1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <linux/uio.h> 26 #include <asm/uaccess.h> 27 #include "internal.h" 28 29 #define KEY_MAX_DESC_SIZE 4096 30 31 static int key_get_type_from_user(char *type, 32 const char __user *_type, 33 unsigned len) 34 { 35 int ret; 36 37 ret = strncpy_from_user(type, _type, len); 38 if (ret < 0) 39 return ret; 40 if (ret == 0 || ret >= len) 41 return -EINVAL; 42 if (type[0] == '.') 43 return -EPERM; 44 type[len - 1] = '\0'; 45 return 0; 46 } 47 48 /* 49 * Extract the description of a new key from userspace and either add it as a 50 * new key to the specified keyring or update a matching key in that keyring. 51 * 52 * If the description is NULL or an empty string, the key type is asked to 53 * generate one from the payload. 54 * 55 * The keyring must be writable so that we can attach the key to it. 56 * 57 * If successful, the new key's serial number is returned, otherwise an error 58 * code is returned. 59 */ 60 SYSCALL_DEFINE5(add_key, const char __user *, _type, 61 const char __user *, _description, 62 const void __user *, _payload, 63 size_t, plen, 64 key_serial_t, ringid) 65 { 66 key_ref_t keyring_ref, key_ref; 67 char type[32], *description; 68 void *payload; 69 long ret; 70 bool vm; 71 72 ret = -EINVAL; 73 if (plen > 1024 * 1024 - 1) 74 goto error; 75 76 /* draw all the data into kernel space */ 77 ret = key_get_type_from_user(type, _type, sizeof(type)); 78 if (ret < 0) 79 goto error; 80 81 description = NULL; 82 if (_description) { 83 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 84 if (IS_ERR(description)) { 85 ret = PTR_ERR(description); 86 goto error; 87 } 88 if (!*description) { 89 kfree(description); 90 description = NULL; 91 } else if ((description[0] == '.') && 92 (strncmp(type, "keyring", 7) == 0)) { 93 ret = -EPERM; 94 goto error2; 95 } 96 } 97 98 /* pull the payload in if one was supplied */ 99 payload = NULL; 100 101 vm = false; 102 if (_payload) { 103 ret = -ENOMEM; 104 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 105 if (!payload) { 106 if (plen <= PAGE_SIZE) 107 goto error2; 108 vm = true; 109 payload = vmalloc(plen); 110 if (!payload) 111 goto error2; 112 } 113 114 ret = -EFAULT; 115 if (copy_from_user(payload, _payload, plen) != 0) 116 goto error3; 117 } 118 119 /* find the target keyring (which must be writable) */ 120 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 121 if (IS_ERR(keyring_ref)) { 122 ret = PTR_ERR(keyring_ref); 123 goto error3; 124 } 125 126 /* create or update the requested key and add it to the target 127 * keyring */ 128 key_ref = key_create_or_update(keyring_ref, type, description, 129 payload, plen, KEY_PERM_UNDEF, 130 KEY_ALLOC_IN_QUOTA); 131 if (!IS_ERR(key_ref)) { 132 ret = key_ref_to_ptr(key_ref)->serial; 133 key_ref_put(key_ref); 134 } 135 else { 136 ret = PTR_ERR(key_ref); 137 } 138 139 key_ref_put(keyring_ref); 140 error3: 141 if (!vm) 142 kfree(payload); 143 else 144 vfree(payload); 145 error2: 146 kfree(description); 147 error: 148 return ret; 149 } 150 151 /* 152 * Search the process keyrings and keyring trees linked from those for a 153 * matching key. Keyrings must have appropriate Search permission to be 154 * searched. 155 * 156 * If a key is found, it will be attached to the destination keyring if there's 157 * one specified and the serial number of the key will be returned. 158 * 159 * If no key is found, /sbin/request-key will be invoked if _callout_info is 160 * non-NULL in an attempt to create a key. The _callout_info string will be 161 * passed to /sbin/request-key to aid with completing the request. If the 162 * _callout_info string is "" then it will be changed to "-". 163 */ 164 SYSCALL_DEFINE4(request_key, const char __user *, _type, 165 const char __user *, _description, 166 const char __user *, _callout_info, 167 key_serial_t, destringid) 168 { 169 struct key_type *ktype; 170 struct key *key; 171 key_ref_t dest_ref; 172 size_t callout_len; 173 char type[32], *description, *callout_info; 174 long ret; 175 176 /* pull the type into kernel space */ 177 ret = key_get_type_from_user(type, _type, sizeof(type)); 178 if (ret < 0) 179 goto error; 180 181 /* pull the description into kernel space */ 182 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 183 if (IS_ERR(description)) { 184 ret = PTR_ERR(description); 185 goto error; 186 } 187 188 /* pull the callout info into kernel space */ 189 callout_info = NULL; 190 callout_len = 0; 191 if (_callout_info) { 192 callout_info = strndup_user(_callout_info, PAGE_SIZE); 193 if (IS_ERR(callout_info)) { 194 ret = PTR_ERR(callout_info); 195 goto error2; 196 } 197 callout_len = strlen(callout_info); 198 } 199 200 /* get the destination keyring if specified */ 201 dest_ref = NULL; 202 if (destringid) { 203 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 204 KEY_NEED_WRITE); 205 if (IS_ERR(dest_ref)) { 206 ret = PTR_ERR(dest_ref); 207 goto error3; 208 } 209 } 210 211 /* find the key type */ 212 ktype = key_type_lookup(type); 213 if (IS_ERR(ktype)) { 214 ret = PTR_ERR(ktype); 215 goto error4; 216 } 217 218 /* do the search */ 219 key = request_key_and_link(ktype, description, callout_info, 220 callout_len, NULL, key_ref_to_ptr(dest_ref), 221 KEY_ALLOC_IN_QUOTA); 222 if (IS_ERR(key)) { 223 ret = PTR_ERR(key); 224 goto error5; 225 } 226 227 /* wait for the key to finish being constructed */ 228 ret = wait_for_key_construction(key, 1); 229 if (ret < 0) 230 goto error6; 231 232 ret = key->serial; 233 234 error6: 235 key_put(key); 236 error5: 237 key_type_put(ktype); 238 error4: 239 key_ref_put(dest_ref); 240 error3: 241 kfree(callout_info); 242 error2: 243 kfree(description); 244 error: 245 return ret; 246 } 247 248 /* 249 * Get the ID of the specified process keyring. 