1 /* keyctl.c: userspace keyctl operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/keyctl.h> 18 #include <linux/fs.h> 19 #include <linux/err.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /*****************************************************************************/ 24 /* 25 * extract the description of a new key from userspace and either add it as a 26 * new key to the specified keyring or update a matching key in that keyring 27 * - the keyring must be writable 28 * - returns the new key's serial number 29 * - implements add_key() 30 */ 31 asmlinkage long sys_add_key(const char __user *_type, 32 const char __user *_description, 33 const void __user *_payload, 34 size_t plen, 35 key_serial_t ringid) 36 { 37 struct key *keyring, *key; 38 char type[32], *description; 39 void *payload; 40 long dlen, ret; 41 42 ret = -EINVAL; 43 if (plen > 32767) 44 goto error; 45 46 /* draw all the data into kernel space */ 47 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 48 if (ret < 0) 49 goto error; 50 type[31] = '\0'; 51 52 if (!type[0]) 53 goto error; 54 55 ret = -EPERM; 56 if (type[0] == '.') 57 goto error; 58 59 ret = -EFAULT; 60 dlen = strnlen_user(_description, PAGE_SIZE - 1); 61 if (dlen <= 0) 62 goto error; 63 64 ret = -EINVAL; 65 if (dlen > PAGE_SIZE - 1) 66 goto error; 67 68 ret = -ENOMEM; 69 description = kmalloc(dlen + 1, GFP_KERNEL); 70 if (!description) 71 goto error; 72 73 ret = -EFAULT; 74 if (copy_from_user(description, _description, dlen + 1) != 0) 75 goto error2; 76 77 /* pull the payload in if one was supplied */ 78 payload = NULL; 79 80 if (_payload) { 81 ret = -ENOMEM; 82 payload = kmalloc(plen, GFP_KERNEL); 83 if (!payload) 84 goto error2; 85 86 ret = -EFAULT; 87 if (copy_from_user(payload, _payload, plen) != 0) 88 goto error3; 89 } 90 91 /* find the target keyring (which must be writable) */ 92 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 93 if (IS_ERR(keyring)) { 94 ret = PTR_ERR(keyring); 95 goto error3; 96 } 97 98 /* create or update the requested key and add it to the target 99 * keyring */ 100 key = key_create_or_update(keyring, type, description, 101 payload, plen, 0); 102 if (!IS_ERR(key)) { 103 ret = key->serial; 104 key_put(key); 105 } 106 else { 107 ret = PTR_ERR(key); 108 } 109 110 key_put(keyring); 111 error3: 112 kfree(payload); 113 error2: 114 kfree(description); 115 error: 116 return ret; 117 118 } /* end sys_add_key() */ 119 120 /*****************************************************************************/ 121 /* 122 * search the process keyrings for a matching key 123 * - nested keyrings may also be searched if they have Search permission 124 * - if a key is found, it will be attached to the destination keyring if 125 * there's one specified 126 * - /sbin/request-key will be invoked if _callout_info is non-NULL 127 * - the _callout_info string will be passed to /sbin/request-key 128 * - if the _callout_info string is empty, it will be rendered as "-" 129 * - implements request_key() 130 */ 131 asmlinkage long sys_request_key(const char __user *_type, 132 const char __user *_description, 133 const char __user *_callout_info, 134 key_serial_t destringid) 135 { 136 struct key_type *ktype; 137 struct key *key, *dest; 138 char type[32], *description, *callout_info; 139 long dlen, ret; 140 141 /* pull the type into kernel space */ 142 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 143 if (ret < 0) 144 goto error; 145 type[31] = '\0'; 146 147 /* pull the description into kernel space */ 148 ret = -EFAULT; 149 dlen = strnlen_user(_description, PAGE_SIZE - 1); 150 if (dlen <= 0) 151 goto error; 152 153 ret = -EINVAL; 154 if (dlen > PAGE_SIZE - 1) 155 goto error; 156 157 ret = -ENOMEM; 158 description = kmalloc(dlen + 1, GFP_KERNEL); 159 if (!description) 160 goto error; 161 162 ret = -EFAULT; 163 if (copy_from_user(description, _description, dlen + 1) != 0) 164 goto error2; 165 166 /* pull the callout info into kernel space */ 167 callout_info = NULL; 168 if (_callout_info) { 169 ret = -EFAULT; 170 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1); 171 if (dlen <= 0) 172 goto error2; 173 174 ret = -EINVAL; 175 if (dlen > PAGE_SIZE - 1) 176 goto error2; 177 178 ret = -ENOMEM; 179 callout_info = kmalloc(dlen + 1, GFP_KERNEL); 180 if (!callout_info) 181 goto error2; 182 183 ret = -EFAULT; 184 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0) 185 goto error3; 186 } 187 188 /* get the destination keyring if specified */ 189 dest = NULL; 190 if (destringid) { 191 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 192 if (IS_ERR(dest)) { 193 ret = PTR_ERR(dest); 194 goto error3; 195 } 196 } 197 198 /* find the key type */ 199 ktype = key_type_lookup(type); 200 if (IS_ERR(ktype)) { 201 ret = PTR_ERR(ktype); 202 goto error4; 203 } 204 205 /* do the search */ 206 key = request_key_and_link(ktype, description, callout_info, dest); 207 if (IS_ERR(key)) { 208 ret = PTR_ERR(key); 209 goto error5; 210 } 211 212 ret = key->serial; 213 214 key_put(key); 215 error5: 216 key_type_put(ktype); 217 error4: 218 key_put(dest); 219 error3: 220 kfree(callout_info); 221 error2: 222 kfree(description); 223 error: 224 return ret; 225 226 } /* end sys_request_key() */ 227 228 /*****************************************************************************/ 229 /* 230 * get the ID of the specified process keyring 231 * - the keyring must have search permission to be found 232 * - implements keyctl(KEYCTL_GET_KEYRING_ID) 233 */ 234 long keyctl_get_keyring_ID(key_serial_t id, int create) 235 { 236 struct key *key; 237 long ret; 238 239 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH); 240 if (IS_ERR(key)) { 241 ret = PTR_ERR(key); 242 goto error; 243 } 244 245 ret = key->serial; 246 key_put(key); 247 error: 248 return ret; 249 250 } /* end keyctl_get_keyring_ID() */ 251 252 /*****************************************************************************/ 253 /* 254 * join the session keyring 255 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING) 256 */ 257 long keyctl_join_session_keyring(const char __user *_name) 258 { 259 char *name; 260 long nlen, ret; 261 262 /* fetch the name from userspace */ 263 name = NULL; 264 if (_name) { 265 ret = -EFAULT; 266 nlen = strnlen_user(_name, PAGE_SIZE - 1); 267 if (nlen <= 0) 268 goto error; 269 270 ret = -EINVAL; 271 if (nlen > PAGE_SIZE - 1) 272 goto error; 273 274 ret = -ENOMEM; 275 name = kmalloc(nlen + 1, GFP_KERNEL); 276 if (!name) 277 goto error; 278 279 ret = -EFAULT; 280 if (copy_from_user(name, _name, nlen + 1) != 0) 281 goto error2; 282 } 283 284 /* join the session */ 285 ret = join_session_keyring(name); 286 287 error2: 288 kfree(name); 289 error: 290 return ret; 291 292 } /* end keyctl_join_session_keyring() */ 293 294 /*****************************************************************************/ 295 /* 296 * update a key's data payload 297 * - the key must be writable 298 * - implements keyctl(KEYCTL_UPDATE) 299 */ 300 long keyctl_update_key(key_serial_t id, 301 const void __user *_payload, 302 size_t plen) 303 { 304 struct key *key; 305 void *payload; 306 long ret; 307 308 ret = -EINVAL; 309 if (plen > PAGE_SIZE) 310 goto error; 311 312 /* pull the payload in if one was supplied */ 313 payload = NULL; 314 if (_payload) { 315 ret = -ENOMEM; 316 payload = kmalloc(plen, GFP_KERNEL); 