1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/keyctl.h> 18 #include <linux/fs.h> 19 #include <linux/capability.h> 20 #include <linux/string.h> 21 #include <linux/err.h> 22 #include <linux/vmalloc.h> 23 #include <linux/security.h> 24 #include <asm/uaccess.h> 25 #include "internal.h" 26 27 static int key_get_type_from_user(char *type, 28 const char __user *_type, 29 unsigned len) 30 { 31 int ret; 32 33 ret = strncpy_from_user(type, _type, len); 34 if (ret < 0) 35 return ret; 36 if (ret == 0 || ret >= len) 37 return -EINVAL; 38 if (type[0] == '.') 39 return -EPERM; 40 type[len - 1] = '\0'; 41 return 0; 42 } 43 44 /* 45 * Extract the description of a new key from userspace and either add it as a 46 * new key to the specified keyring or update a matching key in that keyring. 47 * 48 * The keyring must be writable so that we can attach the key to it. 49 * 50 * If successful, the new key's serial number is returned, otherwise an error 51 * code is returned. 52 */ 53 SYSCALL_DEFINE5(add_key, const char __user *, _type, 54 const char __user *, _description, 55 const void __user *, _payload, 56 size_t, plen, 57 key_serial_t, ringid) 58 { 59 key_ref_t keyring_ref, key_ref; 60 char type[32], *description; 61 void *payload; 62 long ret; 63 bool vm; 64 65 ret = -EINVAL; 66 if (plen > 1024 * 1024 - 1) 67 goto error; 68 69 /* draw all the data into kernel space */ 70 ret = key_get_type_from_user(type, _type, sizeof(type)); 71 if (ret < 0) 72 goto error; 73 74 description = strndup_user(_description, PAGE_SIZE); 75 if (IS_ERR(description)) { 76 ret = PTR_ERR(description); 77 goto error; 78 } 79 80 /* pull the payload in if one was supplied */ 81 payload = NULL; 82 83 vm = false; 84 if (_payload) { 85 ret = -ENOMEM; 86 payload = kmalloc(plen, GFP_KERNEL); 87 if (!payload) { 88 if (plen <= PAGE_SIZE) 89 goto error2; 90 vm = true; 91 payload = vmalloc(plen); 92 if (!payload) 93 goto error2; 94 } 95 96 ret = -EFAULT; 97 if (copy_from_user(payload, _payload, plen) != 0) 98 goto error3; 99 } 100 101 /* find the target keyring (which must be writable) */ 102 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 103 if (IS_ERR(keyring_ref)) { 104 ret = PTR_ERR(keyring_ref); 105 goto error3; 106 } 107 108 /* create or update the requested key and add it to the target 109 * keyring */ 110 key_ref = key_create_or_update(keyring_ref, type, description, 111 payload, plen, KEY_PERM_UNDEF, 112 KEY_ALLOC_IN_QUOTA); 113 if (!IS_ERR(key_ref)) { 114 ret = key_ref_to_ptr(key_ref)->serial; 115 key_ref_put(key_ref); 116 } 117 else { 118 ret = PTR_ERR(key_ref); 119 } 120 121 key_ref_put(keyring_ref); 122 error3: 123 if (!vm) 124 kfree(payload); 125 else 126 vfree(payload); 127 error2: 128 kfree(description); 129 error: 130 return ret; 131 } 132 133 /* 134 * Search the process keyrings and keyring trees linked from those for a 135 * matching key. Keyrings must have appropriate Search permission to be 136 * searched. 137 * 138 * If a key is found, it will be attached to the destination keyring if there's 139 * one specified and the serial number of the key will be returned. 140 * 141 * If no key is found, /sbin/request-key will be invoked if _callout_info is 142 * non-NULL in an attempt to create a key. The _callout_info string will be 143 * passed to /sbin/request-key to aid with completing the request. If the 144 * _callout_info string is "" then it will be changed to "-". 145 */ 146 SYSCALL_DEFINE4(request_key, const char __user *, _type, 147 const char __user *, _description, 148 const char __user *, _callout_info, 149 key_serial_t, destringid) 150 { 151 struct key_type *ktype; 152 struct key *key; 153 key_ref_t dest_ref; 154 size_t callout_len; 155 char type[32], *description, *callout_info; 156 long ret; 157 158 /* pull the type into kernel space */ 159 ret = key_get_type_from_user(type, _type, sizeof(type)); 160 if (ret < 0) 161 goto error; 162 163 /* pull the description into kernel space */ 164 description = strndup_user(_description, PAGE_SIZE); 165 if (IS_ERR(description)) { 166 ret = PTR_ERR(description); 167 goto error; 168 } 169 170 /* pull the callout info into kernel space */ 171 callout_info = NULL; 172 callout_len = 0; 173 if (_callout_info) { 174 callout_info = strndup_user(_callout_info, PAGE_SIZE); 175 if (IS_ERR(callout_info)) { 176 ret = PTR_ERR(callout_info); 177 goto error2; 178 } 179 callout_len = strlen(callout_info); 180 } 181 182 /* get the destination keyring if specified */ 183 dest_ref = NULL; 184 if (destringid) { 185 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 186 KEY_WRITE); 187 if (IS_ERR(dest_ref)) { 188 ret = PTR_ERR(dest_ref); 189 goto error3; 190 } 191 } 192 193 /* find the key type */ 194 ktype = key_type_lookup(type); 195 if (IS_ERR(ktype)) { 196 ret = PTR_ERR(ktype); 197 goto error4; 198 } 199 200 /* do the search */ 201 key = request_key_and_link(ktype, description, callout_info, 202 callout_len, NULL, key_ref_to_ptr(dest_ref), 203 KEY_ALLOC_IN_QUOTA); 204 if (IS_ERR(key)) { 205 ret = PTR_ERR(key); 206 goto error5; 207 } 208 209 /* wait for the key to finish being constructed */ 210 ret = wait_for_key_construction(key, 1); 211 if (ret < 0) 212 goto error6; 213 214 ret = key->serial; 215 216 error6: 217 key_put(key); 218 error5: 219 key_type_put(ktype); 220 error4: 221 key_ref_put(dest_ref); 222 error3: 223 kfree(callout_info); 224 error2: 225 kfree(description); 226 error: 227 return ret; 228 } 229 230 /* 231 * Get the ID of the specified process keyring. 