1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <asm/uaccess.h> 26 #include "internal.h" 27 28 static int key_get_type_from_user(char *type, 29 const char __user *_type, 30 unsigned len) 31 { 32 int ret; 33 34 ret = strncpy_from_user(type, _type, len); 35 if (ret < 0) 36 return ret; 37 if (ret == 0 || ret >= len) 38 return -EINVAL; 39 if (type[0] == '.') 40 return -EPERM; 41 type[len - 1] = '\0'; 42 return 0; 43 } 44 45 /* 46 * Extract the description of a new key from userspace and either add it as a 47 * new key to the specified keyring or update a matching key in that keyring. 48 * 49 * The keyring must be writable so that we can attach the key to it. 50 * 51 * If successful, the new key's serial number is returned, otherwise an error 52 * code is returned. 53 */ 54 SYSCALL_DEFINE5(add_key, const char __user *, _type, 55 const char __user *, _description, 56 const void __user *, _payload, 57 size_t, plen, 58 key_serial_t, ringid) 59 { 60 key_ref_t keyring_ref, key_ref; 61 char type[32], *description; 62 void *payload; 63 long ret; 64 bool vm; 65 66 ret = -EINVAL; 67 if (plen > 1024 * 1024 - 1) 68 goto error; 69 70 /* draw all the data into kernel space */ 71 ret = key_get_type_from_user(type, _type, sizeof(type)); 72 if (ret < 0) 73 goto error; 74 75 description = strndup_user(_description, PAGE_SIZE); 76 if (IS_ERR(description)) { 77 ret = PTR_ERR(description); 78 goto error; 79 } 80 81 /* pull the payload in if one was supplied */ 82 payload = NULL; 83 84 vm = false; 85 if (_payload) { 86 ret = -ENOMEM; 87 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 88 if (!payload) { 89 if (plen <= PAGE_SIZE) 90 goto error2; 91 vm = true; 92 payload = vmalloc(plen); 93 if (!payload) 94 goto error2; 95 } 96 97 ret = -EFAULT; 98 if (copy_from_user(payload, _payload, plen) != 0) 99 goto error3; 100 } 101 102 /* find the target keyring (which must be writable) */ 103 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 104 if (IS_ERR(keyring_ref)) { 105 ret = PTR_ERR(keyring_ref); 106 goto error3; 107 } 108 109 /* create or update the requested key and add it to the target 110 * keyring */ 111 key_ref = key_create_or_update(keyring_ref, type, description, 112 payload, plen, KEY_PERM_UNDEF, 113 KEY_ALLOC_IN_QUOTA); 114 if (!IS_ERR(key_ref)) { 115 ret = key_ref_to_ptr(key_ref)->serial; 116 key_ref_put(key_ref); 117 } 118 else { 119 ret = PTR_ERR(key_ref); 120 } 121 122 key_ref_put(keyring_ref); 123 error3: 124 if (!vm) 125 kfree(payload); 126 else 127 vfree(payload); 128 error2: 129 kfree(description); 130 error: 131 return ret; 132 } 133 134 /* 135 * Search the process keyrings and keyring trees linked from those for a 136 * matching key. Keyrings must have appropriate Search permission to be 137 * searched. 138 * 139 * If a key is found, it will be attached to the destination keyring if there's 140 * one specified and the serial number of the key will be returned. 141 * 142 * If no key is found, /sbin/request-key will be invoked if _callout_info is 143 * non-NULL in an attempt to create a key. The _callout_info string will be 144 * passed to /sbin/request-key to aid with completing the request. If the 145 * _callout_info string is "" then it will be changed to "-". 146 */ 147 SYSCALL_DEFINE4(request_key, const char __user *, _type, 148 const char __user *, _description, 149 const char __user *, _callout_info, 150 key_serial_t, destringid) 151 { 152 struct key_type *ktype; 153 struct key *key; 154 key_ref_t dest_ref; 155 size_t callout_len; 156 char type[32], *description, *callout_info; 157 long ret; 158 159 /* pull the type into kernel space */ 160 ret = key_get_type_from_user(type, _type, sizeof(type)); 161 if (ret < 0) 162 goto error; 163 164 /* pull the description into kernel space */ 165 description = strndup_user(_description, PAGE_SIZE); 166 if (IS_ERR(description)) { 167 ret = PTR_ERR(description); 168 goto error; 169 } 170 171 /* pull the callout info into kernel space */ 172 callout_info = NULL; 173 callout_len = 0; 174 if (_callout_info) { 175 callout_info = strndup_user(_callout_info, PAGE_SIZE); 176 if (IS_ERR(callout_info)) { 177 ret = PTR_ERR(callout_info); 178 goto error2; 179 } 180 callout_len = strlen(callout_info); 181 } 182 183 /* get the destination keyring if specified */ 184 dest_ref = NULL; 185 if (destringid) { 186 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 187 KEY_WRITE); 188 if (IS_ERR(dest_ref)) { 189 ret = PTR_ERR(dest_ref); 190 goto error3; 191 } 192 } 193 194 /* find the key type */ 195 ktype = key_type_lookup(type); 196 if (IS_ERR(ktype)) { 197 ret = PTR_ERR(ktype); 198 goto error4; 199 } 200 201 /* do the search */ 202 key = request_key_and_link(ktype, description, callout_info, 203 callout_len, NULL, key_ref_to_ptr(dest_ref), 204 KEY_ALLOC_IN_QUOTA); 205 if (IS_ERR(key)) { 206 ret = PTR_ERR(key); 207 goto error5; 208 } 209 210 /* wait for the key to finish being constructed */ 211 ret = wait_for_key_construction(key, 1); 212 if (ret < 0) 213 goto error6; 214 215 ret = key->serial; 216 217 error6: 218 key_put(key); 219 error5: 220 key_type_put(ktype); 221 error4: 222 key_ref_put(dest_ref); 223 error3: 224 kfree(callout_info); 225 error2: 226 kfree(description); 227 error: 228 return ret; 229 } 230 231 /* 232 * Get the ID of the specified process keyring. 233 * 234 * The requested keyring must have search permission to be found. 235 * 236 * If successful, the ID of the requested keyring will be returned. 