Commit | Line | Data |
---|---|---|
69664cf1 | 1 | /* Keyring handling |
1da177e4 | 2 | * |
b2a4df20 | 3 | * Copyright (C) 2004-2005, 2008, 2013 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
876979c9 | 12 | #include <linux/export.h> |
1da177e4 LT |
13 | #include <linux/init.h> |
14 | #include <linux/sched.h> | |
15 | #include <linux/slab.h> | |
29db9190 | 16 | #include <linux/security.h> |
1da177e4 LT |
17 | #include <linux/seq_file.h> |
18 | #include <linux/err.h> | |
e9e349b0 | 19 | #include <keys/keyring-type.h> |
b2a4df20 DH |
20 | #include <keys/user-type.h> |
21 | #include <linux/assoc_array_priv.h> | |
512ea3bc | 22 | #include <linux/uaccess.h> |
1da177e4 LT |
23 | #include "internal.h" |
24 | ||
25 | /* | |
973c9f4f DH |
26 | * When plumbing the depths of the key tree, this sets a hard limit |
27 | * set on how deep we're willing to go. | |
1da177e4 LT |
28 | */ |
29 | #define KEYRING_SEARCH_MAX_DEPTH 6 | |
30 | ||
31 | /* | |
973c9f4f | 32 | * We keep all named keyrings in a hash to speed looking them up. |
1da177e4 LT |
33 | */ |
34 | #define KEYRING_NAME_HASH_SIZE (1 << 5) | |
35 | ||
b2a4df20 DH |
36 | /* |
37 | * We mark pointers we pass to the associative array with bit 1 set if | |
38 | * they're keyrings and clear otherwise. | |
39 | */ | |
40 | #define KEYRING_PTR_SUBTYPE 0x2UL | |
41 | ||
42 | static inline bool keyring_ptr_is_keyring(const struct assoc_array_ptr *x) | |
43 | { | |
44 | return (unsigned long)x & KEYRING_PTR_SUBTYPE; | |
45 | } | |
46 | static inline struct key *keyring_ptr_to_key(const struct assoc_array_ptr *x) | |
47 | { | |
48 | void *object = assoc_array_ptr_to_leaf(x); | |
49 | return (struct key *)((unsigned long)object & ~KEYRING_PTR_SUBTYPE); | |
50 | } | |
51 | static inline void *keyring_key_to_ptr(struct key *key) | |
52 | { | |
53 | if (key->type == &key_type_keyring) | |
54 | return (void *)((unsigned long)key | KEYRING_PTR_SUBTYPE); | |
55 | return key; | |
56 | } | |
57 | ||
1da177e4 LT |
58 | static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; |
59 | static DEFINE_RWLOCK(keyring_name_lock); | |
60 | ||
61 | static inline unsigned keyring_hash(const char *desc) | |
62 | { | |
63 | unsigned bucket = 0; | |
64 | ||
65 | for (; *desc; desc++) | |
c5b60b5e | 66 | bucket += (unsigned char)*desc; |
1da177e4 LT |
67 | |
68 | return bucket & (KEYRING_NAME_HASH_SIZE - 1); | |
69 | } | |
70 | ||
71 | /* | |
973c9f4f DH |
72 | * The keyring key type definition. Keyrings are simply keys of this type and |
73 | * can be treated as ordinary keys in addition to having their own special | |
74 | * operations. | |
1da177e4 | 75 | */ |
5d19e20b DH |
76 | static int keyring_preparse(struct key_preparsed_payload *prep); |
77 | static void keyring_free_preparse(struct key_preparsed_payload *prep); | |
1da177e4 | 78 | static int keyring_instantiate(struct key *keyring, |
cf7f601c | 79 | struct key_preparsed_payload *prep); |
31204ed9 | 80 | static void keyring_revoke(struct key *keyring); |
1da177e4 LT |
81 | static void keyring_destroy(struct key *keyring); |
82 | static void keyring_describe(const struct key *keyring, struct seq_file *m); | |
83 | static long keyring_read(const struct key *keyring, | |
84 | char __user *buffer, size_t buflen); | |
85 | ||
86 | struct key_type key_type_keyring = { | |
87 | .name = "keyring", | |
b2a4df20 | 88 | .def_datalen = 0, |
5d19e20b DH |
89 | .preparse = keyring_preparse, |
90 | .free_preparse = keyring_free_preparse, | |
1da177e4 | 91 | .instantiate = keyring_instantiate, |
31204ed9 | 92 | .revoke = keyring_revoke, |
1da177e4 LT |
93 | .destroy = keyring_destroy, |
94 | .describe = keyring_describe, | |
95 | .read = keyring_read, | |
96 | }; | |
7318226e DH |
97 | EXPORT_SYMBOL(key_type_keyring); |
98 | ||
1da177e4 | 99 | /* |
973c9f4f DH |
100 | * Semaphore to serialise link/link calls to prevent two link calls in parallel |
101 | * introducing a cycle. | |
1da177e4 | 102 | */ |
3be59f74 | 103 | static DEFINE_MUTEX(keyring_serialise_link_lock); |
1da177e4 | 104 | |
1da177e4 | 105 | /* |
973c9f4f DH |
106 | * Publish the name of a keyring so that it can be found by name (if it has |
107 | * one). | |
1da177e4 | 108 | */ |
69664cf1 | 109 | static void keyring_publish_name(struct key *keyring) |
1da177e4 LT |
110 | { |
111 | int bucket; | |
112 | ||
113 | if (keyring->description) { | |
114 | bucket = keyring_hash(keyring->description); | |
115 | ||
116 | write_lock(&keyring_name_lock); | |
117 | ||
118 | if (!keyring_name_hash[bucket].next) | |
119 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); | |
120 | ||
146aa8b1 | 121 | list_add_tail(&keyring->name_link, |
1da177e4 LT |
122 | &keyring_name_hash[bucket]); |
123 | ||
124 | write_unlock(&keyring_name_lock); | |
125 | } | |
a8b17ed0 | 126 | } |
1da177e4 | 127 | |
5d19e20b DH |
128 | /* |
129 | * Preparse a keyring payload | |
130 | */ | |
131 | static int keyring_preparse(struct key_preparsed_payload *prep) | |
132 | { | |
133 | return prep->datalen != 0 ? -EINVAL : 0; | |
134 | } | |
135 | ||
136 | /* | |
137 | * Free a preparse of a user defined key payload | |
138 | */ | |
139 | static void keyring_free_preparse(struct key_preparsed_payload *prep) | |
140 | { | |
141 | } | |
142 | ||
1da177e4 | 143 | /* |
973c9f4f DH |
144 | * Initialise a keyring. |
145 | * | |
146 | * Returns 0 on success, -EINVAL if given any data. | |
1da177e4 LT |
147 | */ |
148 | static int keyring_instantiate(struct key *keyring, | |
cf7f601c | 149 | struct key_preparsed_payload *prep) |
1da177e4 | 150 | { |
5d19e20b DH |
151 | assoc_array_init(&keyring->keys); |
152 | /* make the keyring available by name if it has one */ | |
153 | keyring_publish_name(keyring); | |
154 | return 0; | |
a8b17ed0 | 155 | } |
1da177e4 | 156 | |
1da177e4 | 157 | /* |
b2a4df20 DH |
158 | * Multiply 64-bits by 32-bits to 96-bits and fold back to 64-bit. Ideally we'd |
159 | * fold the carry back too, but that requires inline asm. | |
160 | */ | |
161 | static u64 mult_64x32_and_fold(u64 x, u32 y) | |
162 | { | |
163 | u64 hi = (u64)(u32)(x >> 32) * y; | |
164 | u64 lo = (u64)(u32)(x) * y; | |
165 | return lo + ((u64)(u32)hi << 32) + (u32)(hi >> 32); | |
166 | } | |
167 | ||
168 | /* | |
169 | * Hash a key type and description. | |
170 | */ | |
355ef8e1 | 171 | static void hash_key_type_and_desc(struct keyring_index_key *index_key) |
b2a4df20 DH |
172 | { |
173 | const unsigned level_shift = ASSOC_ARRAY_LEVEL_STEP; | |
d54e58b7 | 174 | const unsigned long fan_mask = ASSOC_ARRAY_FAN_MASK; |
b2a4df20 DH |
175 | const char *description = index_key->description; |
176 | unsigned long hash, type; | |
177 | u32 piece; | |
178 | u64 acc; | |
179 | int n, desc_len = index_key->desc_len; | |
180 | ||
181 | type = (unsigned long)index_key->type; | |
b2a4df20 DH |
182 | acc = mult_64x32_and_fold(type, desc_len + 13); |
183 | acc = mult_64x32_and_fold(acc, 9207); | |
f771fde8 | 184 | |
b2a4df20 DH |
185 | for (;;) { |
186 | n = desc_len; | |
187 | if (n <= 0) | |
188 | break; | |
189 | if (n > 4) | |
190 | n = 4; | |
191 | piece = 0; | |
192 | memcpy(&piece, description, n); | |
193 | description += n; | |
194 | desc_len -= n; | |
195 | acc = mult_64x32_and_fold(acc, piece); | |
196 | acc = mult_64x32_and_fold(acc, 9207); | |
197 | } | |
198 | ||
199 | /* Fold the hash down to 32 bits if need be. */ | |
200 | hash = acc; | |
201 | if (ASSOC_ARRAY_KEY_CHUNK_SIZE == 32) | |
202 | hash ^= acc >> 32; | |
203 | ||
204 | /* Squidge all the keyrings into a separate part of the tree to | |
205 | * ordinary keys by making sure the lowest level segment in the hash is | |
206 | * zero for keyrings and non-zero otherwise. | |
207 | */ | |
d54e58b7 | 208 | if (index_key->type != &key_type_keyring && (hash & fan_mask) == 0) |
355ef8e1 DH |
209 | hash |= (hash >> (ASSOC_ARRAY_KEY_CHUNK_SIZE - level_shift)) | 1; |
210 | else if (index_key->type == &key_type_keyring && (hash & fan_mask) != 0) | |
211 | hash = (hash + (hash << level_shift)) & ~fan_mask; | |
212 | index_key->hash = hash; | |
213 | } | |
214 | ||
215 | /* | |
216 | * Finalise an index key to include a part of the description actually in the | |
217 | * index key and to add in the hash too. | |
218 | */ | |
219 | void key_set_index_key(struct keyring_index_key *index_key) | |
220 | { | |
221 | size_t n = min_t(size_t, index_key->desc_len, sizeof(index_key->desc)); | |
222 | memcpy(index_key->desc, index_key->description, n); | |
223 | ||
224 | hash_key_type_and_desc(index_key); | |
b2a4df20 DH |
225 | } |
226 | ||
