1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <linux/uio.h> 26 #include <asm/uaccess.h> 27 #include "internal.h" 28 29 static int key_get_type_from_user(char *type, 30 const char __user *_type, 31 unsigned len) 32 { 33 int ret; 34 35 ret = strncpy_from_user(type, _type, len); 36 if (ret < 0) 37 return ret; 38 if (ret == 0 || ret >= len) 39 return -EINVAL; 40 if (type[0] == '.') 41 return -EPERM; 42 type[len - 1] = '\0'; 43 return 0; 44 } 45 46 /* 47 * Extract the description of a new key from userspace and either add it as a 48 * new key to the specified keyring or update a matching key in that keyring. 49 * 50 * If the description is NULL or an empty string, the key type is asked to 51 * generate one from the payload. 52 * 53 * The keyring must be writable so that we can attach the key to it. 54 * 55 * If successful, the new key's serial number is returned, otherwise an error 56 * code is returned. 57 */ 58 SYSCALL_DEFINE5(add_key, const char __user *, _type, 59 const char __user *, _description, 60 const void __user *, _payload, 61 size_t, plen, 62 key_serial_t, ringid) 63 { 64 key_ref_t keyring_ref, key_ref; 65 char type[32], *description; 66 void *payload; 67 long ret; 68 bool vm; 69 70 ret = -EINVAL; 71 if (plen > 1024 * 1024 - 1) 72 goto error; 73 74 /* draw all the data into kernel space */ 75 ret = key_get_type_from_user(type, _type, sizeof(type)); 76 if (ret < 0) 77 goto error; 78 79 description = NULL; 80 if (_description) { 81 description = strndup_user(_description, PAGE_SIZE); 82 if (IS_ERR(description)) { 83 ret = PTR_ERR(description); 84 goto error; 85 } 86 if (!*description) { 87 kfree(description); 88 description = NULL; 89 } 90 } 91 92 /* pull the payload in if one was supplied */ 93 payload = NULL; 94 95 vm = false; 96 if (_payload) { 97 ret = -ENOMEM; 98 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 99 if (!payload) { 100 if (plen <= PAGE_SIZE) 101 goto error2; 102 vm = true; 103 payload = vmalloc(plen); 104 if (!payload) 105 goto error2; 106 } 107 108 ret = -EFAULT; 109 if (copy_from_user(payload, _payload, plen) != 0) 110 goto error3; 111 } 112 113 /* find the target keyring (which must be writable) */ 114 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 115 if (IS_ERR(keyring_ref)) { 116 ret = PTR_ERR(keyring_ref); 117 goto error3; 118 } 119 120 /* create or update the requested key and add it to the target 121 * keyring */ 122 key_ref = key_create_or_update(keyring_ref, type, description, 123 payload, plen, KEY_PERM_UNDEF, 124 KEY_ALLOC_IN_QUOTA); 125 if (!IS_ERR(key_ref)) { 126 ret = key_ref_to_ptr(key_ref)->serial; 127 key_ref_put(key_ref); 128 } 129 else { 130 ret = PTR_ERR(key_ref); 131 } 132 133 key_ref_put(keyring_ref); 134 error3: 135 if (!vm) 136 kfree(payload); 137 else 138 vfree(payload); 139 error2: 140 kfree(description); 141 error: 142 return ret; 143 } 144 145 /* 146 * Search the process keyrings and keyring trees linked from those for a 147 * matching key. Keyrings must have appropriate Search permission to be 148 * searched. 149 * 150 * If a key is found, it will be attached to the destination keyring if there's 151 * one specified and the serial number of the key will be returned. 152 * 153 * If no key is found, /sbin/request-key will be invoked if _callout_info is 154 * non-NULL in an attempt to create a key. The _callout_info string will be 155 * passed to /sbin/request-key to aid with completing the request. If the 156 * _callout_info string is "" then it will be changed to "-". 157 */ 158 SYSCALL_DEFINE4(request_key, const char __user *, _type, 159 const char __user *, _description, 160 const char __user *, _callout_info, 161 key_serial_t, destringid) 162 { 163 struct key_type *ktype; 164 struct key *key; 165 key_ref_t dest_ref; 166 size_t callout_len; 167 char type[32], *description, *callout_info; 168 long ret; 169 170 /* pull the type into kernel space */ 171 ret = key_get_type_from_user(type, _type, sizeof(type)); 172 if (ret < 0) 173 goto error; 174 175 /* pull the description into kernel space */ 176 description = strndup_user(_description, PAGE_SIZE); 177 if (IS_ERR(description)) { 178 ret = PTR_ERR(description); 179 goto error; 180 } 181 182 /* pull the callout info into kernel space */ 183 callout_info = NULL; 184 callout_len = 0; 185 if (_callout_info) { 186 callout_info = strndup_user(_callout_info, PAGE_SIZE); 187 if (IS_ERR(callout_info)) { 188 ret = PTR_ERR(callout_info); 189 goto error2; 190 } 191 callout_len = strlen(callout_info); 192 } 193 194 /* get the destination keyring if specified */ 195 dest_ref = NULL; 196 if (destringid) { 197 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 198 KEY_WRITE); 199 if (IS_ERR(dest_ref)) { 200 ret = PTR_ERR(dest_ref); 201 goto error3; 202 } 203 } 204 205 /* find the key type */ 206 ktype = key_type_lookup(type); 207 if (IS_ERR(ktype)) { 208 ret = PTR_ERR(ktype); 209 goto error4; 210 } 211 212 /* do the search */ 213 key = request_key_and_link(ktype, description, callout_info, 214 callout_len, NULL, key_ref_to_ptr(dest_ref), 215 KEY_ALLOC_IN_QUOTA); 216 if (IS_ERR(key)) { 217 ret = PTR_ERR(key); 218 goto error5; 219 } 220 221 /* wait for the key to finish being constructed */ 222 ret = wait_for_key_construction(key, 1); 223 if (ret < 0) 224 goto error6; 225 226 ret = key->serial; 227 228 error6: 229 key_put(key); 230 error5: 231 key_type_put(ktype); 232 error4: 233 key_ref_put(dest_ref); 234 error3: 235 kfree(callout_info); 236 error2: 237 kfree(description); 238 error: 239 return ret; 240 } 241 242 /* 243 * Get the ID of the specified process keyring. 