237 */ 238 long keyctl_get_keyring_ID(key_serial_t id, int create) 239 { 240 key_ref_t key_ref; 241 unsigned long lflags; 242 long ret; 243 244 lflags = create ? KEY_LOOKUP_CREATE : 0; 245 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 246 if (IS_ERR(key_ref)) { 247 ret = PTR_ERR(key_ref); 248 goto error; 249 } 250 251 ret = key_ref_to_ptr(key_ref)->serial; 252 key_ref_put(key_ref); 253 error: 254 return ret; 255 } 256 257 /* 258 * Join a (named) session keyring. 259 * 260 * Create and join an anonymous session keyring or join a named session 261 * keyring, creating it if necessary. A named session keyring must have Search 262 * permission for it to be joined. Session keyrings without this permit will 263 * be skipped over. 264 * 265 * If successful, the ID of the joined session keyring will be returned. 266 */ 267 long keyctl_join_session_keyring(const char __user *_name) 268 { 269 char *name; 270 long ret; 271 272 /* fetch the name from userspace */ 273 name = NULL; 274 if (_name) { 275 name = strndup_user(_name, PAGE_SIZE); 276 if (IS_ERR(name)) { 277 ret = PTR_ERR(name); 278 goto error; 279 } 280 } 281 282 /* join the session */ 283 ret = join_session_keyring(name); 284 kfree(name); 285 286 error: 287 return ret; 288 } 289 290 /* 291 * Update a key's data payload from the given data. 292 * 293 * The key must grant the caller Write permission and the key type must support 294 * updating for this to work. A negative key can be positively instantiated 295 * with this call. 296 * 297 * If successful, 0 will be returned. If the key type does not support 298 * updating, then -EOPNOTSUPP will be returned. 299 */ 300 long keyctl_update_key(key_serial_t id, 301 const void __user *_payload, 302 size_t plen) 303 { 304 key_ref_t key_ref; 305 void *payload; 306 long ret; 307 308 ret = -EINVAL; 309 if (plen > PAGE_SIZE) 310 goto error; 311 312 /* pull the payload in if one was supplied */ 313 payload = NULL; 314 if (_payload) { 315 ret = -ENOMEM; 316 payload = kmalloc(plen, GFP_KERNEL); 317 if (!payload) 318 goto error; 319 320 ret = -EFAULT; 321 if (copy_from_user(payload, _payload, plen) != 0) 322 goto error2; 323 } 324 325 /* find the target key (which must be writable) */ 326 key_ref = lookup_user_key(id, 0, KEY_WRITE); 327 if (IS_ERR(key_ref)) { 328 ret = PTR_ERR(key_ref); 329 goto error2; 330 } 331 332 /* update the key */ 333 ret = key_update(key_ref, payload, plen); 334 335 key_ref_put(key_ref); 336 error2: 337 kfree(payload); 338 error: 339 return ret; 340 } 341 342 /* 343 * Revoke a key. 344 * 345 * The key must be grant the caller Write or Setattr permission for this to 346 * work. The key type should give up its quota claim when revoked. The key 347 * and any links to the key will be automatically garbage collected after a 348 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 349 * 350 * If successful, 0 is returned. 351 */ 352 long keyctl_revoke_key(key_serial_t id) 353 { 354 key_ref_t key_ref; 355 long ret; 356 357 key_ref = lookup_user_key(id, 0, KEY_WRITE); 358 if (IS_ERR(key_ref)) { 359 ret = PTR_ERR(key_ref); 360 if (ret != -EACCES) 361 goto error; 362 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 363 if (IS_ERR(key_ref)) { 364 ret = PTR_ERR(key_ref); 365 goto error; 366 } 367 } 368 369 key_revoke(key_ref_to_ptr(key_ref)); 370 ret = 0; 371 372 key_ref_put(key_ref); 373 error: 374 return ret; 375 } 376 377 /* 378 * Invalidate a key. 379 * 380 * The key must be grant the caller Invalidate permission for this to work. 381 * The key and any links to the key will be automatically garbage collected 382 * immediately. 383 * 384 * If successful, 0 is returned. 385 */ 386 long keyctl_invalidate_key(key_serial_t id) 387 { 388 key_ref_t key_ref; 389 long ret; 390 391 kenter("%d", id); 392 393 key_ref = lookup_user_key(id, 0, KEY_SEARCH); 394 if (IS_ERR(key_ref)) { 395 ret = PTR_ERR(key_ref); 396 goto error; 397 } 398 399 key_invalidate(key_ref_to_ptr(key_ref)); 400 ret = 0; 401 402 key_ref_put(key_ref); 403 error: 404 kleave(" = %ld", ret); 405 return ret; 406 } 407 408 /* 409 * Clear the specified keyring, creating an empty process keyring if one of the 410 * special keyring IDs is used. 411 * 412 * The keyring must grant the caller Write permission for this to work. If 413 * successful, 0 will be returned. 414 */ 415 long keyctl_keyring_clear(key_serial_t ringid) 416 { 417 key_ref_t keyring_ref; 418 long ret; 419 420 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 421 if (IS_ERR(keyring_ref)) { 422 ret = PTR_ERR(keyring_ref); 423 424 /* Root is permitted to invalidate certain special keyrings */ 425 if (capable(CAP_SYS_ADMIN)) { 426 keyring_ref = lookup_user_key(ringid, 0, 0); 427 if (IS_ERR(keyring_ref)) 428 goto error; 429 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 430 &key_ref_to_ptr(keyring_ref)->flags)) 431 goto clear; 432 goto error_put; 433 } 434 435 goto error; 436 } 437 438 clear: 439 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 440 error_put: 441 key_ref_put(keyring_ref); 442 error: 443 return ret; 444 } 445 446 /* 447 * Create a link from a keyring to a key if there's no matching key in the 448 * keyring, otherwise replace the link to the matching key with a link to the 449 * new key. 450 * 451 * The key must grant the caller Link permission and the the keyring must grant 452 * the caller Write permission. Furthermore, if an additional link is created, 453 * the keyring's quota will be extended. 454 * 455 * If successful, 0 will be returned. 