blob: fea262860ea01656dbe7514b4b4a301ca47424b6 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/* keyctl.c: userspace keyctl operations
2 *
David Howells3e301482005-06-23 22:00:56 -07003 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
Linus Torvalds1da177e2005-04-16 15:20:36 -07004 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/syscalls.h>
17#include <linux/keyctl.h>
18#include <linux/fs.h>
19#include <linux/err.h>
20#include <asm/uaccess.h>
21#include "internal.h"
22
23/*****************************************************************************/
24/*
25 * extract the description of a new key from userspace and either add it as a
26 * new key to the specified keyring or update a matching key in that keyring
27 * - the keyring must be writable
28 * - returns the new key's serial number
29 * - implements add_key()
30 */
31asmlinkage long sys_add_key(const char __user *_type,
32 const char __user *_description,
33 const void __user *_payload,
34 size_t plen,
35 key_serial_t ringid)
36{
37 struct key *keyring, *key;
38 char type[32], *description;
39 void *payload;
40 long dlen, ret;
41
42 ret = -EINVAL;
43 if (plen > 32767)
44 goto error;
45
46 /* draw all the data into kernel space */
47 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
48 if (ret < 0)
49 goto error;
50 type[31] = '\0';
51
David Howells3e301482005-06-23 22:00:56 -070052 if (!type[0])
53 goto error;
54
55 ret = -EPERM;
56 if (type[0] == '.')
57 goto error;
58
Linus Torvalds1da177e2005-04-16 15:20:36 -070059 ret = -EFAULT;
60 dlen = strnlen_user(_description, PAGE_SIZE - 1);
61 if (dlen <= 0)
62 goto error;
63
64 ret = -EINVAL;
65 if (dlen > PAGE_SIZE - 1)
66 goto error;
67
68 ret = -ENOMEM;
69 description = kmalloc(dlen + 1, GFP_KERNEL);
70 if (!description)
71 goto error;
72
73 ret = -EFAULT;
74 if (copy_from_user(description, _description, dlen + 1) != 0)
75 goto error2;
76
77 /* pull the payload in if one was supplied */
78 payload = NULL;
79
80 if (_payload) {
81 ret = -ENOMEM;
82 payload = kmalloc(plen, GFP_KERNEL);
83 if (!payload)
84 goto error2;
85
86 ret = -EFAULT;
87 if (copy_from_user(payload, _payload, plen) != 0)
88 goto error3;
89 }
90
91 /* find the target keyring (which must be writable) */
David Howells3e301482005-06-23 22:00:56 -070092 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -070093 if (IS_ERR(keyring)) {
94 ret = PTR_ERR(keyring);
95 goto error3;
96 }
97
98 /* create or update the requested key and add it to the target
99 * keyring */
100 key = key_create_or_update(keyring, type, description,
101 payload, plen, 0);
102 if (!IS_ERR(key)) {
103 ret = key->serial;
104 key_put(key);
105 }
106 else {
107 ret = PTR_ERR(key);
108 }
109
110 key_put(keyring);
111 error3:
112 kfree(payload);
113 error2:
114 kfree(description);
115 error:
116 return ret;
117
118} /* end sys_add_key() */
119
120/*****************************************************************************/
121/*
122 * search the process keyrings for a matching key
123 * - nested keyrings may also be searched if they have Search permission
124 * - if a key is found, it will be attached to the destination keyring if
125 * there's one specified
126 * - /sbin/request-key will be invoked if _callout_info is non-NULL
127 * - the _callout_info string will be passed to /sbin/request-key
128 * - if the _callout_info string is empty, it will be rendered as "-"
129 * - implements request_key()
130 */
131asmlinkage long sys_request_key(const char __user *_type,
132 const char __user *_description,
133 const char __user *_callout_info,
134 key_serial_t destringid)
135{
136 struct key_type *ktype;
137 struct key *key, *dest;
138 char type[32], *description, *callout_info;
139 long dlen, ret;
140
141 /* pull the type into kernel space */
142 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
143 if (ret < 0)
144 goto error;
145 type[31] = '\0';
146
147 /* pull the description into kernel space */
148 ret = -EFAULT;
149 dlen = strnlen_user(_description, PAGE_SIZE - 1);
150 if (dlen <= 0)
151 goto error;
152
153 ret = -EINVAL;
154 if (dlen > PAGE_SIZE - 1)
155 goto error;
156
157 ret = -ENOMEM;
158 description = kmalloc(dlen + 1, GFP_KERNEL);
