| keyring.c (16feef4340172b7dbb9cba60850e78fa6388adf1) | keyring.c (4bdf0bc300314141e5475e145acb8b5ad846f00d) |
|---|---|
| 1/* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 266 unchanged lines hidden (view full) --- 275 276 return keyring; 277} 278EXPORT_SYMBOL(keyring_alloc); 279 280/** 281 * keyring_search_aux - Search a keyring tree for a key matching some criteria 282 * @keyring_ref: A pointer to the keyring with possession indicator. | 1/* Keyring handling 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version --- 266 unchanged lines hidden (view full) --- 275 276 return keyring; 277} 278EXPORT_SYMBOL(keyring_alloc); 279 280/** 281 * keyring_search_aux - Search a keyring tree for a key matching some criteria 282 * @keyring_ref: A pointer to the keyring with possession indicator. |
| 283 * @cred: The credentials to use for permissions checks. 284 * @type: The type of key to search for. 285 * @description: Parameter for @match. 286 * @match: Function to rule on whether or not a key is the one required. 287 * @no_state_check: Don't check if a matching key is bad | 283 * @ctx: The keyring search context. |
| 288 * 289 * Search the supplied keyring tree for a key that matches the criteria given. 290 * The root keyring and any linked keyrings must grant Search permission to the 291 * caller to be searchable and keys can only be found if they too grant Search 292 * to the caller. The possession flag on the root keyring pointer controls use 293 * of the possessor bits in permissions checking of the entire tree. In 294 * addition, the LSM gets to forbid keyring searches and key matches. 295 * --- 13 unchanged lines hidden (view full) --- 309 * successful; -EAGAIN if no matching keys were found, or if expired or revoked 310 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the 311 * specified keyring wasn't a keyring. 312 * 313 * In the case of a successful return, the possession attribute from 314 * @keyring_ref is propagated to the returned key reference. 315 */ 316key_ref_t keyring_search_aux(key_ref_t keyring_ref, | 284 * 285 * Search the supplied keyring tree for a key that matches the criteria given. 286 * The root keyring and any linked keyrings must grant Search permission to the 287 * caller to be searchable and keys can only be found if they too grant Search 288 * to the caller. The possession flag on the root keyring pointer controls use 289 * of the possessor bits in permissions checking of the entire tree. In 290 * addition, the LSM gets to forbid keyring searches and key matches. 291 * --- 13 unchanged lines hidden (view full) --- 305 * successful; -EAGAIN if no matching keys were found, or if expired or revoked 306 * keys were found; -ENOKEY if only negative keys were found; -ENOTDIR if the 307 * specified keyring wasn't a keyring. 308 * 309 * In the case of a successful return, the possession attribute from 310 * @keyring_ref is propagated to the returned key reference. 311 */ 312key_ref_t keyring_search_aux(key_ref_t keyring_ref, |
| 317 const struct cred *cred, 318 struct key_type *type, 319 const void *description, 320 key_match_func_t match, 321 bool no_state_check) | 313 struct keyring_search_context *ctx) |
| 322{ 323 struct { 324 /* Need a separate keylist pointer for RCU purposes */ 325 struct key *keyring; 326 struct keyring_list *keylist; 327 int kix; 328 } stack[KEYRING_SEARCH_MAX_DEPTH]; 329 330 struct keyring_list *keylist; | 314{ 315 struct { 316 /* Need a separate keylist pointer for RCU purposes */ 317 struct key *keyring; 318 struct keyring_list *keylist; 319 int kix; 320 } stack[KEYRING_SEARCH_MAX_DEPTH]; 321 322 struct keyring_list *keylist; |
