1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <linux/uio.h> 26 #include <asm/uaccess.h> 27 #include "internal.h" 28 29 static int key_get_type_from_user(char *type, 30 const char __user *_type, 31 unsigned len) 32 { 33 int ret; 34 35 ret = strncpy_from_user(type, _type, len); 36 if (ret < 0) 37 return ret; 38 if (ret == 0 || ret >= len) 39 return -EINVAL; 40 if (type[0] == '.') 41 return -EPERM; 42 type[len - 1] = '\0'; 43 return 0; 44 } 45 46 /* 47 * Extract the description of a new key from userspace and either add it as a 48 * new key to the specified keyring or update a matching key in that keyring. 49 * 50 * If the description is NULL or an empty string, the key type is asked to 51 * generate one from the payload. 52 * 53 * The keyring must be writable so that we can attach the key to it. 54 * 55 * If successful, the new key's serial number is returned, otherwise an error 56 * code is returned. 57 */ 58 SYSCALL_DEFINE5(add_key, const char __user *, _type, 59 const char __user *, _description, 60 const void __user *, _payload, 61 size_t, plen, 62 key_serial_t, ringid) 63 { 64 key_ref_t keyring_ref, key_ref; 65 char type[32], *description; 66 void *payload; 67 long ret; 68 bool vm; 69 70 ret = -EINVAL; 71 if (plen > 1024 * 1024 - 1) 72 goto error; 73 74 /* draw all the data into kernel space */ 75 ret = key_get_type_from_user(type, _type, sizeof(type)); 76 if (ret < 0) 77 goto error; 78 79 description = NULL; 80 if (_description) { 81 description = strndup_user(_description, PAGE_SIZE); 82 if (IS_ERR(description)) { 83 ret = PTR_ERR(description); 84 goto error; 85 } 86 if (!*description) { 87 kfree(description); 88 description = NULL; 89 } else if ((description[0] == '.') && 90 (strncmp(type, "keyring", 7) == 0)) { 91 ret = -EPERM; 92 goto error2; 93 } 94 } 95 96 /* pull the payload in if one was supplied */ 97 payload = NULL; 98 99 vm = false; 100 if (_payload) { 101 ret = -ENOMEM; 102 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 103 if (!payload) { 104 if (plen <= PAGE_SIZE) 105 goto error2; 106 vm = true; 107 payload = vmalloc(plen); 108 if (!payload) 109 goto error2; 110 } 111 112 ret = -EFAULT; 113 if (copy_from_user(payload, _payload, plen) != 0) 114 goto error3; 115 } 116 117 /* find the target keyring (which must be writable) */ 118 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 119 if (IS_ERR(keyring_ref)) { 120 ret = PTR_ERR(keyring_ref); 121 goto error3; 122 } 123 124 /* create or update the requested key and add it to the target 125 * keyring */ 126 key_ref = key_create_or_update(keyring_ref, type, description, 127 payload, plen, KEY_PERM_UNDEF, 128 KEY_ALLOC_IN_QUOTA); 129 if (!IS_ERR(key_ref)) { 130 ret = key_ref_to_ptr(key_ref)->serial; 131 key_ref_put(key_ref); 132 } 133 else { 134 ret = PTR_ERR(key_ref); 135 } 136 137 key_ref_put(keyring_ref); 138 error3: 139 if (!vm) 140 kfree(payload); 141 else 142 vfree(payload); 143 error2: 144 kfree(description); 145 error: 146 return ret; 147 } 148 149 /* 150 * Search the process keyrings and keyring trees linked from those for a 151 * matching key. Keyrings must have appropriate Search permission to be 152 * searched. 153 * 154 * If a key is found, it will be attached to the destination keyring if there's 155 * one specified and the serial number of the key will be returned. 156 * 157 * If no key is found, /sbin/request-key will be invoked if _callout_info is 158 * non-NULL in an attempt to create a key. The _callout_info string will be 159 * passed to /sbin/request-key to aid with completing the request. If the 160 * _callout_info string is "" then it will be changed to "-". 161 */ 162 SYSCALL_DEFINE4(request_key, const char __user *, _type, 163 const char __user *, _description, 164 const char __user *, _callout_info, 165 key_serial_t, destringid) 166 { 167 struct key_type *ktype; 168 struct key *key; 169 key_ref_t dest_ref; 170 size_t callout_len; 171 char type[32], *description, *callout_info; 172 long ret; 173 174 /* pull the type into kernel space */ 175 ret = key_get_type_from_user(type, _type, sizeof(type)); 176 if (ret < 0) 177 goto error; 178 179 /* pull the description into kernel space */ 180 description = strndup_user(_description, PAGE_SIZE); 181 if (IS_ERR(description)) { 182 ret = PTR_ERR(description); 183 goto error; 184 } 185 186 /* pull the callout info into kernel space */ 187 callout_info = NULL; 188 callout_len = 0; 189 if (_callout_info) { 190 callout_info = strndup_user(_callout_info, PAGE_SIZE); 191 if (IS_ERR(callout_info)) { 192 ret = PTR_ERR(callout_info); 193 goto error2; 194 } 195 callout_len = strlen(callout_info); 196 } 197 198 /* get the destination keyring if specified */ 199 dest_ref = NULL; 200 if (destringid) { 201 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 202 KEY_NEED_WRITE); 203 if (IS_ERR(dest_ref)) { 204 ret = PTR_ERR(dest_ref); 205 goto error3; 206 } 207 } 208 209 /* find the key type */ 210 ktype = key_type_lookup(type); 211 if (IS_ERR(ktype)) { 212 ret = PTR_ERR(ktype); 213 goto error4; 214 } 215 216 /* do the search */ 217 key = request_key_and_link(ktype, description, callout_info, 218 callout_len, NULL, key_ref_to_ptr(dest_ref), 219 KEY_ALLOC_IN_QUOTA); 220 if (IS_ERR(key)) { 221 ret = PTR_ERR(key); 222 goto error5; 223 } 224 225 /* wait for the key to finish being constructed */ 226 ret = wait_for_key_construction(key, 1); 227 if (ret < 0) 228 goto error6; 229 230 ret = key->serial; 231 232 error6: 233 key_put(key); 234 error5: 235 key_type_put(ktype); 236 error4: 237 key_ref_put(dest_ref); 238 error3: 239 kfree(callout_info); 240 error2: 241 kfree(description); 242 error: 243 return ret; 244 } 245 246 /* 247 * Get the ID of the specified process keyring. 