projects / linux-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
keys: switch to proc_create()
[linux-block.git] / security / keys / keyctl.c
CommitLineData
1da177e4
LT		 1/* keyctl.c: userspace keyctl operations
2 *
3e30148c 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
1da177e4
LT		 4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/syscalls.h>
17#include <linux/keyctl.h>
18#include <linux/fs.h>
c59ede7b 19#include <linux/capability.h>
0cb409d9 20#include <linux/string.h>
1da177e4 21#include <linux/err.h>
38bbca6b 22#include <linux/vmalloc.h>
70a5bb72 23#include <linux/security.h>
1da177e4
LT		 24#include <asm/uaccess.h>
25#include "internal.h"
26
0cb409d9
DA		 27static int key_get_type_from_user(char *type,
28 const char __user *_type,
29 unsigned len)
30{
31 int ret;
32
33 ret = strncpy_from_user(type, _type, len);
34
35 if (ret < 0)
36 return -EFAULT;
37
38 if (ret == 0 || ret >= len)
39 return -EINVAL;
40
41 if (type[0] == '.')
42 return -EPERM;
43
44 type[len - 1] = '\0';
45
46 return 0;
47}
48
1da177e4
LT		 49/*****************************************************************************/
50/*
51 * extract the description of a new key from userspace and either add it as a
52 * new key to the specified keyring or update a matching key in that keyring
53 * - the keyring must be writable
54 * - returns the new key's serial number
55 * - implements add_key()
56 */
57asmlinkage long sys_add_key(const char __user *_type,
58 const char __user *_description,
59 const void __user *_payload,
60 size_t plen,
61 key_serial_t ringid)
62{
664cceb0 63 key_ref_t keyring_ref, key_ref;
1da177e4
LT		 64 char type[32], *description;
65 void *payload;
0cb409d9 66 long ret;
38bbca6b 67 bool vm;
1da177e4
LT		 68
69 ret = -EINVAL;
38bbca6b 70 if (plen > 1024 * 1024 - 1)
1da177e4
LT		 71 goto error;
72
73 /* draw all the data into kernel space */
0cb409d9 74 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 75 if (ret < 0)
76 goto error;
1da177e4 77
0cb409d9
DA		 78 description = strndup_user(_description, PAGE_SIZE);
79 if (IS_ERR(description)) {
80 ret = PTR_ERR(description);
1da177e4 81 goto error;
0cb409d9 82 }
1da177e4
LT		 83
84 /* pull the payload in if one was supplied */
85 payload = NULL;
86
38bbca6b 87 vm = false;
1da177e4
LT		 88 if (_payload) {
89 ret = -ENOMEM;
90 payload = kmalloc(plen, GFP_KERNEL);
38bbca6b
DH		 91 if (!payload) {
92 if (plen <= PAGE_SIZE)
93 goto error2;
94 vm = true;
95 payload = vmalloc(plen);
96 if (!payload)
97 goto error2;
98 }
1da177e4
LT		 99
100 ret = -EFAULT;
101 if (copy_from_user(payload, _payload, plen) != 0)
102 goto error3;
103 }
104
105 /* find the target keyring (which must be writable) */
664cceb0
DH		 106 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
107 if (IS_ERR(keyring_ref)) {
108 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 109 goto error3;
110 }
111
112 /* create or update the requested key and add it to the target
113 * keyring */
664cceb0 114 key_ref = key_create_or_update(keyring_ref, type, description,
7e047ef5 115 payload, plen, KEY_ALLOC_IN_QUOTA);
664cceb0
DH		 116 if (!IS_ERR(key_ref)) {
117 ret = key_ref_to_ptr(key_ref)->serial;
118 key_ref_put(key_ref);
1da177e4
LT		 119 }
120 else {
664cceb0 121 ret = PTR_ERR(key_ref);
1da177e4
LT		 122 }
123
664cceb0 124 key_ref_put(keyring_ref);
1da177e4 125 error3:
38bbca6b
DH		 126 if (!vm)
127 kfree(payload);
128 else
129 vfree(payload);
1da177e4
LT		 130 error2:
131 kfree(description);
132 error:
133 return ret;
134
135} /* end sys_add_key() */
136
137/*****************************************************************************/
138/*
139 * search the process keyrings for a matching key
140 * - nested keyrings may also be searched if they have Search permission
141 * - if a key is found, it will be attached to the destination keyring if
142 * there's one specified
143 * - /sbin/request-key will be invoked if _callout_info is non-NULL
144 * - the _callout_info string will be passed to /sbin/request-key
145 * - if the _callout_info string is empty, it will be rendered as "-"
146 * - implements request_key()
147 */
148asmlinkage long sys_request_key(const char __user *_type,
149 const char __user *_description,
150 const char __user *_callout_info,
151 key_serial_t destringid)
152{
153 struct key_type *ktype;
664cceb0
DH		 154 struct key *key;
155 key_ref_t dest_ref;
4a38e122 156 size_t callout_len;
1da177e4 157 char type[32], *description, *callout_info;
0cb409d9 158 long ret;
1da177e4
LT		 159
160 /* pull the type into kernel space */
0cb409d9 161 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 162 if (ret < 0)
163 goto error;
1260f801 164
1da177e4 165 /* pull the description into kernel space */
0cb409d9
DA		 166 description = strndup_user(_description, PAGE_SIZE);
