1 /* Userspace key control operations 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/syscalls.h> 17 #include <linux/key.h> 18 #include <linux/keyctl.h> 19 #include <linux/fs.h> 20 #include <linux/capability.h> 21 #include <linux/string.h> 22 #include <linux/err.h> 23 #include <linux/vmalloc.h> 24 #include <linux/security.h> 25 #include <asm/uaccess.h> 26 #include "internal.h" 27 28 static int key_get_type_from_user(char *type, 29 const char __user *_type, 30 unsigned len) 31 { 32 int ret; 33 34 ret = strncpy_from_user(type, _type, len); 35 if (ret < 0) 36 return ret; 37 if (ret == 0 || ret >= len) 38 return -EINVAL; 39 if (type[0] == '.') 40 return -EPERM; 41 type[len - 1] = '\0'; 42 return 0; 43 } 44 45 /* 46 * Extract the description of a new key from userspace and either add it as a 47 * new key to the specified keyring or update a matching key in that keyring. 48 * 49 * The keyring must be writable so that we can attach the key to it. 50 * 51 * If successful, the new key's serial number is returned, otherwise an error 52 * code is returned. 53 */ 54 SYSCALL_DEFINE5(add_key, const char __user *, _type, 55 const char __user *, _description, 56 const void __user *, _payload, 57 size_t, plen, 58 key_serial_t, ringid) 59 { 60 key_ref_t keyring_ref, key_ref; 61 char type[32], *description; 62 void *payload; 63 long ret; 64 bool vm; 65 66 ret = -EINVAL; 67 if (plen > 1024 * 1024 - 1) 68 goto error; 69 70 /* draw all the data into kernel space */ 71 ret = key_get_type_from_user(type, _type, sizeof(type)); 72 if (ret < 0) 73 goto error; 74 75 description = strndup_user(_description, PAGE_SIZE); 76 if (IS_ERR(description)) { 77 ret = PTR_ERR(description); 78 goto error; 79 } 80 81 /* pull the payload in if one was supplied */ 82 payload = NULL; 83 84 vm = false; 85 if (_payload) { 86 ret = -ENOMEM; 87 payload = kmalloc(plen, GFP_KERNEL); 88 if (!payload) { 89 if (plen <= PAGE_SIZE) 90 goto error2; 91 vm = true; 92 payload = vmalloc(plen); 93 if (!payload) 94 goto error2; 95 } 96 97 ret = -EFAULT; 98 if (copy_from_user(payload, _payload, plen) != 0) 99 goto error3; 100 } 101 102 /* find the target keyring (which must be writable) */ 103 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 104 if (IS_ERR(keyring_ref)) { 105 ret = PTR_ERR(keyring_ref); 106 goto error3; 107 } 108 109 /* create or update the requested key and add it to the target 110 * keyring */ 111 key_ref = key_create_or_update(keyring_ref, type, description, 112 payload, plen, KEY_PERM_UNDEF, 113 KEY_ALLOC_IN_QUOTA); 114 if (!IS_ERR(key_ref)) { 115 ret = key_ref_to_ptr(key_ref)->serial; 116 key_ref_put(key_ref); 117 } 118 else { 119 ret = PTR_ERR(key_ref); 120 } 121 122 key_ref_put(keyring_ref); 123 error3: 124 if (!vm) 125 kfree(payload); 126 else 127 vfree(payload); 128 error2: 129 kfree(description); 130 error: 131 return ret; 132 } 133 134 /* 135 * Search the process keyrings and keyring trees linked from those for a 136 * matching key. Keyrings must have appropriate Search permission to be 137 * searched. 138 * 139 * If a key is found, it will be attached to the destination keyring if there's 140 * one specified and the serial number of the key will be returned. 141 * 142 * If no key is found, /sbin/request-key will be invoked if _callout_info is 143 * non-NULL in an attempt to create a key. The _callout_info string will be 144 * passed to /sbin/request-key to aid with completing the request. If the 145 * _callout_info string is "" then it will be changed to "-". 