248 * 249 * The requested keyring must have search permission to be found. 250 * 251 * If successful, the ID of the requested keyring will be returned. 252 */ 253 long keyctl_get_keyring_ID(key_serial_t id, int create) 254 { 255 key_ref_t key_ref; 256 unsigned long lflags; 257 long ret; 258 259 lflags = create ? KEY_LOOKUP_CREATE : 0; 260 key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH); 261 if (IS_ERR(key_ref)) { 262 ret = PTR_ERR(key_ref); 263 goto error; 264 } 265 266 ret = key_ref_to_ptr(key_ref)->serial; 267 key_ref_put(key_ref); 268 error: 269 return ret; 270 } 271 272 /* 273 * Join a (named) session keyring. 274 * 275 * Create and join an anonymous session keyring or join a named session 276 * keyring, creating it if necessary. A named session keyring must have Search 277 * permission for it to be joined. Session keyrings without this permit will 278 * be skipped over. 279 * 280 * If successful, the ID of the joined session keyring will be returned. 281 */ 282 long keyctl_join_session_keyring(const char __user *_name) 283 { 284 char *name; 285 long ret; 286 287 /* fetch the name from userspace */ 288 name = NULL; 289 if (_name) { 290 name = strndup_user(_name, PAGE_SIZE); 291 if (IS_ERR(name)) { 292 ret = PTR_ERR(name); 293 goto error; 294 } 295 } 296 297 /* join the session */ 298 ret = join_session_keyring(name); 299 kfree(name); 300 301 error: 302 return ret; 303 } 304 305 /* 306 * Update a key's data payload from the given data. 307 * 308 * The key must grant the caller Write permission and the key type must support 309 * updating for this to work. A negative key can be positively instantiated 310 * with this call. 311 * 312 * If successful, 0 will be returned. If the key type does not support 313 * updating, then -EOPNOTSUPP will be returned. 314 */ 315 long keyctl_update_key(key_serial_t id, 316 const void __user *_payload, 317 size_t plen) 318 { 319 key_ref_t key_ref; 320 void *payload; 321 long ret; 322 323 ret = -EINVAL; 324 if (plen > PAGE_SIZE) 325 goto error; 326 327 /* pull the payload in if one was supplied */ 328 payload = NULL; 329 if (_payload) { 330 ret = -ENOMEM; 331 payload = kmalloc(plen, GFP_KERNEL); 332 if (!payload) 333 goto error; 334 335 ret = -EFAULT; 336 if (copy_from_user(payload, _payload, plen) != 0) 337 goto error2; 338 } 339 340 /* find the target key (which must be writable) */ 341 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 342 if (IS_ERR(key_ref)) { 343 ret = PTR_ERR(key_ref); 344 goto error2; 345 } 346 347 /* update the key */ 348 ret = key_update(key_ref, payload, plen); 349 350 key_ref_put(key_ref); 351 error2: 352 kfree(payload); 353 error: 354 return ret; 355 } 356 357 /* 358 * Revoke a key. 359 * 360 * The key must be grant the caller Write or Setattr permission for this to 361 * work. The key type should give up its quota claim when revoked. The key 362 * and any links to the key will be automatically garbage collected after a 363 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 364 * 365 * If successful, 0 is returned. 366 */ 367 long keyctl_revoke_key(key_serial_t id) 368 { 369 key_ref_t key_ref; 370 long ret; 371 372 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 373 if (IS_ERR(key_ref)) { 374 ret = PTR_ERR(key_ref); 375 if (ret != -EACCES) 376 goto error; 377 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR); 378 if (IS_ERR(key_ref)) { 379 ret = PTR_ERR(key_ref); 380 goto error; 381 } 382 } 383 384 key_revoke(key_ref_to_ptr(key_ref)); 385 ret = 0; 386 387 key_ref_put(key_ref); 388 error: 389 return ret; 390 } 391 392 /* 393 * Invalidate a key. 394 * 395 * The key must be grant the caller Invalidate permission for this to work. 396 * The key and any links to the key will be automatically garbage collected 397 * immediately. 398 * 399 * If successful, 0 is returned. 400 */ 401 long keyctl_invalidate_key(key_serial_t id) 402 { 403 key_ref_t key_ref; 404 long ret; 405 406 kenter("%d", id); 407 408 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); 409 if (IS_ERR(key_ref)) { 410 ret = PTR_ERR(key_ref); 411 412 /* Root is permitted to invalidate certain special keys */ 413 if (capable(CAP_SYS_ADMIN)) { 414 key_ref = lookup_user_key(id, 0, 0); 415 if (IS_ERR(key_ref)) 416 goto error; 417 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, 418 &key_ref_to_ptr(key_ref)->flags)) 419 goto invalidate; 420 goto error_put; 421 } 422 423 goto error; 424 } 425 426 invalidate: 427 key_invalidate(key_ref_to_ptr(key_ref)); 428 ret = 0; 429 error_put: 430 key_ref_put(key_ref); 431 error: 432 kleave(" = %ld", ret); 433 return ret; 434 } 435 436 /* 437 * Clear the specified keyring, creating an empty process keyring if one of the 438 * special keyring IDs is used. 439 * 440 * The keyring must grant the caller Write permission for this to work. If 441 * successful, 0 will be returned. 442 */ 443 long keyctl_keyring_clear(key_serial_t ringid) 444 { 445 key_ref_t keyring_ref; 446 long ret; 447 448 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 449 if (IS_ERR(keyring_ref)) { 450 ret = PTR_ERR(keyring_ref); 451 452 /* Root is permitted to invalidate certain special keyrings */ 453 if (capable(CAP_SYS_ADMIN)) { 454 keyring_ref = lookup_user_key(ringid, 0, 0); 455 if (IS_ERR(keyring_ref)) 456 goto error; 457 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 458 &key_ref_to_ptr(keyring_ref)->flags)) 459 goto clear; 460 goto error_put; 461 } 462 463 goto error; 464 } 465 466 clear: 467 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 468 error_put: 469 key_ref_put(keyring_ref); 470 error: 471 return ret; 472 } 473 474 /* 475 * Create a link from a keyring to a key if there's no matching key in the 476 * keyring, otherwise replace the link to the matching key with a link to the 477 * new key. 478 * 479 * The key must grant the caller Link permission and the the keyring must grant 480 * the caller Write permission. Furthermore, if an additional link is created, 481 * the keyring's quota will be extended. 