blob: a6516a64b297898923ca760e2e3b779880021c30 [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -07001/* keyctl.c: userspace keyctl operations
2 *
David Howells3e301482005-06-23 22:00:56 -07003 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
Linus Torvalds1da177e2005-04-16 15:20:36 -07004 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/syscalls.h>
17#include <linux/keyctl.h>
18#include <linux/fs.h>
19#include <linux/err.h>
20#include <asm/uaccess.h>
21#include "internal.h"
22
23/*****************************************************************************/
24/*
25 * extract the description of a new key from userspace and either add it as a
26 * new key to the specified keyring or update a matching key in that keyring
27 * - the keyring must be writable
28 * - returns the new key's serial number
29 * - implements add_key()
30 */
31asmlinkage long sys_add_key(const char __user *_type,
32 const char __user *_description,
33 const void __user *_payload,
34 size_t plen,
35 key_serial_t ringid)
36{
37 struct key *keyring, *key;
38 char type[32], *description;
39 void *payload;
40 long dlen, ret;
41
42 ret = -EINVAL;
43 if (plen > 32767)
44 goto error;
45
46 /* draw all the data into kernel space */
47 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
48 if (ret < 0)
49 goto error;
50 type[31] = '\0';
51
David Howells3e301482005-06-23 22:00:56 -070052 ret = -EPERM;
53 if (type[0] == '.')
54 goto error;
55
Linus Torvalds1da177e2005-04-16 15:20:36 -070056 ret = -EFAULT;
57 dlen = strnlen_user(_description, PAGE_SIZE - 1);
58 if (dlen <= 0)
59 goto error;
60
61 ret = -EINVAL;
62 if (dlen > PAGE_SIZE - 1)
63 goto error;
64
65 ret = -ENOMEM;
66 description = kmalloc(dlen + 1, GFP_KERNEL);
67 if (!description)
68 goto error;
69
70 ret = -EFAULT;
71 if (copy_from_user(description, _description, dlen + 1) != 0)
72 goto error2;
73
74 /* pull the payload in if one was supplied */
75 payload = NULL;
76
77 if (_payload) {
78 ret = -ENOMEM;
79 payload = kmalloc(plen, GFP_KERNEL);
80 if (!payload)
81 goto error2;
82
83 ret = -EFAULT;
84 if (copy_from_user(payload, _payload, plen) != 0)
85 goto error3;
86 }
87
88 /* find the target keyring (which must be writable) */
David Howells3e301482005-06-23 22:00:56 -070089 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -070090 if (IS_ERR(keyring)) {
91 ret = PTR_ERR(keyring);
92 goto error3;
93 }
94
95 /* create or update the requested key and add it to the target
96 * keyring */
97 key = key_create_or_update(keyring, type, description,
98 payload, plen, 0);
99 if (!IS_ERR(key)) {
100 ret = key->serial;
101 key_put(key);
102 }
103 else {
104 ret = PTR_ERR(key);
105 }
106
107 key_put(keyring);
108 error3:
109 kfree(payload);
110 error2:
111 kfree(description);
112 error:
113 return ret;
114
115} /* end sys_add_key() */
116
117/*****************************************************************************/
118/*
119 * search the process keyrings for a matching key
120 * - nested keyrings may also be searched if they have Search permission
121 * - if a key is found, it will be attached to the destination keyring if
122 * there's one specified
123 * - /sbin/request-key will be invoked if _callout_info is non-NULL
124 * - the _callout_info string will be passed to /sbin/request-key
125 * - if the _callout_info string is empty, it will be rendered as "-"
126 * - implements request_key()
127 */
128asmlinkage long sys_request_key(const char __user *_type,
129 const char __user *_description,
130 const char __user *_callout_info,
131 key_serial_t destringid)
132{
133 struct key_type *ktype;
134 struct key *key, *dest;
135 char type[32], *description, *callout_info;
136 long dlen, ret;
137
138 /* pull the type into kernel space */
139 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
140 if (ret < 0)
141 goto error;
142 type[31] = '\0';
143
David Howells1260f802005-08-04 11:50:01 +0100144 ret = -EPERM;
145 if (type[0] == '.')