167 if (IS_ERR(description)) {
168 ret = PTR_ERR(description);
1da177e4 169 goto error;
0cb409d9 170 }
1da177e4
LT		 171
172 /* pull the callout info into kernel space */
173 callout_info = NULL;
4a38e122 174 callout_len = 0;
1da177e4 175 if (_callout_info) {
0cb409d9
DA		 176 callout_info = strndup_user(_callout_info, PAGE_SIZE);
177 if (IS_ERR(callout_info)) {
178 ret = PTR_ERR(callout_info);
1da177e4 179 goto error2;
0cb409d9 180 }
4a38e122 181 callout_len = strlen(callout_info);
1da177e4
LT		 182 }
183
184 /* get the destination keyring if specified */
664cceb0 185 dest_ref = NULL;
1da177e4 186 if (destringid) {
664cceb0
DH		 187 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
188 if (IS_ERR(dest_ref)) {
189 ret = PTR_ERR(dest_ref);
1da177e4
LT		 190 goto error3;
191 }
192 }
193
194 /* find the key type */
195 ktype = key_type_lookup(type);
196 if (IS_ERR(ktype)) {
197 ret = PTR_ERR(ktype);
198 goto error4;
199 }
200
201 /* do the search */
4a38e122
DH		 202 key = request_key_and_link(ktype, description, callout_info,
203 callout_len, NULL, key_ref_to_ptr(dest_ref),
7e047ef5 204 KEY_ALLOC_IN_QUOTA);
1da177e4
LT		 205 if (IS_ERR(key)) {
206 ret = PTR_ERR(key);
207 goto error5;
208 }
209
1da177e4
LT		 210 ret = key->serial;
211
3e30148c 212 key_put(key);
1da177e4
LT		 213 error5:
214 key_type_put(ktype);
215 error4:
664cceb0 216 key_ref_put(dest_ref);
1da177e4
LT		 217 error3:
218 kfree(callout_info);
219 error2:
220 kfree(description);
221 error:
222 return ret;
223
224} /* end sys_request_key() */
225
226/*****************************************************************************/
227/*
228 * get the ID of the specified process keyring
229 * - the keyring must have search permission to be found
230 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
231 */
232long keyctl_get_keyring_ID(key_serial_t id, int create)
233{
664cceb0 234 key_ref_t key_ref;
1da177e4
LT		 235 long ret;
236
664cceb0
DH		 237 key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
238 if (IS_ERR(key_ref)) {
239 ret = PTR_ERR(key_ref);
1da177e4
LT		 240 goto error;
241 }
242
664cceb0
DH		 243 ret = key_ref_to_ptr(key_ref)->serial;
244 key_ref_put(key_ref);
1da177e4
LT		 245 error:
246 return ret;
247
248} /* end keyctl_get_keyring_ID() */
249
250/*****************************************************************************/
251/*
252 * join the session keyring
253 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
254 */
255long keyctl_join_session_keyring(const char __user *_name)
256{
257 char *name;
0cb409d9 258 long ret;
1da177e4
LT		 259
260 /* fetch the name from userspace */
261 name = NULL;
262 if (_name) {
0cb409d9
DA		 263 name = strndup_user(_name, PAGE_SIZE);
264 if (IS_ERR(name)) {
265 ret = PTR_ERR(name);
1da177e4 266 goto error;
0cb409d9 267 }
1da177e4
LT		 268 }
269
270 /* join the session */
271 ret = join_session_keyring(name);
272
1da177e4
LT		 273 error:
274 return ret;
275
276} /* end keyctl_join_session_keyring() */
277
278/*****************************************************************************/
279/*
280 * update a key's data payload
281 * - the key must be writable
282 * - implements keyctl(KEYCTL_UPDATE)
283 */
284long keyctl_update_key(key_serial_t id,
285 const void __user *_payload,
286 size_t plen)
287{
664cceb0 288 key_ref_t key_ref;
1da177e4
LT		 289 void *payload;
290 long ret;
291
292 ret = -EINVAL;
293 if (plen > PAGE_SIZE)
294 goto error;
295
296 /* pull the payload in if one was supplied */
297 payload = NULL;
298 if (_payload) {
299 ret = -ENOMEM;
300 payload = kmalloc(plen, GFP_KERNEL);
301 if (!payload)
302 goto error;
303
304 ret = -EFAULT;
305 if (copy_from_user(payload, _payload, plen) != 0)
306 goto error2;
307 }
308
309 /* find the target key (which must be writable) */
664cceb0
DH		 310 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
311 if (IS_ERR(key_ref)) {
312 ret = PTR_ERR(key_ref);
1da177e4
LT		 313 goto error2;
314 }
315
316 /* update the key */
664cceb0 317 ret = key_update(key_ref, payload, plen);
1da177e4 318
664cceb0 319 key_ref_put(key_ref);
1da177e4
LT		 320 error2:
321 kfree(payload);
322 error:
323 return ret;
324
325} /* end keyctl_update_key() */
326
327/*****************************************************************************/
328/*
329 * revoke a key
330 * - the key must be writable
331 * - implements keyctl(KEYCTL_REVOKE)
332 */
333long keyctl_revoke_key(key_serial_t id)
334{
664cceb0 335 key_ref_t key_ref;
1da177e4
LT		 336 long ret;
337
664cceb0
DH		 338 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
339 if (IS_ERR(key_ref)) {
340 ret = PTR_ERR(key_ref);
1da177e4
LT		 341 goto error;
342 }
343
664cceb0 344 key_revoke(key_ref_to_ptr(key_ref));
1da177e4
LT		 345 ret = 0;
346