244 * 245 * The requested keyring must have search permission to be found. 246 * 247 * If successful, the ID of the requested keyring will be returned. 248 */ 249 long keyctl_get_keyring_ID(key_serial_t id, int create) 250 { 251 key_ref_t key_ref; 252 unsigned long lflags; 253 long ret; 254 255 lflags = create ? KEY_LOOKUP_CREATE : 0; 256 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 257 if (IS_ERR(key_ref)) { 258 ret = PTR_ERR(key_ref); 259 goto error; 260 } 261 262 ret = key_ref_to_ptr(key_ref)->serial; 263 key_ref_put(key_ref); 264 error: 265 return ret; 266 } 267 268 /* 269 * Join a (named) session keyring. 270 * 271 * Create and join an anonymous session keyring or join a named session 272 * keyring, creating it if necessary. A named session keyring must have Search 273 * permission for it to be joined. Session keyrings without this permit will 274 * be skipped over. 275 * 276 * If successful, the ID of the joined session keyring will be returned. 277 */ 278 long keyctl_join_session_keyring(const char __user *_name) 279 { 280 char *name; 281 long ret; 282 283 /* fetch the name from userspace */ 284 name = NULL; 285 if (_name) { 286 name = strndup_user(_name, PAGE_SIZE); 287 if (IS_ERR(name)) { 288 ret = PTR_ERR(name); 289 goto error; 290 } 291 } 292 293 /* join the session */ 294 ret = join_session_keyring(name); 295 kfree(name); 296 297 error: 298 return ret; 299 } 300 301 /* 302 * Update a key's data payload from the given data. 303 * 304 * The key must grant the caller Write permission and the key type must support 305 * updating for this to work. A negative key can be positively instantiated 306 * with this call. 307 * 308 * If successful, 0 will be returned. If the key type does not support 309 * updating, then -EOPNOTSUPP will be returned. 310 */ 311 long keyctl_update_key(key_serial_t id, 312 const void __user *_payload, 313 size_t plen) 314 { 315 key_ref_t key_ref; 316 void *payload; 317 long ret; 318 319 ret = -EINVAL; 320 if (plen > PAGE_SIZE) 321 goto error; 322 323 /* pull the payload in if one was supplied */ 324 payload = NULL; 325 if (_payload) { 326 ret = -ENOMEM; 327 payload = kmalloc(plen, GFP_KERNEL); 328 if (!payload) 329 goto error; 330 331 ret = -EFAULT; 332 if (copy_from_user(payload, _payload, plen) != 0) 333 goto error2; 334 } 335 336 /* find the target key (which must be writable) */ 337 key_ref = lookup_user_key(id, 0, KEY_WRITE); 338 if (IS_ERR(key_ref)) { 339 ret = PTR_ERR(key_ref); 340 goto error2; 341 } 342 343 /* update the key */ 344 ret = key_update(key_ref, payload, plen); 345 346 key_ref_put(key_ref); 347 error2: 348 kfree(payload); 349 error: 350 return ret; 351 } 352 353 /* 354 * Revoke a key. 355 * 356 * The key must be grant the caller Write or Setattr permission for this to 357 * work. The key type should give up its quota claim when revoked. The key 358 * and any links to the key will be automatically garbage collected after a 359 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 360 * 361 * If successful, 0 is returned. 362 */ 363 long keyctl_revoke_key(key_serial_t id) 364 { 365 key_ref_t key_ref; 366 long ret; 367 368 key_ref = lookup_user_key(id, 0, KEY_WRITE); 369 if (IS_ERR(key_ref)) { 370 ret = PTR_ERR(key_ref); 371 if (ret != -EACCES) 372 goto error; 373 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 374 if (IS_ERR(key_ref)) { 375 ret = PTR_ERR(key_ref); 376 goto error; 377 } 378 } 379 380 key_revoke(key_ref_to_ptr(key_ref)); 381 ret = 0; 382 383 key_ref_put(key_ref); 384 error: 385 return ret; 386 } 387 388 /* 389 * Invalidate a key. 390 * 391 * The key must be grant the caller Invalidate permission for this to work. 392 * The key and any links to the key will be automatically garbage collected 393 * immediately. 394 * 395 * If successful, 0 is returned. 396 */ 397 long keyctl_invalidate_key(key_serial_t id) 398 { 399 key_ref_t key_ref; 400 long ret; 401 402 kenter("%d", id); 403 404 key_ref = lookup_user_key(id, 0, KEY_SEARCH); 405 if (IS_ERR(key_ref)) { 406 ret = PTR_ERR(key_ref); 407 goto error; 408 } 409 410 key_invalidate(key_ref_to_ptr(key_ref)); 411 ret = 0; 412 413 key_ref_put(key_ref); 414 error: 415 kleave(" = %ld", ret); 416 return ret; 417 } 418 419 /* 420 * Clear the specified keyring, creating an empty process keyring if one of the 421 * special keyring IDs is used. 422 * 423 * The keyring must grant the caller Write permission for this to work. If 424 * successful, 0 will be returned. 425 */ 426 long keyctl_keyring_clear(key_serial_t ringid) 427 { 428 key_ref_t keyring_ref; 429 long ret; 430 431 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 432 if (IS_ERR(keyring_ref)) { 433 ret = PTR_ERR(keyring_ref); 434 435 /* Root is permitted to invalidate certain special keyrings */ 436 if (capable(CAP_SYS_ADMIN)) { 437 keyring_ref = lookup_user_key(ringid, 0, 0); 438 if (IS_ERR(keyring_ref)) 439 goto error; 440 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 441 &key_ref_to_ptr(keyring_ref)->flags)) 442 goto clear; 443 goto error_put; 444 } 445 446 goto error; 447 } 448 449 clear: 450 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 451 error_put: 452 key_ref_put(keyring_ref); 453 error: 454 return ret; 455 } 456 457 /* 458 * Create a link from a keyring to a key if there's no matching key in the 459 * keyring, otherwise replace the link to the matching key with a link to the 460 * new key. 461 * 462 * The key must grant the caller Link permission and the the keyring must grant 463 * the caller Write permission. Furthermore, if an additional link is created, 464 * the keyring's quota will be extended. 465 * 466 * If successful, 0 will be returned. 