146 goto error;
147
Linus Torvalds1da177e2005-04-16 15:20:36 -0700148 /* pull the description into kernel space */
149 ret = -EFAULT;
150 dlen = strnlen_user(_description, PAGE_SIZE - 1);
151 if (dlen <= 0)
152 goto error;
153
154 ret = -EINVAL;
155 if (dlen > PAGE_SIZE - 1)
156 goto error;
157
158 ret = -ENOMEM;
159 description = kmalloc(dlen + 1, GFP_KERNEL);
160 if (!description)
161 goto error;
162
163 ret = -EFAULT;
164 if (copy_from_user(description, _description, dlen + 1) != 0)
165 goto error2;
166
167 /* pull the callout info into kernel space */
168 callout_info = NULL;
169 if (_callout_info) {
170 ret = -EFAULT;
171 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
172 if (dlen <= 0)
173 goto error2;
174
175 ret = -EINVAL;
176 if (dlen > PAGE_SIZE - 1)
177 goto error2;
178
179 ret = -ENOMEM;
180 callout_info = kmalloc(dlen + 1, GFP_KERNEL);
181 if (!callout_info)
182 goto error2;
183
184 ret = -EFAULT;
185 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
186 goto error3;
187 }
188
189 /* get the destination keyring if specified */
190 dest = NULL;
191 if (destringid) {
David Howells3e301482005-06-23 22:00:56 -0700192 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700193 if (IS_ERR(dest)) {
194 ret = PTR_ERR(dest);
195 goto error3;
196 }
197 }
198
199 /* find the key type */
200 ktype = key_type_lookup(type);
201 if (IS_ERR(ktype)) {
202 ret = PTR_ERR(ktype);
203 goto error4;
204 }
205
206 /* do the search */
David Howells3e301482005-06-23 22:00:56 -0700207 key = request_key_and_link(ktype, description, callout_info, dest);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700208 if (IS_ERR(key)) {
209 ret = PTR_ERR(key);
210 goto error5;
211 }
212
Linus Torvalds1da177e2005-04-16 15:20:36 -0700213 ret = key->serial;
214
David Howells3e301482005-06-23 22:00:56 -0700215 key_put(key);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700216 error5:
217 key_type_put(ktype);
218 error4:
219 key_put(dest);
220 error3:
221 kfree(callout_info);
222 error2:
223 kfree(description);
224 error:
225 return ret;
226
227} /* end sys_request_key() */
228
229/*****************************************************************************/
230/*
231 * get the ID of the specified process keyring
232 * - the keyring must have search permission to be found
233 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
234 */
235long keyctl_get_keyring_ID(key_serial_t id, int create)
236{
237 struct key *key;
238 long ret;
239
David Howells3e301482005-06-23 22:00:56 -0700240 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700241 if (IS_ERR(key)) {
242 ret = PTR_ERR(key);
243 goto error;
244 }
245
246 ret = key->serial;
247 key_put(key);
248 error:
249 return ret;
250
251} /* end keyctl_get_keyring_ID() */
252
253/*****************************************************************************/
254/*
255 * join the session keyring
256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
257 */
258long keyctl_join_session_keyring(const char __user *_name)
259{
260 char *name;
261 long nlen, ret;
262
263 /* fetch the name from userspace */
264 name = NULL;
265 if (_name) {
266 ret = -EFAULT;
267 nlen = strnlen_user(_name, PAGE_SIZE - 1);
268 if (nlen <= 0)
269 goto error;
270
271 ret = -EINVAL;
272 if (nlen > PAGE_SIZE - 1)
273 goto error;
274
275 ret = -ENOMEM;
276 name = kmalloc(nlen + 1, GFP_KERNEL);
277 if (!name)
278 goto error;
279
280 ret = -EFAULT;
281 if (copy_from_user(name, _name, nlen + 1) != 0)
282 goto error2;
283 }
284
285 /* join the session */
286 ret = join_session_keyring(name);
287
288 error2:
289 kfree(name);
290 error:
291 return ret;
292
293} /* end keyctl_join_session_keyring() */