250 * 251 * The requested keyring must have search permission to be found. 252 * 253 * If successful, the ID of the requested keyring will be returned. 254 */ 255 long keyctl_get_keyring_ID(key_serial_t id, int create) 256 { 257 key_ref_t key_ref; 258 unsigned long lflags; 259 long ret; 260 261 lflags = create ? KEY_LOOKUP_CREATE : 0; 262 key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH); 263 if (IS_ERR(key_ref)) { 264 ret = PTR_ERR(key_ref); 265 goto error; 266 } 267 268 ret = key_ref_to_ptr(key_ref)->serial; 269 key_ref_put(key_ref); 270 error: 271 return ret; 272 } 273 274 /* 275 * Join a (named) session keyring. 276 * 277 * Create and join an anonymous session keyring or join a named session 278 * keyring, creating it if necessary. A named session keyring must have Search 279 * permission for it to be joined. Session keyrings without this permit will 280 * be skipped over. 281 * 282 * If successful, the ID of the joined session keyring will be returned. 283 */ 284 long keyctl_join_session_keyring(const char __user *_name) 285 { 286 char *name; 287 long ret; 288 289 /* fetch the name from userspace */ 290 name = NULL; 291 if (_name) { 292 name = strndup_user(_name, KEY_MAX_DESC_SIZE); 293 if (IS_ERR(name)) { 294 ret = PTR_ERR(name); 295 goto error; 296 } 297 } 298 299 /* join the session */ 300 ret = join_session_keyring(name); 301 kfree(name); 302 303 error: 304 return ret; 305 } 306 307 /* 308 * Update a key's data payload from the given data. 309 * 310 * The key must grant the caller Write permission and the key type must support 311 * updating for this to work. A negative key can be positively instantiated 312 * with this call. 313 * 314 * If successful, 0 will be returned. If the key type does not support 315 * updating, then -EOPNOTSUPP will be returned. 316 */ 317 long keyctl_update_key(key_serial_t id, 318 const void __user *_payload, 319 size_t plen) 320 { 321 key_ref_t key_ref; 322 void *payload; 323 long ret; 324 325 ret = -EINVAL; 326 if (plen > PAGE_SIZE) 327 goto error; 328 329 /* pull the payload in if one was supplied */ 330 payload = NULL; 331 if (_payload) { 332 ret = -ENOMEM; 333 payload = kmalloc(plen, GFP_KERNEL); 334 if (!payload) 335 goto error; 336 337 ret = -EFAULT; 338 if (copy_from_user(payload, _payload, plen) != 0) 339 goto error2; 340 } 341 342 /* find the target key (which must be writable) */ 343 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 344 if (IS_ERR(key_ref)) { 345 ret = PTR_ERR(key_ref); 346 goto error2; 347 } 348 349 /* update the key */ 350 ret = key_update(key_ref, payload, plen); 351 352 key_ref_put(key_ref); 353 error2: 354 kfree(payload); 355 error: 356 return ret; 357 } 358 359 /* 360 * Revoke a key. 361 * 362 * The key must be grant the caller Write or Setattr permission for this to 363 * work. The key type should give up its quota claim when revoked. The key 364 * and any links to the key will be automatically garbage collected after a 365 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 366 * 367 * If successful, 0 is returned. 368 */ 369 long keyctl_revoke_key(key_serial_t id) 370 { 371 key_ref_t key_ref; 372 long ret; 373 374 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 375 if (IS_ERR(key_ref)) { 376 ret = PTR_ERR(key_ref); 377 if (ret != -EACCES) 378 goto error; 379 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR); 380 if (IS_ERR(key_ref)) { 381 ret = PTR_ERR(key_ref); 382 goto error; 383 } 384 } 385 386 key_revoke(key_ref_to_ptr(key_ref)); 387 ret = 0; 388 389 key_ref_put(key_ref); 390 error: 391 return ret; 392 } 393 394 /* 395 * Invalidate a key. 396 * 397 * The key must be grant the caller Invalidate permission for this to work. 398 * The key and any links to the key will be automatically garbage collected 399 * immediately. 400 * 401 * If successful, 0 is returned. 402 */ 403 long keyctl_invalidate_key(key_serial_t id) 404 { 405 key_ref_t key_ref; 406 long ret; 407 408 kenter("%d", id); 409 410 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); 411 if (IS_ERR(key_ref)) { 412 ret = PTR_ERR(key_ref); 413 414 /* Root is permitted to invalidate certain special keys */ 415 if (capable(CAP_SYS_ADMIN)) { 416 key_ref = lookup_user_key(id, 0, 0); 417 if (IS_ERR(key_ref)) 418 goto error; 419 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, 420 &key_ref_to_ptr(key_ref)->flags)) 421 goto invalidate; 422 goto error_put; 423 } 424 425 goto error; 426 } 427 428 invalidate: 429 key_invalidate(key_ref_to_ptr(key_ref)); 430 ret = 0; 431 error_put: 432 key_ref_put(key_ref); 433 error: 434 kleave(" = %ld", ret); 435 return ret; 436 } 437 438 /* 439 * Clear the specified keyring, creating an empty process keyring if one of the 440 * special keyring IDs is used. 441 * 442 * The keyring must grant the caller Write permission for this to work. If 443 * successful, 0 will be returned. 444 */ 445 long keyctl_keyring_clear(key_serial_t ringid) 446 { 447 key_ref_t keyring_ref; 448 long ret; 449 450 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 451 if (IS_ERR(keyring_ref)) { 452 ret = PTR_ERR(keyring_ref); 453 454 /* Root is permitted to invalidate certain special keyrings */ 455 if (capable(CAP_SYS_ADMIN)) { 456 keyring_ref = lookup_user_key(ringid, 0, 0); 457 if (IS_ERR(keyring_ref)) 458 goto error; 459 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 460 &key_ref_to_ptr(keyring_ref)->flags)) 461 goto clear; 462 goto error_put; 463 } 464 465 goto error; 466 } 467 468 clear: 469 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 470 error_put: 471 key_ref_put(keyring_ref); 472 error: 473 return ret; 474 } 475 476 /* 477 * Create a link from a keyring to a key if there's no matching key in the 478 * keyring, otherwise replace the link to the matching key with a link to the 479 * new key. 480 * 481 * The key must grant the caller Link permission and the the keyring must grant 482 * the caller Write permission. Furthermore, if an additional link is created, 483 * the keyring's quota will be extended. 