aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2011-01-20 11:38:33 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2011-01-21 17:59:30 -0500
commit973c9f4f49ca96a53bcf6384c4c59ccd26c33906 (patch)
treee3535a43c1e5cb5f0c06c040f58bc25c9b869fd1 /security
parenta8b17ed019bd40d3bfa20439d9c36a99f9be9180 (diff)
KEYS: Fix up comments in key management code
Fix up comments in the key management code. No functional changes. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/compat.c13
-rw-r--r--security/keys/gc.c14
-rw-r--r--security/keys/internal.h26
-rw-r--r--security/keys/key.c240
-rw-r--r--security/keys/keyctl.c278
-rw-r--r--security/keys/keyring.c231
-rw-r--r--security/keys/permission.c25
-rw-r--r--security/keys/proc.c10
-rw-r--r--security/keys/process_keys.c112
-rw-r--r--security/keys/request_key.c164
-rw-r--r--security/keys/request_key_auth.c30
11 files changed, 777 insertions, 366 deletions
diff --git a/security/keys/compat.c b/security/keys/compat.c
index 3cedf6305179..07a5f35e3970 100644
--- a/security/keys/compat.c
+++ b/security/keys/compat.c
@@ -1,4 +1,4 @@
1/* compat.c: 32-bit compatibility syscall for 64-bit systems 1/* 32-bit compatibility syscall for 64-bit systems
2 * 2 *
3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -15,11 +15,12 @@
15#include "internal.h" 15#include "internal.h"
16 16
17/* 17/*
18 * the key control system call, 32-bit compatibility version for 64-bit archs 18 * The key control system call, 32-bit compatibility version for 64-bit archs
19 * - this should only be called if the 64-bit arch uses weird pointers in 19 *
20 * 32-bit mode or doesn't guarantee that the top 32-bits of the argument 20 * This should only be called if the 64-bit arch uses weird pointers in 32-bit
21 * registers on taking a 32-bit syscall are zero 21 * mode or doesn't guarantee that the top 32-bits of the argument registers on
22 * - if you can, you should call sys_keyctl directly 22 * taking a 32-bit syscall are zero. If you can, you should call sys_keyctl()
23 * directly.
23 */ 24 */
24asmlinkage long compat_sys_keyctl(u32 option, 25asmlinkage long compat_sys_keyctl(u32 option,
25 u32 arg2, u32 arg3, u32 arg4, u32 arg5) 26 u32 arg2, u32 arg3, u32 arg4, u32 arg5)
diff --git a/security/keys/gc.c b/security/keys/gc.c
index a46e825cbf02..89df6b5f203c 100644
--- a/security/keys/gc.c
+++ b/security/keys/gc.c
@@ -32,8 +32,8 @@ static time_t key_gc_next_run = LONG_MAX;
32static time_t key_gc_new_timer; 32static time_t key_gc_new_timer;
33 33
34/* 34/*
35 * Schedule a garbage collection run 35 * Schedule a garbage collection run.
36 * - precision isn't particularly important 36 * - time precision isn't particularly important
37 */ 37 */
38void key_schedule_gc(time_t gc_at) 38void key_schedule_gc(time_t gc_at)
39{ 39{
@@ -61,8 +61,9 @@ static void key_gc_timer_func(unsigned long data)
61} 61}
62 62
63/* 63/*
64 * Garbage collect pointers from a keyring 64 * Garbage collect pointers from a keyring.
65 * - return true if we altered the keyring 65 *
66 * Return true if we altered the keyring.
66 */ 67 */
67static bool key_gc_keyring(struct key *keyring, time_t limit) 68static bool key_gc_keyring(struct key *keyring, time_t limit)
68 __releases(key_serial_lock) 69 __releases(key_serial_lock)
@@ -107,9 +108,8 @@ do_gc:
107} 108}
108 109
109/* 110/*
110 * Garbage collector for keys 111 * Garbage collector for keys. This involves scanning the keyrings for dead,
111 * - this involves scanning the keyrings for dead, expired and revoked keys 112 * expired and revoked keys that have overstayed their welcome
112 * that have overstayed their welcome
113 */ 113 */
114static void key_garbage_collector(struct work_struct *work) 114static void key_garbage_collector(struct work_struct *work)
115{ 115{
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 56a133d8f37d..edfa50dbd6f5 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -1,4 +1,4 @@
1/* internal.h: authentication token and access key management internal defs 1/* Authentication token and access key management internal defs
2 * 2 *
3 * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2003-5, 2007 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -35,10 +35,12 @@ extern struct key_type key_type_user;
35 35
36/*****************************************************************************/ 36/*****************************************************************************/
37/* 37/*
38 * keep track of keys for a user 38 * Keep track of keys for a user.
39 * - this needs to be separate to user_struct to avoid a refcount-loop 39 *
40 * (user_struct pins some keyrings which pin this struct) 40 * This needs to be separate to user_struct to avoid a refcount-loop
41 * - this also keeps track of keys under request from userspace for this UID 41 * (user_struct pins some keyrings which pin this struct).
42 *
43 * We also keep track of keys under request from userspace for this UID here.
42 */ 44 */
43struct key_user { 45struct key_user {
44 struct rb_node node; 46 struct rb_node node;
@@ -62,7 +64,7 @@ extern struct key_user *key_user_lookup(uid_t uid,
62extern void key_user_put(struct key_user *user); 64extern void key_user_put(struct key_user *user);
63 65
64/* 66/*
65 * key quota limits 67 * Key quota limits.
66 * - root has its own separate limits to everyone else 68 * - root has its own separate limits to everyone else
67 */ 69 */
68extern unsigned key_quota_root_maxkeys; 70extern unsigned key_quota_root_maxkeys;
@@ -146,13 +148,13 @@ extern unsigned key_gc_delay;
146extern void keyring_gc(struct key *keyring, time_t limit); 148extern void keyring_gc(struct key *keyring, time_t limit);
147extern void key_schedule_gc(time_t expiry_at); 149extern void key_schedule_gc(time_t expiry_at);
148 150
149/*
150 * check to see whether permission is granted to use a key in the desired way
151 */
152extern int key_task_permission(const key_ref_t key_ref, 151extern int key_task_permission(const key_ref_t key_ref,
153 const struct cred *cred, 152 const struct cred *cred,
154 key_perm_t perm); 153 key_perm_t perm);
155 154
155/*
156 * Check to see whether permission is granted to use a key in the desired way.
157 */
156static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) 158static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
157{ 159{
158 return key_task_permission(key_ref, current_cred(), perm); 160 return key_task_permission(key_ref, current_cred(), perm);
@@ -168,7 +170,7 @@ static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
168#define KEY_ALL 0x3f /* all the above permissions */ 170#define KEY_ALL 0x3f /* all the above permissions */
169 171
170/* 172/*
171 * request_key authorisation 173 * Authorisation record for request_key().
172 */ 174 */
173struct request_key_auth { 175struct request_key_auth {
174 struct key *target_key; 176 struct key *target_key;
@@ -188,7 +190,7 @@ extern struct key *request_key_auth_new(struct key *target,
188extern struct key *key_get_instantiation_authkey(key_serial_t target_id); 190extern struct key *key_get_instantiation_authkey(key_serial_t target_id);
189 191
190/* 192/*
191 * keyctl functions 193 * keyctl() functions
192 */ 194 */
193extern long keyctl_get_keyring_ID(key_serial_t, int); 195extern long keyctl_get_keyring_ID(key_serial_t, int);
194extern long keyctl_join_session_keyring(const char __user *); 196extern long keyctl_join_session_keyring(const char __user *);
@@ -214,7 +216,7 @@ extern long keyctl_get_security(key_serial_t keyid, char __user *buffer,
214extern long keyctl_session_to_parent(void); 216extern long keyctl_session_to_parent(void);
215 217
216/* 218/*
217 * debugging key validation 219 * Debugging key validation
218 */ 220 */
219#ifdef KEY_DEBUGGING 221#ifdef KEY_DEBUGGING
220extern void __key_check(const struct key *); 222extern void __key_check(const struct key *);
diff --git a/security/keys/key.c b/security/keys/key.c
index 3a92d7365870..84d4eb568b08 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -39,10 +39,10 @@ static DECLARE_RWSEM(key_types_sem);
39static void key_cleanup(struct work_struct *work); 39static void key_cleanup(struct work_struct *work);
40static DECLARE_WORK(key_cleanup_task, key_cleanup); 40static DECLARE_WORK(key_cleanup_task, key_cleanup);
41 41
42/* we serialise key instantiation and link */ 42/* We serialise key instantiation and link */
43DEFINE_MUTEX(key_construction_mutex); 43DEFINE_MUTEX(key_construction_mutex);
44 44
45/* any key who's type gets unegistered will be re-typed to this */ 45/* Any key who's type gets unegistered will be re-typed to this */
46static struct key_type key_type_dead = { 46static struct key_type key_type_dead = {
47 .name = "dead", 47 .name = "dead",
48}; 48};
@@ -57,8 +57,8 @@ void __key_check(const struct key *key)
57#endif 57#endif
58 58
59/* 59/*
60 * get the key quota record for a user, allocating a new record if one doesn't 60 * Get the key quota record for a user, allocating a new record if one doesn't
61 * already exist 61 * already exist.
62 */ 62 */
63struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns) 63struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
64{ 64{
@@ -66,7 +66,7 @@ struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
66 struct rb_node *parent = NULL; 66 struct rb_node *parent = NULL;
67 struct rb_node **p; 67 struct rb_node **p;
68 68
69 try_again: 69try_again:
70 p = &key_user_tree.rb_node; 70 p = &key_user_tree.rb_node;
71 spin_lock(&key_user_lock); 71 spin_lock(&key_user_lock);
72 72
@@ -123,16 +123,16 @@ struct key_user *key_user_lookup(uid_t uid, struct user_namespace *user_ns)
123 goto out; 123 goto out;
124 124
125 /* okay - we found a user record for this UID */ 125 /* okay - we found a user record for this UID */
126 found: 126found:
127 atomic_inc(&user->usage); 127 atomic_inc(&user->usage);
128 spin_unlock(&key_user_lock); 128 spin_unlock(&key_user_lock);
129 kfree(candidate); 129 kfree(candidate);
130 out: 130out:
131 return user; 131 return user;
132} 132}
133 133
134/* 134/*
135 * dispose of a user structure 135 * Dispose of a user structure
136 */ 136 */
137void key_user_put(struct key_user *user) 137void key_user_put(struct key_user *user)
138{ 138{
@@ -146,9 +146,8 @@ void key_user_put(struct key_user *user)
146} 146}
147 147
148/* 148/*
149 * assign a key the next unique serial number 149 * Allocate a serial number for a key. These are assigned randomly to avoid
150 * - these are assigned randomly to avoid security issues through covert 150 * security issues through covert channel problems.
151 * channel problems
152 */ 151 */
153static inline void key_alloc_serial(struct key *key) 152static inline void key_alloc_serial(struct key *key)
154{ 153{
@@ -208,14 +207,34 @@ serial_exists:
208 } 207 }
209} 208}
210 209
211/* 210/**
212 * allocate a key of the specified type 211 * key_alloc - Allocate a key of the specified type.
213 * - update the user's quota to reflect the existence of the key 212 * @type: The type of key to allocate.
214 * - called from a key-type operation with key_types_sem read-locked by 213 * @desc: The key description to allow the key to be searched out.
215 * key_create_or_update() 214 * @uid: The owner of the new key.
216 * - this prevents unregistration of the key type 215 * @gid: The group ID for the new key's group permissions.
217 * - upon return the key is as yet uninstantiated; the caller needs to either 216 * @cred: The credentials specifying UID namespace.
218 * instantiate the key or discard it before returning 217 * @perm: The permissions mask of the new key.
218 * @flags: Flags specifying quota properties.
219 *
220 * Allocate a key of the specified type with the attributes given. The key is
221 * returned in an uninstantiated state and the caller needs to instantiate the
222 * key before returning.
