1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/keyctl.h> 18 #include <linux/fs.h> 19 #include <linux/capability.h> 20 #include <linux/string.h> 21 #include <linux/err.h> 22 #include <linux/vmalloc.h> 23 #include <linux/security.h> 24 #include <asm/uaccess.h> 25 #include "internal.h" 26 27 static int key_get_type_from_user(char *type, 28 const char __user *_type, 29 unsigned len) 30 { 31 int ret; 32 33 ret = strncpy_from_user(type, _type, len); 34 if (ret < 0) 35 return ret; 36 if (ret == 0 || ret >= len) 37 return -EINVAL; 38 if (type[0] == '.') 39 return -EPERM; 40 type[len - 1] = '\0'; 41 return 0; 42 } 43 44 /* 45 * Extract the description of a new key from userspace and either add it as a 46 * new key to the specified keyring or update a matching key in that keyring. 47 * 48 * The keyring must be writable so that we can attach the key to it. 49 * 50 * If successful, the new key's serial number is returned, otherwise an error 51 * code is returned. 52 */ 53 SYSCALL_DEFINE5(add_key, const char __user *, _type, 54 const char __user *, _description, 55 const void __user *, _payload, 56 size_t, plen, 57 key_serial_t, ringid) 58 { 59 key_ref_t keyring_ref, key_ref; 60 char type[32], *description; 61 void *payload; 62 long ret; 63 bool vm; 64 65 ret = -EINVAL; 66 if (plen > 1024 * 1024 - 1) 67 goto error; 68 69 /* draw all the data into kernel space */ 70 ret = key_get_type_from_user(type, _type, sizeof(type)); 71 if (ret < 0) 72 goto error; 73 74 description = strndup_user(_description, PAGE_SIZE); 75 if (IS_ERR(description)) { 76 ret = PTR_ERR(description); 77 goto error; 78 } 79 80 /* pull the payload in if one was supplied */ 81 payload = NULL; 82 83 vm = false; 84 if (_payload) { 85 ret = -ENOMEM; 86 payload = kmalloc(plen, GFP_KERNEL); 87 if (!payload) { 88 if (plen <= PAGE_SIZE) 89 goto error2; 90 vm = true; 91 payload = vmalloc(plen); 92 if (!payload) 93 goto error2; 94 } 95 96 ret = -EFAULT; 97 if (copy_from_user(payload, _payload, plen) != 0) 98 goto error3; 99 } 100 101 /* find the target keyring (which must be writable) */ 102 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 103 if (IS_ERR(keyring_ref)) { 104 ret = PTR_ERR(keyring_ref); 105 goto error3; 106 } 107 108 /* create or update the requested key and add it to the target 109 * keyring */ 110 key_ref = key_create_or_update(keyring_ref, type, description, 111 payload, plen, KEY_PERM_UNDEF, 112 KEY_ALLOC_IN_QUOTA); 113 if (!IS_ERR(key_ref)) { 114 ret = key_ref_to_ptr(key_ref)->serial; 115 key_ref_put(key_ref); 116 } 117 else { 118 ret = PTR_ERR(key_ref); 119 } 120 121 key_ref_put(keyring_ref); 122 error3: 123 if (!vm) 124 kfree(payload); 125 else 126 vfree(payload); 127 error2: 128 kfree(description); 129 error: 130 return ret; 131 } 132 133 /* 134 * Search the process keyrings and keyring trees linked from those for a 135 * matching key. Keyrings must have appropriate Search permission to be 136 * searched. 137 * 138 * If a key is found, it will be attached to the destination keyring if there's 139 * one specified and the serial number of the key will be returned. 140 * 141 * If no key is found, /sbin/request-key will be invoked if _callout_info is 142 * non-NULL in an attempt to create a key. The _callout_info string will be 143 * passed to /sbin/request-key to aid with completing the request. If the 144 * _callout_info string is "" then it will be changed to "-". 145 */ 146 SYSCALL_DEFINE4(request_key, const char __user *, _type, 147 const char __user *, _description, 148 const char __user *, _callout_info, 149 key_serial_t, destringid) 150 { 151 struct key_type *ktype; 152 struct key *key; 153 key_ref_t dest_ref; 154 size_t callout_len; 155 char type[32], *description, *callout_info; 156 long ret; 157 158 /* pull the type into kernel space */ 159 ret = key_get_type_from_user(type, _type, sizeof(type)); 160 if (ret < 0) 161 goto error; 162 163 /* pull the description into kernel space */ 164 description = strndup_user(_description, PAGE_SIZE); 165 if (IS_ERR(description)) { 166 ret = PTR_ERR(description); 167 goto error; 168 } 169 170 /* pull the callout info into kernel space */ 171 callout_info = NULL; 172 callout_len = 0; 173 if (_callout_info) { 174 callout_info = strndup_user(_callout_info, PAGE_SIZE); 175 if (IS_ERR(callout_info)) { 176 ret = PTR_ERR(callout_info); 177 goto error2; 178 } 179 callout_len = strlen(callout_info); 180 } 181 182 /* get the destination keyring if specified */ 183 dest_ref = NULL; 184 if (destringid) { 185 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 186 KEY_WRITE); 187 if (IS_ERR(dest_ref)) { 188 ret = PTR_ERR(dest_ref); 189 goto error3; 190 } 191 } 192 193 /* find the key type */ 194 ktype = key_type_lookup(type); 195 if (IS_ERR(ktype)) { 196 ret = PTR_ERR(ktype); 197 goto error4; 198 } 199 200 /* do the search */ 201 key = request_key_and_link(ktype, description, callout_info, 202 callout_len, NULL, key_ref_to_ptr(dest_ref), 203 KEY_ALLOC_IN_QUOTA); 204 if (IS_ERR(key)) { 205 ret = PTR_ERR(key); 206 goto error5; 207 } 208 209 /* wait for the key to finish being constructed */ 210 ret = wait_for_key_construction(key, 1); 211 if (ret < 0) 212 goto error6; 213 214 ret = key->serial; 215 216 error6: 217 key_put(key); 218 error5: 219 key_type_put(ktype); 220 error4: 221 key_ref_put(dest_ref); 222 error3: 223 kfree(callout_info); 224 error2: 225 kfree(description); 226 error: 227 return ret; 228 } 229 230 /* 231 * Get the ID of the specified process keyring. 