294
295/*****************************************************************************/
296/*
297 * update a key's data payload
298 * - the key must be writable
299 * - implements keyctl(KEYCTL_UPDATE)
300 */
301long keyctl_update_key(key_serial_t id,
302 const void __user *_payload,
303 size_t plen)
304{
305 struct key *key;
306 void *payload;
307 long ret;
308
309 ret = -EINVAL;
310 if (plen > PAGE_SIZE)
311 goto error;
312
313 /* pull the payload in if one was supplied */
314 payload = NULL;
315 if (_payload) {
316 ret = -ENOMEM;
317 payload = kmalloc(plen, GFP_KERNEL);
318 if (!payload)
319 goto error;
320
321 ret = -EFAULT;
322 if (copy_from_user(payload, _payload, plen) != 0)
323 goto error2;
324 }
325
326 /* find the target key (which must be writable) */
David Howells3e301482005-06-23 22:00:56 -0700327 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700328 if (IS_ERR(key)) {
329 ret = PTR_ERR(key);
330 goto error2;
331 }
332
333 /* update the key */
334 ret = key_update(key, payload, plen);
335
336 key_put(key);
337 error2:
338 kfree(payload);
339 error:
340 return ret;
341
342} /* end keyctl_update_key() */
343
344/*****************************************************************************/
345/*
346 * revoke a key
347 * - the key must be writable
348 * - implements keyctl(KEYCTL_REVOKE)
349 */
350long keyctl_revoke_key(key_serial_t id)
351{
352 struct key *key;
353 long ret;
354
David Howells3e301482005-06-23 22:00:56 -0700355 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700356 if (IS_ERR(key)) {
357 ret = PTR_ERR(key);
358 goto error;
359 }
360
361 key_revoke(key);
362 ret = 0;
363
364 key_put(key);
365 error:
David Howells1260f802005-08-04 11:50:01 +0100366 return ret;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700367
368} /* end keyctl_revoke_key() */
369
370/*****************************************************************************/
371/*
372 * clear the specified process keyring
373 * - the keyring must be writable
374 * - implements keyctl(KEYCTL_CLEAR)
375 */
376long keyctl_keyring_clear(key_serial_t ringid)
377{
378 struct key *keyring;
379 long ret;
380
David Howells3e301482005-06-23 22:00:56 -0700381 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700382 if (IS_ERR(keyring)) {
383 ret = PTR_ERR(keyring);
384 goto error;
385 }
386
387 ret = keyring_clear(keyring);
388
389 key_put(keyring);
390 error:
391 return ret;
392
393} /* end keyctl_keyring_clear() */
394
395/*****************************************************************************/
396/*
397 * link a key into a keyring
398 * - the keyring must be writable
399 * - the key must be linkable
400 * - implements keyctl(KEYCTL_LINK)
401 */
402long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
403{
404 struct key *keyring, *key;
405 long ret;
406
David Howells3e301482005-06-23 22:00:56 -0700407 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700408 if (IS_ERR(keyring)) {
409 ret = PTR_ERR(keyring);
410 goto error;
411 }
412
David Howells3e301482005-06-23 22:00:56 -0700413 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700414 if (IS_ERR(key)) {
415 ret = PTR_ERR(key);
416 goto error2;
417 }
418
419 ret = key_link(keyring, key);
420
421 key_put(key);
422 error2:
423 key_put(keyring);
424 error:
425 return ret;
426
427} /* end keyctl_keyring_link() */
428
429/*****************************************************************************/
430/*
431 * unlink the first attachment of a key from a keyring
432 * - the keyring must be writable
433 * - we don't need any permissions on the key
434 * - implements keyctl(KEYCTL_UNLINK)
435 */
436long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