484 * 485 * If successful, 0 will be returned. 486 */ 487 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 488 { 489 key_ref_t keyring_ref, key_ref; 490 long ret; 491 492 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 493 if (IS_ERR(keyring_ref)) { 494 ret = PTR_ERR(keyring_ref); 495 goto error; 496 } 497 498 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK); 499 if (IS_ERR(key_ref)) { 500 ret = PTR_ERR(key_ref); 501 goto error2; 502 } 503 504 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 505 506 key_ref_put(key_ref); 507 error2: 508 key_ref_put(keyring_ref); 509 error: 510 return ret; 511 } 512 513 /* 514 * Unlink a key from a keyring. 515 * 516 * The keyring must grant the caller Write permission for this to work; the key 517 * itself need not grant the caller anything. If the last link to a key is 518 * removed then that key will be scheduled for destruction. 519 * 520 * If successful, 0 will be returned. 521 */ 522 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 523 { 524 key_ref_t keyring_ref, key_ref; 525 long ret; 526 527 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); 528 if (IS_ERR(keyring_ref)) { 529 ret = PTR_ERR(keyring_ref); 530 goto error; 531 } 532 533 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 534 if (IS_ERR(key_ref)) { 535 ret = PTR_ERR(key_ref); 536 goto error2; 537 } 538 539 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 540 541 key_ref_put(key_ref); 542 error2: 543 key_ref_put(keyring_ref); 544 error: 545 return ret; 546 } 547 548 /* 549 * Return a description of a key to userspace. 550 * 551 * The key must grant the caller View permission for this to work. 552 * 553 * If there's a buffer, we place up to buflen bytes of data into it formatted 554 * in the following way: 555 * 556 * type;uid;gid;perm;description<NUL> 557 * 558 * If successful, we return the amount of description available, irrespective 559 * of how much we may have copied into the buffer. 560 */ 561 long keyctl_describe_key(key_serial_t keyid, 562 char __user *buffer, 563 size_t buflen) 564 { 565 struct key *key, *instkey; 566 key_ref_t key_ref; 567 char *infobuf; 568 long ret; 569 int desclen, infolen; 570 571 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 572 if (IS_ERR(key_ref)) { 573 /* viewing a key under construction is permitted if we have the 574 * authorisation token handy */ 575 if (PTR_ERR(key_ref) == -EACCES) { 576 instkey = key_get_instantiation_authkey(keyid); 577 if (!IS_ERR(instkey)) { 578 key_put(instkey); 579 key_ref = lookup_user_key(keyid, 580 KEY_LOOKUP_PARTIAL, 581 0); 582 if (!IS_ERR(key_ref)) 583 goto okay; 584 } 585 } 586 587 ret = PTR_ERR(key_ref); 588 goto error; 589 } 590 591 okay: 592 key = key_ref_to_ptr(key_ref); 593 desclen = strlen(key->description); 594 595 /* calculate how much information we're going to return */ 596 ret = -ENOMEM; 597 infobuf = kasprintf(GFP_KERNEL, 598 "%s;%d;%d;%08x;", 599 key->type->name, 600 from_kuid_munged(current_user_ns(), key->uid), 601 from_kgid_munged(current_user_ns(), key->gid), 602 key->perm); 603 if (!infobuf) 604 goto error2; 605 infolen = strlen(infobuf); 606 ret = infolen + desclen + 1; 607 608 /* consider returning the data */ 609 if (buffer && buflen >= ret) { 610 if (copy_to_user(buffer, infobuf, infolen) != 0 || 611 copy_to_user(buffer + infolen, key->description, 612 desclen + 1) != 0) 613 ret = -EFAULT; 614 } 615 616 kfree(infobuf); 617 error2: 618 key_ref_put(key_ref); 619 error: 620 return ret; 621 } 622 623 /* 624 * Search the specified keyring and any keyrings it links to for a matching 625 * key. Only keyrings that grant the caller Search permission will be searched 626 * (this includes the starting keyring). Only keys with Search permission can 627 * be found. 628 * 629 * If successful, the found key will be linked to the destination keyring if 630 * supplied and the key has Link permission, and the found key ID will be 631 * returned. 632 */ 633 long keyctl_keyring_search(key_serial_t ringid, 634 const char __user *_type, 635 const char __user *_description, 636 key_serial_t destringid) 637 { 638 struct key_type *ktype; 639 key_ref_t keyring_ref, key_ref, dest_ref; 640 char type[32], *description; 641 long ret; 642 643 /* pull the type and description into kernel space */ 644 ret = key_get_type_from_user(type, _type, sizeof(type)); 645 if (ret < 0) 646 goto error; 647 648 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 649 if (IS_ERR(description)) { 650 ret = PTR_ERR(description); 651 goto error; 652 } 653 654 /* get the keyring at which to begin the search */ 655 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH); 656 if (IS_ERR(keyring_ref)) { 657 ret = PTR_ERR(keyring_ref); 658 goto error2; 659 } 660 661 /* get the destination keyring if specified */ 662 dest_ref = NULL; 663 if (destringid) { 664 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 665 KEY_NEED_WRITE); 666 if (IS_ERR(dest_ref)) { 667 ret = PTR_ERR(dest_ref); 668 goto error3; 669 } 670 } 671 672 /* find the key type */ 673 ktype = key_type_lookup(type); 674 if (IS_ERR(ktype)) { 675 ret = PTR_ERR(ktype); 676 goto error4; 677 } 678 679 /* do the search */ 680 key_ref = keyring_search(keyring_ref, ktype, description); 681 if (IS_ERR(key_ref)) { 682 ret = PTR_ERR(key_ref); 683 684 /* treat lack or presence of a negative key the same */ 685 if (ret == -EAGAIN) 686 ret = -ENOKEY; 687 goto error5; 688 } 689 690 /* link the resulting key to the destination keyring if we can */ 691 if (dest_ref) { 692 ret = key_permission(key_ref, KEY_NEED_LINK); 693 if (ret < 0) 694 goto error6; 695 696 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 697 if (ret < 0) 698 goto error6; 699 } 700 701 ret = key_ref_to_ptr(key_ref)->serial; 702 703 error6: 704 key_ref_put(key_ref); 705 error5: 706 key_type_put(ktype); 707 error4: 708 key_ref_put(dest_ref); 709 error3: 710 key_ref_put(keyring_ref); 711 error2: 712 kfree(description); 713 error: 714 return ret; 715 } 716 717 /* 718 * Read a key's payload. 