456 */ 457 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 458 { 459 key_ref_t keyring_ref, key_ref; 460 long ret; 461 462 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 463 if (IS_ERR(keyring_ref)) { 464 ret = PTR_ERR(keyring_ref); 465 goto error; 466 } 467 468 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 469 if (IS_ERR(key_ref)) { 470 ret = PTR_ERR(key_ref); 471 goto error2; 472 } 473 474 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 475 476 key_ref_put(key_ref); 477 error2: 478 key_ref_put(keyring_ref); 479 error: 480 return ret; 481 } 482 483 /* 484 * Unlink a key from a keyring. 485 * 486 * The keyring must grant the caller Write permission for this to work; the key 487 * itself need not grant the caller anything. If the last link to a key is 488 * removed then that key will be scheduled for destruction. 489 * 490 * If successful, 0 will be returned. 491 */ 492 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 493 { 494 key_ref_t keyring_ref, key_ref; 495 long ret; 496 497 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 498 if (IS_ERR(keyring_ref)) { 499 ret = PTR_ERR(keyring_ref); 500 goto error; 501 } 502 503 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 504 if (IS_ERR(key_ref)) { 505 ret = PTR_ERR(key_ref); 506 goto error2; 507 } 508 509 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 510 511 key_ref_put(key_ref); 512 error2: 513 key_ref_put(keyring_ref); 514 error: 515 return ret; 516 } 517 518 /* 519 * Return a description of a key to userspace. 520 * 521 * The key must grant the caller View permission for this to work. 522 * 523 * If there's a buffer, we place up to buflen bytes of data into it formatted 524 * in the following way: 525 * 526 * type;uid;gid;perm;description<NUL> 527 * 528 * If successful, we return the amount of description available, irrespective 529 * of how much we may have copied into the buffer. 530 */ 531 long keyctl_describe_key(key_serial_t keyid, 532 char __user *buffer, 533 size_t buflen) 534 { 535 struct key *key, *instkey; 536 key_ref_t key_ref; 537 char *tmpbuf; 538 long ret; 539 540 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 541 if (IS_ERR(key_ref)) { 542 /* viewing a key under construction is permitted if we have the 543 * authorisation token handy */ 544 if (PTR_ERR(key_ref) == -EACCES) { 545 instkey = key_get_instantiation_authkey(keyid); 546 if (!IS_ERR(instkey)) { 547 key_put(instkey); 548 key_ref = lookup_user_key(keyid, 549 KEY_LOOKUP_PARTIAL, 550 0); 551 if (!IS_ERR(key_ref)) 552 goto okay; 553 } 554 } 555 556 ret = PTR_ERR(key_ref); 557 goto error; 558 } 559 560 okay: 561 /* calculate how much description we're going to return */ 562 ret = -ENOMEM; 563 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 564 if (!tmpbuf) 565 goto error2; 566 567 key = key_ref_to_ptr(key_ref); 568 569 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 570 "%s;%d;%d;%08x;%s", 571 key->type->name, 572 from_kuid_munged(current_user_ns(), key->uid), 573 from_kgid_munged(current_user_ns(), key->gid), 574 key->perm, 575 key->description ?: ""); 576 577 /* include a NUL char at the end of the data */ 578 if (ret > PAGE_SIZE - 1) 579 ret = PAGE_SIZE - 1; 580 tmpbuf[ret] = 0; 581 ret++; 582 583 /* consider returning the data */ 584 if (buffer && buflen > 0) { 585 if (buflen > ret) 586 buflen = ret; 587 588 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 589 ret = -EFAULT; 590 } 591 592 kfree(tmpbuf); 593 error2: 594 key_ref_put(key_ref); 595 error: 596 return ret; 597 } 598 599 /* 600 * Search the specified keyring and any keyrings it links to for a matching 601 * key. Only keyrings that grant the caller Search permission will be searched 602 * (this includes the starting keyring). Only keys with Search permission can 603 * be found. 604 * 605 * If successful, the found key will be linked to the destination keyring if 606 * supplied and the key has Link permission, and the found key ID will be 607 * returned. 608 */ 609 long keyctl_keyring_search(key_serial_t ringid, 610 const char __user *_type, 611 const char __user *_description, 612 key_serial_t destringid) 613 { 614 struct key_type *ktype; 615 key_ref_t keyring_ref, key_ref, dest_ref; 616 char type[32], *description; 617 long ret; 618 619 /* pull the type and description into kernel space */ 620 ret = key_get_type_from_user(type, _type, sizeof(type)); 621 if (ret < 0) 622 goto error; 623 624 description = strndup_user(_description, PAGE_SIZE); 625 if (IS_ERR(description)) { 626 ret = PTR_ERR(description); 627 goto error; 628 } 629 630 /* get the keyring at which to begin the search */ 631 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 632 if (IS_ERR(keyring_ref)) { 633 ret = PTR_ERR(keyring_ref); 634 goto error2; 635 } 636 637 /* get the destination keyring if specified */ 638 dest_ref = NULL; 639 if (destringid) { 640 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 641 KEY_WRITE); 642 if (IS_ERR(dest_ref)) { 643 ret = PTR_ERR(dest_ref); 644 goto error3; 645 } 646 } 647 648 /* find the key type */ 649 ktype = key_type_lookup(type); 650 if (IS_ERR(ktype)) { 651 ret = PTR_ERR(ktype); 652 goto error4; 653 } 654 655 /* do the search */ 656 key_ref = keyring_search(keyring_ref, ktype, description); 657 if (IS_ERR(key_ref)) { 658 ret = PTR_ERR(key_ref); 659 660 /* treat lack or presence of a negative key the same */ 661 if (ret == -EAGAIN) 662 ret = -ENOKEY; 663 goto error5; 664 } 665 666 /* link the resulting key to the destination keyring if we can */ 667 if (dest_ref) { 668 ret = key_permission(key_ref, KEY_LINK); 669 if (ret < 0) 670 goto error6; 671 672 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 673 if (ret < 0) 674 goto error6; 675 } 676 677 ret = key_ref_to_ptr(key_ref)->serial; 678 679 error6: 680 key_ref_put(key_ref); 681 error5: 682 key_type_put(ktype); 683 error4: 684 key_ref_put(dest_ref); 685 error3: 686 key_ref_put(keyring_ref); 687 error2: 688 kfree(description); 689 error: 690 return ret; 691 } 692 693 /* 694 * Read a key's payload. 