Lines Matching +full:key +full:-
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /* Userspace key control operations
4 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
13 #include <linux/key.h>
24 #include <keys/request_key_auth-type.h>
55 return -EINVAL; in key_get_type_from_user()
57 return -EPERM; in key_get_type_from_user()
58 type[len - 1] = '\0'; in key_get_type_from_user()
63 * Extract the description of a new key from userspace and either add it as a
64 * new key to the specified keyring or update a matching key in that keyring.
66 * If the description is NULL or an empty string, the key type is asked to
69 * The keyring must be writable so that we can attach the key to it.
71 * If successful, the new key's serial number is returned, otherwise an error
85 ret = -EINVAL; in SYSCALL_DEFINE5()
86 if (plen > 1024 * 1024 - 1) in SYSCALL_DEFINE5()
106 ret = -EPERM; in SYSCALL_DEFINE5()
115 ret = -ENOMEM; in SYSCALL_DEFINE5()
120 ret = -EFAULT; in SYSCALL_DEFINE5()
132 /* create or update the requested key and add it to the target in SYSCALL_DEFINE5()
138 ret = key_ref_to_ptr(key_ref)->serial; in SYSCALL_DEFINE5()
156 * matching key. Keyrings must have appropriate Search permission to be
159 * If a key is found, it will be attached to the destination keyring if there's
160 * one specified and the serial number of the key will be returned.
162 * If no key is found, /sbin/request-key will be invoked if _callout_info is
163 * non-NULL in an attempt to create a key. The _callout_info string will be
164 * passed to /sbin/request-key to aid with completing the request. If the
165 * _callout_info string is "" then it will be changed to "-".
173 struct key *key; in SYSCALL_DEFINE4() local
214 /* find the key type */ in SYSCALL_DEFINE4()
222 key = request_key_and_link(ktype, description, NULL, callout_info, in SYSCALL_DEFINE4()
225 if (IS_ERR(key)) { in SYSCALL_DEFINE4()
226 ret = PTR_ERR(key); in SYSCALL_DEFINE4()
230 /* wait for the key to finish being constructed */ in SYSCALL_DEFINE4()
231 ret = wait_for_key_construction(key, 1); in SYSCALL_DEFINE4()
235 ret = key->serial; in SYSCALL_DEFINE4()
238 key_put(key); in SYSCALL_DEFINE4()
271 ret = key_ref_to_ptr(key_ref)->serial; in keyctl_get_keyring_ID()
302 ret = -EPERM; in keyctl_join_session_keyring()
316 * Update a key's data payload from the given data.
318 * The key must grant the caller Write permission and the key type must support
319 * updating for this to work. A negative key can be positively instantiated
322 * If successful, 0 will be returned. If the key type does not support
323 * updating, then -EOPNOTSUPP will be returned.
333 ret = -EINVAL; in keyctl_update_key()
340 ret = -ENOMEM; in keyctl_update_key()
345 ret = -EFAULT; in keyctl_update_key()
350 /* find the target key (which must be writable) */ in keyctl_update_key()
357 /* update the key */ in keyctl_update_key()
368 * Revoke a key.
370 * The key must be grant the caller Write or Setattr permission for this to
371 * work. The key type should give up its quota claim when revoked. The key
372 * and any links to the key will be automatically garbage collected after a
382 struct key *key; in keyctl_revoke_key() local
388 if (ret != -EACCES) in keyctl_revoke_key()
397 key = key_ref_to_ptr(key_ref); in keyctl_revoke_key()
399 if (test_bit(KEY_FLAG_KEEP, &key->flags)) in keyctl_revoke_key()
400 ret = -EPERM; in keyctl_revoke_key()
402 key_revoke(key); in keyctl_revoke_key()
410 * Invalidate a key.
412 * The key must be grant the caller Invalidate permission for this to work.
