1 /* keyctl.c: userspace keyctl operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/keyctl.h> 18 #include <linux/fs.h> 19 #include <linux/err.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /*****************************************************************************/ 24 /* 25 * extract the description of a new key from userspace and either add it as a 26 * new key to the specified keyring or update a matching key in that keyring 27 * - the keyring must be writable 28 * - returns the new key's serial number 29 * - implements add_key() 30 */ 31 asmlinkage long sys_add_key(const char __user *_type, 32 const char __user *_description, 33 const void __user *_payload, 34 size_t plen, 35 key_serial_t ringid) 36 { 37 key_ref_t keyring_ref, key_ref; 38 char type[32], *description; 39 void *payload; 40 long dlen, ret; 41 42 ret = -EINVAL; 43 if (plen > 32767) 44 goto error; 45 46 /* draw all the data into kernel space */ 47 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 48 if (ret < 0) 49 goto error; 50 type[31] = '\0'; 51 52 ret = -EPERM; 53 if (type[0] == '.') 54 goto error; 55 56 ret = -EFAULT; 57 dlen = strnlen_user(_description, PAGE_SIZE - 1); 58 if (dlen <= 0) 59 goto error; 60 61 ret = -EINVAL; 62 if (dlen > PAGE_SIZE - 1) 63 goto error; 64 65 ret = -ENOMEM; 66 description = kmalloc(dlen + 1, GFP_KERNEL); 67 if (!description) 68 goto error; 69 70 ret = -EFAULT; 71 if (copy_from_user(description, _description, dlen + 1) != 0) 72 goto error2; 73 74 /* pull the payload in if one was supplied */ 75 payload = NULL; 76 77 if (_payload) { 78 ret = -ENOMEM; 79 payload = kmalloc(plen, GFP_KERNEL); 80 if (!payload) 81 goto error2; 82 83 ret = -EFAULT; 84 if (copy_from_user(payload, _payload, plen) != 0) 85 goto error3; 86 } 87 88 /* find the target keyring (which must be writable) */ 89 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 90 if (IS_ERR(keyring_ref)) { 91 ret = PTR_ERR(keyring_ref); 92 goto error3; 93 } 94 95 /* create or update the requested key and add it to the target 96 * keyring */ 97 key_ref = key_create_or_update(keyring_ref, type, description, 98 payload, plen, 0); 99 if (!IS_ERR(key_ref)) { 100 ret = key_ref_to_ptr(key_ref)->serial; 101 key_ref_put(key_ref); 102 } 103 else { 104 ret = PTR_ERR(key_ref); 105 } 106 107 key_ref_put(keyring_ref); 108 error3: 109 kfree(payload); 110 error2: 111 kfree(description); 112 error: 113 return ret; 114 115 } /* end sys_add_key() */ 116 117 /*****************************************************************************/ 118 /* 119 * search the process keyrings for a matching key 120 * - nested keyrings may also be searched if they have Search permission 121 * - if a key is found, it will be attached to the destination keyring if 122 * there's one specified 123 * - /sbin/request-key will be invoked if _callout_info is non-NULL 124 * - the _callout_info string will be passed to /sbin/request-key 125 * - if the _callout_info string is empty, it will be rendered as "-" 126 * - implements request_key() 127 */ 128 asmlinkage long sys_request_key(const char __user *_type, 129 const char __user *_description, 130 const char __user *_callout_info, 131 key_serial_t destringid) 132 { 133 struct key_type *ktype; 134 struct key *key; 135 key_ref_t dest_ref; 136 char type[32], *description, *callout_info; 137 long dlen, ret; 138 139 /* pull the type into kernel space */ 140 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 141 if (ret < 0) 142 goto error; 143 type[31] = '\0'; 144 145 ret = -EPERM; 146 if (type[0] == '.') 