232 * 233 * The requested keyring must have search permission to be found. 234 * 235 * If successful, the ID of the requested keyring will be returned. 236 */ 237 long keyctl_get_keyring_ID(key_serial_t id, int create) 238 { 239 key_ref_t key_ref; 240 unsigned long lflags; 241 long ret; 242 243 lflags = create ? KEY_LOOKUP_CREATE : 0; 244 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 245 if (IS_ERR(key_ref)) { 246 ret = PTR_ERR(key_ref); 247 goto error; 248 } 249 250 ret = key_ref_to_ptr(key_ref)->serial; 251 key_ref_put(key_ref); 252 error: 253 return ret; 254 } 255 256 /* 257 * Join a (named) session keyring. 258 * 259 * Create and join an anonymous session keyring or join a named session 260 * keyring, creating it if necessary. A named session keyring must have Search 261 * permission for it to be joined. Session keyrings without this permit will 262 * be skipped over. 263 * 264 * If successful, the ID of the joined session keyring will be returned. 265 */ 266 long keyctl_join_session_keyring(const char __user *_name) 267 { 268 char *name; 269 long ret; 270 271 /* fetch the name from userspace */ 272 name = NULL; 273 if (_name) { 274 name = strndup_user(_name, PAGE_SIZE); 275 if (IS_ERR(name)) { 276 ret = PTR_ERR(name); 277 goto error; 278 } 279 } 280 281 /* join the session */ 282 ret = join_session_keyring(name); 283 kfree(name); 284 285 error: 286 return ret; 287 } 288 289 /* 290 * Update a key's data payload from the given data. 291 * 292 * The key must grant the caller Write permission and the key type must support 293 * updating for this to work. A negative key can be positively instantiated 294 * with this call. 295 * 296 * If successful, 0 will be returned. If the key type does not support 297 * updating, then -EOPNOTSUPP will be returned. 298 */ 299 long keyctl_update_key(key_serial_t id, 300 const void __user *_payload, 301 size_t plen) 302 { 303 key_ref_t key_ref; 304 void *payload; 305 long ret; 306 307 ret = -EINVAL; 308 if (plen > PAGE_SIZE) 309 goto error; 310 311 /* pull the payload in if one was supplied */ 312 payload = NULL; 313 if (_payload) { 314 ret = -ENOMEM; 315 payload = kmalloc(plen, GFP_KERNEL); 316 if (!payload) 317 goto error; 318 319 ret = -EFAULT; 320 if (copy_from_user(payload, _payload, plen) != 0) 321 goto error2; 322 } 323 324 /* find the target key (which must be writable) */ 325 key_ref = lookup_user_key(id, 0, KEY_WRITE); 326 if (IS_ERR(key_ref)) { 327 ret = PTR_ERR(key_ref); 328 goto error2; 329 } 330 331 /* update the key */ 332 ret = key_update(key_ref, payload, plen); 333 334 key_ref_put(key_ref); 335 error2: 336 kfree(payload); 337 error: 338 return ret; 339 } 340 341 /* 342 * Revoke a key. 343 * 344 * The key must be grant the caller Write or Setattr permission for this to 345 * work. The key type should give up its quota claim when revoked. The key 346 * and any links to the key will be automatically garbage collected after a 347 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 348 * 349 * If successful, 0 is returned. 350 */ 351 long keyctl_revoke_key(key_serial_t id) 352 { 353 key_ref_t key_ref; 354 long ret; 355 356 key_ref = lookup_user_key(id, 0, KEY_WRITE); 357 if (IS_ERR(key_ref)) { 358 ret = PTR_ERR(key_ref); 359 if (ret != -EACCES) 360 goto error; 361 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 362 if (IS_ERR(key_ref)) { 363 ret = PTR_ERR(key_ref); 364 goto error; 365 } 366 } 367 368 key_revoke(key_ref_to_ptr(key_ref)); 369 ret = 0; 370 371 key_ref_put(key_ref); 372 error: 373 return ret; 374 } 375 376 /* 377 * Clear the specified keyring, creating an empty process keyring if one of the 378 * special keyring IDs is used. 379 * 380 * The keyring must grant the caller Write permission for this to work. If 381 * successful, 0 will be returned. 382 */ 383 long keyctl_keyring_clear(key_serial_t ringid) 384 { 385 key_ref_t keyring_ref; 386 long ret; 387 388 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 389 if (IS_ERR(keyring_ref)) { 390 ret = PTR_ERR(keyring_ref); 391 goto error; 392 } 393 394 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 395 396 key_ref_put(keyring_ref); 397 error: 398 return ret; 399 } 400 401 /* 402 * Create a link from a keyring to a key if there's no matching key in the 403 * keyring, otherwise replace the link to the matching key with a link to the 404 * new key. 405 * 406 * The key must grant the caller Link permission and the the keyring must grant 407 * the caller Write permission. Furthermore, if an additional link is created, 408 * the keyring's quota will be extended. 409 * 410 * If successful, 0 will be returned. 411 */ 412 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 413 { 414 key_ref_t keyring_ref, key_ref; 415 long ret; 416 417 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 418 if (IS_ERR(keyring_ref)) { 419 ret = PTR_ERR(keyring_ref); 420 goto error; 421 } 422 423 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 424 if (IS_ERR(key_ref)) { 425 ret = PTR_ERR(key_ref); 426 goto error2; 427 } 428 429 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 430 431 key_ref_put(key_ref); 432 error2: 433 key_ref_put(keyring_ref); 434 error: 435 return ret; 436 } 437 438 /* 439 * Unlink a key from a keyring. 440 * 441 * The keyring must grant the caller Write permission for this to work; the key 442 * itself need not grant the caller anything. If the last link to a key is 443 * removed then that key will be scheduled for destruction. 