1 /* keyctl.c: userspace keyctl operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/keyctl.h> 18 #include <linux/fs.h> 19 #include <linux/err.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /*****************************************************************************/ 24 /* 25 * extract the description of a new key from userspace and either add it as a 26 * new key to the specified keyring or update a matching key in that keyring 27 * - the keyring must be writable 28 * - returns the new key's serial number 29 * - implements add_key() 30 */ 31 asmlinkage long sys_add_key(const char __user *_type, 32 const char __user *_description, 33 const void __user *_payload, 34 size_t plen, 35 key_serial_t ringid) 36 { 37 struct key *keyring, *key; 38 char type[32], *description; 39 void *payload; 40 long dlen, ret; 41 42 ret = -EINVAL; 43 if (plen > 32767) 44 goto error; 45 46 /* draw all the data into kernel space */ 47 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 48 if (ret < 0) 49 goto error; 50 type[31] = '\0'; 51 52 ret = -EPERM; 53 if (type[0] == '.') 54 goto error; 55 56 ret = -EFAULT; 57 dlen = strnlen_user(_description, PAGE_SIZE - 1); 58 if (dlen <= 0) 59 goto error; 60 61 ret = -EINVAL; 62 if (dlen > PAGE_SIZE - 1) 63 goto error; 64 65 ret = -ENOMEM; 66 description = kmalloc(dlen + 1, GFP_KERNEL); 67 if (!description) 68 goto error; 69 70 ret = -EFAULT; 71 if (copy_from_user(description, _description, dlen + 1) != 0) 72 goto error2; 73 74 /* pull the payload in if one was supplied */ 75 payload = NULL; 76 77 if (_payload) { 78 ret = -ENOMEM; 79 payload = kmalloc(plen, GFP_KERNEL); 80 if (!payload) 81 goto error2; 82 83 ret = -EFAULT; 84 if (copy_from_user(payload, _payload, plen) != 0) 85 goto error3; 86 } 87 88 /* find the target keyring (which must be writable) */ 89 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 90 if (IS_ERR(keyring)) { 91 ret = PTR_ERR(keyring); 92 goto error3; 93 } 94 95 /* create or update the requested key and add it to the target 96 * keyring */ 97 key = key_create_or_update(keyring, type, description, 98 payload, plen, 0); 99 if (!IS_ERR(key)) { 100 ret = key->serial; 101 key_put(key); 102 } 103 else { 104 ret = PTR_ERR(key); 105 } 106 107 key_put(keyring); 108 error3: 109 kfree(payload); 110 error2: 111 kfree(description); 112 error: 113 return ret; 114 115 } /* end sys_add_key() */ 116 117 /*****************************************************************************/ 118 /* 119 * search the process keyrings for a matching key 120 * - nested keyrings may also be searched if they have Search permission 121 * - if a key is found, it will be attached to the destination keyring if 122 * there's one specified 123 * - /sbin/request-key will be invoked if _callout_info is non-NULL 124 * - the _callout_info string will be passed to /sbin/request-key 125 * - if the _callout_info string is empty, it will be rendered as "-" 126 * - implements request_key() 127 */ 128 asmlinkage long sys_request_key(const char __user *_type, 129 const char __user *_description, 130 const char __user *_callout_info, 131 key_serial_t destringid) 132 { 133 struct key_type *ktype; 134 struct key *key, *dest; 135 char type[32], *description, *callout_info; 136 long dlen, ret; 137 138 /* pull the type into kernel space */ 139 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 140 if (ret < 0) 141 goto error; 142 type[31] = '\0'; 143 144 ret = -EPERM; 145 if (type[0] == '.') 