317 if (!payload) 318 goto error; 319 320 ret = -EFAULT; 321 if (copy_from_user(payload, _payload, plen) != 0) 322 goto error2; 323 } 324 325 /* find the target key (which must be writable) */ 326 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 327 if (IS_ERR(key)) { 328 ret = PTR_ERR(key); 329 goto error2; 330 } 331 332 /* update the key */ 333 ret = key_update(key, payload, plen); 334 335 key_put(key); 336 error2: 337 kfree(payload); 338 error: 339 return ret; 340 341 } /* end keyctl_update_key() */ 342 343 /*****************************************************************************/ 344 /* 345 * revoke a key 346 * - the key must be writable 347 * - implements keyctl(KEYCTL_REVOKE) 348 */ 349 long keyctl_revoke_key(key_serial_t id) 350 { 351 struct key *key; 352 long ret; 353 354 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE); 355 if (IS_ERR(key)) { 356 ret = PTR_ERR(key); 357 goto error; 358 } 359 360 key_revoke(key); 361 ret = 0; 362 363 key_put(key); 364 error: 365 return 0; 366 367 } /* end keyctl_revoke_key() */ 368 369 /*****************************************************************************/ 370 /* 371 * clear the specified process keyring 372 * - the keyring must be writable 373 * - implements keyctl(KEYCTL_CLEAR) 374 */ 375 long keyctl_keyring_clear(key_serial_t ringid) 376 { 377 struct key *keyring; 378 long ret; 379 380 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 381 if (IS_ERR(keyring)) { 382 ret = PTR_ERR(keyring); 383 goto error; 384 } 385 386 ret = keyring_clear(keyring); 387 388 key_put(keyring); 389 error: 390 return ret; 391 392 } /* end keyctl_keyring_clear() */ 393 394 /*****************************************************************************/ 395 /* 396 * link a key into a keyring 397 * - the keyring must be writable 398 * - the key must be linkable 399 * - implements keyctl(KEYCTL_LINK) 400 */ 401 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 402 { 403 struct key *keyring, *key; 404 long ret; 405 406 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 407 if (IS_ERR(keyring)) { 408 ret = PTR_ERR(keyring); 409 goto error; 410 } 411 412 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK); 413 if (IS_ERR(key)) { 414 ret = PTR_ERR(key); 415 goto error2; 416 } 417 418 ret = key_link(keyring, key); 419 420 key_put(key); 421 error2: 422 key_put(keyring); 423 error: 424 return ret; 425 426 } /* end keyctl_keyring_link() */ 427 428 /*****************************************************************************/ 429 /* 430 * unlink the first attachment of a key from a keyring 431 * - the keyring must be writable 432 * - we don't need any permissions on the key 433 * - implements keyctl(KEYCTL_UNLINK) 434 */ 435 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 436 { 437 struct key *keyring, *key; 438 long ret; 439 440 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE); 441 if (IS_ERR(keyring)) { 442 ret = PTR_ERR(keyring); 443 goto error; 444 } 445 446 key = lookup_user_key(NULL, id, 0, 0, 0); 447 if (IS_ERR(key)) { 448 ret = PTR_ERR(key); 449 goto error2; 450 } 451 452 ret = key_unlink(keyring, key); 453 454 key_put(key); 455 error2: 456 key_put(keyring); 457 error: 458 return ret; 459 460 } /* end keyctl_keyring_unlink() */ 461 462 /*****************************************************************************/ 463 /* 464 * describe a user key 465 * - the key must have view permission 466 * - if there's a buffer, we place up to buflen bytes of data into it 467 * - unless there's an error, we return the amount of description available, 468 * irrespective of how much we may have copied 469 * - the description