444 * 445 * If successful, 0 will be returned. 446 */ 447 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 448 { 449 key_ref_t keyring_ref, key_ref; 450 long ret; 451 452 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 453 if (IS_ERR(keyring_ref)) { 454 ret = PTR_ERR(keyring_ref); 455 goto error; 456 } 457 458 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 459 if (IS_ERR(key_ref)) { 460 ret = PTR_ERR(key_ref); 461 goto error2; 462 } 463 464 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 465 466 key_ref_put(key_ref); 467 error2: 468 key_ref_put(keyring_ref); 469 error: 470 return ret; 471 } 472 473 /* 474 * Return a description of a key to userspace. 475 * 476 * The key must grant the caller View permission for this to work. 477 * 478 * If there's a buffer, we place up to buflen bytes of data into it formatted 479 * in the following way: 480 * 481 * type;uid;gid;perm;description<NUL> 482 * 483 * If successful, we return the amount of description available, irrespective 484 * of how much we may have copied into the buffer. 485 */ 486 long keyctl_describe_key(key_serial_t keyid, 487 char __user *buffer, 488 size_t buflen) 489 { 490 struct key *key, *instkey; 491 key_ref_t key_ref; 492 char *tmpbuf; 493 long ret; 494 495 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 496 if (IS_ERR(key_ref)) { 497 /* viewing a key under construction is permitted if we have the 498 * authorisation token handy */ 499 if (PTR_ERR(key_ref) == -EACCES) { 500 instkey = key_get_instantiation_authkey(keyid); 501 if (!IS_ERR(instkey)) { 502 key_put(instkey); 503 key_ref = lookup_user_key(keyid, 504 KEY_LOOKUP_PARTIAL, 505 0); 506 if (!IS_ERR(key_ref)) 507 goto okay; 508 } 509 } 510 511 ret = PTR_ERR(key_ref); 512 goto error; 513 } 514 515 okay: 516 /* calculate how much description we're going to return */ 517 ret = -ENOMEM; 518 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 519 if (!tmpbuf) 520 goto error2; 521 522 key = key_ref_to_ptr(key_ref); 523 524 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 525 "%s;%d;%d;%08x;%s", 526 key->type->name, 527 key->uid, 528 key->gid, 529 key->perm, 530 key->description ?: ""); 531 532 /* include a NUL char at the end of the data */ 533 if (ret > PAGE_SIZE - 1) 534 ret = PAGE_SIZE - 1; 535 tmpbuf[ret] = 0; 536 ret++; 537 538 /* consider returning the data */ 539 if (buffer && buflen > 0) { 540 if (buflen > ret) 541 buflen = ret; 542 543 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 544 ret = -EFAULT; 545 } 546 547 kfree(tmpbuf); 548 error2: 549 key_ref_put(key_ref); 550 error: 551 return ret; 552 } 553 554 /* 555 * Search the specified keyring and any keyrings it links to for a matching 556 * key. Only keyrings that grant the caller Search permission will be searched 557 * (this includes the starting keyring). Only keys with Search permission can 558 * be found. 559 * 560 * If successful, the found key will be linked to the destination keyring if 561 * supplied and the key has Link permission, and the found key ID will be 562 * returned. 563 */ 564 long keyctl_keyring_search(key_serial_t ringid, 565 const char __user *_type, 566 const char __user *_description, 567 key_serial_t destringid) 568 { 569 struct key_type *ktype; 570 key_ref_t keyring_ref, key_ref, dest_ref; 571 char type[32], *description; 572 long ret; 573 574 /* pull the type and description into kernel space */ 575 ret = key_get_type_from_user(type, _type, sizeof(type)); 576 if (ret < 0) 577 goto error; 578 579 description = strndup_user(_description, PAGE_SIZE); 580 if (IS_ERR(description)) { 581 ret = PTR_ERR(description); 582 goto error; 583 } 584 585 /* get the keyring at which to begin the search */ 586 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 587 if (IS_ERR(keyring_ref)) { 588 ret = PTR_ERR(keyring_ref); 589 goto error2; 590 } 591 592 /* get the destination keyring if specified */ 593 dest_ref = NULL; 594 if (destringid) { 595 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 596 KEY_WRITE); 597 if (IS_ERR(dest_ref)) { 598 ret = PTR_ERR(dest_ref); 599 goto error3; 600 } 601 } 602 603 /* find the key type */ 604 ktype = key_type_lookup(type); 605 if (IS_ERR(ktype)) { 606 ret = PTR_ERR(ktype); 607 goto error4; 608 } 609 610 /* do the search */ 611 key_ref = keyring_search(keyring_ref, ktype, description); 612 if (IS_ERR(key_ref)) { 613 ret = PTR_ERR(key_ref); 614 615 /* treat lack or presence of a negative key the same */ 616 if (ret == -EAGAIN) 617 ret = -ENOKEY; 618 goto error5; 619 } 620 621 /* link the resulting key to the destination keyring if we can */ 622 if (dest_ref) { 623 ret = key_permission(key_ref, KEY_LINK); 624 if (ret < 0) 625 goto error6; 626 627 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 628 if (ret < 0) 629 goto error6; 630 } 631 632 ret = key_ref_to_ptr(key_ref)->serial; 633 634 error6: 635 key_ref_put(key_ref); 636 error5: 637 key_type_put(ktype); 638 error4: 639 key_ref_put(dest_ref); 640 error3: 641 key_ref_put(keyring_ref); 642 error2: 643 kfree(description); 644 error: 645 return ret; 646 } 647 648 /* 649 * Read a key's payload. 650 * 651 * The key must either grant the caller Read permission, or it must grant the 652 * caller Search permission when searched for from the process keyrings. 653 * 654 * If successful, we place up to buflen bytes of data into the buffer, if one 655 * is provided, and return the amount of data that is available in the key, 656 * irrespective of how much we copied into the buffer. 