146 */ 147 SYSCALL_DEFINE4(request_key, const char __user *, _type, 148 const char __user *, _description, 149 const char __user *, _callout_info, 150 key_serial_t, destringid) 151 { 152 struct key_type *ktype; 153 struct key *key; 154 key_ref_t dest_ref; 155 size_t callout_len; 156 char type[32], *description, *callout_info; 157 long ret; 158 159 /* pull the type into kernel space */ 160 ret = key_get_type_from_user(type, _type, sizeof(type)); 161 if (ret < 0) 162 goto error; 163 164 /* pull the description into kernel space */ 165 description = strndup_user(_description, PAGE_SIZE); 166 if (IS_ERR(description)) { 167 ret = PTR_ERR(description); 168 goto error; 169 } 170 171 /* pull the callout info into kernel space */ 172 callout_info = NULL; 173 callout_len = 0; 174 if (_callout_info) { 175 callout_info = strndup_user(_callout_info, PAGE_SIZE); 176 if (IS_ERR(callout_info)) { 177 ret = PTR_ERR(callout_info); 178 goto error2; 179 } 180 callout_len = strlen(callout_info); 181 } 182 183 /* get the destination keyring if specified */ 184 dest_ref = NULL; 185 if (destringid) { 186 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 187 KEY_WRITE); 188 if (IS_ERR(dest_ref)) { 189 ret = PTR_ERR(dest_ref); 190 goto error3; 191 } 192 } 193 194 /* find the key type */ 195 ktype = key_type_lookup(type); 196 if (IS_ERR(ktype)) { 197 ret = PTR_ERR(ktype); 198 goto error4; 199 } 200 201 /* do the search */ 202 key = request_key_and_link(ktype, description, callout_info, 203 callout_len, NULL, key_ref_to_ptr(dest_ref), 204 KEY_ALLOC_IN_QUOTA); 205 if (IS_ERR(key)) { 206 ret = PTR_ERR(key); 207 goto error5; 208 } 209 210 /* wait for the key to finish being constructed */ 211 ret = wait_for_key_construction(key, 1); 212 if (ret < 0) 213 goto error6; 214 215 ret = key->serial; 216 217 error6: 218 key_put(key); 219 error5: 220 key_type_put(ktype); 221 error4: 222 key_ref_put(dest_ref); 223 error3: 224 kfree(callout_info); 225 error2: 226 kfree(description); 227 error: 228 return ret; 229 } 230 231 /* 232 * Get the ID of the specified process keyring. 233 * 234 * The requested keyring must have search permission to be found. 235 * 236 * If successful, the ID of the requested keyring will be returned. 237 */ 238 long keyctl_get_keyring_ID(key_serial_t id, int create) 239 { 240 key_ref_t key_ref; 241 unsigned long lflags; 242 long ret; 243 244 lflags = create ? KEY_LOOKUP_CREATE : 0; 245 key_ref = lookup_user_key(id, lflags, KEY_SEARCH); 246 if (IS_ERR(key_ref)) { 247 ret = PTR_ERR(key_ref); 248 goto error; 249 } 250 251 ret = key_ref_to_ptr(key_ref)->serial; 252 key_ref_put(key_ref); 253 error: 254 return ret; 255 } 256 257 /* 258 * Join a (named) session keyring. 259 * 260 * Create and join an anonymous session keyring or join a named session 261 * keyring, creating it if necessary. A named session keyring must have Search 262 * permission for it to be joined. Session keyrings without this permit will 263 * be skipped over. 264 * 265 * If successful, the ID of the joined session keyring will be returned. 266 */ 267 long keyctl_join_session_keyring(const char __user *_name) 268 { 269 char *name; 270 long ret; 271 272 /* fetch the name from userspace */ 273 name = NULL; 274 if (_name) { 275 name = strndup_user(_name, PAGE_SIZE); 276 if (IS_ERR(name)) { 277 ret = PTR_ERR(name); 278 goto error; 279 } 280 } 281 282 /* join the session */ 283 ret = join_session_keyring(name); 284 kfree(name); 285 286 error: 287 return ret; 288 } 289 290 /* 291 * Update a key's data payload from the given data. 292 * 293 * The key must grant the caller Write permission and the key type must support 294 * updating for this to work. A negative key can be positively instantiated 295 * with this call. 296 * 297 * If successful, 0 will be returned. If the key type does not support 298 * updating, then -EOPNOTSUPP will be returned. 