413 * The key and any links to the key will be automatically garbage collected
423 struct key *key; in keyctl_invalidate_key() local
438 &key_ref_to_ptr(key_ref)->flags)) in keyctl_invalidate_key()
447 key = key_ref_to_ptr(key_ref); in keyctl_invalidate_key()
449 if (test_bit(KEY_FLAG_KEEP, &key->flags)) in keyctl_invalidate_key()
450 ret = -EPERM; in keyctl_invalidate_key()
452 key_invalidate(key); in keyctl_invalidate_key()
470 struct key *keyring; in keyctl_keyring_clear()
484 &key_ref_to_ptr(keyring_ref)->flags)) in keyctl_keyring_clear()
494 if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) in keyctl_keyring_clear()
495 ret = -EPERM; in keyctl_keyring_clear()
505 * Create a link from a keyring to a key if there's no matching key in the
506 * keyring, otherwise replace the link to the matching key with a link to the
507 * new key.
509 * The key must grant the caller Link permission and the keyring must grant
542 * Unlink a key from a keyring.
544 * The keyring must grant the caller Write permission for this to work; the key
545 * itself need not grant the caller anything. If the last link to a key is
546 * removed then that key will be scheduled for destruction.
555 struct key *keyring, *key; in keyctl_keyring_unlink() local
571 key = key_ref_to_ptr(key_ref); in keyctl_keyring_unlink()
572 if (test_bit(KEY_FLAG_KEEP, &keyring->flags) && in keyctl_keyring_unlink()
573 test_bit(KEY_FLAG_KEEP, &key->flags)) in keyctl_keyring_unlink()
574 ret = -EPERM; in keyctl_keyring_unlink()
576 ret = key_unlink(keyring, key); in keyctl_keyring_unlink()
586 * Move a link to a key from one keyring to another, displacing any matching
587 * key from the destination keyring.
589 * The key must grant the caller Link permission and both keyrings must grant
591 * to the key. If both keyrings are the same, nothing is done.
602 return -EINVAL; in keyctl_keyring_move()
632 * Return a description of a key to userspace.
634 * The key must grant the caller View permission for this to work.
648 struct key *key, *instkey; in keyctl_describe_key() local
656 /* viewing a key under construction is permitted if we have the in keyctl_describe_key()
658 if (PTR_ERR(key_ref) == -EACCES) { in keyctl_describe_key()
675 key = key_ref_to_ptr(key_ref); in keyctl_describe_key()
676 desclen = strlen(key->description); in keyctl_describe_key()
679 ret = -ENOMEM; in keyctl_describe_key()
682 key->type->name, in keyctl_describe_key()
683 from_kuid_munged(current_user_ns(), key->uid), in keyctl_describe_key()
684 from_kgid_munged(current_user_ns(), key->gid), in keyctl_describe_key()
685 key->perm); in keyctl_describe_key()
694 copy_to_user(buffer + infolen, key->description, in keyctl_describe_key()
696 ret = -EFAULT; in keyctl_describe_key()
708 * key. Only keyrings that grant the caller Search permission will be searched
712 * If successful, the found key will be linked to the destination keyring if
713 * supplied and the key has Link permission, and the found key ID will be
755 /* find the key type */ in keyctl_keyring_search()
767 /* treat lack or presence of a negative key the same */ in keyctl_keyring_search()
768 if (ret == -EAGAIN) in keyctl_keyring_search()
769 ret = -ENOKEY; in keyctl_keyring_search()
773 /* link the resulting key to the destination keyring if we can */ in keyctl_keyring_search()
784 ret = key_ref_to_ptr(key_ref)->serial; in keyctl_keyring_search()
803 static long __keyctl_read_key(struct key *key, char *buffer, size_t buflen) in __keyctl_read_key() argument
807 down_read(&key->sem); in __keyctl_read_key()
808 ret = key_validate(key); in __keyctl_read_key()
810 ret = key->type->read(key, buffer, buflen); in __keyctl_read_key()
811 up_read(&key->sem); in __keyctl_read_key()
816 * Read a key's payload.
