diff options
Diffstat (limited to 'security/keys')
-rw-r--r-- | security/keys/Makefile | 14 | ||||
-rw-r--r-- | security/keys/compat.c | 78 | ||||
-rw-r--r-- | security/keys/internal.h | 123 | ||||
-rw-r--r-- | security/keys/key.c | 1040 | ||||
-rw-r--r-- | security/keys/keyctl.c | 987 | ||||
-rw-r--r-- | security/keys/keyring.c | 895 | ||||
-rw-r--r-- | security/keys/proc.c | 251 | ||||
-rw-r--r-- | security/keys/process_keys.c | 665 | ||||
-rw-r--r-- | security/keys/request_key.c | 359 | ||||
-rw-r--r-- | security/keys/user_defined.c | 191 |
10 files changed, 4603 insertions, 0 deletions
diff --git a/security/keys/Makefile b/security/keys/Makefile new file mode 100644 index 000000000000..ddb495d65062 --- /dev/null +++ b/security/keys/Makefile | |||
@@ -0,0 +1,14 @@ | |||
1 | # | ||
2 | # Makefile for key management | ||
3 | # | ||
4 | |||
5 | obj-y := \ | ||
6 | key.o \ | ||
7 | keyring.o \ | ||
8 | keyctl.o \ | ||
9 | process_keys.o \ | ||
10 | user_defined.o \ | ||
11 | request_key.o | ||
12 | |||
13 | obj-$(CONFIG_KEYS_COMPAT) += compat.o | ||
14 | obj-$(CONFIG_PROC_FS) += proc.o | ||
diff --git a/security/keys/compat.c b/security/keys/compat.c new file mode 100644 index 000000000000..aff8b22dcb5c --- /dev/null +++ b/security/keys/compat.c | |||
@@ -0,0 +1,78 @@ | |||
1 | /* compat.c: 32-bit compatibility syscall for 64-bit systems | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/sched.h> | ||
13 | #include <linux/syscalls.h> | ||
14 | #include <linux/keyctl.h> | ||
15 | #include <linux/compat.h> | ||
16 | #include "internal.h" | ||
17 | |||
18 | /*****************************************************************************/ | ||
19 | /* | ||
20 | * the key control system call, 32-bit compatibility version for 64-bit archs | ||
21 | * - this should only be called if the 64-bit arch uses weird pointers in | ||
22 | * 32-bit mode or doesn't guarantee that the top 32-bits of the argument | ||
23 | * registers on taking a 32-bit syscall are zero | ||
24 | * - if you can, you should call sys_keyctl directly | ||
25 | */ | ||
26 | asmlinkage long compat_sys_keyctl(u32 option, | ||
27 | u32 arg2, u32 arg3, u32 arg4, u32 arg5) | ||
28 | { | ||
29 | switch (option) { | ||
30 | case KEYCTL_GET_KEYRING_ID: | ||
31 | return keyctl_get_keyring_ID(arg2, arg3); | ||
32 | |||
33 | case KEYCTL_JOIN_SESSION_KEYRING: | ||
34 | return keyctl_join_session_keyring(compat_ptr(arg2)); | ||
35 | |||
36 | case KEYCTL_UPDATE: | ||
37 | return keyctl_update_key(arg2, compat_ptr(arg3), arg4); | ||
38 | |||
39 | case KEYCTL_REVOKE: | ||
40 | return keyctl_revoke_key(arg2); | ||
41 | |||
42 | case KEYCTL_DESCRIBE: | ||
43 | return keyctl_describe_key(arg2, compat_ptr(arg3), arg4); | ||
44 | |||
45 | case KEYCTL_CLEAR: | ||
46 | return keyctl_keyring_clear(arg2); | ||
47 | |||
48 | case KEYCTL_LINK: | ||
49 | return keyctl_keyring_link(arg2, arg3); | ||
50 | |||
51 | case KEYCTL_UNLINK: | ||
52 | return keyctl_keyring_unlink(arg2, arg3); | ||
53 | |||
54 | case KEYCTL_SEARCH: | ||
55 | return keyctl_keyring_search(arg2, compat_ptr(arg3), | ||
56 | compat_ptr(arg4), arg5); | ||
57 | |||
58 | case KEYCTL_READ: | ||
59 | return keyctl_read_key(arg2, compat_ptr(arg3), arg4); | ||
60 | |||
61 | case KEYCTL_CHOWN: | ||
62 | return keyctl_chown_key(arg2, arg3, arg4); | ||
63 | |||
64 | case KEYCTL_SETPERM: | ||
65 | return keyctl_setperm_key(arg2, arg3); | ||
66 | |||
67 | case KEYCTL_INSTANTIATE: | ||
68 | return keyctl_instantiate_key(arg2, compat_ptr(arg3), arg4, | ||
69 | arg5); | ||
70 | |||
71 | case KEYCTL_NEGATE: | ||
72 | return keyctl_negate_key(arg2, arg3, arg4); | ||
73 | |||
74 | default: | ||
75 | return -EOPNOTSUPP; | ||
76 | } | ||
77 | |||
78 | } /* end compat_sys_keyctl() */ | ||
diff --git a/security/keys/internal.h b/security/keys/internal.h new file mode 100644 index 000000000000..67b2b93a7489 --- /dev/null +++ b/security/keys/internal.h | |||
@@ -0,0 +1,123 @@ | |||
1 | /* internal.h: authentication token and access key management internal defs | ||
2 | * | ||
3 | * Copyright (C) 2003 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #ifndef _INTERNAL_H | ||
13 | #define _INTERNAL_H | ||
14 | |||
15 | #include <linux/key.h> | ||
16 | #include <linux/key-ui.h> | ||
17 | |||
18 | extern struct key_type key_type_dead; | ||
19 | extern struct key_type key_type_user; | ||
20 | |||
21 | /*****************************************************************************/ | ||
22 | /* | ||
23 | * keep track of keys for a user | ||
24 | * - this needs to be separate to user_struct to avoid a refcount-loop | ||
25 | * (user_struct pins some keyrings which pin this struct) | ||
26 | * - this also keeps track of keys under request from userspace for this UID | ||
27 | */ | ||
28 | struct key_user { | ||
29 | struct rb_node node; | ||
30 | struct list_head consq; /* construction queue */ | ||
31 | spinlock_t lock; | ||
32 | atomic_t usage; /* for accessing qnkeys & qnbytes */ | ||
33 | atomic_t nkeys; /* number of keys */ | ||
34 | atomic_t nikeys; /* number of instantiated keys */ | ||
35 | uid_t uid; | ||
36 | int qnkeys; /* number of keys allocated to this user */ | ||
37 | int qnbytes; /* number of bytes allocated to this user */ | ||
38 | }; | ||
39 | |||
40 | #define KEYQUOTA_MAX_KEYS 100 | ||
41 | #define KEYQUOTA_MAX_BYTES 10000 | ||
42 | #define KEYQUOTA_LINK_BYTES 4 /* a link in a keyring is worth 4 bytes */ | ||
43 | |||
44 | extern struct rb_root key_user_tree; | ||
45 | extern spinlock_t key_user_lock; | ||
46 | extern struct key_user root_key_user; | ||
47 | |||
48 | extern struct key_user *key_user_lookup(uid_t uid); | ||
49 | extern void key_user_put(struct key_user *user); | ||
50 | |||
51 | |||
52 | |||
53 | extern struct rb_root key_serial_tree; | ||
54 | extern spinlock_t key_serial_lock; | ||
55 | extern struct semaphore key_alloc_sem; | ||
56 | extern struct rw_semaphore key_construction_sem; | ||
57 | extern wait_queue_head_t request_key_conswq; | ||
58 | |||
59 | |||
60 | extern void keyring_publish_name(struct key *keyring); | ||
61 | |||
62 | extern int __key_link(struct key *keyring, struct key *key); | ||
63 | |||
64 | extern struct key *__keyring_search_one(struct key *keyring, | ||
65 | const struct key_type *type, | ||
66 | const char *description, | ||
67 | key_perm_t perm); | ||
68 | |||
69 | typedef int (*key_match_func_t)(const struct key *, const void *); | ||
70 | |||
71 | extern struct key *keyring_search_aux(struct key *keyring, | ||
72 | struct key_type *type, | ||
73 | const void *description, | ||
74 | key_match_func_t match); | ||
75 | |||
76 | extern struct key *search_process_keyrings_aux(struct key_type *type, | ||
77 | const void *description, | ||
78 | key_match_func_t match); | ||
79 | |||
80 | extern struct key *find_keyring_by_name(const char *name, key_serial_t bound); | ||
81 | |||
82 | extern int install_thread_keyring(struct task_struct *tsk); | ||
83 | |||
84 | /* | ||
85 | * keyctl functions | ||
86 | */ | ||
87 | extern long keyctl_get_keyring_ID(key_serial_t, int); | ||
88 | extern long keyctl_join_session_keyring(const char __user *); | ||
89 | extern long keyctl_update_key(key_serial_t, const void __user *, size_t); | ||
90 | extern long keyctl_revoke_key(key_serial_t); | ||
91 | extern long keyctl_keyring_clear(key_serial_t); | ||
92 | extern long keyctl_keyring_link(key_serial_t, key_serial_t); | ||
93 | extern long keyctl_keyring_unlink(key_serial_t, key_serial_t); | ||
94 | extern long keyctl_describe_key(key_serial_t, char __user *, size_t); | ||
95 | extern long keyctl_keyring_search(key_serial_t, const char __user *, | ||
96 | const char __user *, key_serial_t); | ||
97 | extern long keyctl_read_key(key_serial_t, char __user *, size_t); | ||
98 | extern long keyctl_chown_key(key_serial_t, uid_t, gid_t); | ||
99 | extern long keyctl_setperm_key(key_serial_t, key_perm_t); | ||
100 | extern long keyctl_instantiate_key(key_serial_t, const void __user *, | ||
101 | size_t, key_serial_t); | ||
102 | extern long keyctl_negate_key(key_serial_t, unsigned, key_serial_t); | ||
103 | |||
104 | |||
105 | /* | ||
106 | * debugging key validation | ||
107 | */ | ||
108 | #ifdef KEY_DEBUGGING | ||
109 | extern void __key_check(const struct key *); | ||
110 | |||
111 | static inline void key_check(const struct key *key) | ||
112 | { | ||
113 | if (key && (IS_ERR(key) || key->magic != KEY_DEBUG_MAGIC)) | ||
114 | __key_check(key); | ||
115 | } | ||
116 | |||
117 | #else | ||
118 | |||
119 | #define key_check(key) do {} while(0) | ||
120 | |||
121 | #endif | ||
122 | |||
123 | #endif /* _INTERNAL_H */ | ||
diff --git a/security/keys/key.c b/security/keys/key.c new file mode 100644 index 000000000000..59402c843203 --- /dev/null +++ b/security/keys/key.c | |||
@@ -0,0 +1,1040 @@ | |||
1 | /* key.c: basic authentication token and access key management | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/workqueue.h> | ||
17 | #include <linux/err.h> | ||
18 | #include "internal.h" | ||
19 | |||
20 | static kmem_cache_t *key_jar; | ||
21 | static key_serial_t key_serial_next = 3; | ||
22 | struct rb_root key_serial_tree; /* tree of keys indexed by serial */ | ||
23 | DEFINE_SPINLOCK(key_serial_lock); | ||
24 | |||
25 | struct rb_root key_user_tree; /* tree of quota records indexed by UID */ | ||
26 | DEFINE_SPINLOCK(key_user_lock); | ||
27 | |||
28 | static LIST_HEAD(key_types_list); | ||
29 | static DECLARE_RWSEM(key_types_sem); | ||
30 | |||
31 | static void key_cleanup(void *data); | ||
32 | static DECLARE_WORK(key_cleanup_task, key_cleanup, NULL); | ||
33 | |||
34 | /* we serialise key instantiation and link */ | ||
35 | DECLARE_RWSEM(key_construction_sem); | ||
36 | |||
37 | /* any key who's type gets unegistered will be re-typed to this */ | ||
38 | struct key_type key_type_dead = { | ||
39 | .name = "dead", | ||
40 | }; | ||
41 | |||
42 | #ifdef KEY_DEBUGGING | ||
43 | void __key_check(const struct key *key) | ||
44 | { | ||
45 | printk("__key_check: key %p {%08x} should be {%08x}\n", | ||
46 | key, key->magic, KEY_DEBUG_MAGIC); | ||
47 | BUG(); | ||
48 | } | ||
49 | #endif | ||
50 | |||
51 | /*****************************************************************************/ | ||
52 | /* | ||
53 | * get the key quota record for a user, allocating a new record if one doesn't | ||
54 | * already exist | ||
55 | */ | ||
56 | struct key_user *key_user_lookup(uid_t uid) | ||
57 | { | ||
58 | struct key_user *candidate = NULL, *user; | ||
59 | struct rb_node *parent = NULL; | ||
60 | struct rb_node **p; | ||
61 | |||
62 | try_again: | ||
63 | p = &key_user_tree.rb_node; | ||
64 | spin_lock(&key_user_lock); | ||
65 | |||
66 | /* search the tree for a user record with a matching UID */ | ||
67 | while (*p) { | ||
68 | parent = *p; | ||
69 | user = rb_entry(parent, struct key_user, node); | ||
70 | |||
71 | if (uid < user->uid) | ||
72 | p = &(*p)->rb_left; | ||
73 | else if (uid > user->uid) | ||
74 | p = &(*p)->rb_right; | ||
75 | else | ||
76 | goto found; | ||
77 | } | ||
78 | |||
79 | /* if we get here, we failed to find a match in the tree */ | ||
80 | if (!candidate) { | ||
81 | /* allocate a candidate user record if we don't already have | ||
82 | * one */ | ||
83 | spin_unlock(&key_user_lock); | ||
84 | |||
85 | user = NULL; | ||
86 | candidate = kmalloc(sizeof(struct key_user), GFP_KERNEL); | ||
87 | if (unlikely(!candidate)) | ||
88 | goto out; | ||
89 | |||
90 | /* the allocation may have scheduled, so we need to repeat the | ||
91 | * search lest someone else added the record whilst we were | ||
92 | * asleep */ | ||
93 | goto try_again; | ||
94 | } | ||
95 | |||
96 | /* if we get here, then the user record still hadn't appeared on the | ||
97 | * second pass - so we use the candidate record */ | ||
98 | atomic_set(&candidate->usage, 1); | ||
99 | atomic_set(&candidate->nkeys, 0); | ||
100 | atomic_set(&candidate->nikeys, 0); | ||
101 | candidate->uid = uid; | ||
102 | candidate->qnkeys = 0; | ||
103 | candidate->qnbytes = 0; | ||
104 | spin_lock_init(&candidate->lock); | ||
105 | INIT_LIST_HEAD(&candidate->consq); | ||
106 | |||
107 | rb_link_node(&candidate->node, parent, p); | ||
108 | rb_insert_color(&candidate->node, &key_user_tree); | ||
109 | spin_unlock(&key_user_lock); | ||
110 | user = candidate; | ||
111 | goto out; | ||
112 | |||
113 | /* okay - we found a user record for this UID */ | ||
114 | found: | ||
115 | atomic_inc(&user->usage); | ||
116 | spin_unlock(&key_user_lock); | ||
117 | if (candidate) | ||
118 | kfree(candidate); | ||
119 | out: | ||
120 | return user; | ||
121 | |||
122 | } /* end key_user_lookup() */ | ||
123 | |||
124 | /*****************************************************************************/ | ||
125 | /* | ||
126 | * dispose of a user structure | ||
127 | */ | ||
128 | void key_user_put(struct key_user *user) | ||
129 | { | ||
130 | if (atomic_dec_and_lock(&user->usage, &key_user_lock)) { | ||
131 | rb_erase(&user->node, &key_user_tree); | ||
132 | spin_unlock(&key_user_lock); | ||
133 | |||
134 | kfree(user); | ||
135 | } | ||
136 | |||
137 | } /* end key_user_put() */ | ||
138 | |||
139 | /*****************************************************************************/ | ||
140 | /* | ||
141 | * insert a key with a fixed serial number | ||
142 | */ | ||
143 | static void __init __key_insert_serial(struct key *key) | ||
144 | { | ||
145 | struct rb_node *parent, **p; | ||
146 | struct key *xkey; | ||
147 | |||
148 | parent = NULL; | ||
149 | p = &key_serial_tree.rb_node; | ||
150 | |||
151 | while (*p) { | ||
152 | parent = *p; | ||
153 | xkey = rb_entry(parent, struct key, serial_node); | ||
154 | |||
155 | if (key->serial < xkey->serial) | ||
156 | p = &(*p)->rb_left; | ||
157 | else if (key->serial > xkey->serial) | ||
158 | p = &(*p)->rb_right; | ||
159 | else | ||
160 | BUG(); | ||
161 | } | ||
162 | |||
163 | /* we've found a suitable hole - arrange for this key to occupy it */ | ||
164 | rb_link_node(&key->serial_node, parent, p); | ||
165 | rb_insert_color(&key->serial_node, &key_serial_tree); | ||
166 | |||
167 | } /* end __key_insert_serial() */ | ||
168 | |||
169 | /*****************************************************************************/ | ||
170 | /* | ||
171 | * assign a key the next unique serial number | ||
172 | * - we work through all the serial numbers between 2 and 2^31-1 in turn and | ||
173 | * then wrap | ||
174 | */ | ||
175 | static inline void key_alloc_serial(struct key *key) | ||
176 | { | ||
177 | struct rb_node *parent, **p; | ||
178 | struct key *xkey; | ||
179 | |||
180 | spin_lock(&key_serial_lock); | ||
181 | |||
182 | /* propose a likely serial number and look for a hole for it in the | ||
183 | * serial number tree */ | ||
184 | key->serial = key_serial_next; | ||
185 | if (key->serial < 3) | ||
186 | key->serial = 3; | ||
187 | key_serial_next = key->serial + 1; | ||
188 | |||
189 | parent = NULL; | ||
190 | p = &key_serial_tree.rb_node; | ||
191 | |||
192 | while (*p) { | ||
193 | parent = *p; | ||
194 | xkey = rb_entry(parent, struct key, serial_node); | ||
195 | |||
196 | if (key->serial < xkey->serial) | ||
197 | p = &(*p)->rb_left; | ||
198 | else if (key->serial > xkey->serial) | ||
199 | p = &(*p)->rb_right; | ||
200 | else | ||
201 | goto serial_exists; | ||
202 | } | ||
203 | goto insert_here; | ||
204 | |||
205 | /* we found a key with the proposed serial number - walk the tree from | ||
206 | * that point looking for the next unused serial number */ | ||
207 | serial_exists: | ||
208 | for (;;) { | ||
209 | key->serial = key_serial_next; | ||
210 | if (key->serial < 2) | ||
211 | key->serial = 2; | ||
212 | key_serial_next = key->serial + 1; | ||
213 | |||
214 | if (!parent->rb_parent) | ||
215 | p = &key_serial_tree.rb_node; | ||
216 | else if (parent->rb_parent->rb_left == parent) | ||
217 | p = &parent->rb_parent->rb_left; | ||
218 | else | ||
219 | p = &parent->rb_parent->rb_right; | ||
220 | |||
221 | parent = rb_next(parent); | ||
222 | if (!parent) | ||
223 | break; | ||
224 | |||
225 | xkey = rb_entry(parent, struct key, serial_node); | ||
226 | if (key->serial < xkey->serial) | ||
227 | goto insert_here; | ||
228 | } | ||
229 | |||
230 | /* we've found a suitable hole - arrange for this key to occupy it */ | ||
231 | insert_here: | ||
232 | rb_link_node(&key->serial_node, parent, p); | ||
233 | rb_insert_color(&key->serial_node, &key_serial_tree); | ||
234 | |||
235 | spin_unlock(&key_serial_lock); | ||
236 | |||
237 | } /* end key_alloc_serial() */ | ||
238 | |||
239 | /*****************************************************************************/ | ||
240 | /* | ||
241 | * allocate a key of the specified type | ||
242 | * - update the user's quota to reflect the existence of the key | ||
243 | * - called from a key-type operation with key_types_sem read-locked by either | ||
244 | * key_create_or_update() or by key_duplicate(); this prevents unregistration | ||
245 | * of the key type | ||
246 | * - upon return the key is as yet uninstantiated; the caller needs to either | ||
247 | * instantiate the key or discard it before returning | ||
248 | */ | ||
249 | struct key *key_alloc(struct key_type *type, const char *desc, | ||
250 | uid_t uid, gid_t gid, key_perm_t perm, | ||
251 | int not_in_quota) | ||
252 | { | ||
253 | struct key_user *user = NULL; | ||
254 | struct key *key; | ||
255 | size_t desclen, quotalen; | ||
256 | |||
257 | key = ERR_PTR(-EINVAL); | ||
258 | if (!desc || !*desc) | ||
259 | goto error; | ||
260 | |||
261 | desclen = strlen(desc) + 1; | ||
262 | quotalen = desclen + type->def_datalen; | ||
263 | |||
264 | /* get hold of the key tracking for this user */ | ||
265 | user = key_user_lookup(uid); | ||
266 | if (!user) | ||
267 | goto no_memory_1; | ||
268 | |||
269 | /* check that the user's quota permits allocation of another key and | ||
270 | * its description */ | ||
271 | if (!not_in_quota) { | ||
272 | spin_lock(&user->lock); | ||
273 | if (user->qnkeys + 1 >= KEYQUOTA_MAX_KEYS && | ||
274 | user->qnbytes + quotalen >= KEYQUOTA_MAX_BYTES | ||
275 | ) | ||
276 | goto no_quota; | ||
277 | |||
278 | user->qnkeys++; | ||
279 | user->qnbytes += quotalen; | ||
280 | spin_unlock(&user->lock); | ||
281 | } | ||
282 | |||
283 | /* allocate and initialise the key and its description */ | ||
284 | key = kmem_cache_alloc(key_jar, SLAB_KERNEL); | ||
285 | if (!key) | ||
286 | goto no_memory_2; | ||
287 | |||
288 | if (desc) { | ||
289 | key->description = kmalloc(desclen, GFP_KERNEL); | ||
290 | if (!key->description) | ||
291 | goto no_memory_3; | ||
292 | |||
293 | memcpy(key->description, desc, desclen); | ||
294 | } | ||
295 | |||
296 | atomic_set(&key->usage, 1); | ||
297 | rwlock_init(&key->lock); | ||
298 | init_rwsem(&key->sem); | ||