695 * 696 * The key must either grant the caller Read permission, or it must grant the 697 * caller Search permission when searched for from the process keyrings. 698 * 699 * If successful, we place up to buflen bytes of data into the buffer, if one 700 * is provided, and return the amount of data that is available in the key, 701 * irrespective of how much we copied into the buffer. 702 */ 703 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 704 { 705 struct key *key; 706 key_ref_t key_ref; 707 long ret; 708 709 /* find the key first */ 710 key_ref = lookup_user_key(keyid, 0, 0); 711 if (IS_ERR(key_ref)) { 712 ret = -ENOKEY; 713 goto error; 714 } 715 716 key = key_ref_to_ptr(key_ref); 717 718 /* see if we can read it directly */ 719 ret = key_permission(key_ref, KEY_READ); 720 if (ret == 0) 721 goto can_read_key; 722 if (ret != -EACCES) 723 goto error; 724 725 /* we can't; see if it's searchable from this process's keyrings 726 * - we automatically take account of the fact that it may be 727 * dangling off an instantiation key 728 */ 729 if (!is_key_possessed(key_ref)) { 730 ret = -EACCES; 731 goto error2; 732 } 733 734 /* the key is probably readable - now try to read it */ 735 can_read_key: 736 ret = key_validate(key); 737 if (ret == 0) { 738 ret = -EOPNOTSUPP; 739 if (key->type->read) { 740 /* read the data with the semaphore held (since we 741 * might sleep) */ 742 down_read(&key->sem); 743 ret = key->type->read(key, buffer, buflen); 744 up_read(&key->sem); 745 } 746 } 747 748 error2: 749 key_put(key); 750 error: 751 return ret; 752 } 753 754 /* 755 * Change the ownership of a key 756 * 757 * The key must grant the caller Setattr permission for this to work, though 758 * the key need not be fully instantiated yet. For the UID to be changed, or 759 * for the GID to be changed to a group the caller is not a member of, the 760 * caller must have sysadmin capability. If either uid or gid is -1 then that 761 * attribute is not changed. 762 * 763 * If the UID is to be changed, the new user must have sufficient quota to 764 * accept the key. The quota deduction will be removed from the old user to 765 * the new user should the attribute be changed. 766 * 767 * If successful, 0 will be returned. 768 */ 769 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 770 { 771 struct key_user *newowner, *zapowner = NULL; 772 struct key *key; 773 key_ref_t key_ref; 774 long ret; 775 kuid_t uid; 776 kgid_t gid; 777 778 uid = make_kuid(current_user_ns(), user); 779 gid = make_kgid(current_user_ns(), group); 780 ret = -EINVAL; 781 if ((user != (uid_t) -1) && !uid_valid(uid)) 782 goto error; 783 if ((group != (gid_t) -1) && !gid_valid(gid)) 784 goto error; 785 786 ret = 0; 787 if (user == (uid_t) -1 && group == (gid_t) -1) 788 goto error; 789 790 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 791 KEY_SETATTR); 792 if (IS_ERR(key_ref)) { 793 ret = PTR_ERR(key_ref); 794 goto error; 795 } 796 797 key = key_ref_to_ptr(key_ref); 798 799 /* make the changes with the locks held to prevent chown/chown races */ 800 ret = -EACCES; 801 down_write(&key->sem); 802 803 if (!capable(CAP_SYS_ADMIN)) { 804 /* only the sysadmin can chown a key to some other UID */ 805 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 806 goto error_put; 807 808 /* only the sysadmin can set the key's GID to a group other 809 * than one of those that the current process subscribes to */ 810 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 811 goto error_put; 812 } 813 814 /* change the UID */ 815 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 816 ret = -ENOMEM; 817 newowner = key_user_lookup(uid); 818 if (!newowner) 819 goto error_put; 820 821 /* transfer the quota burden to the new user */ 822 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 823 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 824 key_quota_root_maxkeys : key_quota_maxkeys; 825 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 826 key_quota_root_maxbytes : key_quota_maxbytes; 827 828 spin_lock(&newowner->lock); 829 if (newowner->qnkeys + 1 >= maxkeys || 830 newowner->qnbytes + key->quotalen >= maxbytes || 831 newowner->qnbytes + key->quotalen < 832 newowner->qnbytes) 833 goto quota_overrun; 834 835 newowner->qnkeys++; 836 newowner->qnbytes += key->quotalen; 837 spin_unlock(&newowner->lock); 838 839 spin_lock(&key->user->lock); 840 key->user->qnkeys--; 841 key->user->qnbytes -= key->quotalen; 842 spin_unlock(&key->user->lock); 843 } 844 845 atomic_dec(&key->user->nkeys); 846 atomic_inc(&newowner->nkeys); 847 848 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 849 atomic_dec(&key->user->nikeys); 850 atomic_inc(&newowner->nikeys); 851 } 852 853 zapowner = key->user; 854 key->user = newowner; 855 key->uid = uid; 856 } 857 858 /* change the GID */ 859 if (group != (gid_t) -1) 860 key->gid = gid; 861 862 ret = 0; 863 864 error_put: 865 up_write(&key->sem); 866 key_put(key); 867 if (zapowner) 868 key_user_put(zapowner); 869 error: 870 return ret; 871 872 quota_overrun: 873 spin_unlock(&newowner->lock); 874 zapowner = newowner; 875 ret = -EDQUOT; 876 goto error_put; 877 } 878 879 /* 880 * Change the permission mask on a key. 881 * 882 * The key must grant the caller Setattr permission for this to