1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <linux/uio.h> 26 #include <asm/uaccess.h> 27 #include "internal.h" 28 29 #define KEY_MAX_DESC_SIZE 4096 30 31 static int key_get_type_from_user(char *type, 32 const char __user *_type, 33 unsigned len) 34 { 35 int ret; 36 37 ret = strncpy_from_user(type, _type, len); 38 if (ret < 0) 39 return ret; 40 if (ret == 0 || ret >= len) 41 return -EINVAL; 42 if (type[0] == '.') 43 return -EPERM; 44 type[len - 1] = '\0'; 45 return 0; 46 } 47 48 /* 49 * Extract the description of a new key from userspace and either add it as a 50 * new key to the specified keyring or update a matching key in that keyring. 51 * 52 * If the description is NULL or an empty string, the key type is asked to 53 * generate one from the payload. 54 * 55 * The keyring must be writable so that we can attach the key to it. 56 * 57 * If successful, the new key's serial number is returned, otherwise an error 58 * code is returned. 59 */ 60 SYSCALL_DEFINE5(add_key, const char __user *, _type, 61 const char __user *, _description, 62 const void __user *, _payload, 63 size_t, plen, 64 key_serial_t, ringid) 65 { 66 key_ref_t keyring_ref, key_ref; 67 char type[32], *description; 68 void *payload; 69 long ret; 70 71 ret = -EINVAL; 72 if (plen > 1024 * 1024 - 1) 73 goto error; 74 75 /* draw all the data into kernel space */ 76 ret = key_get_type_from_user(type, _type, sizeof(type)); 77 if (ret < 0) 78 goto error; 79 80 description = NULL; 81 if (_description) { 82 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 83 if (IS_ERR(description)) { 84 ret = PTR_ERR(description); 85 goto error; 86 } 87 if (!*description) { 88 kfree(description); 89 description = NULL; 90 } else if ((description[0] == '.') && 91 (strncmp(type, "keyring", 7) == 0)) { 92 ret = -EPERM; 93 goto error2; 94 } 95 } 96 97 /* pull the payload in if one was supplied */ 98 payload = NULL; 99 100 if (_payload) { 101 ret = -ENOMEM; 102 payload = kmalloc(plen, GFP_KERNEL | __GFP_NOWARN); 103 if (!payload) { 104 if (plen <= PAGE_SIZE) 105 goto error2; 106 payload = vmalloc(plen); 107 if (!payload) 108 goto error2; 109 } 110 111 ret = -EFAULT; 112 if (copy_from_user(payload, _payload, plen) != 0) 113 goto error3; 114 } 115 116 /* find the target keyring (which must be writable) */ 117 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 118 if (IS_ERR(keyring_ref)) { 119 ret = PTR_ERR(keyring_ref); 120 goto error3; 121 } 122 123 /* create or update the requested key and add it to the target 124 * keyring */ 125 key_ref = key_create_or_update(keyring_ref, type, description, 126 payload, plen, KEY_PERM_UNDEF, 127 KEY_ALLOC_IN_QUOTA); 128 if (!IS_ERR(key_ref)) { 129 ret = key_ref_to_ptr(key_ref)->serial; 130 key_ref_put(key_ref); 131 } 132 else { 133 ret = PTR_ERR(key_ref); 134 } 135 136 key_ref_put(keyring_ref); 137 error3: 138 kvfree(payload); 139 error2: 140 kfree(description); 141 error: 142 return ret; 143 } 144 145 /* 146 * Search the process keyrings and keyring trees linked from those for a 147 * matching key. Keyrings must have appropriate Search permission to be 148 * searched. 149 * 150 * If a key is found, it will be attached to the destination keyring if there's 151 * one specified and the serial number of the key will be returned. 152 * 153 * If no key is found, /sbin/request-key will be invoked if _callout_info is 154 * non-NULL in an attempt to create a key. The _callout_info string will be 155 * passed to /sbin/request-key to aid with completing the request. If the 156 * _callout_info string is "" then it will be changed to "-". 157 */ 158 SYSCALL_DEFINE4(request_key, const char __user *, _type, 159 const char __user *, _description, 160 const char __user *, _callout_info, 161 key_serial_t, destringid) 162 { 163 struct key_type *ktype; 164 struct key *key; 165 key_ref_t dest_ref; 166 size_t callout_len; 167 char type[32], *description, *callout_info; 168 long ret; 169 170 /* pull the type into kernel space */ 171 ret = key_get_type_from_user(type, _type, sizeof(type)); 172 if (ret < 0) 173 goto error; 174 175 /* pull the description into kernel space */ 176 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 177 if (IS_ERR(description)) { 178 ret = PTR_ERR(description); 179 goto error; 180 } 181 182 /* pull the callout info into kernel space */ 183 callout_info = NULL; 184 callout_len = 0; 185 if (_callout_info) { 186 callout_info = strndup_user(_callout_info, PAGE_SIZE); 187 if (IS_ERR(callout_info)) { 188 ret = PTR_ERR(callout_info); 189 goto error2; 190 } 191 callout_len = strlen(callout_info); 192 } 193 194 /* get the destination keyring if specified */ 195 dest_ref = NULL; 196 if (destringid) { 197 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 198 KEY_NEED_WRITE); 199 if (IS_ERR(dest_ref)) { 200 ret = PTR_ERR(dest_ref); 201 goto error3; 202 } 203 } 204 205 /* find the key type */ 206 ktype = key_type_lookup(type); 207 if (IS_ERR(ktype)) { 208 ret = PTR_ERR(ktype); 209 goto error4; 210 } 211 212 /* do the search */ 213 key = request_key_and_link(ktype, description, callout_info, 214 callout_len, NULL, key_ref_to_ptr(dest_ref), 215 KEY_ALLOC_IN_QUOTA); 216 if (IS_ERR(key)) { 217 ret = PTR_ERR(key); 218 goto error5; 219 } 220 221 /* wait for the key to finish being constructed */ 222 ret = wait_for_key_construction(key, 1); 223 if (ret < 0) 224 goto error6; 225 226 ret = key->serial; 227 228 error6: 229 key_put(key); 230 error5: 231 key_type_put(ktype); 232 error4: 233 key_ref_put(dest_ref); 234 error3: 235 kfree(callout_info); 236 error2: 237 kfree(description); 238 error: 239 return ret; 240 } 241 242 /* 243 * Get the ID of the specified process keyring. 