482 * 483 * If successful, 0 will be returned. 484 */ 485 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 486 { 487 key_ref_t keyring_ref, key_ref; 488 long ret; 489 490 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 491 if (IS_ERR(keyring_ref)) { 492 ret = PTR_ERR(keyring_ref); 493 goto error; 494 } 495 496 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK); 497 if (IS_ERR(key_ref)) { 498 ret = PTR_ERR(key_ref); 499 goto error2; 500 } 501 502 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 503 504 key_ref_put(key_ref); 505 error2: 506 key_ref_put(keyring_ref); 507 error: 508 return ret; 509 } 510 511 /* 512 * Unlink a key from a keyring. 513 * 514 * The keyring must grant the caller Write permission for this to work; the key 515 * itself need not grant the caller anything. If the last link to a key is 516 * removed then that key will be scheduled for destruction. 517 * 518 * If successful, 0 will be returned. 519 */ 520 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 521 { 522 key_ref_t keyring_ref, key_ref; 523 long ret; 524 525 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); 526 if (IS_ERR(keyring_ref)) { 527 ret = PTR_ERR(keyring_ref); 528 goto error; 529 } 530 531 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 532 if (IS_ERR(key_ref)) { 533 ret = PTR_ERR(key_ref); 534 goto error2; 535 } 536 537 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 538 539 key_ref_put(key_ref); 540 error2: 541 key_ref_put(keyring_ref); 542 error: 543 return ret; 544 } 545 546 /* 547 * Return a description of a key to userspace. 548 * 549 * The key must grant the caller View permission for this to work. 550 * 551 * If there's a buffer, we place up to buflen bytes of data into it formatted 552 * in the following way: 553 * 554 * type;uid;gid;perm;description<NUL> 555 * 556 * If successful, we return the amount of description available, irrespective 557 * of how much we may have copied into the buffer. 558 */ 559 long keyctl_describe_key(key_serial_t keyid, 560 char __user *buffer, 561 size_t buflen) 562 { 563 struct key *key, *instkey; 564 key_ref_t key_ref; 565 char *tmpbuf; 566 long ret; 567 568 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 569 if (IS_ERR(key_ref)) { 570 /* viewing a key under construction is permitted if we have the 571 * authorisation token handy */ 572 if (PTR_ERR(key_ref) == -EACCES) { 573 instkey = key_get_instantiation_authkey(keyid); 574 if (!IS_ERR(instkey)) { 575 key_put(instkey); 576 key_ref = lookup_user_key(keyid, 577 KEY_LOOKUP_PARTIAL, 578 0); 579 if (!IS_ERR(key_ref)) 580 goto okay; 581 } 582 } 583 584 ret = PTR_ERR(key_ref); 585 goto error; 586 } 587 588 okay: 589 /* calculate how much description we're going to return */ 590 ret = -ENOMEM; 591 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 592 if (!tmpbuf) 593 goto error2; 594 595 key = key_ref_to_ptr(key_ref); 596 597 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 598 "%s;%d;%d;%08x;%s", 599 key->type->name, 600 from_kuid_munged(current_user_ns(), key->uid), 601 from_kgid_munged(current_user_ns(), key->gid), 602 key->perm, 603 key->description ?: ""); 604 605 /* include a NUL char at the end of the data */ 606 if (ret > PAGE_SIZE - 1) 607 ret = PAGE_SIZE - 1; 608 tmpbuf[ret] = 0; 609 ret++; 610 611 /* consider returning the data */ 612 if (buffer && buflen > 0) { 613 if (buflen > ret) 614 buflen = ret; 615 616 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 617 ret = -EFAULT; 618 } 619 620 kfree(tmpbuf); 621 error2: 622 key_ref_put(key_ref); 623 error: 624 return ret; 625 } 626 627 /* 628 * Search the specified keyring and any keyrings it links to for a matching 629 * key. Only keyrings that grant the caller Search permission will be searched 630 * (this includes the starting keyring). Only keys with Search permission can 631 * be found. 632 * 633 * If successful, the found key will be linked to the destination keyring if 634 * supplied and the key has Link permission, and the found key ID will be 635 * returned. 636 */ 637 long keyctl_keyring_search(key_serial_t ringid, 638 const char __user *_type, 639 const char __user *_description, 640 key_serial_t destringid) 641 { 642 struct key_type *ktype; 643 key_ref_t keyring_ref, key_ref, dest_ref; 644 char type[32], *description; 645 long ret; 646 647 /* pull the type and description into kernel space */ 648 ret = key_get_type_from_user(type, _type, sizeof(type)); 649 if (ret < 0) 650 goto error; 651 652 description = strndup_user(_description, PAGE_SIZE); 653 if (IS_ERR(description)) { 654 ret = PTR_ERR(description); 655 goto error; 656 } 657 658 /* get the keyring at which to begin the search */ 659 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH); 660 if (IS_ERR(keyring_ref)) { 661 ret = PTR_ERR(keyring_ref); 662 goto error2; 663 } 664 665 /* get the destination keyring if specified */ 666 dest_ref = NULL; 667 if (destringid) { 668 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 669 KEY_NEED_WRITE); 670 if (IS_ERR(dest_ref)) { 671 ret = PTR_ERR(dest_ref); 672 goto error3; 673 } 674 } 675 676 /* find the key type */ 677 ktype = key_type_lookup(type); 678 if (IS_ERR(ktype)) { 679 ret = PTR_ERR(ktype); 680 goto error4; 681 } 682 683 /* do the search */ 684 key_ref = keyring_search(keyring_ref, ktype, description); 685 if (IS_ERR(key_ref)) { 686 ret = PTR_ERR(key_ref); 687 688 /* treat lack or presence of a negative key the same */ 689 if (ret == -EAGAIN) 690 ret = -ENOKEY; 691 goto error5; 692 } 693 694 /* link the resulting key to the destination keyring if we can */ 695 if (dest_ref) { 696 ret = key_permission(key_ref, KEY_NEED_LINK); 697 if (ret < 0) 698 goto error6; 699 700 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 701 if (ret < 0) 702 goto error6; 703 } 704 705 ret = key_ref_to_ptr(key_ref)->serial; 706 707 error6: 708 key_ref_put(key_ref); 709 error5: 710 key_type_put(ktype); 711 error4: 712 key_ref_put(dest_ref); 713 error3: 714 key_ref_put(keyring_ref); 715 error2: 716 kfree(description); 717 error: 718 return ret; 719 } 720 721 /* 722 * Read a key's payload. 