work, though 883 * the key need not be fully instantiated yet. If the caller does not have 884 * sysadmin capability, it may only change the permission on keys that it owns. 885 */ 886 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 887 { 888 struct key *key; 889 key_ref_t key_ref; 890 long ret; 891 892 ret = -EINVAL; 893 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 894 goto error; 895 896 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 897 KEY_SETATTR); 898 if (IS_ERR(key_ref)) { 899 ret = PTR_ERR(key_ref); 900 goto error; 901 } 902 903 key = key_ref_to_ptr(key_ref); 904 905 /* make the changes with the locks held to prevent chown/chmod races */ 906 ret = -EACCES; 907 down_write(&key->sem); 908 909 /* if we're not the sysadmin, we can only change a key that we own */ 910 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 911 key->perm = perm; 912 ret = 0; 913 } 914 915 up_write(&key->sem); 916 key_put(key); 917 error: 918 return ret; 919 } 920 921 /* 922 * Get the destination keyring for instantiation and check that the caller has 923 * Write permission on it. 924 */ 925 static long get_instantiation_keyring(key_serial_t ringid, 926 struct request_key_auth *rka, 927 struct key **_dest_keyring) 928 { 929 key_ref_t dkref; 930 931 *_dest_keyring = NULL; 932 933 /* just return a NULL pointer if we weren't asked to make a link */ 934 if (ringid == 0) 935 return 0; 936 937 /* if a specific keyring is nominated by ID, then use that */ 938 if (ringid > 0) { 939 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 940 if (IS_ERR(dkref)) 941 return PTR_ERR(dkref); 942 *_dest_keyring = key_ref_to_ptr(dkref); 943 return 0; 944 } 945 946 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 947 return -EINVAL; 948 949 /* otherwise specify the destination keyring recorded in the 950 * authorisation key (any KEY_SPEC_*_KEYRING) */ 951 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 952 *_dest_keyring = key_get(rka->dest_keyring); 953 return 0; 954 } 955 956 return -ENOKEY; 957 } 958 959 /* 960 * Change the request_key authorisation key on the current process. 961 */ 962 static int keyctl_change_reqkey_auth(struct key *key) 963 { 964 struct cred *new; 965 966 new = prepare_creds(); 967 if (!new) 968 return -ENOMEM; 969 970 key_put(new->request_key_auth); 971 new->request_key_auth = key_get(key); 972 973 return commit_creds(new); 974 } 975 976 /* 977 * Copy the iovec data from userspace 978 */ 979 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 980 unsigned ioc) 981 { 982 for (; ioc > 0; ioc--) { 983 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 984 return -EFAULT; 985 buffer += iov->iov_len; 986 iov++; 987 } 988 return 0; 989 } 990 991 /* 992 * Instantiate a key with the specified payload and link the key into the 993 * destination keyring if one is given. 994 * 995 * The caller must have the appropriate instantiation permit set for this to 996 * work (see keyctl_assume_authority). No other permissions are required. 997 * 998 * If successful, 0 will be returned. 999 */ 1000 long keyctl_instantiate_key_common(key_serial_t id, 1001 const struct iovec *payload_iov, 1002 unsigned ioc, 1003 size_t plen, 1004 key_serial_t ringid) 1005 { 1006 const struct cred *cred = current_cred(); 1007 struct request_key_auth *rka; 1008 struct key *instkey, *dest_keyring; 1009 void *payload; 1010 long ret; 1011 bool vm = false; 1012 1013 kenter("%d,,%zu,%d", id, plen, ringid); 1014 1015 ret = -EINVAL; 1016 if (plen > 1024 * 1024 - 1) 1017 goto error; 1018 1019 /* the appropriate instantiation authorisation key must have been 1020 * assumed before calling this */ 1021 ret = -EPERM; 1022 instkey = cred->request_key_auth; 1023 if (!instkey) 1024 goto error; 1025 1026 rka = instkey->payload.data; 1027 if (rka->target_key->serial != id) 1028 goto error; 1029 1030 /* pull the payload in if one was supplied */ 1031 payload = NULL; 1032 1033 if (payload_iov) { 1034 ret = -ENOMEM; 1035 payload = kmalloc(plen, GFP_KERNEL); 1036 if (!payload) { 1037 if (plen <= PAGE_SIZE) 1038 goto error; 1039 vm = true; 1040 payload = vmalloc(plen); 1041 if (!payload) 1042 goto error; 1043 } 1044 1045 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1046 if (ret < 0) 1047 goto error2; 1048 } 1049 1050 /* find the destination keyring amongst those belonging to the 1051 * requesting task */ 1052 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1053 if (ret < 0) 1054 goto error2; 1055 1056 /* instantiate the key and link it into a keyring */ 1057 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1058 dest_keyring, instkey); 1059 1060 key_put(dest_keyring); 1061 1062 /* discard the assumed authority if it's just been disabled by 1063 * instantiation of the key */ 1064 if (ret == 0) 1065 keyctl_change_reqkey_auth(NULL); 1066 1067 error2: 1068 if (!vm) 1069 kfree(payload); 1070 else 1071 vfree(payload); 1072 error: 1073 return ret; 1074 } 1075 1076 /* 1077 * Instantiate a key with the specified payload and link the key into the 1078 * destination keyring if one is given. 1079 * 1080 * The caller must have the appropriate instantiation permit set for this to 1081 * work (see keyctl_assume_authority). No other permissions are required. 1082 * 1083 * If successful, 0 will be returned. 1084 */ 1085 long keyctl_instantiate_key(key_serial_t id, 1086 const void __user *_payload, 1087 size_t plen, 1088 key_serial_t ringid) 1089 { 1090 if (_payload && plen) { 1091 struct iovec iov[1] = { 1092 [0].iov_base = (void __user *)_payload, 1093 [0].iov_len = plen 1094 }; 1095 1096 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1097 } 1098 1099 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1100 } 1101 1102 /* 1103 * Instantiate a key with the specified multipart payload and link the key into 1104 * the destination keyring if one is given. 