467 */ 468 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 469 { 470 key_ref_t keyring_ref, key_ref; 471 long ret; 472 473 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 474 if (IS_ERR(keyring_ref)) { 475 ret = PTR_ERR(keyring_ref); 476 goto error; 477 } 478 479 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 480 if (IS_ERR(key_ref)) { 481 ret = PTR_ERR(key_ref); 482 goto error2; 483 } 484 485 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 486 487 key_ref_put(key_ref); 488 error2: 489 key_ref_put(keyring_ref); 490 error: 491 return ret; 492 } 493 494 /* 495 * Unlink a key from a keyring. 496 * 497 * The keyring must grant the caller Write permission for this to work; the key 498 * itself need not grant the caller anything. If the last link to a key is 499 * removed then that key will be scheduled for destruction. 500 * 501 * If successful, 0 will be returned. 502 */ 503 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 504 { 505 key_ref_t keyring_ref, key_ref; 506 long ret; 507 508 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 509 if (IS_ERR(keyring_ref)) { 510 ret = PTR_ERR(keyring_ref); 511 goto error; 512 } 513 514 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 515 if (IS_ERR(key_ref)) { 516 ret = PTR_ERR(key_ref); 517 goto error2; 518 } 519 520 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 521 522 key_ref_put(key_ref); 523 error2: 524 key_ref_put(keyring_ref); 525 error: 526 return ret; 527 } 528 529 /* 530 * Return a description of a key to userspace. 531 * 532 * The key must grant the caller View permission for this to work. 533 * 534 * If there's a buffer, we place up to buflen bytes of data into it formatted 535 * in the following way: 536 * 537 * type;uid;gid;perm;description<NUL> 538 * 539 * If successful, we return the amount of description available, irrespective 540 * of how much we may have copied into the buffer. 541 */ 542 long keyctl_describe_key(key_serial_t keyid, 543 char __user *buffer, 544 size_t buflen) 545 { 546 struct key *key, *instkey; 547 key_ref_t key_ref; 548 char *tmpbuf; 549 long ret; 550 551 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 552 if (IS_ERR(key_ref)) { 553 /* viewing a key under construction is permitted if we have the 554 * authorisation token handy */ 555 if (PTR_ERR(key_ref) == -EACCES) { 556 instkey = key_get_instantiation_authkey(keyid); 557 if (!IS_ERR(instkey)) { 558 key_put(instkey); 559 key_ref = lookup_user_key(keyid, 560 KEY_LOOKUP_PARTIAL, 561 0); 562 if (!IS_ERR(key_ref)) 563 goto okay; 564 } 565 } 566 567 ret = PTR_ERR(key_ref); 568 goto error; 569 } 570 571 okay: 572 /* calculate how much description we're going to return */ 573 ret = -ENOMEM; 574 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 575 if (!tmpbuf) 576 goto error2; 577 578 key = key_ref_to_ptr(key_ref); 579 580 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 581 "%s;%d;%d;%08x;%s", 582 key->type->name, 583 from_kuid_munged(current_user_ns(), key->uid), 584 from_kgid_munged(current_user_ns(), key->gid), 585 key->perm, 586 key->description ?: ""); 587 588 /* include a NUL char at the end of the data */ 589 if (ret > PAGE_SIZE - 1) 590 ret = PAGE_SIZE - 1; 591 tmpbuf[ret] = 0; 592 ret++; 593 594 /* consider returning the data */ 595 if (buffer && buflen > 0) { 596 if (buflen > ret) 597 buflen = ret; 598 599 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 600 ret = -EFAULT; 601 } 602 603 kfree(tmpbuf); 604 error2: 605 key_ref_put(key_ref); 606 error: 607 return ret; 608 } 609 610 /* 611 * Search the specified keyring and any keyrings it links to for a matching 612 * key. Only keyrings that grant the caller Search permission will be searched 613 * (this includes the starting keyring). Only keys with Search permission can 614 * be found. 615 * 616 * If successful, the found key will be linked to the destination keyring if 617 * supplied and the key has Link permission, and the found key ID will be 618 * returned. 619 */ 620 long keyctl_keyring_search(key_serial_t ringid, 621 const char __user *_type, 622 const char __user *_description, 623 key_serial_t destringid) 624 { 625 struct key_type *ktype; 626 key_ref_t keyring_ref, key_ref, dest_ref; 627 char type[32], *description; 628 long ret; 629 630 /* pull the type and description into kernel space */ 631 ret = key_get_type_from_user(type, _type, sizeof(type)); 632 if (ret < 0) 633 goto error; 634 635 description = strndup_user(_description, PAGE_SIZE); 636 if (IS_ERR(description)) { 637 ret = PTR_ERR(description); 638 goto error; 639 } 640 641 /* get the keyring at which to begin the search */ 642 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 643 if (IS_ERR(keyring_ref)) { 644 ret = PTR_ERR(keyring_ref); 645 goto error2; 646 } 647 648 /* get the destination keyring if specified */ 649 dest_ref = NULL; 650 if (destringid) { 651 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 652 KEY_WRITE); 653 if (IS_ERR(dest_ref)) { 654 ret = PTR_ERR(dest_ref); 655 goto error3; 656 } 657 } 658 659 /* find the key type */ 660 ktype = key_type_lookup(type); 661 if (IS_ERR(ktype)) { 662 ret = PTR_ERR(ktype); 663 goto error4; 664 } 665 666 /* do the search */ 667 key_ref = keyring_search(keyring_ref, ktype, description); 668 if (IS_ERR(key_ref)) { 669 ret = PTR_ERR(key_ref); 670 671 /* treat lack or presence of a negative key the same */ 672 if (ret == -EAGAIN) 673 ret = -ENOKEY; 674 goto error5; 675 } 676 677 /* link the resulting key to the destination keyring if we can */ 678 if (dest_ref) { 679 ret = key_permission(key_ref, KEY_LINK); 680 if (ret < 0) 681 goto error6; 682 683 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 684 if (ret < 0) 685 goto error6; 686 } 687 688 ret = key_ref_to_ptr(key_ref)->serial; 689 690 error6: 691 key_ref_put(key_ref); 692 error5: 693 key_type_put(ktype); 694 error4: 695 key_ref_put(dest_ref); 696 error3: 697 key_ref_put(keyring_ref); 698 error2: 699 kfree(description); 700 error: 701 return ret; 702 } 703 704 /* 705 * Read a key's payload. 