223 *
224 * The user's key count quota is updated to reflect the creation of the key and
225 * the user's key data quota has the default for the key type reserved. The
226 * instantiation function should amend this as necessary. If insufficient
227 * quota is available, -EDQUOT will be returned.
228 *
229 * The LSM security modules can prevent a key being created, in which case
230 * -EACCES will be returned.
231 *
232 * Returns a pointer to the new key if successful and an error code otherwise.
233 *
234 * Note that the caller needs to ensure the key type isn't uninstantiated.
235 * Internally this can be done by locking key_types_sem. Externally, this can
236 * be done by either never unregistering the key type, or making sure
237 * key_alloc() calls don't race with module unloading.
219 */ 238 */
220struct key *key_alloc(struct key_type *type, const char *desc, 239struct key *key_alloc(struct key_type *type, const char *desc,
221 uid_t uid, gid_t gid, const struct cred *cred, 240 uid_t uid, gid_t gid, const struct cred *cred,
@@ -338,11 +357,18 @@ no_quota:
338 key = ERR_PTR(-EDQUOT); 357 key = ERR_PTR(-EDQUOT);
339 goto error; 358 goto error;
340} 359}
341
342EXPORT_SYMBOL(key_alloc); 360EXPORT_SYMBOL(key_alloc);
343 361
344/* 362/**
345 * reserve an amount of quota for the key's payload 363 * key_payload_reserve - Adjust data quota reservation for the key's payload
364 * @key: The key to make the reservation for.
365 * @datalen: The amount of data payload the caller now wants.
366 *
367 * Adjust the amount of the owning user's key data quota that a key reserves.
368 * If the amount is increased, then -EDQUOT may be returned if there isn't
369 * enough free quota available.
370 *
371 * If successful, 0 is returned.
346 */ 372 */
347int key_payload_reserve(struct key *key, size_t datalen) 373int key_payload_reserve(struct key *key, size_t datalen)
348{ 374{
@@ -376,12 +402,13 @@ int key_payload_reserve(struct key *key, size_t datalen)
376 402
377 return ret; 403 return ret;
378} 404}
379
380EXPORT_SYMBOL(key_payload_reserve); 405EXPORT_SYMBOL(key_payload_reserve);
381 406
382/* 407/*
383 * instantiate a key and link it into the target keyring atomically 408 * Instantiate a key and link it into the target keyring atomically. Must be
384 * - called with the target keyring's semaphore writelocked 409 * called with the target keyring's semaphore writelocked. The target key's
410 * semaphore need not be locked as instantiation is serialised by
411 * key_construction_mutex.
385 */ 412 */
386static int __key_instantiate_and_link(struct key *key, 413static int __key_instantiate_and_link(struct key *key,
387 const void *data, 414 const void *data,
@@ -432,8 +459,21 @@ static int __key_instantiate_and_link(struct key *key,
432 return ret; 459 return ret;
433} 460}
434 461
435/* 462/**
436 * instantiate a key and link it into the target keyring atomically 463 * key_instantiate_and_link - Instantiate a key and link it into the keyring.
464 * @key: The key to instantiate.
465 * @data: The data to use to instantiate the keyring.
466 * @datalen: The length of @data.
467 * @keyring: Keyring to create a link in on success (or NULL).
468 * @authkey: The authorisation token permitting instantiation.
469 *
470 * Instantiate a key that's in the uninstantiated state using the provided data
471 * and, if successful, link it in to the destination keyring if one is
472 * supplied.
473 *
474 * If successful, 0 is returned, the authorisation token is revoked and anyone
475 * waiting for the key is woken up. If the key was already instantiated,
476 * -EBUSY will be returned.
437 */ 477 */
438int key_instantiate_and_link(struct key *key, 478int key_instantiate_and_link(struct key *key,
439 const void *data, 479 const void *data,
@@ -462,8 +502,24 @@ int key_instantiate_and_link(struct key *key,
462 502
463EXPORT_SYMBOL(key_instantiate_and_link); 503EXPORT_SYMBOL(key_instantiate_and_link);
464 504
465/* 505/**
466 * negatively instantiate a key and link it into the target keyring atomically 506 * key_negate_and_link - Negatively instantiate a key and link it into the keyring.
507 * @key: The key to instantiate.
508 * @timeout: The timeout on the negative key.
509 * @keyring: Keyring to create a link in on success (or NULL).
510 * @authkey: The authorisation token permitting instantiation.
511 *
512 * Negatively instantiate a key that's in the uninstantiated state and, if
513 * successful, set its timeout and link it in to the destination keyring if one
514 * is supplied. The key and any links to the key will be automatically garbage
515 * collected after the timeout expires.
516 *
517 * Negative keys are used to rate limit repeated request_key() calls by causing
518 * them to return -ENOKEY until the negative key expires.
519 *
520 * If successful, 0 is returned, the authorisation token is revoked and anyone
521 * waiting for the key is woken up. If the key was already instantiated,
522 * -EBUSY will be returned.
467 */ 523 */
468int key_negate_and_link(struct key *key, 524int key_negate_and_link(struct key *key,
469 unsigned timeout, 525 unsigned timeout,
@@ -525,15 +581,18 @@ int key_negate_and_link(struct key *key,
525EXPORT_SYMBOL(key_negate_and_link); 581EXPORT_SYMBOL(key_negate_and_link);
526 582
527/* 583/*
528 * do cleaning up in process context so that we don't have to disable 584 * Garbage collect keys in process context so that we don't have to disable
529 * interrupts all over the place 585 * interrupts all over the place.
586 *
587 * key_put() schedules this rather than trying to do the cleanup itself, which
588 * means key_put() doesn't have to sleep.
530 */ 589 */
531static void key_cleanup(struct work_struct *work) 590static void key_cleanup(struct work_struct *work)
532{ 591{
533 struct rb_node *_n; 592 struct rb_node *_n;
534 struct key *key; 593 struct key *key;
535 594
536 go_again: 595go_again:
537 /* look for a dead key in the tree */ 596 /* look for a dead key in the tree */
538 spin_lock(&key_serial_lock); 597 spin_lock(&key_serial_lock);
539 598
@@ -547,7 +606,7 @@ static void key_cleanup(struct work_struct *work)
547 spin_unlock(&key_serial_lock); 606 spin_unlock(&key_serial_lock);
548 return; 607 return;
549 608
550 found_dead_key: 609found_dead_key:
551 /* we found a dead key - once we've removed it from the tree, we can 610 /* we found a dead key - once we've removed it from the tree, we can
552 * drop the lock */ 611 * drop the lock */
553 rb_erase(&key->serial_node, &key_serial_tree); 612 rb_erase(&key->serial_node, &key_serial_tree);
@@ -586,10 +645,13 @@ static void key_cleanup(struct work_struct *work)
586 goto go_again; 645 goto go_again;
587} 646}
588 647
589/* 648/**
590 * dispose of a reference to a key 649 * key_put - Discard a reference to a key.
591 * - when all the references are gone, we schedule the cleanup task to come and 650 * @key: The key to discard a reference from.
592 * pull it out of the tree in definite process context 651 *
652 * Discard a reference to a key, and when all the references are gone, we
653 * schedule the cleanup task to come and pull it out of the tree in process
654 * context at some later time.
593 */ 655 */
594void key_put(struct key *key) 656void key_put(struct key *key)
595{ 657{
@@ -600,11 +662,10 @@ void key_put(struct key *key)
600 schedule_work(&key_cleanup_task); 662 schedule_work(&key_cleanup_task);
601 } 663 }
602} 664}
603
604EXPORT_SYMBOL(key_put); 665EXPORT_SYMBOL(key_put);
605 666
606/* 667/*
607 * find a key by its serial number 668 * Find a key by its serial number.
608 */ 669 */
609struct key *key_lookup(key_serial_t id) 670struct key *key_lookup(key_serial_t id)
610{ 671{
@@ -626,11 +687,11 @@ struct key *key_lookup(key_serial_t id)
626 goto found; 687 goto found;
627 } 688 }
628 689
629 not_found: 690not_found:
630 key = ERR_PTR(-ENOKEY); 691 key = ERR_PTR(-ENOKEY);
631 goto error; 692 goto error;
632 693
633 found: 694found:
634 /* pretend it doesn't exist if it is awaiting deletion */ 695 /* pretend it doesn't exist if it is awaiting deletion */
635 if (atomic_read(&key->usage) == 0) 696 if (atomic_read(&key->usage) == 0)
636 goto not_found; 697 goto not_found;
@@ -640,14 +701,16 @@ struct key *key_lookup(key_serial_t id)
640 */ 701 */
641 atomic_inc(&key->usage); 702 atomic_inc(&key->usage);
642 703
643 error: 704error:
644 spin_unlock(&key_serial_lock); 705 spin_unlock(&key_serial_lock);
645 return key; 706 return key;
646} 707}
647 708
648/* 709/*
649 * find and lock the specified key type against removal 710 * Find and lock the specified key type against removal.
650 * - we return with the sem readlocked 711 *
712 * We return with the sem read-locked if successful. If the type wasn't
713 * available -ENOKEY is returned instead.
651 */ 714 */
652struct key_type *key_type_lookup(const char *type) 715struct key_type *key_type_lookup(const char *type)
653{ 716{
@@ -665,12 +728,12 @@ struct key_type *key_type_lookup(const char *type)
665 up_read(&key_types_sem); 728 up_read(&key_types_sem);
666 ktype = ERR_PTR(-ENOKEY); 729 ktype = ERR_PTR(-ENOKEY);
667 730
668 found_kernel_type: 731found_kernel_type:
669 return ktype; 732 return ktype;
670} 733}
671 734
672/* 735/*
673 * unlock a key type 736 * Unlock a key type locked by key_type_lookup().
674 */ 737 */
675void key_type_put(struct key_type *ktype) 738void key_type_put(struct key_type *ktype)
676{ 739{
@@ -678,9 +741,10 @@ void key_type_put(struct key_type *ktype)
678} 741}
679 742
680/* 743/*
681 * attempt to update an existing key 744 * Attempt to update an existing key.
682 * - the key has an incremented refcount 745 *
683 * - we need to put the key if we get an error 746 * The key is given to us with an incremented refcount that we need to discard
747 * if we get an error.
684 */ 748 */
685static inline key_ref_t __key_update(key_ref_t key_ref, 749static inline key_ref_t __key_update(key_ref_t key_ref,
686 const void *payload, size_t plen) 750 const void *payload, size_t plen)
@@ -717,9 +781,30 @@ error:
717 goto out; 781 goto out;
718} 782}
719 783
720/* 784/**
721 * search the specified keyring for a key of the same description; if one is 785 * key_create_or_update - Update or create and instantiate a key.
722 * found, update it, otherwise add a new one 786 * @keyring_ref: A pointer to the destination keyring with possession flag.
787 * @type: The type of key.
788 * @description: The searchable description for the key.
789 * @payload: The data to use to instantiate or update the key.
790 * @plen: The length of @payload.
791 * @perm: The permissions mask for a new key.
792 * @flags: The quota flags for a new key.
793 *
794 * Search the destination keyring for a key of the same description and if one
795 * is found, update it, otherwise create and instantiate a new one and create a
796 * link to it from that keyring.
797 *
798 * If perm is KEY_PERM_UNDEF then an appropriate key permissions mask will be
799 * concocted.
800 *
801 * Returns a pointer to the new key if successful, -ENODEV if the key type
802 * wasn't available, -ENOTDIR if the keyring wasn't a keyring, -EACCES if the
803 * caller isn't permitted to modify the keyring or the LSM did not permit
804 * creation of the key.
805 *
806 * On success, the possession flag from the keyring ref will be tacked on to
807 * the key ref before it is returned.