1105 * 1106 * The caller must have the appropriate instantiation permit set for this to 1107 * work (see keyctl_assume_authority). No other permissions are required. 1108 * 1109 * If successful, 0 will be returned. 1110 */ 1111 long keyctl_instantiate_key_iov(key_serial_t id, 1112 const struct iovec __user *_payload_iov, 1113 unsigned ioc, 1114 key_serial_t ringid) 1115 { 1116 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1117 long ret; 1118 1119 if (!_payload_iov || !ioc) 1120 goto no_payload; 1121 1122 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1123 ARRAY_SIZE(iovstack), iovstack, &iov); 1124 if (ret < 0) 1125 return ret; 1126 if (ret == 0) 1127 goto no_payload_free; 1128 1129 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1130 1131 if (iov != iovstack) 1132 kfree(iov); 1133 return ret; 1134 1135 no_payload_free: 1136 if (iov != iovstack) 1137 kfree(iov); 1138 no_payload: 1139 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1140 } 1141 1142 /* 1143 * Negatively instantiate the key with the given timeout (in seconds) and link 1144 * the key into the destination keyring if one is given. 1145 * 1146 * The caller must have the appropriate instantiation permit set for this to 1147 * work (see keyctl_assume_authority). No other permissions are required. 1148 * 1149 * The key and any links to the key will be automatically garbage collected 1150 * after the timeout expires. 1151 * 1152 * Negative keys are used to rate limit repeated request_key() calls by causing 1153 * them to return -ENOKEY until the negative key expires. 1154 * 1155 * If successful, 0 will be returned. 1156 */ 1157 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1158 { 1159 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1160 } 1161 1162 /* 1163 * Negatively instantiate the key with the given timeout (in seconds) and error 1164 * code and link the key into the destination keyring if one is given. 1165 * 1166 * The caller must have the appropriate instantiation permit set for this to 1167 * work (see keyctl_assume_authority). No other permissions are required. 1168 * 1169 * The key and any links to the key will be automatically garbage collected 1170 * after the timeout expires. 1171 * 1172 * Negative keys are used to rate limit repeated request_key() calls by causing 1173 * them to return the specified error code until the negative key expires. 1174 * 1175 * If successful, 0 will be returned. 1176 */ 1177 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1178 key_serial_t ringid) 1179 { 1180 const struct cred *cred = current_cred(); 1181 struct request_key_auth *rka; 1182 struct key *instkey, *dest_keyring; 1183 long ret; 1184 1185 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1186 1187 /* must be a valid error code and mustn't be a kernel special */ 1188 if (error <= 0 || 1189 error >= MAX_ERRNO || 1190 error == ERESTARTSYS || 1191 error == ERESTARTNOINTR || 1192 error == ERESTARTNOHAND || 1193 error == ERESTART_RESTARTBLOCK) 1194 return -EINVAL; 1195 1196 /* the appropriate instantiation authorisation key must have been 1197 * assumed before calling this */ 1198 ret = -EPERM; 1199 instkey = cred->request_key_auth; 1200 if (!instkey) 1201 goto error; 1202 1203 rka = instkey->payload.data; 1204 if (rka->target_key->serial != id) 1205 goto error; 1206 1207 /* find the destination keyring if present (which must also be 1208 * writable) */ 1209 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1210 if (ret < 0) 1211 goto error; 1212 1213 /* instantiate the key and link it into a keyring */ 1214 ret = key_reject_and_link(rka->target_key, timeout, error, 1215 dest_keyring, instkey); 1216 1217 key_put(dest_keyring); 1218 1219 /* discard the assumed authority if it's just been disabled by 1220 * instantiation of the key */ 1221 if (ret == 0) 1222 keyctl_change_reqkey_auth(NULL); 1223 1224 error: 1225 return ret; 1226 } 1227 1228 /* 1229 * Read or set the default keyring in which request_key() will cache keys and 1230 * return the old setting. 1231 * 1232 * If a process keyring is specified then this will be created if it doesn't 1233 * yet exist. The old setting will be returned if successful. 1234 */ 1235 long keyctl_set_reqkey_keyring(int reqkey_defl) 1236 { 1237 struct cred *new; 1238 int ret, old_setting; 1239 1240 old_setting = current_cred_xxx(jit_keyring); 1241 1242 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1243 return old_setting; 1244 1245 new = prepare_creds(); 1246 if (!new) 1247 return -ENOMEM; 1248 1249 switch (reqkey_defl) { 1250 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1251 ret = install_thread_keyring_to_cred(new); 1252 if (ret < 0) 1253 goto error; 1254 goto set; 1255 1256 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1257 ret = install_process_keyring_to_cred(new); 1258 if (ret < 0) { 1259 if (ret != -EEXIST) 1260 goto error; 1261 ret = 0; 1262 } 1263 goto set; 1264 1265 case KEY_REQKEY_DEFL_DEFAULT: 1266 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1267 case KEY_REQKEY_DEFL_USER_KEYRING: 1268 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1269 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1270 goto set; 1271 1272 case KEY_REQKEY_DEFL_NO_CHANGE: 1273 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1274 default: 1275 ret = -EINVAL; 1276 goto error; 1277 } 1278 1279 set: 1280 new->jit_keyring = reqkey_defl; 1281 commit_creds(new); 1282 return old_setting; 1283 error: 1284 abort_creds(new); 1285 return ret; 1286 } 1287 1288 /* 1289 * Set or clear the timeout on a key. 1290 * 1291 * Either the key must grant the caller Setattr permission or else the caller 1292 * must hold an instantiation authorisation token for the key. 1293 * 1294 * The timeout is either 0 to clear the timeout, or a number of seconds from 1295 * the current time. The key and any links to the key will be automatically 1296 * garbage collected after the timeout expires. 