664cceb0 347 key_ref_put(key_ref);
1da177e4 348 error:
1260f801 349 return ret;
1da177e4
LT		 350
351} /* end keyctl_revoke_key() */
352
353/*****************************************************************************/
354/*
355 * clear the specified process keyring
356 * - the keyring must be writable
357 * - implements keyctl(KEYCTL_CLEAR)
358 */
359long keyctl_keyring_clear(key_serial_t ringid)
360{
664cceb0 361 key_ref_t keyring_ref;
1da177e4
LT		 362 long ret;
363
664cceb0
DH		 364 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
365 if (IS_ERR(keyring_ref)) {
366 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 367 goto error;
368 }
369
664cceb0 370 ret = keyring_clear(key_ref_to_ptr(keyring_ref));
1da177e4 371
664cceb0 372 key_ref_put(keyring_ref);
1da177e4
LT		 373 error:
374 return ret;
375
376} /* end keyctl_keyring_clear() */
377
378/*****************************************************************************/
379/*
380 * link a key into a keyring
381 * - the keyring must be writable
382 * - the key must be linkable
383 * - implements keyctl(KEYCTL_LINK)
384 */
385long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
386{
664cceb0 387 key_ref_t keyring_ref, key_ref;
1da177e4
LT		 388 long ret;
389
664cceb0
DH		 390 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
391 if (IS_ERR(keyring_ref)) {
392 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 393 goto error;
394 }
395
664cceb0
DH		 396 key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
397 if (IS_ERR(key_ref)) {
398 ret = PTR_ERR(key_ref);
1da177e4
LT		 399 goto error2;
400 }
401
664cceb0 402 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
1da177e4 403
664cceb0 404 key_ref_put(key_ref);
1da177e4 405 error2:
664cceb0 406 key_ref_put(keyring_ref);
1da177e4
LT		 407 error:
408 return ret;
409
410} /* end keyctl_keyring_link() */
411
412/*****************************************************************************/
413/*
414 * unlink the first attachment of a key from a keyring
415 * - the keyring must be writable
416 * - we don't need any permissions on the key
417 * - implements keyctl(KEYCTL_UNLINK)
418 */
419long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
420{
664cceb0 421 key_ref_t keyring_ref, key_ref;
1da177e4
LT		 422 long ret;
423
664cceb0
DH		 424 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
425 if (IS_ERR(keyring_ref)) {
426 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 427 goto error;
428 }
429
664cceb0
DH		 430 key_ref = lookup_user_key(NULL, id, 0, 0, 0);
431 if (IS_ERR(key_ref)) {
432 ret = PTR_ERR(key_ref);
1da177e4
LT		 433 goto error2;
434 }
435
664cceb0 436 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
1da177e4 437
664cceb0 438 key_ref_put(key_ref);
1da177e4 439 error2:
664cceb0 440 key_ref_put(keyring_ref);
1da177e4
LT		 441 error:
442 return ret;
443
444} /* end keyctl_keyring_unlink() */
445
446/*****************************************************************************/
447/*
448 * describe a user key
449 * - the key must have view permission
450 * - if there's a buffer, we place up to buflen bytes of data into it
451 * - unless there's an error, we return the amount of description available,
452 * irrespective of how much we may have copied
453 * - the description is formatted thus:
454 * type;uid;gid;perm;description<NUL>
455 * - implements keyctl(KEYCTL_DESCRIBE)
456 */
457long keyctl_describe_key(key_serial_t keyid,
458 char __user *buffer,
459 size_t buflen)
460{
3e30148c 461 struct key *key, *instkey;
664cceb0 462 key_ref_t key_ref;
1da177e4
LT		 463 char *tmpbuf;
464 long ret;
465
664cceb0
DH		 466 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
467 if (IS_ERR(key_ref)) {
3e30148c
DH		 468 /* viewing a key under construction is permitted if we have the
469 * authorisation token handy */
664cceb0 470 if (PTR_ERR(key_ref) == -EACCES) {
3e30148c
DH		 471 instkey = key_get_instantiation_authkey(keyid);
472 if (!IS_ERR(instkey)) {
473 key_put(instkey);
664cceb0
DH		 474 key_ref = lookup_user_key(NULL, keyid,
475 0, 1, 0);
476 if (!IS_ERR(key_ref))
3e30148c
DH		 477 goto okay;
478 }
479 }
480
664cceb0 481 ret = PTR_ERR(key_ref);
1da177e4
LT		 482 goto error;
483 }
484
3e30148c 485okay:
1da177e4
LT		 486 /* calculate how much description we're going to return */
487 ret = -ENOMEM;
488 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
489 if (!tmpbuf)
490 goto error2;
491
664cceb0
DH		 492 key = key_ref_to_ptr(key_ref);
493
1da177e4 494 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
664cceb0
DH		 495 "%s;%d;%d;%08x;%s",
496 key_ref_to_ptr(key_ref)->type->name,
497 key_ref_to_ptr(key_ref)->uid,
498 key_ref_to_ptr(key_ref)->gid,
499 key_ref_to_ptr(key_ref)->perm,
500 key_ref_to_ptr(key_ref)->description ?