723 */ 808 */
724key_ref_t key_create_or_update(key_ref_t keyring_ref, 809key_ref_t key_create_or_update(key_ref_t keyring_ref,
725 const char *type, 810 const char *type,
@@ -827,11 +912,20 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
827 key_ref = __key_update(key_ref, payload, plen); 912 key_ref = __key_update(key_ref, payload, plen);
828 goto error; 913 goto error;
829} 914}
830
831EXPORT_SYMBOL(key_create_or_update); 915EXPORT_SYMBOL(key_create_or_update);
832 916
833/* 917/**
834 * update a key 918 * key_update - Update a key's contents.
919 * @key_ref: The pointer (plus possession flag) to the key.
920 * @payload: The data to be used to update the key.
921 * @plen: The length of @payload.
922 *
923 * Attempt to update the contents of a key with the given payload data. The
924 * caller must be granted Write permission on the key. Negative keys can be
925 * instantiated by this method.
926 *
927 * Returns 0 on success, -EACCES if not permitted and -EOPNOTSUPP if the key
928 * type does not support updating. The key type may return other errors.
835 */ 929 */
836int key_update(key_ref_t key_ref, const void *payload, size_t plen) 930int key_update(key_ref_t key_ref, const void *payload, size_t plen)
837{ 931{
@@ -861,11 +955,16 @@ int key_update(key_ref_t key_ref, const void *payload, size_t plen)
861 error: 955 error:
862 return ret; 956 return ret;
863} 957}
864
865EXPORT_SYMBOL(key_update); 958EXPORT_SYMBOL(key_update);
866 959
867/* 960/**
868 * revoke a key 961 * key_revoke - Revoke a key.
962 * @key: The key to be revoked.
963 *
964 * Mark a key as being revoked and ask the type to free up its resources. The
965 * revocation timeout is set and the key and all its links will be
966 * automatically garbage collected after key_gc_delay amount of time if they
967 * are not manually dealt with first.
869 */ 968 */
870void key_revoke(struct key *key) 969void key_revoke(struct key *key)
871{ 970{
@@ -894,11 +993,15 @@ void key_revoke(struct key *key)
894 993
895 up_write(&key->sem); 994 up_write(&key->sem);
896} 995}
897
898EXPORT_SYMBOL(key_revoke); 996EXPORT_SYMBOL(key_revoke);
899 997
900/* 998/**
901 * register a type of key 999 * register_key_type - Register a type of key.
1000 * @ktype: The new key type.
1001 *
1002 * Register a new key type.
1003 *
1004 * Returns 0 on success or -EEXIST if a type of this name already exists.
902 */ 1005 */
903int register_key_type(struct key_type *ktype) 1006int register_key_type(struct key_type *ktype)
904{ 1007{
@@ -918,15 +1021,19 @@ int register_key_type(struct key_type *ktype)
918 list_add(&ktype->link, &key_types_list); 1021 list_add(&ktype->link, &key_types_list);
919 ret = 0; 1022 ret = 0;
920 1023
921 out: 1024out:
922 up_write(&key_types_sem); 1025 up_write(&key_types_sem);
923 return ret; 1026 return ret;
924} 1027}
925
926EXPORT_SYMBOL(register_key_type); 1028EXPORT_SYMBOL(register_key_type);
927 1029
928/* 1030/**
929 * unregister a type of key 1031 * unregister_key_type - Unregister a type of key.
1032 * @ktype: The key type.
1033 *
1034 * Unregister a key type and mark all the extant keys of this type as dead.
1035 * Those keys of this type are then destroyed to get rid of their payloads and
1036 * they and their links will be garbage collected as soon as possible.
930 */ 1037 */
931void unregister_key_type(struct key_type *ktype) 1038void unregister_key_type(struct key_type *ktype)
932{ 1039{
@@ -974,11 +1081,10 @@ void unregister_key_type(struct key_type *ktype)
974 1081
975 key_schedule_gc(0); 1082 key_schedule_gc(0);
976} 1083}
977
978EXPORT_SYMBOL(unregister_key_type); 1084EXPORT_SYMBOL(unregister_key_type);
979 1085
980/* 1086/*
981 * initialise the key management stuff 1087 * Initialise the key management state.
982 */ 1088 */
983void __init key_init(void) 1089void __init key_init(void)
984{ 1090{
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 83ec98b7e98d..31a0fd8189f1 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1,4 +1,4 @@
1/* keyctl.c: userspace keyctl operations 1/* Userspace key control operations
2 * 2 *
3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -31,27 +31,24 @@ static int key_get_type_from_user(char *type,
31 int ret; 31 int ret;
32 32
33 ret = strncpy_from_user(type, _type, len); 33 ret = strncpy_from_user(type, _type, len);
34
35 if (ret < 0) 34 if (ret < 0)
36 return ret; 35 return ret;
37
38 if (ret == 0 || ret >= len) 36 if (ret == 0 || ret >= len)
39 return -EINVAL; 37 return -EINVAL;
40
41 if (type[0] == '.') 38 if (type[0] == '.')
42 return -EPERM; 39 return -EPERM;
43
44 type[len - 1] = '\0'; 40 type[len - 1] = '\0';
45
46 return 0; 41 return 0;
47} 42}
48 43
49/* 44/*
50 * extract the description of a new key from userspace and either add it as a 45 * Extract the description of a new key from userspace and either add it as a
51 * new key to the specified keyring or update a matching key in that keyring 46 * new key to the specified keyring or update a matching key in that keyring.
52 * - the keyring must be writable 47 *
53 * - returns the new key's serial number 48 * The keyring must be writable so that we can attach the key to it.
54 * - implements add_key() 49 *
50 * If successful, the new key's serial number is returned, otherwise an error
51 * code is returned.
55 */ 52 */
56SYSCALL_DEFINE5(add_key, const char __user *, _type, 53SYSCALL_DEFINE5(add_key, const char __user *, _type,
57 const char __user *, _description, 54 const char __user *, _description,
@@ -134,14 +131,17 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type,
134} 131}
135 132
136/* 133/*
137 * search the process keyrings for a matching key 134 * Search the process keyrings and keyring trees linked from those for a
138 * - nested keyrings may also be searched if they have Search permission 135 * matching key. Keyrings must have appropriate Search permission to be
139 * - if a key is found, it will be attached to the destination keyring if 136 * searched.
140 * there's one specified 137 *
141 * - /sbin/request-key will be invoked if _callout_info is non-NULL 138 * If a key is found, it will be attached to the destination keyring if there's
142 * - the _callout_info string will be passed to /sbin/request-key 139 * one specified and the serial number of the key will be returned.
143 * - if the _callout_info string is empty, it will be rendered as "-" 140 *
144 * - implements request_key() 141 * If no key is found, /sbin/request-key will be invoked if _callout_info is
142 * non-NULL in an attempt to create a key. The _callout_info string will be
143 * passed to /sbin/request-key to aid with completing the request. If the
144 * _callout_info string is "" then it will be changed to "-".
145 */ 145 */
146SYSCALL_DEFINE4(request_key, const char __user *, _type, 146SYSCALL_DEFINE4(request_key, const char __user *, _type,
147 const char __user *, _description, 147 const char __user *, _description,
@@ -222,9 +222,11 @@ error:
222} 222}
223 223
224/* 224/*
225 * get the ID of the specified process keyring 225 * Get the ID of the specified process keyring.
226 * - the keyring must have search permission to be found 226 *
227 * - implements keyctl(KEYCTL_GET_KEYRING_ID) 227 * The requested keyring must have search permission to be found.
228 *
229 * If successful, the ID of the requested keyring will be returned.
228 */ 230 */
229long keyctl_get_keyring_ID(key_serial_t id, int create) 231long keyctl_get_keyring_ID(key_serial_t id, int create)
230{ 232{
@@ -243,12 +245,17 @@ long keyctl_get_keyring_ID(key_serial_t id, int create)
243 key_ref_put(key_ref); 245 key_ref_put(key_ref);
244error: 246error:
245 return ret; 247 return ret;
246 248}
247} /* end keyctl_get_keyring_ID() */
248 249
249/* 250/*
250 * join the session keyring 251 * Join a (named) session keyring.
251 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) 252 *
253 * Create and join an anonymous session keyring or join a named session
254 * keyring, creating it if necessary. A named session keyring must have Search
255 * permission for it to be joined. Session keyrings without this permit will
256 * be skipped over.
257 *
258 * If successful, the ID of the joined session keyring will be returned.
252 */ 259 */
253long keyctl_join_session_keyring(const char __user *_name) 260long keyctl_join_session_keyring(const char __user *_name)
254{ 261{
@@ -274,9 +281,14 @@ error:
274} 281}
275 282
276/* 283/*
277 * update a key's data payload 284 * Update a key's data payload from the given data.
278 * - the key must be writable 285 *
279 * - implements keyctl(KEYCTL_UPDATE) 286 * The key must grant the caller Write permission and the key type must support
287 * updating for this to work. A negative key can be positively instantiated
288 * with this call.
289 *
290 * If successful, 0 will be returned. If the key type does not support
291 * updating, then -EOPNOTSUPP will be returned.
280 */ 292 */
281long keyctl_update_key(key_serial_t id, 293long keyctl_update_key(key_serial_t id,
282 const void __user *_payload, 294 const void __user *_payload,
@@ -321,9 +333,14 @@ error:
321} 333}
322 334
323/* 335/*
324 * revoke a key 336 * Revoke a key.
325 * - the key must be writable 337 *
326 * - implements keyctl(KEYCTL_REVOKE) 338 * The key must be grant the caller Write or Setattr permission for this to
339 * work. The key type should give up its quota claim when revoked. The key
340 * and any links to the key will be automatically garbage collected after a
341 * certain amount of time (/proc/sys/kernel/keys/gc_delay).
342 *
343 * If successful, 0 is returned.
327 */ 344 */
328long keyctl_revoke_key(key_serial_t id) 345long keyctl_revoke_key(key_serial_t id)
329{ 346{
@@ -351,9 +368,11 @@ error:
351} 368}
352 369
353/* 370/*
354 * clear the specified process keyring 371 * Clear the specified keyring, creating an empty process keyring if one of the
355 * - the keyring must be writable 372 * special keyring IDs is used.
356 * - implements keyctl(KEYCTL_CLEAR) 373 *
374 * The keyring must grant the caller Write permission for this to work. If
375 * successful, 0 will be returned.
357 */ 376 */
358long keyctl_keyring_clear(key_serial_t ringid) 377long keyctl_keyring_clear(key_serial_t ringid)
359{ 378{
@@ -374,10 +393,15 @@ error:
374} 393}
375 394
376/* 395/*
377 * link a key into a keyring 396 * Create a link from a keyring to a key if there's no matching key in the
378 * - the keyring must be writable 397 * keyring, otherwise replace the link to the matching key with a link to the
379 * - the key must be linkable 398 * new key.
380 * - implements keyctl(KEYCTL_LINK) 399 *
400 * The key must grant the caller Link permission and the the keyring must grant
401 * the caller Write permission. Furthermore, if an additional link is created,
402 * the keyring's quota will be extended.
403 *
404 * If successful, 0 will be returned.
381 */ 405 */
382long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 406long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
383{ 407{
@@ -406,10 +430,13 @@ error:
406} 430}
407 431
408/* 432/*
409 * unlink the first attachment of a key from a keyring 433 * Unlink a key from a keyring.
410 * - the keyring must be writable 434 *
411 * - we don't need any permissions on the key 435 * The keyring must grant the caller Write permission for this to work; the key
412 * - implements keyctl(KEYCTL_UNLINK) 436 * itself need not grant the caller anything. If the last link to a key is
437 * removed then that key will be scheduled for destruction.
438 *
439 * If successful, 0 will be returned.
413 */ 440 */
414long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 441long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
415{ 442{
@@ -438,14 +465,17 @@ error:
438} 465}
439 466
440/* 467/*
441 * describe a user key 468 * Return a description of a key to userspace.
442 * - the key must have view permission 469 *
443 * - if there's a buffer, we place up to buflen bytes of data into it 470 * The key must grant the caller View permission for this to work.