818 * The key must either grant the caller Read permission, or it must grant the
822 * is provided, and return the amount of data that is available in the key,
827 struct key *key; in keyctl_read_key() local
833 /* find the key first */ in keyctl_read_key()
836 ret = -ENOKEY; in keyctl_read_key()
840 key = key_ref_to_ptr(key_ref); in keyctl_read_key()
842 ret = key_read_state(key); in keyctl_read_key()
850 if (ret != -EACCES) in keyctl_read_key()
854 * - we automatically take account of the fact that it may be in keyctl_read_key()
855 * dangling off an instantiation key in keyctl_read_key()
858 ret = -EACCES; in keyctl_read_key()
862 /* the key is probably readable - now try to read it */ in keyctl_read_key()
864 if (!key->type->read) { in keyctl_read_key()
865 ret = -EOPNOTSUPP; in keyctl_read_key()
870 /* Get the key length from the read method */ in keyctl_read_key()
871 ret = __keyctl_read_key(key, NULL, 0); in keyctl_read_key()
877 * to protect against the key being updated or revoked. in keyctl_read_key()
884 * ? buflen : actual length of key data in keyctl_read_key()
887 * be much larger than the actual key length. In the latter case, in keyctl_read_key()
895 ret = -ENOMEM; in keyctl_read_key()
900 ret = __keyctl_read_key(key, key_data, key_data_len); in keyctl_read_key()
910 * The key may change (unlikely) in between 2 consecutive in keyctl_read_key()
912 * a larger buffer and redo the key read when in keyctl_read_key()
923 ret = -EFAULT; in keyctl_read_key()
929 key_put(key); in keyctl_read_key()
935 * Change the ownership of a key
937 * The key must grant the caller Setattr permission for this to work, though
938 * the key need not be fully instantiated yet. For the UID to be changed, or
940 * caller must have sysadmin capability. If either uid or gid is -1 then that
944 * accept the key. The quota deduction will be removed from the old user to
952 struct key *key; in keyctl_chown_key() local
961 ret = -EINVAL; in keyctl_chown_key()
962 if ((user != (uid_t) -1) && !uid_valid(uid)) in keyctl_chown_key()
964 if ((group != (gid_t) -1) && !gid_valid(gid)) in keyctl_chown_key()
968 if (user == (uid_t) -1 && group == (gid_t) -1) in keyctl_chown_key()
978 key = key_ref_to_ptr(key_ref); in keyctl_chown_key()
981 ret = -EACCES; in keyctl_chown_key()
982 down_write(&key->sem); in keyctl_chown_key()
987 /* only the sysadmin can chown a key to some other UID */ in keyctl_chown_key()
988 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) in keyctl_chown_key()
991 /* only the sysadmin can set the key's GID to a group other in keyctl_chown_key()
993 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) in keyctl_chown_key()
1001 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { in keyctl_chown_key()
1002 ret = -ENOMEM; in keyctl_chown_key()
1008 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { in keyctl_chown_key()
1014 spin_lock_irqsave(&newowner->lock, flags); in keyctl_chown_key()
1015 if (newowner->qnkeys + 1 > maxkeys || in keyctl_chown_key()
1016 newowner->qnbytes + key->quotalen > maxbytes || in keyctl_chown_key()
1017 newowner->qnbytes + key->quotalen < in keyctl_chown_key()
1018 newowner->qnbytes) in keyctl_chown_key()
1021 newowner->qnkeys++; in keyctl_chown_key()
1022 newowner->qnbytes += key->quotalen; in keyctl_chown_key()
1023 spin_unlock_irqrestore(&newowner->lock, flags); in keyctl_chown_key()
1025 spin_lock_irqsave(&key->user->lock, flags); in keyctl_chown_key()
1026 key->user->qnkeys--; in keyctl_chown_key()
1027 key->user->qnbytes -= key->quotalen; in keyctl_chown_key()
1028 spin_unlock_irqrestore(&key->user->lock, flags); in keyctl_chown_key()
1031 atomic_dec(&key->user->nkeys); in keyctl_chown_key()
