||
232 | /*****************************************************************************/ | |
233 | /* | |
234 | * get the ID of the specified process keyring | |
235 | * - the keyring must have search permission to be found | |
236 | * - implements keyctl(KEYCTL_GET_KEYRING_ID) | |
237 | */ | |
238 | long keyctl_get_keyring_ID(key_serial_t id, int create) | |
239 | { | |
664cceb0 | 240 | key_ref_t key_ref; |
1da177e4 LT |
241 | long ret; |
242 | ||
664cceb0 DH |
243 | key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); |
244 | if (IS_ERR(key_ref)) { | |
245 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
246 | goto error; |
247 | } | |
248 | ||
664cceb0 DH |
249 | ret = key_ref_to_ptr(key_ref)->serial; |
250 | key_ref_put(key_ref); | |
1da177e4 LT |
251 | error: |
252 | return ret; | |
253 | ||
254 | } /* end keyctl_get_keyring_ID() */ | |
255 | ||
256 | /*****************************************************************************/ | |
257 | /* | |
258 | * join the session keyring | |
259 | * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) | |
260 | */ | |
261 | long keyctl_join_session_keyring(const char __user *_name) | |
262 | { | |
263 | char *name; | |
264 | long nlen, ret; | |
265 | ||
266 | /* fetch the name from userspace */ | |
267 | name = NULL; | |
268 | if (_name) { | |
269 | ret = -EFAULT; | |
270 | nlen = strnlen_user(_name, PAGE_SIZE - 1); | |
271 | if (nlen <= 0) | |
272 | goto error; | |
273 | ||
274 | ret = -EINVAL; | |
275 | if (nlen > PAGE_SIZE - 1) | |
276 | goto error; | |
277 | ||
278 | ret = -ENOMEM; | |
279 | name = kmalloc(nlen + 1, GFP_KERNEL); | |
280 | if (!name) | |
281 | goto error; | |
282 | ||
283 | ret = -EFAULT; | |
284 | if (copy_from_user(name, _name, nlen + 1) != 0) | |
285 | goto error2; | |
286 | } | |
287 | ||
288 | /* join the session */ | |
289 | ret = join_session_keyring(name); | |
290 | ||
291 | error2: | |
292 | kfree(name); | |
293 | error: | |
294 | return ret; | |
295 | ||
296 | } /* end keyctl_join_session_keyring() */ | |
297 | ||
298 | /*****************************************************************************/ | |
299 | /* | |
300 | * update a key's data payload | |
301 | * - the key must be writable | |
302 | * - implements keyctl(KEYCTL_UPDATE) | |
303 | */ | |
304 | long keyctl_update_key(key_serial_t id, | |
305 | const void __user *_payload, | |
306 | size_t plen) | |
307 | { | |
664cceb0 | 308 | key_ref_t key_ref; |
1da177e4 LT |
309 | void *payload; |
310 | long ret; | |
311 | ||
312 | ret = -EINVAL; | |
313 | if (plen > PAGE_SIZE) | |
314 | goto error; | |
315 | ||
316 | /* pull the payload in if one was supplied */ | |
317 | payload = NULL; | |
318 | if (_payload) { | |
319 | ret = -ENOMEM; | |
320 | payload = kmalloc(plen, GFP_KERNEL); | |
321 | if (!payload) | |
322 | goto error; | |
323 | ||
324 | ret = -EFAULT; | |
325 | if (copy_from_user(payload, _payload, plen) != 0) | |
326 | goto error2; | |
327 | } | |
328 | ||
329 | /* find the target key (which must be writable) */ | |
664cceb0 DH |
330 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); |
331 | if (IS_ERR(key_ref)) { | |
332 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
333 | goto error2; |
334 | } | |
335 | ||
336 | /* update the key */ | |
664cceb0 | 337 | ret = key_update(key_ref, payload, plen); |
1da177e4 | 338 | |
664cceb0 | 339 | key_ref_put(key_ref); |
1da177e4 LT |
340 | error2: |
341 | kfree(payload); | |
342 | error: | |
343 | return ret; | |
344 | ||
345 | } /* end keyctl_update_key() */ | |
346 | ||
347 | /*****************************************************************************/ | |
348 | /* | |
349 | * revoke a key | |
350 | * - the key must be writable | |
351 | * - implements keyctl(KEYCTL_REVOKE) | |
352 | */ | |
353 | long keyctl_revoke_key(key_serial_t id) | |
354 | { | |
664cceb0 | 355 | key_ref_t key_ref; |
1da177e4 LT |
356 | long ret; |