444 * - unless there's an error, we return the amount of description available, 471 *
445 * irrespective of how much we may have copied 472 * If there's a buffer, we place up to buflen bytes of data into it formatted
446 * - the description is formatted thus: 473 * in the following way:
474 *
447 * type;uid;gid;perm;description<NUL> 475 * type;uid;gid;perm;description<NUL>
448 * - implements keyctl(KEYCTL_DESCRIBE) 476 *
477 * If successful, we return the amount of description available, irrespective
478 * of how much we may have copied into the buffer.
449 */ 479 */
450long keyctl_describe_key(key_serial_t keyid, 480long keyctl_describe_key(key_serial_t keyid,
451 char __user *buffer, 481 char __user *buffer,
@@ -516,13 +546,14 @@ error:
516} 546}
517 547
518/* 548/*
519 * search the specified keyring for a matching key 549 * Search the specified keyring and any keyrings it links to for a matching
520 * - the start keyring must be searchable 550 * key. Only keyrings that grant the caller Search permission will be searched
521 * - nested keyrings may also be searched if they are searchable 551 * (this includes the starting keyring). Only keys with Search permission can
522 * - only keys with search permission may be found 552 * be found.
523 * - if a key is found, it will be attached to the destination keyring if 553 *
524 * there's one specified 554 * If successful, the found key will be linked to the destination keyring if
525 * - implements keyctl(KEYCTL_SEARCH) 555 * supplied and the key has Link permission, and the found key ID will be
556 * returned.
526 */ 557 */
527long keyctl_keyring_search(key_serial_t ringid, 558long keyctl_keyring_search(key_serial_t ringid,
528 const char __user *_type, 559 const char __user *_type,
@@ -609,13 +640,14 @@ error:
609} 640}
610 641
611/* 642/*
612 * read a user key's payload 643 * Read a key's payload.
613 * - the keyring must be readable or the key must be searchable from the 644 *
614 * process's keyrings 645 * The key must either grant the caller Read permission, or it must grant the
615 * - if there's a buffer, we place up to buflen bytes of data into it 646 * caller Search permission when searched for from the process keyrings.
616 * - unless there's an error, we return the amount of data in the key, 647 *
617 * irrespective of how much we may have copied 648 * If successful, we place up to buflen bytes of data into the buffer, if one
618 * - implements keyctl(KEYCTL_READ) 649 * is provided, and return the amount of data that is available in the key,
650 * irrespective of how much we copied into the buffer.
619 */ 651 */
620long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 652long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
621{ 653{
@@ -669,10 +701,19 @@ error:
669} 701}
670 702
671/* 703/*
672 * change the ownership of a key 704 * Change the ownership of a key
673 * - the keyring owned by the changer 705 *
674 * - if the uid or gid is -1, then that parameter is not changed 706 * The key must grant the caller Setattr permission for this to work, though
675 * - implements keyctl(KEYCTL_CHOWN) 707 * the key need not be fully instantiated yet. For the UID to be changed, or
708 * for the GID to be changed to a group the caller is not a member of, the
709 * caller must have sysadmin capability. If either uid or gid is -1 then that
710 * attribute is not changed.
711 *
712 * If the UID is to be changed, the new user must have sufficient quota to
713 * accept the key. The quota deduction will be removed from the old user to
714 * the new user should the attribute be changed.
715 *
716 * If successful, 0 will be returned.
676 */ 717 */
677long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 718long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
678{ 719{
@@ -775,9 +816,11 @@ quota_overrun:
775} 816}
776 817
777/* 818/*
778 * change the permission mask on a key 819 * Change the permission mask on a key.
779 * - the keyring owned by the changer 820 *
780 * - implements keyctl(KEYCTL_SETPERM) 821 * The key must grant the caller Setattr permission for this to work, though
822 * the key need not be fully instantiated yet. If the caller does not have
823 * sysadmin capability, it may only change the permission on keys that it owns.
781 */ 824 */
782long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 825long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
783{ 826{
@@ -815,7 +858,8 @@ error:
815} 858}
816 859
817/* 860/*
818 * get the destination keyring for instantiation 861 * Get the destination keyring for instantiation and check that the caller has
862 * Write permission on it.
819 */ 863 */
820static long get_instantiation_keyring(key_serial_t ringid, 864static long get_instantiation_keyring(key_serial_t ringid,
821 struct request_key_auth *rka, 865 struct request_key_auth *rka,
@@ -852,7 +896,7 @@ static long get_instantiation_keyring(key_serial_t ringid,
852} 896}
853 897
854/* 898/*
855 * change the request_key authorisation key on the current process 899 * Change the request_key authorisation key on the current process.
856 */ 900 */
857static int keyctl_change_reqkey_auth(struct key *key) 901static int keyctl_change_reqkey_auth(struct key *key)
858{ 902{
@@ -869,8 +913,13 @@ static int keyctl_change_reqkey_auth(struct key *key)
869} 913}
870 914
871/* 915/*
872 * instantiate the key with the specified payload, and, if one is given, link 916 * Instantiate a key with the specified payload and link the key into the
873 * the key into the keyring 917 * destination keyring if one is given.
918 *
919 * The caller must have the appropriate instantiation permit set for this to
920 * work (see keyctl_assume_authority). No other permissions are required.
921 *
922 * If successful, 0 will be returned.
874 */ 923 */
875long keyctl_instantiate_key(key_serial_t id, 924long keyctl_instantiate_key(key_serial_t id,
876 const void __user *_payload, 925 const void __user *_payload,
@@ -948,8 +997,19 @@ error:
948} 997}
949 998
950/* 999/*
951 * negatively instantiate the key with the given timeout (in seconds), and, if 1000 * Negatively instantiate the key with the given timeout (in seconds) and link
952 * one is given, link the key into the keyring 1001 * the key into the destination keyring if one is given.
1002 *
1003 * The caller must have the appropriate instantiation permit set for this to
1004 * work (see keyctl_assume_authority). No other permissions are required.
1005 *
1006 * The key and any links to the key will be automatically garbage collected
1007 * after the timeout expires.
1008 *
1009 * Negative keys are used to rate limit repeated request_key() calls by causing
1010 * them to return -ENOKEY until the negative key expires.
1011 *
1012 * If successful, 0 will be returned.
953 */ 1013 */
954long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1014long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
955{ 1015{
@@ -993,8 +1053,11 @@ error:
993} 1053}
994 1054
995/* 1055/*
996 * set the default keyring in which request_key() will cache keys 1056 * Read or set the default keyring in which request_key() will cache keys and
997 * - return the old setting 1057 * return the old setting.
1058 *
1059 * If a process keyring is specified then this will be created if it doesn't
1060 * yet exist. The old setting will be returned if successful.
998 */ 1061 */
999long keyctl_set_reqkey_keyring(int reqkey_defl) 1062long keyctl_set_reqkey_keyring(int reqkey_defl)
1000{ 1063{
@@ -1050,7 +1113,16 @@ error:
1050} 1113}
1051 1114
1052/* 1115/*
1053 * set or clear the timeout for a key 1116 * Set or clear the timeout on a key.
1117 *
1118 * Either the key must grant the caller Setattr permission or else the caller
1119 * must hold an instantiation authorisation token for the key.
1120 *
1121 * The timeout is either 0 to clear the timeout, or a number of seconds from
1122 * the current time. The key and any links to the key will be automatically
1123 * garbage collected after the timeout expires.
1124 *
1125 * If successful, 0 is returned.
1054 */ 1126 */
1055long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1127long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1056{ 1128{
@@ -1105,7 +1177,21 @@ error:
1105} 1177}
1106 1178
1107/* 1179/*
1108 * assume the authority to instantiate the specified key 1180 * Assume (or clear) the authority to instantiate the specified key.
1181 *
1182 * This sets the authoritative token currently in force for key instantiation.
1183 * This must be done for a key to be instantiated. It has the effect of making
1184 * available all the keys from the caller of the request_key() that created a
1185 * key to request_key() calls made by the caller of this function.
1186 *
1187 * The caller must have the instantiation key in their process keyrings with a
1188 * Search permission grant available to the caller.
1189 *
1190 * If the ID given is 0, then the setting will be cleared and 0 returned.
1191 *
1192 * If the ID given has a matching an authorisation key, then that key will be
1193 * set and its ID will be returned. The authorisation key can be read to get
1194 * the callout information passed to request_key().
1109 */ 1195 */
1110long keyctl_assume_authority(key_serial_t id) 1196long keyctl_assume_authority(key_serial_t id)
1111{ 1197{
@@ -1145,12 +1231,14 @@ error:
1145} 1231}
1146 1232
1147/* 1233/*
1148 * get the security label of a key 1234 * Get a key's the LSM security label.
1149 * - the key must grant us view permission 1235 *
1150 * - if there's a buffer, we place up to buflen bytes of data into it 1236 * The key must grant the caller View permission for this to work.
1151 * - unless there's an error, we return the amount of information available, 1237 *
1152 * irrespective of how much we may have copied (including the terminal NUL) 1238 * If there's a buffer, then up to buflen bytes of data will be placed into it.
1153 * - implements keyctl(KEYCTL_GET_SECURITY) 1239 *
1240 * If successful, the amount of information available will be returned,
1241 * irrespective of how much was copied (including the terminal NUL).
1154 */ 1242 */
1155long keyctl_get_security(key_serial_t keyid, 1243long keyctl_get_security(key_serial_t keyid,
1156 char __user *buffer, 1244 char __user *buffer,
@@ -1205,10 +1293,16 @@ long keyctl_get_security(key_serial_t keyid,
1205} 1293}
1206 1294
1207/* 1295/*
1208 * attempt to install the calling process's session keyring on the process's 1296 * Attempt to install the calling process's session keyring on the process's
1209 * parent process 1297 * parent process.
1210 * - the keyring must exist and must grant us LINK permission 1298 *
1211 * - implements keyctl(KEYCTL_SESSION_TO_PARENT) 1299 * The keyring must exist and must grant the caller LINK permission, and the
1300 * parent process must be single-threaded and must have the same effective
1301 * ownership as this process and mustn't be SUID/SGID.
1302 *
1303 * The keyring will be emplaced on the parent when it next resumes userspace.
1304 *
1305 * If successful, 0 will be returned.
1212 */ 1306 */
1213long keyctl_session_to_parent(void) 1307long keyctl_session_to_parent(void)
1214{ 1308{
@@ -1312,7 +1406,7 @@ error_keyring:
1312} 1406}
1313 1407
1314/* 1408/*
1315 * the key control system call 1409 * The key control system call
1316 */ 1410 */
1317SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1411SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1318 unsigned long, arg4, unsigned long, arg5) 1412 unsigned long, arg4, unsigned long, arg5)
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index 0a2b8e916d97..92024ed12e0a 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -26,13 +26,13 @@
26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem))) 26 rwsem_is_locked((struct rw_semaphore *)&(keyring)->sem)))
27 27
28/* 28/*
29 * when plumbing the depths of the key tree, this sets a hard limit set on how 29 * When plumbing the depths of the key tree, this sets a hard limit
30 * deep we're willing to go 30 * set on how deep we're willing to go.
31 */ 31 */
32#define KEYRING_SEARCH_MAX_DEPTH 6 32#define KEYRING_SEARCH_MAX_DEPTH 6
33 33
34/* 34/*
35 * we keep all named keyrings in a hash to speed looking them up 35 * We keep all named keyrings in a hash to speed looking them up.
36 */ 36 */
37#define KEYRING_NAME_HASH_SIZE (1 << 5) 37#define KEYRING_NAME_HASH_SIZE (1 << 5)
38 38
@@ -50,7 +50,9 @@ static inline unsigned keyring_hash(const char *desc)
50} 50}
51 51
52/* 52/*
53 * the keyring type definition 53 * The keyring key type definition. Keyrings are simply keys of this type and
54 * can be treated as ordinary keys in addition to having their own special
55 * operations.