1032 atomic_inc(&newowner->nkeys); in keyctl_chown_key()
1034 if (key->state != KEY_IS_UNINSTANTIATED) { in keyctl_chown_key()
1035 atomic_dec(&key->user->nikeys); in keyctl_chown_key()
1036 atomic_inc(&newowner->nikeys); in keyctl_chown_key()
1039 zapowner = key->user; in keyctl_chown_key()
1040 key->user = newowner; in keyctl_chown_key()
1041 key->uid = uid; in keyctl_chown_key()
1045 if (group != (gid_t) -1) in keyctl_chown_key()
1046 key->gid = gid; in keyctl_chown_key()
1048 notify_key(key, NOTIFY_KEY_SETATTR, 0); in keyctl_chown_key()
1052 up_write(&key->sem); in keyctl_chown_key()
1053 key_put(key); in keyctl_chown_key()
1060 spin_unlock_irqrestore(&newowner->lock, flags); in keyctl_chown_key()
1062 ret = -EDQUOT; in keyctl_chown_key()
1067 * Change the permission mask on a key.
1069 * The key must grant the caller Setattr permission for this to work, though
1070 * the key need not be fully instantiated yet. If the caller does not have
1075 struct key *key; in keyctl_setperm_key() local
1079 ret = -EINVAL; in keyctl_setperm_key()
1090 key = key_ref_to_ptr(key_ref); in keyctl_setperm_key()
1093 ret = -EACCES; in keyctl_setperm_key()
1094 down_write(&key->sem); in keyctl_setperm_key()
1096 /* if we're not the sysadmin, we can only change a key that we own */ in keyctl_setperm_key()
1097 if (uid_eq(key->uid, current_fsuid()) || capable(CAP_SYS_ADMIN)) { in keyctl_setperm_key()
1098 key->perm = perm; in keyctl_setperm_key()
1099 notify_key(key, NOTIFY_KEY_SETATTR, 0); in keyctl_setperm_key()
1103 up_write(&key->sem); in keyctl_setperm_key()
1104 key_put(key); in keyctl_setperm_key()
1115 struct key **_dest_keyring) in get_instantiation_keyring()
1135 return -EINVAL; in get_instantiation_keyring()
1138 * authorisation key (any KEY_SPEC_*_KEYRING) */ in get_instantiation_keyring()
1140 *_dest_keyring = key_get(rka->dest_keyring); in get_instantiation_keyring()
1144 return -ENOKEY; in get_instantiation_keyring()
1148 * Change the request_key authorisation key on the current process.
1150 static int keyctl_change_reqkey_auth(struct key *key) in keyctl_change_reqkey_auth() argument
1156 return -ENOMEM; in keyctl_change_reqkey_auth()
1158 key_put(new->request_key_auth); in keyctl_change_reqkey_auth()
1159 new->request_key_auth = key_get(key); in keyctl_change_reqkey_auth()
1165 * Instantiate a key with the specified payload and link the key into the
1179 struct key *instkey, *dest_keyring; in keyctl_instantiate_key_common()
1189 ret = -EINVAL; in keyctl_instantiate_key_common()
1190 if (plen > 1024 * 1024 - 1) in keyctl_instantiate_key_common()
1193 /* the appropriate instantiation authorisation key must have been in keyctl_instantiate_key_common()
1195 ret = -EPERM; in keyctl_instantiate_key_common()
1196 instkey = cred->request_key_auth; in keyctl_instantiate_key_common()
1200 rka = instkey->payload.data[0]; in keyctl_instantiate_key_common()
1201 if (rka->target_key->serial != id) in keyctl_instantiate_key_common()
1208 ret = -ENOMEM; in keyctl_instantiate_key_common()
1213 ret = -EFAULT; in keyctl_instantiate_key_common()
1224 /* instantiate the key and link it into a keyring */ in keyctl_instantiate_key_common()
1225 ret = key_instantiate_and_link(rka->target_key, payload, plen, in keyctl_instantiate_key_common()
1231 * instantiation of the key */ in keyctl_instantiate_key_common()
1242 * Instantiate a key with the specified payload and link the key into the
1271 * Instantiate a key with the specified multipart payload and link the key into
1301 * Negatively instantiate the key with the given timeout (in seconds) and link
1302 * the key into the destination keyring if one is given.
