]> Git Repo - linux.git/blame - security/keys/keyctl.c
projects / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
keys: Make the KEY_NEED_* perms an enum rather than a mask
[linux.git] / security / keys / keyctl.c
CommitLineData
2874c5fd 1// SPDX-License-Identifier: GPL-2.0-or-later
973c9f4f 2/* Userspace key control operations
1da177e4 3 *
3e30148c 4 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
1da177e4 5 * Written by David Howells ([email protected])
1da177e4
LT		 6 */
7
1da177e4
LT		 8#include <linux/init.h>
9#include <linux/sched.h>
29930025 10#include <linux/sched/task.h>
1da177e4
LT		 11#include <linux/slab.h>
12#include <linux/syscalls.h>
59e6b9c1 13#include <linux/key.h>
1da177e4
LT		 14#include <linux/keyctl.h>
15#include <linux/fs.h>
c59ede7b 16#include <linux/capability.h>
5b825c3a 17#include <linux/cred.h>
0cb409d9 18#include <linux/string.h>
1da177e4 19#include <linux/err.h>
38bbca6b 20#include <linux/vmalloc.h>
70a5bb72 21#include <linux/security.h>
a27bb332 22#include <linux/uio.h>
7c0f6ba6 23#include <linux/uaccess.h>
822ad64d 24#include <keys/request_key_auth-type.h>
1da177e4
LT		 25#include "internal.h"
26
aa9d4437
DH		 27#define KEY_MAX_DESC_SIZE 4096
28
b206f281 29static const unsigned char keyrings_capabilities[2] = {
45e0f30c
DH		 30 [0] = (KEYCTL_CAPS0_CAPABILITIES |
31 (IS_ENABLED(CONFIG_PERSISTENT_KEYRINGS) ? KEYCTL_CAPS0_PERSISTENT_KEYRINGS : 0) |
32 (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN : 0) |
33 (IS_ENABLED(CONFIG_ASYMMETRIC_KEY_TYPE) ? KEYCTL_CAPS0_PUBLIC_KEY : 0) |
34 (IS_ENABLED(CONFIG_BIG_KEYS) ? KEYCTL_CAPS0_BIG_KEY : 0) |
35 KEYCTL_CAPS0_INVALIDATE |
36 KEYCTL_CAPS0_RESTRICT_KEYRING |
37 KEYCTL_CAPS0_MOVE
38 ),
3b6e4de0 39 [1] = (KEYCTL_CAPS1_NS_KEYRING_NAME |
f7e47677
DH		 40 KEYCTL_CAPS1_NS_KEY_TAG |
41 (IS_ENABLED(CONFIG_KEY_NOTIFICATIONS) ? KEYCTL_CAPS1_NOTIFICATIONS : 0)
42 ),
45e0f30c
DH		 43};
44
0cb409d9
DA		 45static int key_get_type_from_user(char *type,
46 const char __user *_type,
47 unsigned len)
48{
49 int ret;
50
51 ret = strncpy_from_user(type, _type, len);
0cb409d9 52 if (ret < 0)
4303ef19 53 return ret;
0cb409d9
DA		 54 if (ret == 0 || ret >= len)
55 return -EINVAL;
54e2c2c1
DH		 56 if (type[0] == '.')
57 return -EPERM;
0cb409d9 58 type[len - 1] = '\0';
0cb409d9
DA		 59 return 0;
60}
61
1da177e4 62/*
973c9f4f
DH		 63 * Extract the description of a new key from userspace and either add it as a
64 * new key to the specified keyring or update a matching key in that keyring.
65 *
cf7f601c
DH		 66 * If the description is NULL or an empty string, the key type is asked to
67 * generate one from the payload.
68 *
973c9f4f
DH		 69 * The keyring must be writable so that we can attach the key to it.
70 *
71 * If successful, the new key's serial number is returned, otherwise an error
72 * code is returned.
1da177e4 73 */
1e7bfb21
HC		 74SYSCALL_DEFINE5(add_key, const char __user *, _type,
75 const char __user *, _description,
76 const void __user *, _payload,
77 size_t, plen,
78 key_serial_t, ringid)
1da177e4 79{
664cceb0 80 key_ref_t keyring_ref, key_ref;
1da177e4
LT		 81 char type[32], *description;
82 void *payload;
0cb409d9 83 long ret;
1da177e4
LT		 84
85 ret = -EINVAL;
38bbca6b 86 if (plen > 1024 * 1024 - 1)
1da177e4
LT		 87 goto error;
88
89 /* draw all the data into kernel space */
0cb409d9 90 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 91 if (ret < 0)
92 goto error;
1da177e4 93
cf7f601c
DH		 94 description = NULL;
95 if (_description) {
aa9d4437 96 description = strndup_user(_description, KEY_MAX_DESC_SIZE);
cf7f601c
DH		 97 if (IS_ERR(description)) {
98 ret = PTR_ERR(description);
99 goto error;
100 }
101 if (!*description) {
102 kfree(description);
103 description = NULL;
a4e3b8d7
MZ		 104 } else if ((description[0] == '.') &&
105 (strncmp(type, "keyring", 7) == 0)) {
106 ret = -EPERM;
107 goto error2;
cf7f601c 108 }
0cb409d9 109 }
1da177e4
LT		 110
111 /* pull the payload in if one was supplied */
112 payload = NULL;
113
5649645d 114 if (plen) {
1da177e4 115 ret = -ENOMEM;
752ade68
MH		 116 payload = kvmalloc(plen, GFP_KERNEL);
117 if (!payload)
118 goto error2;
1da177e4
LT		 119
120 ret = -EFAULT;
121 if (copy_from_user(payload, _payload, plen) != 0)
122 goto error3;
123 }
124
125 /* find the target keyring (which must be writable) */
f5895943 126 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
664cceb0
DH		 127 if (IS_ERR(keyring_ref)) {
128 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 129 goto error3;
130 }
131
132 /* create or update the requested key and add it to the target
133 * keyring */
664cceb0 134 key_ref = key_create_or_update(keyring_ref, type, description,
028db3e2
LT		 135 payload, plen, KEY_PERM_UNDEF,
136 KEY_ALLOC_IN_QUOTA);
664cceb0
DH		 137 if (!IS_ERR(key_ref)) {
138 ret = key_ref_to_ptr(key_ref)->serial;
139 key_ref_put(key_ref);
1da177e4
LT		 140 }
141 else {
664cceb0 142 ret = PTR_ERR(key_ref);
1da177e4
LT		 143 }
144
664cceb0 145 key_ref_put(keyring_ref);
1da177e4 146 error3:
57070c85
EB		 147 if (payload) {
148 memzero_explicit(payload, plen);
149 kvfree(payload);
150 }
1da177e4
LT		 151 error2:
152 kfree(description);
153 error:
154 return ret;
a8b17ed0 155}
1da177e4 156
1da177e4 157/*
973c9f4f
DH		 158 * Search the process keyrings and keyring trees linked from those for a
159 * matching key. Keyrings must have appropriate Search permission to be
160 * searched.
161 *
162 * If a key is found, it will be attached to the destination keyring if there's
163 * one specified and the serial number of the key will be returned.
164 *
165 * If no key is found, /sbin/request-key will be invoked if _callout_info is
166 * non-NULL in an attempt to create a key. The _callout_info string will be
167 * passed to /sbin/request-key to aid with completing the request. If the
168 * _callout_info string is "" then it will be changed to "-".
1da177e4 169 */
1e7bfb21
HC		 170SYSCALL_DEFINE4(request_key, const char __user *, _type,
171 const char __user *, _description,
172 const char __user *, _callout_info,
173 key_serial_t, destringid)
1da177e4
LT		 174{
175 struct key_type *ktype;
664cceb0
DH		 176 struct key *key;
177 key_ref_t dest_ref;
4a38e122 178 size_t callout_len;
1da177e4 179 char type[32], *description, *callout_info;
0cb409d9 180 long ret;
1da177e4
LT		 181
182 /* pull the type into kernel space */
0cb409d9 183 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 184 if (ret < 0)
185 goto error;
1260f801 186
1da177e4 187 /* pull the description into kernel space */
aa9d4437 188 description = strndup_user(_description, KEY_MAX_DESC_SIZE);
0cb409d9
DA		 189 if (IS_ERR(description)) {
190 ret = PTR_ERR(description);
1da177e4 191 goto error;
0cb409d9 192 }
1da177e4
LT		 193
194 /* pull the callout info into kernel space */
195 callout_info = NULL;
4a38e122 196 callout_len = 0;
1da177e4 197 if (_callout_info) {
0cb409d9
DA		 198 callout_info = strndup_user(_callout_info, PAGE_SIZE);
199 if (IS_ERR(callout_info)) {
200 ret = PTR_ERR(callout_info);
1da177e4 201 goto error2;
0cb409d9 202 }
4a38e122 203 callout_len = strlen(callout_info);
1da177e4
LT		 204 }
205
206 /* get the destination keyring if specified */
664cceb0 207 dest_ref = NULL;
1da177e4 208 if (destringid) {
5593122e 209 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
f5895943 210 KEY_NEED_WRITE);
664cceb0
DH		 211 if (IS_ERR(dest_ref)) {
212 ret = PTR_ERR(dest_ref);
1da177e4
LT		 213 goto error3;
214 }
215 }
216
217 /* find the key type */
218 ktype = key_type_lookup(type);
219 if (IS_ERR(ktype)) {
220 ret = PTR_ERR(ktype);
221 goto error4;
222 }
223
224 /* do the search */
a58946c1 225 key = request_key_and_link(ktype, description, NULL, callout_info,
028db3e2 226 callout_len, NULL, key_ref_to_ptr(dest_ref),
7e047ef5 227 KEY_ALLOC_IN_QUOTA);
1da177e4
LT		 228 if (IS_ERR(key)) {
229 ret = PTR_ERR(key);
230 goto error5;
231 }
232
4aab1e89
DH		 233 /* wait for the key to finish being constructed */
234 ret = wait_for_key_construction(key, 1);
235 if (ret < 0)
236 goto error6;
237
1da177e4
LT		 238 ret = key->serial;
239
4aab1e89 240error6:
3e30148c 241 key_put(key);
c5b60b5e 242error5:
1da177e4 243 key_type_put(ktype);
c5b60b5e 244error4:
664cceb0 245 key_ref_put(dest_ref);
c5b60b5e 246error3:
1da177e4 247 kfree(callout_info);
c5b60b5e 248error2:
1da177e4 249 kfree(description);
c5b60b5e 250error:
1da177e4 251 return ret;
a8b17ed0 252}
1da177e4 253
1da177e4 254/*
973c9f4f
DH		 255 * Get the ID of the specified process keyring.