227 | /* | |
228 | * Build the next index key chunk. | |
229 | * | |
b2a4df20 | 230 | * We return it one word-sized chunk at a time. |
1da177e4 | 231 | */ |
b2a4df20 DH |
232 | static unsigned long keyring_get_key_chunk(const void *data, int level) |
233 | { | |
234 | const struct keyring_index_key *index_key = data; | |
235 | unsigned long chunk = 0; | |
f771fde8 | 236 | const u8 *d; |
b2a4df20 DH |
237 | int desc_len = index_key->desc_len, n = sizeof(chunk); |
238 | ||
239 | level /= ASSOC_ARRAY_KEY_CHUNK_SIZE; | |
240 | switch (level) { | |
241 | case 0: | |
355ef8e1 | 242 | return index_key->hash; |
b2a4df20 | 243 | case 1: |
f771fde8 | 244 | return index_key->x; |
b2a4df20 | 245 | case 2: |
f771fde8 | 246 | return (unsigned long)index_key->type; |
b2a4df20 | 247 | default: |
f771fde8 DH |
248 | level -= 3; |
249 | if (desc_len <= sizeof(index_key->desc)) | |
b2a4df20 | 250 | return 0; |
f771fde8 DH |
251 | |
252 | d = index_key->description + sizeof(index_key->desc); | |
253 | d += level * sizeof(long); | |
254 | desc_len -= sizeof(index_key->desc); | |
b2a4df20 DH |
255 | if (desc_len > n) |
256 | desc_len = n; | |
b2a4df20 DH |
257 | do { |
258 | chunk <<= 8; | |
f771fde8 | 259 | chunk |= *d++; |
b2a4df20 | 260 | } while (--desc_len > 0); |
b2a4df20 DH |
261 | return chunk; |
262 | } | |
263 | } | |
264 | ||
265 | static unsigned long keyring_get_object_key_chunk(const void *object, int level) | |
266 | { | |
267 | const struct key *key = keyring_ptr_to_key(object); | |
268 | return keyring_get_key_chunk(&key->index_key, level); | |
269 | } | |
270 | ||
271 | static bool keyring_compare_object(const void *object, const void *data) | |
1da177e4 | 272 | { |
b2a4df20 DH |
273 | const struct keyring_index_key *index_key = data; |
274 | const struct key *key = keyring_ptr_to_key(object); | |
275 | ||
276 | return key->index_key.type == index_key->type && | |
277 | key->index_key.desc_len == index_key->desc_len && | |
278 | memcmp(key->index_key.description, index_key->description, | |
279 | index_key->desc_len) == 0; | |
a8b17ed0 | 280 | } |
1da177e4 | 281 | |
b2a4df20 DH |
282 | /* |
283 | * Compare the index keys of a pair of objects and determine the bit position | |
284 | * at which they differ - if they differ. | |
285 | */ | |
23fd78d7 | 286 | static int keyring_diff_objects(const void *object, const void *data) |
b2a4df20 | 287 | { |
23fd78d7 | 288 | const struct key *key_a = keyring_ptr_to_key(object); |
b2a4df20 | 289 | const struct keyring_index_key *a = &key_a->index_key; |
23fd78d7 | 290 | const struct keyring_index_key *b = data; |
b2a4df20 DH |
291 | unsigned long seg_a, seg_b; |
292 | int level, i; | |
293 | ||
294 | level = 0; | |
355ef8e1 DH |
295 | seg_a = a->hash; |
296 | seg_b = b->hash; | |
b2a4df20 DH |
297 | if ((seg_a ^ seg_b) != 0) |
298 | goto differ; | |
f771fde8 | 299 | level += ASSOC_ARRAY_KEY_CHUNK_SIZE / 8; |
b2a4df20 DH |
300 | |
301 | /* The number of bits contributed by the hash is controlled by a | |
302 | * constant in the assoc_array headers. Everything else thereafter we | |
303 | * can deal with as being machine word-size dependent. | |
304 | */ | |
f771fde8 DH |
305 | seg_a = a->x; |
306 | seg_b = b->x; | |
b2a4df20 DH |
307 | if ((seg_a ^ seg_b) != 0) |
308 | goto differ; | |
f771fde8 | 309 | level += sizeof(unsigned long); |
b2a4df20 DH |
310 | |
311 | /* The next bit may not work on big endian */ | |
b2a4df20 DH |
312 | seg_a = (unsigned long)a->type; |
313 | seg_b = (unsigned long)b->type; | |
314 | if ((seg_a ^ seg_b) != 0) | |
315 | goto differ; | |
b2a4df20 | 316 | level += sizeof(unsigned long); |
b2a4df20 | 317 | |
f771fde8 DH |
318 | i = sizeof(a->desc); |
319 | if (a->desc_len <= i) | |
320 | goto same; | |
b2a4df20 DH |
321 | |
322 | for (; i < a->desc_len; i++) { | |
323 | seg_a = *(unsigned char *)(a->description + i); | |
324 | seg_b = *(unsigned char *)(b->description + i); | |
325 | if ((seg_a ^ seg_b) != 0) | |
326 | goto differ_plus_i; | |
327 | } | |
328 | ||
329 | same: | |
330 | return -1; | |
331 | ||
332 | differ_plus_i: | |
333 | level += i; | |
334 | differ: | |
335 | i = level * 8 + __ffs(seg_a ^ seg_b); | |
336 | return i; | |
337 | } | |
338 | ||
339 | /* | |
340 | * Free an object after stripping the keyring flag off of the pointer. | |
341 | */ | |
342 | static void keyring_free_object(void *object) | |
343 | { | |
344 | key_put(keyring_ptr_to_key(object)); | |
345 | } | |
346 | ||
347 | /* | |
348 | * Operations for keyring management by the index-tree routines. | |
349 | */ | |
350 | static const struct assoc_array_ops keyring_assoc_array_ops = { | |
351 | .get_key_chunk = keyring_get_key_chunk, | |
352 | .get_object_key_chunk = keyring_get_object_key_chunk, | |
353 | .compare_object = keyring_compare_object, | |
354 | .diff_objects = keyring_diff_objects, | |
355 | .free_object = keyring_free_object, | |
356 | }; | |
357 | ||
1da177e4 | 358 | /* |
973c9f4f DH |
359 | * Clean up a keyring when it is destroyed. Unpublish its name if it had one |
360 | * and dispose of its data. | |
233e4735 DH |
361 | * |
362 | * The garbage collector detects the final key_put(), removes the keyring from | |
363 | * the serial number tree and then does RCU synchronisation before coming here, | |
364 | * so we shouldn't need to worry about code poking around here with the RCU | |
365 | * readlock held by this time. | |
1da177e4 LT |
366 | */ |
367 | static void keyring_destroy(struct key *keyring) | |
368 | { | |
1da177e4 LT |
369 | if (keyring->description) { |
370 | write_lock(&keyring_name_lock); | |
94efe72f | 371 | |
146aa8b1 DH |
372 | if (keyring->name_link.next != NULL && |
373 | !list_empty(&keyring->name_link)) | |
374 | list_del(&keyring->name_link); | |
94efe72f | 375 | |
1da177e4 LT |
376 | write_unlock(&keyring_name_lock); |
377 | } | |
378 | ||
2b6aa412 MM |
379 | if (keyring->restrict_link) { |
380 | struct key_restriction *keyres = keyring->restrict_link; | |
381 | ||
382 | key_put(keyres->key); | |
383 | kfree(keyres); | |
384 | } | |
385 | ||
b2a4df20 | 386 | assoc_array_destroy(&keyring->keys, &keyring_assoc_array_ops); |
a8b17ed0 | 387 | } |
1da177e4 | 388 | |
1da177e4 | 389 | /* |
973c9f4f | 390 | * Describe a keyring for /proc. |
1da177e4 LT |
391 | */ |
392 | static void keyring_describe(const struct key *keyring, struct seq_file *m) | |
393 | { | |
c8563473 | 394 | if (keyring->description) |
1da177e4 | 395 | seq_puts(m, keyring->description); |
c8563473 | 396 | else |
1da177e4 | 397 | seq_puts(m, "[anon]"); |
1da177e4 | 398 | |
363b02da | 399 | if (key_is_positive(keyring)) { |
b2a4df20 DH |
400 | if (keyring->keys.nr_leaves_on_tree != 0) |
401 | seq_printf(m, ": %lu", keyring->keys.nr_leaves_on_tree); | |
78b7280c DH |
402 | else |
403 | seq_puts(m, ": empty"); | |
78b7280c | 404 | } |
a8b17ed0 | 405 | } |
1da177e4 | 406 | |
b2a4df20 | 407 | struct keyring_read_iterator_context { |
e645016a | 408 | size_t buflen; |
b2a4df20 DH |
409 | size_t count; |
410 | key_serial_t __user *buffer; | |
411 | }; | |
412 | ||
413 | static int keyring_read_iterator(const void *object, void *data) | |
414 | { | |
415 | struct keyring_read_iterator_context *ctx = data; | |
416 | const struct key *key = keyring_ptr_to_key(object); | |
417 | int ret; | |
418 | ||
419 | kenter("{%s,%d},,{%zu/%zu}", | |
e645016a | 420 | key->type->name, key->serial, ctx->count, ctx->buflen); |
b2a4df20 | 421 | |
e645016a | 422 | if (ctx->count >= ctx->buflen) |
b2a4df20 DH |
423 | return 1; |
424 | ||
425 | ret = put_user(key->serial, ctx->buffer); | |
426 | if (ret < 0) | |
427 | return ret; | |
428 | ctx->buffer++; | |
429 | ctx->count += sizeof(key->serial); | |
430 | return 0; | |
431 | } | |
432 | ||
1da177e4 | 433 | /* |
973c9f4f DH |
434 | * Read a list of key IDs from the keyring's contents in binary form |
435 | * | |
b2a4df20 DH |
436 | * The keyring's semaphore is read-locked by the caller. This prevents someone |
437 | * from modifying it under us - which could cause us to read key IDs multiple | |
438 | * times. | |
1da177e4 LT |
439 | */ |
440 | static long keyring_read(const struct key *keyring, | |
441 | char __user *buffer, size_t buflen) | |
442 | { | |
b2a4df20 | 443 | struct keyring_read_iterator_context ctx; |
3239b6f2 | 444 | long ret; |
1da177e4 | 445 | |
b2a4df20 DH |
446 | kenter("{%d},,%zu", key_serial(keyring), buflen); |
447 | ||
448 | if (buflen & (sizeof(key_serial_t) - 1)) | |
449 | return -EINVAL; | |
450 | ||
3239b6f2 EB |
451 | /* Copy as many key IDs as fit into the buffer */ |