146 goto error; 147 148 /* pull the description into kernel space */ 149 ret = -EFAULT; 150 dlen = strnlen_user(_description, PAGE_SIZE - 1); 151 if (dlen <= 0) 152 goto error; 153 154 ret = -EINVAL; 155 if (dlen > PAGE_SIZE - 1) 156 goto error; 157 158 ret = -ENOMEM; 159 description = kmalloc(dlen + 1, GFP_KERNEL); 160 if (!description) 161 goto error; 162 163 ret = -EFAULT; 164 if (copy_from_user(description, _description, dlen + 1) != 0) 165 goto error2; 166 167 /* pull the callout info into kernel space */ 168 callout_info = NULL; 169 if (_callout_info) { 170 ret = -EFAULT; 171 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1); 172 if (dlen <= 0) 173 goto error2; 174 175 ret = -EINVAL; 176 if (dlen > PAGE_SIZE - 1) 177 goto error2; 178 179 ret = -ENOMEM; 180 callout_info = kmalloc(dlen + 1, GFP_KERNEL); 181 if (!callout_info) 182 goto error2; 183 184 ret = -EFAULT; 185 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0) 186 goto error3; 187 } 188 189 /* get the destination keyring if specified */ 190 dest = NULL; 191 if (destringid) { 192 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 193 if (IS_ERR(dest)) { 194 ret = PTR_ERR(dest); 195 goto error3; 196 } 197 } 198 199 /* find the key type */ 200 ktype = key_type_lookup(type); 201 if (IS_ERR(ktype)) { 202 ret = PTR_ERR(ktype); 203 goto error4; 204 } 205 206 /* do the search */ 207 key = request_key_and_link(ktype, description, callout_info, dest); 208 if (IS_ERR(key)) { 209 ret = PTR_ERR(key); 210 goto error5; 211 } 212 213 ret = key->serial; 214 215 key_put(key); 216 error5: 217 key_type_put(ktype); 218 error4: 219 key_put(dest); 220 error3: 221 kfree(callout_info); 222 error2: 223 kfree(description); 224 error: 225 return ret; 226 227 } /* end sys_request_key() */ 228 229 /*****************************************************************************/ 230 /* 231 * get the ID of the specified process keyring 232 * - the keyring must have search permission to be found 233 * - implements keyctl(KEYCTL_GET_KEYRING_ID) 234 */ 235 long keyctl_get_keyring_ID(key_serial_t id, int create) 236 { 237 struct key *key; 238 long ret; 239 240 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); 241 if (IS_ERR(key)) { 242 ret = PTR_ERR(key); 243 goto error; 244 } 245 246 ret = key->serial; 247 key_put(key); 248 error: 249 return ret; 250 251 } /* end keyctl_get_keyring_ID() */ 252 253 /*****************************************************************************/ 254 /* 255 * join the session keyring 256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) 257 */ 258 long keyctl_join_session_keyring(const char __user *_name) 259 { 260 char *name; 261 long nlen, ret; 262 263 /* fetch the name from userspace */ 264 name = NULL; 265 if (_name) { 266 ret = -EFAULT; 267 nlen = strnlen_user(_name, PAGE_SIZE - 1); 268 if (nlen <= 0) 269 goto error; 270 271 ret = -EINVAL; 272 if (nlen > PAGE_SIZE - 1) 273 goto error; 274 275 ret = -ENOMEM; 276 name = kmalloc(nlen + 1, GFP_KERNEL); 277 if (!name) 278 goto error; 279 280 ret = -EFAULT; 281 if (copy_from_user(name, _name, nlen + 1) != 0) 282 goto error2; 283 } 284 285 /* join the session */ 286 ret = join_session_keyring(name); 287 288 error2: 289 kfree(name); 290 error: 291 return ret; 292 293 } /* end keyctl_join_session_keyring() */ 294 295 /*****************************************************************************/ 296 /* 297 * update a key's data payload 298 * - the key must be writable 299 * - implements keyctl(KEYCTL_UPDATE) 300 */ 301 long keyctl_update_key(key_serial_t id, 302 const void __user *_payload, 303 size_t plen) 304 { 305 struct key *key; 306 void *payload; 307 long ret; 308 309 ret = -EINVAL; 310 if (plen > PAGE_SIZE) 311 goto error; 312 313 /* pull the payload in if one was supplied */ 314 payload = NULL; 315 if (_payload) { 316 ret = -ENOMEM; 317 payload = kmalloc(plen, GFP_KERNEL); 