357 | ||
664cceb0 DH |
358 | key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); |
359 | if (IS_ERR(key_ref)) { | |
360 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
361 | goto error; |
362 | } | |
363 | ||
664cceb0 | 364 | key_revoke(key_ref_to_ptr(key_ref)); |
1da177e4 LT |
365 | ret = 0; |
366 | ||
664cceb0 | 367 | key_ref_put(key_ref); |
1da177e4 | 368 | error: |
1260f801 | 369 | return ret; |
1da177e4 LT |
370 | |
371 | } /* end keyctl_revoke_key() */ | |
372 | ||
373 | /*****************************************************************************/ | |
374 | /* | |
375 | * clear the specified process keyring | |
376 | * - the keyring must be writable | |
377 | * - implements keyctl(KEYCTL_CLEAR) | |
378 | */ | |
379 | long keyctl_keyring_clear(key_serial_t ringid) | |
380 | { | |
664cceb0 | 381 | key_ref_t keyring_ref; |
1da177e4 LT |
382 | long ret; |
383 | ||
664cceb0 DH |
384 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); |
385 | if (IS_ERR(keyring_ref)) { | |
386 | ret = PTR_ERR(keyring_ref); | |
1da177e4 LT |
387 | goto error; |
388 | } | |
389 | ||
664cceb0 | 390 | ret = keyring_clear(key_ref_to_ptr(keyring_ref)); |
1da177e4 | 391 | |
664cceb0 | 392 | key_ref_put(keyring_ref); |
1da177e4 LT |
393 | error: |
394 | return ret; | |
395 | ||
396 | } /* end keyctl_keyring_clear() */ | |
397 | ||
398 | /*****************************************************************************/ | |
399 | /* | |
400 | * link a key into a keyring | |
401 | * - the keyring must be writable | |
402 | * - the key must be linkable | |
403 | * - implements keyctl(KEYCTL_LINK) | |
404 | */ | |
405 | long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) | |
406 | { | |
664cceb0 | 407 | key_ref_t keyring_ref, key_ref; |
1da177e4 LT |
408 | long ret; |
409 | ||
664cceb0 DH |
410 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); |
411 | if (IS_ERR(keyring_ref)) { | |
412 | ret = PTR_ERR(keyring_ref); | |
1da177e4 LT |
413 | goto error; |
414 | } | |
415 | ||
664cceb0 DH |
416 | key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK); |
417 | if (IS_ERR(key_ref)) { | |
418 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
419 | goto error2; |
420 | } | |
421 | ||
664cceb0 | 422 | ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); |
1da177e4 | 423 | |
664cceb0 | 424 | key_ref_put(key_ref); |
1da177e4 | 425 | error2: |
664cceb0 | 426 | key_ref_put(keyring_ref); |
1da177e4 LT |
427 | error: |
428 | return ret; | |
429 | ||
430 | } /* end keyctl_keyring_link() */ | |
431 | ||
432 | /*****************************************************************************/ | |
433 | /* | |
434 | * unlink the first attachment of a key from a keyring | |
435 | * - the keyring must be writable | |
436 | * - we don't need any permissions on the key | |
437 | * - implements keyctl(KEYCTL_UNLINK) | |
438 | */ | |
439 | long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) | |
440 | { | |
664cceb0 | 441 | key_ref_t keyring_ref, key_ref; |
1da177e4 LT |
442 | long ret; |
443 | ||
664cceb0 DH |
444 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); |
445 | if (IS_ERR(keyring_ref)) { | |
446 | ret = PTR_ERR(keyring_ref); | |
1da177e4 LT |
447 | goto error; |
448 | } | |
449 | ||
664cceb0 DH |
450 | key_ref = lookup_user_key(NULL, id, 0, 0, 0); |
451 | if (IS_ERR(key_ref)) { | |
452 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
453 | goto error2; |
454 | } | |
455 | ||
664cceb0 | 456 | ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); |
1da177e4 | 457 | |
664cceb0 | 458 | key_ref_put(key_ref); |
1da177e4 | 459 | error2: |
664cceb0 | 460 | key_ref_put(keyring_ref); |
1da177e4 LT |
461 | error: |
462 | return ret; | |
463 | ||
464 | } /* end keyctl_keyring_unlink() */ | |
465 | ||
466 | /*****************************************************************************/ | |
467 | /* | |
468 | * describe a user key | |