| 331 struct timespec now; | |
| 332 unsigned long kflags; 333 struct key *keyring, *key; 334 key_ref_t key_ref; | 323 unsigned long kflags; 324 struct key *keyring, *key; 325 key_ref_t key_ref; |
| 335 bool possessed; | |
| 336 long err; 337 int sp, nkeys, kix; 338 339 keyring = key_ref_to_ptr(keyring_ref); | 326 long err; 327 int sp, nkeys, kix; 328 329 keyring = key_ref_to_ptr(keyring_ref); |
| 340 possessed = is_key_possessed(keyring_ref); | 330 ctx->possessed = is_key_possessed(keyring_ref); |
| 341 key_check(keyring); 342 343 /* top keyring must have search permission to begin the search */ | 331 key_check(keyring); 332 333 /* top keyring must have search permission to begin the search */ |
| 344 err = key_task_permission(keyring_ref, cred, KEY_SEARCH); | 334 err = key_task_permission(keyring_ref, ctx->cred, KEY_SEARCH); |
| 345 if (err < 0) { 346 key_ref = ERR_PTR(err); 347 goto error; 348 } 349 350 key_ref = ERR_PTR(-ENOTDIR); 351 if (keyring->type != &key_type_keyring) 352 goto error; 353 354 rcu_read_lock(); 355 | 335 if (err < 0) { 336 key_ref = ERR_PTR(err); 337 goto error; 338 } 339 340 key_ref = ERR_PTR(-ENOTDIR); 341 if (keyring->type != &key_type_keyring) 342 goto error; 343 344 rcu_read_lock(); 345 |
| 356 now = current_kernel_time(); | 346 ctx->now = current_kernel_time(); |
| 357 err = -EAGAIN; 358 sp = 0; 359 360 /* firstly we should check to see if this top-level keyring is what we 361 * are looking for */ 362 key_ref = ERR_PTR(-EAGAIN); 363 kflags = keyring->flags; | 347 err = -EAGAIN; 348 sp = 0; 349 350 /* firstly we should check to see if this top-level keyring is what we 351 * are looking for */ 352 key_ref = ERR_PTR(-EAGAIN); 353 kflags = keyring->flags; |
| 364 if (keyring->type == type && match(keyring, description)) { | 354 if (keyring->type == ctx->index_key.type && 355 ctx->match(keyring, ctx->match_data)) { |
| 365 key = keyring; | 356 key = keyring; |
| 366 if (no_state_check) | 357 if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK) |
| 367 goto found; 368 369 /* check it isn't negative and hasn't expired or been 370 * revoked */ 371 if (kflags & (1 << KEY_FLAG_REVOKED)) 372 goto error_2; | 358 goto found; 359 360 /* check it isn't negative and hasn't expired or been 361 * revoked */ 362 if (kflags & (1 << KEY_FLAG_REVOKED)) 363 goto error_2; |
| 373 if (key->expiry && now.tv_sec >= key->expiry) | 364 if (key->expiry && ctx->now.tv_sec >= key->expiry) |
| 374 goto error_2; 375 key_ref = ERR_PTR(key->type_data.reject_error); 376 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 377 goto error_2; 378 goto found; 379 } 380 381 /* otherwise, the top keyring must not be revoked, expired, or 382 * negatively instantiated if we are to search it */ 383 key_ref = ERR_PTR(-EAGAIN); 384 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 385 (1 << KEY_FLAG_REVOKED) | 386 (1 << KEY_FLAG_NEGATIVE)) || | 365 goto error_2; 366 key_ref = ERR_PTR(key->type_data.reject_error); 367 if (kflags & (1 << KEY_FLAG_NEGATIVE)) 368 goto error_2; 369 goto found; 370 } 371 372 /* otherwise, the top keyring must not be revoked, expired, or 373 * negatively instantiated if we are to search it */ 374 key_ref = ERR_PTR(-EAGAIN); 375 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 376 (1 << KEY_FLAG_REVOKED) | 377 (1 << KEY_FLAG_NEGATIVE)) || |