437{
438 struct key *keyring, *key;
439 long ret;
440
David Howells3e301482005-06-23 22:00:56 -0700441 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700442 if (IS_ERR(keyring)) {
443 ret = PTR_ERR(keyring);
444 goto error;
445 }
446
David Howells3e301482005-06-23 22:00:56 -0700447 key = lookup_user_key(NULL, id, 0, 0, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700448 if (IS_ERR(key)) {
449 ret = PTR_ERR(key);
450 goto error2;
451 }
452
453 ret = key_unlink(keyring, key);
454
455 key_put(key);
456 error2:
457 key_put(keyring);
458 error:
459 return ret;
460
461} /* end keyctl_keyring_unlink() */
462
463/*****************************************************************************/
464/*
465 * describe a user key
466 * - the key must have view permission
467 * - if there's a buffer, we place up to buflen bytes of data into it
468 * - unless there's an error, we return the amount of description available,
469 * irrespective of how much we may have copied
470 * - the description is formatted thus:
471 * type;uid;gid;perm;description<NUL>
472 * - implements keyctl(KEYCTL_DESCRIBE)
473 */
474long keyctl_describe_key(key_serial_t keyid,
475 char __user *buffer,
476 size_t buflen)
477{
David Howells3e301482005-06-23 22:00:56 -0700478 struct key *key, *instkey;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700479 char *tmpbuf;
480 long ret;
481
David Howells3e301482005-06-23 22:00:56 -0700482 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700483 if (IS_ERR(key)) {
David Howells3e301482005-06-23 22:00:56 -0700484 /* viewing a key under construction is permitted if we have the
485 * authorisation token handy */
486 if (PTR_ERR(key) == -EACCES) {
487 instkey = key_get_instantiation_authkey(keyid);
488 if (!IS_ERR(instkey)) {
489 key_put(instkey);
490 key = lookup_user_key(NULL, keyid, 0, 1, 0);
491 if (!IS_ERR(key))
492 goto okay;
493 }
494 }
495
Linus Torvalds1da177e2005-04-16 15:20:36 -0700496 ret = PTR_ERR(key);
497 goto error;
498 }
499
David Howells3e301482005-06-23 22:00:56 -0700500okay:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700501 /* calculate how much description we're going to return */
502 ret = -ENOMEM;
503 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
504 if (!tmpbuf)
505 goto error2;
506
507 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
508 "%s;%d;%d;%06x;%s",
509 key->type->name,
510 key->uid,
511 key->gid,
512 key->perm,
513 key->description ? key->description :""
514 );
515
516 /* include a NUL char at the end of the data */
517 if (ret > PAGE_SIZE - 1)
518 ret = PAGE_SIZE - 1;
519 tmpbuf[ret] = 0;
520 ret++;
521
522 /* consider returning the data */
523 if (buffer && buflen > 0) {
524 if (buflen > ret)
525 buflen = ret;
526
527 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
528 ret = -EFAULT;
529 }
530
531 kfree(tmpbuf);
532 error2:
533 key_put(key);
534 error:
535 return ret;
536
537} /* end keyctl_describe_key() */
538
539/*****************************************************************************/
540/*
541 * search the specified keyring for a matching key
542 * - the start keyring must be searchable
543 * - nested keyrings may also be searched if they are searchable
544 * - only keys with search permission may be found
545 * - if a key is found, it will be attached to the destination keyring if
546 * there's one specified
547 * - implements keyctl(KEYCTL_SEARCH)
548 */
549long keyctl_keyring_search(key_serial_t ringid,
550 const char __user *_type,
551 const char __user *_description,
552 key_serial_t destringid)
553{
554 struct key_type *ktype;
555 struct key *keyring, *key, *dest;
556 char type[32], *description;