469 | * - the key must have view permission | |
470 | * - if there's a buffer, we place up to buflen bytes of data into it | |
471 | * - unless there's an error, we return the amount of description available, | |
472 | * irrespective of how much we may have copied | |
473 | * - the description is formatted thus: | |
474 | * type;uid;gid;perm;description<NUL> | |
475 | * - implements keyctl(KEYCTL_DESCRIBE) | |
476 | */ | |
477 | long keyctl_describe_key(key_serial_t keyid, | |
478 | char __user *buffer, | |
479 | size_t buflen) | |
480 | { | |
3e30148c | 481 | struct key *key, *instkey; |
664cceb0 | 482 | key_ref_t key_ref; |
1da177e4 LT |
483 | char *tmpbuf; |
484 | long ret; | |
485 | ||
664cceb0 DH |
486 | key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); |
487 | if (IS_ERR(key_ref)) { | |
3e30148c DH |
488 | /* viewing a key under construction is permitted if we have the |
489 | * authorisation token handy */ | |
664cceb0 | 490 | if (PTR_ERR(key_ref) == -EACCES) { |
3e30148c DH |
491 | instkey = key_get_instantiation_authkey(keyid); |
492 | if (!IS_ERR(instkey)) { | |
493 | key_put(instkey); | |
664cceb0 DH |
494 | key_ref = lookup_user_key(NULL, keyid, |
495 | 0, 1, 0); | |
496 | if (!IS_ERR(key_ref)) | |
3e30148c DH |
497 | goto okay; |
498 | } | |
499 | } | |
500 | ||
664cceb0 | 501 | ret = PTR_ERR(key_ref); |
1da177e4 LT |
502 | goto error; |
503 | } | |
504 | ||
3e30148c | 505 | okay: |
1da177e4 LT |
506 | /* calculate how much description we're going to return */ |
507 | ret = -ENOMEM; | |
508 | tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); | |
509 | if (!tmpbuf) | |
510 | goto error2; | |
511 | ||
664cceb0 DH |
512 | key = key_ref_to_ptr(key_ref); |
513 | ||
1da177e4 | 514 | ret = snprintf(tmpbuf, PAGE_SIZE - 1, |
664cceb0 DH |
515 | "%s;%d;%d;%08x;%s", |
516 | key_ref_to_ptr(key_ref)->type->name, | |
517 | key_ref_to_ptr(key_ref)->uid, | |
518 | key_ref_to_ptr(key_ref)->gid, | |
519 | key_ref_to_ptr(key_ref)->perm, | |
520 | key_ref_to_ptr(key_ref)->description ? | |
521 | key_ref_to_ptr(key_ref)->description : "" | |
1da177e4 LT |
522 | ); |
523 | ||
524 | /* include a NUL char at the end of the data */ | |
525 | if (ret > PAGE_SIZE - 1) | |
526 | ret = PAGE_SIZE - 1; | |
527 | tmpbuf[ret] = 0; | |
528 | ret++; | |
529 | ||
530 | /* consider returning the data */ | |
531 | if (buffer && buflen > 0) { | |
532 | if (buflen > ret) | |
533 | buflen = ret; | |
534 | ||
535 | if (copy_to_user(buffer, tmpbuf, buflen) != 0) | |
536 | ret = -EFAULT; | |
537 | } | |
538 | ||
539 | kfree(tmpbuf); | |
540 | error2: | |
664cceb0 | 541 | key_ref_put(key_ref); |
1da177e4 LT |
542 | error: |
543 | return ret; | |
544 | ||
545 | } /* end keyctl_describe_key() */ | |
546 | ||
547 | /*****************************************************************************/ | |
548 | /* | |
549 | * search the specified keyring for a matching key | |
550 | * - the start keyring must be searchable | |
551 | * - nested keyrings may also be searched if they are searchable | |
552 | * - only keys with search permission may be found | |
553 | * - if a key is found, it will be attached to the destination keyring if | |
554 | * there's one specified | |
555 | * - implements keyctl(KEYCTL_SEARCH) | |
556 | */ | |
557 | long keyctl_keyring_search(key_serial_t ringid, | |
558 | const char __user *_type, | |
559 | const char __user *_description, | |
560 | key_serial_t destringid) | |
561 | { | |
562 | struct key_type *ktype; | |
664cceb0 | 563 | key_ref_t keyring_ref, key_ref, dest_ref; |
1da177e4 LT |
564 | char type[32], *description; |
565 | long dlen, ret; | |
566 | ||
567 | /* pull the type and description into kernel space */ | |
568 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | |
569 | if (ret < 0) | |
570 | goto error; | |
571 | type[31] = '\0'; | |
572 | ||
573 | ret = -EFAULT; | |
574 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | |
575 | if (dlen <= 0) | |
576 | goto error; | |
577 | ||
578 | ret = -EINVAL; | |
579 | if (dlen > PAGE_SIZE - 1) | |
580 | goto error; | |
581 | ||
582 | ret = -ENOMEM; | |
583 | description = kmalloc(dlen + 1, GFP_KERNEL); | |
584 | if (!description) | |
585 | goto error; | |
586 | ||
587 | ret = -EFAULT; | |
588 | if (copy_from_user(description, _description, dlen + 1) != 0) | |
589 | goto error2; | |
590 | ||
591 | /* get the keyring at which to begin the search */ | |
664cceb0 DH |
592 | keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); |
593 | if (IS_ERR(keyring_ref)) { | |
594 | ret = PTR_ERR(keyring_ref); | |
1da177e4 LT |
595 | goto error2; |
596 | } | |
597 | ||
598 | /* get the destination keyring if specified */ | |
664cceb0 | 599 | dest_ref = NULL; |
1da177e4 | 600 | if (destringid) { |
664cceb0 DH |
601 | dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); |
602 | if (IS_ERR(dest_ref)) { | |
603 | ret = PTR_ERR(dest_ref); | |
1da177e4 LT |
604 | goto error3; |
605 | } | |
606 | } | |
607 | ||
608 | /* find the key type */ | |
609 | ktype = key_type_lookup(type); | |
610 | if (IS_ERR(ktype)) { | |
611 | ret = PTR_ERR(ktype); | |
612 | goto error4; | |
613 | } | |
614 | ||
615 | /* do the search */ | |
664cceb0 DH |
616 | key_ref = keyring_search(keyring_ref, ktype, description); |
617 | if (IS_ERR(key_ref)) { | |
618 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
619 | |
620 | /* treat lack or presence of a negative key the same */ | |
621 | if (ret == -EAGAIN) | |
622 | ret = -ENOKEY; | |
623 | goto error5; | |
624 | } | |
625 | ||
626 | /* link the resulting key to the destination keyring if we can */ | |
664cceb0 | 627 | if (dest_ref) { |
29db9190 DH |
628 | ret = key_permission(key_ref, KEY_LINK); |
629 | if (ret < 0) | |
1da177e4 LT |
630 | goto error6; |
631 | ||
664cceb0 | 632 | ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); |
1da177e4 LT |
633 | if (ret < 0) |
634 | goto error6; | |
635 | } | |
636 | ||
664cceb0 | 637 | ret = key_ref_to_ptr(key_ref)->serial; |
1da177e4 LT |
638 | |
639 | error6: | |
664cceb0 | 640 | key_ref_put(key_ref); |
1da177e4 LT |
641 | error5: |
642 | key_type_put(ktype); | |
643 | error4: | |
664cceb0 | 644 | key_ref_put(dest_ref); |
1da177e4 | 645 | error3: |
664cceb0 | 646 | key_ref_put(keyring_ref); |
1da177e4 LT |
647 | error2: |
648 | kfree(description); | |
649 | error: | |
650 | return ret; | |
651 | ||
652 | } /* end keyctl_keyring_search() */ | |
653 | ||
1da177e4 LT |
654 | /*****************************************************************************/ |
655 | /* | |
656 | * read a user key's payload | |
657 | * - the keyring must be readable or the key must be searchable from the | |
658 | * process's keyrings | |
659 | * - if there's a buffer, we place up to buflen bytes of data into it | |
660 | * - unless there's an error, we return the amount of data in the key, | |
661 | * irrespective of how much we may have copied | |
662 | * - implements keyctl(KEYCTL_READ) | |
663 | */ | |
664 | long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) | |
665 | { | |
664cceb0 DH |
666 | struct key *key; |
667 | key_ref_t key_ref; | |
1da177e4 LT |
668 | long ret; |
669 | ||
670 | /* find the key first */ | |
664cceb0 DH |
671 | key_ref = lookup_user_key(NULL, keyid, 0, 0, 0); |
672 | if (IS_ERR(key_ref)) { | |
673 | ret = -ENOKEY; | |
674 | goto error; | |
1da177e4 LT |
675 | } |
676 | ||
664cceb0 DH |
677 | key = key_ref_to_ptr(key_ref); |
678 | ||
679 | /* see if we can read it directly */ | |
29db9190 DH |
680 | ret = key_permission(key_ref, KEY_READ); |
681 | if (ret == 0) | |
664cceb0 | 682 | goto can_read_key; |
29db9190 DH |
683 | if (ret != -EACCES) |
684 | goto error; | |
664cceb0 DH |
685 | |
686 | /* we can't; see if it's searchable from this process's keyrings | |
687 | * - we automatically take account of the fact that it may be | |