723 * 724 * The key must either grant the caller Read permission, or it must grant the 725 * caller Search permission when searched for from the process keyrings. 726 * 727 * If successful, we place up to buflen bytes of data into the buffer, if one 728 * is provided, and return the amount of data that is available in the key, 729 * irrespective of how much we copied into the buffer. 730 */ 731 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 732 { 733 struct key *key; 734 key_ref_t key_ref; 735 long ret; 736 737 /* find the key first */ 738 key_ref = lookup_user_key(keyid, 0, 0); 739 if (IS_ERR(key_ref)) { 740 ret = -ENOKEY; 741 goto error; 742 } 743 744 key = key_ref_to_ptr(key_ref); 745 746 /* see if we can read it directly */ 747 ret = key_permission(key_ref, KEY_NEED_READ); 748 if (ret == 0) 749 goto can_read_key; 750 if (ret != -EACCES) 751 goto error; 752 753 /* we can't; see if it's searchable from this process's keyrings 754 * - we automatically take account of the fact that it may be 755 * dangling off an instantiation key 756 */ 757 if (!is_key_possessed(key_ref)) { 758 ret = -EACCES; 759 goto error2; 760 } 761 762 /* the key is probably readable - now try to read it */ 763 can_read_key: 764 ret = key_validate(key); 765 if (ret == 0) { 766 ret = -EOPNOTSUPP; 767 if (key->type->read) { 768 /* read the data with the semaphore held (since we 769 * might sleep) */ 770 down_read(&key->sem); 771 ret = key->type->read(key, buffer, buflen); 772 up_read(&key->sem); 773 } 774 } 775 776 error2: 777 key_put(key); 778 error: 779 return ret; 780 } 781 782 /* 783 * Change the ownership of a key 784 * 785 * The key must grant the caller Setattr permission for this to work, though 786 * the key need not be fully instantiated yet. For the UID to be changed, or 787 * for the GID to be changed to a group the caller is not a member of, the 788 * caller must have sysadmin capability. If either uid or gid is -1 then that 789 * attribute is not changed. 790 * 791 * If the UID is to be changed, the new user must have sufficient quota to 792 * accept the key. The quota deduction will be removed from the old user to 793 * the new user should the attribute be changed. 794 * 795 * If successful, 0 will be returned. 796 */ 797 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 798 { 799 struct key_user *newowner, *zapowner = NULL; 800 struct key *key; 801 key_ref_t key_ref; 802 long ret; 803 kuid_t uid; 804 kgid_t gid; 805 806 uid = make_kuid(current_user_ns(), user); 807 gid = make_kgid(current_user_ns(), group); 808 ret = -EINVAL; 809 if ((user != (uid_t) -1) && !uid_valid(uid)) 810 goto error; 811 if ((group != (gid_t) -1) && !gid_valid(gid)) 812 goto error; 813 814 ret = 0; 815 if (user == (uid_t) -1 && group == (gid_t) -1) 816 goto error; 817 818 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 819 KEY_NEED_SETATTR); 820 if (IS_ERR(key_ref)) { 821 ret = PTR_ERR(key_ref); 822 goto error; 823 } 824 825 key = key_ref_to_ptr(key_ref); 826 827 /* make the changes with the locks held to prevent chown/chown races */ 828 ret = -EACCES; 829 down_write(&key->sem); 830 831 if (!capable(CAP_SYS_ADMIN)) { 832 /* only the sysadmin can chown a key to some other UID */ 833 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 834 goto error_put; 835 836 /* only the sysadmin can set the key's GID to a group other 837 * than one of those that the current process subscribes to */ 838 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 839 goto error_put; 840 } 841 842 /* change the UID */ 843 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 844 ret = -ENOMEM; 845 newowner = key_user_lookup(uid); 846 if (!newowner) 847 goto error_put; 848 849 /* transfer the quota burden to the new user */ 850 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 851 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 852 key_quota_root_maxkeys : key_quota_maxkeys; 853 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 854 key_quota_root_maxbytes : key_quota_maxbytes; 855 856 spin_lock(&newowner->lock); 857 if (newowner->qnkeys + 1 >= maxkeys || 858 newowner->qnbytes + key->quotalen >= maxbytes || 859 newowner->qnbytes + key->quotalen < 860 newowner->qnbytes) 861 goto quota_overrun; 862 863 newowner->qnkeys++; 864 newowner->qnbytes += key->quotalen; 865 spin_unlock(&newowner->lock); 866 867 spin_lock(&key->user->lock); 868 key->user->qnkeys--; 869 key->user->qnbytes -= key->quotalen; 870 spin_unlock(&key->user->lock); 871 } 872 873 atomic_dec(&key->user->nkeys); 874 atomic_inc(&newowner->nkeys); 875 876 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 877 atomic_dec(&key->user->nikeys); 878 atomic_inc(&newowner->nikeys); 879 } 880 881 zapowner = key->user; 882 key->user = newowner; 883 key->uid = uid; 884 } 885 886 /* change the GID */ 887 if (group != (gid_t) -1) 888 key->gid = gid; 889 890 ret = 0; 891 892 error_put: 893 up_write(&key->sem); 894 