501 key_ref_to_ptr(key_ref)->description : ""
1da177e4
LT		 502 );
503
504 /* include a NUL char at the end of the data */
505 if (ret > PAGE_SIZE - 1)
506 ret = PAGE_SIZE - 1;
507 tmpbuf[ret] = 0;
508 ret++;
509
510 /* consider returning the data */
511 if (buffer && buflen > 0) {
512 if (buflen > ret)
513 buflen = ret;
514
515 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
516 ret = -EFAULT;
517 }
518
519 kfree(tmpbuf);
520 error2:
664cceb0 521 key_ref_put(key_ref);
1da177e4
LT		 522 error:
523 return ret;
524
525} /* end keyctl_describe_key() */
526
527/*****************************************************************************/
528/*
529 * search the specified keyring for a matching key
530 * - the start keyring must be searchable
531 * - nested keyrings may also be searched if they are searchable
532 * - only keys with search permission may be found
533 * - if a key is found, it will be attached to the destination keyring if
534 * there's one specified
535 * - implements keyctl(KEYCTL_SEARCH)
536 */
537long keyctl_keyring_search(key_serial_t ringid,
538 const char __user *_type,
539 const char __user *_description,
540 key_serial_t destringid)
541{
542 struct key_type *ktype;
664cceb0 543 key_ref_t keyring_ref, key_ref, dest_ref;
1da177e4 544 char type[32], *description;
0cb409d9 545 long ret;
1da177e4
LT		 546
547 /* pull the type and description into kernel space */
0cb409d9 548 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 549 if (ret < 0)
550 goto error;
1da177e4 551
0cb409d9
DA		 552 description = strndup_user(_description, PAGE_SIZE);
553 if (IS_ERR(description)) {
554 ret = PTR_ERR(description);
1da177e4 555 goto error;
0cb409d9 556 }
1da177e4
LT		 557
558 /* get the keyring at which to begin the search */
664cceb0
DH		 559 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
560 if (IS_ERR(keyring_ref)) {
561 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 562 goto error2;
563 }
564
565 /* get the destination keyring if specified */
664cceb0 566 dest_ref = NULL;
1da177e4 567 if (destringid) {
664cceb0
DH		 568 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
569 if (IS_ERR(dest_ref)) {
570 ret = PTR_ERR(dest_ref);
1da177e4
LT		 571 goto error3;
572 }
573 }
574
575 /* find the key type */
576 ktype = key_type_lookup(type);
577 if (IS_ERR(ktype)) {
578 ret = PTR_ERR(ktype);
579 goto error4;
580 }
581
582 /* do the search */
664cceb0
DH		 583 key_ref = keyring_search(keyring_ref, ktype, description);
584 if (IS_ERR(key_ref)) {
585 ret = PTR_ERR(key_ref);
1da177e4
LT		 586
587 /* treat lack or presence of a negative key the same */
588 if (ret == -EAGAIN)
589 ret = -ENOKEY;
590 goto error5;
591 }
592
593 /* link the resulting key to the destination keyring if we can */
664cceb0 594 if (dest_ref) {
29db9190
DH		 595 ret = key_permission(key_ref, KEY_LINK);
596 if (ret < 0)
1da177e4
LT		 597 goto error6;
598
664cceb0 599 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));
1da177e4
LT		 600 if (ret < 0)
601 goto error6;
602 }
603
664cceb0 604 ret = key_ref_to_ptr(key_ref)->serial;
1da177e4
LT		 605
606 error6:
664cceb0 607 key_ref_put(key_ref);
1da177e4
LT		 608 error5:
609 key_type_put(ktype);
610 error4:
664cceb0 611 key_ref_put(dest_ref);
1da177e4 612 error3:
664cceb0 613 key_ref_put(keyring_ref);
1da177e4
LT		 614 error2:
615 kfree(description);
616 error:
617 return ret;
618
619} /* end keyctl_keyring_search() */
620
1da177e4
LT		 621/*****************************************************************************/
622/*
623 * read a user key's payload
624 * - the keyring must be readable or the key must be searchable from the
625 * process's keyrings
626 * - if there's a buffer, we place up to buflen bytes of data into it
627 * - unless there's an error, we return the amount of data in the key,
628 * irrespective of how much we may have copied
629 * - implements keyctl(KEYCTL_READ)
630 */
631long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
632{
664cceb0
DH		 633 struct key *key;
634 key_ref_t key_ref;
1da177e4
LT		 635 long ret;
636
637 /* find the key first */
664cceb0
DH		 638 key_ref = lookup_user_key(NULL, keyid, 0, 0, 0);
639 if (IS_ERR(key_ref)) {