256 *
257 * The requested keyring must have search permission to be found.
258 *
259 * If successful, the ID of the requested keyring will be returned.
1da177e4
LT		 260 */
261long keyctl_get_keyring_ID(key_serial_t id, int create)
262{
664cceb0 263 key_ref_t key_ref;
5593122e 264 unsigned long lflags;
1da177e4
LT		 265 long ret;
266
5593122e 267 lflags = create ? KEY_LOOKUP_CREATE : 0;
f5895943 268 key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH);
664cceb0
DH		 269 if (IS_ERR(key_ref)) {
270 ret = PTR_ERR(key_ref);
1da177e4
LT		 271 goto error;
272 }
273
664cceb0
DH		 274 ret = key_ref_to_ptr(key_ref)->serial;
275 key_ref_put(key_ref);
c5b60b5e 276error:
1da177e4 277 return ret;
973c9f4f 278}
1da177e4 279
1da177e4 280/*
973c9f4f
DH		 281 * Join a (named) session keyring.
282 *
283 * Create and join an anonymous session keyring or join a named session
284 * keyring, creating it if necessary. A named session keyring must have Search
285 * permission for it to be joined. Session keyrings without this permit will
ee8f844e
DH		 286 * be skipped over. It is not permitted for userspace to create or join
287 * keyrings whose name begin with a dot.
973c9f4f
DH		 288 *
289 * If successful, the ID of the joined session keyring will be returned.
1da177e4
LT		 290 */
291long keyctl_join_session_keyring(const char __user *_name)
292{
293 char *name;
0cb409d9 294 long ret;
1da177e4
LT		 295
296 /* fetch the name from userspace */
297 name = NULL;
298 if (_name) {
aa9d4437 299 name = strndup_user(_name, KEY_MAX_DESC_SIZE);
0cb409d9
DA		 300 if (IS_ERR(name)) {
301 ret = PTR_ERR(name);
1da177e4 302 goto error;
0cb409d9 303 }
ee8f844e
DH		 304
305 ret = -EPERM;
306 if (name[0] == '.')
307 goto error_name;
1da177e4
LT		 308 }
309
310 /* join the session */
311 ret = join_session_keyring(name);
ee8f844e 312error_name:
0d54ee1c 313 kfree(name);
c5b60b5e 314error:
1da177e4 315 return ret;
a8b17ed0 316}
1da177e4 317
1da177e4 318/*
973c9f4f
DH		 319 * Update a key's data payload from the given data.
320 *
321 * The key must grant the caller Write permission and the key type must support
322 * updating for this to work. A negative key can be positively instantiated
323 * with this call.
324 *
325 * If successful, 0 will be returned. If the key type does not support
326 * updating, then -EOPNOTSUPP will be returned.
1da177e4
LT		 327 */
328long keyctl_update_key(key_serial_t id,
329 const void __user *_payload,
330 size_t plen)
331{
664cceb0 332 key_ref_t key_ref;
1da177e4
LT		 333 void *payload;
334 long ret;
335
336 ret = -EINVAL;
337 if (plen > PAGE_SIZE)
338 goto error;
339
340 /* pull the payload in if one was supplied */
341 payload = NULL;
5649645d 342 if (plen) {
1da177e4 343 ret = -ENOMEM;
4f088249 344 payload = kvmalloc(plen, GFP_KERNEL);
1da177e4
LT		 345 if (!payload)
346 goto error;
347
348 ret = -EFAULT;
349 if (copy_from_user(payload, _payload, plen) != 0)
350 goto error2;
351 }
352
353 /* find the target key (which must be writable) */
f5895943 354 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
664cceb0
DH		 355 if (IS_ERR(key_ref)) {
356 ret = PTR_ERR(key_ref);
1da177e4
LT		 357 goto error2;
358 }
359
360 /* update the key */
664cceb0 361 ret = key_update(key_ref, payload, plen);
1da177e4 362
664cceb0 363 key_ref_put(key_ref);
c5b60b5e 364error2:
4f088249 365 __kvzfree(payload, plen);
c5b60b5e 366error:
1da177e4 367 return ret;
a8b17ed0 368}
1da177e4 369
1da177e4 370/*
973c9f4f
DH		 371 * Revoke a key.
372 *
373 * The key must be grant the caller Write or Setattr permission for this to
374 * work. The key type should give up its quota claim when revoked. The key
375 * and any links to the key will be automatically garbage collected after a
376 * certain amount of time (/proc/sys/kernel/keys/gc_delay).
377 *
d3600bcf
MZ		 378 * Keys with KEY_FLAG_KEEP set should not be revoked.
379 *
973c9f4f 380 * If successful, 0 is returned.
1da177e4
LT		 381 */
382long keyctl_revoke_key(key_serial_t id)
383{
664cceb0 384 key_ref_t key_ref;
d3600bcf 385 struct key *key;
1da177e4
LT		 386 long ret;
387
028db3e2 388 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
664cceb0
DH		 389 if (IS_ERR(key_ref)) {
390 ret = PTR_ERR(key_ref);
028db3e2
LT		 391 if (ret != -EACCES)
392 goto error;
393 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
394 if (IS_ERR(key_ref)) {
395 ret = PTR_ERR(key_ref);
396 goto error;
397 }
1da177e4
LT		 398 }
399
d3600bcf 400 key = key_ref_to_ptr(key_ref);
1da177e4 401 ret = 0;
d3600bcf 402 if (test_bit(KEY_FLAG_KEEP, &key->flags))
1d6d167c
MZ		 403 ret = -EPERM;
404 else
d3600bcf 405 key_revoke(key);
1da177e4 406
664cceb0 407 key_ref_put(key_ref);
c5b60b5e 408error:
1260f801 409 return ret;
a8b17ed0 410}
1da177e4 411
fd75815f
DH		 412/*
413 * Invalidate a key.
414 *
415 * The key must be grant the caller Invalidate permission for this to work.
416 * The key and any links to the key will be automatically garbage collected
417 * immediately.
418 *
d3600bcf
MZ		 419 * Keys with KEY_FLAG_KEEP set should not be invalidated.
420 *
fd75815f
DH		 421 * If successful, 0 is returned.
422 */
423long keyctl_invalidate_key(key_serial_t id)
424{
425 key_ref_t key_ref;
d3600bcf 426 struct key *key;
fd75815f
DH		 427 long ret;
428
429 kenter("%d", id);
430
028db3e2 431 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
fd75815f
DH		 432 if (IS_ERR(key_ref)) {
433 ret = PTR_ERR(key_ref);
0c7774ab
DH		 434
435 /* Root is permitted to invalidate certain special keys */
436 if (capable(CAP_SYS_ADMIN)) {
8c0637e9 437 key_ref = lookup_user_key(id, 0, KEY_SYSADMIN_OVERRIDE);
0c7774ab
DH		 438 if (IS_ERR(key_ref))
439 goto error;
440 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
441 &key_ref_to_ptr(key_ref)->flags))
442 goto invalidate;
443 goto error_put;
444 }
445
fd75815f
DH		 446 goto error;
447 }
448
0c7774ab 449invalidate:
d3600bcf 450 key = key_ref_to_ptr(key_ref);
fd75815f 451 ret = 0;
d3600bcf
MZ		 452 if (test_bit(KEY_FLAG_KEEP, &key->flags))
453 ret = -EPERM;
1d6d167c 454 else
d3600bcf 455 key_invalidate(key);
0c7774ab 456error_put:
fd75815f
DH		 457 key_ref_put(key_ref);
458error:
459 kleave(" = %ld", ret);
460 return ret;
461}
462
1da177e4 463/*
973c9f4f
DH		 464 * Clear the specified keyring, creating an empty process keyring if one of the
465 * special keyring IDs is used.
466 *
d3600bcf
MZ		 467 * The keyring must grant the caller Write permission and not have
468 * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
1da177e4
LT		 469 */
470long keyctl_keyring_clear(key_serial_t ringid)
471{
664cceb0 472 key_ref_t keyring_ref;
d3600bcf 473 struct key *keyring;
1da177e4
LT		 474 long ret;
475
028db3e2 476 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
664cceb0
DH		 477 if (IS_ERR(keyring_ref)) {
478 ret = PTR_ERR(keyring_ref);
700920eb
DH		 479
480 /* Root is permitted to invalidate certain special keyrings */
481 if (capable(CAP_SYS_ADMIN)) {
8c0637e9
DH		 482 keyring_ref = lookup_user_key(ringid, 0,
483 KEY_SYSADMIN_OVERRIDE);
700920eb
DH		 484 if (IS_ERR(keyring_ref))
485 goto error;
486 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR,
487 &key_ref_to_ptr(keyring_ref)->flags))
488 goto clear;
489 goto error_put;
490 }
491
1da177e4
LT		 492 goto error;
493 }
494
700920eb 495clear:
d3600bcf
MZ		 496 keyring = key_ref_to_ptr(keyring_ref);
497 if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
498 ret = -EPERM;
499 else
500 ret = keyring_clear(keyring);
700920eb 501error_put:
664cceb0 502 key_ref_put(keyring_ref);
c5b60b5e 503error:
1da177e4 504 return ret;
a8b17ed0 505}
1da177e4 506
1da177e4 507/*
973c9f4f
DH		 508 * Create a link from a keyring to a key if there's no matching key in the
509 * keyring, otherwise replace the link to the matching key with a link to the
510 * new key.