232 * 233 * The requested keyring must have search permission to be found. 234 * 235 * If successful, the ID of the requested keyring will be returned. 236 */ 237 long keyctl_get_keyring_ID(key_serial_t id, int create) 238 { 239 key_ref_t key_ref; 240 unsigned long lflags; 241 long ret; 242 243 lflags = create ? KEY_LOOKUP_CREATE : 0; 244 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 245 if (IS_ERR(key_ref)) { 246 ret = PTR_ERR(key_ref); 247 goto error; 248 } 249 250 ret = key_ref_to_ptr(key_ref)->serial; 251 key_ref_put(key_ref); 252 error: 253 return ret; 254 } 255 256 /* 257 * Join a (named) session keyring. 258 * 259 * Create and join an anonymous session keyring or join a named session 260 * keyring, creating it if necessary. A named session keyring must have Search 261 * permission for it to be joined. Session keyrings without this permit will 262 * be skipped over. 263 * 264 * If successful, the ID of the joined session keyring will be returned. 265 */ 266 long keyctl_join_session_keyring(const char __user *_name) 267 { 268 char *name; 269 long ret; 270 271 /* fetch the name from userspace */ 272 name = NULL; 273 if (_name) { 274 name = strndup_user(_name, PAGE_SIZE); 275 if (IS_ERR(name)) { 276 ret = PTR_ERR(name); 277 goto error; 278 } 279 } 280 281 /* join the session */ 282 ret = join_session_keyring(name); 283 kfree(name); 284 285 error: 286 return ret; 287 } 288 289 /* 290 * Update a key's data payload from the given data. 291 * 292 * The key must grant the caller Write permission and the key type must support 293 * updating for this to work. A negative key can be positively instantiated 294 * with this call. 295 * 296 * If successful, 0 will be returned. If the key type does not support 297 * updating, then -EOPNOTSUPP will be returned. 298 */ 299 long keyctl_update_key(key_serial_t id, 300 const void __user *_payload, 301 size_t plen) 302 { 303 key_ref_t key_ref; 304 void *payload; 305 long ret; 306 307 ret = -EINVAL; 308 if (plen > PAGE_SIZE) 309 goto error; 310 311 /* pull the payload in if one was supplied */ 312 payload = NULL; 313 if (_payload) { 314 ret = -ENOMEM; 315 payload = kmalloc(plen, GFP_KERNEL); 316 if (!payload) 317 goto error; 318 319 ret = -EFAULT; 320 if (copy_from_user(payload, _payload, plen) != 0) 321 goto error2; 322 } 323 324 /* find the target key (which must be writable) */ 325 key_ref = lookup_user_key(id, 0, KEY_WRITE); 326 if (IS_ERR(key_ref)) { 327 ret = PTR_ERR(key_ref); 328 goto error2; 329 } 330 331 /* update the key */ 332 ret = key_update(key_ref, payload, plen); 333 334 key_ref_put(key_ref); 335 error2: 336 kfree(payload); 337 error: 338 return ret; 339 } 340 341 /* 342 * Revoke a key. 343 * 344 * The key must be grant the caller Write or Setattr permission for this to 345 * work. The key type should give up its quota claim when revoked. The key 346 * and any links to the key will be automatically garbage collected after a 347 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 348 * 349 * If successful, 0 is returned. 350 */ 351 long keyctl_revoke_key(key_serial_t id) 352 { 353 key_ref_t key_ref; 354 long ret; 355 356 key_ref = lookup_user_key(id, 0, KEY_WRITE); 357 if (IS_ERR(key_ref)) { 358 ret = PTR_ERR(key_ref); 359 if (ret != -EACCES) 360 goto error; 361 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 362 if (IS_ERR(key_ref)) { 363 ret = PTR_ERR(key_ref); 364 goto error; 365 } 366 } 367 368 key_revoke(key_ref_to_ptr(key_ref)); 369 ret = 0; 370 371 key_ref_put(key_ref); 372 error: 373 return ret; 374 } 375 376 /* 377 * Clear the specified keyring, creating an empty process keyring if one of the 378 * special keyring IDs is used. 379 * 380 * The keyring must grant the caller Write permission for this to work. If 381 * successful, 0 will be returned. 382 */ 383 long keyctl_keyring_clear(key_serial_t ringid) 384 { 385 key_ref_t keyring_ref; 386 long ret; 387 388 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 389 if (IS_ERR(keyring_ref)) { 390 ret = PTR_ERR(keyring_ref); 391 392 /* Root is permitted to invalidate certain special keyrings */ 393 if (capable(CAP_SYS_ADMIN)) { 394 keyring_ref = lookup_user_key(ringid, 0, 0); 395 if (IS_ERR(keyring_ref)) 396 goto error; 397 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 398 &key_ref_to_ptr(keyring_ref)->flags)) 399 goto clear; 400 goto error_put; 401 } 402 403 goto error; 404 } 405 406 clear: 407 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 408 error_put: 409 key_ref_put(keyring_ref); 410 error: 411 return ret; 412 } 413 414 /* 415 * Create a link from a keyring to a key if there's no matching key in the 416 * keyring, otherwise replace the link to the matching key with a link to the 417 * new key. 418 * 419 * The key must grant the caller Link permission and the the keyring must grant 420 * the caller Write permission. Furthermore, if an additional link is created, 421 * the keyring's quota will be extended. 422 * 423 * If successful, 0 will be returned. 424 */ 425 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 426 { 427 key_ref_t keyring_ref, key_ref; 428 long ret; 429 430 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 431 if (IS_ERR(keyring_ref)) { 432 ret = PTR_ERR(keyring_ref); 433 goto error; 434 } 435 436 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 437 if (IS_ERR(key_ref)) { 438 ret = PTR_ERR(key_ref); 439 goto error2; 440 } 441 442 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 443 444 key_ref_put(key_ref); 445 error2: 446 key_ref_put(keyring_ref); 447 error: 448 return ret; 449 } 450 451 /* 452 * Unlink a key from a keyring. 