557 long dlen, ret;
558
559 /* pull the type and description into kernel space */
560 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
561 if (ret < 0)
562 goto error;
563 type[31] = '\0';
564
565 ret = -EFAULT;
566 dlen = strnlen_user(_description, PAGE_SIZE - 1);
567 if (dlen <= 0)
568 goto error;
569
570 ret = -EINVAL;
571 if (dlen > PAGE_SIZE - 1)
572 goto error;
573
574 ret = -ENOMEM;
575 description = kmalloc(dlen + 1, GFP_KERNEL);
576 if (!description)
577 goto error;
578
579 ret = -EFAULT;
580 if (copy_from_user(description, _description, dlen + 1) != 0)
581 goto error2;
582
583 /* get the keyring at which to begin the search */
David Howells3e301482005-06-23 22:00:56 -0700584 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700585 if (IS_ERR(keyring)) {
586 ret = PTR_ERR(keyring);
587 goto error2;
588 }
589
590 /* get the destination keyring if specified */
591 dest = NULL;
592 if (destringid) {
David Howells3e301482005-06-23 22:00:56 -0700593 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700594 if (IS_ERR(dest)) {
595 ret = PTR_ERR(dest);
596 goto error3;
597 }
598 }
599
600 /* find the key type */
601 ktype = key_type_lookup(type);
602 if (IS_ERR(ktype)) {
603 ret = PTR_ERR(ktype);
604 goto error4;
605 }
606
607 /* do the search */
608 key = keyring_search(keyring, ktype, description);
609 if (IS_ERR(key)) {
610 ret = PTR_ERR(key);
611
612 /* treat lack or presence of a negative key the same */
613 if (ret == -EAGAIN)
614 ret = -ENOKEY;
615 goto error5;
616 }
617
618 /* link the resulting key to the destination keyring if we can */
619 if (dest) {
620 ret = -EACCES;
621 if (!key_permission(key, KEY_LINK))
622 goto error6;
623
624 ret = key_link(dest, key);
625 if (ret < 0)
626 goto error6;
627 }
628
629 ret = key->serial;
630
631 error6:
632 key_put(key);
633 error5:
634 key_type_put(ktype);
635 error4:
636 key_put(dest);
637 error3:
638 key_put(keyring);
639 error2:
640 kfree(description);
641 error:
642 return ret;
643
644} /* end keyctl_keyring_search() */
645
646/*****************************************************************************/
647/*
648 * see if the key we're looking at is the target key
649 */
650static int keyctl_read_key_same(const struct key *key, const void *target)
651{
652 return key == target;
653
654} /* end keyctl_read_key_same() */
655
656/*****************************************************************************/
657/*
658 * read a user key's payload
659 * - the keyring must be readable or the key must be searchable from the
660 * process's keyrings
661 * - if there's a buffer, we place up to buflen bytes of data into it
662 * - unless there's an error, we return the amount of data in the key,
663 * irrespective of how much we may have copied
664 * - implements keyctl(KEYCTL_READ)
665 */
666long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
667{
668 struct key *key, *skey;
669 long ret;
670
671 /* find the key first */
David Howells3e301482005-06-23 22:00:56 -0700672 key = lookup_user_key(NULL, keyid, 0, 0, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700673 if (!IS_ERR(key)) {
674 /* see if we can read it directly */
675 if (key_permission(key, KEY_READ))
676 goto can_read_key;
677
David Howells3e301482005-06-23 22:00:56 -0700678 /* we can't; see if it's searchable from this process's
679 * keyrings
680 * - we automatically take account of the fact that it may be
681 * dangling off an instantiation key
682 */
683 skey = search_process_keyrings(key->type, key,
684 keyctl_read_key_same, current);
685 if (!IS_ERR(skey))
686 goto can_read_key2;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700687