318 if (!payload) 319 goto error; 320 321 ret = -EFAULT; 322 if (copy_from_user(payload, _payload, plen) != 0) 323 goto error2; 324 } 325 326 /* find the target key (which must be writable) */ 327 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 328 if (IS_ERR(key)) { 329 ret = PTR_ERR(key); 330 goto error2; 331 } 332 333 /* update the key */ 334 ret = key_update(key, payload, plen); 335 336 key_put(key); 337 error2: 338 kfree(payload); 339 error: 340 return ret; 341 342 } /* end keyctl_update_key() */ 343 344 /*****************************************************************************/ 345 /* 346 * revoke a key 347 * - the key must be writable 348 * - implements keyctl(KEYCTL_REVOKE) 349 */ 350 long keyctl_revoke_key(key_serial_t id) 351 { 352 struct key *key; 353 long ret; 354 355 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 356 if (IS_ERR(key)) { 357 ret = PTR_ERR(key); 358 goto error; 359 } 360 361 key_revoke(key); 362 ret = 0; 363 364 key_put(key); 365 error: 366 return ret; 367 368 } /* end keyctl_revoke_key() */ 369 370 /*****************************************************************************/ 371 /* 372 * clear the specified process keyring 373 * - the keyring must be writable 374 * - implements keyctl(KEYCTL_CLEAR) 375 */ 376 long keyctl_keyring_clear(key_serial_t ringid) 377 { 378 struct key *keyring; 379 long ret; 380 381 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 382 if (IS_ERR(keyring)) { 383 ret = PTR_ERR(keyring); 384 goto error; 385 } 386 387 ret = keyring_clear(keyring); 388 389 key_put(keyring); 390 error: 391 return ret; 392 393 } /* end keyctl_keyring_clear() */ 394 395 /*****************************************************************************/ 396 /* 397 * link a key into a keyring 398 * - the keyring must be writable 399 * - the key must be linkable 400 * - implements keyctl(KEYCTL_LINK) 401 */ 402 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 403 { 404 struct key *keyring, *key; 405 long ret; 406 407 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 408 if (IS_ERR(keyring)) { 409 ret = PTR_ERR(keyring); 410 goto error; 411 } 412 413 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK); 414 if (IS_ERR(key)) { 415 ret = PTR_ERR(key); 416 goto error2; 417 } 418 419 ret = key_link(keyring, key); 420 421 key_put(key); 422 error2: 423 key_put(keyring); 424 error: 425 return ret; 426 427 } /* end keyctl_keyring_link() */ 428 429 /*****************************************************************************/ 430 /* 431 * unlink the first attachment of a key from a keyring 432 * - the keyring must be writable 433 * - we don't need any permissions on the key 434 * - implements keyctl(KEYCTL_UNLINK) 435 */ 436 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 437 { 438 struct key *keyring, *key; 439 long ret; 440 441 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); 442 if (IS_ERR(keyring)) { 443 ret = PTR_ERR(keyring); 444 goto error; 445 } 446 447 key = lookup_user_key(NULL, id, 0, 0, 0); 448 if (IS_ERR(key)) { 449 ret = PTR_ERR(key); 450 goto error2; 451 } 452 453 ret = key_unlink(keyring, key); 454 455 key_put(key); 456 error2: 457 key_put(keyring); 458 error: 459 return ret; 460 461 } /* end keyctl_keyring_unlink() */ 462 463 /*****************************************************************************/ 464 /* 465 * describe a user key 466 * - the key must have view permission 467 * - if there's a buffer, we place up to buflen bytes of data into it 468 * - unless there's an error, we return the amount of description available, 469 * irrespective of how much we may have copied 470 * - the description is