453 * 454 * The keyring must grant the caller Write permission for this to work; the key 455 * itself need not grant the caller anything. If the last link to a key is 456 * removed then that key will be scheduled for destruction. 457 * 458 * If successful, 0 will be returned. 459 */ 460 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 461 { 462 key_ref_t keyring_ref, key_ref; 463 long ret; 464 465 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 466 if (IS_ERR(keyring_ref)) { 467 ret = PTR_ERR(keyring_ref); 468 goto error; 469 } 470 471 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 472 if (IS_ERR(key_ref)) { 473 ret = PTR_ERR(key_ref); 474 goto error2; 475 } 476 477 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 478 479 key_ref_put(key_ref); 480 error2: 481 key_ref_put(keyring_ref); 482 error: 483 return ret; 484 } 485 486 /* 487 * Return a description of a key to userspace. 488 * 489 * The key must grant the caller View permission for this to work. 490 * 491 * If there's a buffer, we place up to buflen bytes of data into it formatted 492 * in the following way: 493 * 494 * type;uid;gid;perm;description<NUL> 495 * 496 * If successful, we return the amount of description available, irrespective 497 * of how much we may have copied into the buffer. 498 */ 499 long keyctl_describe_key(key_serial_t keyid, 500 char __user *buffer, 501 size_t buflen) 502 { 503 struct key *key, *instkey; 504 key_ref_t key_ref; 505 char *tmpbuf; 506 long ret; 507 508 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 509 if (IS_ERR(key_ref)) { 510 /* viewing a key under construction is permitted if we have the 511 * authorisation token handy */ 512 if (PTR_ERR(key_ref) == -EACCES) { 513 instkey = key_get_instantiation_authkey(keyid); 514 if (!IS_ERR(instkey)) { 515 key_put(instkey); 516 key_ref = lookup_user_key(keyid, 517 KEY_LOOKUP_PARTIAL, 518 0); 519 if (!IS_ERR(key_ref)) 520 goto okay; 521 } 522 } 523 524 ret = PTR_ERR(key_ref); 525 goto error; 526 } 527 528 okay: 529 /* calculate how much description we're going to return */ 530 ret = -ENOMEM; 531 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 532 if (!tmpbuf) 533 goto error2; 534 535 key = key_ref_to_ptr(key_ref); 536 537 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 538 "%s;%d;%d;%08x;%s", 539 key->type->name, 540 key->uid, 541 key->gid, 542 key->perm, 543 key->description ?: ""); 544 545 /* include a NUL char at the end of the data */ 546 if (ret > PAGE_SIZE - 1) 547 ret = PAGE_SIZE - 1; 548 tmpbuf[ret] = 0; 549 ret++; 550 551 /* consider returning the data */ 552 if (buffer && buflen > 0) { 553 if (buflen > ret) 554 buflen = ret; 555 556 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 557 ret = -EFAULT; 558 } 559 560 kfree(tmpbuf); 561 error2: 562 key_ref_put(key_ref); 563 error: 564 return ret; 565 } 566 567 /* 568 * Search the specified keyring and any keyrings it links to for a matching 569 * key. Only keyrings that grant the caller Search permission will be searched 570 * (this includes the starting keyring). Only keys with Search permission can 571 * be found. 572 * 573 * If successful, the found key will be linked to the destination keyring if 574 * supplied and the key has Link permission, and the found key ID will be 575 * returned. 576 */ 577 long keyctl_keyring_search(key_serial_t ringid, 578 const char __user *_type, 579 const char __user *_description, 580 key_serial_t destringid) 581 { 582 struct key_type *ktype; 583 key_ref_t keyring_ref, key_ref, dest_ref; 584 char type[32], *description; 585 long ret; 586 587 /* pull the type and description into kernel space */ 588 ret = key_get_type_from_user(type, _type, sizeof(type)); 589 if (ret < 0) 590 goto error; 591 592 description = strndup_user(_description, PAGE_SIZE); 593 if (IS_ERR(description)) { 594 ret = PTR_ERR(description); 595 goto error; 596 } 597 598 /* get the keyring at which to begin the search */ 599 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 600 if (IS_ERR(keyring_ref)) { 601 ret = PTR_ERR(keyring_ref); 602 goto error2; 603 } 604 605 /* get the destination keyring if specified */ 606 dest_ref = NULL; 607 if (destringid) { 608 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 609 KEY_WRITE); 610 if (IS_ERR(dest_ref)) { 611 ret = PTR_ERR(dest_ref); 612 goto error3; 613 } 614 } 615 616 /* find the key type */ 617 ktype = key_type_lookup(type); 618 if (IS_ERR(ktype)) { 619 ret = PTR_ERR(ktype); 620 goto error4; 621 } 622 623 /* do the search */ 624 key_ref = keyring_search(keyring_ref, ktype, description); 625 if (IS_ERR(key_ref)) { 626 ret = PTR_ERR(key_ref); 627 628 /* treat lack or presence of a negative key the same */ 629 if (ret == -EAGAIN) 630 ret = -ENOKEY; 631 goto error5; 632 } 633 634 /* link the resulting key to the destination keyring if we can */ 635 if (dest_ref) { 636 ret = key_permission(key_ref, KEY_LINK); 637 if (ret < 0) 638 goto error6; 639 640 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 641 if (ret < 0) 642 goto error6; 643 } 644 645 ret = key_ref_to_ptr(key_ref)->serial; 646 647 error6: 648 key_ref_put(key_ref); 649 error5: 650 key_type_put(ktype); 651 error4: 652 key_ref_put(dest_ref); 653 error3: 654 key_ref_put(keyring_ref); 655 error2: 656 kfree(description); 657 error: 658 return ret; 659 } 660 661 /* 662 * Read a key's payload. 663 * 664 * The key must either grant the caller Read permission, or it must grant the 665 * caller Search permission when searched for from the process keyrings. 