719 * 720 * The key must either grant the caller Read permission, or it must grant the 721 * caller Search permission when searched for from the process keyrings. 722 * 723 * If successful, we place up to buflen bytes of data into the buffer, if one 724 * is provided, and return the amount of data that is available in the key, 725 * irrespective of how much we copied into the buffer. 726 */ 727 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 728 { 729 struct key *key; 730 key_ref_t key_ref; 731 long ret; 732 733 /* find the key first */ 734 key_ref = lookup_user_key(keyid, 0, 0); 735 if (IS_ERR(key_ref)) { 736 ret = -ENOKEY; 737 goto error; 738 } 739 740 key = key_ref_to_ptr(key_ref); 741 742 /* see if we can read it directly */ 743 ret = key_permission(key_ref, KEY_NEED_READ); 744 if (ret == 0) 745 goto can_read_key; 746 if (ret != -EACCES) 747 goto error; 748 749 /* we can't; see if it's searchable from this process's keyrings 750 * - we automatically take account of the fact that it may be 751 * dangling off an instantiation key 752 */ 753 if (!is_key_possessed(key_ref)) { 754 ret = -EACCES; 755 goto error2; 756 } 757 758 /* the key is probably readable - now try to read it */ 759 can_read_key: 760 ret = key_validate(key); 761 if (ret == 0) { 762 ret = -EOPNOTSUPP; 763 if (key->type->read) { 764 /* read the data with the semaphore held (since we 765 * might sleep) */ 766 down_read(&key->sem); 767 ret = key->type->read(key, buffer, buflen); 768 up_read(&key->sem); 769 } 770 } 771 772 error2: 773 key_put(key); 774 error: 775 return ret; 776 } 777 778 /* 779 * Change the ownership of a key 780 * 781 * The key must grant the caller Setattr permission for this to work, though 782 * the key need not be fully instantiated yet. For the UID to be changed, or 783 * for the GID to be changed to a group the caller is not a member of, the 784 * caller must have sysadmin capability. If either uid or gid is -1 then that 785 * attribute is not changed. 786 * 787 * If the UID is to be changed, the new user must have sufficient quota to 788 * accept the key. The quota deduction will be removed from the old user to 789 * the new user should the attribute be changed. 790 * 791 * If successful, 0 will be returned. 792 */ 793 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 794 { 795 struct key_user *newowner, *zapowner = NULL; 796 struct key *key; 797 key_ref_t key_ref; 798 long ret; 799 kuid_t uid; 800 kgid_t gid; 801 802 uid = make_kuid(current_user_ns(), user); 803 gid = make_kgid(current_user_ns(), group); 804 ret = -EINVAL; 805 if ((user != (uid_t) -1) && !uid_valid(uid)) 806 goto error; 807 if ((group != (gid_t) -1) && !gid_valid(gid)) 808 goto error; 809 810 ret = 0; 811 if (user == (uid_t) -1 && group == (gid_t) -1) 812 goto error; 813 814 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 815 KEY_NEED_SETATTR); 816 if (IS_ERR(key_ref)) { 817 ret = PTR_ERR(key_ref); 818 goto error; 819 } 820 821 key = key_ref_to_ptr(key_ref); 822 823 /* make the changes with the locks held to prevent chown/chown races */ 824 ret = -EACCES; 825 down_write(&key->sem); 826 827 if (!capable(CAP_SYS_ADMIN)) { 828 /* only the sysadmin can chown a key to some other UID */ 829 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 830 goto error_put; 831 832 /* only the sysadmin can set the key's GID to a group other 833 * than one of those that the current process subscribes to */ 834 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 835 goto error_put; 836 } 837 838 /* change the UID */ 839 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 840 ret = -ENOMEM; 841 newowner = key_user_lookup(uid); 842 if (!newowner) 843 goto error_put; 844 845 /* transfer the quota burden to the new user */ 846 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 847 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 848 key_quota_root_maxkeys : key_quota_maxkeys; 849 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 850 key_quota_root_maxbytes : key_quota_maxbytes; 851 852 spin_lock(&newowner->lock); 853 if (newowner->qnkeys + 1 >= maxkeys || 854 newowner->qnbytes + key->quotalen >= maxbytes || 855 newowner->qnbytes + key->quotalen < 856 newowner->qnbytes) 857 goto quota_overrun; 858 859 newowner->qnkeys++; 860 newowner->qnbytes += key->quotalen; 861 spin_unlock(&newowner->lock); 862 863 spin_lock(&key->user->lock); 864 key->user->qnkeys--; 865 key->user->qnbytes -= key->quotalen; 866 spin_unlock(&key->user->lock); 867 } 868 869 atomic_dec(&key->user->nkeys); 870 atomic_inc(&newowner->nkeys); 871 872 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 873 atomic_dec(&key->user->nikeys); 874 atomic_inc(&newowner->nikeys); 875 } 876 877 zapowner = key->user; 878 key->user = newowner; 879 key->uid = uid; 880 } 881 882 /* change the GID */ 883 if (group != (gid_t) -1) 884 key->gid = gid; 885 886 ret = 0; 887 888 error_put: 889 up_write(&key->sem); 890 key_put(key); 891 