657 */ 658 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 659 { 660 struct key *key; 661 key_ref_t key_ref; 662 long ret; 663 664 /* find the key first */ 665 key_ref = lookup_user_key(keyid, 0, 0); 666 if (IS_ERR(key_ref)) { 667 ret = -ENOKEY; 668 goto error; 669 } 670 671 key = key_ref_to_ptr(key_ref); 672 673 /* see if we can read it directly */ 674 ret = key_permission(key_ref, KEY_READ); 675 if (ret == 0) 676 goto can_read_key; 677 if (ret != -EACCES) 678 goto error; 679 680 /* we can't; see if it's searchable from this process's keyrings 681 * - we automatically take account of the fact that it may be 682 * dangling off an instantiation key 683 */ 684 if (!is_key_possessed(key_ref)) { 685 ret = -EACCES; 686 goto error2; 687 } 688 689 /* the key is probably readable - now try to read it */ 690 can_read_key: 691 ret = key_validate(key); 692 if (ret == 0) { 693 ret = -EOPNOTSUPP; 694 if (key->type->read) { 695 /* read the data with the semaphore held (since we 696 * might sleep) */ 697 down_read(&key->sem); 698 ret = key->type->read(key, buffer, buflen); 699 up_read(&key->sem); 700 } 701 } 702 703 error2: 704 key_put(key); 705 error: 706 return ret; 707 } 708 709 /* 710 * Change the ownership of a key 711 * 712 * The key must grant the caller Setattr permission for this to work, though 713 * the key need not be fully instantiated yet. For the UID to be changed, or 714 * for the GID to be changed to a group the caller is not a member of, the 715 * caller must have sysadmin capability. If either uid or gid is -1 then that 716 * attribute is not changed. 717 * 718 * If the UID is to be changed, the new user must have sufficient quota to 719 * accept the key. The quota deduction will be removed from the old user to 720 * the new user should the attribute be changed. 721 * 722 * If successful, 0 will be returned. 723 */ 724 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 725 { 726 struct key_user *newowner, *zapowner = NULL; 727 struct key *key; 728 key_ref_t key_ref; 729 long ret; 730 731 ret = 0; 732 if (uid == (uid_t) -1 && gid == (gid_t) -1) 733 goto error; 734 735 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 736 KEY_SETATTR); 737 if (IS_ERR(key_ref)) { 738 ret = PTR_ERR(key_ref); 739 goto error; 740 } 741 742 key = key_ref_to_ptr(key_ref); 743 744 /* make the changes with the locks held to prevent chown/chown races */ 745 ret = -EACCES; 746 down_write(&key->sem); 747 748 if (!capable(CAP_SYS_ADMIN)) { 749 /* only the sysadmin can chown a key to some other UID */ 750 if (uid != (uid_t) -1 && key->uid != uid) 751 goto error_put; 752 753 /* only the sysadmin can set the key's GID to a group other 754 * than one of those that the current process subscribes to */ 755 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 756 goto error_put; 757 } 758 759 /* change the UID */ 760 if (uid != (uid_t) -1 && uid != key->uid) { 761 ret = -ENOMEM; 762 newowner = key_user_lookup(uid, current_user_ns()); 763 if (!newowner) 764 goto error_put; 765 766 /* transfer the quota burden to the new user */ 767 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 768 unsigned maxkeys = (uid == 0) ? 769 key_quota_root_maxkeys : key_quota_maxkeys; 770 unsigned maxbytes = (uid == 0) ? 771 key_quota_root_maxbytes : key_quota_maxbytes; 772 773 spin_lock(&newowner->lock); 774 if (newowner->qnkeys + 1 >= maxkeys || 775 newowner->qnbytes + key->quotalen >= maxbytes || 776 newowner->qnbytes + key->quotalen < 777 newowner->qnbytes) 778 goto quota_overrun; 779 780 newowner->qnkeys++; 781 newowner->qnbytes += key->quotalen; 782 spin_unlock(&newowner->lock); 783 784 spin_lock(&key->user->lock); 785 key->user->qnkeys--; 786 key->user->qnbytes -= key->quotalen; 787 spin_unlock(&key->user->lock); 788 } 789 790 atomic_dec(&key->user->nkeys); 791 atomic_inc(&newowner->nkeys); 792 793 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 794 atomic_dec(&key->user->nikeys); 795 atomic_inc(&newowner->nikeys); 796 } 797 798 zapowner = key->user; 799 key->user = newowner; 800 key->uid = uid; 801 } 802 803 /* change the GID */ 804 if (gid != (gid_t) -1) 805 key->gid = gid; 806 807 ret = 0; 808 809 error_put: 810 up_write(&key->sem); 811 key_put(key); 812 if (zapowner) 813 key_user_put(zapowner); 814 error: 815 return ret; 816 817 quota_overrun: 818 spin_unlock(&newowner->lock); 819 zapowner = newowner; 820 ret = -EDQUOT; 821 goto error_put; 822 } 823 824 /* 825 * Change the permission mask on a key. 826 * 827 * The key must grant the caller Setattr permission for this to work, though 828 * the key need not be fully instantiated yet. If the caller does not have 829 * sysadmin capability, it may only change the permission on keys that it owns. 830 */ 831 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 832 { 833 struct key *key; 834 key_ref_t key_ref; 835 long ret; 836 837 ret = -EINVAL; 838 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 839 goto error; 840 841 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 842 KEY_SETATTR); 843 if (IS_ERR(key_ref)) { 844 ret = PTR_ERR(key_ref); 845 goto error; 846 } 847 848 key = key_ref_to_ptr(key_ref); 849 850 /* make the changes with the locks held to prevent chown/chmod races */ 851 ret = -EACCES; 852 down_write(&key->sem); 853 854 /* if we're not the sysadmin, we can only change a key that we own */ 855 if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { 856 key->perm = perm; 857 ret = 0; 858 } 859 860 up_write(&key->sem); 861 key_put(key); 862 error: 863 return ret; 864 } 865 866 /* 867 * Get the destination keyring for instantiation and check that the caller has 868 * Write permission on it. 869 */ 870 static long get_instantiation_keyring(key_serial_t ringid, 871 struct request_key_auth *rka, 872 struct key **_dest_keyring) 873 { 874 key_ref_t dkref; 875 876 *_dest_keyring = NULL; 877 878 /* just return a NULL pointer if we weren't asked to make a link */ 879 if (ringid == 0) 880 return 0; 881 882 /* if a specific keyring is nominated by ID, then use that */ 883 if (ringid > 0) { 884 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 885 if (IS_ERR(dkref)) 886 return PTR_ERR(dkref); 887 *_dest_keyring = key_ref_to_ptr(dkref); 888 return 0; 889 } 890 891 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 892 return -EINVAL; 893 894 /* otherwise specify the destination keyring recorded in the 895 * authorisation key (any KEY_SPEC_*_KEYRING) */ 896 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 897 *_dest_keyring = key_get(rka->dest_keyring); 898 return 0; 899 } 900 901 return -ENOKEY; 902 } 903 904 /* 905 * Change the request_key authorisation key on the current process. 906 */ 907 static int keyctl_change_reqkey_auth(struct key *key) 908 { 909 struct cred *new; 910 911 new = prepare_creds(); 912 if (!new) 913 return -ENOMEM; 914 915 key_put(new->request_key_auth); 916 new->request_key_auth = key_get(key); 917 918 return commit_creds(new); 919 } 920 921 /* 922 * Copy the iovec data from userspace 923 */ 924 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 925 unsigned ioc) 926 { 927 for (; ioc > 0; ioc--) { 928 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 929 return -EFAULT; 930 buffer += iov->iov_len; 931 iov++; 932 } 933 return 0; 934 } 935 936 /* 937 * Instantiate a key with the specified payload and link the key into the 938 * destination keyring if one is given. 939 * 940 * The caller must have the appropriate instantiation permit set for this to 941 * work (see keyctl_assume_authority). No other permissions are required. 942 * 943 * If successful, 0 will be returned. 944 */ 945 long keyctl_instantiate_key_common(key_serial_t id, 946 const struct iovec *payload_iov, 947 unsigned ioc, 948 size_t plen, 949 key_serial_t ringid) 950 { 951 const struct cred *cred = current_cred(); 952 struct request_key_auth *rka; 953 struct key *instkey, *dest_keyring; 954 void *payload; 955 long ret; 956 bool vm = false; 957 958 kenter("%d,,%zu,%d", id, plen, ringid); 959 960 ret = -EINVAL; 961 if (plen > 1024 * 1024 - 1) 962 goto error; 963 964 /* the appropriate instantiation authorisation key must have been 965 * assumed before calling this */ 966 ret = -EPERM; 967 instkey = cred->request_key_auth; 968 if (!instkey) 969 goto error; 970 971 rka = instkey->payload.data; 972 if (rka->target_key->serial != id) 973 goto error; 974 975 /* pull the payload in if one was supplied */ 976 payload = NULL; 977 978 if (payload_iov) { 979 ret = -ENOMEM; 980 payload = kmalloc(plen, GFP_KERNEL); 981 if (!payload) { 982 if (plen <= PAGE_SIZE) 983 goto error; 984 vm = true; 985 payload = vmalloc(plen); 986 if (!payload) 987 goto error; 988 } 989 990 ret = copy_from_user_iovec(payload, payload_iov, ioc); 991 if (ret < 0) 992 goto error2; 993 } 994 995 /* find the destination keyring amongst those belonging to the 996 * requesting task */ 997 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 998 if (ret < 0) 999 goto error2; 1000 1001 /* instantiate the key and link it into a keyring */ 1002 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1003 dest_keyring, instkey); 1004 1005 key_put(dest_keyring); 1006 1007 /* discard the assumed authority if it's just been disabled by 1008 * instantiation of the key */ 1009 if (ret == 0) 1010 keyctl_change_reqkey_auth(NULL); 1011 1012 error2: 1013 if (!vm) 1014 kfree(payload); 1015 else 1016 vfree(payload); 1017 error: 1018 return ret; 1019 } 1020 1021 /* 1022 * Instantiate a key with the specified payload and link the key into the 1023 * destination keyring if one is given. 1024 * 1025 * The caller must have the appropriate instantiation permit set for this to 1026 * work (see keyctl_assume_authority). No other permissions are required. 1027 * 1028 * If successful, 0 will be returned. 1029 */ 1030 long keyctl_instantiate_key(key_serial_t id, 1031 const void __user *_payload, 1032 size_t plen, 1033 key_serial_t ringid) 1034 { 1035 if (_payload && plen) { 1036 struct iovec iov[1] = { 1037 [0].iov_base = (void __user *)_payload, 1038 [0].iov_len = plen 1039 }; 1040 1041 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1042 } 1043 1044 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1045 } 1046 1047 /* 1048 * Instantiate a key with the specified multipart payload and link the key into 1049 * the destination keyring if one is given. 1050 * 1051 * The caller must have the appropriate instantiation permit set for this to 1052 * work (see keyctl_assume_authority). No other permissions are required. 1053 * 1054 * If successful, 0 will be returned. 