299 */ 300 long keyctl_update_key(key_serial_t id, 301 const void __user *_payload, 302 size_t plen) 303 { 304 key_ref_t key_ref; 305 void *payload; 306 long ret; 307 308 ret = -EINVAL; 309 if (plen > PAGE_SIZE) 310 goto error; 311 312 /* pull the payload in if one was supplied */ 313 payload = NULL; 314 if (_payload) { 315 ret = -ENOMEM; 316 payload = kmalloc(plen, GFP_KERNEL); 317 if (!payload) 318 goto error; 319 320 ret = -EFAULT; 321 if (copy_from_user(payload, _payload, plen) != 0) 322 goto error2; 323 } 324 325 /* find the target key (which must be writable) */ 326 key_ref = lookup_user_key(id, 0, KEY_WRITE); 327 if (IS_ERR(key_ref)) { 328 ret = PTR_ERR(key_ref); 329 goto error2; 330 } 331 332 /* update the key */ 333 ret = key_update(key_ref, payload, plen); 334 335 key_ref_put(key_ref); 336 error2: 337 kfree(payload); 338 error: 339 return ret; 340 } 341 342 /* 343 * Revoke a key. 344 * 345 * The key must be grant the caller Write or Setattr permission for this to 346 * work. The key type should give up its quota claim when revoked. The key 347 * and any links to the key will be automatically garbage collected after a 348 * certain amount of time (/proc/sys/kernel/keys/gc_delay). 349 * 350 * If successful, 0 is returned. 351 */ 352 long keyctl_revoke_key(key_serial_t id) 353 { 354 key_ref_t key_ref; 355 long ret; 356 357 key_ref = lookup_user_key(id, 0, KEY_WRITE); 358 if (IS_ERR(key_ref)) { 359 ret = PTR_ERR(key_ref); 360 if (ret != -EACCES) 361 goto error; 362 key_ref = lookup_user_key(id, 0, KEY_SETATTR); 363 if (IS_ERR(key_ref)) { 364 ret = PTR_ERR(key_ref); 365 goto error; 366 } 367 } 368 369 key_revoke(key_ref_to_ptr(key_ref)); 370 ret = 0; 371 372 key_ref_put(key_ref); 373 error: 374 return ret; 375 } 376 377 /* 378 * Clear the specified keyring, creating an empty process keyring if one of the 379 * special keyring IDs is used. 380 * 381 * The keyring must grant the caller Write permission for this to work. If 382 * successful, 0 will be returned. 383 */ 384 long keyctl_keyring_clear(key_serial_t ringid) 385 { 386 key_ref_t keyring_ref; 387 long ret; 388 389 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 390 if (IS_ERR(keyring_ref)) { 391 ret = PTR_ERR(keyring_ref); 392 393 /* Root is permitted to invalidate certain special keyrings */ 394 if (capable(CAP_SYS_ADMIN)) { 395 keyring_ref = lookup_user_key(ringid, 0, 0); 396 if (IS_ERR(keyring_ref)) 397 goto error; 398 if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR, 399 &key_ref_to_ptr(keyring_ref)->flags)) 400 goto clear; 401 goto error_put; 402 } 403 404 goto error; 405 } 406 407 clear: 408 ret = keyring_clear(key_ref_to_ptr(keyring_ref)); 409 error_put: 410 key_ref_put(keyring_ref); 411 error: 412 return ret; 413 } 414 415 /* 416 * Create a link from a keyring to a key if there's no matching key in the 417 * keyring, otherwise replace the link to the matching key with a link to the 418 * new key. 419 * 420 * The key must grant the caller Link permission and the the keyring must grant 421 * the caller Write permission. Furthermore, if an additional link is created, 422 * the keyring's quota will be extended. 423 * 424 * If successful, 0 will be returned. 425 */ 426 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) 427 { 428 key_ref_t keyring_ref, key_ref; 429 long ret; 430 431 keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 432 if (IS_ERR(keyring_ref)) { 433 ret = PTR_ERR(keyring_ref); 434 goto error; 435 } 436 437 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); 438 if (IS_ERR(key_ref)) { 439 ret = PTR_ERR(key_ref); 440 goto error2; 441 } 442 443 ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 444 445 key_ref_put(key_ref); 446 error2: 447 key_ref_put(keyring_ref); 448 error: 449 return ret; 450 } 451 452 /* 453 * Unlink a key from a keyring. 