1297 * 1298 * If successful, 0 is returned. 1299 */ 1300 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1301 { 1302 struct key *key, *instkey; 1303 key_ref_t key_ref; 1304 long ret; 1305 1306 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1307 KEY_SETATTR); 1308 if (IS_ERR(key_ref)) { 1309 /* setting the timeout on a key under construction is permitted 1310 * if we have the authorisation token handy */ 1311 if (PTR_ERR(key_ref) == -EACCES) { 1312 instkey = key_get_instantiation_authkey(id); 1313 if (!IS_ERR(instkey)) { 1314 key_put(instkey); 1315 key_ref = lookup_user_key(id, 1316 KEY_LOOKUP_PARTIAL, 1317 0); 1318 if (!IS_ERR(key_ref)) 1319 goto okay; 1320 } 1321 } 1322 1323 ret = PTR_ERR(key_ref); 1324 goto error; 1325 } 1326 1327 okay: 1328 key = key_ref_to_ptr(key_ref); 1329 key_set_timeout(key, timeout); 1330 key_put(key); 1331 1332 ret = 0; 1333 error: 1334 return ret; 1335 } 1336 1337 /* 1338 * Assume (or clear) the authority to instantiate the specified key. 1339 * 1340 * This sets the authoritative token currently in force for key instantiation. 1341 * This must be done for a key to be instantiated. It has the effect of making 1342 * available all the keys from the caller of the request_key() that created a 1343 * key to request_key() calls made by the caller of this function. 1344 * 1345 * The caller must have the instantiation key in their process keyrings with a 1346 * Search permission grant available to the caller. 1347 * 1348 * If the ID given is 0, then the setting will be cleared and 0 returned. 1349 * 1350 * If the ID given has a matching an authorisation key, then that key will be 1351 * set and its ID will be returned. The authorisation key can be read to get 1352 * the callout information passed to request_key(). 1353 */ 1354 long keyctl_assume_authority(key_serial_t id) 1355 { 1356 struct key *authkey; 1357 long ret; 1358 1359 /* special key IDs aren't permitted */ 1360 ret = -EINVAL; 1361 if (id < 0) 1362 goto error; 1363 1364 /* we divest ourselves of authority if given an ID of 0 */ 1365 if (id == 0) { 1366 ret = keyctl_change_reqkey_auth(NULL); 1367 goto error; 1368 } 1369 1370 /* attempt to assume the authority temporarily granted to us whilst we 1371 * instantiate the specified key 1372 * - the authorisation key must be in the current task's keyrings 1373 * somewhere 1374 */ 1375 authkey = key_get_instantiation_authkey(id); 1376 if (IS_ERR(authkey)) { 1377 ret = PTR_ERR(authkey); 1378 goto error; 1379 } 1380 1381 ret = keyctl_change_reqkey_auth(authkey); 1382 if (ret < 0) 1383 goto error; 1384 key_put(authkey); 1385 1386 ret = authkey->serial; 1387 error: 1388 return ret; 1389 } 1390 1391 /* 1392 * Get a key's the LSM security label. 1393 * 1394 * The key must grant the caller View permission for this to work. 1395 * 1396 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1397 * 1398 * If successful, the amount of information available will be returned, 1399 * irrespective of how much was copied (including the terminal NUL). 1400 */ 1401 long keyctl_get_security(key_serial_t keyid, 1402 char __user *buffer, 1403 size_t buflen) 1404 { 1405 struct key *key, *instkey; 1406 key_ref_t key_ref; 1407 char *context; 1408 long ret; 1409 1410 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1411 if (IS_ERR(key_ref)) { 1412 if (PTR_ERR(key_ref) != -EACCES) 1413 return PTR_ERR(key_ref); 1414 1415 /* viewing a key under construction is also permitted if we 1416 * have the authorisation token handy */ 1417 instkey = key_get_instantiation_authkey(keyid); 1418 if (IS_ERR(instkey)) 1419 return PTR_ERR(instkey); 1420 key_put(instkey); 1421 1422 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1423 if (IS_ERR(key_ref)) 1424 return PTR_ERR(key_ref); 1425 } 1426 1427 key = key_ref_to_ptr(key_ref); 1428 ret = security_key_getsecurity(key, &context); 1429 if (ret == 0) { 1430 /* if no information was returned, give userspace an empty 1431 * string */ 1432 ret = 1; 1433 if (buffer && buflen > 0 && 1434 copy_to_user(buffer, "", 1) != 0) 1435 ret = -EFAULT; 1436 } else if (ret > 0) { 1437 /* return as much data as there's room for */ 1438 if (buffer && buflen > 0) { 1439 if (buflen > ret) 1440 buflen = ret; 1441 1442 if (copy_to_user(buffer, context, buflen) != 0) 1443 ret = -EFAULT; 1444 } 1445 1446 kfree(context); 1447 } 1448 1449 key_ref_put(key_ref); 1450 return ret; 1451 } 1452 1453 /* 1454 * Attempt to install the calling process's session keyring on the process's 1455 * parent process. 1456 * 1457 * The keyring must exist and must grant the caller LINK permission, and the 1458 * parent process must be single-threaded and must have the same effective 1459 * ownership as this process and mustn't be SUID/SGID. 1460 * 1461 * The keyring will be emplaced on the parent when it next resumes userspace. 1462 * 1463 * If successful, 0 will be returned. 