if (zapowner) 892 key_user_put(zapowner); 893 error: 894 return ret; 895 896 quota_overrun: 897 spin_unlock(&newowner->lock); 898 zapowner = newowner; 899 ret = -EDQUOT; 900 goto error_put; 901 } 902 903 /* 904 * Change the permission mask on a key. 905 * 906 * The key must grant the caller Setattr permission for this to work, though 907 * the key need not be fully instantiated yet. If the caller does not have 908 * sysadmin capability, it may only change the permission on keys that it owns. 909 */ 910 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 911 { 912 struct key *key; 913 key_ref_t key_ref; 914 long ret; 915 916 ret = -EINVAL; 917 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 918 goto error; 919 920 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 921 KEY_NEED_SETATTR); 922 if (IS_ERR(key_ref)) { 923 ret = PTR_ERR(key_ref); 924 goto error; 925 } 926 927 key = key_ref_to_ptr(key_ref); 928 929 /* make the changes with the locks held to prevent chown/chmod races */ 930 ret = -EACCES; 931 down_write(&key->sem); 932 933 /* if we're not the sysadmin, we can only change a key that we own */ 934 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 935 key->perm = perm; 936 ret = 0; 937 } 938 939 up_write(&key->sem); 940 key_put(key); 941 error: 942 return ret; 943 } 944 945 /* 946 * Get the destination keyring for instantiation and check that the caller has 947 * Write permission on it. 948 */ 949 static long get_instantiation_keyring(key_serial_t ringid, 950 struct request_key_auth *rka, 951 struct key **_dest_keyring) 952 { 953 key_ref_t dkref; 954 955 *_dest_keyring = NULL; 956 957 /* just return a NULL pointer if we weren't asked to make a link */ 958 if (ringid == 0) 959 return 0; 960 961 /* if a specific keyring is nominated by ID, then use that */ 962 if (ringid > 0) { 963 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 964 if (IS_ERR(dkref)) 965 return PTR_ERR(dkref); 966 *_dest_keyring = key_ref_to_ptr(dkref); 967 return 0; 968 } 969 970 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 971 return -EINVAL; 972 973 /* otherwise specify the destination keyring recorded in the 974 * authorisation key (any KEY_SPEC_*_KEYRING) */ 975 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 976 *_dest_keyring = key_get(rka->dest_keyring); 977 return 0; 978 } 979 980 return -ENOKEY; 981 } 982 983 /* 984 * Change the request_key authorisation key on the current process. 985 */ 986 static int keyctl_change_reqkey_auth(struct key *key) 987 { 988 struct cred *new; 989 990 new = prepare_creds(); 991 if (!new) 992 return -ENOMEM; 993 994 key_put(new->request_key_auth); 995 new->request_key_auth = key_get(key); 996 997 return commit_creds(new); 998 } 999 1000 /* 1001 * Copy the iovec data from userspace 1002 */ 1003 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 1004 unsigned ioc) 1005 { 1006 for (; ioc > 0; ioc--) { 1007 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 1008 return -EFAULT; 1009 buffer += iov->iov_len; 1010 iov++; 1011 } 1012 return 0; 1013 } 1014 1015 /* 1016 * Instantiate a key with the specified payload and link the key into the 1017 * destination keyring if one is given. 1018 * 1019 * The caller must have the appropriate instantiation permit set for this to 1020 * work (see keyctl_assume_authority). No other permissions are required. 1021 * 1022 * If successful, 0 will be returned. 1023 */ 1024 long keyctl_instantiate_key_common(key_serial_t id, 1025 const struct iovec *payload_iov, 1026 unsigned ioc, 1027 size_t plen, 1028 key_serial_t ringid) 1029 { 1030 const struct cred *cred = current_cred(); 1031 struct request_key_auth *rka; 1032 struct key *instkey, *dest_keyring; 1033 void *payload; 1034 long ret; 1035 bool vm = false; 1036 1037 kenter("%d,,%zu,%d", id, plen, ringid); 1038 1039 ret = -EINVAL; 1040 if (plen > 1024 * 1024 - 1) 1041 goto error; 1042 1043 /* the appropriate instantiation authorisation key must have been 1044 * assumed before calling this */ 1045 ret = -EPERM; 1046 instkey = cred->request_key_auth; 1047 if (!instkey) 1048 goto error; 1049 1050 rka = instkey->payload.data; 1051 if (rka->target_key->serial != id) 1052 goto error; 1053 1054 /* pull the payload in if one was supplied */ 1055 payload = NULL; 1056 1057 if (payload_iov) { 1058 ret = -ENOMEM; 1059 payload = kmalloc(plen, GFP_KERNEL); 1060 if (!payload) { 1061 if (plen <= PAGE_SIZE) 1062 goto error; 1063 vm = true; 1064 payload = vmalloc(plen); 1065 if (!payload) 1066 goto error; 1067 } 1068 1069 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1070 if (ret < 0) 1071 goto error2; 1072 } 1073 1074 /* find the destination keyring amongst those belonging to the 1075 * requesting task */ 1076 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1077 if (ret < 0) 1078 goto error2; 1079 1080 /* instantiate the key and link it into a keyring */ 1081 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1082 dest_keyring, instkey); 1083 1084 key_put(dest_keyring); 1085 1086 /* discard the assumed authority if it's just been disabled by 1087 * instantiation of the key */ 1088 if (ret == 0) 1089 keyctl_change_reqkey_auth(NULL); 1090 1091 error2: 1092 if (!vm) 1093 kfree(payload); 1094 else 1095 vfree(payload); 1096 error: 1097 return ret; 1098 } 1099 1100 /* 1101 * Instantiate a key with the specified payload and link the key into the 1102 * destination keyring if one is given. 1103 * 1104 * The caller must have the appropriate instantiation permit set for this to 1105 * work (see keyctl_assume_authority). No other permissions are required. 1106 * 1107 * If successful, 0 will be returned. 