454 * 455 * The keyring must grant the caller Write permission for this to work; the key 456 * itself need not grant the caller anything. If the last link to a key is 457 * removed then that key will be scheduled for destruction. 458 * 459 * If successful, 0 will be returned. 460 */ 461 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) 462 { 463 key_ref_t keyring_ref, key_ref; 464 long ret; 465 466 keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); 467 if (IS_ERR(keyring_ref)) { 468 ret = PTR_ERR(keyring_ref); 469 goto error; 470 } 471 472 key_ref = lookup_user_key(id, KEY_LOOKUP_FOR_UNLINK, 0); 473 if (IS_ERR(key_ref)) { 474 ret = PTR_ERR(key_ref); 475 goto error2; 476 } 477 478 ret = key_unlink(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref)); 479 480 key_ref_put(key_ref); 481 error2: 482 key_ref_put(keyring_ref); 483 error: 484 return ret; 485 } 486 487 /* 488 * Return a description of a key to userspace. 489 * 490 * The key must grant the caller View permission for this to work. 491 * 492 * If there's a buffer, we place up to buflen bytes of data into it formatted 493 * in the following way: 494 * 495 * type;uid;gid;perm;description<NUL> 496 * 497 * If successful, we return the amount of description available, irrespective 498 * of how much we may have copied into the buffer. 499 */ 500 long keyctl_describe_key(key_serial_t keyid, 501 char __user *buffer, 502 size_t buflen) 503 { 504 struct key *key, *instkey; 505 key_ref_t key_ref; 506 char *tmpbuf; 507 long ret; 508 509 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 510 if (IS_ERR(key_ref)) { 511 /* viewing a key under construction is permitted if we have the 512 * authorisation token handy */ 513 if (PTR_ERR(key_ref) == -EACCES) { 514 instkey = key_get_instantiation_authkey(keyid); 515 if (!IS_ERR(instkey)) { 516 key_put(instkey); 517 key_ref = lookup_user_key(keyid, 518 KEY_LOOKUP_PARTIAL, 519 0); 520 if (!IS_ERR(key_ref)) 521 goto okay; 522 } 523 } 524 525 ret = PTR_ERR(key_ref); 526 goto error; 527 } 528 529 okay: 530 /* calculate how much description we're going to return */ 531 ret = -ENOMEM; 532 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL); 533 if (!tmpbuf) 534 goto error2; 535 536 key = key_ref_to_ptr(key_ref); 537 538 ret = snprintf(tmpbuf, PAGE_SIZE - 1, 539 "%s;%d;%d;%08x;%s", 540 key->type->name, 541 key->uid, 542 key->gid, 543 key->perm, 544 key->description ?: ""); 545 546 /* include a NUL char at the end of the data */ 547 if (ret > PAGE_SIZE - 1) 548 ret = PAGE_SIZE - 1; 549 tmpbuf[ret] = 0; 550 ret++; 551 552 /* consider returning the data */ 553 if (buffer && buflen > 0) { 554 if (buflen > ret) 555 buflen = ret; 556 557 if (copy_to_user(buffer, tmpbuf, buflen) != 0) 558 ret = -EFAULT; 559 } 560 561 kfree(tmpbuf); 562 error2: 563 key_ref_put(key_ref); 564 error: 565 return ret; 566 } 567 568 /* 569 * Search the specified keyring and any keyrings it links to for a matching 570 * key. Only keyrings that grant the caller Search permission will be searched 571 * (this includes the starting keyring). Only keys with Search permission can 572 * be found. 573 * 574 * If successful, the found key will be linked to the destination keyring if 575 * supplied and the key has Link permission, and the found key ID will be 576 * returned. 