147 goto error; 148 149 /* pull the description into kernel space */ 150 ret = -EFAULT; 151 dlen = strnlen_user(_description, PAGE_SIZE - 1); 152 if (dlen <= 0) 153 goto error; 154 155 ret = -EINVAL; 156 if (dlen > PAGE_SIZE - 1) 157 goto error; 158 159 ret = -ENOMEM; 160 description = kmalloc(dlen + 1, GFP_KERNEL); 161 if (!description) 162 goto error; 163 164 ret = -EFAULT; 165 if (copy_from_user(description, _description, dlen + 1) != 0) 166 goto error2; 167 168 /* pull the callout info into kernel space */ 169 callout_info = NULL; 170 if (_callout_info) { 171 ret = -EFAULT; 172 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1); 173 if (dlen <= 0) 174 goto error2; 175 176 ret = -EINVAL; 177 if (dlen > PAGE_SIZE - 1) 178 goto error2; 179 180 ret = -ENOMEM; 181 callout_info = kmalloc(dlen + 1, GFP_KERNEL); 182 if (!callout_info) 183 goto error2; 184 185 ret = -EFAULT; 186 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0) 187 goto error3; 188 } 189 190 /* get the destination keyring if specified */ 191 dest_ref = NULL; 192 if (destringid) { 193 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 194 if (IS_ERR(dest_ref)) { 195 ret = PTR_ERR(dest_ref); 196 goto error3; 197 } 198 } 199 200 /* find the key type */ 201 ktype = key_type_lookup(type); 202 if (IS_ERR(ktype)) { 203 ret = PTR_ERR(ktype); 204 goto error4; 205 } 206 207 /* do the search */ 208 key = request_key_and_link(ktype, description, callout_info, 209 key_ref_to_ptr(dest_ref)); 210 if (IS_ERR(key)) { 211 ret = PTR_ERR(key); 212 goto error5; 213 } 214 215 ret = key->serial; 216 217 key_put(key); 218 error5: 219 key_type_put(ktype); 220 error4: 221 key_ref_put(dest_ref); 222 error3: 223 kfree(callout_info); 224 error2: 225 kfree(description); 226 error: 227 return ret; 228 229 } /* end sys_request_key() */ 230 231 /*****************************************************************************/ 232 /* 233 * get the ID of the specified process keyring 234 * - the keyring must have search permission to be found 235 * - implements keyctl(KEYCTL_GET_KEYRING_ID) 236 */ 237 long keyctl_get_keyring_ID(key_serial_t id, int create) 238 { 239 key_ref_t key_ref; 240 long ret; 241 242 key_ref = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); 243 if (IS_ERR(key_ref)) { 244 ret = PTR_ERR(key_ref); 245 goto error; 246 } 247 248 ret = key_ref_to_ptr(key_ref)->serial; 249 key_ref_put(key_ref); 250 error: 251 return ret; 252 253 } /* end keyctl_get_keyring_ID() */ 254 255 /*****************************************************************************/ 256 /* 257 * join the session keyring 258 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) 259 */ 260 long keyctl_join_session_keyring(const char __user *_name) 261 { 262 char *name; 263 long nlen, ret; 264 265 /* fetch the name from userspace */ 266 name = NULL; 267 if (_name) { 268 ret = -EFAULT; 269 nlen = strnlen_user(_name, PAGE_SIZE - 1); 270 if (nlen <= 0) 271 goto error; 272 273 ret = -EINVAL; 274 if (nlen > PAGE_SIZE - 1) 275 goto error; 276 277 ret = -ENOMEM; 278 name = kmalloc(nlen + 1, GFP_KERNEL); 279 if (!name) 280 goto error; 281 282 ret = -EFAULT; 283 if (copy_from_user(name, _name, nlen + 1) != 0) 284 goto error2; 285 } 286 287 /* join the session */ 288 ret = join_session_keyring(name); 289 290 error2: 291 kfree(name); 292 error: 293 return ret; 294 295 } /* end keyctl_join_session_keyring() */ 296 297 /*****************************************************************************/ 298 /* 299 * update a key's data payload 300 * - the key must be writable 301 * - implements keyctl(KEYCTL_UPDATE) 302 */ 303 long keyctl_update_key(key_serial_t id, 304 const void __user *_payload, 305 size_t plen) 306 { 307 key_ref_t key_ref; 308 void *payload; 309 long ret; 310 311 ret = -EINVAL; 312 if (plen > PAGE_SIZE) 313 goto error; 314 315 /* pull the payload in if one was supplied */ 316 payload = NULL; 317 if (_payload) { 318 ret = -ENOMEM; 319 payload = kmalloc(plen, GFP_KERNEL); 