1108 */ 1109 long keyctl_instantiate_key(key_serial_t id, 1110 const void __user *_payload, 1111 size_t plen, 1112 key_serial_t ringid) 1113 { 1114 if (_payload && plen) { 1115 struct iovec iov[1] = { 1116 [0].iov_base = (void __user *)_payload, 1117 [0].iov_len = plen 1118 }; 1119 1120 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1121 } 1122 1123 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1124 } 1125 1126 /* 1127 * Instantiate a key with the specified multipart payload and link the key into 1128 * the destination keyring if one is given. 1129 * 1130 * The caller must have the appropriate instantiation permit set for this to 1131 * work (see keyctl_assume_authority). No other permissions are required. 1132 * 1133 * If successful, 0 will be returned. 1134 */ 1135 long keyctl_instantiate_key_iov(key_serial_t id, 1136 const struct iovec __user *_payload_iov, 1137 unsigned ioc, 1138 key_serial_t ringid) 1139 { 1140 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1141 long ret; 1142 1143 if (!_payload_iov || !ioc) 1144 goto no_payload; 1145 1146 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1147 ARRAY_SIZE(iovstack), iovstack, &iov); 1148 if (ret < 0) 1149 goto err; 1150 if (ret == 0) 1151 goto no_payload_free; 1152 1153 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1154 err: 1155 if (iov != iovstack) 1156 kfree(iov); 1157 return ret; 1158 1159 no_payload_free: 1160 if (iov != iovstack) 1161 kfree(iov); 1162 no_payload: 1163 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1164 } 1165 1166 /* 1167 * Negatively instantiate the key with the given timeout (in seconds) and link 1168 * the key into the destination keyring if one is given. 1169 * 1170 * The caller must have the appropriate instantiation permit set for this to 1171 * work (see keyctl_assume_authority). No other permissions are required. 1172 * 1173 * The key and any links to the key will be automatically garbage collected 1174 * after the timeout expires. 1175 * 1176 * Negative keys are used to rate limit repeated request_key() calls by causing 1177 * them to return -ENOKEY until the negative key expires. 1178 * 1179 * If successful, 0 will be returned. 1180 */ 1181 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1182 { 1183 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1184 } 1185 1186 /* 1187 * Negatively instantiate the key with the given timeout (in seconds) and error 1188 * code and link the key into the destination keyring if one is given. 1189 * 1190 * The caller must have the appropriate instantiation permit set for this to 1191 * work (see keyctl_assume_authority). No other permissions are required. 1192 * 1193 * The key and any links to the key will be automatically garbage collected 1194 * after the timeout expires. 1195 * 1196 * Negative keys are used to rate limit repeated request_key() calls by causing 1197 * them to return the specified error code until the negative key expires. 1198 * 1199 * If successful, 0 will be returned. 1200 */ 1201 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1202 key_serial_t ringid) 1203 { 1204 const struct cred *cred = current_cred(); 1205 struct request_key_auth *rka; 1206 struct key *instkey, *dest_keyring; 1207 long ret; 1208 1209 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1210 1211 /* must be a valid error code and mustn't be a kernel special */ 1212 if (error <= 0 || 1213 error >= MAX_ERRNO || 1214 error == ERESTARTSYS || 1215 error == ERESTARTNOINTR || 1216 error == ERESTARTNOHAND || 1217 error == ERESTART_RESTARTBLOCK) 1218 return -EINVAL; 1219 1220 /* the appropriate instantiation authorisation key must have been 1221 * assumed before calling this */ 1222 ret = -EPERM; 1223 instkey = cred->request_key_auth; 1224 if (!instkey) 1225 goto error; 1226 1227 rka = instkey->payload.data; 1228 if (rka->target_key->serial != id) 1229 goto error; 1230 1231 /* find the destination keyring if present (which must also be 1232 * writable) */ 1233 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1234 if (ret < 0) 1235 goto error; 1236 1237 /* instantiate the key and link it into a keyring */ 1238 ret = key_reject_and_link(rka->target_key, timeout, error, 1239 dest_keyring, instkey); 1240 1241 key_put(dest_keyring); 1242 1243 /* discard the assumed authority if it's just been disabled by 1244 * instantiation of the key */ 1245 if (ret == 0) 1246 keyctl_change_reqkey_auth(NULL); 1247 1248 error: 1249 return ret; 1250 } 1251 1252 /* 1253 * Read or set the default keyring in which request_key() will cache keys and 1254 * return the old setting. 1255 * 1256 * If a process keyring is specified then this will be created if it doesn't 1257 * yet exist. The old setting will be returned if successful. 1258 */ 1259 long keyctl_set_reqkey_keyring(int reqkey_defl) 1260 { 1261 struct cred *new; 1262 int ret, old_setting; 1263 1264 old_setting = current_cred_xxx(jit_keyring); 1265 1266 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1267 return old_setting; 1268 1269 new = prepare_creds(); 1270 if (!new) 1271 return -ENOMEM; 1272 1273 switch (reqkey_defl) { 1274 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1275 ret = install_thread_keyring_to_cred(new); 1276 if (ret < 0) 1277 goto error; 1278 goto set; 1279 1280 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1281 ret = install_process_keyring_to_cred(new); 1282 if (ret < 0) { 1283 if (ret != -EEXIST) 1284 goto error; 1285 ret = 0; 1286 } 1287 goto set; 1288 1289 case KEY_REQKEY_DEFL_DEFAULT: 1290 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1291 case KEY_REQKEY_DEFL_USER_KEYRING: 1292 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1293 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1294 goto set; 1295 1296 case KEY_REQKEY_DEFL_NO_CHANGE: 1297 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1298 default: 1299 ret = -EINVAL; 1300 goto error; 1301 } 1302 1303 set: 1304 new->jit_keyring = reqkey_defl; 1305 commit_creds(new); 1306 return old_setting; 1307 error: 1308 abort_creds(new); 1309 return ret; 1310 } 1311 1312 /* 1313 * Set or clear the timeout on a key. 1314 * 1315 * Either the key must grant the caller Setattr permission or else the caller 1316 * must hold an instantiation authorisation token for the key. 1317 * 1318 * The timeout is either 0 to clear the timeout, or a number of seconds from 1319 * the current time. The key and any links to the key will be automatically 1320 * garbage collected after the timeout expires. 