666 * 667 * If successful, we place up to buflen bytes of data into the buffer, if one 668 * is provided, and return the amount of data that is available in the key, 669 * irrespective of how much we copied into the buffer. 670 */ 671 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 672 { 673 struct key *key; 674 key_ref_t key_ref; 675 long ret; 676 677 /* find the key first */ 678 key_ref = lookup_user_key(keyid, 0, 0); 679 if (IS_ERR(key_ref)) { 680 ret = -ENOKEY; 681 goto error; 682 } 683 684 key = key_ref_to_ptr(key_ref); 685 686 /* see if we can read it directly */ 687 ret = key_permission(key_ref, KEY_READ); 688 if (ret == 0) 689 goto can_read_key; 690 if (ret != -EACCES) 691 goto error; 692 693 /* we can't; see if it's searchable from this process's keyrings 694 * - we automatically take account of the fact that it may be 695 * dangling off an instantiation key 696 */ 697 if (!is_key_possessed(key_ref)) { 698 ret = -EACCES; 699 goto error2; 700 } 701 702 /* the key is probably readable - now try to read it */ 703 can_read_key: 704 ret = key_validate(key); 705 if (ret == 0) { 706 ret = -EOPNOTSUPP; 707 if (key->type->read) { 708 /* read the data with the semaphore held (since we 709 * might sleep) */ 710 down_read(&key->sem); 711 ret = key->type->read(key, buffer, buflen); 712 up_read(&key->sem); 713 } 714 } 715 716 error2: 717 key_put(key); 718 error: 719 return ret; 720 } 721 722 /* 723 * Change the ownership of a key 724 * 725 * The key must grant the caller Setattr permission for this to work, though 726 * the key need not be fully instantiated yet. For the UID to be changed, or 727 * for the GID to be changed to a group the caller is not a member of, the 728 * caller must have sysadmin capability. If either uid or gid is -1 then that 729 * attribute is not changed. 730 * 731 * If the UID is to be changed, the new user must have sufficient quota to 732 * accept the key. The quota deduction will be removed from the old user to 733 * the new user should the attribute be changed. 734 * 735 * If successful, 0 will be returned. 736 */ 737 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 738 { 739 struct key_user *newowner, *zapowner = NULL; 740 struct key *key; 741 key_ref_t key_ref; 742 long ret; 743 744 ret = 0; 745 if (uid == (uid_t) -1 && gid == (gid_t) -1) 746 goto error; 747 748 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 749 KEY_SETATTR); 750 if (IS_ERR(key_ref)) { 751 ret = PTR_ERR(key_ref); 752 goto error; 753 } 754 755 key = key_ref_to_ptr(key_ref); 756 757 /* make the changes with the locks held to prevent chown/chown races */ 758 ret = -EACCES; 759 down_write(&key->sem); 760 761 if (!capable(CAP_SYS_ADMIN)) { 762 /* only the sysadmin can chown a key to some other UID */ 763 if (uid != (uid_t) -1 && key->uid != uid) 764 goto error_put; 765 766 /* only the sysadmin can set the key's GID to a group other 767 * than one of those that the current process subscribes to */ 768 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 769 goto error_put; 770 } 771 772 /* change the UID */ 773 if (uid != (uid_t) -1 && uid != key->uid) { 774 ret = -ENOMEM; 775 newowner = key_user_lookup(uid, current_user_ns()); 776 if (!newowner) 777 goto error_put; 778 779 /* transfer the quota burden to the new user */ 780 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 781 unsigned maxkeys = (uid == 0) ? 782 key_quota_root_maxkeys : key_quota_maxkeys; 783 unsigned maxbytes = (uid == 0) ? 784 key_quota_root_maxbytes : key_quota_maxbytes; 785 786 spin_lock(&newowner->lock); 787 if (newowner->qnkeys + 1 >= maxkeys || 788 newowner->qnbytes + key->quotalen >= maxbytes || 789 newowner->qnbytes + key->quotalen < 790 newowner->qnbytes) 791 goto quota_overrun; 792 793 newowner->qnkeys++; 794 newowner->qnbytes += key->quotalen; 795 spin_unlock(&newowner->lock); 796 797 spin_lock(&key->user->lock); 798 key->user->qnkeys--; 799 key->user->qnbytes -= key->quotalen; 800 spin_unlock(&key->user->lock); 801 } 802 803 atomic_dec(&key->user->nkeys); 804 atomic_inc(&newowner->nkeys); 805 806 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 807 atomic_dec(&key->user->nikeys); 808 atomic_inc(&newowner->nikeys); 809 } 810 811 zapowner = key->user; 812 key->user = newowner; 813 key->uid = uid; 814 } 815 816 /* change the GID */ 817 if (gid != (gid_t) -1) 818 key->gid = gid; 819 820 ret = 0; 821 822 error_put: 823 up_write(&key->sem); 824 key_put(key); 825 if (zapowner) 826 key_user_put(zapowner); 827 error: 828 return ret; 829 830 quota_overrun: 831 spin_unlock(&newowner->lock); 832 zapowner = newowner; 833 ret = -EDQUOT; 834 goto error_put; 835 } 836 837 /* 838 * Change the permission mask on a key. 839 * 840 * The key must grant the caller Setattr permission for this to work, though 841 * the key need not be fully instantiated yet. If the caller does not have 842 * sysadmin capability, it may only change the permission on keys that it owns. 843 */ 844 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 845 { 846 struct key *key; 847 key_ref_t key_ref; 848 long ret; 849 850 ret = -EINVAL; 851 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 852 goto error; 853 854 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 855 KEY_SETATTR); 856 if (IS_ERR(key_ref)) { 857 ret = PTR_ERR(key_ref); 858 goto error; 859 } 860 861 key = key_ref_to_ptr(key_ref); 862 863 /* make the changes with the locks held to prevent chown/chmod races */ 864 ret = -EACCES; 