formatted thus: 471 * type;uid;gid;perm;description<NUL> 472 * - implements keyctl(KEYCTL_DESCRIBE) 473 */ 474 long keyctl_describe_key(key_serial_t keyid, 475 char __user *buffer, 476 size_t buflen) 477 { 478 struct key *key, *instkey; 479 char *tmpbuf; 480 long ret; 481 482 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 483 if (IS_ERR(key)) { 484 /* viewing a key under construction is permitted if we have the 485 * authorisation token handy */ 486 if (PTR_ERR(key) == -EACCES) { 487 instkey = key_get_instantiation_authkey(keyid); 488 if (!IS_ERR(instkey)) { 489 key_put(instkey); 490 key = lookup_user_key(NULL, keyid, 0, 1, 0); 491 if (!IS_ERR(key)) 492 goto okay; 493 } 494 } 495 496 ret = PTR_ERR(key); 497 goto error; 498 } 499 500 okay: 501 /* calculate how much description we're going to return */ 502 ret = -ENOMEM; 503 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 504 if (!tmpbuf) 505 goto error2; 506 507 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 508 "%s;%d;%d;%06x;%s", 509 key->type->name, 510 key->uid, 511 key->gid, 512 key->perm, 513 key->description ? key->description :"" 514 ); 515 516 /* include a NUL char at the end of the data */ 517 if (ret > PAGE_SIZE - 1) 518 ret = PAGE_SIZE - 1; 519 tmpbuf[ret] = 0; 520 ret++; 521 522 /* consider returning the data */ 523 if (buffer && buflen > 0) { 524 if (buflen > ret) 525 buflen = ret; 526 527 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 528 ret = -EFAULT; 529 } 530 531 kfree(tmpbuf); 532 error2: 533 key_put(key); 534 error: 535 return ret; 536 537 } /* end keyctl_describe_key() */ 538 539 /*****************************************************************************/ 540 /* 541 * search the specified keyring for a matching key 542 * - the start keyring must be searchable 543 * - nested keyrings may also be searched if they are searchable 544 * - only keys with search permission may be found 545 * - if a key is found, it will be attached to the destination keyring if 546 * there's one specified 547 * - implements keyctl(KEYCTL_SEARCH) 548 */ 549 long keyctl_keyring_search(key_serial_t ringid, 550 const char __user *_type, 551 const char __user *_description, 552 key_serial_t destringid) 553 { 554 struct key_type *ktype; 555 struct key *keyring, *key, *dest; 556 char type[32], *description; 557 long dlen, ret; 558 559 /* pull the type and description into kernel space */ 560 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 561 if (ret < 0) 562 goto error; 563 type[31] = '\0'; 564 565 ret = -EFAULT; 566 dlen = strnlen_user(_description, PAGE_SIZE - 1); 567 if (dlen <= 0) 568 goto error; 569 570 ret = -EINVAL; 571 if (dlen > PAGE_SIZE - 1) 572 goto error; 573 574 ret = -ENOMEM; 575 description = kmalloc(dlen + 1, GFP_KERNEL); 576 if (!description) 577 goto error; 578 579 ret = -EFAULT; 580 if (copy_from_user(description, _description, dlen + 1) != 0) 581 goto error2; 582 583 /* get the keyring at which to begin the search */ 584 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); 585 if (IS_ERR(keyring)) { 586 ret = PTR_ERR(keyring); 587 goto error2; 588 } 589 590 /* get the destination keyring if specified */ 591 dest = NULL; 592 if (destringid) { 593 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 594 if (IS_ERR(dest)) { 595 ret = PTR_ERR(dest); 596 goto error3; 597 } 598 } 599 600 /* find the key type */ 601 ktype = key_type_lookup(type); 602 if (IS_ERR(ktype)) { 603 ret = PTR_ERR(ktype); 604 goto error4; 605 } 606 607 /* do the search */ 608 key = keyring_search(keyring, ktype, description); 609 if (IS_ERR(key)) { 610 ret = PTR_ERR(key); 611 612 /* treat lack or presence of a negative key the