452 | if (buffer && buflen) { | |
453 | ctx.buffer = (key_serial_t __user *)buffer; | |
454 | ctx.buflen = buflen; | |
455 | ctx.count = 0; | |
456 | ret = assoc_array_iterate(&keyring->keys, | |
457 | keyring_read_iterator, &ctx); | |
458 | if (ret < 0) { | |
459 | kleave(" = %ld [iterate]", ret); | |
460 | return ret; | |
461 | } | |
1da177e4 LT |
462 | } |
463 | ||
3239b6f2 EB |
464 | /* Return the size of the buffer needed */ |
465 | ret = keyring->keys.nr_leaves_on_tree * sizeof(key_serial_t); | |
466 | if (ret <= buflen) | |
467 | kleave("= %ld [ok]", ret); | |
468 | else | |
469 | kleave("= %ld [buffer too small]", ret); | |
470 | return ret; | |
a8b17ed0 | 471 | } |
1da177e4 | 472 | |
1da177e4 | 473 | /* |
973c9f4f | 474 | * Allocate a keyring and link into the destination keyring. |
1da177e4 | 475 | */ |
9a56c2db | 476 | struct key *keyring_alloc(const char *description, kuid_t uid, kgid_t gid, |
96b5c8fe | 477 | const struct cred *cred, key_perm_t perm, |
5ac7eace | 478 | unsigned long flags, |
2b6aa412 | 479 | struct key_restriction *restrict_link, |
5ac7eace | 480 | struct key *dest) |
1da177e4 LT |
481 | { |
482 | struct key *keyring; | |
483 | int ret; | |
484 | ||
485 | keyring = key_alloc(&key_type_keyring, description, | |
5ac7eace | 486 | uid, gid, cred, perm, flags, restrict_link); |
1da177e4 | 487 | if (!IS_ERR(keyring)) { |
3e30148c | 488 | ret = key_instantiate_and_link(keyring, NULL, 0, dest, NULL); |
1da177e4 LT |
489 | if (ret < 0) { |
490 | key_put(keyring); | |
491 | keyring = ERR_PTR(ret); | |
492 | } | |
493 | } | |
494 | ||
495 | return keyring; | |
a8b17ed0 | 496 | } |
f8aa23a5 | 497 | EXPORT_SYMBOL(keyring_alloc); |
1da177e4 | 498 | |
5ac7eace DH |
499 | /** |
500 | * restrict_link_reject - Give -EPERM to restrict link | |
501 | * @keyring: The keyring being added to. | |
502 | * @type: The type of key being added. | |
5ac7eace | 503 | * @payload: The payload of the key intended to be added. |
9fd16537 | 504 | * @restriction_key: Keys providing additional data for evaluating restriction. |
5ac7eace DH |
505 | * |
506 | * Reject the addition of any links to a keyring. It can be overridden by | |
507 | * passing KEY_ALLOC_BYPASS_RESTRICTION to key_instantiate_and_link() when | |
508 | * adding a key to a keyring. | |
509 | * | |
2b6aa412 MM |
510 | * This is meant to be stored in a key_restriction structure which is passed |
511 | * in the restrict_link parameter to keyring_alloc(). | |
5ac7eace DH |
512 | */ |
513 | int restrict_link_reject(struct key *keyring, | |
514 | const struct key_type *type, | |
aaf66c88 MM |
515 | const union key_payload *payload, |
516 | struct key *restriction_key) | |
5ac7eace DH |
517 | { |
518 | return -EPERM; | |
519 | } | |
520 | ||
c06cfb08 DH |
521 | /* |
522 | * By default, we keys found by getting an exact match on their descriptions. | |
523 | */ | |
0c903ab6 DH |
524 | bool key_default_cmp(const struct key *key, |
525 | const struct key_match_data *match_data) | |
c06cfb08 DH |
526 | { |
527 | return strcmp(key->description, match_data->raw_data) == 0; | |
528 | } | |
529 | ||
b2a4df20 DH |
530 | /* |
531 | * Iteration function to consider each key found. | |
1da177e4 | 532 | */ |
b2a4df20 | 533 | static int keyring_search_iterator(const void *object, void *iterator_data) |
1da177e4 | 534 | { |
b2a4df20 DH |
535 | struct keyring_search_context *ctx = iterator_data; |
536 | const struct key *key = keyring_ptr_to_key(object); | |
363b02da DH |
537 | unsigned long kflags = READ_ONCE(key->flags); |
538 | short state = READ_ONCE(key->state); | |
1da177e4 | 539 | |
b2a4df20 | 540 | kenter("{%d}", key->serial); |
1da177e4 | 541 | |
b2a4df20 DH |
542 | /* ignore keys not of this type */ |
543 | if (key->type != ctx->index_key.type) { | |
544 | kleave(" = 0 [!type]"); | |
545 | return 0; | |
29db9190 | 546 | } |
1da177e4 | 547 | |
b2a4df20 DH |
548 | /* skip invalidated, revoked and expired keys */ |
549 | if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { | |
074d5898 | 550 | time64_t expiry = READ_ONCE(key->expiry); |
9d6c8711 | 551 | |
b2a4df20 DH |
552 | if (kflags & ((1 << KEY_FLAG_INVALIDATED) | |
553 | (1 << KEY_FLAG_REVOKED))) { | |
554 | ctx->result = ERR_PTR(-EKEYREVOKED); | |
555 | kleave(" = %d [invrev]", ctx->skipped_ret); | |
556 | goto skipped; | |
557 | } | |
1da177e4 | 558 | |
074d5898 | 559 | if (expiry && ctx->now >= expiry) { |
0b0a8415 DH |
560 | if (!(ctx->flags & KEYRING_SEARCH_SKIP_EXPIRED)) |
561 | ctx->result = ERR_PTR(-EKEYEXPIRED); | |
b2a4df20 DH |
562 | kleave(" = %d [expire]", ctx->skipped_ret); |
563 | goto skipped; | |
564 | } | |
565 | } | |
664cceb0 | 566 | |
b2a4df20 | 567 | /* keys that don't match */ |
46291959 | 568 | if (!ctx->match_data.cmp(key, &ctx->match_data)) { |
b2a4df20 DH |
569 | kleave(" = 0 [!match]"); |
570 | return 0; | |
571 | } | |
dceba994 | 572 | |
b2a4df20 DH |
573 | /* key must have search permissions */ |
574 | if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && | |
575 | key_task_permission(make_key_ref(key, ctx->possessed), | |
f5895943 | 576 | ctx->cred, KEY_NEED_SEARCH) < 0) { |
b2a4df20 DH |
577 | ctx->result = ERR_PTR(-EACCES); |
578 | kleave(" = %d [!perm]", ctx->skipped_ret); | |
579 | goto skipped; | |
dceba994 KC |
580 | } |
581 | ||
b2a4df20 DH |
582 | if (ctx->flags & KEYRING_SEARCH_DO_STATE_CHECK) { |
583 | /* we set a different error code if we pass a negative key */ | |
363b02da DH |
584 | if (state < 0) { |
585 | ctx->result = ERR_PTR(state); | |
b2a4df20 DH |
586 | kleave(" = %d [neg]", ctx->skipped_ret); |
587 | goto skipped; | |
588 | } | |
589 | } | |
1da177e4 | 590 | |
b2a4df20 DH |
591 | /* Found */ |
592 | ctx->result = make_key_ref(key, ctx->possessed); | |
593 | kleave(" = 1 [found]"); | |
594 | return 1; | |
1da177e4 | 595 | |
b2a4df20 DH |
596 | skipped: |
597 | return ctx->skipped_ret; | |
598 | } | |
1da177e4 | 599 | |
b2a4df20 DH |
600 | /* |
601 | * Search inside a keyring for a key. We can search by walking to it | |
602 | * directly based on its index-key or we can iterate over the entire | |
603 | * tree looking for it, based on the match function. | |
604 | */ | |
605 | static int search_keyring(struct key *keyring, struct keyring_search_context *ctx) | |
606 | { | |
46291959 | 607 | if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_DIRECT) { |
b2a4df20 DH |
608 | const void *object; |
609 | ||
610 | object = assoc_array_find(&keyring->keys, | |
611 | &keyring_assoc_array_ops, | |
612 | &ctx->index_key); | |
613 | return object ? ctx->iterator(object, ctx) : 0; | |
614 | } | |
615 | return assoc_array_iterate(&keyring->keys, ctx->iterator, ctx); | |
616 | } | |
1da177e4 | 617 | |
b2a4df20 DH |
618 | /* |
619 | * Search a tree of keyrings that point to other keyrings up to the maximum | |
620 | * depth. | |
621 | */ | |
622 | static bool search_nested_keyrings(struct key *keyring, | |
623 | struct keyring_search_context *ctx) | |
624 | { | |
625 | struct { | |
626 | struct key *keyring; | |
627 | struct assoc_array_node *node; | |
628 | int slot; | |
629 | } stack[KEYRING_SEARCH_MAX_DEPTH]; | |
1da177e4 | 630 | |
b2a4df20 DH |
631 | struct assoc_array_shortcut *shortcut; |
632 | struct assoc_array_node *node; | |
633 | struct assoc_array_ptr *ptr; | |
634 | struct key *key; | |
635 | int sp = 0, slot; | |
1da177e4 | 636 | |
b2a4df20 DH |
637 | kenter("{%d},{%s,%s}", |
638 | keyring->serial, | |
639 | ctx->index_key.type->name, | |
640 | ctx->index_key.description); | |
1da177e4 | 641 | |
054f6180 DH |
642 | #define STATE_CHECKS (KEYRING_SEARCH_NO_STATE_CHECK | KEYRING_SEARCH_DO_STATE_CHECK) |
643 | BUG_ON((ctx->flags & STATE_CHECKS) == 0 || | |
644 | (ctx->flags & STATE_CHECKS) == STATE_CHECKS); | |
645 | ||
f771fde8 DH |
646 | if (ctx->index_key.description) |
647 | key_set_index_key(&ctx->index_key); | |
648 | ||
b2a4df20 DH |
649 | /* Check to see if this top-level keyring is what we are looking for |
650 | * and whether it is valid or not. | |
651 | */ | |
46291959 | 652 | if (ctx->match_data.lookup_type == KEYRING_SEARCH_LOOKUP_ITERATE || |
b2a4df20 DH |
653 | keyring_compare_object(keyring, &ctx->index_key)) { |
654 | ctx->skipped_ret = 2; | |
b2a4df20 DH |
655 | switch (ctx->iterator(keyring_key_to_ptr(keyring), ctx)) { |
656 | case 1: | |
78b7280c | 657 | goto found; |
b2a4df20 DH |
658 | case 2: |
659 | return false; | |
660 | default: | |
661 | break; | |
1da177e4 | 662 | } |
b2a4df20 | 663 | } |
1da177e4 | 664 | |
b2a4df20 | 665 | ctx->skipped_ret = 0; |