1055 */ 1056 long keyctl_instantiate_key_iov(key_serial_t id, 1057 const struct iovec __user *_payload_iov, 1058 unsigned ioc, 1059 key_serial_t ringid) 1060 { 1061 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1062 long ret; 1063 1064 if (_payload_iov == 0 || ioc == 0) 1065 goto no_payload; 1066 1067 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1068 ARRAY_SIZE(iovstack), iovstack, &iov, 1); 1069 if (ret < 0) 1070 return ret; 1071 if (ret == 0) 1072 goto no_payload_free; 1073 1074 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1075 1076 if (iov != iovstack) 1077 kfree(iov); 1078 return ret; 1079 1080 no_payload_free: 1081 if (iov != iovstack) 1082 kfree(iov); 1083 no_payload: 1084 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1085 } 1086 1087 /* 1088 * Negatively instantiate the key with the given timeout (in seconds) and link 1089 * the key into the destination keyring if one is given. 1090 * 1091 * The caller must have the appropriate instantiation permit set for this to 1092 * work (see keyctl_assume_authority). No other permissions are required. 1093 * 1094 * The key and any links to the key will be automatically garbage collected 1095 * after the timeout expires. 1096 * 1097 * Negative keys are used to rate limit repeated request_key() calls by causing 1098 * them to return -ENOKEY until the negative key expires. 1099 * 1100 * If successful, 0 will be returned. 1101 */ 1102 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1103 { 1104 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1105 } 1106 1107 /* 1108 * Negatively instantiate the key with the given timeout (in seconds) and error 1109 * code and link the key into the destination keyring if one is given. 1110 * 1111 * The caller must have the appropriate instantiation permit set for this to 1112 * work (see keyctl_assume_authority). No other permissions are required. 1113 * 1114 * The key and any links to the key will be automatically garbage collected 1115 * after the timeout expires. 1116 * 1117 * Negative keys are used to rate limit repeated request_key() calls by causing 1118 * them to return the specified error code until the negative key expires. 1119 * 1120 * If successful, 0 will be returned. 1121 */ 1122 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1123 key_serial_t ringid) 1124 { 1125 const struct cred *cred = current_cred(); 1126 struct request_key_auth *rka; 1127 struct key *instkey, *dest_keyring; 1128 long ret; 1129 1130 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1131 1132 /* must be a valid error code and mustn't be a kernel special */ 1133 if (error <= 0 || 1134 error >= MAX_ERRNO || 1135 error == ERESTARTSYS || 1136 error == ERESTARTNOINTR || 1137 error == ERESTARTNOHAND || 1138 error == ERESTART_RESTARTBLOCK) 1139 return -EINVAL; 1140 1141 /* the appropriate instantiation authorisation key must have been 1142 * assumed before calling this */ 1143 ret = -EPERM; 1144 instkey = cred->request_key_auth; 1145 if (!instkey) 1146 goto error; 1147 1148 rka = instkey->payload.data; 1149 if (rka->target_key->serial != id) 1150 goto error; 1151 1152 /* find the destination keyring if present (which must also be 1153 * writable) */ 1154 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1155 if (ret < 0) 1156 goto error; 1157 1158 /* instantiate the key and link it into a keyring */ 1159 ret = key_reject_and_link(rka->target_key, timeout, error, 1160 dest_keyring, instkey); 1161 1162 key_put(dest_keyring); 1163 1164 /* discard the assumed authority if it's just been disabled by 1165 * instantiation of the key */ 1166 if (ret == 0) 1167 keyctl_change_reqkey_auth(NULL); 1168 1169 error: 1170 return ret; 1171 } 1172 1173 /* 1174 * Read or set the default keyring in which request_key() will cache keys and 1175 * return the old setting. 1176 * 1177 * If a process keyring is specified then this will be created if it doesn't 1178 * yet exist. The old setting will be returned if successful. 1179 */ 1180 long keyctl_set_reqkey_keyring(int reqkey_defl) 1181 { 1182 struct cred *new; 1183 int ret, old_setting; 1184 1185 old_setting = current_cred_xxx(jit_keyring); 1186 1187 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1188 return old_setting; 1189 1190 new = prepare_creds(); 1191 if (!new) 1192 return -ENOMEM; 1193 1194 switch (reqkey_defl) { 1195 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1196 ret = install_thread_keyring_to_cred(new); 1197 if (ret < 0) 1198 goto error; 1199 goto set; 1200 1201 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1202 ret = install_process_keyring_to_cred(new); 1203 if (ret < 0) { 1204 if (ret != -EEXIST) 1205 goto error; 1206 ret = 0; 1207 } 1208 goto set; 1209 1210 case KEY_REQKEY_DEFL_DEFAULT: 1211 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1212 case KEY_REQKEY_DEFL_USER_KEYRING: 1213 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1214 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1215 goto set; 1216 1217 case KEY_REQKEY_DEFL_NO_CHANGE: 1218 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1219 default: 1220 ret = -EINVAL; 1221 goto error; 1222 } 1223 1224 set: 1225 new->jit_keyring = reqkey_defl; 1226 commit_creds(new); 1227 return old_setting; 1228 error: 1229 abort_creds(new); 1230 return ret; 1231 } 1232 1233 /* 1234 * Set or clear the timeout on a key. 1235 * 1236 * Either the key must grant the caller Setattr permission or else the caller 1237 * must hold an instantiation authorisation token for the key. 1238 * 1239 * The timeout is either 0 to clear the timeout, or a number of seconds from 1240 * the current time. The key and any links to the key will be automatically 1241 * garbage collected after the timeout expires. 1242 * 1243 * If successful, 0 is returned. 