54 */ 56 */
55static int keyring_instantiate(struct key *keyring, 57static int keyring_instantiate(struct key *keyring,
56 const void *data, size_t datalen); 58 const void *data, size_t datalen);
@@ -71,18 +73,17 @@ struct key_type key_type_keyring = {
71 .describe = keyring_describe, 73 .describe = keyring_describe,
72 .read = keyring_read, 74 .read = keyring_read,
73}; 75};
74
75EXPORT_SYMBOL(key_type_keyring); 76EXPORT_SYMBOL(key_type_keyring);
76 77
77/* 78/*
78 * semaphore to serialise link/link calls to prevent two link calls in parallel 79 * Semaphore to serialise link/link calls to prevent two link calls in parallel
79 * introducing a cycle 80 * introducing a cycle.
80 */ 81 */
81static DECLARE_RWSEM(keyring_serialise_link_sem); 82static DECLARE_RWSEM(keyring_serialise_link_sem);
82 83
83/* 84/*
84 * publish the name of a keyring so that it can be found by name (if it has 85 * Publish the name of a keyring so that it can be found by name (if it has
85 * one) 86 * one).
86 */ 87 */
87static void keyring_publish_name(struct key *keyring) 88static void keyring_publish_name(struct key *keyring)
88{ 89{
@@ -104,8 +105,9 @@ static void keyring_publish_name(struct key *keyring)
104} 105}
105 106
106/* 107/*
107 * initialise a keyring 108 * Initialise a keyring.
108 * - we object if we were given any data 109 *
110 * Returns 0 on success, -EINVAL if given any data.
109 */ 111 */
110static int keyring_instantiate(struct key *keyring, 112static int keyring_instantiate(struct key *keyring,
111 const void *data, size_t datalen) 113 const void *data, size_t datalen)
@@ -123,7 +125,7 @@ static int keyring_instantiate(struct key *keyring,
123} 125}
124 126
125/* 127/*
126 * match keyrings on their name 128 * Match keyrings on their name
127 */ 129 */
128static int keyring_match(const struct key *keyring, const void *description) 130static int keyring_match(const struct key *keyring, const void *description)
129{ 131{
@@ -132,7 +134,8 @@ static int keyring_match(const struct key *keyring, const void *description)
132} 134}
133 135
134/* 136/*
135 * dispose of the data dangling from the corpse of a keyring 137 * Clean up a keyring when it is destroyed. Unpublish its name if it had one
138 * and dispose of its data.
136 */ 139 */
137static void keyring_destroy(struct key *keyring) 140static void keyring_destroy(struct key *keyring)
138{ 141{
@@ -160,7 +163,7 @@ static void keyring_destroy(struct key *keyring)
160} 163}
161 164
162/* 165/*
163 * describe the keyring 166 * Describe a keyring for /proc.
164 */ 167 */
165static void keyring_describe(const struct key *keyring, struct seq_file *m) 168static void keyring_describe(const struct key *keyring, struct seq_file *m)
166{ 169{
@@ -181,8 +184,9 @@ static void keyring_describe(const struct key *keyring, struct seq_file *m)
181} 184}
182 185
183/* 186/*
184 * read a list of key IDs from the keyring's contents 187 * Read a list of key IDs from the keyring's contents in binary form
185 * - the keyring's semaphore is read-locked 188 *
189 * The keyring's semaphore is read-locked by the caller.
186 */ 190 */
187static long keyring_read(const struct key *keyring, 191static long keyring_read(const struct key *keyring,
188 char __user *buffer, size_t buflen) 192 char __user *buffer, size_t buflen)
@@ -233,7 +237,7 @@ error:
233} 237}
234 238
235/* 239/*
236 * allocate a keyring and link into the destination keyring 240 * Allocate a keyring and link into the destination keyring.
237 */ 241 */
238struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, 242struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
239 const struct cred *cred, unsigned long flags, 243 const struct cred *cred, unsigned long flags,
@@ -258,16 +262,40 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
258 return keyring; 262 return keyring;
259} 263}
260 264
261/* 265/**
262 * search the supplied keyring tree for a key that matches the criterion 266 * keyring_search_aux - Search a keyring tree for a key matching some criteria
263 * - perform a breadth-then-depth search up to the prescribed limit 267 * @keyring_ref: A pointer to the keyring with possession indicator.
264 * - we only find keys on which we have search permission 268 * @cred: The credentials to use for permissions checks.
265 * - we use the supplied match function to see if the description (or other 269 * @type: The type of key to search for.
266 * feature of interest) matches 270 * @description: Parameter for @match.
267 * - we rely on RCU to prevent the keyring lists from disappearing on us 271 * @match: Function to rule on whether or not a key is the one required.
268 * - we return -EAGAIN if we didn't find any matching key 272 *
269 * - we return -ENOKEY if we only found negative matching keys 273 * Search the supplied keyring tree for a key that matches the criteria given.
270 * - we propagate the possession attribute from the keyring ref to the key ref 274 * The root keyring and any linked keyrings must grant Search permission to the
275 * caller to be searchable and keys can only be found if they too grant Search
276 * to the caller. The possession flag on the root keyring pointer controls use
277 * of the possessor bits in permissions checking of the entire tree. In
278 * addition, the LSM gets to forbid keyring searches and key matches.
279 *
280 * The search is performed as a breadth-then-depth search up to the prescribed
281 * limit (KEYRING_SEARCH_MAX_DEPTH).
282 *
283 * Keys are matched to the type provided and are then filtered by the match
284 * function, which is given the description to use in any way it sees fit. The
285 * match function may use any attributes of a key that it wishes to to
286 * determine the match. Normally the match function from the key type would be
287 * used.
288 *
289 * RCU is used to prevent the keyring key lists from disappearing without the
290 * need to take lots of locks.
291 *
292 * Returns a pointer to the found key and increments the key usage count if
293 * successful; -EAGAIN if no matching keys were found, or if expired or revoked
294 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the
295 * specified keyring wasn't a keyring.
296 *
297 * In the case of a successful return, the possession attribute from
298 * @keyring_ref is propagated to the returned key reference.
271 */ 299 */
272key_ref_t keyring_search_aux(key_ref_t keyring_ref, 300key_ref_t keyring_search_aux(key_ref_t keyring_ref,
273 const struct cred *cred, 301 const struct cred *cred,
@@ -431,13 +459,14 @@ error:
431 return key_ref; 459 return key_ref;
432} 460}
433 461
434/* 462/**
435 * search the supplied keyring tree for a key that matches the criterion 463 * keyring_search - Search the supplied keyring tree for a matching key
436 * - perform a breadth-then-depth search up to the prescribed limit 464 * @keyring: The root of the keyring tree to be searched.
437 * - we only find keys on which we have search permission 465 * @type: The type of keyring we want to find.
438 * - we readlock the keyrings as we search down the tree 466 * @description: The name of the keyring we want to find.
439 * - we return -EAGAIN if we didn't find any matching key 467 *
440 * - we return -ENOKEY if we only found negative matching keys 468 * As keyring_search_aux() above, but using the current task's credentials and
469 * type's default matching function.
441 */ 470 */
442key_ref_t keyring_search(key_ref_t keyring, 471key_ref_t keyring_search(key_ref_t keyring,
443 struct key_type *type, 472 struct key_type *type,
@@ -449,13 +478,22 @@ key_ref_t keyring_search(key_ref_t keyring,
449 return keyring_search_aux(keyring, current->cred, 478 return keyring_search_aux(keyring, current->cred,
450 type, description, type->match); 479 type, description, type->match);
451} 480}
452
453EXPORT_SYMBOL(keyring_search); 481EXPORT_SYMBOL(keyring_search);
454 482
455/* 483/*
456 * search the given keyring only (no recursion) 484 * Search the given keyring only (no recursion).
457 * - keyring must be locked by caller 485 *
458 * - caller must guarantee that the keyring is a keyring 486 * The caller must guarantee that the keyring is a keyring and that the
487 * permission is granted to search the keyring as no check is made here.
488 *
489 * RCU is used to make it unnecessary to lock the keyring key list here.
490 *
491 * Returns a pointer to the found key with usage count incremented if
492 * successful and returns -ENOKEY if not found. Revoked keys and keys not
493 * providing the requested permission are skipped over.
494 *
495 * If successful, the possession indicator is propagated from the keyring ref
496 * to the returned key reference.
459 */ 497 */
460key_ref_t __keyring_search_one(key_ref_t keyring_ref, 498key_ref_t __keyring_search_one(key_ref_t keyring_ref,
461 const struct key_type *ktype, 499 const struct key_type *ktype,
@@ -498,9 +536,15 @@ found:
498} 536}
499 537
500/* 538/*
501 * find a keyring with the specified name 539 * Find a keyring with the specified name.
502 * - all named keyrings are searched 540 *
503 * - normally only finds keyrings with search permission for the current process 541 * All named keyrings in the current user namespace are searched, provided they
542 * grant Search permission directly to the caller (unless this check is
543 * skipped). Keyrings whose usage points have reached zero or who have been
544 * revoked are skipped.
545 *
546 * Returns a pointer to the keyring with the keyring's refcount having being
547 * incremented on success. -ENOKEY is returned if a key could not be found.
504 */ 548 */
505struct key *find_keyring_by_name(const char *name, bool skip_perm_check) 549struct key *find_keyring_by_name(const char *name, bool skip_perm_check)
506{ 550{
@@ -551,10 +595,11 @@ out:
551} 595}
552 596
553/* 597/*
554 * see if a cycle will will be created by inserting acyclic tree B in acyclic 598 * See if a cycle will will be created by inserting acyclic tree B in acyclic
555 * tree A at the topmost level (ie: as a direct child of A) 599 * tree A at the topmost level (ie: as a direct child of A).
556 * - since we are adding B to A at the top level, checking for cycles should 600 *
557 * just be a matter of seeing if node A is somewhere in tree B 601 * Since we are adding B to A at the top level, checking for cycles should just
602 * be a matter of seeing if node A is somewhere in tree B.
558 */ 603 */
559static int keyring_detect_cycle(struct key *A, struct key *B) 604static int keyring_detect_cycle(struct key *A, struct key *B)
560{ 605{
@@ -637,7 +682,7 @@ cycle_detected:
637} 682}
638 683
639/* 684/*
640 * dispose of a keyring list after the RCU grace period, freeing the unlinked 685 * Dispose of a keyring list after the RCU grace period, freeing the unlinked
641 * key 686 * key
642 */ 687 */
643static void keyring_unlink_rcu_disposal(struct rcu_head *rcu) 688static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
@@ -651,7 +696,7 @@ static void keyring_unlink_rcu_disposal(struct rcu_head *rcu)
651} 696}
652 697
653/* 698/*
654 * preallocate memory so that a key can be linked into to a keyring 699 * Preallocate memory so that a key can be linked into to a keyring.
655 */ 700 */
656int __key_link_begin(struct key *keyring, const struct key_type *type, 701int __key_link_begin(struct key *keyring, const struct key_type *type,
657 const char *description, 702 const char *description,
@@ -768,10 +813,10 @@ error_krsem:
768} 813}
769 814
770/* 815/*
771 * check already instantiated keys aren't going to be a problem 816 * Check already instantiated keys aren't going to be a problem.
772 * - the caller must have called __key_link_begin() 817 *
773 * - don't need to call this for keys that were created since __key_link_begin() 818 * The caller must have called __key_link_begin(). Don't need to call this for
774 * was called 819 * keys that were created since __key_link_begin() was called.
775 */ 820 */
776int __key_link_check_live_key(struct key *keyring, struct key *key) 821int __key_link_check_live_key(struct key *keyring, struct key *key)
777{ 822{
@@ -783,9 +828,12 @@ int __key_link_check_live_key(struct key *keyring, struct key *key)
783} 828}
784 829
785/* 830/*
786 * link a key into to a keyring 831 * Link a key into to a keyring.