b2a4df20 DH |
666 | |
667 | /* Start processing a new keyring */ | |
668 | descend_to_keyring: | |
669 | kdebug("descend to %d", keyring->serial); | |
670 | if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) | | |
671 | (1 << KEY_FLAG_REVOKED))) | |
672 | goto not_this_keyring; | |
673 | ||
674 | /* Search through the keys in this keyring before its searching its | |
675 | * subtrees. | |
676 | */ | |
677 | if (search_keyring(keyring, ctx)) | |
1da177e4 | 678 | goto found; |
1da177e4 | 679 | |
b2a4df20 DH |
680 | /* Then manually iterate through the keyrings nested in this one. |
681 | * | |
682 | * Start from the root node of the index tree. Because of the way the | |
683 | * hash function has been set up, keyrings cluster on the leftmost | |
684 | * branch of the root node (root slot 0) or in the root node itself. | |
685 | * Non-keyrings avoid the leftmost branch of the root entirely (root | |
686 | * slots 1-15). | |
687 | */ | |
381f20fc | 688 | ptr = READ_ONCE(keyring->keys.root); |
b2a4df20 DH |
689 | if (!ptr) |
690 | goto not_this_keyring; | |
1da177e4 | 691 | |
b2a4df20 DH |
692 | if (assoc_array_ptr_is_shortcut(ptr)) { |
693 | /* If the root is a shortcut, either the keyring only contains | |
694 | * keyring pointers (everything clusters behind root slot 0) or | |
695 | * doesn't contain any keyring pointers. | |
1da177e4 | 696 | */ |
b2a4df20 | 697 | shortcut = assoc_array_ptr_to_shortcut(ptr); |
b2a4df20 DH |
698 | if ((shortcut->index_key[0] & ASSOC_ARRAY_FAN_MASK) != 0) |
699 | goto not_this_keyring; | |
700 | ||
381f20fc | 701 | ptr = READ_ONCE(shortcut->next_node); |
b2a4df20 DH |
702 | node = assoc_array_ptr_to_node(ptr); |
703 | goto begin_node; | |
704 | } | |
705 | ||
706 | node = assoc_array_ptr_to_node(ptr); | |
b2a4df20 DH |
707 | ptr = node->slots[0]; |
708 | if (!assoc_array_ptr_is_meta(ptr)) | |
709 | goto begin_node; | |
710 | ||
711 | descend_to_node: | |
712 | /* Descend to a more distal node in this keyring's content tree and go | |
713 | * through that. | |
714 | */ | |
715 | kdebug("descend"); | |
716 | if (assoc_array_ptr_is_shortcut(ptr)) { | |
717 | shortcut = assoc_array_ptr_to_shortcut(ptr); | |
381f20fc | 718 | ptr = READ_ONCE(shortcut->next_node); |
b2a4df20 | 719 | BUG_ON(!assoc_array_ptr_is_node(ptr)); |
b2a4df20 | 720 | } |
9c5e45df | 721 | node = assoc_array_ptr_to_node(ptr); |
b2a4df20 DH |
722 | |
723 | begin_node: | |
724 | kdebug("begin_node"); | |
b2a4df20 DH |
725 | slot = 0; |
726 | ascend_to_node: | |
727 | /* Go through the slots in a node */ | |
728 | for (; slot < ASSOC_ARRAY_FAN_OUT; slot++) { | |
381f20fc | 729 | ptr = READ_ONCE(node->slots[slot]); |
b2a4df20 DH |
730 | |
731 | if (assoc_array_ptr_is_meta(ptr) && node->back_pointer) | |
732 | goto descend_to_node; | |
733 | ||
734 | if (!keyring_ptr_is_keyring(ptr)) | |
76d8aeab | 735 | continue; |
1da177e4 | 736 | |
b2a4df20 DH |
737 | key = keyring_ptr_to_key(ptr); |
738 | ||
739 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) { | |
740 | if (ctx->flags & KEYRING_SEARCH_DETECT_TOO_DEEP) { | |
741 | ctx->result = ERR_PTR(-ELOOP); | |
742 | return false; | |
743 | } | |
744 | goto not_this_keyring; | |
745 | } | |
746 | ||
747 | /* Search a nested keyring */ | |
748 | if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM) && | |
749 | key_task_permission(make_key_ref(key, ctx->possessed), | |
f5895943 | 750 | ctx->cred, KEY_NEED_SEARCH) < 0) |
76d8aeab | 751 | continue; |
1da177e4 LT |
752 | |
753 | /* stack the current position */ | |
31d5a79d | 754 | stack[sp].keyring = keyring; |
b2a4df20 DH |
755 | stack[sp].node = node; |
756 | stack[sp].slot = slot; | |
1da177e4 LT |
757 | sp++; |
758 | ||
759 | /* begin again with the new keyring */ | |
760 | keyring = key; | |
b2a4df20 DH |
761 | goto descend_to_keyring; |
762 | } | |
763 | ||
764 | /* We've dealt with all the slots in the current node, so now we need | |
765 | * to ascend to the parent and continue processing there. | |
766 | */ | |
381f20fc | 767 | ptr = READ_ONCE(node->back_pointer); |
b2a4df20 DH |
768 | slot = node->parent_slot; |
769 | ||
770 | if (ptr && assoc_array_ptr_is_shortcut(ptr)) { | |
771 | shortcut = assoc_array_ptr_to_shortcut(ptr); | |
381f20fc | 772 | ptr = READ_ONCE(shortcut->back_pointer); |
b2a4df20 DH |
773 | slot = shortcut->parent_slot; |
774 | } | |
775 | if (!ptr) | |
776 | goto not_this_keyring; | |
777 | node = assoc_array_ptr_to_node(ptr); | |
b2a4df20 DH |
778 | slot++; |
779 | ||
780 | /* If we've ascended to the root (zero backpointer), we must have just | |
781 | * finished processing the leftmost branch rather than the root slots - | |
782 | * so there can't be any more keyrings for us to find. | |
783 | */ | |
784 | if (node->back_pointer) { | |
785 | kdebug("ascend %d", slot); | |
786 | goto ascend_to_node; | |
1da177e4 LT |
787 | } |
788 | ||
b2a4df20 DH |
789 | /* The keyring we're looking at was disqualified or didn't contain a |
790 | * matching key. | |
791 | */ | |
664cceb0 | 792 | not_this_keyring: |
b2a4df20 DH |
793 | kdebug("not_this_keyring %d", sp); |
794 | if (sp <= 0) { | |
795 | kleave(" = false"); | |
796 | return false; | |
1da177e4 LT |
797 | } |
798 | ||
b2a4df20 DH |
799 | /* Resume the processing of a keyring higher up in the tree */ |
800 | sp--; | |
801 | keyring = stack[sp].keyring; | |
802 | node = stack[sp].node; | |
803 | slot = stack[sp].slot + 1; | |
804 | kdebug("ascend to %d [%d]", keyring->serial, slot); | |
805 | goto ascend_to_node; | |
1da177e4 | 806 | |
b2a4df20 | 807 | /* We found a viable match */ |
664cceb0 | 808 | found: |
b2a4df20 | 809 | key = key_ref_to_ptr(ctx->result); |
1da177e4 | 810 | key_check(key); |
b2a4df20 | 811 | if (!(ctx->flags & KEYRING_SEARCH_NO_UPDATE_TIME)) { |
074d5898 BW |
812 | key->last_used_at = ctx->now; |
813 | keyring->last_used_at = ctx->now; | |
b2a4df20 | 814 | while (sp > 0) |
074d5898 | 815 | stack[--sp].keyring->last_used_at = ctx->now; |
b2a4df20 DH |
816 | } |
817 | kleave(" = true"); | |
818 | return true; | |
819 | } | |
820 | ||
821 | /** | |
e59428f7 | 822 | * keyring_search_rcu - Search a keyring tree for a matching key under RCU |
b2a4df20 DH |
823 | * @keyring_ref: A pointer to the keyring with possession indicator. |
824 | * @ctx: The keyring search context. | |
825 | * | |
826 | * Search the supplied keyring tree for a key that matches the criteria given. | |
827 | * The root keyring and any linked keyrings must grant Search permission to the | |
828 | * caller to be searchable and keys can only be found if they too grant Search | |
829 | * to the caller. The possession flag on the root keyring pointer controls use | |
830 | * of the possessor bits in permissions checking of the entire tree. In | |
831 | * addition, the LSM gets to forbid keyring searches and key matches. | |
832 | * | |
833 | * The search is performed as a breadth-then-depth search up to the prescribed | |
e59428f7 DH |
834 | * limit (KEYRING_SEARCH_MAX_DEPTH). The caller must hold the RCU read lock to |
835 | * prevent keyrings from being destroyed or rearranged whilst they are being | |
836 | * searched. | |
b2a4df20 DH |
837 | * |
838 | * Keys are matched to the type provided and are then filtered by the match | |
839 | * function, which is given the description to use in any way it sees fit. The | |
840 | * match function may use any attributes of a key that it wishes to to | |
841 | * determine the match. Normally the match function from the key type would be | |
842 | * used. | |
843 | * | |
844 | * RCU can be used to prevent the keyring key lists from disappearing without | |
845 | * the need to take lots of locks. | |
846 | * | |
847 | * Returns a pointer to the found key and increments the key usage count if | |
848 | * successful; -EAGAIN if no matching keys were found, or if expired or revoked | |
849 | * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the | |
850 | * specified keyring wasn't a keyring. | |
851 | * | |
852 | * In the case of a successful return, the possession attribute from | |
853 | * @keyring_ref is propagated to the returned key reference. | |
854 | */ | |
e59428f7 | 855 | key_ref_t keyring_search_rcu(key_ref_t keyring_ref, |
b2a4df20 DH |
856 | struct keyring_search_context *ctx) |
857 | { | |
858 | struct key *keyring; | |
859 | long err; | |
860 | ||
861 | ctx->iterator = keyring_search_iterator; | |
862 | ctx->possessed = is_key_possessed(keyring_ref); | |
863 | ctx->result = ERR_PTR(-EAGAIN); | |
864 | ||