is formatted thus: 470 * type;uid;gid;perm;description<NUL> 471 * - implements keyctl(KEYCTL_DESCRIBE) 472 */ 473 long keyctl_describe_key(key_serial_t keyid, 474 char __user *buffer, 475 size_t buflen) 476 { 477 struct key *key, *instkey; 478 char *tmpbuf; 479 long ret; 480 481 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW); 482 if (IS_ERR(key)) { 483 /* viewing a key under construction is permitted if we have the 484 * authorisation token handy */ 485 if (PTR_ERR(key) == -EACCES) { 486 instkey = key_get_instantiation_authkey(keyid); 487 if (!IS_ERR(instkey)) { 488 key_put(instkey); 489 key = lookup_user_key(NULL, keyid, 0, 1, 0); 490 if (!IS_ERR(key)) 491 goto okay; 492 } 493 } 494 495 ret = PTR_ERR(key); 496 goto error; 497 } 498 499 okay: 500 /* calculate how much description we're going to return */ 501 ret = -ENOMEM; 502 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 503 if (!tmpbuf) 504 goto error2; 505 506 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 507 "%s;%d;%d;%06x;%s", 508 key->type->name, 509 key->uid, 510 key->gid, 511 key->perm, 512 key->description ? key->description :"" 513 ); 514 515 /* include a NUL char at the end of the data */ 516 if (ret > PAGE_SIZE - 1) 517 ret = PAGE_SIZE - 1; 518 tmpbuf[ret] = 0; 519 ret++; 520 521 /* consider returning the data */ 522 if (buffer && buflen > 0) { 523 if (buflen > ret) 524 buflen = ret; 525 526 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 527 ret = -EFAULT; 528 } 529 530 kfree(tmpbuf); 531 error2: 532 key_put(key); 533 error: 534 return ret; 535 536 } /* end keyctl_describe_key() */ 537 538 /*****************************************************************************/ 539 /* 540 * search the specified keyring for a matching key 541 * - the start keyring must be searchable 542 * - nested keyrings may also be searched if they are searchable 543 * - only keys with search permission may be found 544 * - if a key is found, it will be attached to the destination keyring if 545 * there's one specified 546 * - implements keyctl(KEYCTL_SEARCH) 547 */ 548 long keyctl_keyring_search(key_serial_t ringid, 549 const char __user *_type, 550 const char __user *_description, 551 key_serial_t destringid) 552 { 553 struct key_type *ktype; 554 struct key *keyring, *key, *dest; 555 char type[32], *description; 556 long dlen, ret; 557 558 /* pull the type and description into kernel space */ 559 ret = strncpy_from_user(type, _type, sizeof(type) - 1); 560 if (ret < 0) 561 goto error; 562 type[31] = '\0'; 563 564 ret = -EFAULT; 565 dlen = strnlen_user(_description, PAGE_SIZE - 1); 566 if (dlen <= 0) 567 goto error; 568 569 ret = -EINVAL; 570 if (dlen > PAGE_SIZE - 1) 571 goto error; 572 573 ret = -ENOMEM; 574 description = kmalloc(dlen + 1, GFP_KERNEL); 575 if (!description) 576 goto error; 577 578 ret = -EFAULT; 579 if (copy_from_user(description, _description, dlen + 1) != 0) 580 goto error2; 581 582 /* get the keyring at which to begin the search */ 583 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH); 584 if (IS_ERR(keyring)) { 585 ret = PTR_ERR(keyring); 586 goto error2; 587 } 588 589 /* get the destination keyring if specified */ 590 dest = NULL; 591 if (destringid) { 592 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE); 593 if (IS_ERR(dest)) { 594 ret = PTR_ERR(dest); 595 goto error3; 596 } 597 } 598 599 /* find the key type */ 600 ktype = key_type_lookup(type); 601 if (IS_ERR(ktype)) { 602 ret = PTR_ERR(ktype); 603 goto error4; 604 } 605 606 /* do the search */ 607 key = keyring_search(keyring, ktype, description); 608 if (IS_ERR(key)) { 609 ret = PTR_ERR(key); 610 611 /* treat lack or presence of