640 ret = -ENOKEY;
641 goto error;
1da177e4
LT		 642 }
643
664cceb0
DH		 644 key = key_ref_to_ptr(key_ref);
645
646 /* see if we can read it directly */
29db9190
DH		 647 ret = key_permission(key_ref, KEY_READ);
648 if (ret == 0)
664cceb0 649 goto can_read_key;
29db9190
DH		 650 if (ret != -EACCES)
651 goto error;
664cceb0
DH		 652
653 /* we can't; see if it's searchable from this process's keyrings
654 * - we automatically take account of the fact that it may be
655 * dangling off an instantiation key
656 */
657 if (!is_key_possessed(key_ref)) {
658 ret = -EACCES;
659 goto error2;
660 }
1da177e4
LT		 661
662 /* the key is probably readable - now try to read it */
1da177e4
LT		 663 can_read_key:
664 ret = key_validate(key);
665 if (ret == 0) {
666 ret = -EOPNOTSUPP;
667 if (key->type->read) {
668 /* read the data with the semaphore held (since we
669 * might sleep) */
670 down_read(&key->sem);
671 ret = key->type->read(key, buffer, buflen);
672 up_read(&key->sem);
673 }
674 }
675
676 error2:
677 key_put(key);
678 error:
679 return ret;
680
681} /* end keyctl_read_key() */
682
683/*****************************************************************************/
684/*
685 * change the ownership of a key
686 * - the keyring owned by the changer
687 * - if the uid or gid is -1, then that parameter is not changed
688 * - implements keyctl(KEYCTL_CHOWN)
689 */
690long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
691{
5801649d 692 struct key_user *newowner, *zapowner = NULL;
1da177e4 693 struct key *key;
664cceb0 694 key_ref_t key_ref;
1da177e4
LT		 695 long ret;
696
697 ret = 0;
698 if (uid == (uid_t) -1 && gid == (gid_t) -1)
699 goto error;
700
29db9190 701 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR);
664cceb0
DH		 702 if (IS_ERR(key_ref)) {
703 ret = PTR_ERR(key_ref);
1da177e4
LT		 704 goto error;
705 }
706
664cceb0
DH		 707 key = key_ref_to_ptr(key_ref);
708
1da177e4
LT		 709 /* make the changes with the locks held to prevent chown/chown races */
710 ret = -EACCES;
711 down_write(&key->sem);
1da177e4
LT		 712
713 if (!capable(CAP_SYS_ADMIN)) {
714 /* only the sysadmin can chown a key to some other UID */
715 if (uid != (uid_t) -1 && key->uid != uid)
5801649d 716 goto error_put;
1da177e4
LT		 717
718 /* only the sysadmin can set the key's GID to a group other
719 * than one of those that the current process subscribes to */
720 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
5801649d 721 goto error_put;
1da177e4
LT		 722 }
723
5801649d 724 /* change the UID */
1da177e4 725 if (uid != (uid_t) -1 && uid != key->uid) {
5801649d
FT		 726 ret = -ENOMEM;
727 newowner = key_user_lookup(uid);
728 if (!newowner)
729 goto error_put;
730
731 /* transfer the quota burden to the new user */
732 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
733 spin_lock(&newowner->lock);
734 if (newowner->qnkeys + 1 >= KEYQUOTA_MAX_KEYS ||
735 newowner->qnbytes + key->quotalen >=
736 KEYQUOTA_MAX_BYTES)
737 goto quota_overrun;
738
739 newowner->qnkeys++;
740 newowner->qnbytes += key->quotalen;
741 spin_unlock(&newowner->lock);
742
743 spin_lock(&key->user->lock);
744 key->user->qnkeys--;
745 key->user->qnbytes -= key->quotalen;
746 spin_unlock(&key->user->lock);
747 }
748
749 atomic_dec(&key->user->nkeys);
750 atomic_inc(&newowner->nkeys);
751
752 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
753 atomic_dec(&key->user->nikeys);
754 atomic_inc(&newowner->nikeys);
755 }
756
757 zapowner = key->user;
758 key->user = newowner;
759 key->uid = uid;
1da177e4
LT		 760 }
761
762 /* change the GID */
763 if (gid != (gid_t) -1)
764 key->gid = gid;
765
766 ret = 0;
767
5801649d 768error_put:
1da177e4
LT		 769 up_write(&key->sem);
770 key_put(key);
5801649d
FT		 771 if (zapowner)
772 key_user_put(zapowner);
773error:
1da177e4
LT		 774 return ret;
775
5801649d
FT		 776quota_overrun:
777 spin_unlock(&newowner->lock);
778 zapowner = newowner;
779 ret = -EDQUOT;
780 goto error_put;
781
1da177e4
LT		 782} /* end keyctl_chown_key() */
783
784/*****************************************************************************/
785/*
786 * change the permission mask on a key
787 * - the keyring owned by the changer