511 *
512 * The key must grant the caller Link permission and the the keyring must grant
513 * the caller Write permission. Furthermore, if an additional link is created,
514 * the keyring's quota will be extended.
515 *
516 * If successful, 0 will be returned.
1da177e4
LT		 517 */
518long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
519{
664cceb0 520 key_ref_t keyring_ref, key_ref;
1da177e4
LT		 521 long ret;
522
f5895943 523 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
664cceb0
DH		 524 if (IS_ERR(keyring_ref)) {
525 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 526 goto error;
527 }
528
f5895943 529 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
664cceb0
DH		 530 if (IS_ERR(key_ref)) {
531 ret = PTR_ERR(key_ref);
1da177e4
LT		 532 goto error2;
533 }
534
664cceb0 535 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
1da177e4 536
664cceb0 537 key_ref_put(key_ref);
c5b60b5e 538error2:
664cceb0 539 key_ref_put(keyring_ref);
c5b60b5e 540error:
1da177e4 541 return ret;
a8b17ed0 542}
1da177e4 543
1da177e4 544/*
973c9f4f
DH		 545 * Unlink a key from a keyring.
546 *
547 * The keyring must grant the caller Write permission for this to work; the key
548 * itself need not grant the caller anything. If the last link to a key is
549 * removed then that key will be scheduled for destruction.
550 *
d3600bcf
MZ		 551 * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
552 *
973c9f4f 553 * If successful, 0 will be returned.
1da177e4
LT		 554 */
555long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
556{
664cceb0 557 key_ref_t keyring_ref, key_ref;
d3600bcf 558 struct key *keyring, *key;
1da177e4
LT		 559 long ret;
560
f5895943 561 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
664cceb0
DH		 562 if (IS_ERR(keyring_ref)) {
563 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 564 goto error;
565 }
566
8c0637e9 567 key_ref = lookup_user_key(id, KEY_LOOKUP_PARTIAL, KEY_NEED_UNLINK);
664cceb0
DH		 568 if (IS_ERR(key_ref)) {
569 ret = PTR_ERR(key_ref);
1da177e4
LT		 570 goto error2;
571 }
572
d3600bcf
MZ		 573 keyring = key_ref_to_ptr(keyring_ref);
574 key = key_ref_to_ptr(key_ref);
575 if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
576 test_bit(KEY_FLAG_KEEP, &key->flags))
577 ret = -EPERM;
578 else
579 ret = key_unlink(keyring, key);
1da177e4 580
664cceb0 581 key_ref_put(key_ref);
c5b60b5e 582error2:
664cceb0 583 key_ref_put(keyring_ref);
c5b60b5e 584error:
1da177e4 585 return ret;
a8b17ed0 586}
1da177e4 587
ed0ac5c7
DH		 588/*
589 * Move a link to a key from one keyring to another, displacing any matching
590 * key from the destination keyring.
591 *
592 * The key must grant the caller Link permission and both keyrings must grant
593 * the caller Write permission. There must also be a link in the from keyring
594 * to the key. If both keyrings are the same, nothing is done.
595 *
596 * If successful, 0 will be returned.
597 */
598long keyctl_keyring_move(key_serial_t id, key_serial_t from_ringid,
599 key_serial_t to_ringid, unsigned int flags)
600{
601 key_ref_t key_ref, from_ref, to_ref;
602 long ret;
603
604 if (flags & ~KEYCTL_MOVE_EXCL)
605 return -EINVAL;
606
607 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
608 if (IS_ERR(key_ref))
609 return PTR_ERR(key_ref);
610
611 from_ref = lookup_user_key(from_ringid, 0, KEY_NEED_WRITE);
612 if (IS_ERR(from_ref)) {
613 ret = PTR_ERR(from_ref);
614 goto error2;
615 }
616
617 to_ref = lookup_user_key(to_ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
618 if (IS_ERR(to_ref)) {
619 ret = PTR_ERR(to_ref);
620 goto error3;
621 }
622
623 ret = key_move(key_ref_to_ptr(key_ref), key_ref_to_ptr(from_ref),
624 key_ref_to_ptr(to_ref), flags);
625
626 key_ref_put(to_ref);
627error3:
628 key_ref_put(from_ref);
629error2:
630 key_ref_put(key_ref);
631 return ret;
632}
633
1da177e4 634/*
973c9f4f
DH		 635 * Return a description of a key to userspace.
636 *
637 * The key must grant the caller View permission for this to work.
638 *
639 * If there's a buffer, we place up to buflen bytes of data into it formatted
640 * in the following way:
641 *
1da177e4 642 * type;uid;gid;perm;description<NUL>
973c9f4f
DH		 643 *
644 * If successful, we return the amount of description available, irrespective
645 * of how much we may have copied into the buffer.
1da177e4
LT		 646 */
647long keyctl_describe_key(key_serial_t keyid,
648 char __user *buffer,
649 size_t buflen)
650{
3e30148c 651 struct key *key, *instkey;
664cceb0 652 key_ref_t key_ref;
aa9d4437 653 char *infobuf;
1da177e4 654 long ret;
aa9d4437 655 int desclen, infolen;
1da177e4 656
f5895943 657 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
664cceb0 658 if (IS_ERR(key_ref)) {
3e30148c
DH		 659 /* viewing a key under construction is permitted if we have the
660 * authorisation token handy */
664cceb0 661 if (PTR_ERR(key_ref) == -EACCES) {
3e30148c
DH		 662 instkey = key_get_instantiation_authkey(keyid);
663 if (!IS_ERR(instkey)) {
664 key_put(instkey);
8bbf4976 665 key_ref = lookup_user_key(keyid,
5593122e 666 KEY_LOOKUP_PARTIAL,
8c0637e9 667 KEY_AUTHTOKEN_OVERRIDE);
664cceb0 668 if (!IS_ERR(key_ref))
3e30148c
DH		 669 goto okay;
670 }
671 }
672
664cceb0 673 ret = PTR_ERR(key_ref);
1da177e4
LT		 674 goto error;
675 }
676
3e30148c 677okay:
664cceb0 678 key = key_ref_to_ptr(key_ref);
aa9d4437 679 desclen = strlen(key->description);
664cceb0 680
aa9d4437
DH		 681 /* calculate how much information we're going to return */
682 ret = -ENOMEM;
683 infobuf = kasprintf(GFP_KERNEL,
684 "%s;%d;%d;%08x;",
685 key->type->name,
686 from_kuid_munged(current_user_ns(), key->uid),
687 from_kgid_munged(current_user_ns(), key->gid),
028db3e2 688 key->perm);
aa9d4437
DH		 689 if (!infobuf)
690 goto error2;
691 infolen = strlen(infobuf);
692 ret = infolen + desclen + 1;
1da177e4
LT		 693
694 /* consider returning the data */
aa9d4437
DH		 695 if (buffer && buflen >= ret) {
696 if (copy_to_user(buffer, infobuf, infolen) != 0 ||
697 copy_to_user(buffer + infolen, key->description,
698 desclen + 1) != 0)
1da177e4
LT		 699 ret = -EFAULT;
700 }
701
aa9d4437 702 kfree(infobuf);
c5b60b5e 703error2:
664cceb0 704 key_ref_put(key_ref);
c5b60b5e 705error:
1da177e4 706 return ret;
a8b17ed0 707}
1da177e4 708
1da177e4 709/*
973c9f4f
DH		 710 * Search the specified keyring and any keyrings it links to for a matching
711 * key. Only keyrings that grant the caller Search permission will be searched
712 * (this includes the starting keyring). Only keys with Search permission can
713 * be found.
714 *
715 * If successful, the found key will be linked to the destination keyring if
716 * supplied and the key has Link permission, and the found key ID will be
717 * returned.
1da177e4
LT		 718 */
719long keyctl_keyring_search(key_serial_t ringid,
720 const char __user *_type,
721 const char __user *_description,
722 key_serial_t destringid)
723{
724 struct key_type *ktype;
664cceb0 725 key_ref_t keyring_ref, key_ref, dest_ref;
1da177e4 726 char type[32], *description;
0cb409d9 727 long ret;
1da177e4
LT		 728
729 /* pull the type and description into kernel space */
0cb409d9 730 ret = key_get_type_from_user(type, _type, sizeof(type));
1da177e4
LT		 731 if (ret < 0)
732 goto error;
1da177e4 733
aa9d4437 734 description = strndup_user(_description, KEY_MAX_DESC_SIZE);
0cb409d9
DA		 735 if (IS_ERR(description)) {
736 ret = PTR_ERR(description);
1da177e4 737 goto error;
0cb409d9 738 }
1da177e4
LT		 739
740 /* get the keyring at which to begin the search */
f5895943 741 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH);
664cceb0
DH		 742 if (IS_ERR(keyring_ref)) {
743 ret = PTR_ERR(keyring_ref);
1da177e4
LT		 744 goto error2;
745 }
746
747 /* get the destination keyring if specified */
664cceb0 748 dest_ref = NULL;
1da177e4 749 if (destringid) {
5593122e 750 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
f5895943 751 KEY_NEED_WRITE);
664cceb0
DH		 752 if (IS_ERR(dest_ref)) {
753 ret = PTR_ERR(dest_ref);
1da177e4
LT		 754 goto error3;
755 }
756 }
757
758 /* find the key type */
759 ktype = key_type_lookup(type);
760 if (IS_ERR(ktype)) {
761 ret = PTR_ERR(ktype);
762 goto error4;
763 }
764
765 /* do the search */
dcf49dbc 766 key_ref = keyring_search(keyring_ref, ktype, description, true);
664cceb0
DH		 767 if (IS_ERR(key_ref)) {
768 ret = PTR_ERR(key_ref);
1da177e4
LT		 769
770 /* treat lack or presence of a negative key the same */
771 if (ret == -EAGAIN)
772 ret = -ENOKEY;
773 goto error5;
774 }
775
776 /* link the resulting key to the destination keyring if we can */
664cceb0 777 if (dest_ref) {
f5895943 778 ret = key_permission(key_ref, KEY_NEED_LINK);
29db9190 779 if (ret < 0)
1da177e4
LT		 780 goto error6;
781
664cceb0 782 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));
1da177e4
LT		 783 if (ret < 0)
784 goto error6;
785 }
786
664cceb0 787 ret = key_ref_to_ptr(key_ref)->serial;
1da177e4 788
c5b60b5e 789error6:
664cceb0 790 key_ref_put(key_ref);
c5b60b5e 791error5:
1da177e4 792 key_type_put(ktype);
c5b60b5e 793error4:
664cceb0 794 key_ref_put(dest_ref);
c5b60b5e 795error3:
664cceb0 796 key_ref_put(keyring_ref);
c5b60b5e 797error2:
1da177e4 798 kfree(description);
c5b60b5e 799error:
1da177e4 800 return ret;
a8b17ed0 801}
1da177e4 802
d3ec10aa
WL		 803/*
804 * Call the read method
805 */
806static long __keyctl_read_key(struct key *key, char *buffer, size_t buflen)
807{
808 long ret;
809
810 down_read(&key->sem);
811 ret = key_validate(key);
812 if (ret == 0)
813 ret = key->type->read(key, buffer, buflen);
814 up_read(&key->sem);
815 return ret;
816}
817
1da177e4 818/*
973c9f4f
DH		 819 * Read a key's payload.