299 | key->type = type; | ||
300 | key->user = user; | ||
301 | key->quotalen = quotalen; | ||
302 | key->datalen = type->def_datalen; | ||
303 | key->uid = uid; | ||
304 | key->gid = gid; | ||
305 | key->perm = perm; | ||
306 | key->flags = 0; | ||
307 | key->expiry = 0; | ||
308 | key->payload.data = NULL; | ||
309 | |||
310 | if (!not_in_quota) | ||
311 | key->flags |= KEY_FLAG_IN_QUOTA; | ||
312 | |||
313 | memset(&key->type_data, 0, sizeof(key->type_data)); | ||
314 | |||
315 | #ifdef KEY_DEBUGGING | ||
316 | key->magic = KEY_DEBUG_MAGIC; | ||
317 | #endif | ||
318 | |||
319 | /* publish the key by giving it a serial number */ | ||
320 | atomic_inc(&user->nkeys); | ||
321 | key_alloc_serial(key); | ||
322 | |||
323 | error: | ||
324 | return key; | ||
325 | |||
326 | no_memory_3: | ||
327 | kmem_cache_free(key_jar, key); | ||
328 | no_memory_2: | ||
329 | if (!not_in_quota) { | ||
330 | spin_lock(&user->lock); | ||
331 | user->qnkeys--; | ||
332 | user->qnbytes -= quotalen; | ||
333 | spin_unlock(&user->lock); | ||
334 | } | ||
335 | key_user_put(user); | ||
336 | no_memory_1: | ||
337 | key = ERR_PTR(-ENOMEM); | ||
338 | goto error; | ||
339 | |||
340 | no_quota: | ||
341 | spin_unlock(&user->lock); | ||
342 | key_user_put(user); | ||
343 | key = ERR_PTR(-EDQUOT); | ||
344 | goto error; | ||
345 | |||
346 | } /* end key_alloc() */ | ||
347 | |||
348 | EXPORT_SYMBOL(key_alloc); | ||
349 | |||
350 | /*****************************************************************************/ | ||
351 | /* | ||
352 | * reserve an amount of quota for the key's payload | ||
353 | */ | ||
354 | int key_payload_reserve(struct key *key, size_t datalen) | ||
355 | { | ||
356 | int delta = (int) datalen - key->datalen; | ||
357 | int ret = 0; | ||
358 | |||
359 | key_check(key); | ||
360 | |||
361 | /* contemplate the quota adjustment */ | ||
362 | if (delta != 0 && key->flags & KEY_FLAG_IN_QUOTA) { | ||
363 | spin_lock(&key->user->lock); | ||
364 | |||
365 | if (delta > 0 && | ||
366 | key->user->qnbytes + delta > KEYQUOTA_MAX_BYTES | ||
367 | ) { | ||
368 | ret = -EDQUOT; | ||
369 | } | ||
370 | else { | ||
371 | key->user->qnbytes += delta; | ||
372 | key->quotalen += delta; | ||
373 | } | ||
374 | spin_unlock(&key->user->lock); | ||
375 | } | ||
376 | |||
377 | /* change the recorded data length if that didn't generate an error */ | ||
378 | if (ret == 0) | ||
379 | key->datalen = datalen; | ||
380 | |||
381 | return ret; | ||
382 | |||
383 | } /* end key_payload_reserve() */ | ||
384 | |||
385 | EXPORT_SYMBOL(key_payload_reserve); | ||
386 | |||
387 | /*****************************************************************************/ | ||
388 | /* | ||
389 | * instantiate a key and link it into the target keyring atomically | ||
390 | * - called with the target keyring's semaphore writelocked | ||
391 | */ | ||
392 | static int __key_instantiate_and_link(struct key *key, | ||
393 | const void *data, | ||
394 | size_t datalen, | ||
395 | struct key *keyring) | ||
396 | { | ||
397 | int ret, awaken; | ||
398 | |||
399 | key_check(key); | ||
400 | key_check(keyring); | ||
401 | |||
402 | awaken = 0; | ||
403 | ret = -EBUSY; | ||
404 | |||
405 | down_write(&key_construction_sem); | ||
406 | |||
407 | /* can't instantiate twice */ | ||
408 | if (!(key->flags & KEY_FLAG_INSTANTIATED)) { | ||
409 | /* instantiate the key */ | ||
410 | ret = key->type->instantiate(key, data, datalen); | ||
411 | |||
412 | if (ret == 0) { | ||
413 | /* mark the key as being instantiated */ | ||
414 | write_lock(&key->lock); | ||
415 | |||
416 | atomic_inc(&key->user->nikeys); | ||
417 | key->flags |= KEY_FLAG_INSTANTIATED; | ||
418 | |||
419 | if (key->flags & KEY_FLAG_USER_CONSTRUCT) { | ||
420 | key->flags &= ~KEY_FLAG_USER_CONSTRUCT; | ||
421 | awaken = 1; | ||
422 | } | ||
423 | |||
424 | write_unlock(&key->lock); | ||
425 | |||
426 | /* and link it into the destination keyring */ | ||
427 | if (keyring) | ||
428 | ret = __key_link(keyring, key); | ||
429 | } | ||
430 | } | ||
431 | |||
432 | up_write(&key_construction_sem); | ||
433 | |||
434 | /* wake up anyone waiting for a key to be constructed */ | ||
435 | if (awaken) | ||
436 | wake_up_all(&request_key_conswq); | ||
437 | |||
438 | return ret; | ||
439 | |||
440 | } /* end __key_instantiate_and_link() */ | ||
441 | |||
442 | /*****************************************************************************/ | ||
443 | /* | ||
444 | * instantiate a key and link it into the target keyring atomically | ||
445 | */ | ||
446 | int key_instantiate_and_link(struct key *key, | ||
447 | const void *data, | ||
448 | size_t datalen, | ||
449 | struct key *keyring) | ||
450 | { | ||
451 | int ret; | ||
452 | |||
453 | if (keyring) | ||
454 | down_write(&keyring->sem); | ||
455 | |||
456 | ret = __key_instantiate_and_link(key, data, datalen, keyring); | ||
457 | |||
458 | if (keyring) | ||
459 | up_write(&keyring->sem); | ||
460 | |||
461 | return ret; | ||
462 | } /* end key_instantiate_and_link() */ | ||
463 | |||
464 | EXPORT_SYMBOL(key_instantiate_and_link); | ||
465 | |||
466 | /*****************************************************************************/ | ||
467 | /* | ||
468 | * negatively instantiate a key and link it into the target keyring atomically | ||
469 | */ | ||
470 | int key_negate_and_link(struct key *key, | ||
471 | unsigned timeout, | ||
472 | struct key *keyring) | ||
473 | { | ||
474 | struct timespec now; | ||
475 | int ret, awaken; | ||
476 | |||
477 | key_check(key); | ||
478 | key_check(keyring); | ||
479 | |||
480 | awaken = 0; | ||
481 | ret = -EBUSY; | ||
482 | |||
483 | if (keyring) | ||
484 | down_write(&keyring->sem); | ||
485 | |||
486 | down_write(&key_construction_sem); | ||
487 | |||
488 | /* can't instantiate twice */ | ||
489 | if (!(key->flags & KEY_FLAG_INSTANTIATED)) { | ||
490 | /* mark the key as being negatively instantiated */ | ||
491 | write_lock(&key->lock); | ||
492 | |||
493 | atomic_inc(&key->user->nikeys); | ||
494 | key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE; | ||
495 | now = current_kernel_time(); | ||
496 | key->expiry = now.tv_sec + timeout; | ||
497 | |||
498 | if (key->flags & KEY_FLAG_USER_CONSTRUCT) { | ||
499 | key->flags &= ~KEY_FLAG_USER_CONSTRUCT; | ||
500 | awaken = 1; | ||
501 | } | ||
502 | |||
503 | write_unlock(&key->lock); | ||
504 | ret = 0; | ||
505 | |||
506 | /* and link it into the destination keyring */ | ||
507 | if (keyring) | ||
508 | ret = __key_link(keyring, key); | ||
509 | } | ||
510 | |||
511 | up_write(&key_construction_sem); | ||
512 | |||
513 | if (keyring) | ||
514 | up_write(&keyring->sem); | ||
515 | |||
516 | /* wake up anyone waiting for a key to be constructed */ | ||
517 | if (awaken) | ||
518 | wake_up_all(&request_key_conswq); | ||
519 | |||
520 | return ret; | ||
521 | |||
522 | } /* end key_negate_and_link() */ | ||
523 | |||
524 | EXPORT_SYMBOL(key_negate_and_link); | ||
525 | |||
526 | /*****************************************************************************/ | ||
527 | /* | ||
528 | * do cleaning up in process context so that we don't have to disable | ||
529 | * interrupts all over the place | ||
530 | */ | ||
531 | static void key_cleanup(void *data) | ||
532 | { | ||
533 | struct rb_node *_n; | ||
534 | struct key *key; | ||
535 | |||
536 | go_again: | ||
537 | /* look for a dead key in the tree */ | ||
538 | spin_lock(&key_serial_lock); | ||
539 | |||
540 | for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) { | ||
541 | key = rb_entry(_n, struct key, serial_node); | ||
542 | |||
543 | if (atomic_read(&key->usage) == 0) | ||
544 | goto found_dead_key; | ||
545 | } | ||
546 | |||
547 | spin_unlock(&key_serial_lock); | ||
548 | return; | ||
549 | |||
550 | found_dead_key: | ||
551 | /* we found a dead key - once we've removed it from the tree, we can | ||
552 | * drop the lock */ | ||
553 | rb_erase(&key->serial_node, &key_serial_tree); | ||
554 | spin_unlock(&key_serial_lock); | ||
555 | |||
556 | /* deal with the user's key tracking and quota */ | ||
557 | if (key->flags & KEY_FLAG_IN_QUOTA) { | ||
558 | spin_lock(&key->user->lock); | ||
559 | key->user->qnkeys--; | ||
560 | key->user->qnbytes -= key->quotalen; | ||
561 | spin_unlock(&key->user->lock); | ||
562 | } | ||
563 | |||
564 | atomic_dec(&key->user->nkeys); | ||
565 | if (key->flags & KEY_FLAG_INSTANTIATED) | ||
566 | atomic_dec(&key->user->nikeys); | ||
567 | |||
568 | key_user_put(key->user); | ||
569 | |||
570 | /* now throw away the key memory */ | ||
571 | if (key->type->destroy) | ||
572 | key->type->destroy(key); | ||
573 | |||
574 | kfree(key->description); | ||
575 | |||
576 | #ifdef KEY_DEBUGGING | ||
577 | key->magic = KEY_DEBUG_MAGIC_X; | ||
578 | #endif | ||
579 | kmem_cache_free(key_jar, key); | ||
580 | |||
581 | /* there may, of course, be more than one key to destroy */ | ||
582 | goto go_again; | ||
583 | |||
584 | } /* end key_cleanup() */ | ||
585 | |||
586 | /*****************************************************************************/ | ||
587 | /* | ||
588 | * dispose of a reference to a key | ||
589 | * - when all the references are gone, we schedule the cleanup task to come and | ||
590 | * pull it out of the tree in definite process context | ||
591 | */ | ||
592 | void key_put(struct key *key) | ||
593 | { | ||
594 | if (key) { | ||
595 | key_check(key); | ||
596 | |||
597 | if (atomic_dec_and_test(&key->usage)) | ||
598 | schedule_work(&key_cleanup_task); | ||
599 | } | ||
600 | |||
601 | } /* end key_put() */ | ||
602 | |||
603 | EXPORT_SYMBOL(key_put); | ||
604 | |||
605 | /*****************************************************************************/ | ||
606 | /* | ||
607 | * find a key by its serial number | ||
608 | */ | ||
609 | struct key *key_lookup(key_serial_t id) | ||
610 | { | ||
611 | struct rb_node *n; | ||
612 | struct key *key; | ||
613 | |||
614 | spin_lock(&key_serial_lock); | ||
615 | |||
616 | /* search the tree for the specified key */ | ||
617 | n = key_serial_tree.rb_node; | ||
618 | while (n) { | ||
619 | key = rb_entry(n, struct key, serial_node); | ||
620 | |||
621 | if (id < key->serial) | ||
622 | n = n->rb_left; | ||
623 | else if (id > key->serial) | ||
624 | n = n->rb_right; | ||
625 | else | ||
626 | goto found; | ||
627 | } | ||
628 | |||
629 | not_found: | ||
630 | key = ERR_PTR(-ENOKEY); | ||
631 | goto error; | ||
632 | |||
633 | found: | ||
634 | /* pretent doesn't exist if it's dead */ | ||
635 | if (atomic_read(&key->usage) == 0 || | ||
636 | (key->flags & KEY_FLAG_DEAD) || | ||
637 | key->type == &key_type_dead) | ||
638 | goto not_found; | ||
639 | |||
640 | /* this races with key_put(), but that doesn't matter since key_put() | ||
641 | * doesn't actually change the key | ||
642 | */ | ||
643 | atomic_inc(&key->usage); | ||
644 | |||
645 | error: | ||
646 | spin_unlock(&key_serial_lock); | ||
647 | return key; | ||
648 | |||
649 | } /* end key_lookup() */ | ||
650 | |||
651 | /*****************************************************************************/ | ||
652 | /* | ||
653 | * find and lock the specified key type against removal | ||
654 | * - we return with the sem readlocked | ||
655 | */ | ||
656 | struct key_type *key_type_lookup(const char *type) | ||
657 | { | ||
658 | struct key_type *ktype; | ||
659 | |||
660 | down_read(&key_types_sem); | ||
661 | |||
662 | /* look up the key type to see if it's one of the registered kernel | ||
663 | * types */ | ||
664 | list_for_each_entry(ktype, &key_types_list, link) { | ||
665 | if (strcmp(ktype->name, type) == 0) | ||
666 | goto found_kernel_type; | ||
667 | } | ||
668 | |||
669 | up_read(&key_types_sem); | ||
670 | ktype = ERR_PTR(-ENOKEY); | ||
671 | |||
672 | found_kernel_type: | ||
673 | return ktype; | ||
674 | |||
675 | } /* end key_type_lookup() */ | ||
676 | |||
677 | /*****************************************************************************/ | ||
678 | /* | ||
679 | * unlock a key type | ||
680 | */ | ||
681 | void key_type_put(struct key_type *ktype) | ||
682 | { | ||
683 | up_read(&key_types_sem); | ||
684 | |||
685 | } /* end key_type_put() */ | ||
686 | |||
687 | /*****************************************************************************/ | ||
688 | /* | ||
689 | * attempt to update an existing key | ||
690 | * - the key has an incremented refcount | ||
691 | * - we need to put the key if we get an error | ||
692 | */ | ||
693 | static inline struct key *__key_update(struct key *key, const void *payload, | ||
694 | size_t plen) | ||
695 | { | ||
696 | int ret; | ||
697 | |||
698 | /* need write permission on the key to update it */ | ||
699 | ret = -EACCES; | ||
700 | if (!key_permission(key, KEY_WRITE)) | ||
701 | goto error; | ||
702 | |||
703 | ret = -EEXIST; | ||
704 | if (!key->type->update) | ||
705 | goto error; | ||
706 | |||
707 | down_write(&key->sem); | ||
708 | |||
709 | ret = key->type->update(key, payload, plen); | ||
710 | |||
711 | if (ret == 0) { | ||
712 | /* updating a negative key instantiates it */ | ||
713 | write_lock(&key->lock); | ||
714 | key->flags &= ~KEY_FLAG_NEGATIVE; | ||
715 | write_unlock(&key->lock); | ||
716 | } | ||
717 | |||
718 | up_write(&key->sem); | ||
719 | |||
720 | if (ret < 0) | ||
721 | goto error; | ||
722 | out: | ||
723 | return key; | ||
724 | |||
725 | error: | ||
726 | key_put(key); | ||
727 | key = ERR_PTR(ret); | ||
728 | goto out; | ||
729 | |||
730 | } /* end __key_update() */ | ||
731 | |||
732 | /*****************************************************************************/ | ||
733 | /* | ||
734 | * search the specified keyring for a key of the same description; if one is | ||
735 | * found, update it, otherwise add a new one | ||
736 | */ | ||
737 | struct key *key_create_or_update(struct key *keyring, | ||
738 | const char *type, | ||
739 | const char *description, | ||
740 | const void *payload, | ||
741 | size_t plen, | ||
742 | int not_in_quota) | ||
743 | { | ||
744 | struct key_type *ktype; | ||
745 | struct key *key = NULL; | ||
746 | key_perm_t perm; | ||
747 | int ret; | ||
748 | |||
749 | key_check(keyring); | ||
750 | |||
751 | /* look up the key type to see if it's one of the registered kernel | ||
752 | * types */ | ||
753 | ktype = key_type_lookup(type); | ||
754 | if (IS_ERR(ktype)) { | ||
755 | key = ERR_PTR(-ENODEV); | ||
756 | goto error; | ||
757 | } | ||
758 | |||
759 | ret = -EINVAL; | ||
760 | if (!ktype->match || !ktype->instantiate) | ||
761 | goto error_2; | ||
762 | |||
763 | /* search for an existing key of the same type and description in the | ||
764 | * destination keyring | ||
765 | */ | ||
766 | down_write(&keyring->sem); | ||
767 | |||
768 | key = __keyring_search_one(keyring, ktype, description, 0); | ||
769 | if (!IS_ERR(key)) | ||
770 | goto found_matching_key; | ||
771 | |||
772 | /* if we're going to allocate a new key, we're going to have to modify | ||
773 | * the keyring */ | ||
774 | ret = -EACCES; | ||
775 | if (!key_permission(keyring, KEY_WRITE)) | ||
776 | goto error_3; | ||
777 | |||
778 | /* decide on the permissions we want */ | ||
779 | perm = KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK; | ||
780 | |||
781 | if (ktype->read) | ||
782 | perm |= KEY_USR_READ; | ||
783 | |||
784 | if (ktype == &key_type_keyring || ktype->update) | ||
785 | perm |= KEY_USR_WRITE; | ||
786 | |||
787 | /* allocate a new key */ | ||
788 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | ||
789 | perm, not_in_quota); | ||
790 | if (IS_ERR(key)) { | ||
791 | ret = PTR_ERR(key); | ||
792 | goto error_3; | ||
793 | } | ||
794 | |||
795 | /* instantiate it and link it into the target keyring */ | ||
796 | ret = __key_instantiate_and_link(key, payload, plen, keyring); | ||
797 | if (ret < 0) { | ||
798 | key_put(key); | ||
799 | key = ERR_PTR(ret); | ||
800 | } | ||
801 | |||
802 | error_3: | ||
803 | up_write(&keyring->sem); | ||
804 | error_2: | ||
805 | key_type_put(ktype); | ||
806 | error: | ||
807 | return key; | ||
808 | |||
809 | found_matching_key: | ||
810 | /* we found a matching key, so we're going to try to update it | ||
811 | * - we can drop the locks first as we have the key pinned | ||
812 | */ | ||
813 | up_write(&keyring->sem); | ||
814 | key_type_put(ktype); | ||
815 | |||
816 | key = __key_update(key, payload, plen); | ||
817 | goto error; | ||
818 | |||
819 | } /* end key_create_or_update() */ | ||
820 | |||
821 | EXPORT_SYMBOL(key_create_or_update); | ||
822 | |||
823 | /*****************************************************************************/ | ||
824 | /* | ||
825 | * update a key | ||
826 | */ | ||
827 | int key_update(struct key *key, const void *payload, size_t plen) | ||
828 | { | ||
829 | int ret; | ||
830 | |||
831 | key_check(key); | ||
832 | |||
833 | /* the key must be writable */ | ||
834 | ret = -EACCES; | ||
835 | if (!key_permission(key, KEY_WRITE)) | ||
836 | goto error; | ||
837 | |||
838 | /* attempt to update it if supported */ | ||
839 | ret = -EOPNOTSUPP; | ||
840 | if (key->type->update) { | ||
841 | down_write(&key->sem); | ||
842 | ret = key->type->update(key, payload, plen); | ||
843 | |||
844 | if (ret == 0) { | ||
845 | /* updating a negative key instantiates it */ | ||
846 | write_lock(&key->lock); | ||
847 | key->flags &= ~KEY_FLAG_NEGATIVE; | ||
848 | write_unlock(&key->lock); | ||
849 | } | ||
850 | |||
851 | up_write(&key->sem); | ||
852 | } | ||
853 | |||
854 | error: | ||
855 | return ret; | ||
856 | |||
857 | } /* end key_update() */ | ||
858 | |||
859 | EXPORT_SYMBOL(key_update); | ||
860 | |||
861 | /*****************************************************************************/ | ||
862 | /* | ||
863 | * duplicate a key, potentially with a revised description | ||
864 | * - must be supported by the keytype (keyrings for instance can be duplicated) | ||
865 | */ | ||
866 | struct key *key_duplicate(struct key *source, const char *desc) | ||
867 | { | ||
868 | struct key *key; | ||
869 | int ret; | ||
870 | |||
871 | key_check(source); | ||
872 | |||
873 | if (!desc) | ||
874 | desc = source->description; | ||
875 | |||
876 | down_read(&key_types_sem); | ||
877 | |||
878 | ret = -EINVAL; | ||
879 | if (!source->type->duplicate) | ||
880 | goto error; | ||
881 | |||
882 | /* allocate and instantiate a key */ | ||
883 | key = key_alloc(source->type, desc, current->fsuid, current->fsgid, | ||
884 | source->perm, 0); | ||
885 | if (IS_ERR(key)) | ||
886 | goto error_k; | ||
887 | |||
888 | down_read(&source->sem); | ||
889 | ret = key->type->duplicate(key, source); | ||
890 | up_read(&source->sem); | ||
891 | if (ret < 0) | ||
892 | goto error2; | ||
893 | |||
894 | atomic_inc(&key->user->nikeys); | ||
895 | |||
896 | write_lock(&key->lock); | ||
897 | key->flags |= KEY_FLAG_INSTANTIATED; | ||