159 if (!description)
160 goto error;
161
162 ret = -EFAULT;
163 if (copy_from_user(description, _description, dlen + 1) != 0)
164 goto error2;
165
166 /* pull the callout info into kernel space */
167 callout_info = NULL;
168 if (_callout_info) {
169 ret = -EFAULT;
170 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
171 if (dlen <= 0)
172 goto error2;
173
174 ret = -EINVAL;
175 if (dlen > PAGE_SIZE - 1)
176 goto error2;
177
178 ret = -ENOMEM;
179 callout_info = kmalloc(dlen + 1, GFP_KERNEL);
180 if (!callout_info)
181 goto error2;
182
183 ret = -EFAULT;
184 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
185 goto error3;
186 }
187
188 /* get the destination keyring if specified */
189 dest = NULL;
190 if (destringid) {
David Howells3e301482005-06-23 22:00:56 -0700191 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700192 if (IS_ERR(dest)) {
193 ret = PTR_ERR(dest);
194 goto error3;
195 }
196 }
197
198 /* find the key type */
199 ktype = key_type_lookup(type);
200 if (IS_ERR(ktype)) {
201 ret = PTR_ERR(ktype);
202 goto error4;
203 }
204
205 /* do the search */
David Howells3e301482005-06-23 22:00:56 -0700206 key = request_key_and_link(ktype, description, callout_info, dest);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700207 if (IS_ERR(key)) {
208 ret = PTR_ERR(key);
209 goto error5;
210 }
211
Linus Torvalds1da177e2005-04-16 15:20:36 -0700212 ret = key->serial;
213
David Howells3e301482005-06-23 22:00:56 -0700214 key_put(key);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700215 error5:
216 key_type_put(ktype);
217 error4:
218 key_put(dest);
219 error3:
220 kfree(callout_info);
221 error2:
222 kfree(description);
223 error:
224 return ret;
225
226} /* end sys_request_key() */
227
228/*****************************************************************************/
229/*
230 * get the ID of the specified process keyring
231 * - the keyring must have search permission to be found
232 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
233 */
234long keyctl_get_keyring_ID(key_serial_t id, int create)
235{
236 struct key *key;
237 long ret;
238
David Howells3e301482005-06-23 22:00:56 -0700239 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700240 if (IS_ERR(key)) {
241 ret = PTR_ERR(key);
242 goto error;
243 }
244
245 ret = key->serial;
246 key_put(key);
247 error:
248 return ret;
249
250} /* end keyctl_get_keyring_ID() */
251
252/*****************************************************************************/
253/*
254 * join the session keyring
255 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
256 */
257long keyctl_join_session_keyring(const char __user *_name)
258{
259 char *name;
260 long nlen, ret;
261
262 /* fetch the name from userspace */
263 name = NULL;
264 if (_name) {
265 ret = -EFAULT;
266 nlen = strnlen_user(_name, PAGE_SIZE - 1);
267 if (nlen <= 0)
268 goto error;
269
270 ret = -EINVAL;
271 if (nlen > PAGE_SIZE - 1)
272 goto error;
273
274 ret = -ENOMEM;
275 name = kmalloc(nlen + 1, GFP_KERNEL);
276 if (!name)
277 goto error;
278
279 ret = -EFAULT;
280 if (copy_from_user(name, _name, nlen + 1) != 0)
281 goto error2;
282 }
283
284 /* join the session */
285 ret = join_session_keyring(name);
286
287 error2:
288 kfree(name);
289 error:
290 return ret;
291
292} /* end keyctl_join_session_keyring() */
293
294/*****************************************************************************/
295/*
296 * update a key's data payload
297 * - the key must be writable
298 * - implements keyctl(KEYCTL_UPDATE)
299 */
300long keyctl_update_key(key_serial_t id,
301 const void __user *_payload,
302 size_t plen)
303{
304 struct key *key;
305 void *payload;
306 long ret;
307
308 ret = -EINVAL;
309 if (plen > PAGE_SIZE)
310 goto error;
311
312 /* pull the payload in if one was supplied */
313 payload = NULL;
314 if (_payload) {
315 ret = -ENOMEM;
316 payload = kmalloc(plen, GFP_KERNEL);
317 if (!payload)
318 goto error;
319
320 ret = -EFAULT;
321 if (copy_from_user(payload, _payload, plen) != 0)
322 goto error2;
323 }
324
325 /* find the target key (which must be writable) */
David Howells3e301482005-06-23 22:00:56 -0700326 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700327 if (IS_ERR(key)) {