706 * 707 * The key must either grant the caller Read permission, or it must grant the 708 * caller Search permission when searched for from the process keyrings. 709 * 710 * If successful, we place up to buflen bytes of data into the buffer, if one 711 * is provided, and return the amount of data that is available in the key, 712 * irrespective of how much we copied into the buffer. 713 */ 714 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 715 { 716 struct key *key; 717 key_ref_t key_ref; 718 long ret; 719 720 /* find the key first */ 721 key_ref = lookup_user_key(keyid, 0, 0); 722 if (IS_ERR(key_ref)) { 723 ret = -ENOKEY; 724 goto error; 725 } 726 727 key = key_ref_to_ptr(key_ref); 728 729 /* see if we can read it directly */ 730 ret = key_permission(key_ref, KEY_READ); 731 if (ret == 0) 732 goto can_read_key; 733 if (ret != -EACCES) 734 goto error; 735 736 /* we can't; see if it's searchable from this process's keyrings 737 * - we automatically take account of the fact that it may be 738 * dangling off an instantiation key 739 */ 740 if (!is_key_possessed(key_ref)) { 741 ret = -EACCES; 742 goto error2; 743 } 744 745 /* the key is probably readable - now try to read it */ 746 can_read_key: 747 ret = key_validate(key); 748 if (ret == 0) { 749 ret = -EOPNOTSUPP; 750 if (key->type->read) { 751 /* read the data with the semaphore held (since we 752 * might sleep) */ 753 down_read(&key->sem); 754 ret = key->type->read(key, buffer, buflen); 755 up_read(&key->sem); 756 } 757 } 758 759 error2: 760 key_put(key); 761 error: 762 return ret; 763 } 764 765 /* 766 * Change the ownership of a key 767 * 768 * The key must grant the caller Setattr permission for this to work, though 769 * the key need not be fully instantiated yet. For the UID to be changed, or 770 * for the GID to be changed to a group the caller is not a member of, the 771 * caller must have sysadmin capability. If either uid or gid is -1 then that 772 * attribute is not changed. 773 * 774 * If the UID is to be changed, the new user must have sufficient quota to 775 * accept the key. The quota deduction will be removed from the old user to 776 * the new user should the attribute be changed. 777 * 778 * If successful, 0 will be returned. 779 */ 780 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 781 { 782 struct key_user *newowner, *zapowner = NULL; 783 struct key *key; 784 key_ref_t key_ref; 785 long ret; 786 kuid_t uid; 787 kgid_t gid; 788 789 uid = make_kuid(current_user_ns(), user); 790 gid = make_kgid(current_user_ns(), group); 791 ret = -EINVAL; 792 if ((user != (uid_t) -1) && !uid_valid(uid)) 793 goto error; 794 if ((group != (gid_t) -1) && !gid_valid(gid)) 795 goto error; 796 797 ret = 0; 798 if (user == (uid_t) -1 && group == (gid_t) -1) 799 goto error; 800 801 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 802 KEY_SETATTR); 803 if (IS_ERR(key_ref)) { 804 ret = PTR_ERR(key_ref); 805 goto error; 806 } 807 808 key = key_ref_to_ptr(key_ref); 809 810 /* make the changes with the locks held to prevent chown/chown races */ 811 ret = -EACCES; 812 down_write(&key->sem); 813 814 if (!capable(CAP_SYS_ADMIN)) { 815 /* only the sysadmin can chown a key to some other UID */ 816 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 817 goto error_put; 818 819 /* only the sysadmin can set the key's GID to a group other 820 * than one of those that the current process subscribes to */ 821 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 822 goto error_put; 823 } 824 825 /* change the UID */ 826 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 827 ret = -ENOMEM; 828 newowner = key_user_lookup(uid); 829 if (!newowner) 830 goto error_put; 831 832 /* transfer the quota burden to the new user */ 833 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 834 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 835 key_quota_root_maxkeys : key_quota_maxkeys; 836 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 837 key_quota_root_maxbytes : key_quota_maxbytes; 838 839 spin_lock(&newowner->lock); 840 if (newowner->qnkeys + 1 >= maxkeys || 841 newowner->qnbytes + key->quotalen >= maxbytes || 842 newowner->qnbytes + key->quotalen < 843 newowner->qnbytes) 844 goto quota_overrun; 845 846 newowner->qnkeys++; 847 newowner->qnbytes += key->quotalen; 848 spin_unlock(&newowner->lock); 849 850 spin_lock(&key->user->lock); 851 key->user->qnkeys--; 852 key->user->qnbytes -= key->quotalen; 853 spin_unlock(&key->user->lock); 854 } 855 856 atomic_dec(&key->user->nkeys); 857 atomic_inc(&newowner->nkeys); 858 859 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 860 atomic_dec(&key->user->nikeys); 861 atomic_inc(&newowner->nikeys); 862 } 863 864 zapowner = key->user; 865 key->user = newowner; 866 key->uid = uid; 867 } 868 869 /* change the GID */ 870 if (group != (gid_t) -1) 871 key->gid = gid; 872 873 ret = 0; 874 875 error_put: 876 up_write(&key->sem); 877 key_put(key); 878 if (zapowner) 879 key_user_put(zapowner); 880 error: 881 return ret; 882 883 quota_overrun: 884 spin_unlock(&newowner->lock); 885 zapowner = newowner; 886 ret = -EDQUOT; 887 goto error_put; 888 } 889 890 /* 891 * Change the permission mask