1307 * The key and any links to the key will be automatically garbage collected
1311 * them to return -ENOKEY until the negative key expires.
1321 * Negatively instantiate the key with the given timeout (in seconds) and error
1322 * code and link the key into the destination keyring if one is given.
1327 * The key and any links to the key will be automatically garbage collected
1331 * them to return the specified error code until the negative key expires.
1340 struct key *instkey, *dest_keyring; in keyctl_reject_key()
1352 return -EINVAL; in keyctl_reject_key()
1354 /* the appropriate instantiation authorisation key must have been in keyctl_reject_key()
1356 ret = -EPERM; in keyctl_reject_key()
1357 instkey = cred->request_key_auth; in keyctl_reject_key()
1361 rka = instkey->payload.data[0]; in keyctl_reject_key()
1362 if (rka->target_key->serial != id) in keyctl_reject_key()
1371 /* instantiate the key and link it into a keyring */ in keyctl_reject_key()
1372 ret = key_reject_and_link(rka->target_key, timeout, error, in keyctl_reject_key()
1378 * instantiation of the key */ in keyctl_reject_key()
1405 return -ENOMEM; in keyctl_set_reqkey_keyring()
1430 ret = -EINVAL; in keyctl_set_reqkey_keyring()
1435 new->jit_keyring = reqkey_defl; in keyctl_set_reqkey_keyring()
1444 * Set or clear the timeout on a key.
1446 * Either the key must grant the caller Setattr permission or else the caller
1447 * must hold an instantiation authorisation token for the key.
1450 * the current time. The key and any links to the key will be automatically
1459 struct key *key, *instkey; in keyctl_set_timeout() local
1466 /* setting the timeout on a key under construction is permitted in keyctl_set_timeout()
1468 if (PTR_ERR(key_ref) == -EACCES) { in keyctl_set_timeout()
1485 key = key_ref_to_ptr(key_ref); in keyctl_set_timeout()
1487 if (test_bit(KEY_FLAG_KEEP, &key->flags)) { in keyctl_set_timeout()
1488 ret = -EPERM; in keyctl_set_timeout()
1490 key_set_timeout(key, timeout); in keyctl_set_timeout()
1491 notify_key(key, NOTIFY_KEY_SETATTR, 0); in keyctl_set_timeout()
1493 key_put(key); in keyctl_set_timeout()
1500 * Assume (or clear) the authority to instantiate the specified key.
1502 * This sets the authoritative token currently in force for key instantiation.
1503 * This must be done for a key to be instantiated. It has the effect of making
1505 * key to request_key() calls made by the caller of this function.
1507 * The caller must have the instantiation key in their process keyrings with a
1512 * If the ID given has a matching an authorisation key, then that key will be
1513 * set and its ID will be returned. The authorisation key can be read to get
1518 struct key *authkey; in keyctl_assume_authority()
1521 /* special key IDs aren't permitted */ in keyctl_assume_authority()
1522 ret = -EINVAL; in keyctl_assume_authority()
1533 * instantiate the specified key in keyctl_assume_authority()
1534 * - the authorisation key must be in the current task's keyrings in keyctl_assume_authority()
1545 ret = authkey->serial; in keyctl_assume_authority()
1552 * Get a key's the LSM security label.
1554 * The key must grant the caller View permission for this to work.