820 *
821 * The key must either grant the caller Read permission, or it must grant the
822 * caller Search permission when searched for from the process keyrings.
823 *
824 * If successful, we place up to buflen bytes of data into the buffer, if one
825 * is provided, and return the amount of data that is available in the key,
826 * irrespective of how much we copied into the buffer.
1da177e4
LT		 827 */
828long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
829{
664cceb0
DH		 830 struct key *key;
831 key_ref_t key_ref;
1da177e4 832 long ret;
4f088249
WL		 833 char *key_data = NULL;
834 size_t key_data_len;
1da177e4
LT		 835
836 /* find the key first */
8c0637e9 837 key_ref = lookup_user_key(keyid, 0, KEY_DEFER_PERM_CHECK);
664cceb0
DH		 838 if (IS_ERR(key_ref)) {
839 ret = -ENOKEY;
d3ec10aa 840 goto out;
1da177e4
LT		 841 }
842
664cceb0
DH		 843 key = key_ref_to_ptr(key_ref);
844
363b02da
DH		 845 ret = key_read_state(key);
846 if (ret < 0)
d3ec10aa 847 goto key_put_out; /* Negatively instantiated */
37863c43 848
664cceb0 849 /* see if we can read it directly */
f5895943 850 ret = key_permission(key_ref, KEY_NEED_READ);
29db9190 851 if (ret == 0)
664cceb0 852 goto can_read_key;
29db9190 853 if (ret != -EACCES)
d3ec10aa 854 goto key_put_out;
664cceb0
DH		 855
856 /* we can't; see if it's searchable from this process's keyrings
857 * - we automatically take account of the fact that it may be
858 * dangling off an instantiation key
859 */
860 if (!is_key_possessed(key_ref)) {
861 ret = -EACCES;
d3ec10aa 862 goto key_put_out;
664cceb0 863 }
1da177e4
LT		 864
865 /* the key is probably readable - now try to read it */
c5b60b5e 866can_read_key:
d3ec10aa
WL		 867 if (!key->type->read) {
868 ret = -EOPNOTSUPP;
869 goto key_put_out;
1da177e4
LT		 870 }
871
d3ec10aa
WL		 872 if (!buffer || !buflen) {
873 /* Get the key length from the read method */
874 ret = __keyctl_read_key(key, NULL, 0);
875 goto key_put_out;
876 }
877
878 /*
879 * Read the data with the semaphore held (since we might sleep)
880 * to protect against the key being updated or revoked.
881 *
882 * Allocating a temporary buffer to hold the keys before
883 * transferring them to user buffer to avoid potential
884 * deadlock involving page fault and mmap_sem.
4f088249
WL		 885 *
886 * key_data_len = (buflen <= PAGE_SIZE)
887 * ? buflen : actual length of key data
888 *
889 * This prevents allocating arbitrary large buffer which can
890 * be much larger than the actual key length. In the latter case,
891 * at least 2 passes of this loop is required.
d3ec10aa 892 */
4f088249
WL		 893 key_data_len = (buflen <= PAGE_SIZE) ? buflen : 0;
894 for (;;) {
895 if (key_data_len) {
896 key_data = kvmalloc(key_data_len, GFP_KERNEL);
897 if (!key_data) {
898 ret = -ENOMEM;
899 goto key_put_out;
900 }
901 }
d3ec10aa 902
4f088249
WL		 903 ret = __keyctl_read_key(key, key_data, key_data_len);
904
905 /*
906 * Read methods will just return the required length without
907 * any copying if the provided length isn't large enough.
b4a1b4f5 908 */
4f088249
WL		 909 if (ret <= 0 || ret > buflen)
910 break;
911
912 /*
913 * The key may change (unlikely) in between 2 consecutive
914 * __keyctl_read_key() calls. In this case, we reallocate
915 * a larger buffer and redo the key read when
916 * key_data_len < ret <= buflen.
917 */
918 if (ret > key_data_len) {
919 if (unlikely(key_data))
920 __kvzfree(key_data, key_data_len);
921 key_data_len = ret;
922 continue; /* Allocate buffer */
923 }
d3ec10aa 924
d3ec10aa
WL		 925 if (copy_to_user(buffer, key_data, ret))
926 ret = -EFAULT;
4f088249 927 break;
1da177e4 928 }
4f088249 929 __kvzfree(key_data, key_data_len);
1da177e4 930
d3ec10aa 931key_put_out:
1da177e4 932 key_put(key);
d3ec10aa 933out:
1da177e4 934 return ret;
a8b17ed0 935}
1da177e4 936
1da177e4 937/*
973c9f4f
DH		 938 * Change the ownership of a key
939 *
940 * The key must grant the caller Setattr permission for this to work, though
941 * the key need not be fully instantiated yet. For the UID to be changed, or
942 * for the GID to be changed to a group the caller is not a member of, the
943 * caller must have sysadmin capability. If either uid or gid is -1 then that
944 * attribute is not changed.
945 *
946 * If the UID is to be changed, the new user must have sufficient quota to
947 * accept the key. The quota deduction will be removed from the old user to
948 * the new user should the attribute be changed.
949 *
950 * If successful, 0 will be returned.
1da177e4 951 */
9a56c2db 952long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
1da177e4 953{
5801649d 954 struct key_user *newowner, *zapowner = NULL;
1da177e4 955 struct key *key;
664cceb0 956 key_ref_t key_ref;
1da177e4 957 long ret;
9a56c2db
EB		 958 kuid_t uid;
959 kgid_t gid;
960
961 uid = make_kuid(current_user_ns(), user);
962 gid = make_kgid(current_user_ns(), group);
963 ret = -EINVAL;
964 if ((user != (uid_t) -1) && !uid_valid(uid))
965 goto error;
966 if ((group != (gid_t) -1) && !gid_valid(gid))
967 goto error;
1da177e4
LT		 968
969 ret = 0;
9a56c2db 970 if (user == (uid_t) -1 && group == (gid_t) -1)
1da177e4
LT		 971 goto error;
972
5593122e 973 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
028db3e2 974 KEY_NEED_SETATTR);
664cceb0
DH		 975 if (IS_ERR(key_ref)) {
976 ret = PTR_ERR(key_ref);
1da177e4
LT		 977 goto error;
978 }
979
664cceb0
DH		 980 key = key_ref_to_ptr(key_ref);
981
1da177e4
LT		 982 /* make the changes with the locks held to prevent chown/chown races */
983 ret = -EACCES;
984 down_write(&key->sem);
1da177e4
LT		 985
986 if (!capable(CAP_SYS_ADMIN)) {
987 /* only the sysadmin can chown a key to some other UID */
9a56c2db 988 if (user != (uid_t) -1 && !uid_eq(key->uid, uid))
5801649d 989 goto error_put;
1da177e4
LT		 990
991 /* only the sysadmin can set the key's GID to a group other
992 * than one of those that the current process subscribes to */
9a56c2db 993 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid))
5801649d 994 goto error_put;
1da177e4
LT		 995 }
996
5801649d 997 /* change the UID */
9a56c2db 998 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) {
5801649d 999 ret = -ENOMEM;
9a56c2db 1000 newowner = key_user_lookup(uid);
5801649d
FT		 1001 if (!newowner)
1002 goto error_put;
1003
1004 /* transfer the quota burden to the new user */
1005 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
9a56c2db 1006 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
0b77f5bf 1007 key_quota_root_maxkeys : key_quota_maxkeys;
9a56c2db 1008 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
0b77f5bf
DH		 1009 key_quota_root_maxbytes : key_quota_maxbytes;
1010
5801649d 1011 spin_lock(&newowner->lock);
2e356101
YX		 1012 if (newowner->qnkeys + 1 > maxkeys ||
1013 newowner->qnbytes + key->quotalen > maxbytes ||
0b77f5bf
DH		 1014 newowner->qnbytes + key->quotalen <
1015 newowner->qnbytes)
5801649d
FT		 1016 goto quota_overrun;
1017
1018 newowner->qnkeys++;
1019 newowner->qnbytes += key->quotalen;
1020 spin_unlock(&newowner->lock);
1021
1022 spin_lock(&key->user->lock);
1023 key->user->qnkeys--;
1024 key->user->qnbytes -= key->quotalen;
1025 spin_unlock(&key->user->lock);
1026 }
1027
1028 atomic_dec(&key->user->nkeys);
1029 atomic_inc(&newowner->nkeys);
1030
363b02da 1031 if (key->state != KEY_IS_UNINSTANTIATED) {
5801649d
FT		 1032 atomic_dec(&key->user->nikeys);
1033 atomic_inc(&newowner->nikeys);
1034 }
1035
1036 zapowner = key->user;
1037 key->user = newowner;
1038 key->uid = uid;
1da177e4
LT		 1039 }
1040
1041 /* change the GID */
9a56c2db 1042 if (group != (gid_t) -1)
1da177e4
LT		 1043 key->gid = gid;
1044
f7e47677 1045 notify_key(key, NOTIFY_KEY_SETATTR, 0);
1da177e4
LT		 1046 ret = 0;
1047
5801649d 1048error_put:
1da177e4
LT		 1049 up_write(&key->sem);
1050 key_put(key);
5801649d
FT		 1051 if (zapowner)
1052 key_user_put(zapowner);
1053error:
1da177e4
LT		 1054 return ret;
1055
5801649d
FT		 1056quota_overrun:
1057 spin_unlock(&newowner->lock);
1058 zapowner = newowner;
1059 ret = -EDQUOT;
1060 goto error_put;
a8b17ed0 1061}
5801649d 1062
1da177e4 1063/*
973c9f4f
DH		 1064 * Change the permission mask on a key.