898 | write_unlock(&key->lock); | ||
899 | |||
900 | error_k: | ||
901 | up_read(&key_types_sem); | ||
902 | out: | ||
903 | return key; | ||
904 | |||
905 | error2: | ||
906 | key_put(key); | ||
907 | error: | ||
908 | up_read(&key_types_sem); | ||
909 | key = ERR_PTR(ret); | ||
910 | goto out; | ||
911 | |||
912 | } /* end key_duplicate() */ | ||
913 | |||
914 | /*****************************************************************************/ | ||
915 | /* | ||
916 | * revoke a key | ||
917 | */ | ||
918 | void key_revoke(struct key *key) | ||
919 | { | ||
920 | key_check(key); | ||
921 | |||
922 | /* make sure no one's trying to change or use the key when we mark | ||
923 | * it */ | ||
924 | down_write(&key->sem); | ||
925 | write_lock(&key->lock); | ||
926 | key->flags |= KEY_FLAG_REVOKED; | ||
927 | write_unlock(&key->lock); | ||
928 | up_write(&key->sem); | ||
929 | |||
930 | } /* end key_revoke() */ | ||
931 | |||
932 | EXPORT_SYMBOL(key_revoke); | ||
933 | |||
934 | /*****************************************************************************/ | ||
935 | /* | ||
936 | * register a type of key | ||
937 | */ | ||
938 | int register_key_type(struct key_type *ktype) | ||
939 | { | ||
940 | struct key_type *p; | ||
941 | int ret; | ||
942 | |||
943 | ret = -EEXIST; | ||
944 | down_write(&key_types_sem); | ||
945 | |||
946 | /* disallow key types with the same name */ | ||
947 | list_for_each_entry(p, &key_types_list, link) { | ||
948 | if (strcmp(p->name, ktype->name) == 0) | ||
949 | goto out; | ||
950 | } | ||
951 | |||
952 | /* store the type */ | ||
953 | list_add(&ktype->link, &key_types_list); | ||
954 | ret = 0; | ||
955 | |||
956 | out: | ||
957 | up_write(&key_types_sem); | ||
958 | return ret; | ||
959 | |||
960 | } /* end register_key_type() */ | ||
961 | |||
962 | EXPORT_SYMBOL(register_key_type); | ||
963 | |||
964 | /*****************************************************************************/ | ||
965 | /* | ||
966 | * unregister a type of key | ||
967 | */ | ||
968 | void unregister_key_type(struct key_type *ktype) | ||
969 | { | ||
970 | struct rb_node *_n; | ||
971 | struct key *key; | ||
972 | |||
973 | down_write(&key_types_sem); | ||
974 | |||
975 | /* withdraw the key type */ | ||
976 | list_del_init(&ktype->link); | ||
977 | |||
978 | /* need to withdraw all keys of this type */ | ||
979 | spin_lock(&key_serial_lock); | ||
980 | |||
981 | for (_n = rb_first(&key_serial_tree); _n; _n = rb_next(_n)) { | ||
982 | key = rb_entry(_n, struct key, serial_node); | ||
983 | |||
984 | if (key->type != ktype) | ||
985 | continue; | ||
986 | |||
987 | write_lock(&key->lock); | ||
988 | key->type = &key_type_dead; | ||
989 | write_unlock(&key->lock); | ||
990 | |||
991 | /* there shouldn't be anyone looking at the description or | ||
992 | * payload now */ | ||
993 | if (ktype->destroy) | ||
994 | ktype->destroy(key); | ||
995 | memset(&key->payload, 0xbd, sizeof(key->payload)); | ||
996 | } | ||
997 | |||
998 | spin_unlock(&key_serial_lock); | ||
999 | up_write(&key_types_sem); | ||
1000 | |||
1001 | } /* end unregister_key_type() */ | ||
1002 | |||
1003 | EXPORT_SYMBOL(unregister_key_type); | ||
1004 | |||
1005 | /*****************************************************************************/ | ||
1006 | /* | ||
1007 | * initialise the key management stuff | ||
1008 | */ | ||
1009 | void __init key_init(void) | ||
1010 | { | ||
1011 | /* allocate a slab in which we can store keys */ | ||
1012 | key_jar = kmem_cache_create("key_jar", sizeof(struct key), | ||
1013 | 0, SLAB_HWCACHE_ALIGN|SLAB_PANIC, NULL, NULL); | ||
1014 | |||
1015 | /* add the special key types */ | ||
1016 | list_add_tail(&key_type_keyring.link, &key_types_list); | ||
1017 | list_add_tail(&key_type_dead.link, &key_types_list); | ||
1018 | list_add_tail(&key_type_user.link, &key_types_list); | ||
1019 | |||
1020 | /* record the root user tracking */ | ||
1021 | rb_link_node(&root_key_user.node, | ||
1022 | NULL, | ||
1023 | &key_user_tree.rb_node); | ||
1024 | |||
1025 | rb_insert_color(&root_key_user.node, | ||
1026 | &key_user_tree); | ||
1027 | |||
1028 | /* record root's user standard keyrings */ | ||
1029 | key_check(&root_user_keyring); | ||
1030 | key_check(&root_session_keyring); | ||
1031 | |||
1032 | __key_insert_serial(&root_user_keyring); | ||
1033 | __key_insert_serial(&root_session_keyring); | ||
1034 | |||
1035 | keyring_publish_name(&root_user_keyring); | ||
1036 | keyring_publish_name(&root_session_keyring); | ||
1037 | |||
1038 | /* link the two root keyrings together */ | ||
1039 | key_link(&root_session_keyring, &root_user_keyring); | ||
1040 | } /* end key_init() */ | ||
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c new file mode 100644 index 000000000000..dc0011b3fac9 --- /dev/null +++ b/security/keys/keyctl.c | |||
@@ -0,0 +1,987 @@ | |||
1 | /* keyctl.c: userspace keyctl operations | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/syscalls.h> | ||
17 | #include <linux/keyctl.h> | ||
18 | #include <linux/fs.h> | ||
19 | #include <linux/err.h> | ||
20 | #include <asm/uaccess.h> | ||
21 | #include "internal.h" | ||
22 | |||
23 | /*****************************************************************************/ | ||
24 | /* | ||
25 | * extract the description of a new key from userspace and either add it as a | ||
26 | * new key to the specified keyring or update a matching key in that keyring | ||
27 | * - the keyring must be writable | ||
28 | * - returns the new key's serial number | ||
29 | * - implements add_key() | ||
30 | */ | ||
31 | asmlinkage long sys_add_key(const char __user *_type, | ||
32 | const char __user *_description, | ||
33 | const void __user *_payload, | ||
34 | size_t plen, | ||
35 | key_serial_t ringid) | ||
36 | { | ||
37 | struct key *keyring, *key; | ||
38 | char type[32], *description; | ||
39 | void *payload; | ||
40 | long dlen, ret; | ||
41 | |||
42 | ret = -EINVAL; | ||
43 | if (plen > 32767) | ||
44 | goto error; | ||
45 | |||
46 | /* draw all the data into kernel space */ | ||
47 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | ||
48 | if (ret < 0) | ||
49 | goto error; | ||
50 | type[31] = '\0'; | ||
51 | |||
52 | ret = -EFAULT; | ||
53 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | ||
54 | if (dlen <= 0) | ||
55 | goto error; | ||
56 | |||
57 | ret = -EINVAL; | ||
58 | if (dlen > PAGE_SIZE - 1) | ||
59 | goto error; | ||
60 | |||
61 | ret = -ENOMEM; | ||
62 | description = kmalloc(dlen + 1, GFP_KERNEL); | ||
63 | if (!description) | ||
64 | goto error; | ||
65 | |||
66 | ret = -EFAULT; | ||
67 | if (copy_from_user(description, _description, dlen + 1) != 0) | ||
68 | goto error2; | ||
69 | |||
70 | /* pull the payload in if one was supplied */ | ||
71 | payload = NULL; | ||
72 | |||
73 | if (_payload) { | ||
74 | ret = -ENOMEM; | ||
75 | payload = kmalloc(plen, GFP_KERNEL); | ||
76 | if (!payload) | ||
77 | goto error2; | ||
78 | |||
79 | ret = -EFAULT; | ||
80 | if (copy_from_user(payload, _payload, plen) != 0) | ||
81 | goto error3; | ||
82 | } | ||
83 | |||
84 | /* find the target keyring (which must be writable) */ | ||
85 | keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
86 | if (IS_ERR(keyring)) { | ||
87 | ret = PTR_ERR(keyring); | ||
88 | goto error3; | ||
89 | } | ||
90 | |||
91 | /* create or update the requested key and add it to the target | ||
92 | * keyring */ | ||
93 | key = key_create_or_update(keyring, type, description, | ||
94 | payload, plen, 0); | ||
95 | if (!IS_ERR(key)) { | ||
96 | ret = key->serial; | ||
97 | key_put(key); | ||
98 | } | ||
99 | else { | ||
100 | ret = PTR_ERR(key); | ||
101 | } | ||
102 | |||
103 | key_put(keyring); | ||
104 | error3: | ||
105 | kfree(payload); | ||
106 | error2: | ||
107 | kfree(description); | ||
108 | error: | ||
109 | return ret; | ||
110 | |||
111 | } /* end sys_add_key() */ | ||
112 | |||
113 | /*****************************************************************************/ | ||
114 | /* | ||
115 | * search the process keyrings for a matching key | ||
116 | * - nested keyrings may also be searched if they have Search permission | ||
117 | * - if a key is found, it will be attached to the destination keyring if | ||
118 | * there's one specified | ||
119 | * - /sbin/request-key will be invoked if _callout_info is non-NULL | ||
120 | * - the _callout_info string will be passed to /sbin/request-key | ||
121 | * - if the _callout_info string is empty, it will be rendered as "-" | ||
122 | * - implements request_key() | ||
123 | */ | ||
124 | asmlinkage long sys_request_key(const char __user *_type, | ||
125 | const char __user *_description, | ||
126 | const char __user *_callout_info, | ||
127 | key_serial_t destringid) | ||
128 | { | ||
129 | struct key_type *ktype; | ||
130 | struct key *key, *dest; | ||
131 | char type[32], *description, *callout_info; | ||
132 | long dlen, ret; | ||
133 | |||
134 | /* pull the type into kernel space */ | ||
135 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | ||
136 | if (ret < 0) | ||
137 | goto error; | ||
138 | type[31] = '\0'; | ||
139 | |||
140 | /* pull the description into kernel space */ | ||
141 | ret = -EFAULT; | ||
142 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | ||
143 | if (dlen <= 0) | ||
144 | goto error; | ||
145 | |||
146 | ret = -EINVAL; | ||
147 | if (dlen > PAGE_SIZE - 1) | ||
148 | goto error; | ||
149 | |||
150 | ret = -ENOMEM; | ||
151 | description = kmalloc(dlen + 1, GFP_KERNEL); | ||
152 | if (!description) | ||
153 | goto error; | ||
154 | |||
155 | ret = -EFAULT; | ||
156 | if (copy_from_user(description, _description, dlen + 1) != 0) | ||
157 | goto error2; | ||
158 | |||
159 | /* pull the callout info into kernel space */ | ||
160 | callout_info = NULL; | ||
161 | if (_callout_info) { | ||
162 | ret = -EFAULT; | ||
163 | dlen = strnlen_user(_callout_info, PAGE_SIZE - 1); | ||
164 | if (dlen <= 0) | ||
165 | goto error2; | ||
166 | |||
167 | ret = -EINVAL; | ||
168 | if (dlen > PAGE_SIZE - 1) | ||
169 | goto error2; | ||
170 | |||
171 | ret = -ENOMEM; | ||
172 | callout_info = kmalloc(dlen + 1, GFP_KERNEL); | ||
173 | if (!callout_info) | ||
174 | goto error2; | ||
175 | |||
176 | ret = -EFAULT; | ||
177 | if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0) | ||
178 | goto error3; | ||
179 | } | ||
180 | |||
181 | /* get the destination keyring if specified */ | ||
182 | dest = NULL; | ||
183 | if (destringid) { | ||
184 | dest = lookup_user_key(destringid, 1, 0, KEY_WRITE); | ||
185 | if (IS_ERR(dest)) { | ||
186 | ret = PTR_ERR(dest); | ||
187 | goto error3; | ||
188 | } | ||
189 | } | ||
190 | |||
191 | /* find the key type */ | ||
192 | ktype = key_type_lookup(type); | ||
193 | if (IS_ERR(ktype)) { | ||
194 | ret = PTR_ERR(ktype); | ||
195 | goto error4; | ||
196 | } | ||
197 | |||
198 | /* do the search */ | ||
199 | key = request_key(ktype, description, callout_info); | ||
200 | if (IS_ERR(key)) { | ||
201 | ret = PTR_ERR(key); | ||
202 | goto error5; | ||
203 | } | ||
204 | |||
205 | /* link the resulting key to the destination keyring */ | ||
206 | if (dest) { | ||
207 | ret = key_link(dest, key); | ||
208 | if (ret < 0) | ||
209 | goto error6; | ||
210 | } | ||
211 | |||
212 | ret = key->serial; | ||
213 | |||
214 | error6: | ||
215 | key_put(key); | ||
216 | error5: | ||
217 | key_type_put(ktype); | ||
218 | error4: | ||
219 | key_put(dest); | ||
220 | error3: | ||
221 | kfree(callout_info); | ||
222 | error2: | ||
223 | kfree(description); | ||
224 | error: | ||
225 | return ret; | ||
226 | |||
227 | } /* end sys_request_key() */ | ||
228 | |||
229 | /*****************************************************************************/ | ||
230 | /* | ||
231 | * get the ID of the specified process keyring | ||
232 | * - the keyring must have search permission to be found | ||
233 | * - implements keyctl(KEYCTL_GET_KEYRING_ID) | ||
234 | */ | ||
235 | long keyctl_get_keyring_ID(key_serial_t id, int create) | ||
236 | { | ||
237 | struct key *key; | ||
238 | long ret; | ||
239 | |||
240 | key = lookup_user_key(id, create, 0, KEY_SEARCH); | ||
241 | if (IS_ERR(key)) { | ||
242 | ret = PTR_ERR(key); | ||
243 | goto error; | ||
244 | } | ||
245 | |||
246 | ret = key->serial; | ||
247 | key_put(key); | ||
248 | error: | ||
249 | return ret; | ||
250 | |||
251 | } /* end keyctl_get_keyring_ID() */ | ||
252 | |||
253 | /*****************************************************************************/ | ||
254 | /* | ||
255 | * join the session keyring | ||
256 | * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) | ||
257 | */ | ||
258 | long keyctl_join_session_keyring(const char __user *_name) | ||
259 | { | ||
260 | char *name; | ||
261 | long nlen, ret; | ||
262 | |||
263 | /* fetch the name from userspace */ | ||
264 | name = NULL; | ||
265 | if (_name) { | ||
266 | ret = -EFAULT; | ||
267 | nlen = strnlen_user(_name, PAGE_SIZE - 1); | ||
268 | if (nlen <= 0) | ||
269 | goto error; | ||
270 | |||
271 | ret = -EINVAL; | ||
272 | if (nlen > PAGE_SIZE - 1) | ||
273 | goto error; | ||
274 | |||
275 | ret = -ENOMEM; | ||
276 | name = kmalloc(nlen + 1, GFP_KERNEL); | ||
277 | if (!name) | ||
278 | goto error; | ||
279 | |||
280 | ret = -EFAULT; | ||
281 | if (copy_from_user(name, _name, nlen + 1) != 0) | ||
282 | goto error2; | ||
283 | } | ||
284 | |||
285 | /* join the session */ | ||
286 | ret = join_session_keyring(name); | ||
287 | |||
288 | error2: | ||
289 | kfree(name); | ||
290 | error: | ||
291 | return ret; | ||
292 | |||
293 | } /* end keyctl_join_session_keyring() */ | ||
294 | |||
295 | /*****************************************************************************/ | ||
296 | /* | ||
297 | * update a key's data payload | ||
298 | * - the key must be writable | ||
299 | * - implements keyctl(KEYCTL_UPDATE) | ||
300 | */ | ||
301 | long keyctl_update_key(key_serial_t id, | ||
302 | const void __user *_payload, | ||
303 | size_t plen) | ||
304 | { | ||
305 | struct key *key; | ||
306 | void *payload; | ||
307 | long ret; | ||
308 | |||
309 | ret = -EINVAL; | ||
310 | if (plen > PAGE_SIZE) | ||
311 | goto error; | ||
312 | |||
313 | /* pull the payload in if one was supplied */ | ||
314 | payload = NULL; | ||
315 | if (_payload) { | ||
316 | ret = -ENOMEM; | ||
317 | payload = kmalloc(plen, GFP_KERNEL); | ||
318 | if (!payload) | ||
319 | goto error; | ||
320 | |||
321 | ret = -EFAULT; | ||
322 | if (copy_from_user(payload, _payload, plen) != 0) | ||
323 | goto error2; | ||
324 | } | ||
325 | |||
326 | /* find the target key (which must be writable) */ | ||
327 | key = lookup_user_key(id, 0, 0, KEY_WRITE); | ||
328 | if (IS_ERR(key)) { | ||
329 | ret = PTR_ERR(key); | ||
330 | goto error2; | ||
331 | } | ||
332 | |||
333 | /* update the key */ | ||
334 | ret = key_update(key, payload, plen); | ||
335 | |||
336 | key_put(key); | ||
337 | error2: | ||
338 | kfree(payload); | ||
339 | error: | ||
340 | return ret; | ||
341 | |||
342 | } /* end keyctl_update_key() */ | ||
343 | |||
344 | /*****************************************************************************/ | ||
345 | /* | ||
346 | * revoke a key | ||
347 | * - the key must be writable | ||
348 | * - implements keyctl(KEYCTL_REVOKE) | ||
349 | */ | ||
350 | long keyctl_revoke_key(key_serial_t id) | ||
351 | { | ||
352 | struct key *key; | ||
353 | long ret; | ||
354 | |||
355 | key = lookup_user_key(id, 0, 0, KEY_WRITE); | ||
356 | if (IS_ERR(key)) { | ||
357 | ret = PTR_ERR(key); | ||
358 | goto error; | ||
359 | } | ||
360 | |||
361 | key_revoke(key); | ||
362 | ret = 0; | ||
363 | |||
364 | key_put(key); | ||
365 | error: | ||
366 | return 0; | ||
367 | |||
368 | } /* end keyctl_revoke_key() */ | ||
369 | |||
370 | /*****************************************************************************/ | ||
371 | /* | ||
372 | * clear the specified process keyring | ||
373 | * - the keyring must be writable | ||
374 | * - implements keyctl(KEYCTL_CLEAR) | ||
375 | */ | ||
376 | long keyctl_keyring_clear(key_serial_t ringid) | ||
377 | { | ||
378 | struct key *keyring; | ||
379 | long ret; | ||
380 | |||
381 | keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
382 | if (IS_ERR(keyring)) { | ||
383 | ret = PTR_ERR(keyring); | ||
384 | goto error; | ||
385 | } | ||
386 | |||
387 | ret = keyring_clear(keyring); | ||
388 | |||
389 | key_put(keyring); | ||
390 | error: | ||
391 | return ret; | ||
392 | |||
393 | } /* end keyctl_keyring_clear() */ | ||
394 | |||
395 | /*****************************************************************************/ | ||
396 | /* | ||
397 | * link a key into a keyring | ||
398 | * - the keyring must be writable | ||
399 | * - the key must be linkable | ||
400 | * - implements keyctl(KEYCTL_LINK) | ||
401 | */ | ||
402 | long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) | ||
403 | { | ||
404 | struct key *keyring, *key; | ||
405 | long ret; | ||
406 | |||
407 | keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
408 | if (IS_ERR(keyring)) { | ||
409 | ret = PTR_ERR(keyring); | ||
410 | goto error; | ||
411 | } | ||
412 | |||
413 | key = lookup_user_key(id, 1, 0, KEY_LINK); | ||
414 | if (IS_ERR(key)) { | ||
415 | ret = PTR_ERR(key); | ||
416 | goto error2; | ||
417 | } | ||
418 | |||
419 | ret = key_link(keyring, key); | ||
420 | |||
421 | key_put(key); | ||
422 | error2: | ||
423 | key_put(keyring); | ||
424 | error: | ||
425 | return ret; | ||
426 | |||
427 | } /* end keyctl_keyring_link() */ | ||
428 | |||
429 | /*****************************************************************************/ | ||
430 | /* | ||
431 | * unlink the first attachment of a key from a keyring | ||
432 | * - the keyring must be writable | ||
433 | * - we don't need any permissions on the key | ||
434 | * - implements keyctl(KEYCTL_UNLINK) | ||
435 | */ | ||
436 | long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) | ||
437 | { | ||
438 | struct key *keyring, *key; | ||
439 | long ret; | ||
440 | |||
441 | keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE); | ||
442 | if (IS_ERR(keyring)) { | ||
443 | ret = PTR_ERR(keyring); | ||
444 | goto error; | ||
445 | } | ||
446 | |||
447 | key = lookup_user_key(id, 0, 0, 0); | ||
448 | if (IS_ERR(key)) { | ||
449 | ret = PTR_ERR(key); | ||
450 | goto error2; | ||
451 | } | ||
452 | |||
453 | ret = key_unlink(keyring, key); | ||
454 | |||
455 | key_put(key); | ||
456 | error2: | ||
457 | key_put(keyring); | ||
458 | error: | ||
459 | return ret; | ||
460 | |||
461 | } /* end keyctl_keyring_unlink() */ | ||
462 | |||
463 | /*****************************************************************************/ | ||
464 | /* | ||
465 | * describe a user key | ||
466 | * - the key must have view permission | ||