688 | * dangling off an instantiation key | |
689 | */ | |
690 | if (!is_key_possessed(key_ref)) { | |
691 | ret = -EACCES; | |
692 | goto error2; | |
693 | } | |
1da177e4 LT |
694 | |
695 | /* the key is probably readable - now try to read it */ | |
1da177e4 LT |
696 | can_read_key: |
697 | ret = key_validate(key); | |
698 | if (ret == 0) { | |
699 | ret = -EOPNOTSUPP; | |
700 | if (key->type->read) { | |
701 | /* read the data with the semaphore held (since we | |
702 | * might sleep) */ | |
703 | down_read(&key->sem); | |
704 | ret = key->type->read(key, buffer, buflen); | |
705 | up_read(&key->sem); | |
706 | } | |
707 | } | |
708 | ||
709 | error2: | |
710 | key_put(key); | |
711 | error: | |
712 | return ret; | |
713 | ||
714 | } /* end keyctl_read_key() */ | |
715 | ||
716 | /*****************************************************************************/ | |
717 | /* | |
718 | * change the ownership of a key | |
719 | * - the keyring owned by the changer | |
720 | * - if the uid or gid is -1, then that parameter is not changed | |
721 | * - implements keyctl(KEYCTL_CHOWN) | |
722 | */ | |
723 | long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) | |
724 | { | |
725 | struct key *key; | |
664cceb0 | 726 | key_ref_t key_ref; |
1da177e4 LT |
727 | long ret; |
728 | ||
729 | ret = 0; | |
730 | if (uid == (uid_t) -1 && gid == (gid_t) -1) | |
731 | goto error; | |
732 | ||
29db9190 | 733 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); |
664cceb0 DH |
734 | if (IS_ERR(key_ref)) { |
735 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
736 | goto error; |
737 | } | |
738 | ||
664cceb0 DH |
739 | key = key_ref_to_ptr(key_ref); |
740 | ||
1da177e4 LT |
741 | /* make the changes with the locks held to prevent chown/chown races */ |
742 | ret = -EACCES; | |
743 | down_write(&key->sem); | |
1da177e4 LT |
744 | |
745 | if (!capable(CAP_SYS_ADMIN)) { | |
746 | /* only the sysadmin can chown a key to some other UID */ | |
747 | if (uid != (uid_t) -1 && key->uid != uid) | |
748 | goto no_access; | |
749 | ||
750 | /* only the sysadmin can set the key's GID to a group other | |
751 | * than one of those that the current process subscribes to */ | |
752 | if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) | |
753 | goto no_access; | |
754 | } | |
755 | ||
756 | /* change the UID (have to update the quotas) */ | |
757 | if (uid != (uid_t) -1 && uid != key->uid) { | |
758 | /* don't support UID changing yet */ | |
759 | ret = -EOPNOTSUPP; | |
760 | goto no_access; | |
761 | } | |
762 | ||
763 | /* change the GID */ | |
764 | if (gid != (gid_t) -1) | |
765 | key->gid = gid; | |
766 | ||
767 | ret = 0; | |
768 | ||
769 | no_access: | |
1da177e4 LT |
770 | up_write(&key->sem); |
771 | key_put(key); | |
772 | error: | |
773 | return ret; | |
774 | ||
775 | } /* end keyctl_chown_key() */ | |
776 | ||
777 | /*****************************************************************************/ | |
778 | /* | |
779 | * change the permission mask on a key | |
780 | * - the keyring owned by the changer | |
781 | * - implements keyctl(KEYCTL_SETPERM) | |
782 | */ | |
783 | long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |
784 | { | |
785 | struct key *key; | |
664cceb0 | 786 | key_ref_t key_ref; |
1da177e4 LT |
787 | long ret; |
788 | ||
789 | ret = -EINVAL; | |
664cceb0 | 790 | if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) |
1da177e4 LT |
791 | goto error; |
792 | ||
29db9190 | 793 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); |
664cceb0 DH |
794 | if (IS_ERR(key_ref)) { |
795 | ret = PTR_ERR(key_ref); | |
1da177e4 LT |
796 | goto error; |
797 | } | |
798 | ||
664cceb0 DH |
799 | key = key_ref_to_ptr(key_ref); |
800 | ||
76d8aeab | 801 | /* make the changes with the locks held to prevent chown/chmod races */ |
1da177e4 LT |
802 | ret = -EACCES; |
803 | down_write(&key->sem); | |