244 * 245 * The requested keyring must have search permission to be found. 246 * 247 * If successful, the ID of the requested keyring will be returned. 248 */ 249 long keyctl_get_keyring_ID(key_serial_t id, int create) 250 { 251 key_ref_t key_ref; 252 unsigned long lflags; 253 long ret; 254 255 lflags = create ? KEY_LOOKUP_CREATE : 0; 256 key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH); 257 if (IS_ERR(key_ref)) { 258 ret = PTR_ERR(key_ref); 259 goto error; 260 } 261 262 ret = key_ref_to_ptr(key_ref)->serial; 263 key_ref_put(key_ref); 264 error: 265 return ret; 266 } 267 268 /* 269 * Join a (named) session keyring. 270 * 271 * Create and join an anonymous session keyring or join a named session 272 * keyring, creating it if necessary. A named session keyring must have Search 273 * permission for it to be joined. Session keyrings without this permit will 274 * be skipped over. 275 * 276 * If successful, the ID of the joined session keyring will be returned. 277 */ 278 long keyctl_join_session_keyring(const char __user *_name) 279 { 280 char *name; 281 long ret; 282 283 /* fetch the name from userspace */ 284 name = NULL; 285 if (_name) { 286 name = strndup_user(_name, KEY_MAX_DESC_SIZE); 287 if (IS_ERR(name)) { 288 ret = PTR_ERR(name); 289 goto error; 290 } 291 } 292 293 /* join the session */ 294 ret = join_session_keyring(name); 295 kfree(name); 296 297 error: 298 return ret; 299 } 300 301 /* 302 * Update a key's data payload from the given data. 303 * 304 * The key must grant the caller Write permission and the key type must support 305 * updating for this to work. A negative key can be positively instantiated 306 * with this call. 307 * 308 * If successful, 0 will be returned. If the key type does not support 309 * updating, then -EOPNOTSUPP will be returned. 310 */ 311 long keyctl_update_key(key_serial_t id, 312 const void __user *_payload, 313 size_t plen) 314 { 315 key_ref_t key_ref; 316 void *payload; 317 long ret; 318 319 ret = -EINVAL; 320 if (plen > PAGE_SIZE) 321 goto error; 322 323 /* pull the payload in if one was supplied */ 324 payload = NULL; 325 if (_payload) { 326 ret = -ENOMEM; 327 payload = kmalloc(plen, GFP_KERNEL); 328 if (!payload) 329 goto error; 330 331 ret = -EFAULT; 332 if (copy_from_user(payload, _payload, plen) != 0) 333 goto error2; 334 } 335 336 /* find the target key (which must be writable) */ 337 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 338 if (IS_ERR(key_ref)) { 339 ret = PTR_ERR(key_ref); 340 goto error2; 341 } 342 343 /* update the key */ 344 ret = key_update(key_ref, payload, plen); 345 346 key_ref_put(key_ref); 347 error2: 348 kfree(payload); 349 error: 350 return ret; 351 } 352 353 /* 354 * Revoke a key. 355 * 356 * The key must be grant the caller Write or Setattr permission for this to 357 * work. The key type should give up its quota claim when revoked. The key 358 * and any links to the key will be automatically garbage collected after a 359 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 360 * 361 * If successful, 0 is returned. 362 */ 363 long keyctl_revoke_key(key_serial_t id) 364 { 365 key_ref_t key_ref; 366 long ret; 367 368 key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); 369 if (IS_ERR(key_ref)) { 370 ret = PTR_ERR(key_ref); 371 if (ret != -EACCES) 372 goto error; 373 key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR); 374 if (IS_ERR(key_ref)) { 375 ret = PTR_ERR(key_ref); 376 goto error; 377 } 378 } 379 380 key_revoke(key_ref_to_ptr(key_ref)); 381 ret = 0; 382 383 key_ref_put(key_ref); 384 error: 385 return ret; 386 } 387 388 /* 389 * Invalidate a key. 390 * 391 * The key must be grant the caller Invalidate permission for this to work. 392 * The key and any links to the key will be automatically garbage collected 393 * immediately. 394 * 395 * If successful, 0 is returned. 396 */ 397 long keyctl_invalidate_key(key_serial_t id) 398 { 399 key_ref_t key_ref; 400 long ret; 401 402 kenter("%d", id); 403 404 key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); 405 if (IS_ERR(key_ref)) { 406 ret = PTR_ERR(key_ref); 407 408 /* Root is permitted to invalidate certain special keys */ 409 if (capable(CAP_SYS_ADMIN)) { 410 key_ref = lookup_user_key(id, 0, 0); 411 if (IS_ERR(key_ref)) 412 goto error; 413 if (test_bit(KEY_FLAG_ROOT_CAN_INVAL, 414 &key_ref_to_ptr(key_ref)->flags)) 415 goto invalidate; 416 goto error_put; 417 } 418 419 goto error; 420 } 421 422 invalidate: 423 key_invalidate(key_ref_to_ptr(key_ref)); 424 ret = 0; 425 error_put: 426 key_ref_put(key_ref); 427 error: 428 kleave(" = %ld", ret); 429 return ret; 430 } 431 432 /* 433 * Clear the specified keyring, creating an empty process keyring if one of the 434 * special keyring IDs is used. 435 * 436 * The keyring must grant the caller Write permission for this to work. If 437 * successful, 0 will be returned. 438 */ 439 long keyctl_keyring_clear(key_serial_t ringid) 440 { 441 key_ref_t keyring_ref; 442 long ret; 443 444 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 445 if (IS_ERR(keyring_ref)) { 446 ret = PTR_ERR(keyring_ref); 447 448 /* Root is permitted to invalidate certain special keyrings */ 449 if (capable(CAP_SYS_ADMIN)) { 450 keyring_ref = lookup_user_key(ringid, 0, 0); 451 if (IS_ERR(keyring_ref)) 452 goto error; 453 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 454 &key_ref_to_ptr(keyring_ref)->flags)) 455 goto clear; 456 goto error_put; 457 } 458 459 goto error; 460 } 461 462 clear: 463 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 464 error_put: 465 key_ref_put(keyring_ref); 466 error: 467 return ret; 468 } 469 470 /* 471 * Create a link from a keyring to a key if there's no matching key in the 472 * keyring, otherwise replace the link to the matching key with a link to the 473 * new key. 474 * 475 * The key must grant the caller Link permission and the the keyring must grant 476 * the caller Write permission. Furthermore, if an additional link is created, 477 * the keyring's quota will be extended. 