1244 */ 1245 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1246 { 1247 struct timespec now; 1248 struct key *key, *instkey; 1249 key_ref_t key_ref; 1250 time_t expiry; 1251 long ret; 1252 1253 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1254 KEY_SETATTR); 1255 if (IS_ERR(key_ref)) { 1256 /* setting the timeout on a key under construction is permitted 1257 * if we have the authorisation token handy */ 1258 if (PTR_ERR(key_ref) == -EACCES) { 1259 instkey = key_get_instantiation_authkey(id); 1260 if (!IS_ERR(instkey)) { 1261 key_put(instkey); 1262 key_ref = lookup_user_key(id, 1263 KEY_LOOKUP_PARTIAL, 1264 0); 1265 if (!IS_ERR(key_ref)) 1266 goto okay; 1267 } 1268 } 1269 1270 ret = PTR_ERR(key_ref); 1271 goto error; 1272 } 1273 1274 okay: 1275 key = key_ref_to_ptr(key_ref); 1276 1277 /* make the changes with the locks held to prevent races */ 1278 down_write(&key->sem); 1279 1280 expiry = 0; 1281 if (timeout > 0) { 1282 now = current_kernel_time(); 1283 expiry = now.tv_sec + timeout; 1284 } 1285 1286 key->expiry = expiry; 1287 key_schedule_gc(key->expiry + key_gc_delay); 1288 1289 up_write(&key->sem); 1290 key_put(key); 1291 1292 ret = 0; 1293 error: 1294 return ret; 1295 } 1296 1297 /* 1298 * Assume (or clear) the authority to instantiate the specified key. 1299 * 1300 * This sets the authoritative token currently in force for key instantiation. 1301 * This must be done for a key to be instantiated. It has the effect of making 1302 * available all the keys from the caller of the request_key() that created a 1303 * key to request_key() calls made by the caller of this function. 1304 * 1305 * The caller must have the instantiation key in their process keyrings with a 1306 * Search permission grant available to the caller. 1307 * 1308 * If the ID given is 0, then the setting will be cleared and 0 returned. 1309 * 1310 * If the ID given has a matching an authorisation key, then that key will be 1311 * set and its ID will be returned. The authorisation key can be read to get 1312 * the callout information passed to request_key(). 1313 */ 1314 long keyctl_assume_authority(key_serial_t id) 1315 { 1316 struct key *authkey; 1317 long ret; 1318 1319 /* special key IDs aren't permitted */ 1320 ret = -EINVAL; 1321 if (id < 0) 1322 goto error; 1323 1324 /* we divest ourselves of authority if given an ID of 0 */ 1325 if (id == 0) { 1326 ret = keyctl_change_reqkey_auth(NULL); 1327 goto error; 1328 } 1329 1330 /* attempt to assume the authority temporarily granted to us whilst we 1331 * instantiate the specified key 1332 * - the authorisation key must be in the current task's keyrings 1333 * somewhere 1334 */ 1335 authkey = key_get_instantiation_authkey(id); 1336 if (IS_ERR(authkey)) { 1337 ret = PTR_ERR(authkey); 1338 goto error; 1339 } 1340 1341 ret = keyctl_change_reqkey_auth(authkey); 1342 if (ret < 0) 1343 goto error; 1344 key_put(authkey); 1345 1346 ret = authkey->serial; 1347 error: 1348 return ret; 1349 } 1350 1351 /* 1352 * Get a key's the LSM security label. 1353 * 1354 * The key must grant the caller View permission for this to work. 1355 * 1356 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1357 * 1358 * If successful, the amount of information available will be returned, 1359 * irrespective of how much was copied (including the terminal NUL). 1360 */ 1361 long keyctl_get_security(key_serial_t keyid, 1362 char __user *buffer, 1363 size_t buflen) 1364 { 1365 struct key *key, *instkey; 1366 key_ref_t key_ref; 1367 char *context; 1368 long ret; 1369 1370 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1371 if (IS_ERR(key_ref)) { 1372 if (PTR_ERR(key_ref) != -EACCES) 1373 return PTR_ERR(key_ref); 1374 1375 /* viewing a key under construction is also permitted if we 1376 * have the authorisation token handy */ 1377 instkey = key_get_instantiation_authkey(keyid); 1378 if (IS_ERR(instkey)) 1379 return PTR_ERR(instkey); 1380 key_put(instkey); 1381 1382 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1383 if (IS_ERR(key_ref)) 1384 return PTR_ERR(key_ref); 1385 } 1386 1387 key = key_ref_to_ptr(key_ref); 1388 ret = security_key_getsecurity(key, &context); 1389 if (ret == 0) { 1390 /* if no information was returned, give userspace an empty 1391 * string */ 1392 ret = 1; 1393 if (buffer && buflen > 0 && 1394 copy_to_user(buffer, "", 1) != 0) 1395 ret = -EFAULT; 1396 } else if (ret > 0) { 1397 /* return as much data as there's room for */ 1398 if (buffer && buflen > 0) { 1399 if (buflen > ret) 1400 buflen = ret; 1401 1402 if (copy_to_user(buffer, context, buflen) != 0) 1403 ret = -EFAULT; 1404 } 1405 1406 kfree(context); 1407 } 1408 1409 key_ref_put(key_ref); 1410 return ret; 1411 } 1412 1413 /* 1414 * Attempt to install the calling process's session keyring on the process's 1415 * parent process. 1416 * 1417 * The keyring must exist and must grant the caller LINK permission, and the 1418 * parent process must be single-threaded and must have the same effective 1419 * ownership as this process and mustn't be SUID/SGID. 1420 * 1421 * The keyring will be emplaced on the parent when it next resumes userspace. 1422 * 1423 * If successful, 0 will be returned. 