same */ 613 if (ret == -EAGAIN) 614 ret = -ENOKEY; 615 goto error5; 616 } 617 618 /* link the resulting key to the destination keyring if we can */ 619 if (dest) { 620 ret = -EACCES; 621 if (!key_permission(key, KEY_LINK)) 622 goto error6; 623 624 ret = key_link(dest, key); 625 if (ret < 0) 626 goto error6; 627 } 628 629 ret = key->serial; 630 631 error6: 632 key_put(key); 633 error5: 634 key_type_put(ktype); 635 error4: 636 key_put(dest); 637 error3: 638 key_put(keyring); 639 error2: 640 kfree(description); 641 error: 642 return ret; 643 644 } /* end keyctl_keyring_search() */ 645 646 /*****************************************************************************/ 647 /* 648 * see if the key we're looking at is the target key 649 */ 650 static int keyctl_read_key_same(const struct key *key, const void *target) 651 { 652 return key == target; 653 654 } /* end keyctl_read_key_same() */ 655 656 /*****************************************************************************/ 657 /* 658 * read a user key's payload 659 * - the keyring must be readable or the key must be searchable from the 660 * process's keyrings 661 * - if there's a buffer, we place up to buflen bytes of data into it 662 * - unless there's an error, we return the amount of data in the key, 663 * irrespective of how much we may have copied 664 * - implements keyctl(KEYCTL_READ) 665 */ 666 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 667 { 668 struct key *key, *skey; 669 long ret; 670 671 /* find the key first */ 672 key = lookup_user_key(NULL, keyid, 0, 0, 0); 673 if (!IS_ERR(key)) { 674 /* see if we can read it directly */ 675 if (key_permission(key, KEY_READ)) 676 goto can_read_key; 677 678 /* we can't; see if it's searchable from this process's 679 * keyrings 680 * - we automatically take account of the fact that it may be 681 * dangling off an instantiation key 682 */ 683 skey = search_process_keyrings(key->type, key, 684 keyctl_read_key_same, current); 685 if (!IS_ERR(skey)) 686 goto can_read_key2; 687 688 ret = PTR_ERR(skey); 689 if (ret == -EAGAIN) 690 ret = -EACCES; 691 goto error2; 692 } 693 694 ret = -ENOKEY; 695 goto error; 696 697 /* the key is probably readable - now try to read it */ 698 can_read_key2: 699 key_put(skey); 700 can_read_key: 701 ret = key_validate(key); 702 if (ret == 0) { 703 ret = -EOPNOTSUPP; 704 if (key->type->read) { 705 /* read the data with the semaphore held (since we 706 * might sleep) */ 707 down_read(&key->sem); 708 ret = key->type->read(key, buffer, buflen); 709 up_read(&key->sem); 710 } 711 } 712 713 error2: 714 key_put(key); 715 error: 716 return ret; 717 718 } /* end keyctl_read_key() */ 719 720 /*****************************************************************************/ 721 /* 722 * change the ownership of a key 723 * - the keyring owned by the changer 724 * - if the uid or gid is -1, then that parameter is not changed 725 * - implements keyctl(KEYCTL_CHOWN) 726 */ 727 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 728 { 729 struct key *key; 730 long ret; 731 732 ret = 0; 733 if (uid == (uid_t) -1 && gid == (gid_t) -1) 734 goto error; 735 736 key = lookup_user_key(NULL, id, 1, 1, 0); 737 if (IS_ERR(key)) { 738 ret = PTR_ERR(key); 739 goto error; 740 } 741 742 /* make the changes with the locks held to prevent chown/chown races */ 743 ret = -EACCES; 744 down_write(&key->sem); 745 746 if (!capable(CAP_SYS_ADMIN)) { 747 /* only the sysadmin can chown a key to some other UID */ 748 if (uid != (uid_t) -1 && key->uid != uid) 749 goto no_access; 750 751 /* only the sysadmin can set the key's GID to a group other 752 * than one of those that the current process subscribes to */ 753 