key_put(key); 895 if (zapowner) 896 key_user_put(zapowner); 897 error: 898 return ret; 899 900 quota_overrun: 901 spin_unlock(&newowner->lock); 902 zapowner = newowner; 903 ret = -EDQUOT; 904 goto error_put; 905 } 906 907 /* 908 * Change the permission mask on a key. 909 * 910 * The key must grant the caller Setattr permission for this to work, though 911 * the key need not be fully instantiated yet. If the caller does not have 912 * sysadmin capability, it may only change the permission on keys that it owns. 913 */ 914 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 915 { 916 struct key *key; 917 key_ref_t key_ref; 918 long ret; 919 920 ret = -EINVAL; 921 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 922 goto error; 923 924 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 925 KEY_NEED_SETATTR); 926 if (IS_ERR(key_ref)) { 927 ret = PTR_ERR(key_ref); 928 goto error; 929 } 930 931 key = key_ref_to_ptr(key_ref); 932 933 /* make the changes with the locks held to prevent chown/chmod races */ 934 ret = -EACCES; 935 down_write(&key->sem); 936 937 /* if we're not the sysadmin, we can only change a key that we own */ 938 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 939 key->perm = perm; 940 ret = 0; 941 } 942 943 up_write(&key->sem); 944 key_put(key); 945 error: 946 return ret; 947 } 948 949 /* 950 * Get the destination keyring for instantiation and check that the caller has 951 * Write permission on it. 952 */ 953 static long get_instantiation_keyring(key_serial_t ringid, 954 struct request_key_auth *rka, 955 struct key **_dest_keyring) 956 { 957 key_ref_t dkref; 958 959 *_dest_keyring = NULL; 960 961 /* just return a NULL pointer if we weren't asked to make a link */ 962 if (ringid == 0) 963 return 0; 964 965 /* if a specific keyring is nominated by ID, then use that */ 966 if (ringid > 0) { 967 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 968 if (IS_ERR(dkref)) 969 return PTR_ERR(dkref); 970 *_dest_keyring = key_ref_to_ptr(dkref); 971 return 0; 972 } 973 974 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 975 return -EINVAL; 976 977 /* otherwise specify the destination keyring recorded in the 978 * authorisation key (any KEY_SPEC_*_KEYRING) */ 979 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 980 *_dest_keyring = key_get(rka->dest_keyring); 981 return 0; 982 } 983 984 return -ENOKEY; 985 } 986 987 /* 988 * Change the request_key authorisation key on the current process. 989 */ 990 static int keyctl_change_reqkey_auth(struct key *key) 991 { 992 struct cred *new; 993 994 new = prepare_creds(); 995 if (!new) 996 return -ENOMEM; 997 998 key_put(new->request_key_auth); 999 new->request_key_auth = key_get(key); 1000 1001 return commit_creds(new); 1002 } 1003 1004 /* 1005 * Copy the iovec data from userspace 1006 */ 1007 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 1008 unsigned ioc) 1009 { 1010 for (; ioc > 0; ioc--) { 1011 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 1012 return -EFAULT; 1013 buffer += iov->iov_len; 1014 iov++; 1015 } 1016 return 0; 1017 } 1018 1019 /* 1020 * Instantiate a key with the specified payload and link the key into the 1021 * destination keyring if one is given. 1022 * 1023 * The caller must have the appropriate instantiation permit set for this to 1024 * work (see keyctl_assume_authority). No other permissions are required. 1025 * 1026 * If successful, 0 will be returned. 1027 */ 1028 long keyctl_instantiate_key_common(key_serial_t id, 1029 const struct iovec *payload_iov, 1030 unsigned ioc, 1031 size_t plen, 1032 key_serial_t ringid) 1033 { 1034 const struct cred *cred = current_cred(); 1035 struct request_key_auth *rka; 1036 struct key *instkey, *dest_keyring; 1037 void *payload; 1038 long ret; 1039 bool vm = false; 1040 1041 kenter("%d,,%zu,%d", id, plen, ringid); 1042 1043 ret = -EINVAL; 1044 if (plen > 1024 * 1024 - 1) 1045 goto error; 1046 1047 /* the appropriate instantiation authorisation key must have been 1048 * assumed before calling this */ 1049 ret = -EPERM; 1050 instkey = cred->request_key_auth; 1051 if (!instkey) 1052 goto error; 1053 1054 rka = instkey->payload.data; 1055 if (rka->target_key->serial != id) 1056 goto error; 1057 1058 /* pull the payload in if one was supplied */ 1059 payload = NULL; 1060 1061 if (payload_iov) { 1062 ret = -ENOMEM; 1063 payload = kmalloc(plen, GFP_KERNEL); 1064 if (!payload) { 1065 if (plen <= PAGE_SIZE) 1066 goto error; 1067 vm = true; 1068 payload = vmalloc(plen); 1069 if (!payload) 1070 goto error; 1071 } 1072 1073 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1074 if (ret < 0) 1075 goto error2; 1076 } 1077 1078 /* find the destination keyring amongst those belonging to the 1079 * requesting task */ 1080 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1081 if (ret < 0) 1082 goto error2; 1083 1084 /* instantiate the key and link it into a keyring */ 1085 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1086 dest_keyring, instkey); 1087 1088 key_put(dest_keyring); 1089 1090 /* discard the assumed authority if it's just been disabled by 1091 * instantiation of the key */ 1092 if (ret == 0) 1093 keyctl_change_reqkey_auth(NULL); 1094 1095 error2: 1096 if (!vm) 1097 kfree(payload); 1098 else 1099 vfree(payload); 1100 error: 1101 return ret; 1102 } 1103 1104 /* 1105 * Instantiate a key with the specified payload and link the key into the 1106 * destination keyring if one is given. 1107 * 1108 * The caller must have the appropriate instantiation permit set for this to 1109 * work (see keyctl_assume_authority). No other permissions are required. 1110 * 1111 * If successful, 0 will be returned. 