320 if (!payload) 321 goto error; 322 323 ret = -EFAULT; 324 if (copy_from_user(payload, _payload, plen) != 0) 325 goto error2; 326 } 327 328 /* find the target key (which must be writable) */ 329 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 330 if (IS_ERR(key_ref)) { 331 ret = PTR_ERR(key_ref); 332 goto error2; 333 } 334 335 /* update the key */ 336 ret = key_update(key_ref, payload, plen); 337 338 key_ref_put(key_ref); 339 error2: 340 kfree(payload); 341 error: 342 return ret; 343 344 } /* end keyctl_update_key() */ 345 346 /*****************************************************************************/ 347 /* 348 * revoke a key 349 * - the key must be writable 350 * - implements keyctl(KEYCTL_REVOKE) 351 */ 352 long keyctl_revoke_key(key_serial_t id) 353 { 354 key_ref_t key_ref; 355 long ret; 356 357 key_ref = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 358 if (IS_ERR(key_ref)) { 359 ret = PTR_ERR(key_ref); 360 goto error; 361 } 362 363 key_revoke(key_ref_to_ptr(key_ref)); 364 ret = 0; 365 366 key_ref_put(key_ref); 367 error: 368 return ret; 369 370 } /* end keyctl_revoke_key() */ 371 372 /*****************************************************************************/ 373 /* 374 * clear the specified process keyring 375 * - the keyring must be writable 376 * - implements keyctl(KEYCTL_CLEAR) 377 */ 378 long keyctl_keyring_clear(key_serial_t ringid) 379 { 380 key_ref_t keyring_ref; 381 long ret; 382 383 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 384 if (IS_ERR(keyring_ref)) { 385 ret = PTR_ERR(keyring_ref); 386 goto error; 387 } 388 389 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 390 391 key_ref_put(keyring_ref); 392 error: 393 return ret; 394 395 } /* end keyctl_keyring_clear() */ 396 397 /*****************************************************************************/ 398 /* 399 * link a key into a keyring 400 * - the keyring must be writable 401 * - the key must be linkable 402 * - implements keyctl(KEYCTL_LINK) 403 */ 404 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 405 { 406 key_ref_t keyring_ref, key_ref; 407 long ret; 408 409 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 410 if (IS_ERR(keyring_ref)) { 411 ret = PTR_ERR(keyring_ref); 412 goto error; 413 } 414 415 key_ref = lookup_user_key(NULL, id, 1, 0, KEY_LINK); 416 if (IS_ERR(key_ref)) { 417 ret = PTR_ERR(key_ref); 418 goto error2; 419 } 420 421 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 422 423 key_ref_put(key_ref); 424 error2: 425 key_ref_put(keyring_ref); 426 error: 427 return ret; 428 429 } /* end keyctl_keyring_link() */ 430 431 /*****************************************************************************/ 432 /* 433 * unlink the first attachment of a key from a keyring 434 * - the keyring must be writable 435 * - we don't need any permissions on the key 436 * - implements keyctl(KEYCTL_UNLINK) 437 */ 438 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 439 { 440 key_ref_t keyring_ref, key_ref; 441 long ret; 442 443 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); 444 if (IS_ERR(keyring_ref)) { 445 ret = PTR_ERR(keyring_ref); 446 goto error; 447 } 448 449 key_ref = lookup_user_key(NULL, id, 0, 0, 0); 450 if (IS_ERR(key_ref)) { 451 ret = PTR_ERR(key_ref); 452 goto error2; 453 } 454 455 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 456 457 key_ref_put(key_ref); 458 error2: 459 key_ref_put(keyring_ref); 460 error: 461 return ret; 462 463 } /* end keyctl_keyring_unlink() */ 464 465 /*****************************************************************************/ 466 /* 467 * describe a user key 468 * - the key must have view permission 469 * - if there's a buffer, we place up to buflen bytes of data into it 470 * - unless there's