478 * 479 * If successful, 0 will be returned. 480 */ 481 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 482 { 483 key_ref_t keyring_ref, key_ref; 484 long ret; 485 486 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 487 if (IS_ERR(keyring_ref)) { 488 ret = PTR_ERR(keyring_ref); 489 goto error; 490 } 491 492 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK); 493 if (IS_ERR(key_ref)) { 494 ret = PTR_ERR(key_ref); 495 goto error2; 496 } 497 498 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 499 500 key_ref_put(key_ref); 501 error2: 502 key_ref_put(keyring_ref); 503 error: 504 return ret; 505 } 506 507 /* 508 * Unlink a key from a keyring. 509 * 510 * The keyring must grant the caller Write permission for this to work; the key 511 * itself need not grant the caller anything. If the last link to a key is 512 * removed then that key will be scheduled for destruction. 513 * 514 * If successful, 0 will be returned. 515 */ 516 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 517 { 518 key_ref_t keyring_ref, key_ref; 519 long ret; 520 521 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); 522 if (IS_ERR(keyring_ref)) { 523 ret = PTR_ERR(keyring_ref); 524 goto error; 525 } 526 527 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 528 if (IS_ERR(key_ref)) { 529 ret = PTR_ERR(key_ref); 530 goto error2; 531 } 532 533 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 534 535 key_ref_put(key_ref); 536 error2: 537 key_ref_put(keyring_ref); 538 error: 539 return ret; 540 } 541 542 /* 543 * Return a description of a key to userspace. 544 * 545 * The key must grant the caller View permission for this to work. 546 * 547 * If there's a buffer, we place up to buflen bytes of data into it formatted 548 * in the following way: 549 * 550 * type;uid;gid;perm;description<NUL> 551 * 552 * If successful, we return the amount of description available, irrespective 553 * of how much we may have copied into the buffer. 554 */ 555 long keyctl_describe_key(key_serial_t keyid, 556 char __user *buffer, 557 size_t buflen) 558 { 559 struct key *key, *instkey; 560 key_ref_t key_ref; 561 char *infobuf; 562 long ret; 563 int desclen, infolen; 564 565 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 566 if (IS_ERR(key_ref)) { 567 /* viewing a key under construction is permitted if we have the 568 * authorisation token handy */ 569 if (PTR_ERR(key_ref) == -EACCES) { 570 instkey = key_get_instantiation_authkey(keyid); 571 if (!IS_ERR(instkey)) { 572 key_put(instkey); 573 key_ref = lookup_user_key(keyid, 574 KEY_LOOKUP_PARTIAL, 575 0); 576 if (!IS_ERR(key_ref)) 577 goto okay; 578 } 579 } 580 581 ret = PTR_ERR(key_ref); 582 goto error; 583 } 584 585 okay: 586 key = key_ref_to_ptr(key_ref); 587 desclen = strlen(key->description); 588 589 /* calculate how much information we're going to return */ 590 ret = -ENOMEM; 591 infobuf = kasprintf(GFP_KERNEL, 592 "%s;%d;%d;%08x;", 593 key->type->name, 594 from_kuid_munged(current_user_ns(), key->uid), 595 from_kgid_munged(current_user_ns(), key->gid), 596 key->perm); 597 if (!infobuf) 598 goto error2; 599 infolen = strlen(infobuf); 600 ret = infolen + desclen + 1; 601 602 /* consider returning the data */ 603 if (buffer && buflen >= ret) { 604 if (copy_to_user(buffer, infobuf, infolen) != 0 || 605 copy_to_user(buffer + infolen, key->description, 606 desclen + 1) != 0) 607 ret = -EFAULT; 608 } 609 610 kfree(infobuf); 611 error2: 612 key_ref_put(key_ref); 613 error: 614 return ret; 615 } 616 617 /* 618 * Search the specified keyring and any keyrings it links to for a matching 619 * key. Only keyrings that grant the caller Search permission will be searched 620 * (this includes the starting keyring). Only keys with Search permission can 621 * be found. 622 * 623 * If successful, the found key will be linked to the destination keyring if 624 * supplied and the key has Link permission, and the found key ID will be 625 * returned. 626 */ 627 long keyctl_keyring_search(key_serial_t ringid, 628 const char __user *_type, 629 const char __user *_description, 630 key_serial_t destringid) 631 { 632 struct key_type *ktype; 633 key_ref_t keyring_ref, key_ref, dest_ref; 634 char type[32], *description; 635 long ret; 636 637 /* pull the type and description into kernel space */ 638 ret = key_get_type_from_user(type, _type, sizeof(type)); 639 if (ret < 0) 640 goto error; 641 642 description = strndup_user(_description, KEY_MAX_DESC_SIZE); 643 if (IS_ERR(description)) { 644 ret = PTR_ERR(description); 645 goto error; 646 } 647 648 /* get the keyring at which to begin the search */ 649 keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH); 650 if (IS_ERR(keyring_ref)) { 651 ret = PTR_ERR(keyring_ref); 652 goto error2; 653 } 654 655 /* get the destination keyring if specified */ 656 dest_ref = NULL; 657 if (destringid) { 658 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 659 KEY_NEED_WRITE); 660 if (IS_ERR(dest_ref)) { 661 ret = PTR_ERR(dest_ref); 662 goto error3; 663 } 664 } 665 666 /* find the key type */ 667 ktype = key_type_lookup(type); 668 if (IS_ERR(ktype)) { 669 ret = PTR_ERR(ktype); 670 goto error4; 671 } 672 673 /* do