1112 */ 1113 long keyctl_instantiate_key(key_serial_t id, 1114 const void __user *_payload, 1115 size_t plen, 1116 key_serial_t ringid) 1117 { 1118 if (_payload && plen) { 1119 struct iovec iov[1] = { 1120 [0].iov_base = (void __user *)_payload, 1121 [0].iov_len = plen 1122 }; 1123 1124 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1125 } 1126 1127 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1128 } 1129 1130 /* 1131 * Instantiate a key with the specified multipart payload and link the key into 1132 * the destination keyring if one is given. 1133 * 1134 * The caller must have the appropriate instantiation permit set for this to 1135 * work (see keyctl_assume_authority). No other permissions are required. 1136 * 1137 * If successful, 0 will be returned. 1138 */ 1139 long keyctl_instantiate_key_iov(key_serial_t id, 1140 const struct iovec __user *_payload_iov, 1141 unsigned ioc, 1142 key_serial_t ringid) 1143 { 1144 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1145 long ret; 1146 1147 if (!_payload_iov || !ioc) 1148 goto no_payload; 1149 1150 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1151 ARRAY_SIZE(iovstack), iovstack, &iov); 1152 if (ret < 0) 1153 goto err; 1154 if (ret == 0) 1155 goto no_payload_free; 1156 1157 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1158 err: 1159 if (iov != iovstack) 1160 kfree(iov); 1161 return ret; 1162 1163 no_payload_free: 1164 if (iov != iovstack) 1165 kfree(iov); 1166 no_payload: 1167 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1168 } 1169 1170 /* 1171 * Negatively instantiate the key with the given timeout (in seconds) and link 1172 * the key into the destination keyring if one is given. 1173 * 1174 * The caller must have the appropriate instantiation permit set for this to 1175 * work (see keyctl_assume_authority). No other permissions are required. 1176 * 1177 * The key and any links to the key will be automatically garbage collected 1178 * after the timeout expires. 1179 * 1180 * Negative keys are used to rate limit repeated request_key() calls by causing 1181 * them to return -ENOKEY until the negative key expires. 1182 * 1183 * If successful, 0 will be returned. 1184 */ 1185 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1186 { 1187 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1188 } 1189 1190 /* 1191 * Negatively instantiate the key with the given timeout (in seconds) and error 1192 * code and link the key into the destination keyring if one is given. 1193 * 1194 * The caller must have the appropriate instantiation permit set for this to 1195 * work (see keyctl_assume_authority). No other permissions are required. 1196 * 1197 * The key and any links to the key will be automatically garbage collected 1198 * after the timeout expires. 1199 * 1200 * Negative keys are used to rate limit repeated request_key() calls by causing 1201 * them to return the specified error code until the negative key expires. 1202 * 1203 * If successful, 0 will be returned. 1204 */ 1205 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1206 key_serial_t ringid) 1207 { 1208 const struct cred *cred = current_cred(); 1209 struct request_key_auth *rka; 1210 struct key *instkey, *dest_keyring; 1211 long ret; 1212 1213 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1214 1215 /* must be a valid error code and mustn't be a kernel special */ 1216 if (error <= 0 || 1217 error >= MAX_ERRNO || 1218 error == ERESTARTSYS || 1219 error == ERESTARTNOINTR || 1220 error == ERESTARTNOHAND || 1221 error == ERESTART_RESTARTBLOCK) 1222 return -EINVAL; 1223 1224 /* the appropriate instantiation authorisation key must have been 1225 * assumed before calling this */ 1226 ret = -EPERM; 1227 instkey = cred->request_key_auth; 1228 if (!instkey) 1229 goto error; 1230 1231 rka = instkey->payload.data; 1232 if (rka->target_key->serial != id) 1233 goto error; 1234 1235 /* find the destination keyring if present (which must also be 1236 * writable) */ 1237 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1238 if (ret < 0) 1239 goto error; 1240 1241 /* instantiate the key and link it into a keyring */ 1242 ret = key_reject_and_link(rka->target_key, timeout, error, 1243 dest_keyring, instkey); 1244 1245 key_put(dest_keyring); 1246 1247 /* discard the assumed authority if it's just been disabled by 1248 * instantiation of the key */ 1249 if (ret == 0) 1250 keyctl_change_reqkey_auth(NULL); 1251 1252 error: 1253 return ret; 1254 } 1255 1256 /* 1257 * Read or set the default keyring in which request_key() will cache keys and 1258 * return the old setting. 1259 * 1260 * If a process keyring is specified then this will be created if it doesn't 1261 * yet exist. The old setting will be returned if successful. 1262 */ 1263 long keyctl_set_reqkey_keyring(int reqkey_defl) 1264 { 1265 struct cred *new; 1266 int ret, old_setting; 1267 1268 old_setting = current_cred_xxx(jit_keyring); 1269 1270 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1271 return old_setting; 1272 1273 new = prepare_creds(); 1274 if (!new) 1275 return -ENOMEM; 1276 1277 switch (reqkey_defl) { 1278 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1279 ret = install_thread_keyring_to_cred(new); 1280 if (ret < 0) 1281 goto error; 1282 goto set; 1283 1284 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1285 ret = install_process_keyring_to_cred(new); 1286 if (ret < 0) { 1287 if (ret != -EEXIST) 1288 goto error; 1289 ret = 0; 1290 } 1291 goto set; 1292 1293 case KEY_REQKEY_DEFL_DEFAULT: 1294 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1295 case KEY_REQKEY_DEFL_USER_KEYRING: 1296 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1297 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1298 goto set; 1299 1300 case KEY_REQKEY_DEFL_NO_CHANGE: 1301 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1302 default: 1303 ret = -EINVAL; 1304 goto error; 1305 } 1306 1307 set: 1308 new->jit_keyring = reqkey_defl; 1309 commit_creds(new); 1310 return old_setting; 1311 error: 1312 abort_creds(new); 1313 return ret; 1314 } 1315 1316 /* 1317 * Set or clear the timeout on a key. 1318 * 1319 * Either the key must grant the caller Setattr permission or else the caller 1320 * must hold an instantiation authorisation token for the key. 1321 * 1322 * The timeout is either 0 to clear the timeout, or a number of seconds from 1323 * the current time. The key and any links to the key will be automatically 1324 * garbage collected after the timeout expires. 