| 387 (keyring->expiry && now.tv_sec >= keyring->expiry)) | 378 (keyring->expiry && ctx->now.tv_sec >= keyring->expiry)) |
| 388 goto error_2; 389 390 /* start processing a new keyring */ 391descend: 392 kflags = keyring->flags; 393 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 394 (1 << KEY_FLAG_REVOKED))) 395 goto not_this_keyring; --- 5 unchanged lines hidden (view full) --- 401 /* iterate through the keys in this keyring first */ 402 nkeys = keylist->nkeys; 403 smp_rmb(); 404 for (kix = 0; kix < nkeys; kix++) { 405 key = rcu_dereference(keylist->keys[kix]); 406 kflags = key->flags; 407 408 /* ignore keys not of this type */ | 379 goto error_2; 380 381 /* start processing a new keyring */ 382descend: 383 kflags = keyring->flags; 384 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 385 (1 << KEY_FLAG_REVOKED))) 386 goto not_this_keyring; --- 5 unchanged lines hidden (view full) --- 392 /* iterate through the keys in this keyring first */ 393 nkeys = keylist->nkeys; 394 smp_rmb(); 395 for (kix = 0; kix < nkeys; kix++) { 396 key = rcu_dereference(keylist->keys[kix]); 397 kflags = key->flags; 398 399 /* ignore keys not of this type */ |
| 409 if (key->type != type) | 400 if (key->type != ctx->index_key.type) |
| 410 continue; 411 412 /* skip invalidated, revoked and expired keys */ | 401 continue; 402 403 /* skip invalidated, revoked and expired keys */ |
| 413 if (!no_state_check) { | 404 if (!(ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK)) { |
| 414 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 415 (1 << KEY_FLAG_REVOKED))) 416 continue; 417 | 405 if (kflags & ((1 << KEY_FLAG_INVALIDATED) | 406 (1 << KEY_FLAG_REVOKED))) 407 continue; 408 |
| 418 if (key->expiry && now.tv_sec >= key->expiry) | 409 if (key->expiry && ctx->now.tv_sec >= key->expiry) |
| 419 continue; 420 } 421 422 /* keys that don't match */ | 410 continue; 411 } 412 413 /* keys that don't match */ |
| 423 if (!match(key, description)) | 414 if (!ctx->match(key, ctx->match_data)) |
| 424 continue; 425 426 /* key must have search permissions */ | 415 continue; 416 417 /* key must have search permissions */ |
| 427 if (key_task_permission(make_key_ref(key, possessed), 428 cred, KEY_SEARCH) < 0) | 418 if (key_task_permission(make_key_ref(key, ctx->possessed), 419 ctx->cred, KEY_SEARCH) < 0) |
| 429 continue; 430 | 420 continue; 421 |
| 431 if (no_state_check) | 422 if (ctx->flags & KEYRING_SEARCH_NO_STATE_CHECK) |
| 432 goto found; 433 434 /* we set a different error code if we pass a negative key */ 435 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 436 err = key->type_data.reject_error; 437 continue; 438 } 439 --- 11 unchanged lines hidden (view full) --- 451 continue; 452 453 /* recursively search nested keyrings 454 * - only search keyrings for which we have search permission 455 */ 456 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 457 continue; 458 | 423 goto found; 424 425 /* we set a different error code if we pass a negative key */ 426 if (kflags & (1 << KEY_FLAG_NEGATIVE)) { 427 err = key->type_data.reject_error; 428 continue; 429 } 430 --- 11 unchanged lines hidden (view full) --- 442 continue; 443 444 /* recursively search nested keyrings 445 * - only search keyrings for which we have search permission 446 */ 447 if (sp >= KEYRING_SEARCH_MAX_DEPTH) 448 continue; 449 |
| 459 if (key_task_permission(make_key_ref(key, possessed), 460 cred, KEY_SEARCH) < 0) | 450 if (key_task_permission(make_key_ref(key, ctx->possessed), 451 ctx->cred, KEY_SEARCH) < 0) |