the search */ 674 key_ref = keyring_search(keyring_ref, ktype, description); 675 if (IS_ERR(key_ref)) { 676 ret = PTR_ERR(key_ref); 677 678 /* treat lack or presence of a negative key the same */ 679 if (ret == -EAGAIN) 680 ret = -ENOKEY; 681 goto error5; 682 } 683 684 /* link the resulting key to the destination keyring if we can */ 685 if (dest_ref) { 686 ret = key_permission(key_ref, KEY_NEED_LINK); 687 if (ret < 0) 688 goto error6; 689 690 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 691 if (ret < 0) 692 goto error6; 693 } 694 695 ret = key_ref_to_ptr(key_ref)->serial; 696 697 error6: 698 key_ref_put(key_ref); 699 error5: 700 key_type_put(ktype); 701 error4: 702 key_ref_put(dest_ref); 703 error3: 704 key_ref_put(keyring_ref); 705 error2: 706 kfree(description); 707 error: 708 return ret; 709 } 710 711 /* 712 * Read a key's payload. 713 * 714 * The key must either grant the caller Read permission, or it must grant the 715 * caller Search permission when searched for from the process keyrings. 716 * 717 * If successful, we place up to buflen bytes of data into the buffer, if one 718 * is provided, and return the amount of data that is available in the key, 719 * irrespective of how much we copied into the buffer. 720 */ 721 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 722 { 723 struct key *key; 724 key_ref_t key_ref; 725 long ret; 726 727 /* find the key first */ 728 key_ref = lookup_user_key(keyid, 0, 0); 729 if (IS_ERR(key_ref)) { 730 ret = -ENOKEY; 731 goto error; 732 } 733 734 key = key_ref_to_ptr(key_ref); 735 736 /* see if we can read it directly */ 737 ret = key_permission(key_ref, KEY_NEED_READ); 738 if (ret == 0) 739 goto can_read_key; 740 if (ret != -EACCES) 741 goto error; 742 743 /* we can't; see if it's searchable from this process's keyrings 744 * - we automatically take account of the fact that it may be 745 * dangling off an instantiation key 746 */ 747 if (!is_key_possessed(key_ref)) { 748 ret = -EACCES; 749 goto error2; 750 } 751 752 /* the key is probably readable - now try to read it */ 753 can_read_key: 754 ret = key_validate(key); 755 if (ret == 0) { 756 ret = -EOPNOTSUPP; 757 if (key->type->read) { 758 /* read the data with the semaphore held (since we 759 * might sleep) */ 760 down_read(&key->sem); 761 ret = key->type->read(key, buffer, buflen); 762 up_read(&key->sem); 763 } 764 } 765 766 error2: 767 key_put(key); 768 error: 769 return ret; 770 } 771 772 /* 773 * Change the ownership of a key 774 * 775 * The key must grant the caller Setattr permission for this to work, though 776 * the key need not be fully instantiated yet. For the UID to be changed, or 777 * for the GID to be changed to a group the caller is not a member of, the 778 * caller must have sysadmin capability. If either uid or gid is -1 then that 779 * attribute is not changed. 780 * 781 * If the UID is to be changed, the new user must have sufficient quota to 782 * accept the key. The quota deduction will be removed from the old user to 783 * the new user should the attribute be changed. 784 * 785 * If successful, 0 will be returned. 786 */ 787 long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) 788 { 789 struct key_user *newowner, *zapowner = NULL; 790 struct key *key; 791 key_ref_t key_ref; 792 long ret; 793 kuid_t uid; 794 kgid_t gid; 795 796 uid = make_kuid(current_user_ns(), user); 797 gid = make_kgid(current_user_ns(), group); 798 ret = -EINVAL; 799 if ((user != (uid_t) -1) && !uid_valid(uid)) 800 goto error; 801 if ((group != (gid_t) -1) && !gid_valid(gid)) 802 goto error; 803 804 ret = 0; 805 if (user == (uid_t) -1 && group == (gid_t) -1) 806 goto error; 807 808 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 809 KEY_NEED_SETATTR); 810 if (IS_ERR(key_ref)) { 811 ret = PTR_ERR(key_ref); 812 goto error; 813 } 814 815 key = key_ref_to_ptr(key_ref); 816 817 /* make the changes with the locks held to prevent chown/chown races */ 818 ret = -EACCES; 819 down_write(&key->sem); 820 821 if (!capable(CAP_SYS_ADMIN)) { 822 /* only the sysadmin can chown a key to some other UID */ 823 if (user != (uid_t) -1 && !uid_eq(key->uid, uid)) 824 goto error_put; 825 826 /* only the sysadmin can set the key's GID to a group other 827 * than one of those that the current process subscribes to */ 828 if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid)) 829 goto error_put; 830 } 831 832 /* change the UID */ 833 if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) { 834 ret = -ENOMEM; 835 newowner = key_user_lookup(uid); 836 if (!newowner) 837 goto error_put; 838 839 /* transfer the quota burden to the new user */ 840 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 841 unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ? 842 key_quota_root_maxkeys : key_quota_maxkeys; 843 unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ? 