865 | keyring = key_ref_to_ptr(keyring_ref); | |
866 | key_check(keyring); | |
867 | ||
868 | if (keyring->type != &key_type_keyring) | |
869 | return ERR_PTR(-ENOTDIR); | |
870 | ||
871 | if (!(ctx->flags & KEYRING_SEARCH_NO_CHECK_PERM)) { | |
f5895943 | 872 | err = key_task_permission(keyring_ref, ctx->cred, KEY_NEED_SEARCH); |
b2a4df20 DH |
873 | if (err < 0) |
874 | return ERR_PTR(err); | |
875 | } | |
876 | ||
074d5898 | 877 | ctx->now = ktime_get_real_seconds(); |
b2a4df20 DH |
878 | if (search_nested_keyrings(keyring, ctx)) |
879 | __key_get(key_ref_to_ptr(ctx->result)); | |
b2a4df20 | 880 | return ctx->result; |
a8b17ed0 | 881 | } |
1da177e4 | 882 | |
973c9f4f DH |
883 | /** |
884 | * keyring_search - Search the supplied keyring tree for a matching key | |
885 | * @keyring: The root of the keyring tree to be searched. | |
886 | * @type: The type of keyring we want to find. | |
887 | * @description: The name of the keyring we want to find. | |
888 | * | |
e59428f7 | 889 | * As keyring_search_rcu() above, but using the current task's credentials and |
b2a4df20 | 890 | * type's default matching function and preferred search method. |
1da177e4 | 891 | */ |
664cceb0 DH |
892 | key_ref_t keyring_search(key_ref_t keyring, |
893 | struct key_type *type, | |
894 | const char *description) | |
1da177e4 | 895 | { |
4bdf0bc3 DH |
896 | struct keyring_search_context ctx = { |
897 | .index_key.type = type, | |
898 | .index_key.description = description, | |
ede0fa98 | 899 | .index_key.desc_len = strlen(description), |
4bdf0bc3 | 900 | .cred = current_cred(), |
c06cfb08 | 901 | .match_data.cmp = key_default_cmp, |
46291959 DH |
902 | .match_data.raw_data = description, |
903 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | |
904 | .flags = KEYRING_SEARCH_DO_STATE_CHECK, | |
4bdf0bc3 | 905 | }; |
46291959 DH |
906 | key_ref_t key; |
907 | int ret; | |
4bdf0bc3 | 908 | |
46291959 DH |
909 | if (type->match_preparse) { |
910 | ret = type->match_preparse(&ctx.match_data); | |
911 | if (ret < 0) | |
912 | return ERR_PTR(ret); | |
913 | } | |
914 | ||
e59428f7 DH |
915 | rcu_read_lock(); |
916 | key = keyring_search_rcu(keyring, &ctx); | |
917 | rcu_read_unlock(); | |
46291959 DH |
918 | |
919 | if (type->match_free) | |
920 | type->match_free(&ctx.match_data); | |
921 | return key; | |
a8b17ed0 | 922 | } |
1da177e4 LT |
923 | EXPORT_SYMBOL(keyring_search); |
924 | ||
6563c91f MM |
925 | static struct key_restriction *keyring_restriction_alloc( |
926 | key_restrict_link_func_t check) | |
927 | { | |
928 | struct key_restriction *keyres = | |
929 | kzalloc(sizeof(struct key_restriction), GFP_KERNEL); | |
930 | ||
931 | if (!keyres) | |
932 | return ERR_PTR(-ENOMEM); | |
933 | ||
934 | keyres->check = check; | |
935 | ||
936 | return keyres; | |
937 | } | |
938 | ||
939 | /* | |
940 | * Semaphore to serialise restriction setup to prevent reference count | |
941 | * cycles through restriction key pointers. | |
942 | */ | |
943 | static DECLARE_RWSEM(keyring_serialise_restrict_sem); | |
944 | ||
945 | /* | |
946 | * Check for restriction cycles that would prevent keyring garbage collection. | |
947 | * keyring_serialise_restrict_sem must be held. | |
948 | */ | |
949 | static bool keyring_detect_restriction_cycle(const struct key *dest_keyring, | |
950 | struct key_restriction *keyres) | |
951 | { | |
952 | while (keyres && keyres->key && | |
953 | keyres->key->type == &key_type_keyring) { | |
954 | if (keyres->key == dest_keyring) | |
955 | return true; | |
956 | ||
957 | keyres = keyres->key->restrict_link; | |
958 | } | |
959 | ||
960 | return false; | |
961 | } | |
962 | ||
963 | /** | |
964 | * keyring_restrict - Look up and apply a restriction to a keyring | |
9fd16537 DH |
965 | * @keyring_ref: The keyring to be restricted |
966 | * @type: The key type that will provide the restriction checker. | |
6563c91f | 967 | * @restriction: The restriction options to apply to the keyring |
9fd16537 DH |
968 | * |
969 | * Look up a keyring and apply a restriction to it. The restriction is managed | |
970 | * by the specific key type, but can be configured by the options specified in | |
971 | * the restriction string. | |
6563c91f MM |
972 | */ |
973 | int keyring_restrict(key_ref_t keyring_ref, const char *type, | |
974 | const char *restriction) | |
975 | { | |
976 | struct key *keyring; | |
977 | struct key_type *restrict_type = NULL; | |
978 | struct key_restriction *restrict_link; | |
979 | int ret = 0; | |
980 | ||
981 | keyring = key_ref_to_ptr(keyring_ref); | |
982 | key_check(keyring); | |
983 | ||
984 | if (keyring->type != &key_type_keyring) | |
985 | return -ENOTDIR; | |
986 | ||
987 | if (!type) { | |
988 | restrict_link = keyring_restriction_alloc(restrict_link_reject); | |
989 | } else { | |
990 | restrict_type = key_type_lookup(type); | |
991 | ||
992 | if (IS_ERR(restrict_type)) | |
993 | return PTR_ERR(restrict_type); | |
994 | ||
995 | if (!restrict_type->lookup_restriction) { | |
996 | ret = -ENOENT; | |
997 | goto error; | |
998 | } | |
999 | ||
1000 | restrict_link = restrict_type->lookup_restriction(restriction); | |
1001 | } | |
1002 | ||
1003 | if (IS_ERR(restrict_link)) { | |
1004 | ret = PTR_ERR(restrict_link); | |
1005 | goto error; | |
1006 | } | |
1007 | ||
1008 | down_write(&keyring->sem); | |
1009 | down_write(&keyring_serialise_restrict_sem); | |
1010 | ||
1011 | if (keyring->restrict_link) | |
1012 | ret = -EEXIST; | |
1013 | else if (keyring_detect_restriction_cycle(keyring, restrict_link)) | |
1014 | ret = -EDEADLK; | |
1015 | else | |
1016 | keyring->restrict_link = restrict_link; | |
1017 | ||
1018 | up_write(&keyring_serialise_restrict_sem); | |
1019 | up_write(&keyring->sem); | |
1020 | ||
1021 | if (ret < 0) { | |
1022 | key_put(restrict_link->key); | |
1023 | kfree(restrict_link); | |
1024 | } | |
1025 | ||
1026 | error: | |
1027 | if (restrict_type) | |
1028 | key_type_put(restrict_type); | |
1029 | ||
1030 | return ret; | |
1031 | } | |
1032 | EXPORT_SYMBOL(keyring_restrict); | |
1033 | ||
1da177e4 | 1034 | /* |
b2a4df20 | 1035 | * Search the given keyring for a key that might be updated. |
973c9f4f DH |
1036 | * |
1037 | * The caller must guarantee that the keyring is a keyring and that the | |
b2a4df20 DH |
1038 | * permission is granted to modify the keyring as no check is made here. The |
1039 | * caller must also hold a lock on the keyring semaphore. | |
973c9f4f DH |
1040 | * |
1041 | * Returns a pointer to the found key with usage count incremented if | |
b2a4df20 DH |
1042 | * successful and returns NULL if not found. Revoked and invalidated keys are |
1043 | * skipped over. | |
973c9f4f DH |
1044 | * |
1045 | * If successful, the possession indicator is propagated from the keyring ref | |
1046 | * to the returned key reference. | |
1da177e4 | 1047 | */ |
b2a4df20 DH |
1048 | key_ref_t find_key_to_update(key_ref_t keyring_ref, |
1049 | const struct keyring_index_key *index_key) | |
1da177e4 | 1050 | { |
664cceb0 | 1051 | struct key *keyring, *key; |
b2a4df20 | 1052 | const void *object; |
1da177e4 | 1053 | |
664cceb0 | 1054 | keyring = key_ref_to_ptr(keyring_ref); |
664cceb0 | 1055 | |
b2a4df20 DH |
1056 | kenter("{%d},{%s,%s}", |
1057 | keyring->serial, index_key->type->name, index_key->description); | |
76d8aeab | 1058 | |
b2a4df20 DH |
1059 | object = assoc_array_find(&keyring->keys, &keyring_assoc_array_ops, |
1060 | index_key); | |
1da177e4 | 1061 | |
b2a4df20 DH |
1062 | if (object) |
1063 | goto found; | |
1064 | ||
1065 | kleave(" = NULL"); | |
1066 | return NULL; | |
1da177e4 | 1067 | |
c5b60b5e | 1068 | found: |
b2a4df20 DH |
1069 | key = keyring_ptr_to_key(object); |
1070 | if (key->flags & ((1 << KEY_FLAG_INVALIDATED) | | |
1071 | (1 << KEY_FLAG_REVOKED))) { | |
1072 | kleave(" = NULL [x]"); | |
1073 | return NULL; | |
1074 | } | |
ccc3e6d9 | 1075 | __key_get(key); |
b2a4df20 DH |
1076 | kleave(" = {%d}", key->serial); |
1077 | return make_key_ref(key, is_key_possessed(keyring_ref)); | |
a8b17ed0 | 1078 | } |
1da177e4 | 1079 | |
1da177e4 | 1080 | /* |
973c9f4f DH |
1081 | * Find a keyring with the specified name. |
1082 | * | |
237bbd29 EB |
1083 | * Only keyrings that have nonzero refcount, are not revoked, and are owned by a |
1084 | * user in the current user namespace are considered. If @uid_keyring is %true, | |
1085 | * the keyring additionally must have been allocated as a user or user session | |
1086 | * keyring; otherwise, it must grant Search permission directly to the caller. | |
973c9f4f DH |
1087 | * |