on a key. 892 * 893 * The key must grant the caller Setattr permission for this to work, though 894 * the key need not be fully instantiated yet. If the caller does not have 895 * sysadmin capability, it may only change the permission on keys that it owns. 896 */ 897 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 898 { 899 struct key *key; 900 key_ref_t key_ref; 901 long ret; 902 903 ret = -EINVAL; 904 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 905 goto error; 906 907 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 908 KEY_SETATTR); 909 if (IS_ERR(key_ref)) { 910 ret = PTR_ERR(key_ref); 911 goto error; 912 } 913 914 key = key_ref_to_ptr(key_ref); 915 916 /* make the changes with the locks held to prevent chown/chmod races */ 917 ret = -EACCES; 918 down_write(&key->sem); 919 920 /* if we're not the sysadmin, we can only change a key that we own */ 921 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 922 key->perm = perm; 923 ret = 0; 924 } 925 926 up_write(&key->sem); 927 key_put(key); 928 error: 929 return ret; 930 } 931 932 /* 933 * Get the destination keyring for instantiation and check that the caller has 934 * Write permission on it. 935 */ 936 static long get_instantiation_keyring(key_serial_t ringid, 937 struct request_key_auth *rka, 938 struct key **_dest_keyring) 939 { 940 key_ref_t dkref; 941 942 *_dest_keyring = NULL; 943 944 /* just return a NULL pointer if we weren't asked to make a link */ 945 if (ringid == 0) 946 return 0; 947 948 /* if a specific keyring is nominated by ID, then use that */ 949 if (ringid > 0) { 950 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 951 if (IS_ERR(dkref)) 952 return PTR_ERR(dkref); 953 *_dest_keyring = key_ref_to_ptr(dkref); 954 return 0; 955 } 956 957 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 958 return -EINVAL; 959 960 /* otherwise specify the destination keyring recorded in the 961 * authorisation key (any KEY_SPEC_*_KEYRING) */ 962 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 963 *_dest_keyring = key_get(rka->dest_keyring); 964 return 0; 965 } 966 967 return -ENOKEY; 968 } 969 970 /* 971 * Change the request_key authorisation key on the current process. 972 */ 973 static int keyctl_change_reqkey_auth(struct key *key) 974 { 975 struct cred *new; 976 977 new = prepare_creds(); 978 if (!new) 979 return -ENOMEM; 980 981 key_put(new->request_key_auth); 982 new->request_key_auth = key_get(key); 983 984 return commit_creds(new); 985 } 986 987 /* 988 * Copy the iovec data from userspace 989 */ 990 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 991 unsigned ioc) 992 { 993 for (; ioc > 0; ioc--) { 994 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 995 return -EFAULT; 996 buffer += iov->iov_len; 997 iov++; 998 } 999 return 0; 1000 } 1001 1002 /* 1003 * Instantiate a key with the specified payload and link the key into the 1004 * destination keyring if one is given. 1005 * 1006 * The caller must have the appropriate instantiation permit set for this to 1007 * work (see keyctl_assume_authority). No other permissions are required. 1008 * 1009 * If successful, 0 will be returned. 1010 */ 1011 long keyctl_instantiate_key_common(key_serial_t id, 1012 const struct iovec *payload_iov, 1013 unsigned ioc, 1014 size_t plen, 1015 key_serial_t ringid) 1016 { 1017 const struct cred *cred = current_cred(); 1018 struct request_key_auth *rka; 1019 struct key *instkey, *dest_keyring; 1020 void *payload; 1021 long ret; 1022 bool vm = false; 1023 1024 kenter("%d,,%zu,%d", id, plen, ringid); 1025 1026 ret = -EINVAL; 1027 if (plen > 1024 * 1024 - 1) 1028 goto error; 1029 1030 /* the appropriate instantiation authorisation key must have been 1031 * assumed before calling this */ 1032 ret = -EPERM; 1033 instkey = cred->request_key_auth; 1034 if (!instkey) 1035 goto error; 1036 1037 rka = instkey->payload.data; 1038 if (rka->target_key->serial != id) 1039 goto error; 1040 1041 /* pull the payload in if one was supplied */ 1042 payload = NULL; 1043 1044 if (payload_iov) { 1045 ret = -ENOMEM; 1046 payload = kmalloc(plen, GFP_KERNEL); 1047 if (!payload) { 1048 if (plen <= PAGE_SIZE) 1049 goto error; 1050 vm = true; 1051 payload = vmalloc(plen); 1052 if (!payload) 1053 goto error; 1054 } 1055 1056 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1057 if (ret < 0) 1058 goto error2; 1059 } 1060 1061 /* find the destination keyring amongst those belonging to the 1062 * requesting task */ 1063 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1064 if (ret < 0) 1065 goto error2; 1066 1067 /* instantiate the key and link it into a keyring */ 1068 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1069 dest_keyring, instkey); 1070 1071 key_put(dest_keyring); 1072 1073 /* discard the assumed authority if it's just been disabled by 1074 * instantiation of the key */ 1075 if (ret == 0) 1076 keyctl_change_reqkey_auth(NULL); 1077 1078 error2: 1079 if (!vm) 1080 kfree(payload); 1081 else 1082 vfree(payload); 1083 error: 1084 return ret; 1085 } 1086 1087 /* 1088 * Instantiate a key with the specified payload and link the key into the 1089 * destination keyring if one is given. 1090 * 1091 * The caller must have the appropriate instantiation permit set for this to 1092 * work (see keyctl_assume_authority). No other permissions are required. 1093 * 1094 * If successful, 0 will be returned. 