865 down_write(&key->sem); 866 867 /* if we're not the sysadmin, we can only change a key that we own */ 868 if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { 869 key->perm = perm; 870 ret = 0; 871 } 872 873 up_write(&key->sem); 874 key_put(key); 875 error: 876 return ret; 877 } 878 879 /* 880 * Get the destination keyring for instantiation and check that the caller has 881 * Write permission on it. 882 */ 883 static long get_instantiation_keyring(key_serial_t ringid, 884 struct request_key_auth *rka, 885 struct key **_dest_keyring) 886 { 887 key_ref_t dkref; 888 889 *_dest_keyring = NULL; 890 891 /* just return a NULL pointer if we weren't asked to make a link */ 892 if (ringid == 0) 893 return 0; 894 895 /* if a specific keyring is nominated by ID, then use that */ 896 if (ringid > 0) { 897 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 898 if (IS_ERR(dkref)) 899 return PTR_ERR(dkref); 900 *_dest_keyring = key_ref_to_ptr(dkref); 901 return 0; 902 } 903 904 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 905 return -EINVAL; 906 907 /* otherwise specify the destination keyring recorded in the 908 * authorisation key (any KEY_SPEC_*_KEYRING) */ 909 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 910 *_dest_keyring = key_get(rka->dest_keyring); 911 return 0; 912 } 913 914 return -ENOKEY; 915 } 916 917 /* 918 * Change the request_key authorisation key on the current process. 919 */ 920 static int keyctl_change_reqkey_auth(struct key *key) 921 { 922 struct cred *new; 923 924 new = prepare_creds(); 925 if (!new) 926 return -ENOMEM; 927 928 key_put(new->request_key_auth); 929 new->request_key_auth = key_get(key); 930 931 return commit_creds(new); 932 } 933 934 /* 935 * Copy the iovec data from userspace 936 */ 937 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 938 unsigned ioc) 939 { 940 for (; ioc > 0; ioc--) { 941 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 942 return -EFAULT; 943 buffer += iov->iov_len; 944 iov++; 945 } 946 return 0; 947 } 948 949 /* 950 * Instantiate a key with the specified payload and link the key into the 951 * destination keyring if one is given. 952 * 953 * The caller must have the appropriate instantiation permit set for this to 954 * work (see keyctl_assume_authority). No other permissions are required. 955 * 956 * If successful, 0 will be returned. 957 */ 958 long keyctl_instantiate_key_common(key_serial_t id, 959 const struct iovec *payload_iov, 960 unsigned ioc, 961 size_t plen, 962 key_serial_t ringid) 963 { 964 const struct cred *cred = current_cred(); 965 struct request_key_auth *rka; 966 struct key *instkey, *dest_keyring; 967 void *payload; 968 long ret; 969 bool vm = false; 970 971 kenter("%d,,%zu,%d", id, plen, ringid); 972 973 ret = -EINVAL; 974 if (plen > 1024 * 1024 - 1) 975 goto error; 976 977 /* the appropriate instantiation authorisation key must have been 978 * assumed before calling this */ 979 ret = -EPERM; 980 instkey = cred->request_key_auth; 981 if (!instkey) 982 goto error; 983 984 rka = instkey->payload.data; 985 if (rka->target_key->serial != id) 986 goto error; 987 988 /* pull the payload in if one was supplied */ 989 payload = NULL; 990 991 if (payload_iov) { 992 ret = -ENOMEM; 993 payload = kmalloc(plen, GFP_KERNEL); 994 if (!payload) { 995 if (plen <= PAGE_SIZE) 996 goto error; 997 vm = true; 998 payload = vmalloc(plen); 999 if (!payload) 1000 goto error; 1001 } 1002 1003 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1004 if (ret < 0) 1005 goto error2; 1006 } 1007 1008 /* find the destination keyring amongst those belonging to the 1009 * requesting task */ 1010 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1011 if (ret < 0) 1012 goto error2; 1013 1014 /* instantiate the key and link it into a keyring */ 1015 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1016 dest_keyring, instkey); 1017 1018 key_put(dest_keyring); 1019 1020 /* discard the assumed authority if it's just been disabled by 1021 * instantiation of the key */ 1022 if (ret == 0) 1023 keyctl_change_reqkey_auth(NULL); 1024 1025 error2: 1026 if (!vm) 1027 kfree(payload); 1028 else 1029 vfree(payload); 1030 error: 1031 return ret; 1032 } 1033 1034 /* 1035 * Instantiate a key with the specified payload and link the key into the 1036 * destination keyring if one is given. 1037 * 1038 * The caller must have the appropriate instantiation permit set for this to 1039 * work (see keyctl_assume_authority). No other permissions are required. 1040 * 1041 * If successful, 0 will be returned. 1042 */ 1043 long keyctl_instantiate_key(key_serial_t id, 1044 const void __user *_payload, 1045 size_t plen, 1046 key_serial_t ringid) 1047 { 1048 if (_payload && plen) { 1049 struct iovec iov[1] = { 1050 [0].iov_base = (void __user *)_payload, 1051 [0].iov_len = plen 1052 }; 1053 1054 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1055 } 1056 1057 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1058 } 1059 1060 /* 1061 * Instantiate a key with the specified multipart payload and link the key into 1062 * the destination keyring if one is given. 1063 * 1064 * The caller must have the appropriate instantiation permit set for this to 1065 * work (see keyctl_assume_authority). No other permissions are required. 1066 * 1067 * If successful, 0 will be returned. 