1088 | * Returns a pointer to the keyring with the keyring's refcount having being | |
1089 | * incremented on success. -ENOKEY is returned if a key could not be found. | |
1da177e4 | 1090 | */ |
237bbd29 | 1091 | struct key *find_keyring_by_name(const char *name, bool uid_keyring) |
1da177e4 LT |
1092 | { |
1093 | struct key *keyring; | |
1094 | int bucket; | |
1095 | ||
1da177e4 | 1096 | if (!name) |
cea7daa3 | 1097 | return ERR_PTR(-EINVAL); |
1da177e4 LT |
1098 | |
1099 | bucket = keyring_hash(name); | |
1100 | ||
1101 | read_lock(&keyring_name_lock); | |
1102 | ||
1103 | if (keyring_name_hash[bucket].next) { | |
1104 | /* search this hash bucket for a keyring with a matching name | |
1105 | * that's readable and that hasn't been revoked */ | |
1106 | list_for_each_entry(keyring, | |
1107 | &keyring_name_hash[bucket], | |
146aa8b1 | 1108 | name_link |
1da177e4 | 1109 | ) { |
9a56c2db | 1110 | if (!kuid_has_mapping(current_user_ns(), keyring->user->uid)) |
2ea190d0 SH |
1111 | continue; |
1112 | ||
76d8aeab | 1113 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) |
1da177e4 LT |
1114 | continue; |
1115 | ||
1116 | if (strcmp(keyring->description, name) != 0) | |
1117 | continue; | |
1118 | ||
237bbd29 EB |
1119 | if (uid_keyring) { |
1120 | if (!test_bit(KEY_FLAG_UID_KEYRING, | |
1121 | &keyring->flags)) | |
1122 | continue; | |
1123 | } else { | |
1124 | if (key_permission(make_key_ref(keyring, 0), | |
1125 | KEY_NEED_SEARCH) < 0) | |
1126 | continue; | |
1127 | } | |
1da177e4 | 1128 | |
cea7daa3 TO |
1129 | /* we've got a match but we might end up racing with |
1130 | * key_cleanup() if the keyring is currently 'dead' | |
1131 | * (ie. it has a zero usage count) */ | |
fff29291 | 1132 | if (!refcount_inc_not_zero(&keyring->usage)) |
cea7daa3 | 1133 | continue; |
074d5898 | 1134 | keyring->last_used_at = ktime_get_real_seconds(); |
cea7daa3 | 1135 | goto out; |
1da177e4 LT |
1136 | } |
1137 | } | |
1138 | ||
1da177e4 | 1139 | keyring = ERR_PTR(-ENOKEY); |
cea7daa3 TO |
1140 | out: |
1141 | read_unlock(&keyring_name_lock); | |
1da177e4 | 1142 | return keyring; |
a8b17ed0 | 1143 | } |
1da177e4 | 1144 | |
b2a4df20 DH |
1145 | static int keyring_detect_cycle_iterator(const void *object, |
1146 | void *iterator_data) | |
1147 | { | |
1148 | struct keyring_search_context *ctx = iterator_data; | |
1149 | const struct key *key = keyring_ptr_to_key(object); | |
1150 | ||
1151 | kenter("{%d}", key->serial); | |
1152 | ||
979e0d74 DH |
1153 | /* We might get a keyring with matching index-key that is nonetheless a |
1154 | * different keyring. */ | |
46291959 | 1155 | if (key != ctx->match_data.raw_data) |
979e0d74 DH |
1156 | return 0; |
1157 | ||
b2a4df20 DH |
1158 | ctx->result = ERR_PTR(-EDEADLK); |
1159 | return 1; | |
1160 | } | |
1161 | ||
1da177e4 | 1162 | /* |
973c9f4f DH |
1163 | * See if a cycle will will be created by inserting acyclic tree B in acyclic |
1164 | * tree A at the topmost level (ie: as a direct child of A). | |
1165 | * | |
1166 | * Since we are adding B to A at the top level, checking for cycles should just | |
1167 | * be a matter of seeing if node A is somewhere in tree B. | |
1da177e4 LT |
1168 | */ |
1169 | static int keyring_detect_cycle(struct key *A, struct key *B) | |
1170 | { | |
b2a4df20 | 1171 | struct keyring_search_context ctx = { |
46291959 DH |
1172 | .index_key = A->index_key, |
1173 | .match_data.raw_data = A, | |
1174 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | |
1175 | .iterator = keyring_detect_cycle_iterator, | |
1176 | .flags = (KEYRING_SEARCH_NO_STATE_CHECK | | |
1177 | KEYRING_SEARCH_NO_UPDATE_TIME | | |
1178 | KEYRING_SEARCH_NO_CHECK_PERM | | |
1179 | KEYRING_SEARCH_DETECT_TOO_DEEP), | |
b2a4df20 | 1180 | }; |
1da177e4 | 1181 | |
76d8aeab | 1182 | rcu_read_lock(); |
b2a4df20 | 1183 | search_nested_keyrings(B, &ctx); |
76d8aeab | 1184 | rcu_read_unlock(); |
b2a4df20 | 1185 | return PTR_ERR(ctx.result) == -EAGAIN ? 0 : PTR_ERR(ctx.result); |
f70e2e06 | 1186 | } |
cab8eb59 | 1187 | |
df593ee2 DH |
1188 | /* |
1189 | * Lock keyring for link. | |
1190 | */ | |
1191 | int __key_link_lock(struct key *keyring, | |
1192 | const struct keyring_index_key *index_key) | |
1193 | __acquires(&keyring->sem) | |
1194 | __acquires(&keyring_serialise_link_lock) | |
1195 | { | |
1196 | if (keyring->type != &key_type_keyring) | |
1197 | return -ENOTDIR; | |
1198 | ||
1199 | down_write(&keyring->sem); | |
1200 | ||
1201 | /* Serialise link/link calls to prevent parallel calls causing a cycle | |
1202 | * when linking two keyring in opposite orders. | |
1203 | */ | |
1204 | if (index_key->type == &key_type_keyring) | |
1205 | mutex_lock(&keyring_serialise_link_lock); | |
1206 | ||
1207 | return 0; | |
1208 | } | |
1209 | ||
ed0ac5c7 DH |
1210 | /* |
1211 | * Lock keyrings for move (link/unlink combination). | |
1212 | */ | |
1213 | int __key_move_lock(struct key *l_keyring, struct key *u_keyring, | |
1214 | const struct keyring_index_key *index_key) | |
1215 | __acquires(&l_keyring->sem) | |
1216 | __acquires(&u_keyring->sem) | |
1217 | __acquires(&keyring_serialise_link_lock) | |
1218 | { | |
1219 | if (l_keyring->type != &key_type_keyring || | |
1220 | u_keyring->type != &key_type_keyring) | |
1221 | return -ENOTDIR; | |
1222 | ||
1223 | /* We have to be very careful here to take the keyring locks in the | |
1224 | * right order, lest we open ourselves to deadlocking against another | |
1225 | * move operation. | |
1226 | */ | |
1227 | if (l_keyring < u_keyring) { | |
1228 | down_write(&l_keyring->sem); | |
1229 | down_write_nested(&u_keyring->sem, 1); | |
1230 | } else { | |
1231 | down_write(&u_keyring->sem); | |
1232 | down_write_nested(&l_keyring->sem, 1); | |
1233 | } | |
1234 | ||
1235 | /* Serialise link/link calls to prevent parallel calls causing a cycle | |
1236 | * when linking two keyring in opposite orders. | |
1237 | */ | |
1238 | if (index_key->type == &key_type_keyring) | |
1239 | mutex_lock(&keyring_serialise_link_lock); | |
1240 | ||
1241 | return 0; | |
1242 | } | |
1243 | ||
1da177e4 | 1244 | /* |
973c9f4f | 1245 | * Preallocate memory so that a key can be linked into to a keyring. |
1da177e4 | 1246 | */ |
b2a4df20 DH |
1247 | int __key_link_begin(struct key *keyring, |
1248 | const struct keyring_index_key *index_key, | |
1249 | struct assoc_array_edit **_edit) | |
1da177e4 | 1250 | { |
b2a4df20 DH |
1251 | struct assoc_array_edit *edit; |
1252 | int ret; | |
1da177e4 | 1253 | |
16feef43 | 1254 | kenter("%d,%s,%s,", |
b2a4df20 DH |
1255 | keyring->serial, index_key->type->name, index_key->description); |
1256 | ||
1257 | BUG_ON(index_key->desc_len == 0); | |
df593ee2 | 1258 | BUG_ON(*_edit != NULL); |
1da177e4 | 1259 | |
df593ee2 | 1260 | *_edit = NULL; |
f70e2e06 DH |
1261 | |
1262 | ret = -EKEYREVOKED; | |
1263 | if (test_bit(KEY_FLAG_REVOKED, &keyring->flags)) | |
df593ee2 | 1264 | goto error; |
553d603c | 1265 | |
b2a4df20 DH |
1266 | /* Create an edit script that will insert/replace the key in the |
1267 | * keyring tree. | |
1268 | */ | |
1269 | edit = assoc_array_insert(&keyring->keys, | |
1270 | &keyring_assoc_array_ops, | |
1271 | index_key, | |
1272 | NULL); | |
1273 | if (IS_ERR(edit)) { | |
1274 | ret = PTR_ERR(edit); | |
df593ee2 | 1275 | goto error; |
034faeb9 DH |
1276 | } |
1277 | ||
1278 | /* If we're not replacing a link in-place then we're going to need some | |
1279 | * extra quota. | |
1280 | */ | |
1281 | if (!edit->dead_leaf) { | |
1282 | ret = key_payload_reserve(keyring, | |
1283 | keyring->datalen + KEYQUOTA_LINK_BYTES); | |
1284 | if (ret < 0) | |
1285 | goto error_cancel; | |
1da177e4 LT |
1286 | } |
1287 | ||
b2a4df20 | 1288 | *_edit = edit; |
f70e2e06 DH |
1289 | kleave(" = 0"); |
1290 | return 0; | |
1da177e4 | 1291 | |
034faeb9 DH |
1292 | error_cancel: |
1293 | assoc_array_cancel_edit(edit); | |
df593ee2 | 1294 | error: |
f70e2e06 DH |
1295 | kleave(" = %d", ret); |
1296 | return ret; | |
1297 | } | |
1da177e4 | 1298 | |
f70e2e06 | 1299 | /* |
973c9f4f DH |
1300 | * Check already instantiated keys aren't going to be a problem. |
1301 | * | |
1302 | * The caller must have called __key_link_begin(). Don't need to call this for | |
1303 | * keys that were created since __key_link_begin() was called. | |
f70e2e06 DH |
1304 | */ |
1305 | int __key_link_check_live_key(struct key *keyring, struct key *key) | |
1306 | { | |
1307 | if (key->type == &key_type_keyring) | |
1308 | /* check that we aren't going to create a cycle by linking one | |