1464 */ 1465 long keyctl_session_to_parent(void) 1466 { 1467 struct task_struct *me, *parent; 1468 const struct cred *mycred, *pcred; 1469 struct callback_head *newwork, *oldwork; 1470 key_ref_t keyring_r; 1471 struct cred *cred; 1472 int ret; 1473 1474 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1475 if (IS_ERR(keyring_r)) 1476 return PTR_ERR(keyring_r); 1477 1478 ret = -ENOMEM; 1479 1480 /* our parent is going to need a new cred struct, a new tgcred struct 1481 * and new security data, so we allocate them here to prevent ENOMEM in 1482 * our parent */ 1483 cred = cred_alloc_blank(); 1484 if (!cred) 1485 goto error_keyring; 1486 newwork = &cred->rcu; 1487 1488 cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r); 1489 init_task_work(newwork, key_change_session_keyring); 1490 1491 me = current; 1492 rcu_read_lock(); 1493 write_lock_irq(&tasklist_lock); 1494 1495 ret = -EPERM; 1496 oldwork = NULL; 1497 parent = me->real_parent; 1498 1499 /* the parent mustn't be init and mustn't be a kernel thread */ 1500 if (parent->pid <= 1 || !parent->mm) 1501 goto unlock; 1502 1503 /* the parent must be single threaded */ 1504 if (!thread_group_empty(parent)) 1505 goto unlock; 1506 1507 /* the parent and the child must have different session keyrings or 1508 * there's no point */ 1509 mycred = current_cred(); 1510 pcred = __task_cred(parent); 1511 if (mycred == pcred || 1512 mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) { 1513 ret = 0; 1514 goto unlock; 1515 } 1516 1517 /* the parent must have the same effective ownership and mustn't be 1518 * SUID/SGID */ 1519 if (!uid_eq(pcred->uid, mycred->euid) || 1520 !uid_eq(pcred->euid, mycred->euid) || 1521 !uid_eq(pcred->suid, mycred->euid) || 1522 !gid_eq(pcred->gid, mycred->egid) || 1523 !gid_eq(pcred->egid, mycred->egid) || 1524 !gid_eq(pcred->sgid, mycred->egid)) 1525 goto unlock; 1526 1527 /* the keyrings must have the same UID */ 1528 if ((pcred->tgcred->session_keyring && 1529 !uid_eq(pcred->tgcred->session_keyring->uid, mycred->euid)) || 1530 !uid_eq(mycred->tgcred->session_keyring->uid, mycred->euid)) 1531 goto unlock; 1532 1533 /* cancel an already pending keyring replacement */ 1534 oldwork = task_work_cancel(parent, key_change_session_keyring); 1535 1536 /* the replacement session keyring is applied just prior to userspace 1537 * restarting */ 1538 ret = task_work_add(parent, newwork, true); 1539 if (!ret) 1540 newwork = NULL; 1541 unlock: 1542 write_unlock_irq(&tasklist_lock); 1543 rcu_read_unlock(); 1544 if (oldwork) 1545 put_cred(container_of(oldwork, struct cred, rcu)); 1546 if (newwork) 1547 put_cred(cred); 1548 return ret; 1549 1550 error_keyring: 1551 key_ref_put(keyring_r); 1552 return ret; 1553 } 1554 1555 /* 1556 * The key control system call 1557 */ 1558 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1559 unsigned long, arg4, unsigned long, arg5) 1560 { 1561 switch (option) { 1562 case KEYCTL_GET_KEYRING_ID: 1563 return keyctl_get_keyring_ID((key_serial_t) arg2, 1564 (int) arg3); 1565 1566 case KEYCTL_JOIN_SESSION_KEYRING: 1567 return keyctl_join_session_keyring((const char __user *) arg2); 1568 1569 case KEYCTL_UPDATE: 1570 return keyctl_update_key((key_serial_t) arg2, 1571 (const void __user *) arg3, 1572 (size_t) arg4); 1573 1574 case KEYCTL_REVOKE: 1575 return keyctl_revoke_key((key_serial_t) arg2); 1576 1577 case KEYCTL_DESCRIBE: 1578 return keyctl_describe_key((key_serial_t) arg2, 1579 (char __user *) arg3, 1580 (unsigned) arg4); 1581 1582 case KEYCTL_CLEAR: 1583 return keyctl_keyring_clear((key_serial_t) arg2); 1584 1585 case KEYCTL_LINK: 1586 return keyctl_keyring_link((key_serial_t) arg2, 1587 (key_serial_t) arg3); 1588 1589 case KEYCTL_UNLINK: 1590 return keyctl_keyring_unlink((key_serial_t) arg2, 1591 (key_serial_t) arg3); 1592 1593 case KEYCTL_SEARCH: 1594 return keyctl_keyring_search((key_serial_t) arg2, 1595 (const char __user *) arg3, 1596 (const char __user *) arg4, 1597 (key_serial_t) arg5); 1598 1599 case KEYCTL_READ: 1600 return keyctl_read_key((key_serial_t) arg2, 1601 (char __user *) arg3, 1602 (size_t) arg4); 1603 1604 case KEYCTL_CHOWN: 1605 return keyctl_chown_key((key_serial_t) arg2, 1606 (uid_t) arg3, 1607 (gid_t) arg4); 1608 1609 case KEYCTL_SETPERM: 1610 return keyctl_setperm_key((key_serial_t) arg2, 1611 (key_perm_t) arg3); 1612 1613 case KEYCTL_INSTANTIATE: 1614 return keyctl_instantiate_key((key_serial_t) arg2, 1615 (const void __user *) arg3, 1616 (size_t) arg4, 1617 (key_serial_t) arg5); 1618 1619 case KEYCTL_NEGATE: 1620 return keyctl_negate_key((key_serial_t) arg2, 1621 (unsigned) arg3, 1622 (key_serial_t) arg4); 1623 1624 case KEYCTL_SET_REQKEY_KEYRING: 1625 return keyctl_set_reqkey_keyring(arg2); 1626 1627 case KEYCTL_SET_TIMEOUT: 1628 return keyctl_set_timeout((key_serial_t) arg2, 1629 (unsigned) arg3); 1630 1631 case KEYCTL_ASSUME_AUTHORITY: 1632 return keyctl_assume_authority((key_serial_t) arg2); 1633 1634 case KEYCTL_GET_SECURITY: 1635 return keyctl_get_security((key_serial_t) arg2, 1636 (char __user *) arg3, 1637 (size_t) arg4); 1638 1639 case KEYCTL_SESSION_TO_PARENT: 1640 return keyctl_session_to_parent(); 1641 1642 case KEYCTL_REJECT: 1643 return keyctl_reject_key((key_serial_t) arg2, 1644 (unsigned) arg3, 1645 (unsigned) arg4, 1646 (key_serial_t) arg5); 1647 1648 case KEYCTL_INSTANTIATE_IOV: 1649 return keyctl_instantiate_key_iov( 1650 (key_serial_t) arg2, 1651 (const struct iovec __user *) arg3, 1652 (unsigned) arg4, 1653 (key_serial_t) arg5); 1654 1655 case KEYCTL_INVALIDATE: 1656 return keyctl_invalidate_key((key_serial_t) arg2); 1657 1658 default: 1659 return -EOPNOTSUPP; 1660 } 1661 } 1662