788 * - implements keyctl(KEYCTL_SETPERM)
789 */
790long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
791{
792 struct key *key;
664cceb0 793 key_ref_t key_ref;
1da177e4
LT		 794 long ret;
795
796 ret = -EINVAL;
664cceb0 797 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
1da177e4
LT		 798 goto error;
799
29db9190 800 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR);
664cceb0
DH		 801 if (IS_ERR(key_ref)) {
802 ret = PTR_ERR(key_ref);
1da177e4
LT		 803 goto error;
804 }
805
664cceb0
DH		 806 key = key_ref_to_ptr(key_ref);
807
76d8aeab 808 /* make the changes with the locks held to prevent chown/chmod races */
1da177e4
LT		 809 ret = -EACCES;
810 down_write(&key->sem);
1da177e4 811
76d8aeab
DH		 812 /* if we're not the sysadmin, we can only change a key that we own */
813 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
814 key->perm = perm;
815 ret = 0;
816 }
1da177e4 817
1da177e4
LT		 818 up_write(&key->sem);
819 key_put(key);
76d8aeab 820error:
1da177e4
LT		 821 return ret;
822
823} /* end keyctl_setperm_key() */
824
825/*****************************************************************************/
826/*
827 * instantiate the key with the specified payload, and, if one is given, link
828 * the key into the keyring
829 */
830long keyctl_instantiate_key(key_serial_t id,
831 const void __user *_payload,
832 size_t plen,
833 key_serial_t ringid)
834{
3e30148c 835 struct request_key_auth *rka;
664cceb0
DH		 836 struct key *instkey;
837 key_ref_t keyring_ref;
1da177e4
LT		 838 void *payload;
839 long ret;
38bbca6b 840 bool vm = false;
1da177e4
LT		 841
842 ret = -EINVAL;
38bbca6b 843 if (plen > 1024 * 1024 - 1)
1da177e4
LT		 844 goto error;
845
b5f545c8
DH		 846 /* the appropriate instantiation authorisation key must have been
847 * assumed before calling this */
848 ret = -EPERM;
849 instkey = current->request_key_auth;
850 if (!instkey)
851 goto error;
852
853 rka = instkey->payload.data;
854 if (rka->target_key->serial != id)
855 goto error;
856
1da177e4
LT		 857 /* pull the payload in if one was supplied */
858 payload = NULL;
859
860 if (_payload) {
861 ret = -ENOMEM;
862 payload = kmalloc(plen, GFP_KERNEL);
38bbca6b
DH		 863 if (!payload) {
864 if (plen <= PAGE_SIZE)
865 goto error;
866 vm = true;
867 payload = vmalloc(plen);
868 if (!payload)
869 goto error;
870 }
1da177e4
LT		 871
872 ret = -EFAULT;
873 if (copy_from_user(payload, _payload, plen) != 0)
874 goto error2;
875 }
876
3e30148c
DH		 877 /* find the destination keyring amongst those belonging to the
878 * requesting task */
664cceb0 879 keyring_ref = NULL;
1da177e4 880 if (ringid) {
664cceb0
DH		 881 keyring_ref = lookup_user_key(rka->context, ringid, 1, 0,
882 KEY_WRITE);
883 if (IS_ERR(keyring_ref)) {
884 ret = PTR_ERR(keyring_ref);
b5f545c8 885 goto error2;
1da177e4
LT		 886 }
887 }
888
889 /* instantiate the key and link it into a keyring */
3e30148c 890 ret = key_instantiate_and_link(rka->target_key, payload, plen,
664cceb0 891 key_ref_to_ptr(keyring_ref), instkey);
1da177e4 892
664cceb0 893 key_ref_put(keyring_ref);
b5f545c8
DH		 894
895 /* discard the assumed authority if it's just been disabled by
896 * instantiation of the key */
897 if (ret == 0) {
898 key_put(current->request_key_auth);
899 current->request_key_auth = NULL;
900 }
901
902error2:
38bbca6b
DH		 903 if (!vm)
904 kfree(payload);
905 else
906 vfree(payload);
b5f545c8 907error:
1da177e4
LT		 908 return ret;
909
910} /* end keyctl_instantiate_key() */
911
912/*****************************************************************************/
913/*
914 * negatively instantiate the key with the given timeout (in seconds), and, if
915 * one is given, link the key into the keyring
916 */
917long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
918{
3e30148c 919 struct request_key_auth *rka;
664cceb0
DH		 920 struct key *instkey;
921 key_ref_t keyring_ref;
1da177e4
LT		 922 long ret;
923
b5f545c8
DH		 924 /* the appropriate instantiation authorisation key must have been
925 * assumed before calling this */
926 ret = -EPERM;
927 instkey = current->request_key_auth;
928 if (!instkey)
1da177e4 929 goto error;
1da177e4 930
3e30148c 931 rka = instkey->payload.data;
b5f545c8