David Howells3e301482005-06-23 22:00:56 -0700688 ret = PTR_ERR(skey);
David Howells1260f802005-08-04 11:50:01 +0100689 if (ret == -EAGAIN)
690 ret = -EACCES;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700691 goto error2;
692 }
693
694 ret = -ENOKEY;
695 goto error;
696
697 /* the key is probably readable - now try to read it */
698 can_read_key2:
699 key_put(skey);
700 can_read_key:
701 ret = key_validate(key);
702 if (ret == 0) {
703 ret = -EOPNOTSUPP;
704 if (key->type->read) {
705 /* read the data with the semaphore held (since we
706 * might sleep) */
707 down_read(&key->sem);
708 ret = key->type->read(key, buffer, buflen);
709 up_read(&key->sem);
710 }
711 }
712
713 error2:
714 key_put(key);
715 error:
716 return ret;
717
718} /* end keyctl_read_key() */
719
720/*****************************************************************************/
721/*
722 * change the ownership of a key
723 * - the keyring owned by the changer
724 * - if the uid or gid is -1, then that parameter is not changed
725 * - implements keyctl(KEYCTL_CHOWN)
726 */
727long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
728{
729 struct key *key;
730 long ret;
731
732 ret = 0;
733 if (uid == (uid_t) -1 && gid == (gid_t) -1)
734 goto error;
735
David Howells3e301482005-06-23 22:00:56 -0700736 key = lookup_user_key(NULL, id, 1, 1, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700737 if (IS_ERR(key)) {
738 ret = PTR_ERR(key);
739 goto error;
740 }
741
742 /* make the changes with the locks held to prevent chown/chown races */
743 ret = -EACCES;
744 down_write(&key->sem);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700745
746 if (!capable(CAP_SYS_ADMIN)) {
747 /* only the sysadmin can chown a key to some other UID */
748 if (uid != (uid_t) -1 && key->uid != uid)
749 goto no_access;
750
751 /* only the sysadmin can set the key's GID to a group other
752 * than one of those that the current process subscribes to */
753 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
754 goto no_access;
755 }
756
757 /* change the UID (have to update the quotas) */
758 if (uid != (uid_t) -1 && uid != key->uid) {
759 /* don't support UID changing yet */
760 ret = -EOPNOTSUPP;
761 goto no_access;
762 }
763
764 /* change the GID */
765 if (gid != (gid_t) -1)
766 key->gid = gid;
767
768 ret = 0;
769
770 no_access:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700771 up_write(&key->sem);
772 key_put(key);
773 error:
774 return ret;
775
776} /* end keyctl_chown_key() */
777
778/*****************************************************************************/
779/*
780 * change the permission mask on a key
781 * - the keyring owned by the changer
782 * - implements keyctl(KEYCTL_SETPERM)
783 */
784long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
785{
786 struct key *key;
787 long ret;
788
789 ret = -EINVAL;
790 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
791 goto error;
792
David Howells3e301482005-06-23 22:00:56 -0700793 key = lookup_user_key(NULL, id, 1, 1, 0);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700794 if (IS_ERR(key)) {
795 ret = PTR_ERR(key);
796 goto error;
797 }
798
David Howells76d8aea2005-06-23 22:00:49 -0700799 /* make the changes with the locks held to prevent chown/chmod races */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700800 ret = -EACCES;
801 down_write(&key->sem);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700802
David Howells76d8aea2005-06-23 22:00:49 -0700803 /* if we're not the sysadmin, we can only change a key that we own */
804 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
805 key->perm = perm;
806 ret = 0;
807 }
Linus Torvalds1da177e2005-04-16 15:20:36 -0700808