1065 *
1066 * The key must grant the caller Setattr permission for this to work, though
1067 * the key need not be fully instantiated yet. If the caller does not have
1068 * sysadmin capability, it may only change the permission on keys that it owns.
1da177e4 1069 */
028db3e2 1070long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
1da177e4
LT		 1071{
1072 struct key *key;
664cceb0 1073 key_ref_t key_ref;
1da177e4
LT		 1074 long ret;
1075
028db3e2 1076 ret = -EINVAL;
664cceb0 1077 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
028db3e2 1078 goto error;
1da177e4 1079
5593122e 1080 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
028db3e2 1081 KEY_NEED_SETATTR);
664cceb0
DH		 1082 if (IS_ERR(key_ref)) {
1083 ret = PTR_ERR(key_ref);
1da177e4
LT		 1084 goto error;
1085 }
1086
664cceb0
DH		 1087 key = key_ref_to_ptr(key_ref);
1088
028db3e2
LT		 1089 /* make the changes with the locks held to prevent chown/chmod races */
1090 ret = -EACCES;
1091 down_write(&key->sem);
1da177e4 1092
028db3e2
LT		 1093 /* if we're not the sysadmin, we can only change a key that we own */
1094 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) {
1095 key->perm = perm;
f7e47677 1096 notify_key(key, NOTIFY_KEY_SETATTR, 0);
028db3e2 1097 ret = 0;
76d8aeab 1098 }
1da177e4 1099
1da177e4
LT		 1100 up_write(&key->sem);
1101 key_put(key);
76d8aeab 1102error:
1da177e4 1103 return ret;
a8b17ed0 1104}
1da177e4 1105
8bbf4976 1106/*
973c9f4f
DH		 1107 * Get the destination keyring for instantiation and check that the caller has
1108 * Write permission on it.
8bbf4976
DH		 1109 */
1110static long get_instantiation_keyring(key_serial_t ringid,
1111 struct request_key_auth *rka,
1112 struct key **_dest_keyring)
1113{
1114 key_ref_t dkref;
1115
eca1bf5b
DH		 1116 *_dest_keyring = NULL;
1117
8bbf4976 1118 /* just return a NULL pointer if we weren't asked to make a link */
eca1bf5b 1119 if (ringid == 0)
8bbf4976 1120 return 0;
8bbf4976
DH		 1121
1122 /* if a specific keyring is nominated by ID, then use that */
1123 if (ringid > 0) {
f5895943 1124 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
8bbf4976
DH		 1125 if (IS_ERR(dkref))
1126 return PTR_ERR(dkref);
1127 *_dest_keyring = key_ref_to_ptr(dkref);
1128 return 0;
1129 }
1130
1131 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY)
1132 return -EINVAL;
1133
1134 /* otherwise specify the destination keyring recorded in the
1135 * authorisation key (any KEY_SPEC_*_KEYRING) */
1136 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) {
21279cfa 1137 *_dest_keyring = key_get(rka->dest_keyring);
8bbf4976
DH		 1138 return 0;
1139 }
1140
1141 return -ENOKEY;
1142}
1143
d84f4f99 1144/*
973c9f4f 1145 * Change the request_key authorisation key on the current process.
d84f4f99
DH		 1146 */
1147static int keyctl_change_reqkey_auth(struct key *key)
1148{
1149 struct cred *new;
1150
1151 new = prepare_creds();
1152 if (!new)
1153 return -ENOMEM;
1154
1155 key_put(new->request_key_auth);
1156 new->request_key_auth = key_get(key);
1157
1158 return commit_creds(new);
1159}
1160
1da177e4 1161/*
973c9f4f
DH		 1162 * Instantiate a key with the specified payload and link the key into the
1163 * destination keyring if one is given.
1164 *
1165 * The caller must have the appropriate instantiation permit set for this to
1166 * work (see keyctl_assume_authority). No other permissions are required.
1167 *
1168 * If successful, 0 will be returned.
1da177e4 1169 */
ee009e4a 1170long keyctl_instantiate_key_common(key_serial_t id,
b353a1f7 1171 struct iov_iter *from,
ee009e4a 1172 key_serial_t ringid)
1da177e4 1173{
d84f4f99 1174 const struct cred *cred = current_cred();
3e30148c 1175 struct request_key_auth *rka;
8bbf4976 1176 struct key *instkey, *dest_keyring;
b353a1f7 1177 size_t plen = from ? iov_iter_count(from) : 0;
1da177e4
LT		 1178 void *payload;
1179 long ret;
1180
d84f4f99
DH		 1181 kenter("%d,,%zu,%d", id, plen, ringid);
1182
b353a1f7
AV		 1183 if (!plen)
1184 from = NULL;
1185
1da177e4 1186 ret = -EINVAL;
38bbca6b 1187 if (plen > 1024 * 1024 - 1)
1da177e4
LT		 1188 goto error;
1189
b5f545c8
DH		 1190 /* the appropriate instantiation authorisation key must have been
1191 * assumed before calling this */
1192 ret = -EPERM;
d84f4f99 1193 instkey = cred->request_key_auth;
b5f545c8
DH		 1194 if (!instkey)
1195 goto error;
1196
146aa8b1 1197 rka = instkey->payload.data[0];
b5f545c8
DH		 1198 if (rka->target_key->serial != id)
1199 goto error;
1200
1da177e4
LT		 1201 /* pull the payload in if one was supplied */
1202 payload = NULL;
1203
b353a1f7 1204 if (from) {
1da177e4 1205 ret = -ENOMEM;
752ade68
MH		 1206 payload = kvmalloc(plen, GFP_KERNEL);
1207 if (!payload)
1208 goto error;
1da177e4 1209
b353a1f7 1210 ret = -EFAULT;
cbbd26b8 1211 if (!copy_from_iter_full(payload, plen, from))
1da177e4
LT		 1212 goto error2;
1213 }
1214
3e30148c
DH		 1215 /* find the destination keyring amongst those belonging to the
1216 * requesting task */
8bbf4976
DH		 1217 ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
1218 if (ret < 0)
1219 goto error2;
1da177e4
LT		 1220
1221 /* instantiate the key and link it into a keyring */
3e30148c 1222 ret = key_instantiate_and_link(rka->target_key, payload, plen,
8bbf4976 1223 dest_keyring, instkey);
1da177e4 1224
8bbf4976 1225 key_put(dest_keyring);
b5f545c8
DH		 1226
1227 /* discard the assumed authority if it's just been disabled by
1228 * instantiation of the key */
d84f4f99
DH		 1229 if (ret == 0)
1230 keyctl_change_reqkey_auth(NULL);
b5f545c8
DH		 1231
1232error2:
57070c85
EB		 1233 if (payload) {
1234 memzero_explicit(payload, plen);
1235 kvfree(payload);
1236 }
b5f545c8 1237error:
1da177e4 1238 return ret;
a8b17ed0 1239}
1da177e4 1240
ee009e4a
DH		 1241/*
1242 * Instantiate a key with the specified payload and link the key into the
1243 * destination keyring if one is given.
1244 *
1245 * The caller must have the appropriate instantiation permit set for this to
1246 * work (see keyctl_assume_authority). No other permissions are required.
1247 *
1248 * If successful, 0 will be returned.
1249 */
1250long keyctl_instantiate_key(key_serial_t id,
1251 const void __user *_payload,
1252 size_t plen,
1253 key_serial_t ringid)
1254{
1255 if (_payload && plen) {
b353a1f7
AV		 1256 struct iovec iov;
1257 struct iov_iter from;
1258 int ret;
ee009e4a 1259
b353a1f7
AV		 1260 ret = import_single_range(WRITE, (void __user *)_payload, plen,
1261 &iov, &from);
1262 if (unlikely(ret))
1263 return ret;
1264
1265 return keyctl_instantiate_key_common(id, &from, ringid);
ee009e4a
DH		 1266 }
1267
b353a1f7 1268 return keyctl_instantiate_key_common(id, NULL, ringid);
ee009e4a
DH		 1269}
1270
1271/*
1272 * Instantiate a key with the specified multipart payload and link the key into
1273 * the destination keyring if one is given.
1274 *
1275 * The caller must have the appropriate instantiation permit set for this to
1276 * work (see keyctl_assume_authority). No other permissions are required.
1277 *
1278 * If successful, 0 will be returned.