787 * - must be called with __key_link_begin() having being called 832 *
788 * - discard already extant link to matching key if there is one 833 * Must be called with __key_link_begin() having being called. Discards any
834 * already extant link to matching key if there is one, so that each keyring
835 * holds at most one link to any given key of a particular type+description
836 * combination.
789 */ 837 */
790void __key_link(struct key *keyring, struct key *key, 838void __key_link(struct key *keyring, struct key *key,
791 struct keyring_list **_prealloc) 839 struct keyring_list **_prealloc)
@@ -828,8 +876,9 @@ void __key_link(struct key *keyring, struct key *key,
828} 876}
829 877
830/* 878/*
831 * finish linking a key into to a keyring 879 * Finish linking a key into to a keyring.
832 * - must be called with __key_link_begin() having being called 880 *
881 * Must be called with __key_link_begin() having being called.
833 */ 882 */
834void __key_link_end(struct key *keyring, struct key_type *type, 883void __key_link_end(struct key *keyring, struct key_type *type,
835 struct keyring_list *prealloc) 884 struct keyring_list *prealloc)
@@ -850,8 +899,25 @@ void __key_link_end(struct key *keyring, struct key_type *type,
850 up_write(&keyring->sem); 899 up_write(&keyring->sem);
851} 900}
852 901
853/* 902/**
854 * link a key to a keyring 903 * key_link - Link a key to a keyring
904 * @keyring: The keyring to make the link in.
905 * @key: The key to link to.
906 *
907 * Make a link in a keyring to a key, such that the keyring holds a reference
908 * on that key and the key can potentially be found by searching that keyring.
909 *
910 * This function will write-lock the keyring's semaphore and will consume some
911 * of the user's key data quota to hold the link.
912 *
913 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring,
914 * -EKEYREVOKED if the keyring has been revoked, -ENFILE if the keyring is
915 * full, -EDQUOT if there is insufficient key data quota remaining to add
916 * another link or -ENOMEM if there's insufficient memory.
917 *
918 * It is assumed that the caller has checked that it is permitted for a link to
919 * be made (the keyring should have Write permission and the key Link
920 * permission).
855 */ 921 */
856int key_link(struct key *keyring, struct key *key) 922int key_link(struct key *keyring, struct key *key)
857{ 923{
@@ -871,11 +937,24 @@ int key_link(struct key *keyring, struct key *key)
871 937
872 return ret; 938 return ret;
873} 939}
874
875EXPORT_SYMBOL(key_link); 940EXPORT_SYMBOL(key_link);
876 941
877/* 942/**
878 * unlink the first link to a key from a keyring 943 * key_unlink - Unlink the first link to a key from a keyring.
944 * @keyring: The keyring to remove the link from.
945 * @key: The key the link is to.
946 *
947 * Remove a link from a keyring to a key.
948 *
949 * This function will write-lock the keyring's semaphore.
950 *
951 * Returns 0 if successful, -ENOTDIR if the keyring isn't a keyring, -ENOENT if
952 * the key isn't linked to by the keyring or -ENOMEM if there's insufficient
953 * memory.
954 *
955 * It is assumed that the caller has checked that it is permitted for a link to
956 * be removed (the keyring should have Write permission; no permissions are
957 * required on the key).
879 */ 958 */
880int key_unlink(struct key *keyring, struct key *key) 959int key_unlink(struct key *keyring, struct key *key)
881{ 960{
@@ -944,12 +1023,11 @@ nomem:
944 up_write(&keyring->sem); 1023 up_write(&keyring->sem);
945 goto error; 1024 goto error;
946} 1025}
947
948EXPORT_SYMBOL(key_unlink); 1026EXPORT_SYMBOL(key_unlink);
949 1027
950/* 1028/*
951 * dispose of a keyring list after the RCU grace period, releasing the keys it 1029 * Dispose of a keyring list after the RCU grace period, releasing the keys it
952 * links to 1030 * links to.
953 */ 1031 */
954static void keyring_clear_rcu_disposal(struct rcu_head *rcu) 1032static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
955{ 1033{
@@ -964,9 +1042,13 @@ static void keyring_clear_rcu_disposal(struct rcu_head *rcu)
964 kfree(klist); 1042 kfree(klist);
965} 1043}
966 1044
967/* 1045/**
968 * clear the specified process keyring 1046 * keyring_clear - Clear a keyring
969 * - implements keyctl(KEYCTL_CLEAR) 1047 * @keyring: The keyring to clear.
1048 *
1049 * Clear the contents of the specified keyring.
1050 *
1051 * Returns 0 if successful or -ENOTDIR if the keyring isn't a keyring.
970 */ 1052 */
971int keyring_clear(struct key *keyring) 1053int keyring_clear(struct key *keyring)
972{ 1054{
@@ -999,12 +1081,12 @@ int keyring_clear(struct key *keyring)
999 1081
1000 return ret; 1082 return ret;
1001} 1083}
1002
1003EXPORT_SYMBOL(keyring_clear); 1084EXPORT_SYMBOL(keyring_clear);
1004 1085
1005/* 1086/*
1006 * dispose of the links from a revoked keyring 1087 * Dispose of the links from a revoked keyring.
1007 * - called with the key sem write-locked 1088 *
1089 * This is called with the key sem write-locked.
1008 */ 1090 */
1009static void keyring_revoke(struct key *keyring) 1091static void keyring_revoke(struct key *keyring)
1010{ 1092{
@@ -1022,7 +1104,7 @@ static void keyring_revoke(struct key *keyring)
1022} 1104}
1023 1105
1024/* 1106/*
1025 * Determine whether a key is dead 1107 * Determine whether a key is dead.
1026 */ 1108 */
1027static bool key_is_dead(struct key *key, time_t limit) 1109static bool key_is_dead(struct key *key, time_t limit)
1028{ 1110{
@@ -1031,7 +1113,12 @@ static bool key_is_dead(struct key *key, time_t limit)
1031} 1113}
1032 1114
1033/* 1115/*
1034 * Collect garbage from the contents of a keyring 1116 * Collect garbage from the contents of a keyring, replacing the old list with
1117 * a new one with the pointers all shuffled down.
1118 *
1119 * Dead keys are classed as oned that are flagged as being dead or are revoked,
1120 * expired or negative keys that were revoked or expired before the specified
1121 * limit.
1035 */ 1122 */
1036void keyring_gc(struct key *keyring, time_t limit) 1123void keyring_gc(struct key *keyring, time_t limit)
1037{ 1124{
diff --git a/security/keys/permission.c b/security/keys/permission.c
index 6284b1496c29..c35b5229e3cd 100644
--- a/security/keys/permission.c
+++ b/security/keys/permission.c
@@ -1,4 +1,4 @@
1/* permission.c: key permission determination 1/* Key permission checking
2 * 2 *
3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -15,15 +15,17 @@
15 15
16/** 16/**
17 * key_task_permission - Check a key can be used 17 * key_task_permission - Check a key can be used
18 * @key_ref: The key to check 18 * @key_ref: The key to check.
19 * @cred: The credentials to use 19 * @cred: The credentials to use.
20 * @perm: The permissions to check for 20 * @perm: The permissions to check for.
21 * 21 *
22 * Check to see whether permission is granted to use a key in the desired way, 22 * Check to see whether permission is granted to use a key in the desired way,
23 * but permit the security modules to override. 23 * but permit the security modules to override.
24 * 24 *
25 * The caller must hold either a ref on cred or must hold the RCU readlock or a 25 * The caller must hold either a ref on cred or must hold the RCU readlock.
26 * spinlock. 26 *
27 * Returns 0 if successful, -EACCES if access is denied based on the
28 * permissions bits or the LSM check.
27 */ 29 */
28int key_task_permission(const key_ref_t key_ref, const struct cred *cred, 30int key_task_permission(const key_ref_t key_ref, const struct cred *cred,
29 key_perm_t perm) 31 key_perm_t perm)
@@ -79,11 +81,15 @@ use_these_perms:
79 /* let LSM be the final arbiter */ 81 /* let LSM be the final arbiter */
80 return security_key_permission(key_ref, cred, perm); 82 return security_key_permission(key_ref, cred, perm);
81} 83}
82
83EXPORT_SYMBOL(key_task_permission); 84EXPORT_SYMBOL(key_task_permission);
84 85
85/* 86/**
86 * validate a key 87 * key_validate - Validate a key.
88 * @key: The key to be validated.
89 *
90 * Check that a key is valid, returning 0 if the key is okay, -EKEYREVOKED if
91 * the key's type has been removed or if the key has been revoked or
92 * -EKEYEXPIRED if the key has expired.
87 */ 93 */
88int key_validate(struct key *key) 94int key_validate(struct key *key)
89{ 95{
@@ -109,5 +115,4 @@ int key_validate(struct key *key)
109error: 115error:
110 return ret; 116 return ret;
111} 117}
112
113EXPORT_SYMBOL(key_validate); 118EXPORT_SYMBOL(key_validate);
diff --git a/security/keys/proc.c b/security/keys/proc.c
index ad5f64e1b320..525cf8a29cdd 100644
--- a/security/keys/proc.c
+++ b/security/keys/proc.c
@@ -1,4 +1,4 @@
1/* proc.c: proc files for key database enumeration 1/* procfs files for key database enumeration
2 * 2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -61,7 +61,7 @@ static const struct file_operations proc_key_users_fops = {
61}; 61};
62 62
63/* 63/*
64 * declare the /proc files 64 * Declare the /proc files.
65 */ 65 */
66static int __init key_proc_init(void) 66static int __init key_proc_init(void)
67{ 67{
@@ -83,7 +83,8 @@ static int __init key_proc_init(void)
83__initcall(key_proc_init); 83__initcall(key_proc_init);
84 84
85/* 85/*
86 * implement "/proc/keys" to provides a list of the keys on the system 86 * Implement "/proc/keys" to provide a list of the keys on the system that
87 * grant View permission to the caller.
87 */ 88 */
88#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS 89#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
89 90
@@ -291,7 +292,8 @@ static struct rb_node *key_user_first(struct rb_root *r)
291} 292}
292 293
293/* 294/*
294 * implement "/proc/key-users" to provides a list of the key users 295 * Implement "/proc/key-users" to provides a list of the key users and their
296 * quotas.
295 */ 297 */
296static int proc_key_users_open(struct inode *inode, struct file *file) 298static int proc_key_users_open(struct inode *inode, struct file *file)
297{ 299{
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index ea55cf9acf36..930634e45149 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -1,4 +1,4 @@
1/* Management of a process's keyrings 1/* Manage a process's keyrings
2 * 2 *
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -21,13 +21,13 @@
21#include <asm/uaccess.h> 21#include <asm/uaccess.h>
22#include "internal.h" 22#include "internal.h"
23 23
24/* session keyring create vs join semaphore */ 24/* Session keyring create vs join semaphore */
25static DEFINE_MUTEX(key_session_mutex); 25static DEFINE_MUTEX(key_session_mutex);
26 26
27/* user keyring creation semaphore */ 27/* User keyring creation semaphore */
28static DEFINE_MUTEX(key_user_keyring_mutex); 28static DEFINE_MUTEX(key_user_keyring_mutex);
29 29
30/* the root user's tracking struct */ 30/* The root user's tracking struct */
31struct key_user root_key_user = { 31struct key_user root_key_user = {
32 .usage = ATOMIC_INIT(3), 32 .usage = ATOMIC_INIT(3),
33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
@@ -39,7 +39,7 @@ struct key_user root_key_user = {
39}; 39};
40 40
41/* 41/*
42 * install user and user session keyrings for a particular UID 42 * Install the user and user session keyrings for the current process's UID.
43 */ 43 */
44int install_user_keyrings(void) 44int install_user_keyrings(void)
45{ 45{
@@ -121,7 +121,8 @@ error:
121} 121}
122 122
123/* 123/*
124 * install a fresh thread keyring directly to new credentials 124 * Install a fresh thread keyring directly to new credentials. This keyring is
125 * allowed to overrun the quota.