1095 */ 1096 long keyctl_instantiate_key(key_serial_t id, 1097 const void __user *_payload, 1098 size_t plen, 1099 key_serial_t ringid) 1100 { 1101 if (_payload && plen) { 1102 struct iovec iov[1] = { 1103 [0].iov_base = (void __user *)_payload, 1104 [0].iov_len = plen 1105 }; 1106 1107 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1108 } 1109 1110 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1111 } 1112 1113 /* 1114 * Instantiate a key with the specified multipart payload and link the key into 1115 * the destination keyring if one is given. 1116 * 1117 * The caller must have the appropriate instantiation permit set for this to 1118 * work (see keyctl_assume_authority). No other permissions are required. 1119 * 1120 * If successful, 0 will be returned. 1121 */ 1122 long keyctl_instantiate_key_iov(key_serial_t id, 1123 const struct iovec __user *_payload_iov, 1124 unsigned ioc, 1125 key_serial_t ringid) 1126 { 1127 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1128 long ret; 1129 1130 if (!_payload_iov || !ioc) 1131 goto no_payload; 1132 1133 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1134 ARRAY_SIZE(iovstack), iovstack, &iov); 1135 if (ret < 0) 1136 goto err; 1137 if (ret == 0) 1138 goto no_payload_free; 1139 1140 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1141 err: 1142 if (iov != iovstack) 1143 kfree(iov); 1144 return ret; 1145 1146 no_payload_free: 1147 if (iov != iovstack) 1148 kfree(iov); 1149 no_payload: 1150 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1151 } 1152 1153 /* 1154 * Negatively instantiate the key with the given timeout (in seconds) and link 1155 * the key into the destination keyring if one is given. 1156 * 1157 * The caller must have the appropriate instantiation permit set for this to 1158 * work (see keyctl_assume_authority). No other permissions are required. 1159 * 1160 * The key and any links to the key will be automatically garbage collected 1161 * after the timeout expires. 1162 * 1163 * Negative keys are used to rate limit repeated request_key() calls by causing 1164 * them to return -ENOKEY until the negative key expires. 1165 * 1166 * If successful, 0 will be returned. 1167 */ 1168 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1169 { 1170 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1171 } 1172 1173 /* 1174 * Negatively instantiate the key with the given timeout (in seconds) and error 1175 * code and link the key into the destination keyring if one is given. 1176 * 1177 * The caller must have the appropriate instantiation permit set for this to 1178 * work (see keyctl_assume_authority). No other permissions are required. 1179 * 1180 * The key and any links to the key will be automatically garbage collected 1181 * after the timeout expires. 1182 * 1183 * Negative keys are used to rate limit repeated request_key() calls by causing 1184 * them to return the specified error code until the negative key expires. 1185 * 1186 * If successful, 0 will be returned. 1187 */ 1188 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1189 key_serial_t ringid) 1190 { 1191 const struct cred *cred = current_cred(); 1192 struct request_key_auth *rka; 1193 struct key *instkey, *dest_keyring; 1194 long ret; 1195 1196 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1197 1198 /* must be a valid error code and mustn't be a kernel special */ 1199 if (error <= 0 || 1200 error >= MAX_ERRNO || 1201 error == ERESTARTSYS || 1202 error == ERESTARTNOINTR || 1203 error == ERESTARTNOHAND || 1204 error == ERESTART_RESTARTBLOCK) 1205 return -EINVAL; 1206 1207 /* the appropriate instantiation authorisation key must have been 1208 * assumed before calling this */ 1209 ret = -EPERM; 1210 instkey = cred->request_key_auth; 1211 if (!instkey) 1212 goto error; 1213 1214 rka = instkey->payload.data; 1215 if (rka->target_key->serial != id) 1216 goto error; 1217 1218 /* find the destination keyring if present (which must also be 1219 * writable) */ 1220 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1221 if (ret < 0) 1222 goto error; 1223 1224 /* instantiate the key and link it into a keyring */ 1225 ret = key_reject_and_link(rka->target_key, timeout, error, 1226 dest_keyring, instkey); 1227 1228 key_put(dest_keyring); 1229 1230 /* discard the assumed authority if it's just been disabled by 1231 * instantiation of the key */ 1232 if (ret == 0) 1233 keyctl_change_reqkey_auth(NULL); 1234 1235 error: 1236 return ret; 1237 } 1238 1239 /* 1240 * Read or set the default keyring in which request_key() will cache keys and 1241 * return the old setting. 1242 * 1243 * If a process keyring is specified then this will be created if it doesn't 1244 * yet exist. The old setting will be returned if successful. 1245 */ 1246 long keyctl_set_reqkey_keyring(int reqkey_defl) 1247 { 1248 struct cred *new; 1249 int ret, old_setting; 1250 1251 old_setting = current_cred_xxx(jit_keyring); 1252 1253 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1254 return old_setting; 1255 1256 new = prepare_creds(); 1257 if (!new) 1258 return -ENOMEM; 1259 1260 switch (reqkey_defl) { 1261 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1262 ret = install_thread_keyring_to_cred(new); 1263 if (ret < 0) 1264 goto error; 1265 goto set; 1266 1267 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1268 ret = install_process_keyring_to_cred(new); 1269 if (ret < 0) { 1270 if (ret != -EEXIST) 1271 goto error; 1272 ret = 0; 1273 } 1274 goto set; 1275 1276 case KEY_REQKEY_DEFL_DEFAULT: 1277 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1278 case KEY_REQKEY_DEFL_USER_KEYRING: 1279 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1280 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1281 goto set; 1282 1283 case KEY_REQKEY_DEFL_NO_CHANGE: 1284 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1285 default: 1286 ret = -EINVAL; 1287 goto error; 1288 } 1289 1290 set: 1291 new->jit_keyring = reqkey_defl; 1292 commit_creds(new); 1293 return old_setting; 1294 error: 1295 abort_creds(new); 1296 return ret; 1297 } 1298 1299 /* 1300 * Set or clear the timeout on a key. 1301 * 1302 * Either the key must grant the caller Setattr permission or else the caller 1303 * must hold an instantiation authorisation token for the key. 1304 * 1305 * The timeout is either 0 to clear the timeout, or a number of seconds from 1306 * the current time. The key and any links to the key will be automatically 1307 * garbage collected after the timeout expires. 