1279 */
1280long keyctl_instantiate_key_iov(key_serial_t id,
1281 const struct iovec __user *_payload_iov,
1282 unsigned ioc,
1283 key_serial_t ringid)
1284{
1285 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
b353a1f7 1286 struct iov_iter from;
ee009e4a
DH		 1287 long ret;
1288
b353a1f7
AV		 1289 if (!_payload_iov)
1290 ioc = 0;
ee009e4a 1291
b353a1f7
AV		 1292 ret = import_iovec(WRITE, _payload_iov, ioc,
1293 ARRAY_SIZE(iovstack), &iov, &from);
ee009e4a 1294 if (ret < 0)
b353a1f7
AV		 1295 return ret;
1296 ret = keyctl_instantiate_key_common(id, &from, ringid);
1297 kfree(iov);
ee009e4a 1298 return ret;
ee009e4a
DH		 1299}
1300
1da177e4 1301/*
973c9f4f
DH		 1302 * Negatively instantiate the key with the given timeout (in seconds) and link
1303 * the key into the destination keyring if one is given.
1304 *
1305 * The caller must have the appropriate instantiation permit set for this to
1306 * work (see keyctl_assume_authority). No other permissions are required.
1307 *
1308 * The key and any links to the key will be automatically garbage collected
1309 * after the timeout expires.
1310 *
1311 * Negative keys are used to rate limit repeated request_key() calls by causing
1312 * them to return -ENOKEY until the negative key expires.
1313 *
1314 * If successful, 0 will be returned.
1da177e4
LT		 1315 */
1316long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
fdd1b945
DH		 1317{
1318 return keyctl_reject_key(id, timeout, ENOKEY, ringid);
1319}
1320
1321/*
1322 * Negatively instantiate the key with the given timeout (in seconds) and error
1323 * code and link the key into the destination keyring if one is given.
1324 *
1325 * The caller must have the appropriate instantiation permit set for this to
1326 * work (see keyctl_assume_authority). No other permissions are required.
1327 *
1328 * The key and any links to the key will be automatically garbage collected
1329 * after the timeout expires.
1330 *
1331 * Negative keys are used to rate limit repeated request_key() calls by causing
1332 * them to return the specified error code until the negative key expires.
1333 *
1334 * If successful, 0 will be returned.
1335 */
1336long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error,
1337 key_serial_t ringid)
1da177e4 1338{
d84f4f99 1339 const struct cred *cred = current_cred();
3e30148c 1340 struct request_key_auth *rka;
8bbf4976 1341 struct key *instkey, *dest_keyring;
1da177e4
LT		 1342 long ret;
1343
fdd1b945
DH		 1344 kenter("%d,%u,%u,%d", id, timeout, error, ringid);
1345
1346 /* must be a valid error code and mustn't be a kernel special */
1347 if (error <= 0 ||
1348 error >= MAX_ERRNO ||
1349 error == ERESTARTSYS ||
1350 error == ERESTARTNOINTR ||
1351 error == ERESTARTNOHAND ||
1352 error == ERESTART_RESTARTBLOCK)
1353 return -EINVAL;
d84f4f99 1354
b5f545c8
DH		 1355 /* the appropriate instantiation authorisation key must have been
1356 * assumed before calling this */
1357 ret = -EPERM;
d84f4f99 1358 instkey = cred->request_key_auth;
b5f545c8 1359 if (!instkey)
1da177e4 1360 goto error;
1da177e4 1361
146aa8b1 1362 rka = instkey->payload.data[0];
b5f545c8
DH		 1363 if (rka->target_key->serial != id)
1364 goto error;
3e30148c 1365
1da177e4
LT		 1366 /* find the destination keyring if present (which must also be
1367 * writable) */
8bbf4976
DH		 1368 ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
1369 if (ret < 0)
1370 goto error;
1da177e4
LT		 1371
1372 /* instantiate the key and link it into a keyring */
fdd1b945 1373 ret = key_reject_and_link(rka->target_key, timeout, error,
8bbf4976 1374 dest_keyring, instkey);
1da177e4 1375
8bbf4976 1376 key_put(dest_keyring);
b5f545c8
DH		 1377
1378 /* discard the assumed authority if it's just been disabled by
1379 * instantiation of the key */
d84f4f99
DH		 1380 if (ret == 0)
1381 keyctl_change_reqkey_auth(NULL);
b5f545c8
DH		 1382
1383error:
1da177e4 1384 return ret;
a8b17ed0 1385}
1da177e4 1386
3e30148c 1387/*
973c9f4f
DH		 1388 * Read or set the default keyring in which request_key() will cache keys and
1389 * return the old setting.
1390 *
c9f838d1
EB		 1391 * If a thread or process keyring is specified then it will be created if it
1392 * doesn't yet exist. The old setting will be returned if successful.
3e30148c
DH		 1393 */
1394long keyctl_set_reqkey_keyring(int reqkey_defl)
1395{
d84f4f99
DH		 1396 struct cred *new;
1397 int ret, old_setting;
1398
1399 old_setting = current_cred_xxx(jit_keyring);
1400
1401 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE)
1402 return old_setting;
1403
1404 new = prepare_creds();
1405 if (!new)
1406 return -ENOMEM;
3e30148c
DH		 1407
1408 switch (reqkey_defl) {
1409 case KEY_REQKEY_DEFL_THREAD_KEYRING:
d84f4f99 1410 ret = install_thread_keyring_to_cred(new);
3e30148c 1411 if (ret < 0)
d84f4f99 1412 goto error;
3e30148c
DH		 1413 goto set;
1414
1415 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
d84f4f99 1416 ret = install_process_keyring_to_cred(new);
c9f838d1
EB		 1417 if (ret < 0)
1418 goto error;
d84f4f99 1419 goto set;
3e30148c
DH		 1420
1421 case KEY_REQKEY_DEFL_DEFAULT:
1422 case KEY_REQKEY_DEFL_SESSION_KEYRING:
1423 case KEY_REQKEY_DEFL_USER_KEYRING:
1424 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
d84f4f99
DH		 1425 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
1426 goto set;
3e30148c
DH		 1427
1428 case KEY_REQKEY_DEFL_NO_CHANGE:
3e30148c
DH		 1429 case KEY_REQKEY_DEFL_GROUP_KEYRING:
1430 default:
d84f4f99
DH		 1431 ret = -EINVAL;
1432 goto error;
3e30148c
DH		 1433 }
1434
d84f4f99
DH		 1435set:
1436 new->jit_keyring = reqkey_defl;
1437 commit_creds(new);
1438 return old_setting;
1439error:
1440 abort_creds(new);
4303ef19 1441 return ret;
a8b17ed0 1442}
d84f4f99 1443
017679c4 1444/*
973c9f4f
DH		 1445 * Set or clear the timeout on a key.
1446 *
1447 * Either the key must grant the caller Setattr permission or else the caller
1448 * must hold an instantiation authorisation token for the key.
1449 *
1450 * The timeout is either 0 to clear the timeout, or a number of seconds from
1451 * the current time. The key and any links to the key will be automatically
1452 * garbage collected after the timeout expires.
1453 *
d3600bcf
MZ		 1454 * Keys with KEY_FLAG_KEEP set should not be timed out.
1455 *
973c9f4f 1456 * If successful, 0 is returned.
017679c4
DH		 1457 */
1458long keyctl_set_timeout(key_serial_t id, unsigned timeout)
1459{
9156235b 1460 struct key *key, *instkey;
017679c4 1461 key_ref_t key_ref;
017679c4
DH		 1462 long ret;
1463
5593122e 1464 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
028db3e2 1465 KEY_NEED_SETATTR);
017679c4 1466 if (IS_ERR(key_ref)) {
9156235b
DH		 1467 /* setting the timeout on a key under construction is permitted
1468 * if we have the authorisation token handy */
1469 if (PTR_ERR(key_ref) == -EACCES) {
1470 instkey = key_get_instantiation_authkey(id);
1471 if (!IS_ERR(instkey)) {
1472 key_put(instkey);
1473 key_ref = lookup_user_key(id,
1474 KEY_LOOKUP_PARTIAL,
8c0637e9 1475 KEY_AUTHTOKEN_OVERRIDE);
9156235b
DH		 1476 if (!IS_ERR(key_ref))
1477 goto okay;
1478 }
1479 }
1480
017679c4
DH		 1481 ret = PTR_ERR(key_ref);
1482 goto error;
1483 }
1484
9156235b 1485okay:
017679c4 1486 key = key_ref_to_ptr(key_ref);
1d6d167c 1487 ret = 0;
f7e47677 1488 if (test_bit(KEY_FLAG_KEEP, &key->flags)) {
d3600bcf 1489 ret = -EPERM;
f7e47677 1490 } else {
d3600bcf 1491 key_set_timeout(key, timeout);
f7e47677
DH		 1492 notify_key(key, NOTIFY_KEY_SETATTR, 0);
1493 }
017679c4
DH		 1494 key_put(key);
1495
017679c4
DH		 1496error:
1497 return ret;
a8b17ed0 1498}
017679c4 1499
b5f545c8 1500/*
973c9f4f
DH		 1501 * Assume (or clear) the authority to instantiate the specified key.
1502 *
1503 * This sets the authoritative token currently in force for key instantiation.
1504 * This must be done for a key to be instantiated. It has the effect of making
1505 * available all the keys from the caller of the request_key() that created a
1506 * key to request_key() calls made by the caller of this function.
1507 *
1508 * The caller must have the instantiation key in their process keyrings with a
1509 * Search permission grant available to the caller.
1510 *
1511 * If the ID given is 0, then the setting will be cleared and 0 returned.