a negative key the same */ 612 if (ret == -EAGAIN) 613 ret = -ENOKEY; 614 goto error5; 615 } 616 617 /* link the resulting key to the destination keyring if we can */ 618 if (dest) { 619 ret = -EACCES; 620 if (!key_permission(key, KEY_LINK)) 621 goto error6; 622 623 ret = key_link(dest, key); 624 if (ret < 0) 625 goto error6; 626 } 627 628 ret = key->serial; 629 630 error6: 631 key_put(key); 632 error5: 633 key_type_put(ktype); 634 error4: 635 key_put(dest); 636 error3: 637 key_put(keyring); 638 error2: 639 kfree(description); 640 error: 641 return ret; 642 643 } /* end keyctl_keyring_search() */ 644 645 /*****************************************************************************/ 646 /* 647 * see if the key we're looking at is the target key 648 */ 649 static int keyctl_read_key_same(const struct key *key, const void *target) 650 { 651 return key == target; 652 653 } /* end keyctl_read_key_same() */ 654 655 /*****************************************************************************/ 656 /* 657 * read a user key's payload 658 * - the keyring must be readable or the key must be searchable from the 659 * process's keyrings 660 * - if there's a buffer, we place up to buflen bytes of data into it 661 * - unless there's an error, we return the amount of data in the key, 662 * irrespective of how much we may have copied 663 * - implements keyctl(KEYCTL_READ) 664 */ 665 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 666 { 667 struct key *key, *skey; 668 long ret; 669 670 /* find the key first */ 671 key = lookup_user_key(NULL, keyid, 0, 0, 0); 672 if (!IS_ERR(key)) { 673 /* see if we can read it directly */ 674 if (key_permission(key, KEY_READ)) 675 goto can_read_key; 676 677 /* we can't; see if it's searchable from this process's 678 * keyrings 679 * - we automatically take account of the fact that it may be 680 * dangling off an instantiation key 681 */ 682 skey = search_process_keyrings(key->type, key, 683 keyctl_read_key_same, current); 684 if (!IS_ERR(skey)) 685 goto can_read_key2; 686 687 ret = PTR_ERR(skey); 688 goto error2; 689 } 690 691 ret = -ENOKEY; 692 goto error; 693 694 /* the key is probably readable - now try to read it */ 695 can_read_key2: 696 key_put(skey); 697 can_read_key: 698 ret = key_validate(key); 699 if (ret == 0) { 700 ret = -EOPNOTSUPP; 701 if (key->type->read) { 702 /* read the data with the semaphore held (since we 703 * might sleep) */ 704 down_read(&key->sem); 705 ret = key->type->read(key, buffer, buflen); 706 up_read(&key->sem); 707 } 708 } 709 710 error2: 711 key_put(key); 712 error: 713 return ret; 714 715 } /* end keyctl_read_key() */ 716 717 /*****************************************************************************/ 718 /* 719 * change the ownership of a key 720 * - the keyring owned by the changer 721 * - if the uid or gid is -1, then that parameter is not changed 722 * - implements keyctl(KEYCTL_CHOWN) 723 */ 724 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 725 { 726 struct key *key; 727 long ret; 728 729 ret = 0; 730 if (uid == (uid_t) -1 && gid == (gid_t) -1) 731 goto error; 732 733 key = lookup_user_key(NULL, id, 1, 1, 0); 734 if (IS_ERR(key)) { 735 ret = PTR_ERR(key); 736 goto error; 737 } 738 739 /* make the changes with the locks held to prevent chown/chown races */ 740 ret = -EACCES; 741 down_write(&key->sem); 742 743 if (!capable(CAP_SYS_ADMIN)) { 744 /* only the sysadmin can chown a key to some other UID */ 745 if (uid != (uid_t) -1 && key->uid != uid) 746 goto no_access; 747 748 /* only the sysadmin can set the key's GID to a group other 749 * than one of those that the current process subscribes to */ 750 