577 */ 578 long keyctl_keyring_search(key_serial_t ringid, 579 const char __user *_type, 580 const char __user *_description, 581 key_serial_t destringid) 582 { 583 struct key_type *ktype; 584 key_ref_t keyring_ref, key_ref, dest_ref; 585 char type[32], *description; 586 long ret; 587 588 /* pull the type and description into kernel space */ 589 ret = key_get_type_from_user(type, _type, sizeof(type)); 590 if (ret < 0) 591 goto error; 592 593 description = strndup_user(_description, PAGE_SIZE); 594 if (IS_ERR(description)) { 595 ret = PTR_ERR(description); 596 goto error; 597 } 598 599 /* get the keyring at which to begin the search */ 600 keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); 601 if (IS_ERR(keyring_ref)) { 602 ret = PTR_ERR(keyring_ref); 603 goto error2; 604 } 605 606 /* get the destination keyring if specified */ 607 dest_ref = NULL; 608 if (destringid) { 609 dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, 610 KEY_WRITE); 611 if (IS_ERR(dest_ref)) { 612 ret = PTR_ERR(dest_ref); 613 goto error3; 614 } 615 } 616 617 /* find the key type */ 618 ktype = key_type_lookup(type); 619 if (IS_ERR(ktype)) { 620 ret = PTR_ERR(ktype); 621 goto error4; 622 } 623 624 /* do the search */ 625 key_ref = keyring_search(keyring_ref, ktype, description); 626 if (IS_ERR(key_ref)) { 627 ret = PTR_ERR(key_ref); 628 629 /* treat lack or presence of a negative key the same */ 630 if (ret == -EAGAIN) 631 ret = -ENOKEY; 632 goto error5; 633 } 634 635 /* link the resulting key to the destination keyring if we can */ 636 if (dest_ref) { 637 ret = key_permission(key_ref, KEY_LINK); 638 if (ret < 0) 639 goto error6; 640 641 ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref)); 642 if (ret < 0) 643 goto error6; 644 } 645 646 ret = key_ref_to_ptr(key_ref)->serial; 647 648 error6: 649 key_ref_put(key_ref); 650 error5: 651 key_type_put(ktype); 652 error4: 653 key_ref_put(dest_ref); 654 error3: 655 key_ref_put(keyring_ref); 656 error2: 657 kfree(description); 658 error: 659 return ret; 660 } 661 662 /* 663 * Read a key's payload. 664 * 665 * The key must either grant the caller Read permission, or it must grant the 666 * caller Search permission when searched for from the process keyrings. 667 * 668 * If successful, we place up to buflen bytes of data into the buffer, if one 669 * is provided, and return the amount of data that is available in the key, 670 * irrespective of how much we copied into the buffer. 671 */ 672 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) 673 { 674 struct key *key; 675 key_ref_t key_ref; 676 long ret; 677 678 /* find the key first */ 679 key_ref = lookup_user_key(keyid, 0, 0); 680 if (IS_ERR(key_ref)) { 681 ret = -ENOKEY; 682 goto error; 683 } 684 685 key = key_ref_to_ptr(key_ref); 686 687 /* see if we can read it directly */ 688 ret = key_permission(key_ref, KEY_READ); 689 if (ret == 0) 690 goto can_read_key; 691 if (ret != -EACCES) 692 goto error; 693 694 /* we can't; see if it's searchable from this process's keyrings 695 * - we automatically take account of the fact that it may be 696 * dangling off an instantiation key 697 */ 698 if (!is_key_possessed(key_ref)) { 699 ret = -EACCES; 700 goto error2; 701 } 702 703 /* the key is probably readable - now try to read it */ 704 can_read_key: 705 ret = key_validate(key); 706 if (ret == 0) { 707 ret = -EOPNOTSUPP; 708 if (key->type->read) { 709 /* read the data with the semaphore held (since we 710 * might sleep) */ 711 down_read(&key->sem); 712 ret = key->type->read(key, buffer, buflen); 713 up_read(&key->sem); 714 } 715 } 716 717 error2: 718 key_put(key); 719 error: 720 return ret; 721 } 722 723 /* 724 * Change the ownership of a key 725 * 726 * The key must grant the caller Setattr permission for this to work, though 727 * the key need not be fully instantiated yet. For the UID to be changed, or 728 * for the GID to be changed to a group the caller is not a member of, the 729 * caller must have sysadmin capability. If either uid or gid is -1 then that 730 * attribute is not changed. 731 * 732 * If the UID is to be changed, the new user must have sufficient quota to 733 * accept the key. The quota deduction will be removed from the old user to 734 * the new user should the attribute be changed. 