1512 *
1513 * If the ID given has a matching an authorisation key, then that key will be
1514 * set and its ID will be returned. The authorisation key can be read to get
1515 * the callout information passed to request_key().
b5f545c8
DH		 1516 */
1517long keyctl_assume_authority(key_serial_t id)
1518{
1519 struct key *authkey;
1520 long ret;
1521
1522 /* special key IDs aren't permitted */
1523 ret = -EINVAL;
1524 if (id < 0)
1525 goto error;
1526
1527 /* we divest ourselves of authority if given an ID of 0 */
1528 if (id == 0) {
d84f4f99 1529 ret = keyctl_change_reqkey_auth(NULL);
b5f545c8
DH		 1530 goto error;
1531 }
1532
1533 /* attempt to assume the authority temporarily granted to us whilst we
1534 * instantiate the specified key
1535 * - the authorisation key must be in the current task's keyrings
1536 * somewhere
1537 */
1538 authkey = key_get_instantiation_authkey(id);
1539 if (IS_ERR(authkey)) {
1540 ret = PTR_ERR(authkey);
1541 goto error;
1542 }
1543
d84f4f99 1544 ret = keyctl_change_reqkey_auth(authkey);
884bee02
EB		 1545 if (ret == 0)
1546 ret = authkey->serial;
d84f4f99 1547 key_put(authkey);
b5f545c8
DH		 1548error:
1549 return ret;
a8b17ed0 1550}
b5f545c8 1551
70a5bb72 1552/*
973c9f4f
DH		 1553 * Get a key's the LSM security label.
1554 *
1555 * The key must grant the caller View permission for this to work.
1556 *
1557 * If there's a buffer, then up to buflen bytes of data will be placed into it.
1558 *
1559 * If successful, the amount of information available will be returned,
1560 * irrespective of how much was copied (including the terminal NUL).
70a5bb72
DH		 1561 */
1562long keyctl_get_security(key_serial_t keyid,
1563 char __user *buffer,
1564 size_t buflen)
1565{
1566 struct key *key, *instkey;
1567 key_ref_t key_ref;
1568 char *context;
1569 long ret;
1570
f5895943 1571 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
70a5bb72
DH		 1572 if (IS_ERR(key_ref)) {
1573 if (PTR_ERR(key_ref) != -EACCES)
1574 return PTR_ERR(key_ref);
1575
1576 /* viewing a key under construction is also permitted if we
1577 * have the authorisation token handy */
1578 instkey = key_get_instantiation_authkey(keyid);
1579 if (IS_ERR(instkey))
fa1cc7b5 1580 return PTR_ERR(instkey);
70a5bb72
DH		 1581 key_put(instkey);
1582
8c0637e9
DH		 1583 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL,
1584 KEY_AUTHTOKEN_OVERRIDE);
70a5bb72
DH		 1585 if (IS_ERR(key_ref))
1586 return PTR_ERR(key_ref);
1587 }
1588
1589 key = key_ref_to_ptr(key_ref);
1590 ret = security_key_getsecurity(key, &context);
1591 if (ret == 0) {
1592 /* if no information was returned, give userspace an empty
1593 * string */
1594 ret = 1;
1595 if (buffer && buflen > 0 &&
1596 copy_to_user(buffer, "", 1) != 0)
1597 ret = -EFAULT;
1598 } else if (ret > 0) {
1599 /* return as much data as there's room for */
1600 if (buffer && buflen > 0) {
1601 if (buflen > ret)
1602 buflen = ret;
1603
1604 if (copy_to_user(buffer, context, buflen) != 0)
1605 ret = -EFAULT;
1606 }
1607
1608 kfree(context);
1609 }
1610
1611 key_ref_put(key_ref);
1612 return ret;
1613}
1614
ee18d64c 1615/*
973c9f4f
DH		 1616 * Attempt to install the calling process's session keyring on the process's
1617 * parent process.
1618 *
028db3e2 1619 * The keyring must exist and must grant the caller LINK permission, and the
973c9f4f
DH		 1620 * parent process must be single-threaded and must have the same effective
1621 * ownership as this process and mustn't be SUID/SGID.
1622 *
1623 * The keyring will be emplaced on the parent when it next resumes userspace.
1624 *
1625 * If successful, 0 will be returned.
ee18d64c
DH		 1626 */
1627long keyctl_session_to_parent(void)
1628{
1629 struct task_struct *me, *parent;
1630 const struct cred *mycred, *pcred;
67d12145 1631 struct callback_head *newwork, *oldwork;
ee18d64c 1632 key_ref_t keyring_r;
413cd3d9 1633 struct cred *cred;
ee18d64c
DH		 1634 int ret;
1635
028db3e2 1636 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK);
ee18d64c
DH		 1637 if (IS_ERR(keyring_r))
1638 return PTR_ERR(keyring_r);
1639
413cd3d9 1640 ret = -ENOMEM;
413cd3d9 1641
ee18d64c
DH		 1642 /* our parent is going to need a new cred struct, a new tgcred struct
1643 * and new security data, so we allocate them here to prevent ENOMEM in
1644 * our parent */
ee18d64c
DH		 1645 cred = cred_alloc_blank();
1646 if (!cred)
67d12145
AV		 1647 goto error_keyring;
1648 newwork = &cred->rcu;
ee18d64c 1649
3a50597d
DH		 1650 cred->session_keyring = key_ref_to_ptr(keyring_r);
1651 keyring_r = NULL;
67d12145 1652 init_task_work(newwork, key_change_session_keyring);
ee18d64c
DH		 1653
1654 me = current;
9d1ac65a 1655 rcu_read_lock();
ee18d64c
DH		 1656 write_lock_irq(&tasklist_lock);
1657
ee18d64c 1658 ret = -EPERM;
413cd3d9 1659 oldwork = NULL;
7936d16d
DH		 1660 parent = rcu_dereference_protected(me->real_parent,
1661 lockdep_is_held(&tasklist_lock));
ee18d64c
DH		 1662
1663 /* the parent mustn't be init and mustn't be a kernel thread */
1664 if (parent->pid <= 1 || !parent->mm)
413cd3d9 1665 goto unlock;
ee18d64c
DH		 1666
1667 /* the parent must be single threaded */
dd98acf7 1668 if (!thread_group_empty(parent))
413cd3d9 1669 goto unlock;
ee18d64c
DH		 1670
1671 /* the parent and the child must have different session keyrings or
1672 * there's no point */
1673 mycred = current_cred();
1674 pcred = __task_cred(parent);
1675 if (mycred == pcred ||
3a50597d 1676 mycred->session_keyring == pcred->session_keyring) {
413cd3d9
ON		 1677 ret = 0;
1678 goto unlock;
1679 }
ee18d64c
DH		 1680
1681 /* the parent must have the same effective ownership and mustn't be
1682 * SUID/SGID */
9a56c2db
EB		 1683 if (!uid_eq(pcred->uid, mycred->euid) ||
1684 !uid_eq(pcred->euid, mycred->euid) ||
1685 !uid_eq(pcred->suid, mycred->euid) ||
1686 !gid_eq(pcred->gid, mycred->egid) ||
1687 !gid_eq(pcred->egid, mycred->egid) ||
1688 !gid_eq(pcred->sgid, mycred->egid))
413cd3d9 1689 goto unlock;
ee18d64c
DH		 1690
1691 /* the keyrings must have the same UID */
3a50597d 1692 if ((pcred->session_keyring &&
2a74dbb9
LT		 1693 !uid_eq(pcred->session_keyring->uid, mycred->euid)) ||
1694 !uid_eq(mycred->session_keyring->uid, mycred->euid))
413cd3d9 1695 goto unlock;
ee18d64c 1696
413cd3d9
ON		 1697 /* cancel an already pending keyring replacement */
1698 oldwork = task_work_cancel(parent, key_change_session_keyring);
ee18d64c
DH		 1699
1700 /* the replacement session keyring is applied just prior to userspace
1701 * restarting */
67d12145 1702 ret = task_work_add(parent, newwork, true);
413cd3d9
ON		 1703 if (!ret)
1704 newwork = NULL;
1705unlock:
ee18d64c 1706 write_unlock_irq(&tasklist_lock);
9d1ac65a 1707 rcu_read_unlock();
67d12145
AV		 1708 if (oldwork)
1709 put_cred(container_of(oldwork, struct cred, rcu));
1710 if (newwork)
1711 put_cred(cred);
ee18d64c
DH		 1712 return ret;
1713
1714error_keyring:
1715 key_ref_put(keyring_r);
1716 return ret;
1717}
1718
6563c91f
MM		 1719/*
1720 * Apply a restriction to a given keyring.
1721 *
1722 * The caller must have Setattr permission to change keyring restrictions.
1723 *
1724 * The requested type name may be a NULL pointer to reject all attempts
18026d86
EB		 1725 * to link to the keyring. In this case, _restriction must also be NULL.
1726 * Otherwise, both _type and _restriction must be non-NULL.
6563c91f
MM		 1727 *
1728 * Returns 0 if successful.
1729 */
1730long keyctl_restrict_keyring(key_serial_t id, const char __user *_type,
1731 const char __user *_restriction)
1732{
1733 key_ref_t key_ref;
6563c91f
MM		 1734 char type[32];
1735 char *restriction = NULL;
1736 long ret;
1737
028db3e2 1738 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
6563c91f
MM		 1739 if (IS_ERR(key_ref))
1740 return PTR_ERR(key_ref);
1741
18026d86 1742 ret = -EINVAL;
6563c91f 1743 if (_type) {
18026d86 1744 if (!_restriction)
6563c91f 1745 goto error;
6563c91f 1746
18026d86
EB		 1747 ret = key_get_type_from_user(type, _type, sizeof(type));
1748 if (ret < 0)
6563c91f 1749 goto error;
6563c91f
MM		 1750
1751 restriction = strndup_user(_restriction, PAGE_SIZE);
1752 if (IS_ERR(restriction)) {
1753 ret = PTR_ERR(restriction);
1754 goto error;
1755 }
18026d86
EB		 1756 } else {
1757 if (_restriction)
1758 goto error;
6563c91f
MM		 1759 }
1760
18026d86 1761 ret = keyring_restrict(key_ref, _type ? type : NULL, restriction);
6563c91f 1762 kfree(restriction);
6563c91f
MM		 1763error:
1764 key_ref_put(key_ref);
6563c91f
MM		 1765 return ret;
1766}
1767
f7e47677
DH		 1768#ifdef CONFIG_KEY_NOTIFICATIONS
1769/*
1770 * Watch for changes to a key.
1771 *
1772 * The caller must have View permission to watch a key or keyring.