DH		 932 if (rka->target_key->serial != id)
933 goto error;
3e30148c 934
1da177e4
LT		 935 /* find the destination keyring if present (which must also be
936 * writable) */
664cceb0 937 keyring_ref = NULL;
1da177e4 938 if (ringid) {
664cceb0
DH		 939 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
940 if (IS_ERR(keyring_ref)) {
941 ret = PTR_ERR(keyring_ref);
b5f545c8 942 goto error;
1da177e4
LT		 943 }
944 }
945
946 /* instantiate the key and link it into a keyring */
664cceb0
DH		 947 ret = key_negate_and_link(rka->target_key, timeout,
948 key_ref_to_ptr(keyring_ref), instkey);
1da177e4 949
664cceb0 950 key_ref_put(keyring_ref);
b5f545c8
DH		 951
952 /* discard the assumed authority if it's just been disabled by
953 * instantiation of the key */
954 if (ret == 0) {
955 key_put(current->request_key_auth);
956 current->request_key_auth = NULL;
957 }
958
959error:
1da177e4
LT		 960 return ret;
961
962} /* end keyctl_negate_key() */
963
3e30148c
DH		 964/*****************************************************************************/
965/*
966 * set the default keyring in which request_key() will cache keys
967 * - return the old setting
968 */
969long keyctl_set_reqkey_keyring(int reqkey_defl)
970{
971 int ret;
972
973 switch (reqkey_defl) {
974 case KEY_REQKEY_DEFL_THREAD_KEYRING:
975 ret = install_thread_keyring(current);
976 if (ret < 0)
977 return ret;
978 goto set;
979
980 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
981 ret = install_process_keyring(current);
982 if (ret < 0)
983 return ret;
984
985 case KEY_REQKEY_DEFL_DEFAULT:
986 case KEY_REQKEY_DEFL_SESSION_KEYRING:
987 case KEY_REQKEY_DEFL_USER_KEYRING:
988 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
989 set:
990 current->jit_keyring = reqkey_defl;
991
992 case KEY_REQKEY_DEFL_NO_CHANGE:
993 return current->jit_keyring;
994
995 case KEY_REQKEY_DEFL_GROUP_KEYRING:
996 default:
997 return -EINVAL;
998 }
999
1000} /* end keyctl_set_reqkey_keyring() */
1001
017679c4
DH		 1002/*****************************************************************************/
1003/*
1004 * set or clear the timeout for a key
1005 */
1006long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1007{
1008 struct timespec now;
1009 struct key *key;
1010 key_ref_t key_ref;
1011 time_t expiry;
1012 long ret;
1013
1014 key_ref = lookup_user_key(NULL, id, 1, 1, KEY_SETATTR);
1015 if (IS_ERR(key_ref)) {
1016 ret = PTR_ERR(key_ref);
1017 goto error;
1018 }
1019
1020 key = key_ref_to_ptr(key_ref);
1021
1022 /* make the changes with the locks held to prevent races */
1023 down_write(&key->sem);
1024
1025 expiry = 0;
1026 if (timeout > 0) {
1027 now = current_kernel_time();
1028 expiry = now.tv_sec + timeout;
1029 }
1030
1031 key->expiry = expiry;
1032
1033 up_write(&key->sem);
1034 key_put(key);
1035
1036 ret = 0;
1037error:
1038 return ret;
1039
1040} /* end keyctl_set_timeout() */
1041
b5f545c8
DH		 1042/*****************************************************************************/
1043/*
1044 * assume the authority to instantiate the specified key
1045 */
1046long keyctl_assume_authority(key_serial_t id)
1047{
1048 struct key *authkey;
1049 long ret;
1050
1051 /* special key IDs aren't permitted */
1052 ret = -EINVAL;
1053 if (id < 0)
1054 goto error;
1055
1056 /* we divest ourselves of authority if given an ID of 0 */
1057 if (id == 0) {
1058 key_put(current->request_key_auth);
1059 current->request_key_auth = NULL;
1060 ret = 0;
1061 goto error;
1062 }
1063
1064 /* attempt to assume the authority temporarily granted to us whilst we
1065 * instantiate the specified key
1066 * - the authorisation key must be in the current task's keyrings
1067 * somewhere
1068 */
1069 authkey = key_get_instantiation_authkey(id);
1070 if (IS_ERR(authkey)) {
1071 ret = PTR_ERR(authkey);
1072 goto error;
1073 }
1074
1075 key_put(current->request_key_auth);
1076 current->request_key_auth = authkey;
1077 ret = authkey->serial;
1078
1079error:
1080 return ret;
1081
1082} /* end keyctl_assume_authority() */
1083
70a5bb72
DH		 1084/*
1085 * get the security label of a key
1086 * - the key must grant us view permission
1087 * - if there's a buffer, we place up to buflen bytes of data into it