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 754 goto no_access; 755 } 756 757 /* change the UID (have to update the quotas) */ 758 if (uid != (uid_t) -1 && uid != key->uid) { 759 /* don't support UID changing yet */ 760 ret = -EOPNOTSUPP; 761 goto no_access; 762 } 763 764 /* change the GID */ 765 if (gid != (gid_t) -1) 766 key->gid = gid; 767 768 ret = 0; 769 770 no_access: 771 up_write(&key->sem); 772 key_put(key); 773 error: 774 return ret; 775 776 } /* end keyctl_chown_key() */ 777 778 /*****************************************************************************/ 779 /* 780 * change the permission mask on a key 781 * - the keyring owned by the changer 782 * - implements keyctl(KEYCTL_SETPERM) 783 */ 784 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 785 { 786 struct key *key; 787 long ret; 788 789 ret = -EINVAL; 790 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 791 goto error; 792 793 key = lookup_user_key(NULL, id, 1, 1, 0); 794 if (IS_ERR(key)) { 795 ret = PTR_ERR(key); 796 goto error; 797 } 798 799 /* make the changes with the locks held to prevent chown/chmod races */ 800 ret = -EACCES; 801 down_write(&key->sem); 802 803 /* if we're not the sysadmin, we can only change a key that we own */ 804 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { 805 key->perm = perm; 806 ret = 0; 807 } 808 809 up_write(&key->sem); 810 key_put(key); 811 error: 812 return ret; 813 814 } /* end keyctl_setperm_key() */ 815 816 /*****************************************************************************/ 817 /* 818 * instantiate the key with the specified payload, and, if one is given, link 819 * the key into the keyring 820 */ 821 long keyctl_instantiate_key(key_serial_t id, 822 const void __user *_payload, 823 size_t plen, 824 key_serial_t ringid) 825 { 826 struct request_key_auth *rka; 827 struct key *instkey, *keyring; 828 void *payload; 829 long ret; 830 831 ret = -EINVAL; 832 if (plen > 32767) 833 goto error; 834 835 /* pull the payload in if one was supplied */ 836 payload = NULL; 837 838 if (_payload) { 839 ret = -ENOMEM; 840 payload = kmalloc(plen, GFP_KERNEL); 841 if (!payload) 842 goto error; 843 844 ret = -EFAULT; 845 if (copy_from_user(payload, _payload, plen) != 0) 846 goto error2; 847 } 848 849 /* find the instantiation authorisation key */ 850 instkey = key_get_instantiation_authkey(id); 851 if (IS_ERR(instkey)) { 852 ret = PTR_ERR(instkey); 853 goto error2; 854 } 855 856 rka = instkey->payload.data; 857 858 /* find the destination keyring amongst those belonging to the 859 * requesting task */ 860 keyring = NULL; 861 if (ringid) { 862 keyring = lookup_user_key(rka->context, ringid, 1, 0, 863 KEY_WRITE); 864 if (IS_ERR(keyring)) { 865 ret = PTR_ERR(keyring); 866 goto error3; 867 } 868 } 869 870 /* instantiate the key and link it into a keyring */ 871 ret = key_instantiate_and_link(rka->target_key, payload, plen, 872 keyring, instkey); 873 874 key_put(keyring); 875 error3: 876 key_put(instkey); 877 error2: 878 kfree(payload); 879 error: 880 return ret; 881 882 } /* end keyctl_instantiate_key() */ 883 884 /*****************************************************************************/ 885 /* 886 * negatively instantiate the key with the given timeout (in seconds), and, if 887 * one is given, link the key into the keyring 888 */ 889 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 890 { 891 struct request_key_auth *rka; 892 struct key *instkey, *keyring; 893 long ret; 894 895 /* find the instantiation authorisation key */ 896 instkey = key_get_instantiation_authkey(id); 897 if (IS_ERR(instkey)) { 898 ret = PTR_ERR(instkey); 899 goto error; 900 } 901 902 rka = instkey->payload.data; 903 904 /* find the destination keyring if present (which must also be 905 * writable) */ 906 keyring = NULL; 907 if (ringid) { 908 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 909 if (IS_ERR(keyring)) { 910 ret = PTR_ERR(keyring); 911 goto error2; 912 } 913 } 914 915 /* instantiate the key and link it into a keyring */ 916 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey); 917 918 key_put(keyring); 919 error2: 920 key_put(instkey); 921 error: 922 return ret; 923 924 } /* end keyctl_negate_key() */ 925 926 /*****************************************************************************/ 927 /* 928 * set the default keyring in which request_key() will cache keys 929 * - return the old setting 930 */ 931 long keyctl_set_reqkey_keyring(int reqkey_defl) 932 { 933 int ret; 934 935 switch (reqkey_defl) { 936 case KEY_REQKEY_DEFL_THREAD_KEYRING: 937 ret = install_thread_keyring(current); 938 if (ret < 0) 939 return ret; 940 goto set; 941 942 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 943 ret = install_process_keyring(current); 944 if (ret < 0) 945 return ret; 946 947 case KEY_REQKEY_DEFL_DEFAULT: 948 case KEY_REQKEY_DEFL_SESSION_KEYRING: 949 case KEY_REQKEY_DEFL_USER_KEYRING: 950 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 951 set: 952 current->jit_keyring = reqkey_defl; 953 954 case KEY_REQKEY_DEFL_NO_CHANGE: 955 return current->jit_keyring; 956 957 case KEY_REQKEY_DEFL_GROUP_KEYRING: 958 default: 959 return -EINVAL; 960 } 961 962 } /* end keyctl_set_reqkey_keyring() */ 963 964 /*****************************************************************************/ 965 /* 966 * the key control system call 967 */ 968 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, 969 unsigned long arg4, unsigned long arg5) 970 { 971 switch (option) { 972 case KEYCTL_GET_KEYRING_ID: 973 return keyctl_get_keyring_ID((key_serial_t) arg2, 974 (int) arg3); 975 976 case KEYCTL_JOIN_SESSION_KEYRING: 977 return keyctl_join_session_keyring((const char __user *) arg2); 978 979 case KEYCTL_UPDATE: 980 return keyctl_update_key((key_serial_t) arg2, 981 (const void __user *) arg3, 982 (size_t) arg4); 983 984 case KEYCTL_REVOKE: 985 return keyctl_revoke_key((key_serial_t) arg2); 986 987 case KEYCTL_DESCRIBE: 988 return keyctl_describe_key((key_serial_t) arg2, 989 (char __user *) arg3, 990 (unsigned) arg4); 991 992 case KEYCTL_CLEAR: 993 return keyctl_keyring_clear((key_serial_t) arg2); 994 995 case KEYCTL_LINK: 996 return keyctl_keyring_link((key_serial_t) arg2, 997 (key_serial_t) arg3); 998 999 case KEYCTL_UNLINK: 1000 return keyctl_keyring_unlink((key_serial_t) arg2, 1001 (key_serial_t) arg3); 1002 1003 case KEYCTL_SEARCH: 1004 return keyctl_keyring_search((key_serial_t) arg2, 1005 (const char __user *) arg3, 1006 (const char __user *) arg4, 1007 (key_serial_t) arg5); 1008 1009 case KEYCTL_READ: 1010 return keyctl_read_key((key_serial_t) arg2, 1011 (char __user *) arg3, 1012 (size_t) arg4); 1013 1014 case KEYCTL_CHOWN: 1015 return keyctl_chown_key((key_serial_t) arg2, 1016 (uid_t) arg3, 1017 (gid_t) arg4); 1018 1019 case KEYCTL_SETPERM: 1020 return keyctl_setperm_key((key_serial_t) arg2, 1021 (key_perm_t) arg3); 1022 1023 case KEYCTL_INSTANTIATE: 1024 return keyctl_instantiate_key((key_serial_t) arg2, 1025 (const void __user *) arg3, 1026 (size_t) arg4, 1027 (key_serial_t) arg5); 1028 1029 case KEYCTL_NEGATE: 1030 return keyctl_negate_key((key_serial_t) arg2, 1031 (unsigned) arg3, 1032 (key_serial_t) arg4); 1033 1034 case KEYCTL_SET_REQKEY_KEYRING: 1035 return keyctl_set_reqkey_keyring(arg2); 1036 1037 default: 1038 return -EOPNOTSUPP; 1039 } 1040 1041 } /* end sys_keyctl() */ 1042