1321 * 1322 * If successful, 0 is returned. 1323 */ 1324 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1325 { 1326 struct key *key, *instkey; 1327 key_ref_t key_ref; 1328 long ret; 1329 1330 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1331 KEY_NEED_SETATTR); 1332 if (IS_ERR(key_ref)) { 1333 /* setting the timeout on a key under construction is permitted 1334 * if we have the authorisation token handy */ 1335 if (PTR_ERR(key_ref) == -EACCES) { 1336 instkey = key_get_instantiation_authkey(id); 1337 if (!IS_ERR(instkey)) { 1338 key_put(instkey); 1339 key_ref = lookup_user_key(id, 1340 KEY_LOOKUP_PARTIAL, 1341 0); 1342 if (!IS_ERR(key_ref)) 1343 goto okay; 1344 } 1345 } 1346 1347 ret = PTR_ERR(key_ref); 1348 goto error; 1349 } 1350 1351 okay: 1352 key = key_ref_to_ptr(key_ref); 1353 key_set_timeout(key, timeout); 1354 key_put(key); 1355 1356 ret = 0; 1357 error: 1358 return ret; 1359 } 1360 1361 /* 1362 * Assume (or clear) the authority to instantiate the specified key. 1363 * 1364 * This sets the authoritative token currently in force for key instantiation. 1365 * This must be done for a key to be instantiated. It has the effect of making 1366 * available all the keys from the caller of the request_key() that created a 1367 * key to request_key() calls made by the caller of this function. 1368 * 1369 * The caller must have the instantiation key in their process keyrings with a 1370 * Search permission grant available to the caller. 1371 * 1372 * If the ID given is 0, then the setting will be cleared and 0 returned. 1373 * 1374 * If the ID given has a matching an authorisation key, then that key will be 1375 * set and its ID will be returned. The authorisation key can be read to get 1376 * the callout information passed to request_key(). 1377 */ 1378 long keyctl_assume_authority(key_serial_t id) 1379 { 1380 struct key *authkey; 1381 long ret; 1382 1383 /* special key IDs aren't permitted */ 1384 ret = -EINVAL; 1385 if (id < 0) 1386 goto error; 1387 1388 /* we divest ourselves of authority if given an ID of 0 */ 1389 if (id == 0) { 1390 ret = keyctl_change_reqkey_auth(NULL); 1391 goto error; 1392 } 1393 1394 /* attempt to assume the authority temporarily granted to us whilst we 1395 * instantiate the specified key 1396 * - the authorisation key must be in the current task's keyrings 1397 * somewhere 1398 */ 1399 authkey = key_get_instantiation_authkey(id); 1400 if (IS_ERR(authkey)) { 1401 ret = PTR_ERR(authkey); 1402 goto error; 1403 } 1404 1405 ret = keyctl_change_reqkey_auth(authkey); 1406 if (ret < 0) 1407 goto error; 1408 key_put(authkey); 1409 1410 ret = authkey->serial; 1411 error: 1412 return ret; 1413 } 1414 1415 /* 1416 * Get a key's the LSM security label. 1417 * 1418 * The key must grant the caller View permission for this to work. 1419 * 1420 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1421 * 1422 * If successful, the amount of information available will be returned, 1423 * irrespective of how much was copied (including the terminal NUL). 1424 */ 1425 long keyctl_get_security(key_serial_t keyid, 1426 char __user *buffer, 1427 size_t buflen) 1428 { 1429 struct key *key, *instkey; 1430 key_ref_t key_ref; 1431 char *context; 1432 long ret; 1433 1434 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 1435 if (IS_ERR(key_ref)) { 1436 if (PTR_ERR(key_ref) != -EACCES) 1437 return PTR_ERR(key_ref); 1438 1439 /* viewing a key under construction is also permitted if we 1440 * have the authorisation token handy */ 1441 instkey = key_get_instantiation_authkey(keyid); 1442 if (IS_ERR(instkey)) 1443 return PTR_ERR(instkey); 1444 key_put(instkey); 1445 1446 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1447 if (IS_ERR(key_ref)) 1448 return PTR_ERR(key_ref); 1449 } 1450 1451 key = key_ref_to_ptr(key_ref); 1452 ret = security_key_getsecurity(key, &context); 1453 if (ret == 0) { 1454 /* if no information was returned, give userspace an empty 1455 * string */ 1456 ret = 1; 1457 if (buffer && buflen > 0 && 1458 copy_to_user(buffer, "", 1) != 0) 1459 ret = -EFAULT; 1460 } else if (ret > 0) { 1461 /* return as much data as there's room for */ 1462 if (buffer && buflen > 0) { 1463 if (buflen > ret) 1464 buflen = ret; 1465 1466 if (copy_to_user(buffer, context, buflen) != 0) 1467 ret = -EFAULT; 1468 } 1469 1470 kfree(context); 1471 } 1472 1473 key_ref_put(key_ref); 1474 return ret; 1475 } 1476 1477 /* 1478 * Attempt to install the calling process's session keyring on the process's 1479 * parent process. 1480 * 1481 * The keyring must exist and must grant the caller LINK permission, and the 1482 * parent process must be single-threaded and must have the same effective 1483 * ownership as this process and mustn't be SUID/SGID. 1484 * 1485 * The keyring will be emplaced on the parent when it next resumes userspace. 1486 * 1487 * If successful, 0 will be returned. 