an error, we return the amount of description available, 471 * irrespective of how much we may have copied 472 * - the description is formatted thus: 473 * type;uid;gid;perm;description<NUL> 474 * - implements keyctl(KEYCTL_DESCRIBE) 475 */ 476 long keyctl_describe_key(key_serial_t keyid, 477 char __user *buffer, 478 size_t buflen) 479 { 480 struct key *key, *instkey; 481 key_ref_t key_ref; 482 char *tmpbuf; 483 long ret; 484 485 key_ref = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 486 if (IS_ERR(key_ref)) { 487 /* viewing a key under construction is permitted if we have the 488 * authorisation token handy */ 489 if (PTR_ERR(key_ref) == -EACCES) { 490 instkey = key_get_instantiation_authkey(keyid); 491 if (!IS_ERR(instkey)) { 492 key_put(instkey); 493 key_ref = lookup_user_key(NULL, keyid, 494 0, 1, 0); 495 if (!IS_ERR(key_ref)) 496 goto okay; 497 } 498 } 499 500 ret = PTR_ERR(key_ref); 501 goto error; 502 } 503 504 okay: 505 /* calculate how much description we're going to return */ 506 ret = -ENOMEM; 507 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 508 if (!tmpbuf) 509 goto error2; 510 511 key = key_ref_to_ptr(key_ref); 512 513 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 514 "%s;%d;%d;%08x;%s", 515 key_ref_to_ptr(key_ref)->type->name, 516 key_ref_to_ptr(key_ref)->uid, 517 key_ref_to_ptr(key_ref)->gid, 518 key_ref_to_ptr(key_ref)->perm, 519 key_ref_to_ptr(key_ref)->description ? 520 key_ref_to_ptr(key_ref)->description : "" 521 ); 522 523 /* include a NUL char at the end of the data */ 524 if (ret > PAGE_SIZE - 1) 525 ret = PAGE_SIZE - 1; 526 tmpbuf[ret] = 0; 527 ret++; 528 529 /* consider returning the data */ 530 if (buffer && buflen > 0) { 531 if (buflen > ret) 532 buflen = ret; 533 534 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 535 ret = -EFAULT; 536 } 537 538 kfree(tmpbuf); 539 error2: 540 key_ref_put(key_ref); 541 error: 542 return ret; 543 544 } /* end keyctl_describe_key() */ 545 546 /*****************************************************************************/ 547 /* 548 * search the specified keyring for a matching key 549 * - the start keyring must be searchable 550 * - nested keyrings may also be searched if they are searchable 551 * - only keys with search permission may be found 552 * - if a key is found, it will be attached to the destination keyring if 553 * there's one specified 554 * - implements keyctl(KEYCTL_SEARCH) 555 */ 556 long keyctl_keyring_search(key_serial_t ringid, 557 const char __user *_type, 558 const char __user *_description, 559 key_serial_t destringid) 560 { 561 struct key_type *ktype; 562 key_ref_t keyring_ref, key_ref, dest_ref; 563 char type[32], *description; 564 long dlen, ret; 565 566 /* pull the type and description into kernel space */ 567 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 568 if (ret < 0) 569 goto error; 570 type[31] = '\0'; 571 572 ret = -EFAULT; 573 dlen = strnlen_user(_description, PAGE_SIZE - 1); 574 if (dlen <= 0) 575 goto error; 576 577 ret = -EINVAL; 578 if (dlen > PAGE_SIZE - 1) 579 goto error; 580 581 ret = -ENOMEM; 582 description = kmalloc(dlen + 1, GFP_KERNEL); 583 if (!description) 584 goto error; 585 586 ret = -EFAULT; 587 if (copy_from_user(description, _description, dlen + 1) != 0) 588 goto error2; 589 590 /* get the keyring at which to begin the search */ 591 keyring_ref = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); 592 if (IS_ERR(keyring_ref)) { 593 ret = PTR_ERR(keyring_ref); 594 goto error2; 595 } 596 597 /* get the destination keyring if specified */ 598 dest_ref = NULL; 599 if (destringid) { 600 dest_ref = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 601 if (IS_ERR(dest_ref)) { 602 ret = PTR_ERR(dest_ref); 603 goto error3; 604 } 605 } 606 