328 ret = PTR_ERR(key);
329 goto error2;
330 }
331
332 /* update the key */
333 ret = key_update(key, payload, plen);
334
335 key_put(key);
336 error2:
337 kfree(payload);
338 error:
339 return ret;
340
341} /* end keyctl_update_key() */
342
343/*****************************************************************************/
344/*
345 * revoke a key
346 * - the key must be writable
347 * - implements keyctl(KEYCTL_REVOKE)
348 */
349long keyctl_revoke_key(key_serial_t id)
350{
351 struct key *key;
352 long ret;
353
David Howells3e301482005-06-23 22:00:56 -0700354 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700355 if (IS_ERR(key)) {
356 ret = PTR_ERR(key);
357 goto error;
358 }
359
360 key_revoke(key);
361 ret = 0;
362
363 key_put(key);
364 error:
365 return 0;
366
367} /* end keyctl_revoke_key() */
368
369/*****************************************************************************/
370/*
371 * clear the specified process keyring
372 * - the keyring must be writable
373 * - implements keyctl(KEYCTL_CLEAR)
374 */
375long keyctl_keyring_clear(key_serial_t ringid)
376{
377 struct key *keyring;
378 long ret;
379
David Howells3e301482005-06-23 22:00:56 -0700380 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700381 if (IS_ERR(keyring)) {
382 ret = PTR_ERR(keyring);
383 goto error;
384 }
385
386 ret = keyring_clear(keyring);
387
388 key_put(keyring);
389 error:
390 return ret;
391
392} /* end keyctl_keyring_clear() */
393
394/*****************************************************************************/
395/*
396 * link a key into a keyring
397 * - the keyring must be writable
398 * - the key must be linkable
399 * - implements keyctl(KEYCTL_LINK)
400 */
401long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
402{
403 struct key *keyring, *key;
404 long ret;
405
David Howells3e301482005-06-23 22:00:56 -0700406 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700407 if (IS_ERR(keyring)) {
408 ret = PTR_ERR(keyring);
409 goto error;
410 }
411
David Howells3e301482005-06-23 22:00:56 -0700412 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700413 if (IS_ERR(key)) {
414 ret = PTR_ERR(key);
415 goto error2;
416 }
417
418 ret = key_link(keyring, key);
419
420 key_put(key);
421 error2:
422 key_put(keyring);
423 error:
424 return ret;
425
426} /* end keyctl_keyring_link() */
427
428/*****************************************************************************/
429/*
430 * unlink the first attachment of a key from a keyring
431 * - the keyring must be writable
432 * - we don't need any permissions on the key
433 * - implements keyctl(KEYCTL_UNLINK)
434 */
435long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
436{
437 struct key *keyring, *key;
438 long ret;
439
David Howells3e301482005-06-23 22:00:56 -0700440 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700441 if (IS_ERR(keyring)) {
442 ret = PTR_ERR(keyring);
443 goto error;
444 }
445
David Howells3e301482005-06-23 22:00:56 -0700446 key = lookup_user_key(NULL, id, 0, 0, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700447 if (IS_ERR(key)) {
448 ret = PTR_ERR(key);
449 goto error2;
450 }
451
452 ret = key_unlink(keyring, key);
453
454 key_put(key);
455 error2:
456 key_put(keyring);
457 error:
458 return ret;
459
460} /* end keyctl_keyring_unlink() */
461
462/*****************************************************************************/
463/*
464 * describe a user key
465 * - the key must have view permission
466 * - if there's a buffer, we place up to buflen bytes of data into it
467 * - unless there's an error, we return the amount of description available,
468 * irrespective of how much we may have copied
469 * - the description is formatted thus:
470 * type;uid;gid;perm;description<NUL>
471 * - implements keyctl(KEYCTL_DESCRIBE)
472 */
473long keyctl_describe_key(key_serial_t keyid,
474 char __user *buffer,
475 size_t buflen)
476{
David Howells3e301482005-06-23 22:00:56 -0700477 struct key *key, *instkey;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700478 char *tmpbuf;
479 long ret;
480
David Howells3e301482005-06-23 22:00:56 -0700481 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700482 if (IS_ERR(key)) {