1773 */
1774long keyctl_watch_key(key_serial_t id, int watch_queue_fd, int watch_id)
1775{
1776 struct watch_queue *wqueue;
1777 struct watch_list *wlist = NULL;
1778 struct watch *watch = NULL;
1779 struct key *key;
1780 key_ref_t key_ref;
1781 long ret;
1782
1783 if (watch_id < -1 || watch_id > 0xff)
1784 return -EINVAL;
1785
1786 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_VIEW);
1787 if (IS_ERR(key_ref))
1788 return PTR_ERR(key_ref);
1789 key = key_ref_to_ptr(key_ref);
1790
1791 wqueue = get_watch_queue(watch_queue_fd);
1792 if (IS_ERR(wqueue)) {
1793 ret = PTR_ERR(wqueue);
1794 goto err_key;
1795 }
1796
1797 if (watch_id >= 0) {
1798 ret = -ENOMEM;
1799 if (!key->watchers) {
1800 wlist = kzalloc(sizeof(*wlist), GFP_KERNEL);
1801 if (!wlist)
1802 goto err_wqueue;
1803 init_watch_list(wlist, NULL);
1804 }
1805
1806 watch = kzalloc(sizeof(*watch), GFP_KERNEL);
1807 if (!watch)
1808 goto err_wlist;
1809
1810 init_watch(watch, wqueue);
1811 watch->id = key->serial;
1812 watch->info_id = (u32)watch_id << WATCH_INFO_ID__SHIFT;
1813
1814 ret = security_watch_key(key);
1815 if (ret < 0)
1816 goto err_watch;
1817
1818 down_write(&key->sem);
1819 if (!key->watchers) {
1820 key->watchers = wlist;
1821 wlist = NULL;
1822 }
1823
1824 ret = add_watch_to_object(watch, key->watchers);
1825 up_write(&key->sem);
1826
1827 if (ret == 0)
1828 watch = NULL;
1829 } else {
1830 ret = -EBADSLT;
1831 if (key->watchers) {
1832 down_write(&key->sem);
1833 ret = remove_watch_from_object(key->watchers,
1834 wqueue, key_serial(key),
1835 false);
1836 up_write(&key->sem);
1837 }
1838 }
1839
1840err_watch:
1841 kfree(watch);
1842err_wlist:
1843 kfree(wlist);
1844err_wqueue:
1845 put_watch_queue(wqueue);
1846err_key:
1847 key_put(key);
1848 return ret;
1849}
1850#endif /* CONFIG_KEY_NOTIFICATIONS */
1851
45e0f30c
DH		 1852/*
1853 * Get keyrings subsystem capabilities.
1854 */
1855long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen)
1856{
1857 size_t size = buflen;
1858
1859 if (size > 0) {
1860 if (size > sizeof(keyrings_capabilities))
1861 size = sizeof(keyrings_capabilities);
1862 if (copy_to_user(_buffer, keyrings_capabilities, size) != 0)
1863 return -EFAULT;
1864 if (size < buflen &&
1865 clear_user(_buffer + size, buflen - size) != 0)
1866 return -EFAULT;
1867 }
1868
1869 return sizeof(keyrings_capabilities);
1870}
1871
1da177e4 1872/*
973c9f4f 1873 * The key control system call
1da177e4 1874 */
938bb9f5
HC		 1875SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
1876 unsigned long, arg4, unsigned long, arg5)
1da177e4
LT		 1877{
1878 switch (option) {
1879 case KEYCTL_GET_KEYRING_ID:
1880 return keyctl_get_keyring_ID((key_serial_t) arg2,
1881 (int) arg3);
1882
1883 case KEYCTL_JOIN_SESSION_KEYRING:
1884 return keyctl_join_session_keyring((const char __user *) arg2);
1885
1886 case KEYCTL_UPDATE:
1887 return keyctl_update_key((key_serial_t) arg2,
1888 (const void __user *) arg3,
1889 (size_t) arg4);
1890
1891 case KEYCTL_REVOKE:
1892 return keyctl_revoke_key((key_serial_t) arg2);
1893
1894 case KEYCTL_DESCRIBE:
1895 return keyctl_describe_key((key_serial_t) arg2,
1896 (char __user *) arg3,
1897 (unsigned) arg4);
1898
1899 case KEYCTL_CLEAR:
1900 return keyctl_keyring_clear((key_serial_t) arg2);
1901
1902 case KEYCTL_LINK:
1903 return keyctl_keyring_link((key_serial_t) arg2,
1904 (key_serial_t) arg3);
1905
1906 case KEYCTL_UNLINK:
1907 return keyctl_keyring_unlink((key_serial_t) arg2,
1908 (key_serial_t) arg3);
1909
1910 case KEYCTL_SEARCH:
1911 return keyctl_keyring_search((key_serial_t) arg2,
1912 (const char __user *) arg3,
1913 (const char __user *) arg4,
1914 (key_serial_t) arg5);
1915
1916 case KEYCTL_READ:
1917 return keyctl_read_key((key_serial_t) arg2,
1918 (char __user *) arg3,
1919 (size_t) arg4);
1920
1921 case KEYCTL_CHOWN:
1922 return keyctl_chown_key((key_serial_t) arg2,
1923 (uid_t) arg3,
1924 (gid_t) arg4);
1925
1926 case KEYCTL_SETPERM:
1927 return keyctl_setperm_key((key_serial_t) arg2,
028db3e2 1928 (key_perm_t) arg3);
1da177e4
LT		 1929
1930 case KEYCTL_INSTANTIATE:
1931 return keyctl_instantiate_key((key_serial_t) arg2,
1932 (const void __user *) arg3,
1933 (size_t) arg4,
1934 (key_serial_t) arg5);
1935
1936 case KEYCTL_NEGATE:
1937 return keyctl_negate_key((key_serial_t) arg2,
1938 (unsigned) arg3,
1939 (key_serial_t) arg4);
1940
3e30148c
DH		 1941 case KEYCTL_SET_REQKEY_KEYRING:
1942 return keyctl_set_reqkey_keyring(arg2);
1943
017679c4
DH		 1944 case KEYCTL_SET_TIMEOUT:
1945 return keyctl_set_timeout((key_serial_t) arg2,
1946 (unsigned) arg3);
1947
b5f545c8
DH		 1948 case KEYCTL_ASSUME_AUTHORITY:
1949 return keyctl_assume_authority((key_serial_t) arg2);
1950
70a5bb72
DH		 1951 case KEYCTL_GET_SECURITY:
1952 return keyctl_get_security((key_serial_t) arg2,
90bd49ab 1953 (char __user *) arg3,
70a5bb72
DH		 1954 (size_t) arg4);
1955
ee18d64c
DH		 1956 case KEYCTL_SESSION_TO_PARENT:
1957 return keyctl_session_to_parent();
1958
fdd1b945
DH		 1959 case KEYCTL_REJECT:
1960 return keyctl_reject_key((key_serial_t) arg2,
1961 (unsigned) arg3,
1962 (unsigned) arg4,
1963 (key_serial_t) arg5);
1964
ee009e4a
DH		 1965 case KEYCTL_INSTANTIATE_IOV:
1966 return keyctl_instantiate_key_iov(
1967 (key_serial_t) arg2,
1968 (const struct iovec __user *) arg3,
1969 (unsigned) arg4,
1970 (key_serial_t) arg5);
1971
fd75815f
DH		 1972 case KEYCTL_INVALIDATE:
1973 return keyctl_invalidate_key((key_serial_t) arg2);
1974
f36f8c75
DH		 1975 case KEYCTL_GET_PERSISTENT:
1976 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3);
1977
ddbb4114
MM		 1978 case KEYCTL_DH_COMPUTE:
1979 return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
4693fc73 1980 (char __user *) arg3, (size_t) arg4,
f1c316a3 1981 (struct keyctl_kdf_params __user *) arg5);
ddbb4114 1982
6563c91f
MM		 1983 case KEYCTL_RESTRICT_KEYRING:
1984 return keyctl_restrict_keyring((key_serial_t) arg2,
1985 (const char __user *) arg3,
1986 (const char __user *) arg4);
ddbb4114 1987
00d60fd3
DH		 1988 case KEYCTL_PKEY_QUERY:
1989 if (arg3 != 0)
1990 return -EINVAL;
1991 return keyctl_pkey_query((key_serial_t)arg2,
1992 (const char __user *)arg4,
468e91ce 1993 (struct keyctl_pkey_query __user *)arg5);
00d60fd3
DH		 1994
1995 case KEYCTL_PKEY_ENCRYPT:
1996 case KEYCTL_PKEY_DECRYPT:
1997 case KEYCTL_PKEY_SIGN:
1998 return keyctl_pkey_e_d_s(
1999 option,
2000 (const struct keyctl_pkey_params __user *)arg2,
2001 (const char __user *)arg3,
2002 (const void __user *)arg4,
2003 (void __user *)arg5);
2004
2005 case KEYCTL_PKEY_VERIFY:
2006 return keyctl_pkey_verify(
2007 (const struct keyctl_pkey_params __user *)arg2,
2008 (const char __user *)arg3,
2009 (const void __user *)arg4,
2010 (const void __user *)arg5);
2011
ed0ac5c7
DH		 2012 case KEYCTL_MOVE:
2013 return keyctl_keyring_move((key_serial_t)arg2,
2014 (key_serial_t)arg3,
2015 (key_serial_t)arg4,
2016 (unsigned int)arg5);
2017
45e0f30c
DH		 2018 case KEYCTL_CAPABILITIES:
2019 return keyctl_capabilities((unsigned char __user *)arg2, (size_t)arg3);
2020
f7e47677
DH		 2021 case KEYCTL_WATCH_KEY:
2022 return keyctl_watch_key((key_serial_t)arg2, (int)arg3, (int)arg4);
2023
1da177e4
LT		 2024 default:
2025 return -EOPNOTSUPP;
2026 }
a8b17ed0 2027}
Empty description
This page took 1.191063 seconds and 4 git commands to generate.