607 /* find the key type */ 608 ktype = key_type_lookup(type); 609 if (IS_ERR(ktype)) { 610 ret = PTR_ERR(ktype); 611 goto error4; 612 } 613 614 /* do the search */ 615 key_ref = keyring_search(keyring_ref, ktype, description); 616 if (IS_ERR(key_ref)) { 617 ret = PTR_ERR(key_ref); 618 619 /* treat lack or presence of a negative key the same */ 620 if (ret == -EAGAIN) 621 ret = -ENOKEY; 622 goto error5; 623 } 624 625 /* link the resulting key to the destination keyring if we can */ 626 if (dest_ref) { 627 ret = -EACCES; 628 if (!key_permission(key_ref, KEY_LINK)) 629 goto error6; 630 631 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 632 if (ret < 0) 633 goto error6; 634 } 635 636 ret = key_ref_to_ptr(key_ref)->serial; 637 638 error6: 639 key_ref_put(key_ref); 640 error5: 641 key_type_put(ktype); 642 error4: 643 key_ref_put(dest_ref); 644 error3: 645 key_ref_put(keyring_ref); 646 error2: 647 kfree(description); 648 error: 649 return ret; 650 651 } /* end keyctl_keyring_search() */ 652 653 /*****************************************************************************/ 654 /* 655 * read a user key's payload 656 * - the keyring must be readable or the key must be searchable from the 657 * process's keyrings 658 * - if there's a buffer, we place up to buflen bytes of data into it 659 * - unless there's an error, we return the amount of data in the key, 660 * irrespective of how much we may have copied 661 * - implements keyctl(KEYCTL_READ) 662 */ 663 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 664 { 665 struct key *key; 666 key_ref_t key_ref; 667 long ret; 668 669 /* find the key first */ 670 key_ref = lookup_user_key(NULL, keyid, 0, 0, 0); 671 if (IS_ERR(key_ref)) { 672 ret = -ENOKEY; 673 goto error; 674 } 675 676 key = key_ref_to_ptr(key_ref); 677 678 /* see if we can read it directly */ 679 if (key_permission(key_ref, KEY_READ)) 680 goto can_read_key; 681 682 /* we can't; see if it's searchable from this process's keyrings 683 * - we automatically take account of the fact that it may be 684 * dangling off an instantiation key 685 */ 686 if (!is_key_possessed(key_ref)) { 687 ret = -EACCES; 688 goto error2; 689 } 690 691 /* the key is probably readable - now try to read it */ 692 can_read_key: 693 ret = key_validate(key); 694 if (ret == 0) { 695 ret = -EOPNOTSUPP; 696 if (key->type->read) { 697 /* read the data with the semaphore held (since we 698 * might sleep) */ 699 down_read(&key->sem); 700 ret = key->type->read(key, buffer, buflen); 701 up_read(&key->sem); 702 } 703 } 704 705 error2: 706 key_put(key); 707 error: 708 return ret; 709 710 } /* end keyctl_read_key() */ 711 712 /*****************************************************************************/ 713 /* 714 * change the ownership of a key 715 * - the keyring owned by the changer 716 * - if the uid or gid is -1, then that parameter is not changed 717 * - implements keyctl(KEYCTL_CHOWN) 718 */ 719 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 720 { 721 struct key *key; 722 key_ref_t key_ref; 723 long ret; 724 725 ret = 0; 726 if (uid == (uid_t) -1 && gid == (gid_t) -1) 727 goto error; 728 729 key_ref = lookup_user_key(NULL, id, 1, 1, 0); 730 if (IS_ERR(key_ref)) { 731 ret = PTR_ERR(key_ref); 732 goto error; 733 } 734 735 key = key_ref_to_ptr(key_ref); 736 737 /* make the changes with the locks held to prevent chown/chown races */ 738 ret = -EACCES; 739 down_write(&key->sem); 740 741 if (!capable(CAP_SYS_ADMIN)) { 742 /* only the sysadmin can chown a key to some other UID */ 743 if (uid != (uid_t) -1 && key->uid != uid) 744 goto no_access; 745 746 /* only the sysadmin can set the key's GID to a group other 747 * than one of those that the current process subscribes to */ 748 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 