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 751 goto no_access; 752 } 753 754 /* change the UID (have to update the quotas) */ 755 if (uid != (uid_t) -1 && uid != key->uid) { 756 /* don't support UID changing yet */ 757 ret = -EOPNOTSUPP; 758 goto no_access; 759 } 760 761 /* change the GID */ 762 if (gid != (gid_t) -1) 763 key->gid = gid; 764 765 ret = 0; 766 767 no_access: 768 up_write(&key->sem); 769 key_put(key); 770 error: 771 return ret; 772 773 } /* end keyctl_chown_key() */ 774 775 /*****************************************************************************/ 776 /* 777 * change the permission mask on a key 778 * - the keyring owned by the changer 779 * - implements keyctl(KEYCTL_SETPERM) 780 */ 781 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 782 { 783 struct key *key; 784 long ret; 785 786 ret = -EINVAL; 787 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 788 goto error; 789 790 key = lookup_user_key(NULL, id, 1, 1, 0); 791 if (IS_ERR(key)) { 792 ret = PTR_ERR(key); 793 goto error; 794 } 795 796 /* make the changes with the locks held to prevent chown/chmod races */ 797 ret = -EACCES; 798 down_write(&key->sem); 799 800 /* if we're not the sysadmin, we can only change a key that we own */ 801 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { 802 key->perm = perm; 803 ret = 0; 804 } 805 806 up_write(&key->sem); 807 key_put(key); 808 error: 809 return ret; 810 811 } /* end keyctl_setperm_key() */ 812 813 /*****************************************************************************/ 814 /* 815 * instantiate the key with the specified payload, and, if one is given, link 816 * the key into the keyring 817 */ 818 long keyctl_instantiate_key(key_serial_t id, 819 const void __user *_payload, 820 size_t plen, 821 key_serial_t ringid) 822 { 823 struct request_key_auth *rka; 824 struct key *instkey, *keyring; 825 void *payload; 826 long ret; 827 828 ret = -EINVAL; 829 if (plen > 32767) 830 goto error; 831 832 /* pull the payload in if one was supplied */ 833 payload = NULL; 834 835 if (_payload) { 836 ret = -ENOMEM; 837 payload = kmalloc(plen, GFP_KERNEL); 838 if (!payload) 839 goto error; 840 841 ret = -EFAULT; 842 if (copy_from_user(payload, _payload, plen) != 0) 843 goto error2; 844 } 845 846 /* find the instantiation authorisation key */ 847 instkey = key_get_instantiation_authkey(id); 848 if (IS_ERR(instkey)) { 849 ret = PTR_ERR(instkey); 850 goto error2; 851 } 852 853 rka = instkey->payload.data; 854 855 /* find the destination keyring amongst those belonging to the 856 * requesting task */ 857 keyring = NULL; 858 if (ringid) { 859 keyring = lookup_user_key(rka->context, ringid, 1, 0, 860 KEY_WRITE); 861 if (IS_ERR(keyring)) { 862 ret = PTR_ERR(keyring); 863 goto error3; 864 } 865 } 866 867 /* instantiate the key and link it into a keyring */ 868 ret = key_instantiate_and_link(rka->target_key, payload, plen, 869 keyring, instkey); 870 871 key_put(keyring); 872 error3: 873 key_put(instkey); 874 error2: 875 kfree(payload); 876 error: 877 return ret; 878 879 } /* end keyctl_instantiate_key() */ 880 881 /*****************************************************************************/ 882 /* 883 * negatively instantiate the key with the given timeout (in seconds), and, if 884 * one is given, link the key into the keyring 885 */ 886 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 887 { 888 struct request_key_auth *rka; 889 struct key *instkey, *keyring; 890 long ret; 891 892 /* find the instantiation authorisation key */ 893 instkey = key_get_instantiation_authkey(id); 894 if (IS_ERR(instkey)) { 895 ret = PTR_ERR(instkey); 896 goto error; 897 } 898 899 rka = instkey->payload.data; 