1da177e4 | 804 | |
76d8aeab DH |
805 | /* if we're not the sysadmin, we can only change a key that we own */ |
806 | if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { | |
807 | key->perm = perm; | |
808 | ret = 0; | |
809 | } | |
1da177e4 | 810 | |
1da177e4 LT |
811 | up_write(&key->sem); |
812 | key_put(key); | |
76d8aeab | 813 | error: |
1da177e4 LT |
814 | return ret; |
815 | ||
816 | } /* end keyctl_setperm_key() */ | |
817 | ||
818 | /*****************************************************************************/ | |
819 | /* | |
820 | * instantiate the key with the specified payload, and, if one is given, link | |
821 | * the key into the keyring | |
822 | */ | |
823 | long keyctl_instantiate_key(key_serial_t id, | |
824 | const void __user *_payload, | |
825 | size_t plen, | |
826 | key_serial_t ringid) | |
827 | { | |
3e30148c | 828 | struct request_key_auth *rka; |
664cceb0 DH |
829 | struct key *instkey; |
830 | key_ref_t keyring_ref; | |
1da177e4 LT |
831 | void *payload; |
832 | long ret; | |
833 | ||
834 | ret = -EINVAL; | |
835 | if (plen > 32767) | |
836 | goto error; | |
837 | ||
b5f545c8 DH |
838 | /* the appropriate instantiation authorisation key must have been |
839 | * assumed before calling this */ | |
840 | ret = -EPERM; | |
841 | instkey = current->request_key_auth; | |
842 | if (!instkey) | |
843 | goto error; | |
844 | ||
845 | rka = instkey->payload.data; | |
846 | if (rka->target_key->serial != id) | |
847 | goto error; | |
848 | ||
1da177e4 LT |
849 | /* pull the payload in if one was supplied */ |
850 | payload = NULL; | |
851 | ||
852 | if (_payload) { | |
853 | ret = -ENOMEM; | |
854 | payload = kmalloc(plen, GFP_KERNEL); | |
855 | if (!payload) | |
856 | goto error; | |
857 | ||
858 | ret = -EFAULT; | |
859 | if (copy_from_user(payload, _payload, plen) != 0) | |
860 | goto error2; | |
861 | } | |
862 | ||
3e30148c DH |
863 | /* find the destination keyring amongst those belonging to the |
864 | * requesting task */ | |
664cceb0 | 865 | keyring_ref = NULL; |
1da177e4 | 866 | if (ringid) { |
664cceb0 DH |
867 | keyring_ref = lookup_user_key(rka->context, ringid, 1, 0, |
868 | KEY_WRITE); | |
869 | if (IS_ERR(keyring_ref)) { | |
870 | ret = PTR_ERR(keyring_ref); | |
b5f545c8 | 871 | goto error2; |
1da177e4 LT |
872 | } |
873 | } | |
874 | ||
875 | /* instantiate the key and link it into a keyring */ | |
3e30148c | 876 | ret = key_instantiate_and_link(rka->target_key, payload, plen, |
664cceb0 | 877 | key_ref_to_ptr(keyring_ref), instkey); |
1da177e4 | 878 | |
664cceb0 | 879 | key_ref_put(keyring_ref); |
b5f545c8 DH |
880 | |
881 | /* discard the assumed authority if it's just been disabled by | |
882 | * instantiation of the key */ | |
883 | if (ret == 0) { | |
884 | key_put(current->request_key_auth); | |
885 | current->request_key_auth = NULL; | |
886 | } | |
887 | ||
888 | error2: | |
1da177e4 | 889 | kfree(payload); |
b5f545c8 | 890 | error: |
1da177e4 LT |
891 | return ret; |
892 | ||
893 | } /* end keyctl_instantiate_key() */ | |
894 | ||
895 | /*****************************************************************************/ | |
896 | /* | |
897 | * negatively instantiate the key with the given timeout (in seconds), and, if | |
898 | * one is given, link the key into the keyring | |
899 | */ | |
900 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |
901 | { | |
3e30148c | 902 | struct request_key_auth *rka; |
664cceb0 DH |
903 | struct key *instkey; |
904 | key_ref_t keyring_ref; | |
1da177e4 LT |
905 | long ret; |
906 | ||
b5f545c8 DH |
907 | /* the appropriate instantiation authorisation key must have been |
908 | * assumed before calling this */ | |
909 | ret = -EPERM; | |
910 | instkey = current->request_key_auth; | |
911 | if (!instkey) | |
1da177e4 | 912 | goto error; |
1da177e4 | 913 | |
3e30148c | 914 | rka = instkey->payload.data; |
b5f545c8 DH |
915 | if (rka->target_key->serial != id) |