1325 * 1326 * If successful, 0 is returned. 1327 */ 1328 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1329 { 1330 struct key *key, *instkey; 1331 key_ref_t key_ref; 1332 long ret; 1333 1334 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1335 KEY_NEED_SETATTR); 1336 if (IS_ERR(key_ref)) { 1337 /* setting the timeout on a key under construction is permitted 1338 * if we have the authorisation token handy */ 1339 if (PTR_ERR(key_ref) == -EACCES) { 1340 instkey = key_get_instantiation_authkey(id); 1341 if (!IS_ERR(instkey)) { 1342 key_put(instkey); 1343 key_ref = lookup_user_key(id, 1344 KEY_LOOKUP_PARTIAL, 1345 0); 1346 if (!IS_ERR(key_ref)) 1347 goto okay; 1348 } 1349 } 1350 1351 ret = PTR_ERR(key_ref); 1352 goto error; 1353 } 1354 1355 okay: 1356 key = key_ref_to_ptr(key_ref); 1357 key_set_timeout(key, timeout); 1358 key_put(key); 1359 1360 ret = 0; 1361 error: 1362 return ret; 1363 } 1364 1365 /* 1366 * Assume (or clear) the authority to instantiate the specified key. 1367 * 1368 * This sets the authoritative token currently in force for key instantiation. 1369 * This must be done for a key to be instantiated. It has the effect of making 1370 * available all the keys from the caller of the request_key() that created a 1371 * key to request_key() calls made by the caller of this function. 1372 * 1373 * The caller must have the instantiation key in their process keyrings with a 1374 * Search permission grant available to the caller. 1375 * 1376 * If the ID given is 0, then the setting will be cleared and 0 returned. 1377 * 1378 * If the ID given has a matching an authorisation key, then that key will be 1379 * set and its ID will be returned. The authorisation key can be read to get 1380 * the callout information passed to request_key(). 1381 */ 1382 long keyctl_assume_authority(key_serial_t id) 1383 { 1384 struct key *authkey; 1385 long ret; 1386 1387 /* special key IDs aren't permitted */ 1388 ret = -EINVAL; 1389 if (id < 0) 1390 goto error; 1391 1392 /* we divest ourselves of authority if given an ID of 0 */ 1393 if (id == 0) { 1394 ret = keyctl_change_reqkey_auth(NULL); 1395 goto error; 1396 } 1397 1398 /* attempt to assume the authority temporarily granted to us whilst we 1399 * instantiate the specified key 1400 * - the authorisation key must be in the current task's keyrings 1401 * somewhere 1402 */ 1403 authkey = key_get_instantiation_authkey(id); 1404 if (IS_ERR(authkey)) { 1405 ret = PTR_ERR(authkey); 1406 goto error; 1407 } 1408 1409 ret = keyctl_change_reqkey_auth(authkey); 1410 if (ret < 0) 1411 goto error; 1412 key_put(authkey); 1413 1414 ret = authkey->serial; 1415 error: 1416 return ret; 1417 } 1418 1419 /* 1420 * Get a key's the LSM security label. 1421 * 1422 * The key must grant the caller View permission for this to work. 1423 * 1424 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1425 * 1426 * If successful, the amount of information available will be returned, 1427 * irrespective of how much was copied (including the terminal NUL). 1428 */ 1429 long keyctl_get_security(key_serial_t keyid, 1430 char __user *buffer, 1431 size_t buflen) 1432 { 1433 struct key *key, *instkey; 1434 key_ref_t key_ref; 1435 char *context; 1436 long ret; 1437 1438 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 1439 if (IS_ERR(key_ref)) { 1440 if (PTR_ERR(key_ref) != -EACCES) 1441 return PTR_ERR(key_ref); 1442 1443 /* viewing a key under construction is also permitted if we 1444 * have the authorisation token handy */ 1445 instkey = key_get_instantiation_authkey(keyid); 1446 if (IS_ERR(instkey)) 1447 return PTR_ERR(instkey); 1448 key_put(instkey); 1449 1450 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1451 if (IS_ERR(key_ref)) 1452 return PTR_ERR(key_ref); 1453 } 1454 1455 key = key_ref_to_ptr(key_ref); 1456 ret = security_key_getsecurity(key, &context); 1457 if (ret == 0) { 1458 /* if no information was returned, give userspace an empty 1459 * string */ 1460 ret = 1; 1461 if (buffer && buflen > 0 && 1462 copy_to_user(buffer, "", 1) != 0) 1463 ret = -EFAULT; 1464 } else if (ret > 0) { 1465 /* return as much data as there's room for */ 1466 if (buffer && buflen > 0) { 1467 if (buflen > ret) 1468 buflen = ret; 1469 1470 if (copy_to_user(buffer, context, buflen) != 0) 1471 ret = -EFAULT; 1472 } 1473 1474 kfree(context); 1475 } 1476 1477 key_ref_put(key_ref); 1478 return ret; 1479 } 1480 1481 /* 1482 * Attempt to install the calling process's session keyring on the process's 1483 * parent process. 1484 * 1485 * The keyring must exist and must grant the caller LINK permission, and the 1486 * parent process must be single-threaded and must have the same effective 1487 * ownership as this process and mustn't be SUID/SGID. 1488 * 1489 * The keyring will be emplaced on the parent when it next resumes userspace. 1490 * 1491 * If successful, 0 will be returned. 