| 461 continue; 462 463 /* stack the current position */ 464 stack[sp].keyring = keyring; 465 stack[sp].keylist = keylist; 466 stack[sp].kix = kix; 467 sp++; 468 --- 15 unchanged lines hidden (view full) --- 484 } 485 486 key_ref = ERR_PTR(err); 487 goto error_2; 488 489 /* we found a viable match */ 490found: 491 atomic_inc(&key->usage); | 452 continue; 453 454 /* stack the current position */ 455 stack[sp].keyring = keyring; 456 stack[sp].keylist = keylist; 457 stack[sp].kix = kix; 458 sp++; 459 --- 15 unchanged lines hidden (view full) --- 475 } 476 477 key_ref = ERR_PTR(err); 478 goto error_2; 479 480 /* we found a viable match */ 481found: 482 atomic_inc(&key->usage); |
| 492 key->last_used_at = now.tv_sec; 493 keyring->last_used_at = now.tv_sec; | 483 key->last_used_at = ctx->now.tv_sec; 484 keyring->last_used_at = ctx->now.tv_sec; |
| 494 while (sp > 0) | 485 while (sp > 0) |
| 495 stack[--sp].keyring->last_used_at = now.tv_sec; | 486 stack[--sp].keyring->last_used_at = ctx->now.tv_sec; |
| 496 key_check(key); | 487 key_check(key); |
| 497 key_ref = make_key_ref(key, possessed); | 488 key_ref = make_key_ref(key, ctx->possessed); |
| 498error_2: 499 rcu_read_unlock(); 500error: 501 return key_ref; 502} 503 504/** 505 * keyring_search - Search the supplied keyring tree for a matching key 506 * @keyring: The root of the keyring tree to be searched. 507 * @type: The type of keyring we want to find. 508 * @description: The name of the keyring we want to find. 509 * 510 * As keyring_search_aux() above, but using the current task's credentials and 511 * type's default matching function. 512 */ 513key_ref_t keyring_search(key_ref_t keyring, 514 struct key_type *type, 515 const char *description) 516{ | 489error_2: 490 rcu_read_unlock(); 491error: 492 return key_ref; 493} 494 495/** 496 * keyring_search - Search the supplied keyring tree for a matching key 497 * @keyring: The root of the keyring tree to be searched. 498 * @type: The type of keyring we want to find. 499 * @description: The name of the keyring we want to find. 500 * 501 * As keyring_search_aux() above, but using the current task's credentials and 502 * type's default matching function. 503 */ 504key_ref_t keyring_search(key_ref_t keyring, 505 struct key_type *type, 506 const char *description) 507{ |
| 517 if (!type->match) | 508 struct keyring_search_context ctx = { 509 .index_key.type = type, 510 .index_key.description = description, 511 .cred = current_cred(), 512 .match = type->match, 513 .match_data = description, 514 .flags = (type->def_lookup_type | 515 KEYRING_SEARCH_DO_STATE_CHECK), 516 }; 517 518 if (!ctx.match) |
| 518 return ERR_PTR(-ENOKEY); 519 | 519 return ERR_PTR(-ENOKEY); 520 |
| 520 return keyring_search_aux(keyring, current->cred, 521 type, description, type->match, false); | 521 return keyring_search_aux(keyring, &ctx); |
| 522} 523EXPORT_SYMBOL(keyring_search); 524 525/* 526 * Search the given keyring only (no recursion). 527 * 528 * The caller must guarantee that the keyring is a keyring and that the 529 * permission is granted to search the keyring as no check is made here. --- 752 unchanged lines hidden --- | 522} 523EXPORT_SYMBOL(keyring_search); 524 525/* 526 * Search the given keyring only (no recursion). 527 * 528 * The caller must guarantee that the keyring is a keyring and that the 529 * permission is granted to search the keyring as no check is made here. --- 752 unchanged lines hidden --- |