844 key_quota_root_maxbytes : key_quota_maxbytes; 845 846 spin_lock(&newowner->lock); 847 if (newowner->qnkeys + 1 >= maxkeys || 848 newowner->qnbytes + key->quotalen >= maxbytes || 849 newowner->qnbytes + key->quotalen < 850 newowner->qnbytes) 851 goto quota_overrun; 852 853 newowner->qnkeys++; 854 newowner->qnbytes += key->quotalen; 855 spin_unlock(&newowner->lock); 856 857 spin_lock(&key->user->lock); 858 key->user->qnkeys--; 859 key->user->qnbytes -= key->quotalen; 860 spin_unlock(&key->user->lock); 861 } 862 863 atomic_dec(&key->user->nkeys); 864 atomic_inc(&newowner->nkeys); 865 866 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 867 atomic_dec(&key->user->nikeys); 868 atomic_inc(&newowner->nikeys); 869 } 870 871 zapowner = key->user; 872 key->user = newowner; 873 key->uid = uid; 874 } 875 876 /* change the GID */ 877 if (group != (gid_t) -1) 878 key->gid = gid; 879 880 ret = 0; 881 882 error_put: 883 up_write(&key->sem); 884 key_put(key); 885 if (zapowner) 886 key_user_put(zapowner); 887 error: 888 return ret; 889 890 quota_overrun: 891 spin_unlock(&newowner->lock); 892 zapowner = newowner; 893 ret = -EDQUOT; 894 goto error_put; 895 } 896 897 /* 898 * Change the permission mask on a key. 899 * 900 * The key must grant the caller Setattr permission for this to work, though 901 * the key need not be fully instantiated yet. If the caller does not have 902 * sysadmin capability, it may only change the permission on keys that it owns. 903 */ 904 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 905 { 906 struct key *key; 907 key_ref_t key_ref; 908 long ret; 909 910 ret = -EINVAL; 911 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 912 goto error; 913 914 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 915 KEY_NEED_SETATTR); 916 if (IS_ERR(key_ref)) { 917 ret = PTR_ERR(key_ref); 918 goto error; 919 } 920 921 key = key_ref_to_ptr(key_ref); 922 923 /* make the changes with the locks held to prevent chown/chmod races */ 924 ret = -EACCES; 925 down_write(&key->sem); 926 927 /* if we're not the sysadmin, we can only change a key that we own */ 928 if (capable(CAP_SYS_ADMIN) || uid_eq(key->uid, current_fsuid())) { 929 key->perm = perm; 930 ret = 0; 931 } 932 933 up_write(&key->sem); 934 key_put(key); 935 error: 936 return ret; 937 } 938 939 /* 940 * Get the destination keyring for instantiation and check that the caller has 941 * Write permission on it. 942 */ 943 static long get_instantiation_keyring(key_serial_t ringid, 944 struct request_key_auth *rka, 945 struct key **_dest_keyring) 946 { 947 key_ref_t dkref; 948 949 *_dest_keyring = NULL; 950 951 /* just return a NULL pointer if we weren't asked to make a link */ 952 if (ringid == 0) 953 return 0; 954 955 /* if a specific keyring is nominated by ID, then use that */ 956 if (ringid > 0) { 957 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); 958 if (IS_ERR(dkref)) 959 return PTR_ERR(dkref); 960 *_dest_keyring = key_ref_to_ptr(dkref); 961 return 0; 962 } 963 964 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 965 return -EINVAL; 966 967 /* otherwise specify the destination keyring recorded in the 968 * authorisation key (any KEY_SPEC_*_KEYRING) */ 969 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 970 *_dest_keyring = key_get(rka->dest_keyring); 971 return 0; 972 } 973 974 return -ENOKEY; 975 } 976 977 /* 978 * Change the request_key authorisation key on the current process. 979 */ 980 static int keyctl_change_reqkey_auth(struct key *key) 981 { 982 struct cred *new; 983 984 new = prepare_creds(); 985 if (!new) 986 return -ENOMEM; 987 988 key_put(new->request_key_auth); 989 new->request_key_auth = key_get(key); 990 991 return commit_creds(new); 992 } 993 994 /* 995 * Instantiate a key with the specified payload and link the key into the 996 * destination keyring if one is given. 997 * 998 * The caller must have the appropriate instantiation permit set for this to 999 * work (see keyctl_assume_authority). No other permissions are required. 1000 * 1001 * If successful, 0 will be returned. 1002 */ 1003 long keyctl_instantiate_key_common(key_serial_t id, 1004 struct iov_iter *from, 1005 key_serial_t ringid) 1006 { 1007 const struct cred *cred = current_cred(); 1008 struct request_key_auth *rka; 1009 struct key *instkey, *dest_keyring; 1010 size_t plen = from ? iov_iter_count(from) : 0; 1011 void *payload; 1012 long ret; 1013 1014 kenter("%d,,%zu,%d", id, plen, ringid); 1015 1016 if (!plen) 1017 from = NULL; 1018 1019 ret = -EINVAL; 1020 if (plen > 1024 * 1024 - 1) 1021 goto error; 1022 1023 /* the appropriate instantiation authorisation key must have been 1024 * assumed before calling this */ 1025 ret = -EPERM; 1026 instkey = cred->request_key_auth; 1027 if (!instkey) 1028 goto error; 1029 1030 rka = instkey->payload.data[0]; 1031 if (rka->target_key->serial != id) 1032 goto error; 1033 1034 /* pull the payload in if one was supplied */ 1035 payload = NULL; 1036 1037 if (from) { 1038 ret = -ENOMEM; 1039 payload = kmalloc(plen, GFP_KERNEL); 1040 if (!payload) { 1041 if (plen <= PAGE_SIZE) 1042 goto error; 1043 payload = vmalloc(plen); 1044 if (!payload) 1045 goto error; 1046 } 1047 1048 ret = -EFAULT; 1049 if (copy_from_iter(payload, plen, from) != plen) 1050 goto error2; 1051 } 1052 1053 /* find the destination keyring amongst those belonging to the 1054 * requesting task */ 1055 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1056 if (ret < 0) 1057 goto error2; 1058 1059 /* instantiate the key and link it into a keyring */ 1060 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1061 dest_keyring, instkey); 1062 1063 key_put(dest_keyring); 1064 1065 /* discard the assumed authority if it's just been disabled by 1066 * instantiation of the key */ 1067 if (ret == 0) 1068 keyctl_change_reqkey_auth(NULL); 1069 1070 error2: 1071 kvfree(payload); 1072 error: 1073 return ret; 1074 } 1075 1076 /* 1077 * Instantiate a key with the specified payload and link the key into the 1078 * destination keyring if one is given. 1079 * 1080 * The caller must have the appropriate instantiation permit set for this to 1081 * work (see keyctl_assume_authority). No other permissions are required. 1082 * 1083 * If successful, 0 will be returned. 