900 901 /* find the destination keyring if present (which must also be 902 * writable) */ 903 keyring = NULL; 904 if (ringid) { 905 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE); 906 if (IS_ERR(keyring)) { 907 ret = PTR_ERR(keyring); 908 goto error2; 909 } 910 } 911 912 /* instantiate the key and link it into a keyring */ 913 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey); 914 915 key_put(keyring); 916 error2: 917 key_put(instkey); 918 error: 919 return ret; 920 921 } /* end keyctl_negate_key() */ 922 923 /*****************************************************************************/ 924 /* 925 * set the default keyring in which request_key() will cache keys 926 * - return the old setting 927 */ 928 long keyctl_set_reqkey_keyring(int reqkey_defl) 929 { 930 int ret; 931 932 switch (reqkey_defl) { 933 case KEY_REQKEY_DEFL_THREAD_KEYRING: 934 ret = install_thread_keyring(current); 935 if (ret < 0) 936 return ret; 937 goto set; 938 939 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 940 ret = install_process_keyring(current); 941 if (ret < 0) 942 return ret; 943 944 case KEY_REQKEY_DEFL_DEFAULT: 945 case KEY_REQKEY_DEFL_SESSION_KEYRING: 946 case KEY_REQKEY_DEFL_USER_KEYRING: 947 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 948 set: 949 current->jit_keyring = reqkey_defl; 950 951 case KEY_REQKEY_DEFL_NO_CHANGE: 952 return current->jit_keyring; 953 954 case KEY_REQKEY_DEFL_GROUP_KEYRING: 955 default: 956 return -EINVAL; 957 } 958 959 } /* end keyctl_set_reqkey_keyring() */ 960 961 /*****************************************************************************/ 962 /* 963 * the key control system call 964 */ 965 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3, 966 unsigned long arg4, unsigned long arg5) 967 { 968 switch (option) { 969 case KEYCTL_GET_KEYRING_ID: 970 return keyctl_get_keyring_ID((key_serial_t) arg2, 971 (int) arg3); 972 973 case KEYCTL_JOIN_SESSION_KEYRING: 974 return keyctl_join_session_keyring((const char __user *) arg2); 975 976 case KEYCTL_UPDATE: 977 return keyctl_update_key((key_serial_t) arg2, 978 (const void __user *) arg3, 979 (size_t) arg4); 980 981 case KEYCTL_REVOKE: 982 return keyctl_revoke_key((key_serial_t) arg2); 983 984 case KEYCTL_DESCRIBE: 985 return keyctl_describe_key((key_serial_t) arg2, 986 (char __user *) arg3, 987 (unsigned) arg4); 988 989 case KEYCTL_CLEAR: 990 return keyctl_keyring_clear((key_serial_t) arg2); 991 992 case KEYCTL_LINK: 993 return keyctl_keyring_link((key_serial_t) arg2, 994 (key_serial_t) arg3); 995 996 case KEYCTL_UNLINK: 997 return keyctl_keyring_unlink((key_serial_t) arg2, 998 (key_serial_t) arg3); 999 1000 case KEYCTL_SEARCH: 1001 return keyctl_keyring_search((key_serial_t) arg2, 1002 (const char __user *) arg3, 1003 (const char __user *) arg4, 1004 (key_serial_t) arg5); 1005 1006 case KEYCTL_READ: 1007 return keyctl_read_key((key_serial_t) arg2, 1008 (char __user *) arg3, 1009 (size_t) arg4); 1010 1011 case KEYCTL_CHOWN: 1012 return keyctl_chown_key((key_serial_t) arg2, 1013 (uid_t) arg3, 1014 (gid_t) arg4); 1015 1016 case KEYCTL_SETPERM: 1017 return keyctl_setperm_key((key_serial_t) arg2, 1018 (key_perm_t) arg3); 1019 1020 case KEYCTL_INSTANTIATE: 1021 return keyctl_instantiate_key((key_serial_t) arg2, 1022 (const void __user *) arg3, 1023 (size_t) arg4, 1024 (key_serial_t) arg5); 1025 1026 case KEYCTL_NEGATE: 1027 return keyctl_negate_key((key_serial_t) arg2, 1028 (unsigned) arg3, 1029 (key_serial_t) arg4); 1030 1031 case KEYCTL_SET_REQKEY_KEYRING: 1032 return keyctl_set_reqkey_keyring(arg2); 1033 1034 default: 1035 return -EOPNOTSUPP; 1036 } 1037 1038 } /* end sys_keyctl() */ 1039