749 goto no_access; 750 } 751 752 /* change the UID (have to update the quotas) */ 753 if (uid != (uid_t) -1 && uid != key->uid) { 754 /* don't support UID changing yet */ 755 ret = -EOPNOTSUPP; 756 goto no_access; 757 } 758 759 /* change the GID */ 760 if (gid != (gid_t) -1) 761 key->gid = gid; 762 763 ret = 0; 764 765 no_access: 766 up_write(&key->sem); 767 key_put(key); 768 error: 769 return ret; 770 771 } /* end keyctl_chown_key() */ 772 773 /*****************************************************************************/ 774 /* 775 * change the permission mask on a key 776 * - the keyring owned by the changer 777 * - implements keyctl(KEYCTL_SETPERM) 778 */ 779 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 780 { 781 struct key *key; 782 key_ref_t key_ref; 783 long ret; 784 785 ret = -EINVAL; 786 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 787 goto error; 788 789 key_ref = lookup_user_key(NULL, id, 1, 1, 0); 790 if (IS_ERR(key_ref)) { 791 ret = PTR_ERR(key_ref); 792 goto error; 793 } 794 795 key = key_ref_to_ptr(key_ref); 796 797 /* make the changes with the locks held to prevent chown/chmod races */ 798 ret = -EACCES; 799 down_write(&key->sem); 800 801 /* if we're not the sysadmin, we can only change a key that we own */ 802 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { 803 key->perm = perm; 804 ret = 0; 805 } 806 807 up_write(&key->sem); 808 key_put(key); 809 error: 810 return ret; 811 812 } /* end keyctl_setperm_key() */ 813 814 /*****************************************************************************/ 815 /* 816 * instantiate the key with the specified payload, and, if one is given, link 817 * the key into the keyring 818 */ 819 long keyctl_instantiate_key(key_serial_t id, 820 const void __user *_payload, 821 size_t plen, 822 key_serial_t ringid) 823 { 824 struct request_key_auth *rka; 825 struct key *instkey; 826 key_ref_t keyring_ref; 827 void *payload; 828 long ret; 829 830 ret = -EINVAL; 831 if (plen > 32767) 832 goto error; 833 834 /* pull the payload in if one was supplied */ 835 payload = NULL; 836 837 if (_payload) { 838 ret = -ENOMEM; 839 payload = kmalloc(plen, GFP_KERNEL); 840 if (!payload) 841 goto error; 842 843 ret = -EFAULT; 844 if (copy_from_user(payload, _payload, plen) != 0) 845 goto error2; 846 } 847 848 /* find the instantiation authorisation key */ 849 instkey = key_get_instantiation_authkey(id); 850 if (IS_ERR(instkey)) { 851 ret = PTR_ERR(instkey); 852 goto error2; 853 } 854 855 rka = instkey->payload.data; 856 857 /* find the destination keyring amongst those belonging to the 858 * requesting task */ 859 keyring_ref = NULL; 860 if (ringid) { 861 keyring_ref = lookup_user_key(rka->context, ringid, 1, 0, 862 KEY_WRITE); 863 if (IS_ERR(keyring_ref)) { 864 ret = PTR_ERR(keyring_ref); 865 goto error3; 866 } 867 } 868 869 /* instantiate the key and link it into a keyring */ 870 ret = key_instantiate_and_link(rka->target_key, payload, plen, 871 key_ref_to_ptr(keyring_ref), instkey); 872 873 key_ref_put(keyring_ref); 874 error3: 875 key_put(instkey); 876 error2: 877 kfree(payload); 878 error: 879 return ret; 880 881 } /* end keyctl_instantiate_key() */ 882 883 /*****************************************************************************/ 884 /* 885 * negatively instantiate the key with the given timeout (in seconds), and, if 886 * one is given, link the key into the keyring 887 */ 888 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 889 { 890 struct request_key_auth *rka; 891 struct key *instkey; 892 key_ref_t keyring_ref; 893 long ret; 894 895 /* find the instantiation authorisation key */ 896 instkey = key_get_instantiation_authkey(id); 897 if (IS_ERR(instkey)) { 898 ret = PTR_ERR(instkey); 899 goto