Linus Torvalds1da177e2005-04-16 15:20:36 -0700809 up_write(&key->sem);
810 key_put(key);
David Howells76d8aea2005-06-23 22:00:49 -0700811error:
Linus Torvalds1da177e2005-04-16 15:20:36 -0700812 return ret;
813
814} /* end keyctl_setperm_key() */
815
816/*****************************************************************************/
817/*
818 * instantiate the key with the specified payload, and, if one is given, link
819 * the key into the keyring
820 */
821long keyctl_instantiate_key(key_serial_t id,
822 const void __user *_payload,
823 size_t plen,
824 key_serial_t ringid)
825{
David Howells3e301482005-06-23 22:00:56 -0700826 struct request_key_auth *rka;
827 struct key *instkey, *keyring;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700828 void *payload;
829 long ret;
830
831 ret = -EINVAL;
832 if (plen > 32767)
833 goto error;
834
835 /* pull the payload in if one was supplied */
836 payload = NULL;
837
838 if (_payload) {
839 ret = -ENOMEM;
840 payload = kmalloc(plen, GFP_KERNEL);
841 if (!payload)
842 goto error;
843
844 ret = -EFAULT;
845 if (copy_from_user(payload, _payload, plen) != 0)
846 goto error2;
847 }
848
David Howells3e301482005-06-23 22:00:56 -0700849 /* find the instantiation authorisation key */
850 instkey = key_get_instantiation_authkey(id);
851 if (IS_ERR(instkey)) {
852 ret = PTR_ERR(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700853 goto error2;
854 }
855
David Howells3e301482005-06-23 22:00:56 -0700856 rka = instkey->payload.data;
857
858 /* find the destination keyring amongst those belonging to the
859 * requesting task */
Linus Torvalds1da177e2005-04-16 15:20:36 -0700860 keyring = NULL;
861 if (ringid) {
David Howells3e301482005-06-23 22:00:56 -0700862 keyring = lookup_user_key(rka->context, ringid, 1, 0,
863 KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700864 if (IS_ERR(keyring)) {
865 ret = PTR_ERR(keyring);
866 goto error3;
867 }
868 }
869
870 /* instantiate the key and link it into a keyring */
David Howells3e301482005-06-23 22:00:56 -0700871 ret = key_instantiate_and_link(rka->target_key, payload, plen,
872 keyring, instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700873
874 key_put(keyring);
875 error3:
David Howells3e301482005-06-23 22:00:56 -0700876 key_put(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700877 error2:
878 kfree(payload);
879 error:
880 return ret;
881
882} /* end keyctl_instantiate_key() */
883
884/*****************************************************************************/
885/*
886 * negatively instantiate the key with the given timeout (in seconds), and, if
887 * one is given, link the key into the keyring
888 */
889long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
890{
David Howells3e301482005-06-23 22:00:56 -0700891 struct request_key_auth *rka;
892 struct key *instkey, *keyring;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700893 long ret;
894
David Howells3e301482005-06-23 22:00:56 -0700895 /* find the instantiation authorisation key */
896 instkey = key_get_instantiation_authkey(id);
897 if (IS_ERR(instkey)) {
898 ret = PTR_ERR(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700899 goto error;
900 }
901
David Howells3e301482005-06-23 22:00:56 -0700902 rka = instkey->payload.data;
903
Linus Torvalds1da177e2005-04-16 15:20:36 -0700904 /* find the destination keyring if present (which must also be
905 * writable) */
906 keyring = NULL;
907 if (ringid) {
David Howells3e301482005-06-23 22:00:56 -0700908 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700909 if (IS_ERR(keyring)) {
910 ret = PTR_ERR(keyring);
911 goto error2;
912 }
913 }
914