David Howells3e301482005-06-23 22:00:56 -0700483 /* viewing a key under construction is permitted if we have the
484 * authorisation token handy */
485 if (PTR_ERR(key) == -EACCES) {
486 instkey = key_get_instantiation_authkey(keyid);
487 if (!IS_ERR(instkey)) {
488 key_put(instkey);
489 key = lookup_user_key(NULL, keyid, 0, 1, 0);
490 if (!IS_ERR(key))
491 goto okay;
492 }
493 }
494
Linus Torvalds1da177e2005-04-16 15:20:36 -0700495 ret = PTR_ERR(key);
496 goto error;
497 }
498
David Howells3e301482005-06-23 22:00:56 -0700499okay:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700500 /* calculate how much description we're going to return */
501 ret = -ENOMEM;
502 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
503 if (!tmpbuf)
504 goto error2;
505
506 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
507 "%s;%d;%d;%06x;%s",
508 key->type->name,
509 key->uid,
510 key->gid,
511 key->perm,
512 key->description ? key->description :""
513 );
514
515 /* include a NUL char at the end of the data */
516 if (ret > PAGE_SIZE - 1)
517 ret = PAGE_SIZE - 1;
518 tmpbuf[ret] = 0;
519 ret++;
520
521 /* consider returning the data */
522 if (buffer && buflen > 0) {
523 if (buflen > ret)
524 buflen = ret;
525
526 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
527 ret = -EFAULT;
528 }
529
530 kfree(tmpbuf);
531 error2:
532 key_put(key);
533 error:
534 return ret;
535
536} /* end keyctl_describe_key() */
537
538/*****************************************************************************/
539/*
540 * search the specified keyring for a matching key
541 * - the start keyring must be searchable
542 * - nested keyrings may also be searched if they are searchable
543 * - only keys with search permission may be found
544 * - if a key is found, it will be attached to the destination keyring if
545 * there's one specified
546 * - implements keyctl(KEYCTL_SEARCH)
547 */
548long keyctl_keyring_search(key_serial_t ringid,
549 const char __user *_type,
550 const char __user *_description,
551 key_serial_t destringid)
552{
553 struct key_type *ktype;
554 struct key *keyring, *key, *dest;
555 char type[32], *description;
556 long dlen, ret;
557
558 /* pull the type and description into kernel space */
559 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
560 if (ret < 0)
561 goto error;
562 type[31] = '\0';
563
564 ret = -EFAULT;
565 dlen = strnlen_user(_description, PAGE_SIZE - 1);
566 if (dlen <= 0)
567 goto error;
568
569 ret = -EINVAL;
570 if (dlen > PAGE_SIZE - 1)
571 goto error;
572
573 ret = -ENOMEM;
574 description = kmalloc(dlen + 1, GFP_KERNEL);
575 if (!description)
576 goto error;
577
578 ret = -EFAULT;
579 if (copy_from_user(description, _description, dlen + 1) != 0)
580 goto error2;
581
582 /* get the keyring at which to begin the search */
David Howells3e301482005-06-23 22:00:56 -0700583 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700584 if (IS_ERR(keyring)) {
585 ret = PTR_ERR(keyring);
586 goto error2;
587 }
588
589 /* get the destination keyring if specified */
590 dest = NULL;
591 if (destringid) {
David Howells3e301482005-06-23 22:00:56 -0700592 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700593 if (IS_ERR(dest)) {
594 ret = PTR_ERR(dest);
595 goto error3;
596 }
597 }
598
599 /* find the key type */
600 ktype = key_type_lookup(type);
601 if (IS_ERR(ktype)) {
602 ret = PTR_ERR(ktype);
603 goto error4;
604 }
605
606 /* do the search */
607 key = keyring_search(keyring, ktype, description);
608 if (IS_ERR(key)) {
609 ret = PTR_ERR(key);
610
611 /* treat lack or presence of a negative key the same */
612 if (ret == -EAGAIN)
613 ret = -ENOKEY;
614 goto error5;
615 }
616
617 /* link the resulting key to the destination keyring if we can */
618 if (dest) {
619 ret = -EACCES;
620 if (!key_permission(key, KEY_LINK))
621 goto error6;
622
623 ret = key_link(dest, key);
624 if (ret < 0)
625 goto error6;
626 }
627
628 ret = key->serial;
629
630 error6:
631 key_put(key);
632 error5:
633 key_type_put(ktype);
634 error4:
635 key_put(dest);
636 error3:
637 key_put(keyring);
638 error2:
639 kfree(description);
640 error:
641 return ret;
642
643} /* end keyctl_keyring_search() */