1488 */ 1489 long keyctl_session_to_parent(void) 1490 { 1491 struct task_struct *me, *parent; 1492 const struct cred *mycred, *pcred; 1493 struct callback_head *newwork, *oldwork; 1494 key_ref_t keyring_r; 1495 struct cred *cred; 1496 int ret; 1497 1498 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK); 1499 if (IS_ERR(keyring_r)) 1500 return PTR_ERR(keyring_r); 1501 1502 ret = -ENOMEM; 1503 1504 /* our parent is going to need a new cred struct, a new tgcred struct 1505 * and new security data, so we allocate them here to prevent ENOMEM in 1506 * our parent */ 1507 cred = cred_alloc_blank(); 1508 if (!cred) 1509 goto error_keyring; 1510 newwork = &cred->rcu; 1511 1512 cred->session_keyring = key_ref_to_ptr(keyring_r); 1513 keyring_r = NULL; 1514 init_task_work(newwork, key_change_session_keyring); 1515 1516 me = current; 1517 rcu_read_lock(); 1518 write_lock_irq(&tasklist_lock); 1519 1520 ret = -EPERM; 1521 oldwork = NULL; 1522 parent = me->real_parent; 1523 1524 /* the parent mustn't be init and mustn't be a kernel thread */ 1525 if (parent->pid <= 1 || !parent->mm) 1526 goto unlock; 1527 1528 /* the parent must be single threaded */ 1529 if (!thread_group_empty(parent)) 1530 goto unlock; 1531 1532 /* the parent and the child must have different session keyrings or 1533 * there's no point */ 1534 mycred = current_cred(); 1535 pcred = __task_cred(parent); 1536 if (mycred == pcred || 1537 mycred->session_keyring == pcred->session_keyring) { 1538 ret = 0; 1539 goto unlock; 1540 } 1541 1542 /* the parent must have the same effective ownership and mustn't be 1543 * SUID/SGID */ 1544 if (!uid_eq(pcred->uid, mycred->euid) || 1545 !uid_eq(pcred->euid, mycred->euid) || 1546 !uid_eq(pcred->suid, mycred->euid) || 1547 !gid_eq(pcred->gid, mycred->egid) || 1548 !gid_eq(pcred->egid, mycred->egid) || 1549 !gid_eq(pcred->sgid, mycred->egid)) 1550 goto unlock; 1551 1552 /* the keyrings must have the same UID */ 1553 if ((pcred->session_keyring && 1554 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1555 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1556 goto unlock; 1557 1558 /* cancel an already pending keyring replacement */ 1559 oldwork = task_work_cancel(parent, key_change_session_keyring); 1560 1561 /* the replacement session keyring is applied just prior to userspace 1562 * restarting */ 1563 ret = task_work_add(parent, newwork, true); 1564 if (!ret) 1565 newwork = NULL; 1566 unlock: 1567 write_unlock_irq(&tasklist_lock); 1568 rcu_read_unlock(); 1569 if (oldwork) 1570 put_cred(container_of(oldwork, struct cred, rcu)); 1571 if (newwork) 1572 put_cred(cred); 1573 return ret; 1574 1575 error_keyring: 1576 key_ref_put(keyring_r); 1577 return ret; 1578 } 1579 1580 /* 1581 * The key control system call 1582 */ 1583 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1584 unsigned long, arg4, unsigned long, arg5) 1585 { 1586 switch (option) { 1587 case KEYCTL_GET_KEYRING_ID: 1588 return keyctl_get_keyring_ID((key_serial_t) arg2, 1589 (int) arg3); 1590 1591 case KEYCTL_JOIN_SESSION_KEYRING: 1592 return keyctl_join_session_keyring((const char __user *) arg2); 1593 1594 case KEYCTL_UPDATE: 1595 return keyctl_update_key((key_serial_t) arg2, 1596 (const void __user *) arg3, 1597 (size_t) arg4); 1598 1599 case KEYCTL_REVOKE: 1600 return keyctl_revoke_key((key_serial_t) arg2); 1601 1602 case KEYCTL_DESCRIBE: 1603 return keyctl_describe_key((key_serial_t) arg2, 1604 (char __user *) arg3, 1605 (unsigned) arg4); 1606 1607 case KEYCTL_CLEAR: 1608 return keyctl_keyring_clear((key_serial_t) arg2); 1609 1610 case KEYCTL_LINK: 1611 return keyctl_keyring_link((key_serial_t) arg2, 1612 (key_serial_t) arg3); 1613 1614 case KEYCTL_UNLINK: 1615 return keyctl_keyring_unlink((key_serial_t) arg2, 1616 (key_serial_t) arg3); 1617 1618 case KEYCTL_SEARCH: 1619 return keyctl_keyring_search((key_serial_t) arg2, 1620 (const char __user *) arg3, 1621 (const char __user *) arg4, 1622 (key_serial_t) arg5); 1623 1624 case KEYCTL_READ: 1625 return keyctl_read_key((key_serial_t) arg2, 1626 (char __user *) arg3, 1627 (size_t) arg4); 1628 1629 case KEYCTL_CHOWN: 1630 return keyctl_chown_key((key_serial_t) arg2, 1631 (uid_t) arg3, 1632 (gid_t) arg4); 1633 1634 case KEYCTL_SETPERM: 1635 return keyctl_setperm_key((key_serial_t) arg2, 1636 (key_perm_t) arg3); 1637 1638 case KEYCTL_INSTANTIATE: 1639 return keyctl_instantiate_key((key_serial_t) arg2, 1640 (const void __user *) arg3, 1641 (size_t) arg4, 1642 (key_serial_t) arg5); 1643 1644 case KEYCTL_NEGATE: 1645 return keyctl_negate_key((key_serial_t) arg2, 1646 (unsigned) arg3, 1647 (key_serial_t) arg4); 1648 1649 case KEYCTL_SET_REQKEY_KEYRING: 1650 return keyctl_set_reqkey_keyring(arg2); 1651 1652 case KEYCTL_SET_TIMEOUT: 1653 return keyctl_set_timeout((key_serial_t) arg2, 1654 (unsigned) arg3); 1655 1656 case KEYCTL_ASSUME_AUTHORITY: 1657 return keyctl_assume_authority((key_serial_t) arg2); 1658 1659 case KEYCTL_GET_SECURITY: 1660 return keyctl_get_security((key_serial_t) arg2, 1661 (char __user *) arg3, 1662 (size_t) arg4); 1663 1664 case KEYCTL_SESSION_TO_PARENT: 1665 return keyctl_session_to_parent(); 1666 1667 case KEYCTL_REJECT: 1668 return keyctl_reject_key((key_serial_t) arg2, 1669 (unsigned) arg3, 1670 (unsigned) arg4, 1671 (key_serial_t) arg5); 1672 1673 case KEYCTL_INSTANTIATE_IOV: 1674 return keyctl_instantiate_key_iov( 1675 (key_serial_t) arg2, 1676 (const struct iovec __user *) arg3, 1677 (unsigned) arg4, 1678 (key_serial_t) arg5); 1679 1680 case KEYCTL_INVALIDATE: 1681 return keyctl_invalidate_key((key_serial_t) arg2); 1682 1683 case KEYCTL_GET_PERSISTENT: 1684 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3); 1685 1686 default: 1687 return -EOPNOTSUPP; 1688 } 1689 } 1690