916 | goto error; | |
3e30148c | 917 | |
1da177e4 LT |
918 | /* find the destination keyring if present (which must also be |
919 | * writable) */ | |
664cceb0 | 920 | keyring_ref = NULL; |
1da177e4 | 921 | if (ringid) { |
664cceb0 DH |
922 | keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); |
923 | if (IS_ERR(keyring_ref)) { | |
924 | ret = PTR_ERR(keyring_ref); | |
b5f545c8 | 925 | goto error; |
1da177e4 LT |
926 | } |
927 | } | |
928 | ||
929 | /* instantiate the key and link it into a keyring */ | |
664cceb0 DH |
930 | ret = key_negate_and_link(rka->target_key, timeout, |
931 | key_ref_to_ptr(keyring_ref), instkey); | |
1da177e4 | 932 | |
664cceb0 | 933 | key_ref_put(keyring_ref); |
b5f545c8 DH |
934 | |
935 | /* discard the assumed authority if it's just been disabled by | |
936 | * instantiation of the key */ | |
937 | if (ret == 0) { | |
938 | key_put(current->request_key_auth); | |
939 | current->request_key_auth = NULL; | |
940 | } | |
941 | ||
942 | error: | |
1da177e4 LT |
943 | return ret; |
944 | ||
945 | } /* end keyctl_negate_key() */ | |
946 | ||
3e30148c DH |
947 | /*****************************************************************************/ |
948 | /* | |
949 | * set the default keyring in which request_key() will cache keys | |
950 | * - return the old setting | |
951 | */ | |
952 | long keyctl_set_reqkey_keyring(int reqkey_defl) | |
953 | { | |
954 | int ret; | |
955 | ||
956 | switch (reqkey_defl) { | |
957 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | |
958 | ret = install_thread_keyring(current); | |
959 | if (ret < 0) | |
960 | return ret; | |
961 | goto set; | |
962 | ||
963 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
964 | ret = install_process_keyring(current); | |
965 | if (ret < 0) | |
966 | return ret; | |
967 | ||
968 | case KEY_REQKEY_DEFL_DEFAULT: | |
969 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
970 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
971 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
972 | set: | |
973 | current->jit_keyring = reqkey_defl; | |
974 | ||
975 | case KEY_REQKEY_DEFL_NO_CHANGE: | |
976 | return current->jit_keyring; | |
977 | ||
978 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
979 | default: | |
980 | return -EINVAL; | |
981 | } | |
982 | ||
983 | } /* end keyctl_set_reqkey_keyring() */ | |
984 | ||
017679c4 DH |
985 | /*****************************************************************************/ |
986 | /* | |
987 | * set or clear the timeout for a key | |
988 | */ | |
989 | long keyctl_set_timeout(key_serial_t id, unsigned timeout) | |
990 | { | |
991 | struct timespec now; | |
992 | struct key *key; | |
993 | key_ref_t key_ref; | |
994 | time_t expiry; | |
995 | long ret; | |
996 | ||
997 | key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR); | |
998 | if (IS_ERR(key_ref)) { | |
999 | ret = PTR_ERR(key_ref); | |
1000 | goto error; | |
1001 | } | |
1002 | ||
1003 | key = key_ref_to_ptr(key_ref); | |
1004 | ||
1005 | /* make the changes with the locks held to prevent races */ | |
1006 | down_write(&key->sem); | |
1007 | ||
1008 | expiry = 0; | |
1009 | if (timeout > 0) { | |
1010 | now = current_kernel_time(); | |
1011 | expiry = now.tv_sec + timeout; | |
1012 | } | |
1013 | ||
1014 | key->expiry = expiry; | |
1015 | ||
1016 | up_write(&key->sem); | |
1017 | key_put(key); | |
1018 | ||
1019 | ret = 0; | |
1020 | error: | |
1021 | return ret; | |
1022 | ||
1023 | } /* end keyctl_set_timeout() */ | |
1024 | ||
b5f545c8 DH |
1025 | /*****************************************************************************/ |
1026 | /* | |
1027 | * assume the authority to instantiate the specified key | |
1028 | */ | |
1029 | long keyctl_assume_authority(key_serial_t id) | |
1030 | { | |
1031 | struct key *authkey; | |
1032 | long ret; | |
1033 | ||
1034 | /* special key IDs aren't permitted */ | |