125 */ 126 */
126int install_thread_keyring_to_cred(struct cred *new) 127int install_thread_keyring_to_cred(struct cred *new)
127{ 128{
@@ -137,7 +138,7 @@ int install_thread_keyring_to_cred(struct cred *new)
137} 138}
138 139
139/* 140/*
140 * install a fresh thread keyring, discarding the old one 141 * Install a fresh thread keyring, discarding the old one.
141 */ 142 */
142static int install_thread_keyring(void) 143static int install_thread_keyring(void)
143{ 144{
@@ -160,9 +161,10 @@ static int install_thread_keyring(void)
160} 161}
161 162
162/* 163/*
163 * install a process keyring directly to a credentials struct 164 * Install a process keyring directly to a credentials struct.
164 * - returns -EEXIST if there was already a process keyring, 0 if one installed, 165 *
165 * and other -ve on any other error 166 * Returns -EEXIST if there was already a process keyring, 0 if one installed,
167 * and other value on any other error
166 */ 168 */
167int install_process_keyring_to_cred(struct cred *new) 169int install_process_keyring_to_cred(struct cred *new)
168{ 170{
@@ -191,8 +193,11 @@ int install_process_keyring_to_cred(struct cred *new)
191} 193}
192 194
193/* 195/*
194 * make sure a process keyring is installed 196 * Make sure a process keyring is installed for the current process. The
195 * - we 197 * existing process keyring is not replaced.
198 *
199 * Returns 0 if there is a process keyring by the end of this function, some
200 * error otherwise.
196 */ 201 */
197static int install_process_keyring(void) 202static int install_process_keyring(void)
198{ 203{
@@ -213,7 +218,7 @@ static int install_process_keyring(void)
213} 218}
214 219
215/* 220/*
216 * install a session keyring directly to a credentials struct 221 * Install a session keyring directly to a credentials struct.
217 */ 222 */
218int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 223int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
219{ 224{
@@ -253,8 +258,8 @@ int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
253} 258}
254 259
255/* 260/*
256 * install a session keyring, discarding the old one 261 * Install a session keyring, discarding the old one. If a keyring is not
257 * - if a keyring is not supplied, an empty one is invented 262 * supplied, an empty one is invented.
258 */ 263 */
259static int install_session_keyring(struct key *keyring) 264static int install_session_keyring(struct key *keyring)
260{ 265{
@@ -275,7 +280,7 @@ static int install_session_keyring(struct key *keyring)
275} 280}
276 281
277/* 282/*
278 * the filesystem user ID changed 283 * Handle the fsuid changing.
279 */ 284 */
280void key_fsuid_changed(struct task_struct *tsk) 285void key_fsuid_changed(struct task_struct *tsk)
281{ 286{
@@ -289,7 +294,7 @@ void key_fsuid_changed(struct task_struct *tsk)
289} 294}
290 295
291/* 296/*
292 * the filesystem group ID changed 297 * Handle the fsgid changing.
293 */ 298 */
294void key_fsgid_changed(struct task_struct *tsk) 299void key_fsgid_changed(struct task_struct *tsk)
295{ 300{
@@ -303,11 +308,25 @@ void key_fsgid_changed(struct task_struct *tsk)
303} 308}
304 309
305/* 310/*
306 * search only my process keyrings for the first matching key 311 * Search the process keyrings attached to the supplied cred for the first
307 * - we use the supplied match function to see if the description (or other 312 * matching key.
308 * feature of interest) matches 313 *
309 * - we return -EAGAIN if we didn't find any matching key 314 * The search criteria are the type and the match function. The description is
310 * - we return -ENOKEY if we found only negative matching keys 315 * given to the match function as a parameter, but doesn't otherwise influence
316 * the search. Typically the match function will compare the description
317 * parameter to the key's description.
318 *
319 * This can only search keyrings that grant Search permission to the supplied
320 * credentials. Keyrings linked to searched keyrings will also be searched if
321 * they grant Search permission too. Keys can only be found if they grant
322 * Search permission to the credentials.
323 *
324 * Returns a pointer to the key with the key usage count incremented if
325 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
326 * matched negative keys.
327 *
328 * In the case of a successful return, the possession attribute is set on the
329 * returned key reference.
311 */ 330 */
312key_ref_t search_my_process_keyrings(struct key_type *type, 331key_ref_t search_my_process_keyrings(struct key_type *type,
313 const void *description, 332 const void *description,
@@ -423,11 +442,12 @@ found:
423} 442}
424 443
425/* 444/*
426 * search the process keyrings for the first matching key 445 * Search the process keyrings attached to the supplied cred for the first
427 * - we use the supplied match function to see if the description (or other 446 * matching key in the manner of search_my_process_keyrings(), but also search
428 * feature of interest) matches 447 * the keys attached to the assumed authorisation key using its credentials if
429 * - we return -EAGAIN if we didn't find any matching key 448 * one is available.
430 * - we return -ENOKEY if we found only negative matching keys 449 *
450 * Return same as search_my_process_keyrings().
431 */ 451 */
432key_ref_t search_process_keyrings(struct key_type *type, 452key_ref_t search_process_keyrings(struct key_type *type,
433 const void *description, 453 const void *description,
@@ -485,7 +505,7 @@ found:
485} 505}
486 506
487/* 507/*
488 * see if the key we're looking at is the target key 508 * See if the key we're looking at is the target key.
489 */ 509 */
490int lookup_user_key_possessed(const struct key *key, const void *target) 510int lookup_user_key_possessed(const struct key *key, const void *target)
491{ 511{
@@ -493,9 +513,22 @@ int lookup_user_key_possessed(const struct key *key, const void *target)
493} 513}
494 514
495/* 515/*
496 * lookup a key given a key ID from userspace with a given permissions mask 516 * Look up a key ID given us by userspace with a given permissions mask to get
497 * - don't create special keyrings unless so requested 517 * the key it refers to.
498 * - partially constructed keys aren't found unless requested 518 *
519 * Flags can be passed to request that special keyrings be created if referred
520 * to directly, to permit partially constructed keys to be found and to skip
521 * validity and permission checks on the found key.
522 *
523 * Returns a pointer to the key with an incremented usage count if successful;
524 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
525 * to a key or the best found key was a negative key; -EKEYREVOKED or
526 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
527 * found key doesn't grant the requested permit or the LSM denied access to it;
528 * or -ENOMEM if a special keyring couldn't be created.
529 *
530 * In the case of a successful return, the possession attribute is set on the
531 * returned key reference.
499 */ 532 */
500key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 533key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
501 key_perm_t perm) 534 key_perm_t perm)
@@ -703,10 +736,15 @@ reget_creds:
703} 736}
704 737
705/* 738/*
706 * join the named keyring as the session keyring if possible, or attempt to 739 * Join the named keyring as the session keyring if possible else attempt to
707 * create a new one of that name if not 740 * create a new one of that name and join that.
708 * - if the name is NULL, an empty anonymous keyring is installed instead 741 *
709 * - named session keyring joining is done with a semaphore held 742 * If the name is NULL, an empty anonymous keyring will be installed as the
743 * session keyring.
744 *
745 * Named session keyrings are joined with a semaphore held to prevent the
746 * keyrings from going away whilst the attempt is made to going them and also
747 * to prevent a race in creating compatible session keyrings.
710 */ 748 */
711long join_session_keyring(const char *name) 749long join_session_keyring(const char *name)
712{ 750{
@@ -778,8 +816,8 @@ error:
778} 816}
779 817
780/* 818/*
781 * Replace a process's session keyring when that process resumes userspace on 819 * Replace a process's session keyring on behalf of one of its children when
782 * behalf of one of its children 820 * the target process is about to resume userspace execution.
783 */ 821 */
784void key_replace_session_keyring(void) 822void key_replace_session_keyring(void)
785{ 823{
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index 0ea52d25a6bd..9a7fb3914b27 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -39,8 +39,14 @@ static int key_wait_bit_intr(void *flags)
39 return signal_pending(current) ? -ERESTARTSYS : 0; 39 return signal_pending(current) ? -ERESTARTSYS : 0;
40} 40}
41 41
42/* 42/**
43 * call to complete the construction of a key 43 * complete_request_key - Complete the construction of a key.
44 * @cons: The key construction record.
45 * @error: The success or failute of the construction.
46 *
47 * Complete the attempt to construct a key. The key will be negated
48 * if an error is indicated. The authorisation key will be revoked
49 * unconditionally.
44 */ 50 */
45void complete_request_key(struct key_construction *cons, int error) 51void complete_request_key(struct key_construction *cons, int error)
46{ 52{
@@ -58,23 +64,33 @@ void complete_request_key(struct key_construction *cons, int error)
58} 64}
59EXPORT_SYMBOL(complete_request_key); 65EXPORT_SYMBOL(complete_request_key);
60 66
67/*
68 * Initialise a usermode helper that is going to have a specific session
69 * keyring.
70 *
71 * This is called in context of freshly forked kthread before kernel_execve(),
72 * so we can simply install the desired session_keyring at this point.
73 */
61static int umh_keys_init(struct subprocess_info *info) 74static int umh_keys_init(struct subprocess_info *info)
62{ 75{
63 struct cred *cred = (struct cred*)current_cred(); 76 struct cred *cred = (struct cred*)current_cred();
64 struct key *keyring = info->data; 77 struct key *keyring = info->data;
65 /* 78
66 * This is called in context of freshly forked kthread before
67 * kernel_execve(), we can just change our ->session_keyring.
68 */
69 return install_session_keyring_to_cred(cred, keyring); 79 return install_session_keyring_to_cred(cred, keyring);
70} 80}
71 81
82/*
83 * Clean up a usermode helper with session keyring.
84 */
72static void umh_keys_cleanup(struct subprocess_info *info) 85static void umh_keys_cleanup(struct subprocess_info *info)
73{ 86{
74 struct key *keyring = info->data; 87 struct key *keyring = info->data;
75 key_put(keyring); 88 key_put(keyring);
76} 89}
77 90
91/*
92 * Call a usermode helper with a specific session keyring.
93 */
78static int call_usermodehelper_keys(char *path, char **argv, char **envp, 94static int call_usermodehelper_keys(char *path, char **argv, char **envp,
79 struct key *session_keyring, enum umh_wait wait) 95 struct key *session_keyring, enum umh_wait wait)
80{ 96{
@@ -91,7 +107,7 @@ static int call_usermodehelper_keys(char *path, char **argv, char **envp,
91} 107}
92 108
93/* 109/*
94 * request userspace finish the construction of a key 110 * Request userspace finish the construction of a key
95 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" 111 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
96 */ 112 */
97static int call_sbin_request_key(struct key_construction *cons, 113static int call_sbin_request_key(struct key_construction *cons,
@@ -198,8 +214,9 @@ error_alloc:
198} 214}
199 215
200/* 216/*
201 * call out to userspace for key construction 217 * Call out to userspace for key construction.
202 * - we ignore program failure and go on key status instead 218 *
219 * Program failure is ignored in favour of key status.
203 */ 220 */
204static int construct_key(struct key *key, const void *callout_info, 221static int construct_key(struct key *key, const void *callout_info,
205 size_t callout_len, void *aux, 222 size_t callout_len, void *aux,
@@ -246,9 +263,10 @@ static int construct_key(struct key *key, const void *callout_info,
246} 263}
247 264
248/* 265/*
249 * get the appropriate destination keyring for the request 266 * Get the appropriate destination keyring for the request.
250 * - we return whatever keyring we select with an extra reference upon it which 267 *
251 * the caller must release 268 * The keyring selected is returned with an extra reference upon it which the
269 * caller must release.
252 */ 270 */
253static void construct_get_dest_keyring(struct key **_dest_keyring) 271static void construct_get_dest_keyring(struct key **_dest_keyring)
254{ 272{
@@ -321,9 +339,11 @@ static void construct_get_dest_keyring(struct key **_dest_keyring)
321} 339}
322 340
323/* 341/*
324 * allocate a new key in under-construction state and attempt to link it in to 342 * Allocate a new key in under-construction state and attempt to link it in to
325 * the requested place 343 * the requested keyring.