467 | * - if there's a buffer, we place up to buflen bytes of data into it | ||
468 | * - unless there's an error, we return the amount of description available, | ||
469 | * irrespective of how much we may have copied | ||
470 | * - the description is formatted thus: | ||
471 | * type;uid;gid;perm;description<NUL> | ||
472 | * - implements keyctl(KEYCTL_DESCRIBE) | ||
473 | */ | ||
474 | long keyctl_describe_key(key_serial_t keyid, | ||
475 | char __user *buffer, | ||
476 | size_t buflen) | ||
477 | { | ||
478 | struct key *key; | ||
479 | char *tmpbuf; | ||
480 | long ret; | ||
481 | |||
482 | key = lookup_user_key(keyid, 0, 1, KEY_VIEW); | ||
483 | if (IS_ERR(key)) { | ||
484 | ret = PTR_ERR(key); | ||
485 | goto error; | ||
486 | } | ||
487 | |||
488 | /* calculate how much description we're going to return */ | ||
489 | ret = -ENOMEM; | ||
490 | tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); | ||
491 | if (!tmpbuf) | ||
492 | goto error2; | ||
493 | |||
494 | ret = snprintf(tmpbuf, PAGE_SIZE - 1, | ||
495 | "%s;%d;%d;%06x;%s", | ||
496 | key->type->name, | ||
497 | key->uid, | ||
498 | key->gid, | ||
499 | key->perm, | ||
500 | key->description ? key->description :"" | ||
501 | ); | ||
502 | |||
503 | /* include a NUL char at the end of the data */ | ||
504 | if (ret > PAGE_SIZE - 1) | ||
505 | ret = PAGE_SIZE - 1; | ||
506 | tmpbuf[ret] = 0; | ||
507 | ret++; | ||
508 | |||
509 | /* consider returning the data */ | ||
510 | if (buffer && buflen > 0) { | ||
511 | if (buflen > ret) | ||
512 | buflen = ret; | ||
513 | |||
514 | if (copy_to_user(buffer, tmpbuf, buflen) != 0) | ||
515 | ret = -EFAULT; | ||
516 | } | ||
517 | |||
518 | kfree(tmpbuf); | ||
519 | error2: | ||
520 | key_put(key); | ||
521 | error: | ||
522 | return ret; | ||
523 | |||
524 | } /* end keyctl_describe_key() */ | ||
525 | |||
526 | /*****************************************************************************/ | ||
527 | /* | ||
528 | * search the specified keyring for a matching key | ||
529 | * - the start keyring must be searchable | ||
530 | * - nested keyrings may also be searched if they are searchable | ||
531 | * - only keys with search permission may be found | ||
532 | * - if a key is found, it will be attached to the destination keyring if | ||
533 | * there's one specified | ||
534 | * - implements keyctl(KEYCTL_SEARCH) | ||
535 | */ | ||
536 | long keyctl_keyring_search(key_serial_t ringid, | ||
537 | const char __user *_type, | ||
538 | const char __user *_description, | ||
539 | key_serial_t destringid) | ||
540 | { | ||
541 | struct key_type *ktype; | ||
542 | struct key *keyring, *key, *dest; | ||
543 | char type[32], *description; | ||
544 | long dlen, ret; | ||
545 | |||
546 | /* pull the type and description into kernel space */ | ||
547 | ret = strncpy_from_user(type, _type, sizeof(type) - 1); | ||
548 | if (ret < 0) | ||
549 | goto error; | ||
550 | type[31] = '\0'; | ||
551 | |||
552 | ret = -EFAULT; | ||
553 | dlen = strnlen_user(_description, PAGE_SIZE - 1); | ||
554 | if (dlen <= 0) | ||
555 | goto error; | ||
556 | |||
557 | ret = -EINVAL; | ||
558 | if (dlen > PAGE_SIZE - 1) | ||
559 | goto error; | ||
560 | |||
561 | ret = -ENOMEM; | ||
562 | description = kmalloc(dlen + 1, GFP_KERNEL); | ||
563 | if (!description) | ||
564 | goto error; | ||
565 | |||
566 | ret = -EFAULT; | ||
567 | if (copy_from_user(description, _description, dlen + 1) != 0) | ||
568 | goto error2; | ||
569 | |||
570 | /* get the keyring at which to begin the search */ | ||
571 | keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH); | ||
572 | if (IS_ERR(keyring)) { | ||
573 | ret = PTR_ERR(keyring); | ||
574 | goto error2; | ||
575 | } | ||
576 | |||
577 | /* get the destination keyring if specified */ | ||
578 | dest = NULL; | ||
579 | if (destringid) { | ||
580 | dest = lookup_user_key(destringid, 1, 0, KEY_WRITE); | ||
581 | if (IS_ERR(dest)) { | ||
582 | ret = PTR_ERR(dest); | ||
583 | goto error3; | ||
584 | } | ||
585 | } | ||
586 | |||
587 | /* find the key type */ | ||
588 | ktype = key_type_lookup(type); | ||
589 | if (IS_ERR(ktype)) { | ||
590 | ret = PTR_ERR(ktype); | ||
591 | goto error4; | ||
592 | } | ||
593 | |||
594 | /* do the search */ | ||
595 | key = keyring_search(keyring, ktype, description); | ||
596 | if (IS_ERR(key)) { | ||
597 | ret = PTR_ERR(key); | ||
598 | |||
599 | /* treat lack or presence of a negative key the same */ | ||
600 | if (ret == -EAGAIN) | ||
601 | ret = -ENOKEY; | ||
602 | goto error5; | ||
603 | } | ||
604 | |||
605 | /* link the resulting key to the destination keyring if we can */ | ||
606 | if (dest) { | ||
607 | ret = -EACCES; | ||
608 | if (!key_permission(key, KEY_LINK)) | ||
609 | goto error6; | ||
610 | |||
611 | ret = key_link(dest, key); | ||
612 | if (ret < 0) | ||
613 | goto error6; | ||
614 | } | ||
615 | |||
616 | ret = key->serial; | ||
617 | |||
618 | error6: | ||
619 | key_put(key); | ||
620 | error5: | ||
621 | key_type_put(ktype); | ||
622 | error4: | ||
623 | key_put(dest); | ||
624 | error3: | ||
625 | key_put(keyring); | ||
626 | error2: | ||
627 | kfree(description); | ||
628 | error: | ||
629 | return ret; | ||
630 | |||
631 | } /* end keyctl_keyring_search() */ | ||
632 | |||
633 | /*****************************************************************************/ | ||
634 | /* | ||
635 | * see if the key we're looking at is the target key | ||
636 | */ | ||
637 | static int keyctl_read_key_same(const struct key *key, const void *target) | ||
638 | { | ||
639 | return key == target; | ||
640 | |||
641 | } /* end keyctl_read_key_same() */ | ||
642 | |||
643 | /*****************************************************************************/ | ||
644 | /* | ||
645 | * read a user key's payload | ||
646 | * - the keyring must be readable or the key must be searchable from the | ||
647 | * process's keyrings | ||
648 | * - if there's a buffer, we place up to buflen bytes of data into it | ||
649 | * - unless there's an error, we return the amount of data in the key, | ||
650 | * irrespective of how much we may have copied | ||
651 | * - implements keyctl(KEYCTL_READ) | ||
652 | */ | ||
653 | long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) | ||
654 | { | ||
655 | struct key *key, *skey; | ||
656 | long ret; | ||
657 | |||
658 | /* find the key first */ | ||
659 | key = lookup_user_key(keyid, 0, 0, 0); | ||
660 | if (!IS_ERR(key)) { | ||
661 | /* see if we can read it directly */ | ||
662 | if (key_permission(key, KEY_READ)) | ||
663 | goto can_read_key; | ||
664 | |||
665 | /* can't; see if it's searchable from this process's | ||
666 | * keyrings */ | ||
667 | ret = -ENOKEY; | ||
668 | if (key_permission(key, KEY_SEARCH)) { | ||
669 | /* okay - we do have search permission on the key | ||
670 | * itself, but do we have the key? */ | ||
671 | skey = search_process_keyrings_aux(key->type, key, | ||
672 | keyctl_read_key_same); | ||
673 | if (!IS_ERR(skey)) | ||
674 | goto can_read_key2; | ||
675 | } | ||
676 | |||
677 | goto error2; | ||
678 | } | ||
679 | |||
680 | ret = -ENOKEY; | ||
681 | goto error; | ||
682 | |||
683 | /* the key is probably readable - now try to read it */ | ||
684 | can_read_key2: | ||
685 | key_put(skey); | ||
686 | can_read_key: | ||
687 | ret = key_validate(key); | ||
688 | if (ret == 0) { | ||
689 | ret = -EOPNOTSUPP; | ||
690 | if (key->type->read) { | ||
691 | /* read the data with the semaphore held (since we | ||
692 | * might sleep) */ | ||
693 | down_read(&key->sem); | ||
694 | ret = key->type->read(key, buffer, buflen); | ||
695 | up_read(&key->sem); | ||
696 | } | ||
697 | } | ||
698 | |||
699 | error2: | ||
700 | key_put(key); | ||
701 | error: | ||
702 | return ret; | ||
703 | |||
704 | } /* end keyctl_read_key() */ | ||
705 | |||
706 | /*****************************************************************************/ | ||
707 | /* | ||
708 | * change the ownership of a key | ||
709 | * - the keyring owned by the changer | ||
710 | * - if the uid or gid is -1, then that parameter is not changed | ||
711 | * - implements keyctl(KEYCTL_CHOWN) | ||
712 | */ | ||
713 | long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) | ||
714 | { | ||
715 | struct key *key; | ||
716 | long ret; | ||
717 | |||
718 | ret = 0; | ||
719 | if (uid == (uid_t) -1 && gid == (gid_t) -1) | ||
720 | goto error; | ||
721 | |||
722 | key = lookup_user_key(id, 1, 1, 0); | ||
723 | if (IS_ERR(key)) { | ||
724 | ret = PTR_ERR(key); | ||
725 | goto error; | ||
726 | } | ||
727 | |||
728 | /* make the changes with the locks held to prevent chown/chown races */ | ||
729 | ret = -EACCES; | ||
730 | down_write(&key->sem); | ||
731 | write_lock(&key->lock); | ||
732 | |||
733 | if (!capable(CAP_SYS_ADMIN)) { | ||
734 | /* only the sysadmin can chown a key to some other UID */ | ||
735 | if (uid != (uid_t) -1 && key->uid != uid) | ||
736 | goto no_access; | ||
737 | |||
738 | /* only the sysadmin can set the key's GID to a group other | ||
739 | * than one of those that the current process subscribes to */ | ||
740 | if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) | ||
741 | goto no_access; | ||
742 | } | ||
743 | |||
744 | /* change the UID (have to update the quotas) */ | ||
745 | if (uid != (uid_t) -1 && uid != key->uid) { | ||
746 | /* don't support UID changing yet */ | ||
747 | ret = -EOPNOTSUPP; | ||
748 | goto no_access; | ||
749 | } | ||
750 | |||
751 | /* change the GID */ | ||
752 | if (gid != (gid_t) -1) | ||
753 | key->gid = gid; | ||
754 | |||
755 | ret = 0; | ||
756 | |||
757 | no_access: | ||
758 | write_unlock(&key->lock); | ||
759 | up_write(&key->sem); | ||
760 | key_put(key); | ||
761 | error: | ||
762 | return ret; | ||
763 | |||
764 | } /* end keyctl_chown_key() */ | ||
765 | |||
766 | /*****************************************************************************/ | ||
767 | /* | ||
768 | * change the permission mask on a key | ||
769 | * - the keyring owned by the changer | ||
770 | * - implements keyctl(KEYCTL_SETPERM) | ||
771 | */ | ||
772 | long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | ||
773 | { | ||
774 | struct key *key; | ||
775 | long ret; | ||
776 | |||
777 | ret = -EINVAL; | ||
778 | if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) | ||
779 | goto error; | ||
780 | |||
781 | key = lookup_user_key(id, 1, 1, 0); | ||
782 | if (IS_ERR(key)) { | ||
783 | ret = PTR_ERR(key); | ||
784 | goto error; | ||
785 | } | ||
786 | |||
787 | /* make the changes with the locks held to prevent chown/chmod | ||
788 | * races */ | ||
789 | ret = -EACCES; | ||
790 | down_write(&key->sem); | ||
791 | write_lock(&key->lock); | ||
792 | |||
793 | /* if we're not the sysadmin, we can only chmod a key that we | ||
794 | * own */ | ||
795 | if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid) | ||
796 | goto no_access; | ||
797 | |||
798 | /* changing the permissions mask */ | ||
799 | key->perm = perm; | ||
800 | ret = 0; | ||
801 | |||
802 | no_access: | ||
803 | write_unlock(&key->lock); | ||
804 | up_write(&key->sem); | ||
805 | key_put(key); | ||
806 | error: | ||
807 | return ret; | ||
808 | |||
809 | } /* end keyctl_setperm_key() */ | ||
810 | |||
811 | /*****************************************************************************/ | ||
812 | /* | ||
813 | * instantiate the key with the specified payload, and, if one is given, link | ||
814 | * the key into the keyring | ||
815 | */ | ||
816 | long keyctl_instantiate_key(key_serial_t id, | ||
817 | const void __user *_payload, | ||
818 | size_t plen, | ||
819 | key_serial_t ringid) | ||
820 | { | ||
821 | struct key *key, *keyring; | ||
822 | void *payload; | ||
823 | long ret; | ||
824 | |||
825 | ret = -EINVAL; | ||
826 | if (plen > 32767) | ||
827 | goto error; | ||
828 | |||
829 | /* pull the payload in if one was supplied */ | ||
830 | payload = NULL; | ||
831 | |||
832 | if (_payload) { | ||
833 | ret = -ENOMEM; | ||
834 | payload = kmalloc(plen, GFP_KERNEL); | ||
835 | if (!payload) | ||
836 | goto error; | ||
837 | |||
838 | ret = -EFAULT; | ||
839 | if (copy_from_user(payload, _payload, plen) != 0) | ||
840 | goto error2; | ||
841 | } | ||
842 | |||
843 | /* find the target key (which must be writable) */ | ||
844 | key = lookup_user_key(id, 0, 1, KEY_WRITE); | ||
845 | if (IS_ERR(key)) { | ||
846 | ret = PTR_ERR(key); | ||
847 | goto error2; | ||
848 | } | ||
849 | |||
850 | /* find the destination keyring if present (which must also be | ||
851 | * writable) */ | ||
852 | keyring = NULL; | ||
853 | if (ringid) { | ||
854 | keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
855 | if (IS_ERR(keyring)) { | ||
856 | ret = PTR_ERR(keyring); | ||
857 | goto error3; | ||
858 | } | ||
859 | } | ||
860 | |||
861 | /* instantiate the key and link it into a keyring */ | ||
862 | ret = key_instantiate_and_link(key, payload, plen, keyring); | ||
863 | |||
864 | key_put(keyring); | ||
865 | error3: | ||
866 | key_put(key); | ||
867 | error2: | ||
868 | kfree(payload); | ||
869 | error: | ||
870 | return ret; | ||
871 | |||
872 | } /* end keyctl_instantiate_key() */ | ||
873 | |||
874 | /*****************************************************************************/ | ||
875 | /* | ||
876 | * negatively instantiate the key with the given timeout (in seconds), and, if | ||
877 | * one is given, link the key into the keyring | ||
878 | */ | ||
879 | long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | ||
880 | { | ||
881 | struct key *key, *keyring; | ||
882 | long ret; | ||
883 | |||
884 | /* find the target key (which must be writable) */ | ||
885 | key = lookup_user_key(id, 0, 1, KEY_WRITE); | ||
886 | if (IS_ERR(key)) { | ||
887 | ret = PTR_ERR(key); | ||
888 | goto error; | ||
889 | } | ||
890 | |||
891 | /* find the destination keyring if present (which must also be | ||
892 | * writable) */ | ||
893 | keyring = NULL; | ||
894 | if (ringid) { | ||
895 | keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE); | ||
896 | if (IS_ERR(keyring)) { | ||
897 | ret = PTR_ERR(keyring); | ||
898 | goto error2; | ||
899 | } | ||
900 | } | ||
901 | |||
902 | /* instantiate the key and link it into a keyring */ | ||
903 | ret = key_negate_and_link(key, timeout, keyring); | ||
904 | |||
905 | key_put(keyring); | ||
906 | error2: | ||
907 | key_put(key); | ||
908 | error: | ||
909 | return ret; | ||
910 | |||
911 | } /* end keyctl_negate_key() */ | ||
912 | |||
913 | /*****************************************************************************/ | ||
914 | /* | ||
915 | * the key control system call | ||
916 | */ | ||
917 | asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, | ||
918 | unsigned long arg4, unsigned long arg5) | ||
919 | { | ||
920 | switch (option) { | ||
921 | case KEYCTL_GET_KEYRING_ID: | ||
922 | return keyctl_get_keyring_ID((key_serial_t) arg2, | ||
923 | (int) arg3); | ||
924 | |||
925 | case KEYCTL_JOIN_SESSION_KEYRING: | ||
926 | return keyctl_join_session_keyring((const char __user *) arg2); | ||
927 | |||
928 | case KEYCTL_UPDATE: | ||
929 | return keyctl_update_key((key_serial_t) arg2, | ||
930 | (const void __user *) arg3, | ||
931 | (size_t) arg4); | ||
932 | |||
933 | case KEYCTL_REVOKE: | ||
934 | return keyctl_revoke_key((key_serial_t) arg2); | ||
935 | |||
936 | case KEYCTL_DESCRIBE: | ||
937 | return keyctl_describe_key((key_serial_t) arg2, | ||
938 | (char __user *) arg3, | ||
939 | (unsigned) arg4); | ||
940 | |||
941 | case KEYCTL_CLEAR: | ||
942 | return keyctl_keyring_clear((key_serial_t) arg2); | ||
943 | |||
944 | case KEYCTL_LINK: | ||
945 | return keyctl_keyring_link((key_serial_t) arg2, | ||
946 | (key_serial_t) arg3); | ||
947 | |||
948 | case KEYCTL_UNLINK: | ||
949 | return keyctl_keyring_unlink((key_serial_t) arg2, | ||
950 | (key_serial_t) arg3); | ||
951 | |||
952 | case KEYCTL_SEARCH: | ||
953 | return keyctl_keyring_search((key_serial_t) arg2, | ||
954 | (const char __user *) arg3, | ||
955 | (const char __user *) arg4, | ||
956 | (key_serial_t) arg5); | ||
957 | |||
958 | case KEYCTL_READ: | ||
959 | return keyctl_read_key((key_serial_t) arg2, | ||
960 | (char __user *) arg3, | ||
961 | (size_t) arg4); | ||
962 | |||
963 | case KEYCTL_CHOWN: | ||
964 | return keyctl_chown_key((key_serial_t) arg2, | ||
965 | (uid_t) arg3, | ||
966 | (gid_t) arg4); | ||
967 | |||
968 | case KEYCTL_SETPERM: | ||
969 | return keyctl_setperm_key((key_serial_t) arg2, | ||
970 | (key_perm_t) arg3); | ||
971 | |||
972 | case KEYCTL_INSTANTIATE: | ||
973 | return keyctl_instantiate_key((key_serial_t) arg2, | ||
974 | (const void __user *) arg3, | ||
975 | (size_t) arg4, | ||
976 | (key_serial_t) arg5); | ||
977 | |||
978 | case KEYCTL_NEGATE: | ||
979 | return keyctl_negate_key((key_serial_t) arg2, | ||
980 | (unsigned) arg3, | ||
981 | (key_serial_t) arg4); | ||
982 | |||
983 | default: | ||
984 | return -EOPNOTSUPP; | ||
985 | } | ||
986 | |||
987 | } /* end sys_keyctl() */ | ||
diff --git a/security/keys/keyring.c b/security/keys/keyring.c new file mode 100644 index 000000000000..e2ab4f8e7481 --- /dev/null +++ b/security/keys/keyring.c | |||
@@ -0,0 +1,895 @@ | |||
1 | /* keyring.c: keyring handling | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/seq_file.h> | ||
17 | #include <linux/err.h> | ||
18 | #include <asm/uaccess.h> | ||
19 | #include "internal.h" | ||
20 | |||
21 | /* | ||
22 | * when plumbing the depths of the key tree, this sets a hard limit set on how | ||
23 | * deep we're willing to go | ||
24 | */ | ||
25 | #define KEYRING_SEARCH_MAX_DEPTH 6 | ||
26 | |||
27 | /* | ||
28 | * we keep all named keyrings in a hash to speed looking them up | ||
29 | */ | ||
30 | #define KEYRING_NAME_HASH_SIZE (1 << 5) | ||
31 | |||
32 | static struct list_head keyring_name_hash[KEYRING_NAME_HASH_SIZE]; | ||
33 | static DEFINE_RWLOCK(keyring_name_lock); | ||
34 | |||
35 | static inline unsigned keyring_hash(const char *desc) | ||
36 | { | ||
37 | unsigned bucket = 0; | ||
38 | |||
39 | for (; *desc; desc++) | ||
40 | bucket += (unsigned char) *desc; | ||
41 | |||
42 | return bucket & (KEYRING_NAME_HASH_SIZE - 1); | ||
43 | } | ||
44 | |||
45 | /* | ||
46 | * the keyring type definition | ||
47 | */ | ||
48 | static int keyring_instantiate(struct key *keyring, | ||
49 | const void *data, size_t datalen); | ||
50 | static int keyring_duplicate(struct key *keyring, const struct key *source); | ||
51 | static int keyring_match(const struct key *keyring, const void *criterion); | ||
52 | static void keyring_destroy(struct key *keyring); | ||
53 | static void keyring_describe(const struct key *keyring, struct seq_file *m); | ||
54 | static long keyring_read(const struct key *keyring, | ||
55 | char __user *buffer, size_t buflen); | ||
56 | |||
57 | struct key_type key_type_keyring = { | ||
58 | .name = "keyring", | ||