1565 struct key *key, *instkey; in keyctl_get_security() local
1572 if (PTR_ERR(key_ref) != -EACCES) in keyctl_get_security()
1575 /* viewing a key under construction is also permitted if we in keyctl_get_security()
1588 key = key_ref_to_ptr(key_ref); in keyctl_get_security()
1589 ret = security_key_getsecurity(key, &context); in keyctl_get_security()
1596 ret = -EFAULT; in keyctl_get_security()
1604 ret = -EFAULT; in keyctl_get_security()
1619 * parent process must be single-threaded and must have the same effective
1639 ret = -ENOMEM; in keyctl_session_to_parent()
1647 newwork = &cred->rcu; in keyctl_session_to_parent()
1649 cred->session_keyring = key_ref_to_ptr(keyring_r); in keyctl_session_to_parent()
1657 ret = -EPERM; in keyctl_session_to_parent()
1659 parent = rcu_dereference_protected(me->real_parent, in keyctl_session_to_parent()
1663 if (parent->pid <= 1 || !parent->mm) in keyctl_session_to_parent()
1675 mycred->session_keyring == pcred->session_keyring) { in keyctl_session_to_parent()
1682 if (!uid_eq(pcred->uid, mycred->euid) || in keyctl_session_to_parent()
1683 !uid_eq(pcred->euid, mycred->euid) || in keyctl_session_to_parent()
1684 !uid_eq(pcred->suid, mycred->euid) || in keyctl_session_to_parent()
1685 !gid_eq(pcred->gid, mycred->egid) || in keyctl_session_to_parent()
1686 !gid_eq(pcred->egid, mycred->egid) || in keyctl_session_to_parent()
1687 !gid_eq(pcred->sgid, mycred->egid)) in keyctl_session_to_parent()
1691 if ((pcred->session_keyring && in keyctl_session_to_parent()
1692 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || in keyctl_session_to_parent()
1693 !uid_eq(mycred->session_keyring->uid, mycred->euid)) in keyctl_session_to_parent()
1725 * Otherwise, both _type and _restriction must be non-NULL.
1741 ret = -EINVAL; in keyctl_restrict_keyring()
1769 * Watch for changes to a key.
1771 * The caller must have View permission to watch a key or keyring.
1778 struct key *key; in keyctl_watch_key() local
1782 if (watch_id < -1 || watch_id > 0xff) in keyctl_watch_key()
1783 return -EINVAL; in keyctl_watch_key()
1788 key = key_ref_to_ptr(key_ref); in keyctl_watch_key()
1797 ret = -ENOMEM; in keyctl_watch_key()
1798 if (!key->watchers) { in keyctl_watch_key()
1810 watch->id = key->serial; in keyctl_watch_key()
1811 watch->info_id = (u32)watch_id << WATCH_INFO_ID__SHIFT; in keyctl_watch_key()
1813 ret = security_watch_key(key); in keyctl_watch_key()
1817 down_write(&key->sem); in keyctl_watch_key()
1818 if (!key->watchers) { in keyctl_watch_key()
1819 key->watchers = wlist; in keyctl_watch_key()
1823 ret = add_watch_to_object(watch, key->watchers); in keyctl_watch_key()
1824 up_write(&key->sem); in keyctl_watch_key()
1829 ret = -EBADSLT; in keyctl_watch_key()
1830 if (key->watchers) { in keyctl_watch_key()
1831 down_write(&key->sem); in keyctl_watch_key()
1832 ret = remove_watch_from_object(key->watchers, in keyctl_watch_key()
1833 wqueue, key_serial(key), in keyctl_watch_key()
1835 up_write(&key->sem); in keyctl_watch_key()
1846 key_put(key); in keyctl_watch_key()
1862 return -EFAULT; in keyctl_capabilities()
1864 clear_user(_buffer + size, buflen - size) != 0) in keyctl_capabilities()
1865 return -EFAULT; in keyctl_capabilities()
1872 * The key control system call
1989 return -EINVAL; in SYSCALL_DEFINE5()
2024 return -EOPNOTSUPP; in SYSCALL_DEFINE5()