915 /* instantiate the key and link it into a keyring */
David Howells3e301482005-06-23 22:00:56 -0700916 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700917
918 key_put(keyring);
919 error2:
David Howells3e301482005-06-23 22:00:56 -0700920 key_put(instkey);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700921 error:
922 return ret;
923
924} /* end keyctl_negate_key() */
925
926/*****************************************************************************/
927/*
David Howells3e301482005-06-23 22:00:56 -0700928 * set the default keyring in which request_key() will cache keys
929 * - return the old setting
930 */
931long keyctl_set_reqkey_keyring(int reqkey_defl)
932{
933 int ret;
934
935 switch (reqkey_defl) {
936 case KEY_REQKEY_DEFL_THREAD_KEYRING:
937 ret = install_thread_keyring(current);
938 if (ret < 0)
939 return ret;
940 goto set;
941
942 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
943 ret = install_process_keyring(current);
944 if (ret < 0)
945 return ret;
946
947 case KEY_REQKEY_DEFL_DEFAULT:
948 case KEY_REQKEY_DEFL_SESSION_KEYRING:
949 case KEY_REQKEY_DEFL_USER_KEYRING:
950 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
951 set:
952 current->jit_keyring = reqkey_defl;
953
954 case KEY_REQKEY_DEFL_NO_CHANGE:
955 return current->jit_keyring;
956
957 case KEY_REQKEY_DEFL_GROUP_KEYRING:
958 default:
959 return -EINVAL;
960 }
961
962} /* end keyctl_set_reqkey_keyring() */
963
964/*****************************************************************************/
965/*
Linus Torvalds1da177e2005-04-16 15:20:36 -0700966 * the key control system call
967 */
968asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
969 unsigned long arg4, unsigned long arg5)
970{
971 switch (option) {
972 case KEYCTL_GET_KEYRING_ID:
973 return keyctl_get_keyring_ID((key_serial_t) arg2,
974 (int) arg3);
975
976 case KEYCTL_JOIN_SESSION_KEYRING:
977 return keyctl_join_session_keyring((const char __user *) arg2);
978
979 case KEYCTL_UPDATE:
980 return keyctl_update_key((key_serial_t) arg2,
981 (const void __user *) arg3,
982 (size_t) arg4);
983
984 case KEYCTL_REVOKE:
985 return keyctl_revoke_key((key_serial_t) arg2);
986
987 case KEYCTL_DESCRIBE:
988 return keyctl_describe_key((key_serial_t) arg2,
989 (char __user *) arg3,
990 (unsigned) arg4);
991
992 case KEYCTL_CLEAR:
993 return keyctl_keyring_clear((key_serial_t) arg2);
994
995 case KEYCTL_LINK:
996 return keyctl_keyring_link((key_serial_t) arg2,
997 (key_serial_t) arg3);
998
999 case KEYCTL_UNLINK:
1000 return keyctl_keyring_unlink((key_serial_t) arg2,
1001 (key_serial_t) arg3);
1002
1003 case KEYCTL_SEARCH:
1004 return keyctl_keyring_search((key_serial_t) arg2,
1005 (const char __user *) arg3,
1006 (const char __user *) arg4,
1007 (key_serial_t) arg5);
1008
1009 case KEYCTL_READ:
1010 return keyctl_read_key((key_serial_t) arg2,
1011 (char __user *) arg3,
1012 (size_t) arg4);
1013
1014 case KEYCTL_CHOWN:
1015 return keyctl_chown_key((key_serial_t) arg2,
1016 (uid_t) arg3,
1017 (gid_t) arg4);
1018
1019 case KEYCTL_SETPERM:
1020 return keyctl_setperm_key((key_serial_t) arg2,
1021 (key_perm_t) arg3);
1022
1023 case KEYCTL_INSTANTIATE:
1024 return keyctl_instantiate_key((key_serial_t) arg2,
1025 (const void __user *) arg3,
1026 (size_t) arg4,
1027 (key_serial_t) arg5);
1028
1029 case KEYCTL_NEGATE:
1030 return keyctl_negate_key((key_serial_t) arg2,
1031 (unsigned) arg3,
1032 (key_serial_t) arg4);
1033
David Howells3e301482005-06-23 22:00:56 -07001034 case KEYCTL_SET_REQKEY_KEYRING:
1035 return keyctl_set_reqkey_keyring(arg2);
1036
Linus Torvalds1da177e2005-04-16 15:20:36 -07001037 default:
1038 return -EOPNOTSUPP;
1039 }
1040
1041} /* end sys_keyctl() */