1084 */ 1085 long keyctl_instantiate_key(key_serial_t id, 1086 const void __user *_payload, 1087 size_t plen, 1088 key_serial_t ringid) 1089 { 1090 if (_payload && plen) { 1091 struct iovec iov; 1092 struct iov_iter from; 1093 int ret; 1094 1095 ret = import_single_range(WRITE, (void __user *)_payload, plen, 1096 &iov, &from); 1097 if (unlikely(ret)) 1098 return ret; 1099 1100 return keyctl_instantiate_key_common(id, &from, ringid); 1101 } 1102 1103 return keyctl_instantiate_key_common(id, NULL, ringid); 1104 } 1105 1106 /* 1107 * Instantiate a key with the specified multipart payload and link the key into 1108 * the destination keyring if one is given. 1109 * 1110 * The caller must have the appropriate instantiation permit set for this to 1111 * work (see keyctl_assume_authority). No other permissions are required. 1112 * 1113 * If successful, 0 will be returned. 1114 */ 1115 long keyctl_instantiate_key_iov(key_serial_t id, 1116 const struct iovec __user *_payload_iov, 1117 unsigned ioc, 1118 key_serial_t ringid) 1119 { 1120 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1121 struct iov_iter from; 1122 long ret; 1123 1124 if (!_payload_iov) 1125 ioc = 0; 1126 1127 ret = import_iovec(WRITE, _payload_iov, ioc, 1128 ARRAY_SIZE(iovstack), &iov, &from); 1129 if (ret < 0) 1130 return ret; 1131 ret = keyctl_instantiate_key_common(id, &from, ringid); 1132 kfree(iov); 1133 return ret; 1134 } 1135 1136 /* 1137 * Negatively instantiate the key with the given timeout (in seconds) and link 1138 * the key into the destination keyring if one is given. 1139 * 1140 * The caller must have the appropriate instantiation permit set for this to 1141 * work (see keyctl_assume_authority). No other permissions are required. 1142 * 1143 * The key and any links to the key will be automatically garbage collected 1144 * after the timeout expires. 1145 * 1146 * Negative keys are used to rate limit repeated request_key() calls by causing 1147 * them to return -ENOKEY until the negative key expires. 1148 * 1149 * If successful, 0 will be returned. 1150 */ 1151 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1152 { 1153 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1154 } 1155 1156 /* 1157 * Negatively instantiate the key with the given timeout (in seconds) and error 1158 * code and link the key into the destination keyring if one is given. 1159 * 1160 * The caller must have the appropriate instantiation permit set for this to 1161 * work (see keyctl_assume_authority). No other permissions are required. 1162 * 1163 * The key and any links to the key will be automatically garbage collected 1164 * after the timeout expires. 1165 * 1166 * Negative keys are used to rate limit repeated request_key() calls by causing 1167 * them to return the specified error code until the negative key expires. 1168 * 1169 * If successful, 0 will be returned. 1170 */ 1171 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1172 key_serial_t ringid) 1173 { 1174 const struct cred *cred = current_cred(); 1175 struct request_key_auth *rka; 1176 struct key *instkey, *dest_keyring; 1177 long ret; 1178 1179 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1180 1181 /* must be a valid error code and mustn't be a kernel special */ 1182 if (error <= 0 || 1183 error >= MAX_ERRNO || 1184 error == ERESTARTSYS || 1185 error == ERESTARTNOINTR || 1186 error == ERESTARTNOHAND || 1187 error == ERESTART_RESTARTBLOCK) 1188 return -EINVAL; 1189 1190 /* the appropriate instantiation authorisation key must have been 1191 * assumed before calling this */ 1192 ret = -EPERM; 1193 instkey = cred->request_key_auth; 1194 if (!instkey) 1195 goto error; 1196 1197 rka = instkey->payload.data[0]; 1198 if (rka->target_key->serial != id) 1199 goto error; 1200 1201 /* find the destination keyring if present (which must also be 1202 * writable) */ 1203 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1204 if (ret < 0) 1205 goto error; 1206 1207 /* instantiate the key and link it into a keyring */ 1208 ret = key_reject_and_link(rka->target_key, timeout, error, 1209 dest_keyring, instkey); 1210 1211 key_put(dest_keyring); 1212 1213 /* discard the assumed authority if it's just been disabled by 1214 * instantiation of the key */ 1215 if (ret == 0) 1216 keyctl_change_reqkey_auth(NULL); 1217 1218 error: 1219 return ret; 1220 } 1221 1222 /* 1223 * Read or set the default keyring in which request_key() will cache keys and 1224 * return the old setting. 1225 * 1226 * If a process keyring is specified then this will be created if it doesn't 1227 * yet exist. The old setting will be returned if successful. 1228 */ 1229 long keyctl_set_reqkey_keyring(int reqkey_defl) 1230 { 1231 struct cred *new; 1232 int ret, old_setting; 1233 1234 old_setting = current_cred_xxx(jit_keyring); 1235 1236 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1237 return old_setting; 1238 1239 new = prepare_creds(); 1240 if (!new) 1241 return -ENOMEM; 1242 1243 switch (reqkey_defl) { 1244 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1245 ret = install_thread_keyring_to_cred(new); 1246 if (ret < 0) 1247 goto error; 1248 goto set; 1249 1250 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1251 ret = install_process_keyring_to_cred(new); 1252 if (ret < 0) { 1253 if (ret != -EEXIST) 1254 goto error; 1255 ret = 0; 1256 } 1257 goto set; 1258 1259 case KEY_REQKEY_DEFL_DEFAULT: 1260 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1261 case KEY_REQKEY_DEFL_USER_KEYRING: 1262 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1263 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1264 goto set; 1265 1266 case KEY_REQKEY_DEFL_NO_CHANGE: 1267 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1268 default: 1269 ret = -EINVAL; 1270 goto error; 1271 } 1272 1273 set: 1274 new->jit_keyring = reqkey_defl; 1275 commit_creds(new); 1276 return old_setting; 1277 error: 1278 abort_creds(new); 1279 return ret; 1280 } 1281 1282 /* 1283 * Set or clear the timeout on a key. 1284 * 1285 * Either the key must grant the caller Setattr permission or else the caller 1286 * must hold an instantiation authorisation token for the key. 1287 * 1288 * The timeout is either 0 to clear the timeout, or a number of seconds from 1289 * the current time. The key and any links to the key will be automatically 1290 * garbage collected after the timeout expires. 