error; 900 } 901 902 rka = instkey->payload.data; 903 904 /* find the destination keyring if present (which must also be 905 * writable) */ 906 keyring_ref = NULL; 907 if (ringid) { 908 keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 909 if (IS_ERR(keyring_ref)) { 910 ret = PTR_ERR(keyring_ref); 911 goto error2; 912 } 913 } 914 915 /* instantiate the key and link it into a keyring */ 916 ret = key_negate_and_link(rka->target_key, timeout, 917 key_ref_to_ptr(keyring_ref), instkey); 918 919 key_ref_put(keyring_ref); 920 error2: 921 key_put(instkey); 922 error: 923 return ret; 924 925 } /* end keyctl_negate_key() */ 926 927 /*****************************************************************************/ 928 /* 929 * set the default keyring in which request_key() will cache keys 930 * - return the old setting 931 */ 932 long keyctl_set_reqkey_keyring(int reqkey_defl) 933 { 934 int ret; 935 936 switch (reqkey_defl) { 937 case KEY_REQKEY_DEFL_THREAD_KEYRING: 938 ret = install_thread_keyring(current); 939 if (ret < 0) 940 return ret; 941 goto set; 942 943 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 944 ret = install_process_keyring(current); 945 if (ret < 0) 946 return ret; 947 948 case KEY_REQKEY_DEFL_DEFAULT: 949 case KEY_REQKEY_DEFL_SESSION_KEYRING: 950 case KEY_REQKEY_DEFL_USER_KEYRING: 951 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 952 set: 953 current->jit_keyring = reqkey_defl; 954 955 case KEY_REQKEY_DEFL_NO_CHANGE: 956 return current->jit_keyring; 957 958 case KEY_REQKEY_DEFL_GROUP_KEYRING: 959 default: 960 return -EINVAL; 961 } 962 963 } /* end keyctl_set_reqkey_keyring() */ 964 965 /*****************************************************************************/ 966 /* 967 * the key control system call 968 */ 969 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, 970 unsigned long arg4, unsigned long arg5) 971 { 972 switch (option) { 973 case KEYCTL_GET_KEYRING_ID: 974 return keyctl_get_keyring_ID((key_serial_t) arg2, 975 (int) arg3); 976 977 case KEYCTL_JOIN_SESSION_KEYRING: 978 return keyctl_join_session_keyring((const char __user *) arg2); 979 980 case KEYCTL_UPDATE: 981 return keyctl_update_key((key_serial_t) arg2, 982 (const void __user *) arg3, 983 (size_t) arg4); 984 985 case KEYCTL_REVOKE: 986 return keyctl_revoke_key((key_serial_t) arg2); 987 988 case KEYCTL_DESCRIBE: 989 return keyctl_describe_key((key_serial_t) arg2, 990 (char __user *) arg3, 991 (unsigned) arg4); 992 993 case KEYCTL_CLEAR: 994 return keyctl_keyring_clear((key_serial_t) arg2); 995 996 case KEYCTL_LINK: 997 return keyctl_keyring_link((key_serial_t) arg2, 998 (key_serial_t) arg3); 999 1000 case KEYCTL_UNLINK: 1001 return keyctl_keyring_unlink((key_serial_t) arg2, 1002 (key_serial_t) arg3); 1003 1004 case KEYCTL_SEARCH: 1005 return keyctl_keyring_search((key_serial_t) arg2, 1006 (const char __user *) arg3, 1007 (const char __user *) arg4, 1008 (key_serial_t) arg5); 1009 1010 case KEYCTL_READ: 1011 return keyctl_read_key((key_serial_t) arg2, 1012 (char __user *) arg3, 1013 (size_t) arg4); 1014 1015 case KEYCTL_CHOWN: 1016 return keyctl_chown_key((key_serial_t) arg2, 1017 (uid_t) arg3, 1018 (gid_t) arg4); 1019 1020 case KEYCTL_SETPERM: 1021 return keyctl_setperm_key((key_serial_t) arg2, 1022 (key_perm_t) arg3); 1023 1024 case KEYCTL_INSTANTIATE: 1025 return keyctl_instantiate_key((key_serial_t) arg2, 1026 (const void __user *) arg3, 1027 (size_t) arg4, 1028 (key_serial_t) arg5); 1029 1030 case KEYCTL_NEGATE: 1031 return keyctl_negate_key((key_serial_t) arg2, 1032 (unsigned) arg3, 1033 (key_serial_t) arg4); 1034 1035 case KEYCTL_SET_REQKEY_KEYRING: 1036 return keyctl_set_reqkey_keyring(arg2); 1037 1038 default: 1039 return -EOPNOTSUPP; 1040 } 1041 1042 } /* end sys_keyctl() */ 1043