1068 */ 1069 long keyctl_instantiate_key_iov(key_serial_t id, 1070 const struct iovec __user *_payload_iov, 1071 unsigned ioc, 1072 key_serial_t ringid) 1073 { 1074 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1075 long ret; 1076 1077 if (_payload_iov == 0 || ioc == 0) 1078 goto no_payload; 1079 1080 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1081 ARRAY_SIZE(iovstack), iovstack, &iov, 1); 1082 if (ret < 0) 1083 return ret; 1084 if (ret == 0) 1085 goto no_payload_free; 1086 1087 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1088 1089 if (iov != iovstack) 1090 kfree(iov); 1091 return ret; 1092 1093 no_payload_free: 1094 if (iov != iovstack) 1095 kfree(iov); 1096 no_payload: 1097 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1098 } 1099 1100 /* 1101 * Negatively instantiate the key with the given timeout (in seconds) and link 1102 * the key into the destination keyring if one is given. 1103 * 1104 * The caller must have the appropriate instantiation permit set for this to 1105 * work (see keyctl_assume_authority). No other permissions are required. 1106 * 1107 * The key and any links to the key will be automatically garbage collected 1108 * after the timeout expires. 1109 * 1110 * Negative keys are used to rate limit repeated request_key() calls by causing 1111 * them to return -ENOKEY until the negative key expires. 1112 * 1113 * If successful, 0 will be returned. 1114 */ 1115 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1116 { 1117 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1118 } 1119 1120 /* 1121 * Negatively instantiate the key with the given timeout (in seconds) and error 1122 * code and link the key into the destination keyring if one is given. 1123 * 1124 * The caller must have the appropriate instantiation permit set for this to 1125 * work (see keyctl_assume_authority). No other permissions are required. 1126 * 1127 * The key and any links to the key will be automatically garbage collected 1128 * after the timeout expires. 1129 * 1130 * Negative keys are used to rate limit repeated request_key() calls by causing 1131 * them to return the specified error code until the negative key expires. 1132 * 1133 * If successful, 0 will be returned. 1134 */ 1135 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1136 key_serial_t ringid) 1137 { 1138 const struct cred *cred = current_cred(); 1139 struct request_key_auth *rka; 1140 struct key *instkey, *dest_keyring; 1141 long ret; 1142 1143 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1144 1145 /* must be a valid error code and mustn't be a kernel special */ 1146 if (error <= 0 || 1147 error >= MAX_ERRNO || 1148 error == ERESTARTSYS || 1149 error == ERESTARTNOINTR || 1150 error == ERESTARTNOHAND || 1151 error == ERESTART_RESTARTBLOCK) 1152 return -EINVAL; 1153 1154 /* the appropriate instantiation authorisation key must have been 1155 * assumed before calling this */ 1156 ret = -EPERM; 1157 instkey = cred->request_key_auth; 1158 if (!instkey) 1159 goto error; 1160 1161 rka = instkey->payload.data; 1162 if (rka->target_key->serial != id) 1163 goto error; 1164 1165 /* find the destination keyring if present (which must also be 1166 * writable) */ 1167 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1168 if (ret < 0) 1169 goto error; 1170 1171 /* instantiate the key and link it into a keyring */ 1172 ret = key_reject_and_link(rka->target_key, timeout, error, 1173 dest_keyring, instkey); 1174 1175 key_put(dest_keyring); 1176 1177 /* discard the assumed authority if it's just been disabled by 1178 * instantiation of the key */ 1179 if (ret == 0) 1180 keyctl_change_reqkey_auth(NULL); 1181 1182 error: 1183 return ret; 1184 } 1185 1186 /* 1187 * Read or set the default keyring in which request_key() will cache keys and 1188 * return the old setting. 1189 * 1190 * If a process keyring is specified then this will be created if it doesn't 1191 * yet exist. The old setting will be returned if successful. 1192 */ 1193 long keyctl_set_reqkey_keyring(int reqkey_defl) 1194 { 1195 struct cred *new; 1196 int ret, old_setting; 1197 1198 old_setting = current_cred_xxx(jit_keyring); 1199 1200 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1201 return old_setting; 1202 1203 new = prepare_creds(); 1204 if (!new) 1205 return -ENOMEM; 1206 1207 switch (reqkey_defl) { 1208 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1209 ret = install_thread_keyring_to_cred(new); 1210 if (ret < 0) 1211 goto error; 1212 goto set; 1213 1214 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1215 ret = install_process_keyring_to_cred(new); 1216 if (ret < 0) { 1217 if (ret != -EEXIST) 1218 goto error; 1219 ret = 0; 1220 } 1221 goto set; 1222 1223 case KEY_REQKEY_DEFL_DEFAULT: 1224 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1225 case KEY_REQKEY_DEFL_USER_KEYRING: 1226 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1227 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1228 goto set; 1229 1230 case KEY_REQKEY_DEFL_NO_CHANGE: 1231 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1232 default: 1233 ret = -EINVAL; 1234 goto error; 1235 } 1236 1237 set: 1238 new->jit_keyring = reqkey_defl; 1239 commit_creds(new); 1240 return old_setting; 1241 error: 1242 abort_creds(new); 1243 return ret; 1244 } 1245 1246 /* 1247 * Set or clear the timeout on a key. 1248 * 1249 * Either the key must grant the caller Setattr permission or else the caller 1250 * must hold an instantiation authorisation token for the key. 1251 * 1252 * The timeout is either 0 to clear the timeout, or a number of seconds from 1253 * the current time. The key and any links to the key will be automatically 1254 * garbage collected after the timeout expires. 