1309 | * keyring to another */ | |
1310 | return keyring_detect_cycle(keyring, key); | |
1311 | return 0; | |
1312 | } | |
1313 | ||
1314 | /* | |
973c9f4f DH |
1315 | * Link a key into to a keyring. |
1316 | * | |
1317 | * Must be called with __key_link_begin() having being called. Discards any | |
1318 | * already extant link to matching key if there is one, so that each keyring | |
1319 | * holds at most one link to any given key of a particular type+description | |
1320 | * combination. | |
f70e2e06 | 1321 | */ |
b2a4df20 | 1322 | void __key_link(struct key *key, struct assoc_array_edit **_edit) |
f70e2e06 | 1323 | { |
ccc3e6d9 | 1324 | __key_get(key); |
b2a4df20 DH |
1325 | assoc_array_insert_set_object(*_edit, keyring_key_to_ptr(key)); |
1326 | assoc_array_apply_edit(*_edit); | |
1327 | *_edit = NULL; | |
f70e2e06 DH |
1328 | } |
1329 | ||
1330 | /* | |
973c9f4f DH |
1331 | * Finish linking a key into to a keyring. |
1332 | * | |
1333 | * Must be called with __key_link_begin() having being called. | |
f70e2e06 | 1334 | */ |
16feef43 DH |
1335 | void __key_link_end(struct key *keyring, |
1336 | const struct keyring_index_key *index_key, | |
b2a4df20 | 1337 | struct assoc_array_edit *edit) |
f70e2e06 | 1338 | __releases(&keyring->sem) |
3be59f74 | 1339 | __releases(&keyring_serialise_link_lock) |
f70e2e06 | 1340 | { |
16feef43 | 1341 | BUG_ON(index_key->type == NULL); |
b2a4df20 | 1342 | kenter("%d,%s,", keyring->serial, index_key->type->name); |
f70e2e06 | 1343 | |
ca4da5dd CIK |
1344 | if (edit) { |
1345 | if (!edit->dead_leaf) { | |
1346 | key_payload_reserve(keyring, | |
1347 | keyring->datalen - KEYQUOTA_LINK_BYTES); | |
1348 | } | |
b2a4df20 | 1349 | assoc_array_cancel_edit(edit); |
f70e2e06 DH |
1350 | } |
1351 | up_write(&keyring->sem); | |
df593ee2 DH |
1352 | |
1353 | if (index_key->type == &key_type_keyring) | |
1354 | mutex_unlock(&keyring_serialise_link_lock); | |
f70e2e06 | 1355 | } |
1da177e4 | 1356 | |
5ac7eace DH |
1357 | /* |
1358 | * Check addition of keys to restricted keyrings. | |
1359 | */ | |
1360 | static int __key_link_check_restriction(struct key *keyring, struct key *key) | |
1361 | { | |
2b6aa412 | 1362 | if (!keyring->restrict_link || !keyring->restrict_link->check) |
5ac7eace | 1363 | return 0; |
2b6aa412 MM |
1364 | return keyring->restrict_link->check(keyring, key->type, &key->payload, |
1365 | keyring->restrict_link->key); | |
5ac7eace DH |
1366 | } |
1367 | ||
973c9f4f DH |
1368 | /** |
1369 | * key_link - Link a key to a keyring | |
1370 | * @keyring: The keyring to make the link in. | |
1371 | * @key: The key to link to. | |
1372 | * | |
1373 | * Make a link in a keyring to a key, such that the keyring holds a reference | |
1374 | * on that key and the key can potentially be found by searching that keyring. | |
1375 | * | |
1376 | * This function will write-lock the keyring's semaphore and will consume some | |
1377 | * of the user's key data quota to hold the link. | |
1378 | * | |
1379 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, | |
1380 | * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is | |
1381 | * full, -EDQUOT if there is insufficient key data quota remaining to add | |
1382 | * another link or -ENOMEM if there's insufficient memory. | |
1383 | * | |
1384 | * It is assumed that the caller has checked that it is permitted for a link to | |
1385 | * be made (the keyring should have Write permission and the key Link | |
1386 | * permission). | |
1da177e4 LT |
1387 | */ |
1388 | int key_link(struct key *keyring, struct key *key) | |
1389 | { | |
df593ee2 | 1390 | struct assoc_array_edit *edit = NULL; |
1da177e4 LT |
1391 | int ret; |
1392 | ||
fff29291 | 1393 | kenter("{%d,%d}", keyring->serial, refcount_read(&keyring->usage)); |
b2a4df20 | 1394 | |
1da177e4 LT |
1395 | key_check(keyring); |
1396 | key_check(key); | |
1397 | ||
df593ee2 DH |
1398 | ret = __key_link_lock(keyring, &key->index_key); |
1399 | if (ret < 0) | |
1400 | goto error; | |
1401 | ||
b2a4df20 | 1402 | ret = __key_link_begin(keyring, &key->index_key, &edit); |
df593ee2 DH |
1403 | if (ret < 0) |
1404 | goto error_end; | |
1da177e4 | 1405 | |
df593ee2 DH |
1406 | kdebug("begun {%d,%d}", keyring->serial, refcount_read(&keyring->usage)); |
1407 | ret = __key_link_check_restriction(keyring, key); | |
1408 | if (ret == 0) | |
1409 | ret = __key_link_check_live_key(keyring, key); | |
1410 | if (ret == 0) | |
1411 | __key_link(key, &edit); | |
1412 | ||
1413 | error_end: | |
1414 | __key_link_end(keyring, &key->index_key, edit); | |
1415 | error: | |
fff29291 | 1416 | kleave(" = %d {%d,%d}", ret, keyring->serial, refcount_read(&keyring->usage)); |
1da177e4 | 1417 | return ret; |
f70e2e06 | 1418 | } |
1da177e4 LT |
1419 | EXPORT_SYMBOL(key_link); |
1420 | ||
eb0f68cb DH |
1421 | /* |
1422 | * Lock a keyring for unlink. | |
1423 | */ | |
1424 | static int __key_unlink_lock(struct key *keyring) | |
1425 | __acquires(&keyring->sem) | |
1426 | { | |
1427 | if (keyring->type != &key_type_keyring) | |
1428 | return -ENOTDIR; | |
1429 | ||
1430 | down_write(&keyring->sem); | |
1431 | return 0; | |
1432 | } | |
1433 | ||
1434 | /* | |
1435 | * Begin the process of unlinking a key from a keyring. | |
1436 | */ | |
1437 | static int __key_unlink_begin(struct key *keyring, struct key *key, | |
1438 | struct assoc_array_edit **_edit) | |
1439 | { | |
1440 | struct assoc_array_edit *edit; | |
1441 | ||
1442 | BUG_ON(*_edit != NULL); | |
1443 | ||
1444 | edit = assoc_array_delete(&keyring->keys, &keyring_assoc_array_ops, | |
1445 | &key->index_key); | |
1446 | if (IS_ERR(edit)) | |
1447 | return PTR_ERR(edit); | |
1448 | ||
1449 | if (!edit) | |
1450 | return -ENOENT; | |
1451 | ||
1452 | *_edit = edit; | |
1453 | return 0; | |
1454 | } | |
1455 | ||
1456 | /* | |
1457 | * Apply an unlink change. | |
1458 | */ | |
1459 | static void __key_unlink(struct key *keyring, struct key *key, | |
1460 | struct assoc_array_edit **_edit) | |
1461 | { | |
1462 | assoc_array_apply_edit(*_edit); | |
1463 | *_edit = NULL; | |
1464 | key_payload_reserve(keyring, keyring->datalen - KEYQUOTA_LINK_BYTES); | |
1465 | } | |
1466 | ||
1467 | /* | |
1468 | * Finish unlinking a key from to a keyring. | |
1469 | */ | |
1470 | static void __key_unlink_end(struct key *keyring, | |
1471 | struct key *key, | |
1472 | struct assoc_array_edit *edit) | |
1473 | __releases(&keyring->sem) | |
1474 | { | |
1475 | if (edit) | |
1476 | assoc_array_cancel_edit(edit); | |
1477 | up_write(&keyring->sem); | |
1478 | } | |
1479 | ||
973c9f4f DH |
1480 | /** |
1481 | * key_unlink - Unlink the first link to a key from a keyring. | |
1482 | * @keyring: The keyring to remove the link from. | |
1483 | * @key: The key the link is to. | |
1484 | * | |
1485 | * Remove a link from a keyring to a key. | |
1486 | * | |
1487 | * This function will write-lock the keyring's semaphore. | |
1488 | * | |
1489 | * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if | |
1490 | * the key isn't linked to by the keyring or -ENOMEM if there's insufficient | |
1491 | * memory. | |
1492 | * | |
1493 | * It is assumed that the caller has checked that it is permitted for a link to | |
1494 | * be removed (the keyring should have Write permission; no permissions are | |
1495 | * required on the key). | |
1da177e4 LT |
1496 | */ |
1497 | int key_unlink(struct key *keyring, struct key *key) | |
1498 | { | |
eb0f68cb | 1499 | struct assoc_array_edit *edit = NULL; |
b2a4df20 | 1500 | int ret; |
1da177e4 LT |
1501 | |
1502 | key_check(keyring); | |
1503 | key_check(key); | |
1504 | ||
eb0f68cb DH |
1505 | ret = __key_unlink_lock(keyring); |
1506 | if (ret < 0) | |
1507 | return ret; | |
1da177e4 | 1508 | |
eb0f68cb DH |
1509 | ret = __key_unlink_begin(keyring, key, &edit); |
1510 | if (ret == 0) | |
1511 | __key_unlink(keyring, key, &edit); | |
1512 | __key_unlink_end(keyring, key, edit); | |
b2a4df20 | 1513 | return ret; |
a8b17ed0 | 1514 | } |
1da177e4 LT |
1515 | EXPORT_SYMBOL(key_unlink); |
1516 | ||
ed0ac5c7 DH |
1517 | /** |
1518 | * key_move - Move a key from one keyring to another | |
1519 | * @key: The key to move | |
1520 | * @from_keyring: The keyring to remove the link from. | |
1521 | * @to_keyring: The keyring to make the link in. | |
1522 | * @flags: Qualifying flags, such as KEYCTL_MOVE_EXCL. | |
1523 | * | |
1524 | * Make a link in @to_keyring to a key, such that the keyring holds a reference | |
1525 | * on that key and the key can potentially be found by searching that keyring | |