59 | .def_datalen = sizeof(struct keyring_list), | ||
60 | .instantiate = keyring_instantiate, | ||
61 | .duplicate = keyring_duplicate, | ||
62 | .match = keyring_match, | ||
63 | .destroy = keyring_destroy, | ||
64 | .describe = keyring_describe, | ||
65 | .read = keyring_read, | ||
66 | }; | ||
67 | |||
68 | /* | ||
69 | * semaphore to serialise link/link calls to prevent two link calls in parallel | ||
70 | * introducing a cycle | ||
71 | */ | ||
72 | DECLARE_RWSEM(keyring_serialise_link_sem); | ||
73 | |||
74 | /*****************************************************************************/ | ||
75 | /* | ||
76 | * publish the name of a keyring so that it can be found by name (if it has | ||
77 | * one) | ||
78 | */ | ||
79 | void keyring_publish_name(struct key *keyring) | ||
80 | { | ||
81 | int bucket; | ||
82 | |||
83 | if (keyring->description) { | ||
84 | bucket = keyring_hash(keyring->description); | ||
85 | |||
86 | write_lock(&keyring_name_lock); | ||
87 | |||
88 | if (!keyring_name_hash[bucket].next) | ||
89 | INIT_LIST_HEAD(&keyring_name_hash[bucket]); | ||
90 | |||
91 | list_add_tail(&keyring->type_data.link, | ||
92 | &keyring_name_hash[bucket]); | ||
93 | |||
94 | write_unlock(&keyring_name_lock); | ||
95 | } | ||
96 | |||
97 | } /* end keyring_publish_name() */ | ||
98 | |||
99 | /*****************************************************************************/ | ||
100 | /* | ||
101 | * initialise a keyring | ||
102 | * - we object if we were given any data | ||
103 | */ | ||
104 | static int keyring_instantiate(struct key *keyring, | ||
105 | const void *data, size_t datalen) | ||
106 | { | ||
107 | int ret; | ||
108 | |||
109 | ret = -EINVAL; | ||
110 | if (datalen == 0) { | ||
111 | /* make the keyring available by name if it has one */ | ||
112 | keyring_publish_name(keyring); | ||
113 | ret = 0; | ||
114 | } | ||
115 | |||
116 | return ret; | ||
117 | |||
118 | } /* end keyring_instantiate() */ | ||
119 | |||
120 | /*****************************************************************************/ | ||
121 | /* | ||
122 | * duplicate the list of subscribed keys from a source keyring into this one | ||
123 | */ | ||
124 | static int keyring_duplicate(struct key *keyring, const struct key *source) | ||
125 | { | ||
126 | struct keyring_list *sklist, *klist; | ||
127 | unsigned max; | ||
128 | size_t size; | ||
129 | int loop, ret; | ||
130 | |||
131 | const unsigned limit = | ||
132 | (PAGE_SIZE - sizeof(*klist)) / sizeof(struct key); | ||
133 | |||
134 | ret = 0; | ||
135 | sklist = source->payload.subscriptions; | ||
136 | |||
137 | if (sklist && sklist->nkeys > 0) { | ||
138 | max = sklist->nkeys; | ||
139 | BUG_ON(max > limit); | ||
140 | |||
141 | max = (max + 3) & ~3; | ||
142 | if (max > limit) | ||
143 | max = limit; | ||
144 | |||
145 | ret = -ENOMEM; | ||
146 | size = sizeof(*klist) + sizeof(struct key) * max; | ||
147 | klist = kmalloc(size, GFP_KERNEL); | ||
148 | if (!klist) | ||
149 | goto error; | ||
150 | |||
151 | klist->maxkeys = max; | ||
152 | klist->nkeys = sklist->nkeys; | ||
153 | memcpy(klist->keys, | ||
154 | sklist->keys, | ||
155 | sklist->nkeys * sizeof(struct key)); | ||
156 | |||
157 | for (loop = klist->nkeys - 1; loop >= 0; loop--) | ||
158 | atomic_inc(&klist->keys[loop]->usage); | ||
159 | |||
160 | keyring->payload.subscriptions = klist; | ||
161 | ret = 0; | ||
162 | } | ||
163 | |||
164 | error: | ||
165 | return ret; | ||
166 | |||
167 | } /* end keyring_duplicate() */ | ||
168 | |||
169 | /*****************************************************************************/ | ||
170 | /* | ||
171 | * match keyrings on their name | ||
172 | */ | ||
173 | static int keyring_match(const struct key *keyring, const void *description) | ||
174 | { | ||
175 | return keyring->description && | ||
176 | strcmp(keyring->description, description) == 0; | ||
177 | |||
178 | } /* end keyring_match() */ | ||
179 | |||
180 | /*****************************************************************************/ | ||
181 | /* | ||
182 | * dispose of the data dangling from the corpse of a keyring | ||
183 | */ | ||
184 | static void keyring_destroy(struct key *keyring) | ||
185 | { | ||
186 | struct keyring_list *klist; | ||
187 | int loop; | ||
188 | |||
189 | if (keyring->description) { | ||
190 | write_lock(&keyring_name_lock); | ||
191 | list_del(&keyring->type_data.link); | ||
192 | write_unlock(&keyring_name_lock); | ||
193 | } | ||
194 | |||
195 | klist = keyring->payload.subscriptions; | ||
196 | if (klist) { | ||
197 | for (loop = klist->nkeys - 1; loop >= 0; loop--) | ||
198 | key_put(klist->keys[loop]); | ||
199 | kfree(klist); | ||
200 | } | ||
201 | |||
202 | } /* end keyring_destroy() */ | ||
203 | |||
204 | /*****************************************************************************/ | ||
205 | /* | ||
206 | * describe the keyring | ||
207 | */ | ||
208 | static void keyring_describe(const struct key *keyring, struct seq_file *m) | ||
209 | { | ||
210 | struct keyring_list *klist; | ||
211 | |||
212 | if (keyring->description) { | ||
213 | seq_puts(m, keyring->description); | ||
214 | } | ||
215 | else { | ||
216 | seq_puts(m, "[anon]"); | ||
217 | } | ||
218 | |||
219 | klist = keyring->payload.subscriptions; | ||
220 | if (klist) | ||
221 | seq_printf(m, ": %u/%u", klist->nkeys, klist->maxkeys); | ||
222 | else | ||
223 | seq_puts(m, ": empty"); | ||
224 | |||
225 | } /* end keyring_describe() */ | ||
226 | |||
227 | /*****************************************************************************/ | ||
228 | /* | ||
229 | * read a list of key IDs from the keyring's contents | ||
230 | */ | ||
231 | static long keyring_read(const struct key *keyring, | ||
232 | char __user *buffer, size_t buflen) | ||
233 | { | ||
234 | struct keyring_list *klist; | ||
235 | struct key *key; | ||
236 | size_t qty, tmp; | ||
237 | int loop, ret; | ||
238 | |||
239 | ret = 0; | ||
240 | klist = keyring->payload.subscriptions; | ||
241 | |||
242 | if (klist) { | ||
243 | /* calculate how much data we could return */ | ||
244 | qty = klist->nkeys * sizeof(key_serial_t); | ||
245 | |||
246 | if (buffer && buflen > 0) { | ||
247 | if (buflen > qty) | ||
248 | buflen = qty; | ||
249 | |||
250 | /* copy the IDs of the subscribed keys into the | ||
251 | * buffer */ | ||
252 | ret = -EFAULT; | ||
253 | |||
254 | for (loop = 0; loop < klist->nkeys; loop++) { | ||
255 | key = klist->keys[loop]; | ||
256 | |||
257 | tmp = sizeof(key_serial_t); | ||
258 | if (tmp > buflen) | ||
259 | tmp = buflen; | ||
260 | |||
261 | if (copy_to_user(buffer, | ||
262 | &key->serial, | ||
263 | tmp) != 0) | ||
264 | goto error; | ||
265 | |||
266 | buflen -= tmp; | ||
267 | if (buflen == 0) | ||
268 | break; | ||
269 | buffer += tmp; | ||
270 | } | ||
271 | } | ||
272 | |||
273 | ret = qty; | ||
274 | } | ||
275 | |||
276 | error: | ||
277 | return ret; | ||
278 | |||
279 | } /* end keyring_read() */ | ||
280 | |||
281 | /*****************************************************************************/ | ||
282 | /* | ||
283 | * allocate a keyring and link into the destination keyring | ||
284 | */ | ||
285 | struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid, | ||
286 | int not_in_quota, struct key *dest) | ||
287 | { | ||
288 | struct key *keyring; | ||
289 | int ret; | ||
290 | |||
291 | keyring = key_alloc(&key_type_keyring, description, | ||
292 | uid, gid, KEY_USR_ALL, not_in_quota); | ||
293 | |||
294 | if (!IS_ERR(keyring)) { | ||
295 | ret = key_instantiate_and_link(keyring, NULL, 0, dest); | ||
296 | if (ret < 0) { | ||
297 | key_put(keyring); | ||
298 | keyring = ERR_PTR(ret); | ||
299 | } | ||
300 | } | ||
301 | |||
302 | return keyring; | ||
303 | |||
304 | } /* end keyring_alloc() */ | ||
305 | |||
306 | /*****************************************************************************/ | ||
307 | /* | ||
308 | * search the supplied keyring tree for a key that matches the criterion | ||
309 | * - perform a breadth-then-depth search up to the prescribed limit | ||
310 | * - we only find keys on which we have search permission | ||
311 | * - we use the supplied match function to see if the description (or other | ||
312 | * feature of interest) matches | ||
313 | * - we readlock the keyrings as we search down the tree | ||
314 | * - we return -EAGAIN if we didn't find any matching key | ||
315 | * - we return -ENOKEY if we only found negative matching keys | ||
316 | */ | ||
317 | struct key *keyring_search_aux(struct key *keyring, | ||
318 | struct key_type *type, | ||
319 | const void *description, | ||
320 | key_match_func_t match) | ||
321 | { | ||
322 | struct { | ||
323 | struct key *keyring; | ||
324 | int kix; | ||
325 | } stack[KEYRING_SEARCH_MAX_DEPTH]; | ||
326 | |||
327 | struct keyring_list *keylist; | ||
328 | struct timespec now; | ||
329 | struct key *key; | ||
330 | long err; | ||
331 | int sp, psp, kix; | ||
332 | |||
333 | key_check(keyring); | ||
334 | |||
335 | /* top keyring must have search permission to begin the search */ | ||
336 | key = ERR_PTR(-EACCES); | ||
337 | if (!key_permission(keyring, KEY_SEARCH)) | ||
338 | goto error; | ||
339 | |||
340 | key = ERR_PTR(-ENOTDIR); | ||
341 | if (keyring->type != &key_type_keyring) | ||
342 | goto error; | ||
343 | |||
344 | now = current_kernel_time(); | ||
345 | err = -EAGAIN; | ||
346 | sp = 0; | ||
347 | |||
348 | /* start processing a new keyring */ | ||
349 | descend: | ||
350 | read_lock(&keyring->lock); | ||
351 | if (keyring->flags & KEY_FLAG_REVOKED) | ||
352 | goto not_this_keyring; | ||
353 | |||
354 | keylist = keyring->payload.subscriptions; | ||
355 | if (!keylist) | ||
356 | goto not_this_keyring; | ||
357 | |||
358 | /* iterate through the keys in this keyring first */ | ||
359 | for (kix = 0; kix < keylist->nkeys; kix++) { | ||
360 | key = keylist->keys[kix]; | ||
361 | |||
362 | /* ignore keys not of this type */ | ||
363 | if (key->type != type) | ||
364 | continue; | ||
365 | |||
366 | /* skip revoked keys and expired keys */ | ||
367 | if (key->flags & KEY_FLAG_REVOKED) | ||
368 | continue; | ||
369 | |||
370 | if (key->expiry && now.tv_sec >= key->expiry) | ||
371 | continue; | ||
372 | |||
373 | /* keys that don't match */ | ||
374 | if (!match(key, description)) | ||
375 | continue; | ||
376 | |||
377 | /* key must have search permissions */ | ||
378 | if (!key_permission(key, KEY_SEARCH)) | ||
379 | continue; | ||
380 | |||
381 | /* we set a different error code if we find a negative key */ | ||
382 | if (key->flags & KEY_FLAG_NEGATIVE) { | ||
383 | err = -ENOKEY; | ||
384 | continue; | ||
385 | } | ||
386 | |||
387 | goto found; | ||
388 | } | ||
389 | |||
390 | /* search through the keyrings nested in this one */ | ||
391 | kix = 0; | ||
392 | ascend: | ||
393 | while (kix < keylist->nkeys) { | ||
394 | key = keylist->keys[kix]; | ||
395 | if (key->type != &key_type_keyring) | ||
396 | goto next; | ||
397 | |||
398 | /* recursively search nested keyrings | ||
399 | * - only search keyrings for which we have search permission | ||
400 | */ | ||
401 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) | ||
402 | goto next; | ||
403 | |||
404 | if (!key_permission(key, KEY_SEARCH)) | ||
405 | goto next; | ||
406 | |||
407 | /* evade loops in the keyring tree */ | ||
408 | for (psp = 0; psp < sp; psp++) | ||
409 | if (stack[psp].keyring == keyring) | ||
410 | goto next; | ||
411 | |||
412 | /* stack the current position */ | ||
413 | stack[sp].keyring = keyring; | ||
414 | stack[sp].kix = kix; | ||
415 | sp++; | ||
416 | |||
417 | /* begin again with the new keyring */ | ||
418 | keyring = key; | ||
419 | goto descend; | ||
420 | |||
421 | next: | ||
422 | kix++; | ||
423 | } | ||
424 | |||
425 | /* the keyring we're looking at was disqualified or didn't contain a | ||
426 | * matching key */ | ||
427 | not_this_keyring: | ||
428 | read_unlock(&keyring->lock); | ||
429 | |||
430 | if (sp > 0) { | ||
431 | /* resume the processing of a keyring higher up in the tree */ | ||
432 | sp--; | ||
433 | keyring = stack[sp].keyring; | ||
434 | keylist = keyring->payload.subscriptions; | ||
435 | kix = stack[sp].kix + 1; | ||
436 | goto ascend; | ||
437 | } | ||
438 | |||
439 | key = ERR_PTR(err); | ||
440 | goto error; | ||
441 | |||
442 | /* we found a viable match */ | ||
443 | found: | ||
444 | atomic_inc(&key->usage); | ||
445 | read_unlock(&keyring->lock); | ||
446 | |||
447 | /* unwind the keyring stack */ | ||
448 | while (sp > 0) { | ||
449 | sp--; | ||
450 | read_unlock(&stack[sp].keyring->lock); | ||
451 | } | ||
452 | |||
453 | key_check(key); | ||
454 | error: | ||
455 | return key; | ||
456 | |||
457 | } /* end keyring_search_aux() */ | ||
458 | |||
459 | /*****************************************************************************/ | ||
460 | /* | ||
461 | * search the supplied keyring tree for a key that matches the criterion | ||
462 | * - perform a breadth-then-depth search up to the prescribed limit | ||
463 | * - we only find keys on which we have search permission | ||
464 | * - we readlock the keyrings as we search down the tree | ||
465 | * - we return -EAGAIN if we didn't find any matching key | ||
466 | * - we return -ENOKEY if we only found negative matching keys | ||
467 | */ | ||
468 | struct key *keyring_search(struct key *keyring, | ||
469 | struct key_type *type, | ||
470 | const char *description) | ||
471 | { | ||
472 | return keyring_search_aux(keyring, type, description, type->match); | ||
473 | |||
474 | } /* end keyring_search() */ | ||
475 | |||
476 | EXPORT_SYMBOL(keyring_search); | ||
477 | |||
478 | /*****************************************************************************/ | ||
479 | /* | ||
480 | * search the given keyring only (no recursion) | ||
481 | * - keyring must be locked by caller | ||
482 | */ | ||
483 | struct key *__keyring_search_one(struct key *keyring, | ||
484 | const struct key_type *ktype, | ||
485 | const char *description, | ||
486 | key_perm_t perm) | ||
487 | { | ||
488 | struct keyring_list *klist; | ||
489 | struct key *key; | ||
490 | int loop; | ||
491 | |||
492 | klist = keyring->payload.subscriptions; | ||
493 | if (klist) { | ||
494 | for (loop = 0; loop < klist->nkeys; loop++) { | ||
495 | key = klist->keys[loop]; | ||
496 | |||
497 | if (key->type == ktype && | ||
498 | key->type->match(key, description) && | ||
499 | key_permission(key, perm) && | ||
500 | !(key->flags & KEY_FLAG_REVOKED) | ||
501 | ) | ||
502 | goto found; | ||
503 | } | ||
504 | } | ||
505 | |||
506 | key = ERR_PTR(-ENOKEY); | ||
507 | goto error; | ||
508 | |||
509 | found: | ||
510 | atomic_inc(&key->usage); | ||
511 | error: | ||
512 | return key; | ||
513 | |||
514 | } /* end __keyring_search_one() */ | ||
515 | |||
516 | /*****************************************************************************/ | ||
517 | /* | ||
518 | * find a keyring with the specified name | ||
519 | * - all named keyrings are searched | ||
520 | * - only find keyrings with search permission for the process | ||
521 | * - only find keyrings with a serial number greater than the one specified | ||
522 | */ | ||
523 | struct key *find_keyring_by_name(const char *name, key_serial_t bound) | ||
524 | { | ||
525 | struct key *keyring; | ||
526 | int bucket; | ||
527 | |||
528 | keyring = ERR_PTR(-EINVAL); | ||
529 | if (!name) | ||
530 | goto error; | ||
531 | |||
532 | bucket = keyring_hash(name); | ||
533 | |||
534 | read_lock(&keyring_name_lock); | ||
535 | |||
536 | if (keyring_name_hash[bucket].next) { | ||
537 | /* search this hash bucket for a keyring with a matching name | ||
538 | * that's readable and that hasn't been revoked */ | ||
539 | list_for_each_entry(keyring, | ||
540 | &keyring_name_hash[bucket], | ||
541 | type_data.link | ||
542 | ) { | ||
543 | if (keyring->flags & KEY_FLAG_REVOKED) | ||
544 | continue; | ||
545 | |||
546 | if (strcmp(keyring->description, name) != 0) | ||
547 | continue; | ||
548 | |||
549 | if (!key_permission(keyring, KEY_SEARCH)) | ||
550 | continue; | ||
551 | |||
552 | /* found a potential candidate, but we still need to | ||
553 | * check the serial number */ | ||
554 | if (keyring->serial <= bound) | ||
555 | continue; | ||
556 | |||
557 | /* we've got a match */ | ||
558 | atomic_inc(&keyring->usage); | ||
559 | read_unlock(&keyring_name_lock); | ||
560 | goto error; | ||
561 | } | ||
562 | } | ||
563 | |||
564 | read_unlock(&keyring_name_lock); | ||
565 | keyring = ERR_PTR(-ENOKEY); | ||
566 | |||
567 | error: | ||
568 | return keyring; | ||
569 | |||
570 | } /* end find_keyring_by_name() */ | ||
571 | |||
572 | /*****************************************************************************/ | ||
573 | /* | ||
574 | * see if a cycle will will be created by inserting acyclic tree B in acyclic | ||
575 | * tree A at the topmost level (ie: as a direct child of A) | ||
576 | * - since we are adding B to A at the top level, checking for cycles should | ||
577 | * just be a matter of seeing if node A is somewhere in tree B | ||
578 | */ | ||
579 | static int keyring_detect_cycle(struct key *A, struct key *B) | ||
580 | { | ||
581 | struct { | ||
582 | struct key *subtree; | ||
583 | int kix; | ||
584 | } stack[KEYRING_SEARCH_MAX_DEPTH]; | ||
585 | |||
586 | struct keyring_list *keylist; | ||
587 | struct key *subtree, *key; | ||
588 | int sp, kix, ret; | ||
589 | |||
590 | ret = -EDEADLK; | ||
591 | if (A == B) | ||
592 | goto error; | ||
593 | |||
594 | subtree = B; | ||
595 | sp = 0; | ||
596 | |||
597 | /* start processing a new keyring */ | ||
598 | descend: | ||
599 | read_lock(&subtree->lock); | ||
600 | if (subtree->flags & KEY_FLAG_REVOKED) | ||
601 | goto not_this_keyring; | ||
602 | |||
603 | keylist = subtree->payload.subscriptions; | ||
604 | if (!keylist) | ||
605 | goto not_this_keyring; | ||
606 | kix = 0; | ||
607 | |||
608 | ascend: | ||
609 | /* iterate through the remaining keys in this keyring */ | ||
610 | for (; kix < keylist->nkeys; kix++) { | ||
611 | key = keylist->keys[kix]; | ||
612 | |||
613 | if (key == A) | ||
614 | goto cycle_detected; | ||
615 | |||
616 | /* recursively check nested keyrings */ | ||
617 | if (key->type == &key_type_keyring) { | ||
618 | if (sp >= KEYRING_SEARCH_MAX_DEPTH) | ||
619 | goto too_deep; | ||
620 | |||
621 | /* stack the current position */ | ||
622 | stack[sp].subtree = subtree; | ||
623 | stack[sp].kix = kix; | ||
624 | sp++; | ||
625 | |||
626 | /* begin again with the new keyring */ | ||
627 | subtree = key; | ||
628 | goto descend; | ||
629 | } | ||
630 | } | ||
631 | |||
632 | /* the keyring we're looking at was disqualified or didn't contain a | ||
633 | * matching key */ | ||
634 | not_this_keyring: | ||
635 | read_unlock(&subtree->lock); | ||