1255 * 1256 * If successful, 0 is returned. 1257 */ 1258 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1259 { 1260 struct timespec now; 1261 struct key *key, *instkey; 1262 key_ref_t key_ref; 1263 time_t expiry; 1264 long ret; 1265 1266 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1267 KEY_SETATTR); 1268 if (IS_ERR(key_ref)) { 1269 /* setting the timeout on a key under construction is permitted 1270 * if we have the authorisation token handy */ 1271 if (PTR_ERR(key_ref) == -EACCES) { 1272 instkey = key_get_instantiation_authkey(id); 1273 if (!IS_ERR(instkey)) { 1274 key_put(instkey); 1275 key_ref = lookup_user_key(id, 1276 KEY_LOOKUP_PARTIAL, 1277 0); 1278 if (!IS_ERR(key_ref)) 1279 goto okay; 1280 } 1281 } 1282 1283 ret = PTR_ERR(key_ref); 1284 goto error; 1285 } 1286 1287 okay: 1288 key = key_ref_to_ptr(key_ref); 1289 1290 /* make the changes with the locks held to prevent races */ 1291 down_write(&key->sem); 1292 1293 expiry = 0; 1294 if (timeout > 0) { 1295 now = current_kernel_time(); 1296 expiry = now.tv_sec + timeout; 1297 } 1298 1299 key->expiry = expiry; 1300 key_schedule_gc(key->expiry + key_gc_delay); 1301 1302 up_write(&key->sem); 1303 key_put(key); 1304 1305 ret = 0; 1306 error: 1307 return ret; 1308 } 1309 1310 /* 1311 * Assume (or clear) the authority to instantiate the specified key. 1312 * 1313 * This sets the authoritative token currently in force for key instantiation. 1314 * This must be done for a key to be instantiated. It has the effect of making 1315 * available all the keys from the caller of the request_key() that created a 1316 * key to request_key() calls made by the caller of this function. 1317 * 1318 * The caller must have the instantiation key in their process keyrings with a 1319 * Search permission grant available to the caller. 1320 * 1321 * If the ID given is 0, then the setting will be cleared and 0 returned. 1322 * 1323 * If the ID given has a matching an authorisation key, then that key will be 1324 * set and its ID will be returned. The authorisation key can be read to get 1325 * the callout information passed to request_key(). 1326 */ 1327 long keyctl_assume_authority(key_serial_t id) 1328 { 1329 struct key *authkey; 1330 long ret; 1331 1332 /* special key IDs aren't permitted */ 1333 ret = -EINVAL; 1334 if (id < 0) 1335 goto error; 1336 1337 /* we divest ourselves of authority if given an ID of 0 */ 1338 if (id == 0) { 1339 ret = keyctl_change_reqkey_auth(NULL); 1340 goto error; 1341 } 1342 1343 /* attempt to assume the authority temporarily granted to us whilst we 1344 * instantiate the specified key 1345 * - the authorisation key must be in the current task's keyrings 1346 * somewhere 1347 */ 1348 authkey = key_get_instantiation_authkey(id); 1349 if (IS_ERR(authkey)) { 1350 ret = PTR_ERR(authkey); 1351 goto error; 1352 } 1353 1354 ret = keyctl_change_reqkey_auth(authkey); 1355 if (ret < 0) 1356 goto error; 1357 key_put(authkey); 1358 1359 ret = authkey->serial; 1360 error: 1361 return ret; 1362 } 1363 1364 /* 1365 * Get a key's the LSM security label. 1366 * 1367 * The key must grant the caller View permission for this to work. 1368 * 1369 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1370 * 1371 * If successful, the amount of information available will be returned, 1372 * irrespective of how much was copied (including the terminal NUL). 1373 */ 1374 long keyctl_get_security(key_serial_t keyid, 1375 char __user *buffer, 1376 size_t buflen) 1377 { 1378 struct key *key, *instkey; 1379 key_ref_t key_ref; 1380 char *context; 1381 long ret; 1382 1383 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1384 if (IS_ERR(key_ref)) { 1385 if (PTR_ERR(key_ref) != -EACCES) 1386 return PTR_ERR(key_ref); 1387 1388 /* viewing a key under construction is also permitted if we 1389 * have the authorisation token handy */ 1390 instkey = key_get_instantiation_authkey(keyid); 1391 if (IS_ERR(instkey)) 1392 return PTR_ERR(instkey); 1393 key_put(instkey); 1394 1395 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1396 if (IS_ERR(key_ref)) 1397 return PTR_ERR(key_ref); 1398 } 1399 1400 key = key_ref_to_ptr(key_ref); 1401 ret = security_key_getsecurity(key, &context); 1402 if (ret == 0) { 1403 /* if no information was returned, give userspace an empty 1404 * string */ 1405 ret = 1; 1406 if (buffer && buflen > 0 && 1407 copy_to_user(buffer, "", 1) != 0) 1408 ret = -EFAULT; 1409 } else if (ret > 0) { 1410 /* return as much data as there's room for */ 1411 if (buffer && buflen > 0) { 1412 if (buflen > ret) 1413 buflen = ret; 1414 1415 if (copy_to_user(buffer, context, buflen) != 0) 1416 ret = -EFAULT; 1417 } 1418 1419 kfree(context); 1420 } 1421 1422 key_ref_put(key_ref); 1423 return ret; 1424 } 1425 1426 /* 1427 * Attempt to install the calling process's session keyring on the process's 1428 * parent process. 1429 * 1430 * The keyring must exist and must grant the caller LINK permission, and the 1431 * parent process must be single-threaded and must have the same effective 1432 * ownership as this process and mustn't be SUID/SGID. 1433 * 1434 * The keyring will be emplaced on the parent when it next resumes userspace. 1435 * 1436 * If successful, 0 will be returned. 