644
645/*****************************************************************************/
646/*
647 * see if the key we're looking at is the target key
648 */
649static int keyctl_read_key_same(const struct key *key, const void *target)
650{
651 return key == target;
652
653} /* end keyctl_read_key_same() */
654
655/*****************************************************************************/
656/*
657 * read a user key's payload
658 * - the keyring must be readable or the key must be searchable from the
659 * process's keyrings
660 * - if there's a buffer, we place up to buflen bytes of data into it
661 * - unless there's an error, we return the amount of data in the key,
662 * irrespective of how much we may have copied
663 * - implements keyctl(KEYCTL_READ)
664 */
665long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
666{
667 struct key *key, *skey;
668 long ret;
669
670 /* find the key first */
David Howells3e301482005-06-23 22:00:56 -0700671 key = lookup_user_key(NULL, keyid, 0, 0, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700672 if (!IS_ERR(key)) {
673 /* see if we can read it directly */
674 if (key_permission(key, KEY_READ))
675 goto can_read_key;
676
David Howells3e301482005-06-23 22:00:56 -0700677 /* we can't; see if it's searchable from this process's
678 * keyrings
679 * - we automatically take account of the fact that it may be
680 * dangling off an instantiation key
681 */
682 skey = search_process_keyrings(key->type, key,
683 keyctl_read_key_same, current);
684 if (!IS_ERR(skey))
685 goto can_read_key2;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700686
David Howells3e301482005-06-23 22:00:56 -0700687 ret = PTR_ERR(skey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700688 goto error2;
689 }
690
691 ret = -ENOKEY;
692 goto error;
693
694 /* the key is probably readable - now try to read it */
695 can_read_key2:
696 key_put(skey);
697 can_read_key:
698 ret = key_validate(key);
699 if (ret == 0) {
700 ret = -EOPNOTSUPP;
701 if (key->type->read) {
702 /* read the data with the semaphore held (since we
703 * might sleep) */
704 down_read(&key->sem);
705 ret = key->type->read(key, buffer, buflen);
706 up_read(&key->sem);
707 }
708 }
709
710 error2:
711 key_put(key);
712 error:
713 return ret;
714
715} /* end keyctl_read_key() */
716
717/*****************************************************************************/
718/*
719 * change the ownership of a key
720 * - the keyring owned by the changer
721 * - if the uid or gid is -1, then that parameter is not changed
722 * - implements keyctl(KEYCTL_CHOWN)
723 */
724long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
725{
726 struct key *key;
727 long ret;
728
729 ret = 0;
730 if (uid == (uid_t) -1 && gid == (gid_t) -1)
731 goto error;
732
David Howells3e301482005-06-23 22:00:56 -0700733 key = lookup_user_key(NULL, id, 1, 1, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700734 if (IS_ERR(key)) {
735 ret = PTR_ERR(key);
736 goto error;
737 }
738
739 /* make the changes with the locks held to prevent chown/chown races */
740 ret = -EACCES;
741 down_write(&key->sem);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700742
743 if (!capable(CAP_SYS_ADMIN)) {
744 /* only the sysadmin can chown a key to some other UID */
745 if (uid != (uid_t) -1 && key->uid != uid)
746 goto no_access;
747
748 /* only the sysadmin can set the key's GID to a group other
749 * than one of those that the current process subscribes to */
750 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
751 goto no_access;
752 }
753
754 /* change the UID (have to update the quotas) */
755 if (uid != (uid_t) -1 && uid != key->uid) {
756 /* don't support UID changing yet */
757 ret = -EOPNOTSUPP;
758 goto no_access;
759 }
760
761 /* change the GID */
762 if (gid != (gid_t) -1)
763 key->gid = gid;
764
765 ret = 0;
766
767 no_access:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700768 up_write(&key->sem);
769 key_put(key);
770 error:
771 return ret;
772
773} /* end keyctl_chown_key() */
774
775/*****************************************************************************/
776/*
777 * change the permission mask on a key