636 | |||
637 | if (sp > 0) { | ||
638 | /* resume the checking of a keyring higher up in the tree */ | ||
639 | sp--; | ||
640 | subtree = stack[sp].subtree; | ||
641 | keylist = subtree->payload.subscriptions; | ||
642 | kix = stack[sp].kix + 1; | ||
643 | goto ascend; | ||
644 | } | ||
645 | |||
646 | ret = 0; /* no cycles detected */ | ||
647 | |||
648 | error: | ||
649 | return ret; | ||
650 | |||
651 | too_deep: | ||
652 | ret = -ELOOP; | ||
653 | goto error_unwind; | ||
654 | cycle_detected: | ||
655 | ret = -EDEADLK; | ||
656 | error_unwind: | ||
657 | read_unlock(&subtree->lock); | ||
658 | |||
659 | /* unwind the keyring stack */ | ||
660 | while (sp > 0) { | ||
661 | sp--; | ||
662 | read_unlock(&stack[sp].subtree->lock); | ||
663 | } | ||
664 | |||
665 | goto error; | ||
666 | |||
667 | } /* end keyring_detect_cycle() */ | ||
668 | |||
669 | /*****************************************************************************/ | ||
670 | /* | ||
671 | * link a key into to a keyring | ||
672 | * - must be called with the keyring's semaphore held | ||
673 | */ | ||
674 | int __key_link(struct key *keyring, struct key *key) | ||
675 | { | ||
676 | struct keyring_list *klist, *nklist; | ||
677 | unsigned max; | ||
678 | size_t size; | ||
679 | int ret; | ||
680 | |||
681 | ret = -EKEYREVOKED; | ||
682 | if (keyring->flags & KEY_FLAG_REVOKED) | ||
683 | goto error; | ||
684 | |||
685 | ret = -ENOTDIR; | ||
686 | if (keyring->type != &key_type_keyring) | ||
687 | goto error; | ||
688 | |||
689 | /* serialise link/link calls to prevent parallel calls causing a | ||
690 | * cycle when applied to two keyring in opposite orders */ | ||
691 | down_write(&keyring_serialise_link_sem); | ||
692 | |||
693 | /* check that we aren't going to create a cycle adding one keyring to | ||
694 | * another */ | ||
695 | if (key->type == &key_type_keyring) { | ||
696 | ret = keyring_detect_cycle(keyring, key); | ||
697 | if (ret < 0) | ||
698 | goto error2; | ||
699 | } | ||
700 | |||
701 | /* check that we aren't going to overrun the user's quota */ | ||
702 | ret = key_payload_reserve(keyring, | ||
703 | keyring->datalen + KEYQUOTA_LINK_BYTES); | ||
704 | if (ret < 0) | ||
705 | goto error2; | ||
706 | |||
707 | klist = keyring->payload.subscriptions; | ||
708 | |||
709 | if (klist && klist->nkeys < klist->maxkeys) { | ||
710 | /* there's sufficient slack space to add directly */ | ||
711 | atomic_inc(&key->usage); | ||
712 | |||
713 | write_lock(&keyring->lock); | ||
714 | klist->keys[klist->nkeys++] = key; | ||
715 | write_unlock(&keyring->lock); | ||
716 | |||
717 | ret = 0; | ||
718 | } | ||
719 | else { | ||
720 | /* grow the key list */ | ||
721 | max = 4; | ||
722 | if (klist) | ||
723 | max += klist->maxkeys; | ||
724 | |||
725 | ret = -ENFILE; | ||
726 | size = sizeof(*klist) + sizeof(*key) * max; | ||
727 | if (size > PAGE_SIZE) | ||
728 | goto error3; | ||
729 | |||
730 | ret = -ENOMEM; | ||
731 | nklist = kmalloc(size, GFP_KERNEL); | ||
732 | if (!nklist) | ||
733 | goto error3; | ||
734 | nklist->maxkeys = max; | ||
735 | nklist->nkeys = 0; | ||
736 | |||
737 | if (klist) { | ||
738 | nklist->nkeys = klist->nkeys; | ||
739 | memcpy(nklist->keys, | ||
740 | klist->keys, | ||
741 | sizeof(struct key *) * klist->nkeys); | ||
742 | } | ||
743 | |||
744 | /* add the key into the new space */ | ||
745 | atomic_inc(&key->usage); | ||
746 | |||
747 | write_lock(&keyring->lock); | ||
748 | keyring->payload.subscriptions = nklist; | ||
749 | nklist->keys[nklist->nkeys++] = key; | ||
750 | write_unlock(&keyring->lock); | ||
751 | |||
752 | /* dispose of the old keyring list */ | ||
753 | kfree(klist); | ||
754 | |||
755 | ret = 0; | ||
756 | } | ||
757 | |||
758 | error2: | ||
759 | up_write(&keyring_serialise_link_sem); | ||
760 | error: | ||
761 | return ret; | ||
762 | |||
763 | error3: | ||
764 | /* undo the quota changes */ | ||
765 | key_payload_reserve(keyring, | ||
766 | keyring->datalen - KEYQUOTA_LINK_BYTES); | ||
767 | goto error2; | ||
768 | |||
769 | } /* end __key_link() */ | ||
770 | |||
771 | /*****************************************************************************/ | ||
772 | /* | ||
773 | * link a key to a keyring | ||
774 | */ | ||
775 | int key_link(struct key *keyring, struct key *key) | ||
776 | { | ||
777 | int ret; | ||
778 | |||
779 | key_check(keyring); | ||
780 | key_check(key); | ||
781 | |||
782 | down_write(&keyring->sem); | ||
783 | ret = __key_link(keyring, key); | ||
784 | up_write(&keyring->sem); | ||
785 | |||
786 | return ret; | ||
787 | |||
788 | } /* end key_link() */ | ||
789 | |||
790 | EXPORT_SYMBOL(key_link); | ||
791 | |||
792 | /*****************************************************************************/ | ||
793 | /* | ||
794 | * unlink the first link to a key from a keyring | ||
795 | */ | ||
796 | int key_unlink(struct key *keyring, struct key *key) | ||
797 | { | ||
798 | struct keyring_list *klist; | ||
799 | int loop, ret; | ||
800 | |||
801 | key_check(keyring); | ||
802 | key_check(key); | ||
803 | |||
804 | ret = -ENOTDIR; | ||
805 | if (keyring->type != &key_type_keyring) | ||
806 | goto error; | ||
807 | |||
808 | down_write(&keyring->sem); | ||
809 | |||
810 | klist = keyring->payload.subscriptions; | ||
811 | if (klist) { | ||
812 | /* search the keyring for the key */ | ||
813 | for (loop = 0; loop < klist->nkeys; loop++) | ||
814 | if (klist->keys[loop] == key) | ||
815 | goto key_is_present; | ||
816 | } | ||
817 | |||
818 | up_write(&keyring->sem); | ||
819 | ret = -ENOENT; | ||
820 | goto error; | ||
821 | |||
822 | key_is_present: | ||
823 | /* adjust the user's quota */ | ||
824 | key_payload_reserve(keyring, | ||
825 | keyring->datalen - KEYQUOTA_LINK_BYTES); | ||
826 | |||
827 | /* shuffle down the key pointers | ||
828 | * - it might be worth shrinking the allocated memory, but that runs | ||
829 | * the risk of ENOMEM as we would have to copy | ||
830 | */ | ||
831 | write_lock(&keyring->lock); | ||
832 | |||
833 | klist->nkeys--; | ||
834 | if (loop < klist->nkeys) | ||
835 | memcpy(&klist->keys[loop], | ||
836 | &klist->keys[loop + 1], | ||
837 | (klist->nkeys - loop) * sizeof(struct key *)); | ||
838 | |||
839 | write_unlock(&keyring->lock); | ||
840 | |||
841 | up_write(&keyring->sem); | ||
842 | key_put(key); | ||
843 | ret = 0; | ||
844 | |||
845 | error: | ||
846 | return ret; | ||
847 | |||
848 | } /* end key_unlink() */ | ||
849 | |||
850 | EXPORT_SYMBOL(key_unlink); | ||
851 | |||
852 | /*****************************************************************************/ | ||
853 | /* | ||
854 | * clear the specified process keyring | ||
855 | * - implements keyctl(KEYCTL_CLEAR) | ||
856 | */ | ||
857 | int keyring_clear(struct key *keyring) | ||
858 | { | ||
859 | struct keyring_list *klist; | ||
860 | int loop, ret; | ||
861 | |||
862 | ret = -ENOTDIR; | ||
863 | if (keyring->type == &key_type_keyring) { | ||
864 | /* detach the pointer block with the locks held */ | ||
865 | down_write(&keyring->sem); | ||
866 | |||
867 | klist = keyring->payload.subscriptions; | ||
868 | if (klist) { | ||
869 | /* adjust the quota */ | ||
870 | key_payload_reserve(keyring, | ||
871 | sizeof(struct keyring_list)); | ||
872 | |||
873 | write_lock(&keyring->lock); | ||
874 | keyring->payload.subscriptions = NULL; | ||
875 | write_unlock(&keyring->lock); | ||
876 | } | ||
877 | |||
878 | up_write(&keyring->sem); | ||
879 | |||
880 | /* free the keys after the locks have been dropped */ | ||
881 | if (klist) { | ||
882 | for (loop = klist->nkeys - 1; loop >= 0; loop--) | ||
883 | key_put(klist->keys[loop]); | ||
884 | |||
885 | kfree(klist); | ||
886 | } | ||
887 | |||
888 | ret = 0; | ||
889 | } | ||
890 | |||
891 | return ret; | ||
892 | |||
893 | } /* end keyring_clear() */ | ||
894 | |||
895 | EXPORT_SYMBOL(keyring_clear); | ||
diff --git a/security/keys/proc.c b/security/keys/proc.c new file mode 100644 index 000000000000..91343b85c39c --- /dev/null +++ b/security/keys/proc.c | |||
@@ -0,0 +1,251 @@ | |||
1 | /* proc.c: proc files for key database enumeration | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/fs.h> | ||
17 | #include <linux/proc_fs.h> | ||
18 | #include <linux/seq_file.h> | ||
19 | #include <asm/errno.h> | ||
20 | #include "internal.h" | ||
21 | |||
22 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
23 | static int proc_keys_open(struct inode *inode, struct file *file); | ||
24 | static void *proc_keys_start(struct seq_file *p, loff_t *_pos); | ||
25 | static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos); | ||
26 | static void proc_keys_stop(struct seq_file *p, void *v); | ||
27 | static int proc_keys_show(struct seq_file *m, void *v); | ||
28 | |||
29 | static struct seq_operations proc_keys_ops = { | ||
30 | .start = proc_keys_start, | ||
31 | .next = proc_keys_next, | ||
32 | .stop = proc_keys_stop, | ||
33 | .show = proc_keys_show, | ||
34 | }; | ||
35 | |||
36 | static struct file_operations proc_keys_fops = { | ||
37 | .open = proc_keys_open, | ||
38 | .read = seq_read, | ||
39 | .llseek = seq_lseek, | ||
40 | .release = seq_release, | ||
41 | }; | ||
42 | #endif | ||
43 | |||
44 | static int proc_key_users_open(struct inode *inode, struct file *file); | ||
45 | static void *proc_key_users_start(struct seq_file *p, loff_t *_pos); | ||
46 | static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos); | ||
47 | static void proc_key_users_stop(struct seq_file *p, void *v); | ||
48 | static int proc_key_users_show(struct seq_file *m, void *v); | ||
49 | |||
50 | static struct seq_operations proc_key_users_ops = { | ||
51 | .start = proc_key_users_start, | ||
52 | .next = proc_key_users_next, | ||
53 | .stop = proc_key_users_stop, | ||
54 | .show = proc_key_users_show, | ||
55 | }; | ||
56 | |||
57 | static struct file_operations proc_key_users_fops = { | ||
58 | .open = proc_key_users_open, | ||
59 | .read = seq_read, | ||
60 | .llseek = seq_lseek, | ||
61 | .release = seq_release, | ||
62 | }; | ||
63 | |||
64 | /*****************************************************************************/ | ||
65 | /* | ||
66 | * declare the /proc files | ||
67 | */ | ||
68 | static int __init key_proc_init(void) | ||
69 | { | ||
70 | struct proc_dir_entry *p; | ||
71 | |||
72 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
73 | p = create_proc_entry("keys", 0, NULL); | ||
74 | if (!p) | ||
75 | panic("Cannot create /proc/keys\n"); | ||
76 | |||
77 | p->proc_fops = &proc_keys_fops; | ||
78 | #endif | ||
79 | |||
80 | p = create_proc_entry("key-users", 0, NULL); | ||
81 | if (!p) | ||
82 | panic("Cannot create /proc/key-users\n"); | ||
83 | |||
84 | p->proc_fops = &proc_key_users_fops; | ||
85 | |||
86 | return 0; | ||
87 | |||
88 | } /* end key_proc_init() */ | ||
89 | |||
90 | __initcall(key_proc_init); | ||
91 | |||
92 | /*****************************************************************************/ | ||
93 | /* | ||
94 | * implement "/proc/keys" to provides a list of the keys on the system | ||
95 | */ | ||
96 | #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS | ||
97 | |||
98 | static int proc_keys_open(struct inode *inode, struct file *file) | ||
99 | { | ||
100 | return seq_open(file, &proc_keys_ops); | ||
101 | |||
102 | } | ||
103 | |||
104 | static void *proc_keys_start(struct seq_file *p, loff_t *_pos) | ||
105 | { | ||
106 | struct rb_node *_p; | ||
107 | loff_t pos = *_pos; | ||
108 | |||
109 | spin_lock(&key_serial_lock); | ||
110 | |||
111 | _p = rb_first(&key_serial_tree); | ||
112 | while (pos > 0 && _p) { | ||
113 | pos--; | ||
114 | _p = rb_next(_p); | ||
115 | } | ||
116 | |||
117 | return _p; | ||
118 | |||
119 | } | ||
120 | |||
121 | static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos) | ||
122 | { | ||
123 | (*_pos)++; | ||
124 | return rb_next((struct rb_node *) v); | ||
125 | |||
126 | } | ||
127 | |||
128 | static void proc_keys_stop(struct seq_file *p, void *v) | ||
129 | { | ||
130 | spin_unlock(&key_serial_lock); | ||
131 | } | ||
132 | |||
133 | static int proc_keys_show(struct seq_file *m, void *v) | ||
134 | { | ||
135 | struct rb_node *_p = v; | ||
136 | struct key *key = rb_entry(_p, struct key, serial_node); | ||
137 | struct timespec now; | ||
138 | unsigned long timo; | ||
139 | char xbuf[12]; | ||
140 | |||
141 | now = current_kernel_time(); | ||
142 | |||
143 | read_lock(&key->lock); | ||
144 | |||
145 | /* come up with a suitable timeout value */ | ||
146 | if (key->expiry == 0) { | ||
147 | memcpy(xbuf, "perm", 5); | ||
148 | } | ||
149 | else if (now.tv_sec >= key->expiry) { | ||
150 | memcpy(xbuf, "expd", 5); | ||
151 | } | ||
152 | else { | ||
153 | timo = key->expiry - now.tv_sec; | ||
154 | |||
155 | if (timo < 60) | ||
156 | sprintf(xbuf, "%lus", timo); | ||
157 | else if (timo < 60*60) | ||
158 | sprintf(xbuf, "%lum", timo / 60); | ||
159 | else if (timo < 60*60*24) | ||
160 | sprintf(xbuf, "%luh", timo / (60*60)); | ||
161 | else if (timo < 60*60*24*7) | ||
162 | sprintf(xbuf, "%lud", timo / (60*60*24)); | ||
163 | else | ||
164 | sprintf(xbuf, "%luw", timo / (60*60*24*7)); | ||
165 | } | ||
166 | |||
167 | seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %06x %5d %5d %-9.9s ", | ||
168 | key->serial, | ||
169 | key->flags & KEY_FLAG_INSTANTIATED ? 'I' : '-', | ||
170 | key->flags & KEY_FLAG_REVOKED ? 'R' : '-', | ||
171 | key->flags & KEY_FLAG_DEAD ? 'D' : '-', | ||
172 | key->flags & KEY_FLAG_IN_QUOTA ? 'Q' : '-', | ||
173 | key->flags & KEY_FLAG_USER_CONSTRUCT ? 'U' : '-', | ||
174 | key->flags & KEY_FLAG_NEGATIVE ? 'N' : '-', | ||
175 | atomic_read(&key->usage), | ||
176 | xbuf, | ||
177 | key->perm, | ||
178 | key->uid, | ||
179 | key->gid, | ||
180 | key->type->name); | ||
181 | |||
182 | if (key->type->describe) | ||
183 | key->type->describe(key, m); | ||
184 | seq_putc(m, '\n'); | ||
185 | |||
186 | read_unlock(&key->lock); | ||
187 | |||
188 | return 0; | ||
189 | |||
190 | } | ||
191 | |||
192 | #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */ | ||
193 | |||
194 | /*****************************************************************************/ | ||
195 | /* | ||
196 | * implement "/proc/key-users" to provides a list of the key users | ||
197 | */ | ||
198 | static int proc_key_users_open(struct inode *inode, struct file *file) | ||
199 | { | ||
200 | return seq_open(file, &proc_key_users_ops); | ||
201 | |||
202 | } | ||
203 | |||
204 | static void *proc_key_users_start(struct seq_file *p, loff_t *_pos) | ||
205 | { | ||
206 | struct rb_node *_p; | ||
207 | loff_t pos = *_pos; | ||
208 | |||
209 | spin_lock(&key_user_lock); | ||
210 | |||
211 | _p = rb_first(&key_user_tree); | ||
212 | while (pos > 0 && _p) { | ||
213 | pos--; | ||
214 | _p = rb_next(_p); | ||
215 | } | ||
216 | |||
217 | return _p; | ||
218 | |||
219 | } | ||
220 | |||
221 | static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos) | ||
222 | { | ||
223 | (*_pos)++; | ||
224 | return rb_next((struct rb_node *) v); | ||
225 | |||
226 | } | ||
227 | |||
228 | static void proc_key_users_stop(struct seq_file *p, void *v) | ||
229 | { | ||
230 | spin_unlock(&key_user_lock); | ||
231 | } | ||
232 | |||
233 | static int proc_key_users_show(struct seq_file *m, void *v) | ||
234 | { | ||
235 | struct rb_node *_p = v; | ||
236 | struct key_user *user = rb_entry(_p, struct key_user, node); | ||
237 | |||
238 | seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n", | ||
239 | user->uid, | ||
240 | atomic_read(&user->usage), | ||
241 | atomic_read(&user->nkeys), | ||
242 | atomic_read(&user->nikeys), | ||
243 | user->qnkeys, | ||
244 | KEYQUOTA_MAX_KEYS, | ||
245 | user->qnbytes, | ||
246 | KEYQUOTA_MAX_BYTES | ||
247 | ); | ||
248 | |||
249 | return 0; | ||
250 | |||
251 | } | ||
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c new file mode 100644 index 000000000000..2eb0e471cd40 --- /dev/null +++ b/security/keys/process_keys.c | |||
@@ -0,0 +1,665 @@ | |||
1 | /* process_keys.c: management of a process's keyrings | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/keyctl.h> | ||
17 | #include <linux/fs.h> | ||
18 | #include <linux/err.h> | ||
19 | #include <asm/uaccess.h> | ||
20 | #include "internal.h" | ||
21 | |||
22 | /* session keyring create vs join semaphore */ | ||
23 | static DECLARE_MUTEX(key_session_sem); | ||
24 | |||
25 | /* the root user's tracking struct */ | ||
26 | struct key_user root_key_user = { | ||
27 | .usage = ATOMIC_INIT(3), | ||
28 | .consq = LIST_HEAD_INIT(root_key_user.consq), | ||
29 | .lock = SPIN_LOCK_UNLOCKED, | ||
30 | .nkeys = ATOMIC_INIT(2), | ||
31 | .nikeys = ATOMIC_INIT(2), | ||
32 | .uid = 0, | ||
33 | }; | ||
34 | |||
35 | /* the root user's UID keyring */ | ||
36 | struct key root_user_keyring = { | ||
37 | .usage = ATOMIC_INIT(1), | ||
38 | .serial = 2, | ||
39 | .type = &key_type_keyring, | ||
40 | .user = &root_key_user, | ||
41 | .lock = RW_LOCK_UNLOCKED, | ||
42 | .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), | ||
43 | .perm = KEY_USR_ALL, | ||
44 | .flags = KEY_FLAG_INSTANTIATED, | ||
45 | .description = "_uid.0", | ||
46 | #ifdef KEY_DEBUGGING | ||
47 | .magic = KEY_DEBUG_MAGIC, | ||
48 | #endif | ||
49 | }; | ||
50 | |||
51 | /* the root user's default session keyring */ | ||
52 | struct key root_session_keyring = { | ||
53 | .usage = ATOMIC_INIT(1), | ||
54 | .serial = 1, | ||
55 | .type = &key_type_keyring, | ||
56 | .user = &root_key_user, | ||
57 | .lock = RW_LOCK_UNLOCKED, | ||
58 | .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), | ||
59 | .perm = KEY_USR_ALL, | ||
60 | .flags = KEY_FLAG_INSTANTIATED, | ||
61 | .description = "_uid_ses.0", | ||
62 | #ifdef KEY_DEBUGGING | ||
63 | .magic = KEY_DEBUG_MAGIC, | ||
64 | #endif | ||
65 | }; | ||
66 | |||
67 | /*****************************************************************************/ | ||
68 | /* | ||
69 | * allocate the keyrings to be associated with a UID | ||
70 | */ | ||
71 | int alloc_uid_keyring(struct user_struct *user) | ||
72 | { | ||
73 | struct key *uid_keyring, *session_keyring; | ||
74 | char buf[20]; | ||
75 | int ret; | ||
76 | |||
77 | /* concoct a default session keyring */ | ||
78 | sprintf(buf, "_uid_ses.%u", user->uid); | ||
79 | |||
80 | session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, NULL); | ||
81 | if (IS_ERR(session_keyring)) { | ||
82 | ret = PTR_ERR(session_keyring); | ||
83 | goto error; | ||
84 | } | ||
85 | |||
86 | /* and a UID specific keyring, pointed to by the default session | ||
87 | * keyring */ | ||
88 | sprintf(buf, "_uid.%u", user->uid); | ||
89 | |||
90 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, | ||
91 | session_keyring); | ||
92 | if (IS_ERR(uid_keyring)) { | ||
93 | key_put(session_keyring); | ||
94 | ret = PTR_ERR(uid_keyring); | ||