1308 * 1309 * If successful, 0 is returned. 1310 */ 1311 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1312 { 1313 struct key *key, *instkey; 1314 key_ref_t key_ref; 1315 long ret; 1316 1317 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1318 KEY_SETATTR); 1319 if (IS_ERR(key_ref)) { 1320 /* setting the timeout on a key under construction is permitted 1321 * if we have the authorisation token handy */ 1322 if (PTR_ERR(key_ref) == -EACCES) { 1323 instkey = key_get_instantiation_authkey(id); 1324 if (!IS_ERR(instkey)) { 1325 key_put(instkey); 1326 key_ref = lookup_user_key(id, 1327 KEY_LOOKUP_PARTIAL, 1328 0); 1329 if (!IS_ERR(key_ref)) 1330 goto okay; 1331 } 1332 } 1333 1334 ret = PTR_ERR(key_ref); 1335 goto error; 1336 } 1337 1338 okay: 1339 key = key_ref_to_ptr(key_ref); 1340 key_set_timeout(key, timeout); 1341 key_put(key); 1342 1343 ret = 0; 1344 error: 1345 return ret; 1346 } 1347 1348 /* 1349 * Assume (or clear) the authority to instantiate the specified key. 1350 * 1351 * This sets the authoritative token currently in force for key instantiation. 1352 * This must be done for a key to be instantiated. It has the effect of making 1353 * available all the keys from the caller of the request_key() that created a 1354 * key to request_key() calls made by the caller of this function. 1355 * 1356 * The caller must have the instantiation key in their process keyrings with a 1357 * Search permission grant available to the caller. 1358 * 1359 * If the ID given is 0, then the setting will be cleared and 0 returned. 1360 * 1361 * If the ID given has a matching an authorisation key, then that key will be 1362 * set and its ID will be returned. The authorisation key can be read to get 1363 * the callout information passed to request_key(). 1364 */ 1365 long keyctl_assume_authority(key_serial_t id) 1366 { 1367 struct key *authkey; 1368 long ret; 1369 1370 /* special key IDs aren't permitted */ 1371 ret = -EINVAL; 1372 if (id < 0) 1373 goto error; 1374 1375 /* we divest ourselves of authority if given an ID of 0 */ 1376 if (id == 0) { 1377 ret = keyctl_change_reqkey_auth(NULL); 1378 goto error; 1379 } 1380 1381 /* attempt to assume the authority temporarily granted to us whilst we 1382 * instantiate the specified key 1383 * - the authorisation key must be in the current task's keyrings 1384 * somewhere 1385 */ 1386 authkey = key_get_instantiation_authkey(id); 1387 if (IS_ERR(authkey)) { 1388 ret = PTR_ERR(authkey); 1389 goto error; 1390 } 1391 1392 ret = keyctl_change_reqkey_auth(authkey); 1393 if (ret < 0) 1394 goto error; 1395 key_put(authkey); 1396 1397 ret = authkey->serial; 1398 error: 1399 return ret; 1400 } 1401 1402 /* 1403 * Get a key's the LSM security label. 1404 * 1405 * The key must grant the caller View permission for this to work. 1406 * 1407 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1408 * 1409 * If successful, the amount of information available will be returned, 1410 * irrespective of how much was copied (including the terminal NUL). 1411 */ 1412 long keyctl_get_security(key_serial_t keyid, 1413 char __user *buffer, 1414 size_t buflen) 1415 { 1416 struct key *key, *instkey; 1417 key_ref_t key_ref; 1418 char *context; 1419 long ret; 1420 1421 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1422 if (IS_ERR(key_ref)) { 1423 if (PTR_ERR(key_ref) != -EACCES) 1424 return PTR_ERR(key_ref); 1425 1426 /* viewing a key under construction is also permitted if we 1427 * have the authorisation token handy */ 1428 instkey = key_get_instantiation_authkey(keyid); 1429 if (IS_ERR(instkey)) 1430 return PTR_ERR(instkey); 1431 key_put(instkey); 1432 1433 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1434 if (IS_ERR(key_ref)) 1435 return PTR_ERR(key_ref); 1436 } 1437 1438 key = key_ref_to_ptr(key_ref); 1439 ret = security_key_getsecurity(key, &context); 1440 if (ret == 0) { 1441 /* if no information was returned, give userspace an empty 1442 * string */ 1443 ret = 1; 1444 if (buffer && buflen > 0 && 1445 copy_to_user(buffer, "", 1) != 0) 1446 ret = -EFAULT; 1447 } else if (ret > 0) { 1448 /* return as much data as there's room for */ 1449 if (buffer && buflen > 0) { 1450 if (buflen > ret) 1451 buflen = ret; 1452 1453 if (copy_to_user(buffer, context, buflen) != 0) 1454 ret = -EFAULT; 1455 } 1456 1457 kfree(context); 1458 } 1459 1460 key_ref_put(key_ref); 1461 return ret; 1462 } 1463 1464 /* 1465 * Attempt to install the calling process's session keyring on the process's 1466 * parent process. 1467 * 1468 * The keyring must exist and must grant the caller LINK permission, and the 1469 * parent process must be single-threaded and must have the same effective 1470 * ownership as this process and mustn't be SUID/SGID. 1471 * 1472 * The keyring will be emplaced on the parent when it next resumes userspace. 1473 * 1474 * If successful, 0 will be returned. 