1492 */ 1493 long keyctl_session_to_parent(void) 1494 { 1495 struct task_struct *me, *parent; 1496 const struct cred *mycred, *pcred; 1497 struct callback_head *newwork, *oldwork; 1498 key_ref_t keyring_r; 1499 struct cred *cred; 1500 int ret; 1501 1502 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK); 1503 if (IS_ERR(keyring_r)) 1504 return PTR_ERR(keyring_r); 1505 1506 ret = -ENOMEM; 1507 1508 /* our parent is going to need a new cred struct, a new tgcred struct 1509 * and new security data, so we allocate them here to prevent ENOMEM in 1510 * our parent */ 1511 cred = cred_alloc_blank(); 1512 if (!cred) 1513 goto error_keyring; 1514 newwork = &cred->rcu; 1515 1516 cred->session_keyring = key_ref_to_ptr(keyring_r); 1517 keyring_r = NULL; 1518 init_task_work(newwork, key_change_session_keyring); 1519 1520 me = current; 1521 rcu_read_lock(); 1522 write_lock_irq(&tasklist_lock); 1523 1524 ret = -EPERM; 1525 oldwork = NULL; 1526 parent = me->real_parent; 1527 1528 /* the parent mustn't be init and mustn't be a kernel thread */ 1529 if (parent->pid <= 1 || !parent->mm) 1530 goto unlock; 1531 1532 /* the parent must be single threaded */ 1533 if (!thread_group_empty(parent)) 1534 goto unlock; 1535 1536 /* the parent and the child must have different session keyrings or 1537 * there's no point */ 1538 mycred = current_cred(); 1539 pcred = __task_cred(parent); 1540 if (mycred == pcred || 1541 mycred->session_keyring == pcred->session_keyring) { 1542 ret = 0; 1543 goto unlock; 1544 } 1545 1546 /* the parent must have the same effective ownership and mustn't be 1547 * SUID/SGID */ 1548 if (!uid_eq(pcred->uid, mycred->euid) || 1549 !uid_eq(pcred->euid, mycred->euid) || 1550 !uid_eq(pcred->suid, mycred->euid) || 1551 !gid_eq(pcred->gid, mycred->egid) || 1552 !gid_eq(pcred->egid, mycred->egid) || 1553 !gid_eq(pcred->sgid, mycred->egid)) 1554 goto unlock; 1555 1556 /* the keyrings must have the same UID */ 1557 if ((pcred->session_keyring && 1558 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1559 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1560 goto unlock; 1561 1562 /* cancel an already pending keyring replacement */ 1563 oldwork = task_work_cancel(parent, key_change_session_keyring); 1564 1565 /* the replacement session keyring is applied just prior to userspace 1566 * restarting */ 1567 ret = task_work_add(parent, newwork, true); 1568 if (!ret) 1569 newwork = NULL; 1570 unlock: 1571 write_unlock_irq(&tasklist_lock); 1572 rcu_read_unlock(); 1573 if (oldwork) 1574 put_cred(container_of(oldwork, struct cred, rcu)); 1575 if (newwork) 1576 put_cred(cred); 1577 return ret; 1578 1579 error_keyring: 1580 key_ref_put(keyring_r); 1581 return ret; 1582 } 1583 1584 /* 1585 * The key control system call 1586 */ 1587 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1588 unsigned long, arg4, unsigned long, arg5) 1589 { 1590 switch (option) { 1591 case KEYCTL_GET_KEYRING_ID: 1592 return keyctl_get_keyring_ID((key_serial_t) arg2, 1593 (int) arg3); 1594 1595 case KEYCTL_JOIN_SESSION_KEYRING: 1596 return keyctl_join_session_keyring((const char __user *) arg2); 1597 1598 case KEYCTL_UPDATE: 1599 return keyctl_update_key((key_serial_t) arg2, 1600 (const void __user *) arg3, 1601 (size_t) arg4); 1602 1603 case KEYCTL_REVOKE: 1604 return keyctl_revoke_key((key_serial_t) arg2); 1605 1606 case KEYCTL_DESCRIBE: 1607 return keyctl_describe_key((key_serial_t) arg2, 1608 (char __user *) arg3, 1609 (unsigned) arg4); 1610 1611 case KEYCTL_CLEAR: 1612 return keyctl_keyring_clear((key_serial_t) arg2); 1613 1614 case KEYCTL_LINK: 1615 return keyctl_keyring_link((key_serial_t) arg2, 1616 (key_serial_t) arg3); 1617 1618 case KEYCTL_UNLINK: 1619 return keyctl_keyring_unlink((key_serial_t) arg2, 1620 (key_serial_t) arg3); 1621 1622 case KEYCTL_SEARCH: 1623 return keyctl_keyring_search((key_serial_t) arg2, 1624 (const char __user *) arg3, 1625 (const char __user *) arg4, 1626 (key_serial_t) arg5); 1627 1628 case KEYCTL_READ: 1629 return keyctl_read_key((key_serial_t) arg2, 1630 (char __user *) arg3, 1631 (size_t) arg4); 1632 1633 case KEYCTL_CHOWN: 1634 return keyctl_chown_key((key_serial_t) arg2, 1635 (uid_t) arg3, 1636 (gid_t) arg4); 1637 1638 case KEYCTL_SETPERM: 1639 return keyctl_setperm_key((key_serial_t) arg2, 1640 (key_perm_t) arg3); 1641 1642 case KEYCTL_INSTANTIATE: 1643 return keyctl_instantiate_key((key_serial_t) arg2, 1644 (const void __user *) arg3, 1645 (size_t) arg4, 1646 (key_serial_t) arg5); 1647 1648 case KEYCTL_NEGATE: 1649 return keyctl_negate_key((key_serial_t) arg2, 1650 (unsigned) arg3, 1651 (key_serial_t) arg4); 1652 1653 case KEYCTL_SET_REQKEY_KEYRING: 1654 return keyctl_set_reqkey_keyring(arg2); 1655 1656 case KEYCTL_SET_TIMEOUT: 1657 return keyctl_set_timeout((key_serial_t) arg2, 1658 (unsigned) arg3); 1659 1660 case KEYCTL_ASSUME_AUTHORITY: 1661 return keyctl_assume_authority((key_serial_t) arg2); 1662 1663 case KEYCTL_GET_SECURITY: 1664 return keyctl_get_security((key_serial_t) arg2, 1665 (char __user *) arg3, 1666 (size_t) arg4); 1667 1668 case KEYCTL_SESSION_TO_PARENT: 1669 return keyctl_session_to_parent(); 1670 1671 case KEYCTL_REJECT: 1672 return keyctl_reject_key((key_serial_t) arg2, 1673 (unsigned) arg3, 1674 (unsigned) arg4, 1675 (key_serial_t) arg5); 1676 1677 case KEYCTL_INSTANTIATE_IOV: 1678 return keyctl_instantiate_key_iov( 1679 (key_serial_t) arg2, 1680 (const struct iovec __user *) arg3, 1681 (unsigned) arg4, 1682 (key_serial_t) arg5); 1683 1684 case KEYCTL_INVALIDATE: 1685 return keyctl_invalidate_key((key_serial_t) arg2); 1686 1687 case KEYCTL_GET_PERSISTENT: 1688 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3); 1689 1690 default: 1691 return -EOPNOTSUPP; 1692 } 1693 } 1694