1424 */ 1425 long keyctl_session_to_parent(void) 1426 { 1427 #ifdef TIF_NOTIFY_RESUME 1428 struct task_struct *me, *parent; 1429 const struct cred *mycred, *pcred; 1430 struct cred *cred, *oldcred; 1431 key_ref_t keyring_r; 1432 int ret; 1433 1434 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1435 if (IS_ERR(keyring_r)) 1436 return PTR_ERR(keyring_r); 1437 1438 /* our parent is going to need a new cred struct, a new tgcred struct 1439 * and new security data, so we allocate them here to prevent ENOMEM in 1440 * our parent */ 1441 ret = -ENOMEM; 1442 cred = cred_alloc_blank(); 1443 if (!cred) 1444 goto error_keyring; 1445 1446 cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r); 1447 keyring_r = NULL; 1448 1449 me = current; 1450 rcu_read_lock(); 1451 write_lock_irq(&tasklist_lock); 1452 1453 parent = me->real_parent; 1454 ret = -EPERM; 1455 1456 /* the parent mustn't be init and mustn't be a kernel thread */ 1457 if (parent->pid <= 1 || !parent->mm) 1458 goto not_permitted; 1459 1460 /* the parent must be single threaded */ 1461 if (!thread_group_empty(parent)) 1462 goto not_permitted; 1463 1464 /* the parent and the child must have different session keyrings or 1465 * there's no point */ 1466 mycred = current_cred(); 1467 pcred = __task_cred(parent); 1468 if (mycred == pcred || 1469 mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) 1470 goto already_same; 1471 1472 /* the parent must have the same effective ownership and mustn't be 1473 * SUID/SGID */ 1474 if (pcred->uid != mycred->euid || 1475 pcred->euid != mycred->euid || 1476 pcred->suid != mycred->euid || 1477 pcred->gid != mycred->egid || 1478 pcred->egid != mycred->egid || 1479 pcred->sgid != mycred->egid) 1480 goto not_permitted; 1481 1482 /* the keyrings must have the same UID */ 1483 if ((pcred->tgcred->session_keyring && 1484 pcred->tgcred->session_keyring->uid != mycred->euid) || 1485 mycred->tgcred->session_keyring->uid != mycred->euid) 1486 goto not_permitted; 1487 1488 /* if there's an already pending keyring replacement, then we replace 1489 * that */ 1490 oldcred = parent->replacement_session_keyring; 1491 1492 /* the replacement session keyring is applied just prior to userspace 1493 * restarting */ 1494 parent->replacement_session_keyring = cred; 1495 cred = NULL; 1496 set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME); 1497 1498 write_unlock_irq(&tasklist_lock); 1499 rcu_read_unlock(); 1500 if (oldcred) 1501 put_cred(oldcred); 1502 return 0; 1503 1504 already_same: 1505 ret = 0; 1506 not_permitted: 1507 write_unlock_irq(&tasklist_lock); 1508 rcu_read_unlock(); 1509 put_cred(cred); 1510 return ret; 1511 1512 error_keyring: 1513 key_ref_put(keyring_r); 1514 return ret; 1515 1516 #else /* !TIF_NOTIFY_RESUME */ 1517 /* 1518 * To be removed when TIF_NOTIFY_RESUME has been implemented on 1519 * m68k/xtensa 1520 */ 1521 #warning TIF_NOTIFY_RESUME not implemented 1522 return -EOPNOTSUPP; 1523 #endif /* !TIF_NOTIFY_RESUME */ 1524 } 1525 1526 /* 1527 * The key control system call 1528 */ 1529 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1530 unsigned long, arg4, unsigned long, arg5) 1531 { 1532 switch (option) { 1533 case KEYCTL_GET_KEYRING_ID: 1534 return keyctl_get_keyring_ID((key_serial_t) arg2, 1535 (int) arg3); 1536 1537 case KEYCTL_JOIN_SESSION_KEYRING: 1538 return keyctl_join_session_keyring((const char __user *) arg2); 1539 1540 case KEYCTL_UPDATE: 1541 return keyctl_update_key((key_serial_t) arg2, 1542 (const void __user *) arg3, 1543 (size_t) arg4); 1544 1545 case KEYCTL_REVOKE: 1546 return keyctl_revoke_key((key_serial_t) arg2); 1547 1548 case KEYCTL_DESCRIBE: 1549 return keyctl_describe_key((key_serial_t) arg2, 1550 (char __user *) arg3, 1551 (unsigned) arg4); 1552 1553 case KEYCTL_CLEAR: 1554 return keyctl_keyring_clear((key_serial_t) arg2); 1555 1556 case KEYCTL_LINK: 1557 return keyctl_keyring_link((key_serial_t) arg2, 1558 (key_serial_t) arg3); 1559 1560 case KEYCTL_UNLINK: 1561 return keyctl_keyring_unlink((key_serial_t) arg2, 1562 (key_serial_t) arg3); 1563 1564 case KEYCTL_SEARCH: 1565 return keyctl_keyring_search((key_serial_t) arg2, 1566 (const char __user *) arg3, 1567 (const char __user *) arg4, 1568 (key_serial_t) arg5); 1569 1570 case KEYCTL_READ: 1571 return keyctl_read_key((key_serial_t) arg2, 1572 (char __user *) arg3, 1573 (size_t) arg4); 1574 1575 case KEYCTL_CHOWN: 1576 return keyctl_chown_key((key_serial_t) arg2, 1577 (uid_t) arg3, 1578 (gid_t) arg4); 1579 1580 case KEYCTL_SETPERM: 1581 return keyctl_setperm_key((key_serial_t) arg2, 1582 (key_perm_t) arg3); 1583 1584 case KEYCTL_INSTANTIATE: 1585 return keyctl_instantiate_key((key_serial_t) arg2, 1586 (const void __user *) arg3, 1587 (size_t) arg4, 1588 (key_serial_t) arg5); 1589 1590 case KEYCTL_NEGATE: 1591 return keyctl_negate_key((key_serial_t) arg2, 1592 (unsigned) arg3, 1593 (key_serial_t) arg4); 1594 1595 case KEYCTL_SET_REQKEY_KEYRING: 1596 return keyctl_set_reqkey_keyring(arg2); 1597 1598 case KEYCTL_SET_TIMEOUT: 1599 return keyctl_set_timeout((key_serial_t) arg2, 1600 (unsigned) arg3); 1601 1602 case KEYCTL_ASSUME_AUTHORITY: 1603 return keyctl_assume_authority((key_serial_t) arg2); 1604 1605 case KEYCTL_GET_SECURITY: 1606 return keyctl_get_security((key_serial_t) arg2, 1607 (char __user *) arg3, 1608 (size_t) arg4); 1609 1610 case KEYCTL_SESSION_TO_PARENT: 1611 return keyctl_session_to_parent(); 1612 1613 case KEYCTL_REJECT: 1614 return keyctl_reject_key((key_serial_t) arg2, 1615 (unsigned) arg3, 1616 (unsigned) arg4, 1617 (key_serial_t) arg5); 1618 1619 case KEYCTL_INSTANTIATE_IOV: 1620 return keyctl_instantiate_key_iov( 1621 (key_serial_t) arg2, 1622 (const struct iovec __user *) arg3, 1623 (unsigned) arg4, 1624 (key_serial_t) arg5); 1625 1626 default: 1627 return -EOPNOTSUPP; 1628 } 1629 } 1630