1291 * 1292 * If successful, 0 is returned. 1293 */ 1294 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1295 { 1296 struct key *key, *instkey; 1297 key_ref_t key_ref; 1298 long ret; 1299 1300 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1301 KEY_NEED_SETATTR); 1302 if (IS_ERR(key_ref)) { 1303 /* setting the timeout on a key under construction is permitted 1304 * if we have the authorisation token handy */ 1305 if (PTR_ERR(key_ref) == -EACCES) { 1306 instkey = key_get_instantiation_authkey(id); 1307 if (!IS_ERR(instkey)) { 1308 key_put(instkey); 1309 key_ref = lookup_user_key(id, 1310 KEY_LOOKUP_PARTIAL, 1311 0); 1312 if (!IS_ERR(key_ref)) 1313 goto okay; 1314 } 1315 } 1316 1317 ret = PTR_ERR(key_ref); 1318 goto error; 1319 } 1320 1321 okay: 1322 key = key_ref_to_ptr(key_ref); 1323 key_set_timeout(key, timeout); 1324 key_put(key); 1325 1326 ret = 0; 1327 error: 1328 return ret; 1329 } 1330 1331 /* 1332 * Assume (or clear) the authority to instantiate the specified key. 1333 * 1334 * This sets the authoritative token currently in force for key instantiation. 1335 * This must be done for a key to be instantiated. It has the effect of making 1336 * available all the keys from the caller of the request_key() that created a 1337 * key to request_key() calls made by the caller of this function. 1338 * 1339 * The caller must have the instantiation key in their process keyrings with a 1340 * Search permission grant available to the caller. 1341 * 1342 * If the ID given is 0, then the setting will be cleared and 0 returned. 1343 * 1344 * If the ID given has a matching an authorisation key, then that key will be 1345 * set and its ID will be returned. The authorisation key can be read to get 1346 * the callout information passed to request_key(). 1347 */ 1348 long keyctl_assume_authority(key_serial_t id) 1349 { 1350 struct key *authkey; 1351 long ret; 1352 1353 /* special key IDs aren't permitted */ 1354 ret = -EINVAL; 1355 if (id < 0) 1356 goto error; 1357 1358 /* we divest ourselves of authority if given an ID of 0 */ 1359 if (id == 0) { 1360 ret = keyctl_change_reqkey_auth(NULL); 1361 goto error; 1362 } 1363 1364 /* attempt to assume the authority temporarily granted to us whilst we 1365 * instantiate the specified key 1366 * - the authorisation key must be in the current task's keyrings 1367 * somewhere 1368 */ 1369 authkey = key_get_instantiation_authkey(id); 1370 if (IS_ERR(authkey)) { 1371 ret = PTR_ERR(authkey); 1372 goto error; 1373 } 1374 1375 ret = keyctl_change_reqkey_auth(authkey); 1376 if (ret < 0) 1377 goto error; 1378 key_put(authkey); 1379 1380 ret = authkey->serial; 1381 error: 1382 return ret; 1383 } 1384 1385 /* 1386 * Get a key's the LSM security label. 1387 * 1388 * The key must grant the caller View permission for this to work. 1389 * 1390 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1391 * 1392 * If successful, the amount of information available will be returned, 1393 * irrespective of how much was copied (including the terminal NUL). 1394 */ 1395 long keyctl_get_security(key_serial_t keyid, 1396 char __user *buffer, 1397 size_t buflen) 1398 { 1399 struct key *key, *instkey; 1400 key_ref_t key_ref; 1401 char *context; 1402 long ret; 1403 1404 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); 1405 if (IS_ERR(key_ref)) { 1406 if (PTR_ERR(key_ref) != -EACCES) 1407 return PTR_ERR(key_ref); 1408 1409 /* viewing a key under construction is also permitted if we 1410 * have the authorisation token handy */ 1411 instkey = key_get_instantiation_authkey(keyid); 1412 if (IS_ERR(instkey)) 1413 return PTR_ERR(instkey); 1414 key_put(instkey); 1415 1416 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1417 if (IS_ERR(key_ref)) 1418 return PTR_ERR(key_ref); 1419 } 1420 1421 key = key_ref_to_ptr(key_ref); 1422 ret = security_key_getsecurity(key, &context); 1423 if (ret == 0) { 1424 /* if no information was returned, give userspace an empty 1425 * string */ 1426 ret = 1; 1427 if (buffer && buflen > 0 && 1428 copy_to_user(buffer, "", 1) != 0) 1429 ret = -EFAULT; 1430 } else if (ret > 0) { 1431 /* return as much data as there's room for */ 1432 if (buffer && buflen > 0) { 1433 if (buflen > ret) 1434 buflen = ret; 1435 1436 if (copy_to_user(buffer, context, buflen) != 0) 1437 ret = -EFAULT; 1438 } 1439 1440 kfree(context); 1441 } 1442 1443 key_ref_put(key_ref); 1444 return ret; 1445 } 1446 1447 /* 1448 * Attempt to install the calling process's session keyring on the process's 1449 * parent process. 1450 * 1451 * The keyring must exist and must grant the caller LINK permission, and the 1452 * parent process must be single-threaded and must have the same effective 1453 * ownership as this process and mustn't be SUID/SGID. 1454 * 1455 * The keyring will be emplaced on the parent when it next resumes userspace. 1456 * 1457 * If successful, 0 will be returned. 