778 * - the keyring owned by the changer
779 * - implements keyctl(KEYCTL_SETPERM)
780 */
781long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
782{
783 struct key *key;
784 long ret;
785
786 ret = -EINVAL;
787 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
788 goto error;
789
David Howells3e301482005-06-23 22:00:56 -0700790 key = lookup_user_key(NULL, id, 1, 1, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700791 if (IS_ERR(key)) {
792 ret = PTR_ERR(key);
793 goto error;
794 }
795
David Howells76d8aea2005-06-23 22:00:49 -0700796 /* make the changes with the locks held to prevent chown/chmod races */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700797 ret = -EACCES;
798 down_write(&key->sem);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700799
David Howells76d8aea2005-06-23 22:00:49 -0700800 /* if we're not the sysadmin, we can only change a key that we own */
801 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
802 key->perm = perm;
803 ret = 0;
804 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700805
Linus Torvalds1da177e2005-04-16 15:20:36 -0700806 up_write(&key->sem);
807 key_put(key);
David Howells76d8aea2005-06-23 22:00:49 -0700808error:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700809 return ret;
810
811} /* end keyctl_setperm_key() */
812
813/*****************************************************************************/
814/*
815 * instantiate the key with the specified payload, and, if one is given, link
816 * the key into the keyring
817 */
818long keyctl_instantiate_key(key_serial_t id,
819 const void __user *_payload,
820 size_t plen,
821 key_serial_t ringid)
822{
David Howells3e301482005-06-23 22:00:56 -0700823 struct request_key_auth *rka;
824 struct key *instkey, *keyring;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700825 void *payload;
826 long ret;
827
828 ret = -EINVAL;
829 if (plen > 32767)
830 goto error;
831
832 /* pull the payload in if one was supplied */
833 payload = NULL;
834
835 if (_payload) {
836 ret = -ENOMEM;
837 payload = kmalloc(plen, GFP_KERNEL);
838 if (!payload)
839 goto error;
840
841 ret = -EFAULT;
842 if (copy_from_user(payload, _payload, plen) != 0)
843 goto error2;
844 }
845
David Howells3e301482005-06-23 22:00:56 -0700846 /* find the instantiation authorisation key */
847 instkey = key_get_instantiation_authkey(id);
848 if (IS_ERR(instkey)) {
849 ret = PTR_ERR(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700850 goto error2;
851 }
852
David Howells3e301482005-06-23 22:00:56 -0700853 rka = instkey->payload.data;
854
855 /* find the destination keyring amongst those belonging to the
856 * requesting task */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700857 keyring = NULL;
858 if (ringid) {
David Howells3e301482005-06-23 22:00:56 -0700859 keyring = lookup_user_key(rka->context, ringid, 1, 0,
860 KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700861 if (IS_ERR(keyring)) {
862 ret = PTR_ERR(keyring);
863 goto error3;
864 }
865 }
866
867 /* instantiate the key and link it into a keyring */
David Howells3e301482005-06-23 22:00:56 -0700868 ret = key_instantiate_and_link(rka->target_key, payload, plen,
869 keyring, instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700870
871 key_put(keyring);
872 error3:
David Howells3e301482005-06-23 22:00:56 -0700873 key_put(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700874 error2:
875 kfree(payload);
876 error:
877 return ret;
878
879} /* end keyctl_instantiate_key() */
880
881/*****************************************************************************/
882/*
883 * negatively instantiate the key with the given timeout (in seconds), and, if
884 * one is given, link the key into the keyring
885 */
886long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
887{
David Howells3e301482005-06-23 22:00:56 -0700888 struct request_key_auth *rka;
889 struct key *instkey, *keyring;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700890 long ret;
891
David Howells3e301482005-06-23 22:00:56 -0700892 /* find the instantiation authorisation key */
893 instkey = key_get_instantiation_authkey(id);
894 if (IS_ERR(instkey)) {