326 * - may return a key that's already under construction instead 344 *
345 * May return a key that's already under construction instead if there was a
346 * race between two thread calling request_key().
327 */ 347 */
328static int construct_alloc_key(struct key_type *type, 348static int construct_alloc_key(struct key_type *type,
329 const char *description, 349 const char *description,
@@ -414,7 +434,7 @@ alloc_failed:
414} 434}
415 435
416/* 436/*
417 * commence key construction 437 * Commence key construction.
418 */ 438 */
419static struct key *construct_key_and_link(struct key_type *type, 439static struct key *construct_key_and_link(struct key_type *type,
420 const char *description, 440 const char *description,
@@ -465,12 +485,32 @@ construction_failed:
465 return ERR_PTR(ret); 485 return ERR_PTR(ret);
466} 486}
467 487
468/* 488/**
469 * request a key 489 * request_key_and_link - Request a key and cache it in a keyring.
470 * - search the process's keyrings 490 * @type: The type of key we want.
471 * - check the list of keys being created or updated 491 * @description: The searchable description of the key.
472 * - call out to userspace for a key if supplementary info was provided 492 * @callout_info: The data to pass to the instantiation upcall (or NULL).
473 * - cache the key in an appropriate keyring 493 * @callout_len: The length of callout_info.
494 * @aux: Auxiliary data for the upcall.
495 * @dest_keyring: Where to cache the key.
496 * @flags: Flags to key_alloc().
497 *
498 * A key matching the specified criteria is searched for in the process's
499 * keyrings and returned with its usage count incremented if found. Otherwise,
500 * if callout_info is not NULL, a key will be allocated and some service
501 * (probably in userspace) will be asked to instantiate it.
502 *
503 * If successfully found or created, the key will be linked to the destination
504 * keyring if one is provided.
505 *
506 * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED
507 * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was
508 * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT
509 * if insufficient key quota was available to create a new key; or -ENOMEM if
510 * insufficient memory was available.
511 *
512 * If the returned key was created, then it may still be under construction,
513 * and wait_for_key_construction() should be used to wait for that to complete.
474 */ 514 */
475struct key *request_key_and_link(struct key_type *type, 515struct key *request_key_and_link(struct key_type *type,
476 const char *description, 516 const char *description,
@@ -524,8 +564,16 @@ error:
524 return key; 564 return key;
525} 565}
526 566
527/* 567/**
528 * wait for construction of a key to complete 568 * wait_for_key_construction - Wait for construction of a key to complete
569 * @key: The key being waited for.
570 * @intr: Whether to wait interruptibly.
571 *
572 * Wait for a key to finish being constructed.
573 *
574 * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY
575 * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was
576 * revoked or expired.
529 */ 577 */
530int wait_for_key_construction(struct key *key, bool intr) 578int wait_for_key_construction(struct key *key, bool intr)
531{ 579{
@@ -542,12 +590,19 @@ int wait_for_key_construction(struct key *key, bool intr)
542} 590}
543EXPORT_SYMBOL(wait_for_key_construction); 591EXPORT_SYMBOL(wait_for_key_construction);
544 592
545/* 593/**
546 * request a key 594 * request_key - Request a key and wait for construction
547 * - search the process's keyrings 595 * @type: Type of key.
548 * - check the list of keys being created or updated 596 * @description: The searchable description of the key.
549 * - call out to userspace for a key if supplementary info was provided 597 * @callout_info: The data to pass to the instantiation upcall (or NULL).
550 * - waits uninterruptible for creation to complete 598 *
599 * As for request_key_and_link() except that it does not add the returned key
600 * to a keyring if found, new keys are always allocated in the user's quota,
601 * the callout_info must be a NUL-terminated string and no auxiliary data can
602 * be passed.
603 *
604 * Furthermore, it then works as wait_for_key_construction() to wait for the
605 * completion of keys undergoing construction with a non-interruptible wait.
551 */ 606 */
552struct key *request_key(struct key_type *type, 607struct key *request_key(struct key_type *type,
553 const char *description, 608 const char *description,
@@ -572,12 +627,19 @@ struct key *request_key(struct key_type *type,
572} 627}
573EXPORT_SYMBOL(request_key); 628EXPORT_SYMBOL(request_key);
574 629
575/* 630/**
576 * request a key with auxiliary data for the upcaller 631 * request_key_with_auxdata - Request a key with auxiliary data for the upcaller
577 * - search the process's keyrings 632 * @type: The type of key we want.
578 * - check the list of keys being created or updated 633 * @description: The searchable description of the key.
579 * - call out to userspace for a key if supplementary info was provided 634 * @callout_info: The data to pass to the instantiation upcall (or NULL).
580 * - waits uninterruptible for creation to complete 635 * @callout_len: The length of callout_info.
636 * @aux: Auxiliary data for the upcall.
637 *
638 * As for request_key_and_link() except that it does not add the returned key
639 * to a keyring if found and new keys are always allocated in the user's quota.
640 *
641 * Furthermore, it then works as wait_for_key_construction() to wait for the
642 * completion of keys undergoing construction with a non-interruptible wait.
581 */ 643 */
582struct key *request_key_with_auxdata(struct key_type *type, 644struct key *request_key_with_auxdata(struct key_type *type,
583 const char *description, 645 const char *description,
@@ -602,10 +664,18 @@ struct key *request_key_with_auxdata(struct key_type *type,
602EXPORT_SYMBOL(request_key_with_auxdata); 664EXPORT_SYMBOL(request_key_with_auxdata);
603 665
604/* 666/*
605 * request a key (allow async construction) 667 * request_key_async - Request a key (allow async construction)
606 * - search the process's keyrings 668 * @type: Type of key.
607 * - check the list of keys being created or updated 669 * @description: The searchable description of the key.
608 * - call out to userspace for a key if supplementary info was provided 670 * @callout_info: The data to pass to the instantiation upcall (or NULL).
671 * @callout_len: The length of callout_info.
672 *
673 * As for request_key_and_link() except that it does not add the returned key
674 * to a keyring if found, new keys are always allocated in the user's quota and
675 * no auxiliary data can be passed.
676 *
677 * The caller should call wait_for_key_construction() to wait for the
678 * completion of the returned key if it is still undergoing construction.
609 */ 679 */
610struct key *request_key_async(struct key_type *type, 680struct key *request_key_async(struct key_type *type,
611 const char *description, 681 const char *description,
@@ -620,9 +690,17 @@ EXPORT_SYMBOL(request_key_async);
620 690
621/* 691/*
622 * request a key with auxiliary data for the upcaller (allow async construction) 692 * request a key with auxiliary data for the upcaller (allow async construction)
623 * - search the process's keyrings 693 * @type: Type of key.
624 * - check the list of keys being created or updated 694 * @description: The searchable description of the key.
625 * - call out to userspace for a key if supplementary info was provided 695 * @callout_info: The data to pass to the instantiation upcall (or NULL).
696 * @callout_len: The length of callout_info.
697 * @aux: Auxiliary data for the upcall.
698 *
699 * As for request_key_and_link() except that it does not add the returned key
700 * to a keyring if found and new keys are always allocated in the user's quota.
701 *
702 * The caller should call wait_for_key_construction() to wait for the
703 * completion of the returned key if it is still undergoing construction.
626 */ 704 */
627struct key *request_key_async_with_auxdata(struct key_type *type, 705struct key *request_key_async_with_auxdata(struct key_type *type,
628 const char *description, 706 const char *description,
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index ba717b8163ab..68164031a74e 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -1,4 +1,4 @@
1/* request_key_auth.c: request key authorisation controlling key def 1/* Request key authorisation token key definition.
2 * 2 *
3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. 3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com) 4 * Written by David Howells (dhowells@redhat.com)
@@ -26,7 +26,7 @@ static void request_key_auth_destroy(struct key *);
26static long request_key_auth_read(const struct key *, char __user *, size_t); 26static long request_key_auth_read(const struct key *, char __user *, size_t);
27 27
28/* 28/*
29 * the request-key authorisation key type definition 29 * The request-key authorisation key type definition.
30 */ 30 */
31struct key_type key_type_request_key_auth = { 31struct key_type key_type_request_key_auth = {
32 .name = ".request_key_auth", 32 .name = ".request_key_auth",
@@ -39,7 +39,7 @@ struct key_type key_type_request_key_auth = {
39}; 39};
40 40
41/* 41/*
42 * instantiate a request-key authorisation key 42 * Instantiate a request-key authorisation key.
43 */ 43 */
44static int request_key_auth_instantiate(struct key *key, 44static int request_key_auth_instantiate(struct key *key,
45 const void *data, 45 const void *data,
@@ -50,7 +50,7 @@ static int request_key_auth_instantiate(struct key *key,
50} 50}
51 51
52/* 52/*
53 * reading a request-key authorisation key retrieves the callout information 53 * Describe an authorisation token.
54 */ 54 */
55static void request_key_auth_describe(const struct key *key, 55static void request_key_auth_describe(const struct key *key,
56 struct seq_file *m) 56 struct seq_file *m)
@@ -63,7 +63,7 @@ static void request_key_auth_describe(const struct key *key,
63} 63}
64 64
65/* 65/*
66 * read the callout_info data 66 * Read the callout_info data (retrieves the callout information).
67 * - the key's semaphore is read-locked 67 * - the key's semaphore is read-locked
68 */ 68 */
69static long request_key_auth_read(const struct key *key, 69static long request_key_auth_read(const struct key *key,
@@ -89,8 +89,9 @@ static long request_key_auth_read(const struct key *key,
89} 89}
90 90
91/* 91/*
92 * handle revocation of an authorisation token key 92 * Handle revocation of an authorisation token key.
93 * - called with the key sem write-locked 93 *
94 * Called with the key sem write-locked.
94 */ 95 */
95static void request_key_auth_revoke(struct key *key) 96static void request_key_auth_revoke(struct key *key)
96{ 97{
@@ -105,7 +106,7 @@ static void request_key_auth_revoke(struct key *key)
105} 106}
106 107
107/* 108/*
108 * destroy an instantiation authorisation token key 109 * Destroy an instantiation authorisation token key.
109 */ 110 */
110static void request_key_auth_destroy(struct key *key) 111static void request_key_auth_destroy(struct key *key)
111{ 112{
@@ -125,8 +126,8 @@ static void request_key_auth_destroy(struct key *key)
125} 126}
126 127
127/* 128/*
128 * create an authorisation token for /sbin/request-key or whoever to gain 129 * Create an authorisation token for /sbin/request-key or whoever to gain
129 * access to the caller's security data 130 * access to the caller's security data.
130 */ 131 */
131struct key *request_key_auth_new(struct key *target, const void *callout_info, 132struct key *request_key_auth_new(struct key *target, const void *callout_info,
132 size_t callout_len, struct key *dest_keyring) 133 size_t callout_len, struct key *dest_keyring)
@@ -220,7 +221,7 @@ error_alloc:
220} 221}
221 222
222/* 223/*
223 * see if an authorisation key is associated with a particular key 224 * See if an authorisation key is associated with a particular key.
224 */ 225 */
225static int key_get_instantiation_authkey_match(const struct key *key, 226static int key_get_instantiation_authkey_match(const struct key *key,
226 const void *_id) 227 const void *_id)
@@ -232,11 +233,8 @@ static int key_get_instantiation_authkey_match(const struct key *key,
232} 233}
233 234
234/* 235/*
235 * get the authorisation key for instantiation of a specific key if attached to 236 * Search the current process's keyrings for the authorisation key for
236 * the current process's keyrings 237 * instantiation of a key.
237 * - this key is inserted into a keyring and that is set as /sbin/request-key's
238 * session keyring
239 * - a target_id of zero specifies any valid token
240 */ 238 */
241struct key *key_get_instantiation_authkey(key_serial_t target_id) 239struct key *key_get_instantiation_authkey(key_serial_t target_id)
242{ 240{