diff options
Diffstat (limited to 'security/keys/user_defined.c')
-rw-r--r-- | security/keys/user_defined.c | 191 |
1 files changed, 191 insertions, 0 deletions
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c new file mode 100644 index 000000000000..8d65b3a28129 --- /dev/null +++ b/security/keys/user_defined.c | |||
@@ -0,0 +1,191 @@ | |||
1 | /* user_defined.c: user defined key type | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/seq_file.h> | ||
17 | #include <linux/err.h> | ||
18 | #include <asm/uaccess.h> | ||
19 | #include "internal.h" | ||
20 | |||
21 | static int user_instantiate(struct key *key, const void *data, size_t datalen); | ||
22 | static int user_duplicate(struct key *key, const struct key *source); | ||
23 | static int user_update(struct key *key, const void *data, size_t datalen); | ||
24 | static int user_match(const struct key *key, const void *criterion); | ||
25 | static void user_destroy(struct key *key); | ||
26 | static void user_describe(const struct key *user, struct seq_file *m); | ||
27 | static long user_read(const struct key *key, | ||
28 | char __user *buffer, size_t buflen); | ||
29 | |||
30 | /* | ||
31 | * user defined keys take an arbitrary string as the description and an | ||
32 | * arbitrary blob of data as the payload | ||
33 | */ | ||
34 | struct key_type key_type_user = { | ||
35 | .name = "user", | ||
36 | .instantiate = user_instantiate, | ||
37 | .duplicate = user_duplicate, | ||
38 | .update = user_update, | ||
39 | .match = user_match, | ||
40 | .destroy = user_destroy, | ||
41 | .describe = user_describe, | ||
42 | .read = user_read, | ||
43 | }; | ||
44 | |||
45 | /*****************************************************************************/ | ||
46 | /* | ||
47 | * instantiate a user defined key | ||
48 | */ | ||
49 | static int user_instantiate(struct key *key, const void *data, size_t datalen) | ||
50 | { | ||
51 | int ret; | ||
52 | |||
53 | ret = -EINVAL; | ||
54 | if (datalen <= 0 || datalen > 32767 || !data) | ||
55 | goto error; | ||
56 | |||
57 | ret = key_payload_reserve(key, datalen); | ||
58 | if (ret < 0) | ||
59 | goto error; | ||
60 | |||
61 | /* attach the data */ | ||
62 | ret = -ENOMEM; | ||
63 | key->payload.data = kmalloc(datalen, GFP_KERNEL); | ||
64 | if (!key->payload.data) | ||
65 | goto error; | ||
66 | |||
67 | memcpy(key->payload.data, data, datalen); | ||
68 | ret = 0; | ||
69 | |||
70 | error: | ||
71 | return ret; | ||
72 | |||
73 | } /* end user_instantiate() */ | ||
74 | |||
75 | /*****************************************************************************/ | ||
76 | /* | ||
77 | * duplicate a user defined key | ||
78 | */ | ||
79 | static int user_duplicate(struct key *key, const struct key *source) | ||
80 | { | ||
81 | int ret; | ||
82 | |||
83 | /* just copy the payload */ | ||
84 | ret = -ENOMEM; | ||
85 | key->payload.data = kmalloc(source->datalen, GFP_KERNEL); | ||
86 | |||
87 | if (key->payload.data) { | ||
88 | key->datalen = source->datalen; | ||
89 | memcpy(key->payload.data, source->payload.data, source->datalen); | ||
90 | ret = 0; | ||
91 | } | ||
92 | |||
93 | return ret; | ||
94 | |||
95 | } /* end user_duplicate() */ | ||
96 | |||
97 | /*****************************************************************************/ | ||
98 | /* | ||
99 | * update a user defined key | ||
100 | */ | ||
101 | static int user_update(struct key *key, const void *data, size_t datalen) | ||
102 | { | ||
103 | void *new, *zap; | ||
104 | int ret; | ||
105 | |||
106 | ret = -EINVAL; | ||
107 | if (datalen <= 0 || datalen > 32767 || !data) | ||
108 | goto error; | ||
109 | |||
110 | /* copy the data */ | ||
111 | ret = -ENOMEM; | ||
112 | new = kmalloc(datalen, GFP_KERNEL); | ||
113 | if (!new) | ||
114 | goto error; | ||
115 | |||
116 | memcpy(new, data, datalen); | ||
117 | |||
118 | /* check the quota and attach the new data */ | ||
119 | zap = new; | ||
120 | write_lock(&key->lock); | ||
121 | |||
122 | ret = key_payload_reserve(key, datalen); | ||
123 | |||
124 | if (ret == 0) { | ||
125 | /* attach the new data, displacing the old */ | ||
126 | zap = key->payload.data; | ||
127 | key->payload.data = new; | ||
128 | key->expiry = 0; | ||
129 | } | ||
130 | |||
131 | write_unlock(&key->lock); | ||
132 | kfree(zap); | ||
133 | |||
134 | error: | ||
135 | return ret; | ||
136 | |||
137 | } /* end user_update() */ | ||
138 | |||
139 | /*****************************************************************************/ | ||
140 | /* | ||
141 | * match users on their name | ||
142 | */ | ||
143 | static int user_match(const struct key *key, const void *description) | ||
144 | { | ||
145 | return strcmp(key->description, description) == 0; | ||
146 | |||
147 | } /* end user_match() */ | ||
148 | |||
149 | /*****************************************************************************/ | ||
150 | /* | ||
151 | * dispose of the data dangling from the corpse of a user | ||
152 | */ | ||
153 | static void user_destroy(struct key *key) | ||
154 | { | ||
155 | kfree(key->payload.data); | ||
156 | |||
157 | } /* end user_destroy() */ | ||
158 | |||
159 | /*****************************************************************************/ | ||
160 | /* | ||
161 | * describe the user | ||
162 | */ | ||
163 | static void user_describe(const struct key *key, struct seq_file *m) | ||
164 | { | ||
165 | seq_puts(m, key->description); | ||
166 | |||
167 | seq_printf(m, ": %u", key->datalen); | ||
168 | |||
169 | } /* end user_describe() */ | ||
170 | |||
171 | /*****************************************************************************/ | ||
172 | /* | ||
173 | * read the key data | ||
174 | */ | ||
175 | static long user_read(const struct key *key, | ||
176 | char __user *buffer, size_t buflen) | ||
177 | { | ||
178 | long ret = key->datalen; | ||
179 | |||
180 | /* we can return the data as is */ | ||
181 | if (buffer && buflen > 0) { | ||
182 | if (buflen > key->datalen) | ||
183 | buflen = key->datalen; | ||
184 | |||
185 | if (copy_to_user(buffer, key->payload.data, buflen) != 0) | ||
186 | ret = -EFAULT; | ||
187 | } | ||
188 | |||
189 | return ret; | ||
190 | |||
191 | } /* end user_read() */ | ||