895 ret = PTR_ERR(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700896 goto error;
897 }
898
David Howells3e301482005-06-23 22:00:56 -0700899 rka = instkey->payload.data;
900
Linus Torvalds1da177e2005-04-16 15:20:36 -0700901 /* find the destination keyring if present (which must also be
902 * writable) */
903 keyring = NULL;
904 if (ringid) {
David Howells3e301482005-06-23 22:00:56 -0700905 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700906 if (IS_ERR(keyring)) {
907 ret = PTR_ERR(keyring);
908 goto error2;
909 }
910 }
911
912 /* instantiate the key and link it into a keyring */
David Howells3e301482005-06-23 22:00:56 -0700913 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700914
915 key_put(keyring);
916 error2:
David Howells3e301482005-06-23 22:00:56 -0700917 key_put(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700918 error:
919 return ret;
920
921} /* end keyctl_negate_key() */
922
923/*****************************************************************************/
924/*
David Howells3e301482005-06-23 22:00:56 -0700925 * set the default keyring in which request_key() will cache keys
926 * - return the old setting
927 */
928long keyctl_set_reqkey_keyring(int reqkey_defl)
929{
930 int ret;
931
932 switch (reqkey_defl) {
933 case KEY_REQKEY_DEFL_THREAD_KEYRING:
934 ret = install_thread_keyring(current);
935 if (ret < 0)
936 return ret;
937 goto set;
938
939 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
940 ret = install_process_keyring(current);
941 if (ret < 0)
942 return ret;
943
944 case KEY_REQKEY_DEFL_DEFAULT:
945 case KEY_REQKEY_DEFL_SESSION_KEYRING:
946 case KEY_REQKEY_DEFL_USER_KEYRING:
947 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
948 set:
949 current->jit_keyring = reqkey_defl;
950
951 case KEY_REQKEY_DEFL_NO_CHANGE:
952 return current->jit_keyring;
953
954 case KEY_REQKEY_DEFL_GROUP_KEYRING:
955 default:
956 return -EINVAL;
957 }
958
959} /* end keyctl_set_reqkey_keyring() */
960
961/*****************************************************************************/
962/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700963 * the key control system call
964 */
965asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
966 unsigned long arg4, unsigned long arg5)
967{
968 switch (option) {
969 case KEYCTL_GET_KEYRING_ID:
970 return keyctl_get_keyring_ID((key_serial_t) arg2,
971 (int) arg3);
972
973 case KEYCTL_JOIN_SESSION_KEYRING:
974 return keyctl_join_session_keyring((const char __user *) arg2);
975
976 case KEYCTL_UPDATE:
977 return keyctl_update_key((key_serial_t) arg2,
978 (const void __user *) arg3,
979 (size_t) arg4);
980
981 case KEYCTL_REVOKE:
982 return keyctl_revoke_key((key_serial_t) arg2);
983
984 case KEYCTL_DESCRIBE:
985 return keyctl_describe_key((key_serial_t) arg2,
986 (char __user *) arg3,
987 (unsigned) arg4);
988
989 case KEYCTL_CLEAR:
990 return keyctl_keyring_clear((key_serial_t) arg2);
991
992 case KEYCTL_LINK:
993 return keyctl_keyring_link((key_serial_t) arg2,
994 (key_serial_t) arg3);
995
996 case KEYCTL_UNLINK:
997 return keyctl_keyring_unlink((key_serial_t) arg2,
998 (key_serial_t) arg3);
999
1000 case KEYCTL_SEARCH:
1001 return keyctl_keyring_search((key_serial_t) arg2,
1002 (const char __user *) arg3,
1003 (const char __user *) arg4,
1004 (key_serial_t) arg5);
1005
1006 case KEYCTL_READ:
1007 return keyctl_read_key((key_serial_t) arg2,
1008 (char __user *) arg3,
1009 (size_t) arg4);
1010
1011 case KEYCTL_CHOWN:
1012 return keyctl_chown_key((key_serial_t) arg2,
1013 (uid_t) arg3,
1014 (gid_t) arg4);
1015
1016 case KEYCTL_SETPERM:
1017 return keyctl_setperm_key((key_serial_t) arg2,
1018 (key_perm_t) arg3);
1019
1020 case KEYCTL_INSTANTIATE:
1021 return keyctl_instantiate_key((key_serial_t) arg2,
1022 (const void __user *) arg3,
1023 (size_t) arg4,
1024 (key_serial_t) arg5);
1025
1026 case KEYCTL_NEGATE:
1027 return keyctl_negate_key((key_serial_t) arg2,
1028 (unsigned) arg3,
1029 (key_serial_t) arg4);
1030
David Howells3e301482005-06-23 22:00:56 -07001031 case KEYCTL_SET_REQKEY_KEYRING:
1032 return keyctl_set_reqkey_keyring(arg2);
1033
Linus Torvalds1da177e2005-04-16 15:20:36 -07001034 default:
1035 return -EOPNOTSUPP;
1036 }
1037
1038} /* end sys_keyctl() */