1526 | * whilst simultaneously removing a link to the key from @from_keyring. | |
1527 | * | |
1528 | * This function will write-lock both keyring's semaphores and will consume | |
1529 | * some of the user's key data quota to hold the link on @to_keyring. | |
1530 | * | |
1531 | * Returns 0 if successful, -ENOTDIR if either keyring isn't a keyring, | |
1532 | * -EKEYREVOKED if either keyring has been revoked, -ENFILE if the second | |
1533 | * keyring is full, -EDQUOT if there is insufficient key data quota remaining | |
1534 | * to add another link or -ENOMEM if there's insufficient memory. If | |
1535 | * KEYCTL_MOVE_EXCL is set, then -EEXIST will be returned if there's already a | |
1536 | * matching key in @to_keyring. | |
1537 | * | |
1538 | * It is assumed that the caller has checked that it is permitted for a link to | |
1539 | * be made (the keyring should have Write permission and the key Link | |
1540 | * permission). | |
1541 | */ | |
1542 | int key_move(struct key *key, | |
1543 | struct key *from_keyring, | |
1544 | struct key *to_keyring, | |
1545 | unsigned int flags) | |
1546 | { | |
1547 | struct assoc_array_edit *from_edit = NULL, *to_edit = NULL; | |
1548 | int ret; | |
1549 | ||
1550 | kenter("%d,%d,%d", key->serial, from_keyring->serial, to_keyring->serial); | |
1551 | ||
1552 | if (from_keyring == to_keyring) | |
1553 | return 0; | |
1554 | ||
1555 | key_check(key); | |
1556 | key_check(from_keyring); | |
1557 | key_check(to_keyring); | |
1558 | ||
1559 | ret = __key_move_lock(from_keyring, to_keyring, &key->index_key); | |
1560 | if (ret < 0) | |
1561 | goto out; | |
1562 | ret = __key_unlink_begin(from_keyring, key, &from_edit); | |
1563 | if (ret < 0) | |
1564 | goto error; | |
1565 | ret = __key_link_begin(to_keyring, &key->index_key, &to_edit); | |
1566 | if (ret < 0) | |
1567 | goto error; | |
1568 | ||
1569 | ret = -EEXIST; | |
1570 | if (to_edit->dead_leaf && (flags & KEYCTL_MOVE_EXCL)) | |
1571 | goto error; | |
1572 | ||
1573 | ret = __key_link_check_restriction(to_keyring, key); | |
1574 | if (ret < 0) | |
1575 | goto error; | |
1576 | ret = __key_link_check_live_key(to_keyring, key); | |
1577 | if (ret < 0) | |
1578 | goto error; | |
1579 | ||
1580 | __key_unlink(from_keyring, key, &from_edit); | |
1581 | __key_link(key, &to_edit); | |
1582 | error: | |
1583 | __key_link_end(to_keyring, &key->index_key, to_edit); | |
1584 | __key_unlink_end(from_keyring, key, from_edit); | |
1585 | out: | |
1586 | kleave(" = %d", ret); | |
1587 | return ret; | |
1588 | } | |
1589 | EXPORT_SYMBOL(key_move); | |
1590 | ||
973c9f4f DH |
1591 | /** |
1592 | * keyring_clear - Clear a keyring | |
1593 | * @keyring: The keyring to clear. | |
1594 | * | |
1595 | * Clear the contents of the specified keyring. | |
1596 | * | |
1597 | * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring. | |
1da177e4 LT |
1598 | */ |
1599 | int keyring_clear(struct key *keyring) | |
1600 | { | |
b2a4df20 | 1601 | struct assoc_array_edit *edit; |
76d8aeab | 1602 | int ret; |
1da177e4 | 1603 | |
b2a4df20 DH |
1604 | if (keyring->type != &key_type_keyring) |
1605 | return -ENOTDIR; | |
1da177e4 | 1606 | |
b2a4df20 | 1607 | down_write(&keyring->sem); |
1da177e4 | 1608 | |
b2a4df20 DH |
1609 | edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops); |
1610 | if (IS_ERR(edit)) { | |
1611 | ret = PTR_ERR(edit); | |
1612 | } else { | |
1613 | if (edit) | |
1614 | assoc_array_apply_edit(edit); | |
1615 | key_payload_reserve(keyring, 0); | |
1da177e4 LT |
1616 | ret = 0; |
1617 | } | |
1618 | ||
b2a4df20 | 1619 | up_write(&keyring->sem); |
1da177e4 | 1620 | return ret; |
a8b17ed0 | 1621 | } |
1da177e4 | 1622 | EXPORT_SYMBOL(keyring_clear); |
31204ed9 | 1623 | |
31204ed9 | 1624 | /* |
973c9f4f DH |
1625 | * Dispose of the links from a revoked keyring. |
1626 | * | |
1627 | * This is called with the key sem write-locked. | |
31204ed9 DH |
1628 | */ |
1629 | static void keyring_revoke(struct key *keyring) | |
1630 | { | |
b2a4df20 | 1631 | struct assoc_array_edit *edit; |
f0641cba | 1632 | |
b2a4df20 DH |
1633 | edit = assoc_array_clear(&keyring->keys, &keyring_assoc_array_ops); |
1634 | if (!IS_ERR(edit)) { | |
1635 | if (edit) | |
1636 | assoc_array_apply_edit(edit); | |
1637 | key_payload_reserve(keyring, 0); | |
1638 | } | |
1639 | } | |
31204ed9 | 1640 | |
62fe3182 | 1641 | static bool keyring_gc_select_iterator(void *object, void *iterator_data) |
b2a4df20 DH |
1642 | { |
1643 | struct key *key = keyring_ptr_to_key(object); | |
074d5898 | 1644 | time64_t *limit = iterator_data; |
31204ed9 | 1645 | |
b2a4df20 DH |
1646 | if (key_is_dead(key, *limit)) |
1647 | return false; | |
1648 | key_get(key); | |
1649 | return true; | |
a8b17ed0 | 1650 | } |
5d135440 | 1651 | |
62fe3182 DH |
1652 | static int keyring_gc_check_iterator(const void *object, void *iterator_data) |
1653 | { | |
1654 | const struct key *key = keyring_ptr_to_key(object); | |
074d5898 | 1655 | time64_t *limit = iterator_data; |
62fe3182 DH |
1656 | |
1657 | key_check(key); | |
1658 | return key_is_dead(key, *limit); | |
1659 | } | |
1660 | ||
5d135440 | 1661 | /* |
62fe3182 | 1662 | * Garbage collect pointers from a keyring. |
973c9f4f | 1663 | * |
62fe3182 DH |
1664 | * Not called with any locks held. The keyring's key struct will not be |
1665 | * deallocated under us as only our caller may deallocate it. | |
5d135440 | 1666 | */ |
074d5898 | 1667 | void keyring_gc(struct key *keyring, time64_t limit) |
5d135440 | 1668 | { |
62fe3182 DH |
1669 | int result; |
1670 | ||
1671 | kenter("%x{%s}", keyring->serial, keyring->description ?: ""); | |
5d135440 | 1672 | |
62fe3182 DH |
1673 | if (keyring->flags & ((1 << KEY_FLAG_INVALIDATED) | |
1674 | (1 << KEY_FLAG_REVOKED))) | |
1675 | goto dont_gc; | |
1676 | ||
1677 | /* scan the keyring looking for dead keys */ | |
1678 | rcu_read_lock(); | |
1679 | result = assoc_array_iterate(&keyring->keys, | |
1680 | keyring_gc_check_iterator, &limit); | |
1681 | rcu_read_unlock(); | |
1682 | if (result == true) | |
1683 | goto do_gc; | |
1684 | ||
1685 | dont_gc: | |
1686 | kleave(" [no gc]"); | |
1687 | return; | |
1688 | ||
1689 | do_gc: | |
5d135440 | 1690 | down_write(&keyring->sem); |
b2a4df20 | 1691 | assoc_array_gc(&keyring->keys, &keyring_assoc_array_ops, |
62fe3182 | 1692 | keyring_gc_select_iterator, &limit); |
c08ef808 | 1693 | up_write(&keyring->sem); |
62fe3182 | 1694 | kleave(" [gc]"); |
5d135440 | 1695 | } |
2b6aa412 MM |
1696 | |
1697 | /* | |
1698 | * Garbage collect restriction pointers from a keyring. | |
1699 | * | |
1700 | * Keyring restrictions are associated with a key type, and must be cleaned | |
1701 | * up if the key type is unregistered. The restriction is altered to always | |
1702 | * reject additional keys so a keyring cannot be opened up by unregistering | |
1703 | * a key type. | |
1704 | * | |
1705 | * Not called with any keyring locks held. The keyring's key struct will not | |
1706 | * be deallocated under us as only our caller may deallocate it. | |
1707 | * | |
1708 | * The caller is required to hold key_types_sem and dead_type->sem. This is | |
1709 | * fulfilled by key_gc_keytype() holding the locks on behalf of | |
1710 | * key_garbage_collector(), which it invokes on a workqueue. | |
1711 | */ | |
1712 | void keyring_restriction_gc(struct key *keyring, struct key_type *dead_type) | |
1713 | { | |
1714 | struct key_restriction *keyres; | |
1715 | ||
1716 | kenter("%x{%s}", keyring->serial, keyring->description ?: ""); | |
1717 | ||
1718 | /* | |
1719 | * keyring->restrict_link is only assigned at key allocation time | |
1720 | * or with the key type locked, so the only values that could be | |
1721 | * concurrently assigned to keyring->restrict_link are for key | |
1722 | * types other than dead_type. Given this, it's ok to check | |
1723 | * the key type before acquiring keyring->sem. | |
1724 | */ | |
1725 | if (!dead_type || !keyring->restrict_link || | |
1726 | keyring->restrict_link->keytype != dead_type) { | |
1727 | kleave(" [no restriction gc]"); | |
1728 | return; | |
1729 | } | |
1730 | ||
1731 | /* Lock the keyring to ensure that a link is not in progress */ | |
1732 | down_write(&keyring->sem); | |
1733 | ||
1734 | keyres = keyring->restrict_link; | |
1735 | ||
1736 | keyres->check = restrict_link_reject; | |
1737 | ||
1738 | key_put(keyres->key); | |
1739 | keyres->key = NULL; | |
1740 | keyres->keytype = NULL; | |
1741 | ||
1742 | up_write(&keyring->sem); | |
1743 | ||
1744 | kleave(" [restriction gc]"); | |
1745 | } |