1035 | ret = -EINVAL; | |
1036 | if (id < 0) | |
1037 | goto error; | |
1038 | ||
1039 | /* we divest ourselves of authority if given an ID of 0 */ | |
1040 | if (id == 0) { | |
1041 | key_put(current->request_key_auth); | |
1042 | current->request_key_auth = NULL; | |
1043 | ret = 0; | |
1044 | goto error; | |
1045 | } | |
1046 | ||
1047 | /* attempt to assume the authority temporarily granted to us whilst we | |
1048 | * instantiate the specified key | |
1049 | * - the authorisation key must be in the current task's keyrings | |
1050 | * somewhere | |
1051 | */ | |
1052 | authkey = key_get_instantiation_authkey(id); | |
1053 | if (IS_ERR(authkey)) { | |
1054 | ret = PTR_ERR(authkey); | |
1055 | goto error; | |
1056 | } | |
1057 | ||
1058 | key_put(current->request_key_auth); | |
1059 | current->request_key_auth = authkey; | |
1060 | ret = authkey->serial; | |
1061 | ||
1062 | error: | |
1063 | return ret; | |
1064 | ||
1065 | } /* end keyctl_assume_authority() */ | |
1066 | ||
1da177e4 LT |
1067 | /*****************************************************************************/ |
1068 | /* | |
1069 | * the key control system call | |
1070 | */ | |
1071 | asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, | |
1072 | unsigned long arg4, unsigned long arg5) | |
1073 | { | |
1074 | switch (option) { | |
1075 | case KEYCTL_GET_KEYRING_ID: | |
1076 | return keyctl_get_keyring_ID((key_serial_t) arg2, | |
1077 | (int) arg3); | |
1078 | ||
1079 | case KEYCTL_JOIN_SESSION_KEYRING: | |
1080 | return keyctl_join_session_keyring((const char __user *) arg2); | |
1081 | ||
1082 | case KEYCTL_UPDATE: | |
1083 | return keyctl_update_key((key_serial_t) arg2, | |
1084 | (const void __user *) arg3, | |
1085 | (size_t) arg4); | |
1086 | ||
1087 | case KEYCTL_REVOKE: | |
1088 | return keyctl_revoke_key((key_serial_t) arg2); | |
1089 | ||
1090 | case KEYCTL_DESCRIBE: | |
1091 | return keyctl_describe_key((key_serial_t) arg2, | |
1092 | (char __user *) arg3, | |
1093 | (unsigned) arg4); | |
1094 | ||
1095 | case KEYCTL_CLEAR: | |
1096 | return keyctl_keyring_clear((key_serial_t) arg2); | |
1097 | ||
1098 | case KEYCTL_LINK: | |
1099 | return keyctl_keyring_link((key_serial_t) arg2, | |
1100 | (key_serial_t) arg3); | |
1101 | ||
1102 | case KEYCTL_UNLINK: | |
1103 | return keyctl_keyring_unlink((key_serial_t) arg2, | |
1104 | (key_serial_t) arg3); | |
1105 | ||
1106 | case KEYCTL_SEARCH: | |
1107 | return keyctl_keyring_search((key_serial_t) arg2, | |
1108 | (const char __user *) arg3, | |
1109 | (const char __user *) arg4, | |
1110 | (key_serial_t) arg5); | |
1111 | ||
1112 | case KEYCTL_READ: | |
1113 | return keyctl_read_key((key_serial_t) arg2, | |
1114 | (char __user *) arg3, | |
1115 | (size_t) arg4); | |
1116 | ||
1117 | case KEYCTL_CHOWN: | |
1118 | return keyctl_chown_key((key_serial_t) arg2, | |
1119 | (uid_t) arg3, | |
1120 | (gid_t) arg4); | |
1121 | ||
1122 | case KEYCTL_SETPERM: | |
1123 | return keyctl_setperm_key((key_serial_t) arg2, | |
1124 | (key_perm_t) arg3); | |
1125 | ||
1126 | case KEYCTL_INSTANTIATE: | |
1127 | return keyctl_instantiate_key((key_serial_t) arg2, | |
1128 | (const void __user *) arg3, | |
1129 | (size_t) arg4, | |
1130 | (key_serial_t) arg5); | |
1131 | ||
1132 | case KEYCTL_NEGATE: | |
1133 | return keyctl_negate_key((key_serial_t) arg2, | |
1134 | (unsigned) arg3, | |
1135 | (key_serial_t) arg4); | |
1136 | ||
3e30148c DH |
1137 | case KEYCTL_SET_REQKEY_KEYRING: |
1138 | return keyctl_set_reqkey_keyring(arg2); | |
1139 | ||
017679c4 DH |
1140 | case KEYCTL_SET_TIMEOUT: |
1141 | return keyctl_set_timeout((key_serial_t) arg2, | |
1142 | (unsigned) arg3); | |
1143 | ||
b5f545c8 DH |
1144 | case KEYCTL_ASSUME_AUTHORITY: |
1145 | return keyctl_assume_authority((key_serial_t) arg2); | |
1146 | ||
1da177e4 LT |
1147 | default: |
1148 | return -EOPNOTSUPP; | |
1149 | } | |
1150 | ||
1151 | } /* end sys_keyctl() */ |