1475 */ 1476 long keyctl_session_to_parent(void) 1477 { 1478 struct task_struct *me, *parent; 1479 const struct cred *mycred, *pcred; 1480 struct callback_head *newwork, *oldwork; 1481 key_ref_t keyring_r; 1482 struct cred *cred; 1483 int ret; 1484 1485 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1486 if (IS_ERR(keyring_r)) 1487 return PTR_ERR(keyring_r); 1488 1489 ret = -ENOMEM; 1490 1491 /* our parent is going to need a new cred struct, a new tgcred struct 1492 * and new security data, so we allocate them here to prevent ENOMEM in 1493 * our parent */ 1494 cred = cred_alloc_blank(); 1495 if (!cred) 1496 goto error_keyring; 1497 newwork = &cred->rcu; 1498 1499 cred->session_keyring = key_ref_to_ptr(keyring_r); 1500 keyring_r = NULL; 1501 init_task_work(newwork, key_change_session_keyring); 1502 1503 me = current; 1504 rcu_read_lock(); 1505 write_lock_irq(&tasklist_lock); 1506 1507 ret = -EPERM; 1508 oldwork = NULL; 1509 parent = me->real_parent; 1510 1511 /* the parent mustn't be init and mustn't be a kernel thread */ 1512 if (parent->pid <= 1 || !parent->mm) 1513 goto unlock; 1514 1515 /* the parent must be single threaded */ 1516 if (!thread_group_empty(parent)) 1517 goto unlock; 1518 1519 /* the parent and the child must have different session keyrings or 1520 * there's no point */ 1521 mycred = current_cred(); 1522 pcred = __task_cred(parent); 1523 if (mycred == pcred || 1524 mycred->session_keyring == pcred->session_keyring) { 1525 ret = 0; 1526 goto unlock; 1527 } 1528 1529 /* the parent must have the same effective ownership and mustn't be 1530 * SUID/SGID */ 1531 if (!uid_eq(pcred->uid, mycred->euid) || 1532 !uid_eq(pcred->euid, mycred->euid) || 1533 !uid_eq(pcred->suid, mycred->euid) || 1534 !gid_eq(pcred->gid, mycred->egid) || 1535 !gid_eq(pcred->egid, mycred->egid) || 1536 !gid_eq(pcred->sgid, mycred->egid)) 1537 goto unlock; 1538 1539 /* the keyrings must have the same UID */ 1540 if ((pcred->session_keyring && 1541 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1542 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1543 goto unlock; 1544 1545 /* cancel an already pending keyring replacement */ 1546 oldwork = task_work_cancel(parent, key_change_session_keyring); 1547 1548 /* the replacement session keyring is applied just prior to userspace 1549 * restarting */ 1550 ret = task_work_add(parent, newwork, true); 1551 if (!ret) 1552 newwork = NULL; 1553 unlock: 1554 write_unlock_irq(&tasklist_lock); 1555 rcu_read_unlock(); 1556 if (oldwork) 1557 put_cred(container_of(oldwork, struct cred, rcu)); 1558 if (newwork) 1559 put_cred(cred); 1560 return ret; 1561 1562 error_keyring: 1563 key_ref_put(keyring_r); 1564 return ret; 1565 } 1566 1567 /* 1568 * The key control system call 1569 */ 1570 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1571 unsigned long, arg4, unsigned long, arg5) 1572 { 1573 switch (option) { 1574 case KEYCTL_GET_KEYRING_ID: 1575 return keyctl_get_keyring_ID((key_serial_t) arg2, 1576 (int) arg3); 1577 1578 case KEYCTL_JOIN_SESSION_KEYRING: 1579 return keyctl_join_session_keyring((const char __user *) arg2); 1580 1581 case KEYCTL_UPDATE: 1582 return keyctl_update_key((key_serial_t) arg2, 1583 (const void __user *) arg3, 1584 (size_t) arg4); 1585 1586 case KEYCTL_REVOKE: 1587 return keyctl_revoke_key((key_serial_t) arg2); 1588 1589 case KEYCTL_DESCRIBE: 1590 return keyctl_describe_key((key_serial_t) arg2, 1591 (char __user *) arg3, 1592 (unsigned) arg4); 1593 1594 case KEYCTL_CLEAR: 1595 return keyctl_keyring_clear((key_serial_t) arg2); 1596 1597 case KEYCTL_LINK: 1598 return keyctl_keyring_link((key_serial_t) arg2, 1599 (key_serial_t) arg3); 1600 1601 case KEYCTL_UNLINK: 1602 return keyctl_keyring_unlink((key_serial_t) arg2, 1603 (key_serial_t) arg3); 1604 1605 case KEYCTL_SEARCH: 1606 return keyctl_keyring_search((key_serial_t) arg2, 1607 (const char __user *) arg3, 1608 (const char __user *) arg4, 1609 (key_serial_t) arg5); 1610 1611 case KEYCTL_READ: 1612 return keyctl_read_key((key_serial_t) arg2, 1613 (char __user *) arg3, 1614 (size_t) arg4); 1615 1616 case KEYCTL_CHOWN: 1617 return keyctl_chown_key((key_serial_t) arg2, 1618 (uid_t) arg3, 1619 (gid_t) arg4); 1620 1621 case KEYCTL_SETPERM: 1622 return keyctl_setperm_key((key_serial_t) arg2, 1623 (key_perm_t) arg3); 1624 1625 case KEYCTL_INSTANTIATE: 1626 return keyctl_instantiate_key((key_serial_t) arg2, 1627 (const void __user *) arg3, 1628 (size_t) arg4, 1629 (key_serial_t) arg5); 1630 1631 case KEYCTL_NEGATE: 1632 return keyctl_negate_key((key_serial_t) arg2, 1633 (unsigned) arg3, 1634 (key_serial_t) arg4); 1635 1636 case KEYCTL_SET_REQKEY_KEYRING: 1637 return keyctl_set_reqkey_keyring(arg2); 1638 1639 case KEYCTL_SET_TIMEOUT: 1640 return keyctl_set_timeout((key_serial_t) arg2, 1641 (unsigned) arg3); 1642 1643 case KEYCTL_ASSUME_AUTHORITY: 1644 return keyctl_assume_authority((key_serial_t) arg2); 1645 1646 case KEYCTL_GET_SECURITY: 1647 return keyctl_get_security((key_serial_t) arg2, 1648 (char __user *) arg3, 1649 (size_t) arg4); 1650 1651 case KEYCTL_SESSION_TO_PARENT: 1652 return keyctl_session_to_parent(); 1653 1654 case KEYCTL_REJECT: 1655 return keyctl_reject_key((key_serial_t) arg2, 1656 (unsigned) arg3, 1657 (unsigned) arg4, 1658 (key_serial_t) arg5); 1659 1660 case KEYCTL_INSTANTIATE_IOV: 1661 return keyctl_instantiate_key_iov( 1662 (key_serial_t) arg2, 1663 (const struct iovec __user *) arg3, 1664 (unsigned) arg4, 1665 (key_serial_t) arg5); 1666 1667 case KEYCTL_INVALIDATE: 1668 return keyctl_invalidate_key((key_serial_t) arg2); 1669 1670 case KEYCTL_GET_PERSISTENT: 1671 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3); 1672 1673 default: 1674 return -EOPNOTSUPP; 1675 } 1676 } 1677