95 | goto error; | ||
96 | } | ||
97 | |||
98 | /* install the keyrings */ | ||
99 | user->uid_keyring = uid_keyring; | ||
100 | user->session_keyring = session_keyring; | ||
101 | ret = 0; | ||
102 | |||
103 | error: | ||
104 | return ret; | ||
105 | |||
106 | } /* end alloc_uid_keyring() */ | ||
107 | |||
108 | /*****************************************************************************/ | ||
109 | /* | ||
110 | * deal with the UID changing | ||
111 | */ | ||
112 | void switch_uid_keyring(struct user_struct *new_user) | ||
113 | { | ||
114 | #if 0 /* do nothing for now */ | ||
115 | struct key *old; | ||
116 | |||
117 | /* switch to the new user's session keyring if we were running under | ||
118 | * root's default session keyring */ | ||
119 | if (new_user->uid != 0 && | ||
120 | current->session_keyring == &root_session_keyring | ||
121 | ) { | ||
122 | atomic_inc(&new_user->session_keyring->usage); | ||
123 | |||
124 | task_lock(current); | ||
125 | old = current->session_keyring; | ||
126 | current->session_keyring = new_user->session_keyring; | ||
127 | task_unlock(current); | ||
128 | |||
129 | key_put(old); | ||
130 | } | ||
131 | #endif | ||
132 | |||
133 | } /* end switch_uid_keyring() */ | ||
134 | |||
135 | /*****************************************************************************/ | ||
136 | /* | ||
137 | * install a fresh thread keyring, discarding the old one | ||
138 | */ | ||
139 | int install_thread_keyring(struct task_struct *tsk) | ||
140 | { | ||
141 | struct key *keyring, *old; | ||
142 | char buf[20]; | ||
143 | int ret; | ||
144 | |||
145 | sprintf(buf, "_tid.%u", tsk->pid); | ||
146 | |||
147 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); | ||
148 | if (IS_ERR(keyring)) { | ||
149 | ret = PTR_ERR(keyring); | ||
150 | goto error; | ||
151 | } | ||
152 | |||
153 | task_lock(tsk); | ||
154 | old = tsk->thread_keyring; | ||
155 | tsk->thread_keyring = keyring; | ||
156 | task_unlock(tsk); | ||
157 | |||
158 | ret = 0; | ||
159 | |||
160 | key_put(old); | ||
161 | error: | ||
162 | return ret; | ||
163 | |||
164 | } /* end install_thread_keyring() */ | ||
165 | |||
166 | /*****************************************************************************/ | ||
167 | /* | ||
168 | * make sure a process keyring is installed | ||
169 | */ | ||
170 | static int install_process_keyring(struct task_struct *tsk) | ||
171 | { | ||
172 | unsigned long flags; | ||
173 | struct key *keyring; | ||
174 | char buf[20]; | ||
175 | int ret; | ||
176 | |||
177 | if (!tsk->signal->process_keyring) { | ||
178 | sprintf(buf, "_pid.%u", tsk->tgid); | ||
179 | |||
180 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); | ||
181 | if (IS_ERR(keyring)) { | ||
182 | ret = PTR_ERR(keyring); | ||
183 | goto error; | ||
184 | } | ||
185 | |||
186 | /* attach or swap keyrings */ | ||
187 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
188 | if (!tsk->signal->process_keyring) { | ||
189 | tsk->signal->process_keyring = keyring; | ||
190 | keyring = NULL; | ||
191 | } | ||
192 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
193 | |||
194 | key_put(keyring); | ||
195 | } | ||
196 | |||
197 | ret = 0; | ||
198 | error: | ||
199 | return ret; | ||
200 | |||
201 | } /* end install_process_keyring() */ | ||
202 | |||
203 | /*****************************************************************************/ | ||
204 | /* | ||
205 | * install a session keyring, discarding the old one | ||
206 | * - if a keyring is not supplied, an empty one is invented | ||
207 | */ | ||
208 | static int install_session_keyring(struct task_struct *tsk, | ||
209 | struct key *keyring) | ||
210 | { | ||
211 | unsigned long flags; | ||
212 | struct key *old; | ||
213 | char buf[20]; | ||
214 | int ret; | ||
215 | |||
216 | /* create an empty session keyring */ | ||
217 | if (!keyring) { | ||
218 | sprintf(buf, "_ses.%u", tsk->tgid); | ||
219 | |||
220 | keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); | ||
221 | if (IS_ERR(keyring)) { | ||
222 | ret = PTR_ERR(keyring); | ||
223 | goto error; | ||
224 | } | ||
225 | } | ||
226 | else { | ||
227 | atomic_inc(&keyring->usage); | ||
228 | } | ||
229 | |||
230 | /* install the keyring */ | ||
231 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
232 | old = tsk->signal->session_keyring; | ||
233 | tsk->signal->session_keyring = keyring; | ||
234 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
235 | |||
236 | ret = 0; | ||
237 | |||
238 | key_put(old); | ||
239 | error: | ||
240 | return ret; | ||
241 | |||
242 | } /* end install_session_keyring() */ | ||
243 | |||
244 | /*****************************************************************************/ | ||
245 | /* | ||
246 | * copy the keys in a thread group for fork without CLONE_THREAD | ||
247 | */ | ||
248 | int copy_thread_group_keys(struct task_struct *tsk) | ||
249 | { | ||
250 | unsigned long flags; | ||
251 | |||
252 | key_check(current->thread_group->session_keyring); | ||
253 | key_check(current->thread_group->process_keyring); | ||
254 | |||
255 | /* no process keyring yet */ | ||
256 | tsk->signal->process_keyring = NULL; | ||
257 | |||
258 | /* same session keyring */ | ||
259 | spin_lock_irqsave(¤t->sighand->siglock, flags); | ||
260 | tsk->signal->session_keyring = | ||
261 | key_get(current->signal->session_keyring); | ||
262 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | ||
263 | |||
264 | return 0; | ||
265 | |||
266 | } /* end copy_thread_group_keys() */ | ||
267 | |||
268 | /*****************************************************************************/ | ||
269 | /* | ||
270 | * copy the keys for fork | ||
271 | */ | ||
272 | int copy_keys(unsigned long clone_flags, struct task_struct *tsk) | ||
273 | { | ||
274 | key_check(tsk->thread_keyring); | ||
275 | |||
276 | /* no thread keyring yet */ | ||
277 | tsk->thread_keyring = NULL; | ||
278 | return 0; | ||
279 | |||
280 | } /* end copy_keys() */ | ||
281 | |||
282 | /*****************************************************************************/ | ||
283 | /* | ||
284 | * dispose of thread group keys upon thread group destruction | ||
285 | */ | ||
286 | void exit_thread_group_keys(struct signal_struct *tg) | ||
287 | { | ||
288 | key_put(tg->session_keyring); | ||
289 | key_put(tg->process_keyring); | ||
290 | |||
291 | } /* end exit_thread_group_keys() */ | ||
292 | |||
293 | /*****************************************************************************/ | ||
294 | /* | ||
295 | * dispose of keys upon thread exit | ||
296 | */ | ||
297 | void exit_keys(struct task_struct *tsk) | ||
298 | { | ||
299 | key_put(tsk->thread_keyring); | ||
300 | |||
301 | } /* end exit_keys() */ | ||
302 | |||
303 | /*****************************************************************************/ | ||
304 | /* | ||
305 | * deal with execve() | ||
306 | */ | ||
307 | int exec_keys(struct task_struct *tsk) | ||
308 | { | ||
309 | unsigned long flags; | ||
310 | struct key *old; | ||
311 | |||
312 | /* newly exec'd tasks don't get a thread keyring */ | ||
313 | task_lock(tsk); | ||
314 | old = tsk->thread_keyring; | ||
315 | tsk->thread_keyring = NULL; | ||
316 | task_unlock(tsk); | ||
317 | |||
318 | key_put(old); | ||
319 | |||
320 | /* discard the process keyring from a newly exec'd task */ | ||
321 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
322 | old = tsk->signal->process_keyring; | ||
323 | tsk->signal->process_keyring = NULL; | ||
324 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
325 | |||
326 | key_put(old); | ||
327 | |||
328 | return 0; | ||
329 | |||
330 | } /* end exec_keys() */ | ||
331 | |||
332 | /*****************************************************************************/ | ||
333 | /* | ||
334 | * deal with SUID programs | ||
335 | * - we might want to make this invent a new session keyring | ||
336 | */ | ||
337 | int suid_keys(struct task_struct *tsk) | ||
338 | { | ||
339 | return 0; | ||
340 | |||
341 | } /* end suid_keys() */ | ||
342 | |||
343 | /*****************************************************************************/ | ||
344 | /* | ||
345 | * the filesystem user ID changed | ||
346 | */ | ||
347 | void key_fsuid_changed(struct task_struct *tsk) | ||
348 | { | ||
349 | /* update the ownership of the thread keyring */ | ||
350 | if (tsk->thread_keyring) { | ||
351 | down_write(&tsk->thread_keyring->sem); | ||
352 | write_lock(&tsk->thread_keyring->lock); | ||
353 | tsk->thread_keyring->uid = tsk->fsuid; | ||
354 | write_unlock(&tsk->thread_keyring->lock); | ||
355 | up_write(&tsk->thread_keyring->sem); | ||
356 | } | ||
357 | |||
358 | } /* end key_fsuid_changed() */ | ||
359 | |||
360 | /*****************************************************************************/ | ||
361 | /* | ||
362 | * the filesystem group ID changed | ||
363 | */ | ||
364 | void key_fsgid_changed(struct task_struct *tsk) | ||
365 | { | ||
366 | /* update the ownership of the thread keyring */ | ||
367 | if (tsk->thread_keyring) { | ||
368 | down_write(&tsk->thread_keyring->sem); | ||
369 | write_lock(&tsk->thread_keyring->lock); | ||
370 | tsk->thread_keyring->gid = tsk->fsgid; | ||
371 | write_unlock(&tsk->thread_keyring->lock); | ||
372 | up_write(&tsk->thread_keyring->sem); | ||
373 | } | ||
374 | |||
375 | } /* end key_fsgid_changed() */ | ||
376 | |||
377 | /*****************************************************************************/ | ||
378 | /* | ||
379 | * search the process keyrings for the first matching key | ||
380 | * - we use the supplied match function to see if the description (or other | ||
381 | * feature of interest) matches | ||
382 | * - we return -EAGAIN if we didn't find any matching key | ||
383 | * - we return -ENOKEY if we found only negative matching keys | ||
384 | */ | ||
385 | struct key *search_process_keyrings_aux(struct key_type *type, | ||
386 | const void *description, | ||
387 | key_match_func_t match) | ||
388 | { | ||
389 | struct task_struct *tsk = current; | ||
390 | unsigned long flags; | ||
391 | struct key *key, *ret, *err, *tmp; | ||
392 | |||
393 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were | ||
394 | * searchable, but we failed to find a key or we found a negative key; | ||
395 | * otherwise we want to return a sample error (probably -EACCES) if | ||
396 | * none of the keyrings were searchable | ||
397 | * | ||
398 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | ||
399 | */ | ||
400 | key = NULL; | ||
401 | ret = NULL; | ||
402 | err = ERR_PTR(-EAGAIN); | ||
403 | |||
404 | /* search the thread keyring first */ | ||
405 | if (tsk->thread_keyring) { | ||
406 | key = keyring_search_aux(tsk->thread_keyring, type, | ||
407 | description, match); | ||
408 | if (!IS_ERR(key)) | ||
409 | goto found; | ||
410 | |||
411 | switch (PTR_ERR(key)) { | ||
412 | case -EAGAIN: /* no key */ | ||
413 | if (ret) | ||
414 | break; | ||
415 | case -ENOKEY: /* negative key */ | ||
416 | ret = key; | ||
417 | break; | ||
418 | default: | ||
419 | err = key; | ||
420 | break; | ||
421 | } | ||
422 | } | ||
423 | |||
424 | /* search the process keyring second */ | ||
425 | if (tsk->signal->process_keyring) { | ||
426 | key = keyring_search_aux(tsk->signal->process_keyring, | ||
427 | type, description, match); | ||
428 | if (!IS_ERR(key)) | ||
429 | goto found; | ||
430 | |||
431 | switch (PTR_ERR(key)) { | ||
432 | case -EAGAIN: /* no key */ | ||
433 | if (ret) | ||
434 | break; | ||
435 | case -ENOKEY: /* negative key */ | ||
436 | ret = key; | ||
437 | break; | ||
438 | default: | ||
439 | err = key; | ||
440 | break; | ||
441 | } | ||
442 | } | ||
443 | |||
444 | /* search the session keyring last */ | ||
445 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
446 | |||
447 | tmp = tsk->signal->session_keyring; | ||
448 | if (!tmp) | ||
449 | tmp = tsk->user->session_keyring; | ||
450 | atomic_inc(&tmp->usage); | ||
451 | |||
452 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
453 | |||
454 | key = keyring_search_aux(tmp, type, description, match); | ||
455 | key_put(tmp); | ||
456 | if (!IS_ERR(key)) | ||
457 | goto found; | ||
458 | |||
459 | switch (PTR_ERR(key)) { | ||
460 | case -EAGAIN: /* no key */ | ||
461 | if (ret) | ||
462 | break; | ||
463 | case -ENOKEY: /* negative key */ | ||
464 | ret = key; | ||
465 | break; | ||
466 | default: | ||
467 | err = key; | ||
468 | break; | ||
469 | } | ||
470 | |||
471 | /* no key - decide on the error we're going to go for */ | ||
472 | key = ret ? ret : err; | ||
473 | |||
474 | found: | ||
475 | return key; | ||
476 | |||
477 | } /* end search_process_keyrings_aux() */ | ||
478 | |||
479 | /*****************************************************************************/ | ||
480 | /* | ||
481 | * search the process keyrings for the first matching key | ||
482 | * - we return -EAGAIN if we didn't find any matching key | ||
483 | * - we return -ENOKEY if we found only negative matching keys | ||
484 | */ | ||
485 | struct key *search_process_keyrings(struct key_type *type, | ||
486 | const char *description) | ||
487 | { | ||
488 | return search_process_keyrings_aux(type, description, type->match); | ||
489 | |||
490 | } /* end search_process_keyrings() */ | ||
491 | |||
492 | /*****************************************************************************/ | ||
493 | /* | ||
494 | * lookup a key given a key ID from userspace with a given permissions mask | ||
495 | * - don't create special keyrings unless so requested | ||
496 | * - partially constructed keys aren't found unless requested | ||
497 | */ | ||
498 | struct key *lookup_user_key(key_serial_t id, int create, int partial, | ||
499 | key_perm_t perm) | ||
500 | { | ||
501 | struct task_struct *tsk = current; | ||
502 | unsigned long flags; | ||
503 | struct key *key; | ||
504 | int ret; | ||
505 | |||
506 | key = ERR_PTR(-ENOKEY); | ||
507 | |||
508 | switch (id) { | ||
509 | case KEY_SPEC_THREAD_KEYRING: | ||
510 | if (!tsk->thread_keyring) { | ||
511 | if (!create) | ||
512 | goto error; | ||
513 | |||
514 | ret = install_thread_keyring(tsk); | ||
515 | if (ret < 0) { | ||
516 | key = ERR_PTR(ret); | ||
517 | goto error; | ||
518 | } | ||
519 | } | ||
520 | |||
521 | key = tsk->thread_keyring; | ||
522 | atomic_inc(&key->usage); | ||
523 | break; | ||
524 | |||
525 | case KEY_SPEC_PROCESS_KEYRING: | ||
526 | if (!tsk->signal->process_keyring) { | ||
527 | if (!create) | ||
528 | goto error; | ||
529 | |||
530 | ret = install_process_keyring(tsk); | ||
531 | if (ret < 0) { | ||
532 | key = ERR_PTR(ret); | ||
533 | goto error; | ||
534 | } | ||
535 | } | ||
536 | |||
537 | key = tsk->signal->process_keyring; | ||
538 | atomic_inc(&key->usage); | ||
539 | break; | ||
540 | |||
541 | case KEY_SPEC_SESSION_KEYRING: | ||
542 | if (!tsk->signal->session_keyring) { | ||
543 | /* always install a session keyring upon access if one | ||
544 | * doesn't exist yet */ | ||
545 | ret = install_session_keyring( | ||
546 | tsk, tsk->user->session_keyring); | ||
547 | if (ret < 0) | ||
548 | goto error; | ||
549 | } | ||
550 | |||
551 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
552 | key = tsk->signal->session_keyring; | ||
553 | atomic_inc(&key->usage); | ||
554 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
555 | break; | ||
556 | |||
557 | case KEY_SPEC_USER_KEYRING: | ||
558 | key = tsk->user->uid_keyring; | ||
559 | atomic_inc(&key->usage); | ||
560 | break; | ||
561 | |||
562 | case KEY_SPEC_USER_SESSION_KEYRING: | ||
563 | key = tsk->user->session_keyring; | ||
564 | atomic_inc(&key->usage); | ||
565 | break; | ||
566 | |||
567 | case KEY_SPEC_GROUP_KEYRING: | ||
568 | /* group keyrings are not yet supported */ | ||
569 | key = ERR_PTR(-EINVAL); | ||
570 | goto error; | ||
571 | |||
572 | default: | ||
573 | key = ERR_PTR(-EINVAL); | ||
574 | if (id < 1) | ||
575 | goto error; | ||
576 | |||
577 | key = key_lookup(id); | ||
578 | if (IS_ERR(key)) | ||
579 | goto error; | ||
580 | break; | ||
581 | } | ||
582 | |||
583 | /* check the status and permissions */ | ||
584 | if (perm) { | ||
585 | ret = key_validate(key); | ||
586 | if (ret < 0) | ||
587 | goto invalid_key; | ||
588 | } | ||
589 | |||
590 | ret = -EIO; | ||
591 | if (!partial && !(key->flags & KEY_FLAG_INSTANTIATED)) | ||
592 | goto invalid_key; | ||
593 | |||
594 | ret = -EACCES; | ||
595 | if (!key_permission(key, perm)) | ||
596 | goto invalid_key; | ||
597 | |||
598 | error: | ||
599 | return key; | ||
600 | |||
601 | invalid_key: | ||
602 | key_put(key); | ||
603 | key = ERR_PTR(ret); | ||
604 | goto error; | ||
605 | |||
606 | } /* end lookup_user_key() */ | ||
607 | |||
608 | /*****************************************************************************/ | ||
609 | /* | ||
610 | * join the named keyring as the session keyring if possible, or attempt to | ||
611 | * create a new one of that name if not | ||
612 | * - if the name is NULL, an empty anonymous keyring is installed instead | ||
613 | * - named session keyring joining is done with a semaphore held | ||
614 | */ | ||
615 | long join_session_keyring(const char *name) | ||
616 | { | ||
617 | struct task_struct *tsk = current; | ||
618 | unsigned long flags; | ||
619 | struct key *keyring; | ||
620 | long ret; | ||
621 | |||
622 | /* if no name is provided, install an anonymous keyring */ | ||
623 | if (!name) { | ||
624 | ret = install_session_keyring(tsk, NULL); | ||
625 | if (ret < 0) | ||
626 | goto error; | ||
627 | |||
628 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
629 | ret = tsk->signal->session_keyring->serial; | ||
630 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
631 | goto error; | ||
632 | } | ||
633 | |||
634 | /* allow the user to join or create a named keyring */ | ||
635 | down(&key_session_sem); | ||
636 | |||
637 | /* look for an existing keyring of this name */ | ||
638 | keyring = find_keyring_by_name(name, 0); | ||
639 | if (PTR_ERR(keyring) == -ENOKEY) { | ||
640 | /* not found - try and create a new one */ | ||
641 | keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); | ||
642 | if (IS_ERR(keyring)) { | ||
643 | ret = PTR_ERR(keyring); | ||
644 | goto error; | ||
645 | } | ||
646 | } | ||
647 | else if (IS_ERR(keyring)) { | ||
648 | ret = PTR_ERR(keyring); | ||
649 | goto error2; | ||
650 | } | ||
651 | |||
652 | /* we've got a keyring - now to install it */ | ||
653 | ret = install_session_keyring(tsk, keyring); | ||
654 | if (ret < 0) | ||
655 | goto error2; | ||
656 | |||
657 | ret = keyring->serial; | ||
658 | key_put(keyring); | ||
659 | |||
660 | error2: | ||
661 | up(&key_session_sem); | ||
662 | error: | ||
663 | return ret; | ||
664 | |||
665 | } /* end join_session_keyring() */ | ||