1088 * - unless there's an error, we return the amount of information available,
1089 * irrespective of how much we may have copied (including the terminal NUL)
1090 * - implements keyctl(KEYCTL_GET_SECURITY)
1091 */
1092long keyctl_get_security(key_serial_t keyid,
1093 char __user *buffer,
1094 size_t buflen)
1095{
1096 struct key *key, *instkey;
1097 key_ref_t key_ref;
1098 char *context;
1099 long ret;
1100
1101 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
1102 if (IS_ERR(key_ref)) {
1103 if (PTR_ERR(key_ref) != -EACCES)
1104 return PTR_ERR(key_ref);
1105
1106 /* viewing a key under construction is also permitted if we
1107 * have the authorisation token handy */
1108 instkey = key_get_instantiation_authkey(keyid);
1109 if (IS_ERR(instkey))
1110 return PTR_ERR(key_ref);
1111 key_put(instkey);
1112
1113 key_ref = lookup_user_key(NULL, keyid, 0, 1, 0);
1114 if (IS_ERR(key_ref))
1115 return PTR_ERR(key_ref);
1116 }
1117
1118 key = key_ref_to_ptr(key_ref);
1119 ret = security_key_getsecurity(key, &context);
1120 if (ret == 0) {
1121 /* if no information was returned, give userspace an empty
1122 * string */
1123 ret = 1;
1124 if (buffer && buflen > 0 &&
1125 copy_to_user(buffer, "", 1) != 0)
1126 ret = -EFAULT;
1127 } else if (ret > 0) {
1128 /* return as much data as there's room for */
1129 if (buffer && buflen > 0) {
1130 if (buflen > ret)
1131 buflen = ret;
1132
1133 if (copy_to_user(buffer, context, buflen) != 0)
1134 ret = -EFAULT;
1135 }
1136
1137 kfree(context);
1138 }
1139
1140 key_ref_put(key_ref);
1141 return ret;
1142}
1143
1da177e4
LT		 1144/*****************************************************************************/
1145/*
1146 * the key control system call
1147 */
1148asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
1149 unsigned long arg4, unsigned long arg5)
1150{
1151 switch (option) {
1152 case KEYCTL_GET_KEYRING_ID:
1153 return keyctl_get_keyring_ID((key_serial_t) arg2,
1154 (int) arg3);
1155
1156 case KEYCTL_JOIN_SESSION_KEYRING:
1157 return keyctl_join_session_keyring((const char __user *) arg2);
1158
1159 case KEYCTL_UPDATE:
1160 return keyctl_update_key((key_serial_t) arg2,
1161 (const void __user *) arg3,
1162 (size_t) arg4);
1163
1164 case KEYCTL_REVOKE:
1165 return keyctl_revoke_key((key_serial_t) arg2);
1166
1167 case KEYCTL_DESCRIBE:
1168 return keyctl_describe_key((key_serial_t) arg2,
1169 (char __user *) arg3,
1170 (unsigned) arg4);
1171
1172 case KEYCTL_CLEAR:
1173 return keyctl_keyring_clear((key_serial_t) arg2);
1174
1175 case KEYCTL_LINK:
1176 return keyctl_keyring_link((key_serial_t) arg2,
1177 (key_serial_t) arg3);
1178
1179 case KEYCTL_UNLINK:
1180 return keyctl_keyring_unlink((key_serial_t) arg2,
1181 (key_serial_t) arg3);
1182
1183 case KEYCTL_SEARCH:
1184 return keyctl_keyring_search((key_serial_t) arg2,
1185 (const char __user *) arg3,
1186 (const char __user *) arg4,
1187 (key_serial_t) arg5);
1188
1189 case KEYCTL_READ:
1190 return keyctl_read_key((key_serial_t) arg2,
1191 (char __user *) arg3,
1192 (size_t) arg4);
1193
1194 case KEYCTL_CHOWN:
1195 return keyctl_chown_key((key_serial_t) arg2,
1196 (uid_t) arg3,
1197 (gid_t) arg4);
1198
1199 case KEYCTL_SETPERM:
1200 return keyctl_setperm_key((key_serial_t) arg2,
1201 (key_perm_t) arg3);
1202
1203 case KEYCTL_INSTANTIATE:
1204 return keyctl_instantiate_key((key_serial_t) arg2,
1205 (const void __user *) arg3,
1206 (size_t) arg4,
1207 (key_serial_t) arg5);
1208
1209 case KEYCTL_NEGATE:
1210 return keyctl_negate_key((key_serial_t) arg2,
1211 (unsigned) arg3,
1212 (key_serial_t) arg4);
1213
3e30148c
DH		 1214 case KEYCTL_SET_REQKEY_KEYRING:
1215 return keyctl_set_reqkey_keyring(arg2);
1216
017679c4
DH		 1217 case KEYCTL_SET_TIMEOUT:
1218 return keyctl_set_timeout((key_serial_t) arg2,
1219 (unsigned) arg3);
1220
b5f545c8
DH		 1221 case KEYCTL_ASSUME_AUTHORITY:
1222 return keyctl_assume_authority((key_serial_t) arg2);
1223
70a5bb72
DH		 1224 case KEYCTL_GET_SECURITY:
1225 return keyctl_get_security((key_serial_t) arg2,
1226 (char *) arg3,
1227 (size_t) arg4);
1228
1da177e4
LT		 1229 default:
1230 return -EOPNOTSUPP;
1231 }
1232
1233} /* end sys_keyctl() */
Linux 6.x block layer and io_uring tree(s)