1458 */ 1459 long keyctl_session_to_parent(void) 1460 { 1461 struct task_struct *me, *parent; 1462 const struct cred *mycred, *pcred; 1463 struct callback_head *newwork, *oldwork; 1464 key_ref_t keyring_r; 1465 struct cred *cred; 1466 int ret; 1467 1468 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK); 1469 if (IS_ERR(keyring_r)) 1470 return PTR_ERR(keyring_r); 1471 1472 ret = -ENOMEM; 1473 1474 /* our parent is going to need a new cred struct, a new tgcred struct 1475 * and new security data, so we allocate them here to prevent ENOMEM in 1476 * our parent */ 1477 cred = cred_alloc_blank(); 1478 if (!cred) 1479 goto error_keyring; 1480 newwork = &cred->rcu; 1481 1482 cred->session_keyring = key_ref_to_ptr(keyring_r); 1483 keyring_r = NULL; 1484 init_task_work(newwork, key_change_session_keyring); 1485 1486 me = current; 1487 rcu_read_lock(); 1488 write_lock_irq(&tasklist_lock); 1489 1490 ret = -EPERM; 1491 oldwork = NULL; 1492 parent = me->real_parent; 1493 1494 /* the parent mustn't be init and mustn't be a kernel thread */ 1495 if (parent->pid <= 1 || !parent->mm) 1496 goto unlock; 1497 1498 /* the parent must be single threaded */ 1499 if (!thread_group_empty(parent)) 1500 goto unlock; 1501 1502 /* the parent and the child must have different session keyrings or 1503 * there's no point */ 1504 mycred = current_cred(); 1505 pcred = __task_cred(parent); 1506 if (mycred == pcred || 1507 mycred->session_keyring == pcred->session_keyring) { 1508 ret = 0; 1509 goto unlock; 1510 } 1511 1512 /* the parent must have the same effective ownership and mustn't be 1513 * SUID/SGID */ 1514 if (!uid_eq(pcred->uid, mycred->euid) || 1515 !uid_eq(pcred->euid, mycred->euid) || 1516 !uid_eq(pcred->suid, mycred->euid) || 1517 !gid_eq(pcred->gid, mycred->egid) || 1518 !gid_eq(pcred->egid, mycred->egid) || 1519 !gid_eq(pcred->sgid, mycred->egid)) 1520 goto unlock; 1521 1522 /* the keyrings must have the same UID */ 1523 if ((pcred->session_keyring && 1524 !uid_eq(pcred->session_keyring->uid, mycred->euid)) || 1525 !uid_eq(mycred->session_keyring->uid, mycred->euid)) 1526 goto unlock; 1527 1528 /* cancel an already pending keyring replacement */ 1529 oldwork = task_work_cancel(parent, key_change_session_keyring); 1530 1531 /* the replacement session keyring is applied just prior to userspace 1532 * restarting */ 1533 ret = task_work_add(parent, newwork, true); 1534 if (!ret) 1535 newwork = NULL; 1536 unlock: 1537 write_unlock_irq(&tasklist_lock); 1538 rcu_read_unlock(); 1539 if (oldwork) 1540 put_cred(container_of(oldwork, struct cred, rcu)); 1541 if (newwork) 1542 put_cred(cred); 1543 return ret; 1544 1545 error_keyring: 1546 key_ref_put(keyring_r); 1547 return ret; 1548 } 1549 1550 /* 1551 * The key control system call 1552 */ 1553 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1554 unsigned long, arg4, unsigned long, arg5) 1555 { 1556 switch (option) { 1557 case KEYCTL_GET_KEYRING_ID: 1558 return keyctl_get_keyring_ID((key_serial_t) arg2, 1559 (int) arg3); 1560 1561 case KEYCTL_JOIN_SESSION_KEYRING: 1562 return keyctl_join_session_keyring((const char __user *) arg2); 1563 1564 case KEYCTL_UPDATE: 1565 return keyctl_update_key((key_serial_t) arg2, 1566 (const void __user *) arg3, 1567 (size_t) arg4); 1568 1569 case KEYCTL_REVOKE: 1570 return keyctl_revoke_key((key_serial_t) arg2); 1571 1572 case KEYCTL_DESCRIBE: 1573 return keyctl_describe_key((key_serial_t) arg2, 1574 (char __user *) arg3, 1575 (unsigned) arg4); 1576 1577 case KEYCTL_CLEAR: 1578 return keyctl_keyring_clear((key_serial_t) arg2); 1579 1580 case KEYCTL_LINK: 1581 return keyctl_keyring_link((key_serial_t) arg2, 1582 (key_serial_t) arg3); 1583 1584 case KEYCTL_UNLINK: 1585 return keyctl_keyring_unlink((key_serial_t) arg2, 1586 (key_serial_t) arg3); 1587 1588 case KEYCTL_SEARCH: 1589 return keyctl_keyring_search((key_serial_t) arg2, 1590 (const char __user *) arg3, 1591 (const char __user *) arg4, 1592 (key_serial_t) arg5); 1593 1594 case KEYCTL_READ: 1595 return keyctl_read_key((key_serial_t) arg2, 1596 (char __user *) arg3, 1597 (size_t) arg4); 1598 1599 case KEYCTL_CHOWN: 1600 return keyctl_chown_key((key_serial_t) arg2, 1601 (uid_t) arg3, 1602 (gid_t) arg4); 1603 1604 case KEYCTL_SETPERM: 1605 return keyctl_setperm_key((key_serial_t) arg2, 1606 (key_perm_t) arg3); 1607 1608 case KEYCTL_INSTANTIATE: 1609 return keyctl_instantiate_key((key_serial_t) arg2, 1610 (const void __user *) arg3, 1611 (size_t) arg4, 1612 (key_serial_t) arg5); 1613 1614 case KEYCTL_NEGATE: 1615 return keyctl_negate_key((key_serial_t) arg2, 1616 (unsigned) arg3, 1617 (key_serial_t) arg4); 1618 1619 case KEYCTL_SET_REQKEY_KEYRING: 1620 return keyctl_set_reqkey_keyring(arg2); 1621 1622 case KEYCTL_SET_TIMEOUT: 1623 return keyctl_set_timeout((key_serial_t) arg2, 1624 (unsigned) arg3); 1625 1626 case KEYCTL_ASSUME_AUTHORITY: 1627 return keyctl_assume_authority((key_serial_t) arg2); 1628 1629 case KEYCTL_GET_SECURITY: 1630 return keyctl_get_security((key_serial_t) arg2, 1631 (char __user *) arg3, 1632 (size_t) arg4); 1633 1634 case KEYCTL_SESSION_TO_PARENT: 1635 return keyctl_session_to_parent(); 1636 1637 case KEYCTL_REJECT: 1638 return keyctl_reject_key((key_serial_t) arg2, 1639 (unsigned) arg3, 1640 (unsigned) arg4, 1641 (key_serial_t) arg5); 1642 1643 case KEYCTL_INSTANTIATE_IOV: 1644 return keyctl_instantiate_key_iov( 1645 (key_serial_t) arg2, 1646 (const struct iovec __user *) arg3, 1647 (unsigned) arg4, 1648 (key_serial_t) arg5); 1649 1650 case KEYCTL_INVALIDATE: 1651 return keyctl_invalidate_key((key_serial_t) arg2); 1652 1653 case KEYCTL_GET_PERSISTENT: 1654 return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3); 1655 1656 default: 1657 return -EOPNOTSUPP; 1658 } 1659 } 1660