1437 */ 1438 long keyctl_session_to_parent(void) 1439 { 1440 #ifdef TIF_NOTIFY_RESUME 1441 struct task_struct *me, *parent; 1442 const struct cred *mycred, *pcred; 1443 struct cred *cred, *oldcred; 1444 key_ref_t keyring_r; 1445 int ret; 1446 1447 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1448 if (IS_ERR(keyring_r)) 1449 return PTR_ERR(keyring_r); 1450 1451 /* our parent is going to need a new cred struct, a new tgcred struct 1452 * and new security data, so we allocate them here to prevent ENOMEM in 1453 * our parent */ 1454 ret = -ENOMEM; 1455 cred = cred_alloc_blank(); 1456 if (!cred) 1457 goto error_keyring; 1458 1459 cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r); 1460 keyring_r = NULL; 1461 1462 me = current; 1463 rcu_read_lock(); 1464 write_lock_irq(&tasklist_lock); 1465 1466 parent = me->real_parent; 1467 ret = -EPERM; 1468 1469 /* the parent mustn't be init and mustn't be a kernel thread */ 1470 if (parent->pid <= 1 || !parent->mm) 1471 goto not_permitted; 1472 1473 /* the parent must be single threaded */ 1474 if (!thread_group_empty(parent)) 1475 goto not_permitted; 1476 1477 /* the parent and the child must have different session keyrings or 1478 * there's no point */ 1479 mycred = current_cred(); 1480 pcred = __task_cred(parent); 1481 if (mycred == pcred || 1482 mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) 1483 goto already_same; 1484 1485 /* the parent must have the same effective ownership and mustn't be 1486 * SUID/SGID */ 1487 if (pcred->uid != mycred->euid || 1488 pcred->euid != mycred->euid || 1489 pcred->suid != mycred->euid || 1490 pcred->gid != mycred->egid || 1491 pcred->egid != mycred->egid || 1492 pcred->sgid != mycred->egid) 1493 goto not_permitted; 1494 1495 /* the keyrings must have the same UID */ 1496 if ((pcred->tgcred->session_keyring && 1497 pcred->tgcred->session_keyring->uid != mycred->euid) || 1498 mycred->tgcred->session_keyring->uid != mycred->euid) 1499 goto not_permitted; 1500 1501 /* if there's an already pending keyring replacement, then we replace 1502 * that */ 1503 oldcred = parent->replacement_session_keyring; 1504 1505 /* the replacement session keyring is applied just prior to userspace 1506 * restarting */ 1507 parent->replacement_session_keyring = cred; 1508 cred = NULL; 1509 set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME); 1510 1511 write_unlock_irq(&tasklist_lock); 1512 rcu_read_unlock(); 1513 if (oldcred) 1514 put_cred(oldcred); 1515 return 0; 1516 1517 already_same: 1518 ret = 0; 1519 not_permitted: 1520 write_unlock_irq(&tasklist_lock); 1521 rcu_read_unlock(); 1522 put_cred(cred); 1523 return ret; 1524 1525 error_keyring: 1526 key_ref_put(keyring_r); 1527 return ret; 1528 1529 #else /* !TIF_NOTIFY_RESUME */ 1530 /* 1531 * To be removed when TIF_NOTIFY_RESUME has been implemented on 1532 * m68k/xtensa 1533 */ 1534 #warning TIF_NOTIFY_RESUME not implemented 1535 return -EOPNOTSUPP; 1536 #endif /* !TIF_NOTIFY_RESUME */ 1537 } 1538 1539 /* 1540 * The key control system call 1541 */ 1542 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1543 unsigned long, arg4, unsigned long, arg5) 1544 { 1545 switch (option) { 1546 case KEYCTL_GET_KEYRING_ID: 1547 return keyctl_get_keyring_ID((key_serial_t) arg2, 1548 (int) arg3); 1549 1550 case KEYCTL_JOIN_SESSION_KEYRING: 1551 return keyctl_join_session_keyring((const char __user *) arg2); 1552 1553 case KEYCTL_UPDATE: 1554 return keyctl_update_key((key_serial_t) arg2, 1555 (const void __user *) arg3, 1556 (size_t) arg4); 1557 1558 case KEYCTL_REVOKE: 1559 return keyctl_revoke_key((key_serial_t) arg2); 1560 1561 case KEYCTL_DESCRIBE: 1562 return keyctl_describe_key((key_serial_t) arg2, 1563 (char __user *) arg3, 1564 (unsigned) arg4); 1565 1566 case KEYCTL_CLEAR: 1567 return keyctl_keyring_clear((key_serial_t) arg2); 1568 1569 case KEYCTL_LINK: 1570 return keyctl_keyring_link((key_serial_t) arg2, 1571 (key_serial_t) arg3); 1572 1573 case KEYCTL_UNLINK: 1574 return keyctl_keyring_unlink((key_serial_t) arg2, 1575 (key_serial_t) arg3); 1576 1577 case KEYCTL_SEARCH: 1578 return keyctl_keyring_search((key_serial_t) arg2, 1579 (const char __user *) arg3, 1580 (const char __user *) arg4, 1581 (key_serial_t) arg5); 1582 1583 case KEYCTL_READ: 1584 return keyctl_read_key((key_serial_t) arg2, 1585 (char __user *) arg3, 1586 (size_t) arg4); 1587 1588 case KEYCTL_CHOWN: 1589 return keyctl_chown_key((key_serial_t) arg2, 1590 (uid_t) arg3, 1591 (gid_t) arg4); 1592 1593 case KEYCTL_SETPERM: 1594 return keyctl_setperm_key((key_serial_t) arg2, 1595 (key_perm_t) arg3); 1596 1597 case KEYCTL_INSTANTIATE: 1598 return keyctl_instantiate_key((key_serial_t) arg2, 1599 (const void __user *) arg3, 1600 (size_t) arg4, 1601 (key_serial_t) arg5); 1602 1603 case KEYCTL_NEGATE: 1604 return keyctl_negate_key((key_serial_t) arg2, 1605 (unsigned) arg3, 1606 (key_serial_t) arg4); 1607 1608 case KEYCTL_SET_REQKEY_KEYRING: 1609 return keyctl_set_reqkey_keyring(arg2); 1610 1611 case KEYCTL_SET_TIMEOUT: 1612 return keyctl_set_timeout((key_serial_t) arg2, 1613 (unsigned) arg3); 1614 1615 case KEYCTL_ASSUME_AUTHORITY: 1616 return keyctl_assume_authority((key_serial_t) arg2); 1617 1618 case KEYCTL_GET_SECURITY: 1619 return keyctl_get_security((key_serial_t) arg2, 1620 (char __user *) arg3, 1621 (size_t) arg4); 1622 1623 case KEYCTL_SESSION_TO_PARENT: 1624 return keyctl_session_to_parent(); 1625 1626 case KEYCTL_REJECT: 1627 return keyctl_reject_key((key_serial_t) arg2, 1628 (unsigned) arg3, 1629 (unsigned) arg4, 1630 (key_serial_t) arg5); 1631 1632 case KEYCTL_INSTANTIATE_IOV: 1633 return keyctl_instantiate_key_iov( 1634 (key_serial_t) arg2, 1635 (const struct iovec __user *) arg3, 1636 (unsigned) arg4, 1637 (key_serial_t) arg5); 1638 1639 default: 1640 return -EOPNOTSUPP; 1641 } 1642 } 1643