diff --git a/security/keys/request_key.c b/security/keys/request_key.c new file mode 100644 index 000000000000..9705b1aeba5d --- /dev/null +++ b/security/keys/request_key.c | |||
@@ -0,0 +1,359 @@ | |||
1 | /* request_key.c: request a key from userspace | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/sched.h> | ||
14 | #include <linux/kmod.h> | ||
15 | #include <linux/err.h> | ||
16 | #include "internal.h" | ||
17 | |||
18 | struct key_construction { | ||
19 | struct list_head link; /* link in construction queue */ | ||
20 | struct key *key; /* key being constructed */ | ||
21 | }; | ||
22 | |||
23 | /* when waiting for someone else's keys, you get added to this */ | ||
24 | DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); | ||
25 | |||
26 | /*****************************************************************************/ | ||
27 | /* | ||
28 | * request userspace finish the construction of a key | ||
29 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>" | ||
30 | * - if callout_info is an empty string, it'll be rendered as a "-" instead | ||
31 | */ | ||
32 | static int call_request_key(struct key *key, | ||
33 | const char *op, | ||
34 | const char *callout_info) | ||
35 | { | ||
36 | struct task_struct *tsk = current; | ||
37 | unsigned long flags; | ||
38 | key_serial_t prkey, sskey; | ||
39 | char *argv[10], *envp[3], uid_str[12], gid_str[12]; | ||
40 | char key_str[12], keyring_str[3][12]; | ||
41 | int i; | ||
42 | |||
43 | /* record the UID and GID */ | ||
44 | sprintf(uid_str, "%d", current->fsuid); | ||
45 | sprintf(gid_str, "%d", current->fsgid); | ||
46 | |||
47 | /* we say which key is under construction */ | ||
48 | sprintf(key_str, "%d", key->serial); | ||
49 | |||
50 | /* we specify the process's default keyrings */ | ||
51 | sprintf(keyring_str[0], "%d", | ||
52 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | ||
53 | |||
54 | prkey = 0; | ||
55 | if (tsk->signal->process_keyring) | ||
56 | prkey = tsk->signal->process_keyring->serial; | ||
57 | |||
58 | sskey = 0; | ||
59 | spin_lock_irqsave(&tsk->sighand->siglock, flags); | ||
60 | if (tsk->signal->session_keyring) | ||
61 | sskey = tsk->signal->session_keyring->serial; | ||
62 | spin_unlock_irqrestore(&tsk->sighand->siglock, flags); | ||
63 | |||
64 | |||
65 | if (!sskey) | ||
66 | sskey = tsk->user->session_keyring->serial; | ||
67 | |||
68 | sprintf(keyring_str[1], "%d", prkey); | ||
69 | sprintf(keyring_str[2], "%d", sskey); | ||
70 | |||
71 | /* set up a minimal environment */ | ||
72 | i = 0; | ||
73 | envp[i++] = "HOME=/"; | ||
74 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | ||
75 | envp[i] = NULL; | ||
76 | |||
77 | /* set up the argument list */ | ||
78 | i = 0; | ||
79 | argv[i++] = "/sbin/request-key"; | ||
80 | argv[i++] = (char *) op; | ||
81 | argv[i++] = key_str; | ||
82 | argv[i++] = uid_str; | ||
83 | argv[i++] = gid_str; | ||
84 | argv[i++] = keyring_str[0]; | ||
85 | argv[i++] = keyring_str[1]; | ||
86 | argv[i++] = keyring_str[2]; | ||
87 | argv[i++] = callout_info[0] ? (char *) callout_info : "-"; | ||
88 | argv[i] = NULL; | ||
89 | |||
90 | /* do it */ | ||
91 | return call_usermodehelper(argv[0], argv, envp, 1); | ||
92 | |||
93 | } /* end call_request_key() */ | ||
94 | |||
95 | /*****************************************************************************/ | ||
96 | /* | ||
97 | * call out to userspace for the key | ||
98 | * - called with the construction sem held, but the sem is dropped here | ||
99 | * - we ignore program failure and go on key status instead | ||
100 | */ | ||
101 | static struct key *__request_key_construction(struct key_type *type, | ||
102 | const char *description, | ||
103 | const char *callout_info) | ||
104 | { | ||
105 | struct key_construction cons; | ||
106 | struct timespec now; | ||
107 | struct key *key; | ||
108 | int ret, negative; | ||
109 | |||
110 | /* create a key and add it to the queue */ | ||
111 | key = key_alloc(type, description, | ||
112 | current->fsuid, current->fsgid, KEY_USR_ALL, 0); | ||
113 | if (IS_ERR(key)) | ||
114 | goto alloc_failed; | ||
115 | |||
116 | write_lock(&key->lock); | ||
117 | key->flags |= KEY_FLAG_USER_CONSTRUCT; | ||
118 | write_unlock(&key->lock); | ||
119 | |||
120 | cons.key = key; | ||
121 | list_add_tail(&cons.link, &key->user->consq); | ||
122 | |||
123 | /* we drop the construction sem here on behalf of the caller */ | ||
124 | up_write(&key_construction_sem); | ||
125 | |||
126 | /* make the call */ | ||
127 | ret = call_request_key(key, "create", callout_info); | ||
128 | if (ret < 0) | ||
129 | goto request_failed; | ||
130 | |||
131 | /* if the key wasn't instantiated, then we want to give an error */ | ||
132 | ret = -ENOKEY; | ||
133 | if (!(key->flags & KEY_FLAG_INSTANTIATED)) | ||
134 | goto request_failed; | ||
135 | |||
136 | down_write(&key_construction_sem); | ||
137 | list_del(&cons.link); | ||
138 | up_write(&key_construction_sem); | ||
139 | |||
140 | /* also give an error if the key was negatively instantiated */ | ||
141 | check_not_negative: | ||
142 | if (key->flags & KEY_FLAG_NEGATIVE) { | ||
143 | key_put(key); | ||
144 | key = ERR_PTR(-ENOKEY); | ||
145 | } | ||
146 | |||
147 | out: | ||
148 | return key; | ||
149 | |||
150 | request_failed: | ||
151 | /* it wasn't instantiated | ||
152 | * - remove from construction queue | ||
153 | * - mark the key as dead | ||
154 | */ | ||
155 | negative = 0; | ||
156 | down_write(&key_construction_sem); | ||
157 | |||
158 | list_del(&cons.link); | ||
159 | |||
160 | write_lock(&key->lock); | ||
161 | key->flags &= ~KEY_FLAG_USER_CONSTRUCT; | ||
162 | |||
163 | /* check it didn't get instantiated between the check and the down */ | ||
164 | if (!(key->flags & KEY_FLAG_INSTANTIATED)) { | ||
165 | key->flags |= KEY_FLAG_INSTANTIATED | KEY_FLAG_NEGATIVE; | ||
166 | negative = 1; | ||
167 | } | ||
168 | |||
169 | write_unlock(&key->lock); | ||
170 | up_write(&key_construction_sem); | ||
171 | |||
172 | if (!negative) | ||
173 | goto check_not_negative; /* surprisingly, the key got | ||
174 | * instantiated */ | ||
175 | |||
176 | /* set the timeout and store in the session keyring if we can */ | ||
177 | now = current_kernel_time(); | ||
178 | key->expiry = now.tv_sec + key_negative_timeout; | ||
179 | |||
180 | if (current->signal->session_keyring) { | ||
181 | unsigned long flags; | ||
182 | struct key *keyring; | ||
183 | |||
184 | spin_lock_irqsave(¤t->sighand->siglock, flags); | ||
185 | keyring = current->signal->session_keyring; | ||
186 | atomic_inc(&keyring->usage); | ||
187 | spin_unlock_irqrestore(¤t->sighand->siglock, flags); | ||
188 | |||
189 | key_link(keyring, key); | ||
190 | key_put(keyring); | ||
191 | } | ||
192 | |||
193 | key_put(key); | ||
194 | |||
195 | /* notify anyone who was waiting */ | ||
196 | wake_up_all(&request_key_conswq); | ||
197 | |||
198 | key = ERR_PTR(ret); | ||
199 | goto out; | ||
200 | |||
201 | alloc_failed: | ||
202 | up_write(&key_construction_sem); | ||
203 | goto out; | ||
204 | |||
205 | } /* end __request_key_construction() */ | ||
206 | |||
207 | /*****************************************************************************/ | ||
208 | /* | ||
209 | * call out to userspace to request the key | ||
210 | * - we check the construction queue first to see if an appropriate key is | ||
211 | * already being constructed by userspace | ||
212 | */ | ||
213 | static struct key *request_key_construction(struct key_type *type, | ||
214 | const char *description, | ||
215 | struct key_user *user, | ||
216 | const char *callout_info) | ||
217 | { | ||
218 | struct key_construction *pcons; | ||
219 | struct key *key, *ckey; | ||
220 | |||
221 | DECLARE_WAITQUEUE(myself, current); | ||
222 | |||
223 | /* see if there's such a key under construction already */ | ||
224 | down_write(&key_construction_sem); | ||
225 | |||
226 | list_for_each_entry(pcons, &user->consq, link) { | ||
227 | ckey = pcons->key; | ||
228 | |||
229 | if (ckey->type != type) | ||
230 | continue; | ||
231 | |||
232 | if (type->match(ckey, description)) | ||
233 | goto found_key_under_construction; | ||
234 | } | ||
235 | |||
236 | /* see about getting userspace to construct the key */ | ||
237 | key = __request_key_construction(type, description, callout_info); | ||
238 | error: | ||
239 | return key; | ||
240 | |||
241 | /* someone else has the same key under construction | ||
242 | * - we want to keep an eye on their key | ||
243 | */ | ||
244 | found_key_under_construction: | ||
245 | atomic_inc(&ckey->usage); | ||
246 | up_write(&key_construction_sem); | ||
247 | |||
248 | /* wait for the key to be completed one way or another */ | ||
249 | add_wait_queue(&request_key_conswq, &myself); | ||
250 | |||
251 | for (;;) { | ||
252 | set_current_state(TASK_UNINTERRUPTIBLE); | ||
253 | if (!(ckey->flags & KEY_FLAG_USER_CONSTRUCT)) | ||
254 | break; | ||
255 | schedule(); | ||
256 | } | ||
257 | |||
258 | set_current_state(TASK_RUNNING); | ||
259 | remove_wait_queue(&request_key_conswq, &myself); | ||
260 | |||
261 | /* we'll need to search this process's keyrings to see if the key is | ||
262 | * now there since we can't automatically assume it's also available | ||
263 | * there */ | ||
264 | key_put(ckey); | ||
265 | ckey = NULL; | ||
266 | |||
267 | key = NULL; /* request a retry */ | ||
268 | goto error; | ||
269 | |||
270 | } /* end request_key_construction() */ | ||
271 | |||
272 | /*****************************************************************************/ | ||
273 | /* | ||
274 | * request a key | ||
275 | * - search the process's keyrings | ||
276 | * - check the list of keys being created or updated | ||
277 | * - call out to userspace for a key if requested (supplementary info can be | ||
278 | * passed) | ||
279 | */ | ||
280 | struct key *request_key(struct key_type *type, | ||
281 | const char *description, | ||
282 | const char *callout_info) | ||
283 | { | ||
284 | struct key_user *user; | ||
285 | struct key *key; | ||
286 | |||
287 | /* search all the process keyrings for a key */ | ||
288 | key = search_process_keyrings_aux(type, description, type->match); | ||
289 | |||
290 | if (PTR_ERR(key) == -EAGAIN) { | ||
291 | /* the search failed, but the keyrings were searchable, so we | ||
292 | * should consult userspace if we can */ | ||
293 | key = ERR_PTR(-ENOKEY); | ||
294 | if (!callout_info) | ||
295 | goto error; | ||
296 | |||
297 | /* - get hold of the user's construction queue */ | ||
298 | user = key_user_lookup(current->fsuid); | ||
299 | if (!user) { | ||
300 | key = ERR_PTR(-ENOMEM); | ||
301 | goto error; | ||
302 | } | ||
303 | |||
304 | for (;;) { | ||
305 | /* ask userspace (returns NULL if it waited on a key | ||
306 | * being constructed) */ | ||
307 | key = request_key_construction(type, description, | ||
308 | user, callout_info); | ||
309 | if (key) | ||
310 | break; | ||
311 | |||
312 | /* someone else made the key we want, so we need to | ||
313 | * search again as it might now be available to us */ | ||
314 | key = search_process_keyrings_aux(type, description, | ||
315 | type->match); | ||
316 | if (PTR_ERR(key) != -EAGAIN) | ||
317 | break; | ||
318 | } | ||
319 | |||
320 | key_user_put(user); | ||
321 | } | ||
322 | |||
323 | error: | ||
324 | return key; | ||
325 | |||
326 | } /* end request_key() */ | ||
327 | |||
328 | EXPORT_SYMBOL(request_key); | ||
329 | |||
330 | /*****************************************************************************/ | ||
331 | /* | ||
332 | * validate a key | ||
333 | */ | ||
334 | int key_validate(struct key *key) | ||
335 | { | ||
336 | struct timespec now; | ||
337 | int ret = 0; | ||
338 | |||
339 | if (key) { | ||
340 | /* check it's still accessible */ | ||
341 | ret = -EKEYREVOKED; | ||
342 | if (key->flags & (KEY_FLAG_REVOKED | KEY_FLAG_DEAD)) | ||
343 | goto error; | ||
344 | |||
345 | /* check it hasn't expired */ | ||
346 | ret = 0; | ||
347 | if (key->expiry) { | ||
348 | now = current_kernel_time(); | ||
349 | if (now.tv_sec >= key->expiry) | ||
350 | ret = -EKEYEXPIRED; | ||
351 | } | ||
352 | } | ||
353 | |||
354 | error: | ||
355 | return ret; | ||
356 | |||
357 | } /* end key_validate() */ | ||
358 | |||
359 | EXPORT_SYMBOL(key_validate); | ||
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c new file mode 100644 index 000000000000..8d65b3a28129 --- /dev/null +++ b/security/keys/user_defined.c | |||
@@ -0,0 +1,191 @@ | |||
1 | /* user_defined.c: user defined key type | ||
2 | * | ||
3 | * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. | ||
4 | * Written by David Howells (dhowells@redhat.com) | ||
5 | * | ||
6 | * This program is free software; you can redistribute it and/or | ||
7 | * modify it under the terms of the GNU General Public License | ||
8 | * as published by the Free Software Foundation; either version | ||
9 | * 2 of the License, or (at your option) any later version. | ||
10 | */ | ||
11 | |||
12 | #include <linux/module.h> | ||
13 | #include <linux/init.h> | ||
14 | #include <linux/sched.h> | ||
15 | #include <linux/slab.h> | ||
16 | #include <linux/seq_file.h> | ||
17 | #include <linux/err.h> | ||
18 | #include <asm/uaccess.h> | ||
19 | #include "internal.h" | ||
20 | |||
21 | static int user_instantiate(struct key *key, const void *data, size_t datalen); | ||
22 | static int user_duplicate(struct key *key, const struct key *source); | ||
23 | static int user_update(struct key *key, const void *data, size_t datalen); | ||
24 | static int user_match(const struct key *key, const void *criterion); | ||
25 | static void user_destroy(struct key *key); | ||
26 | static void user_describe(const struct key *user, struct seq_file *m); | ||
27 | static long user_read(const struct key *key, | ||
28 | char __user *buffer, size_t buflen); | ||
29 | |||
30 | /* | ||
31 | * user defined keys take an arbitrary string as the description and an | ||
32 | * arbitrary blob of data as the payload | ||
33 | */ | ||
34 | struct key_type key_type_user = { | ||
35 | .name = "user", | ||
36 | .instantiate = user_instantiate, | ||
37 | .duplicate = user_duplicate, | ||
38 | .update = user_update, | ||
39 | .match = user_match, | ||
40 | .destroy = user_destroy, | ||
41 | .describe = user_describe, | ||
42 | .read = user_read, | ||
43 | }; | ||
44 | |||
45 | /*****************************************************************************/ | ||
46 | /* | ||
47 | * instantiate a user defined key | ||
48 | */ | ||
49 | static int user_instantiate(struct key *key, const void *data, size_t datalen) | ||
50 | { | ||
51 | int ret; | ||
52 | |||
53 | ret = -EINVAL; | ||
54 | if (datalen <= 0 || datalen > 32767 || !data) | ||
55 | goto error; | ||
56 | |||
57 | ret = key_payload_reserve(key, datalen); | ||
58 | if (ret < 0) | ||
59 | goto error; | ||
60 | |||
61 | /* attach the data */ | ||
62 | ret = -ENOMEM; | ||
63 | key->payload.data = kmalloc(datalen, GFP_KERNEL); | ||
64 | if (!key->payload.data) | ||
65 | goto error; | ||
66 | |||
67 | memcpy(key->payload.data, data, datalen); | ||
68 | ret = 0; | ||
69 | |||
70 | error: | ||
71 | return ret; | ||
72 | |||
73 | } /* end user_instantiate() */ | ||
74 | |||
75 | /*****************************************************************************/ | ||
76 | /* | ||
77 | * duplicate a user defined key | ||
78 | */ | ||
79 | static int user_duplicate(struct key *key, const struct key *source) | ||
80 | { | ||
81 | int ret; | ||
82 | |||
83 | /* just copy the payload */ | ||
84 | ret = -ENOMEM; | ||
85 | key->payload.data = kmalloc(source->datalen, GFP_KERNEL); | ||
86 | |||
87 | if (key->payload.data) { | ||
88 | key->datalen = source->datalen; | ||
89 | memcpy(key->payload.data, source->payload.data, source->datalen); | ||
90 | ret = 0; | ||
91 | } | ||
92 | |||
93 | return ret; | ||
94 | |||
95 | } /* end user_duplicate() */ | ||
96 | |||
97 | /*****************************************************************************/ | ||
98 | /* | ||
99 | * update a user defined key | ||
100 | */ | ||
101 | static int user_update(struct key *key, const void *data, size_t datalen) | ||
102 | { | ||
103 | void *new, *zap; | ||
104 | int ret; | ||
105 | |||
106 | ret = -EINVAL; | ||
107 | if (datalen <= 0 || datalen > 32767 || !data) | ||
108 | goto error; | ||
109 | |||
110 | /* copy the data */ | ||
111 | ret = -ENOMEM; | ||
112 | new = kmalloc(datalen, GFP_KERNEL); | ||
113 | if (!new) | ||
114 | goto error; | ||
115 | |||
116 | memcpy(new, data, datalen); | ||
117 | |||
118 | /* check the quota and attach the new data */ | ||
119 | zap = new; | ||
120 | write_lock(&key->lock); | ||
121 | |||
122 | ret = key_payload_reserve(key, datalen); | ||
123 | |||
124 | if (ret == 0) { | ||
125 | /* attach the new data, displacing the old */ | ||
126 | zap = key->payload.data; | ||
127 | key->payload.data = new; | ||
128 | key->expiry = 0; | ||
129 | } | ||
130 | |||
131 | write_unlock(&key->lock); | ||
132 | kfree(zap); | ||
133 | |||
134 | error: | ||
135 | return ret; | ||
136 | |||
137 | } /* end user_update() */ | ||
138 | |||
139 | /*****************************************************************************/ | ||
140 | /* | ||
141 | * match users on their name | ||
142 | */ | ||
143 | static int user_match(const struct key *key, const void *description) | ||
144 | { | ||
145 | return strcmp(key->description, description) == 0; | ||
146 | |||
147 | } /* end user_match() */ | ||
148 | |||
149 | /*****************************************************************************/ | ||
150 | /* | ||
151 | * dispose of the data dangling from the corpse of a user | ||
152 | */ | ||
153 | static void user_destroy(struct key *key) | ||
154 | { | ||
155 | kfree(key->payload.data); | ||
156 | |||
157 | } /* end user_destroy() */ | ||
158 | |||
159 | /*****************************************************************************/ | ||
160 | /* | ||
161 | * describe the user | ||
162 | */ | ||
163 | static void user_describe(const struct key *key, struct seq_file *m) | ||
164 | { | ||
165 | seq_puts(m, key->description); | ||
166 | |||
167 | seq_printf(m, ": %u", key->datalen); | ||
168 | |||
169 | } /* end user_describe() */ | ||
170 | |||
171 | /*****************************************************************************/ | ||
172 | /* | ||
173 | * read the key data | ||
174 | */ | ||
175 | static long user_read(const struct key *key, | ||
176 | char __user *buffer, size_t buflen) | ||
177 | { | ||
178 | long ret = key->datalen; | ||
179 | |||
180 | /* we can return the data as is */ | ||
181 | if (buffer && buflen > 0) { | ||
182 | if (buflen > key->datalen) | ||
183 | buflen = key->datalen; | ||
184 | |||
185 | if (copy_to_user(buffer, key->payload.data, buflen) != 0) | ||
186 | ret = -EFAULT; | ||
187 | } | ||
188 | |||
189 | return ret; | ||
190 | |||
191 | } /* end user_read() */ | ||