735 * 736 * If successful, 0 will be returned. 737 */ 738 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid) 739 { 740 struct key_user *newowner, *zapowner = NULL; 741 struct key *key; 742 key_ref_t key_ref; 743 long ret; 744 745 ret = 0; 746 if (uid == (uid_t) -1 && gid == (gid_t) -1) 747 goto error; 748 749 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 750 KEY_SETATTR); 751 if (IS_ERR(key_ref)) { 752 ret = PTR_ERR(key_ref); 753 goto error; 754 } 755 756 key = key_ref_to_ptr(key_ref); 757 758 /* make the changes with the locks held to prevent chown/chown races */ 759 ret = -EACCES; 760 down_write(&key->sem); 761 762 if (!capable(CAP_SYS_ADMIN)) { 763 /* only the sysadmin can chown a key to some other UID */ 764 if (uid != (uid_t) -1 && key->uid != uid) 765 goto error_put; 766 767 /* only the sysadmin can set the key's GID to a group other 768 * than one of those that the current process subscribes to */ 769 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid)) 770 goto error_put; 771 } 772 773 /* change the UID */ 774 if (uid != (uid_t) -1 && uid != key->uid) { 775 ret = -ENOMEM; 776 newowner = key_user_lookup(uid, current_user_ns()); 777 if (!newowner) 778 goto error_put; 779 780 /* transfer the quota burden to the new user */ 781 if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) { 782 unsigned maxkeys = (uid == 0) ? 783 key_quota_root_maxkeys : key_quota_maxkeys; 784 unsigned maxbytes = (uid == 0) ? 785 key_quota_root_maxbytes : key_quota_maxbytes; 786 787 spin_lock(&newowner->lock); 788 if (newowner->qnkeys + 1 >= maxkeys || 789 newowner->qnbytes + key->quotalen >= maxbytes || 790 newowner->qnbytes + key->quotalen < 791 newowner->qnbytes) 792 goto quota_overrun; 793 794 newowner->qnkeys++; 795 newowner->qnbytes += key->quotalen; 796 spin_unlock(&newowner->lock); 797 798 spin_lock(&key->user->lock); 799 key->user->qnkeys--; 800 key->user->qnbytes -= key->quotalen; 801 spin_unlock(&key->user->lock); 802 } 803 804 atomic_dec(&key->user->nkeys); 805 atomic_inc(&newowner->nkeys); 806 807 if (test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { 808 atomic_dec(&key->user->nikeys); 809 atomic_inc(&newowner->nikeys); 810 } 811 812 zapowner = key->user; 813 key->user = newowner; 814 key->uid = uid; 815 } 816 817 /* change the GID */ 818 if (gid != (gid_t) -1) 819 key->gid = gid; 820 821 ret = 0; 822 823 error_put: 824 up_write(&key->sem); 825 key_put(key); 826 if (zapowner) 827 key_user_put(zapowner); 828 error: 829 return ret; 830 831 quota_overrun: 832 spin_unlock(&newowner->lock); 833 zapowner = newowner; 834 ret = -EDQUOT; 835 goto error_put; 836 } 837 838 /* 839 * Change the permission mask on a key. 840 * 841 * The key must grant the caller Setattr permission for this to work, though 842 * the key need not be fully instantiated yet. If the caller does not have 843 * sysadmin capability, it may only change the permission on keys that it owns. 844 */ 845 long keyctl_setperm_key(key_serial_t id, key_perm_t perm) 846 { 847 struct key *key; 848 key_ref_t key_ref; 849 long ret; 850 851 ret = -EINVAL; 852 if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL)) 853 goto error; 854 855 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 856 KEY_SETATTR); 857 if (IS_ERR(key_ref)) { 858 ret = PTR_ERR(key_ref); 859 goto error; 860 } 861 862 key = key_ref_to_ptr(key_ref); 863 864 /* make the changes with the locks held to prevent chown/chmod races */ 865 ret = -EACCES; 866 down_write(&key->sem); 867 868 /* if we're not the sysadmin, we can only change a key that we own */ 869 if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { 870 key->perm = perm; 871 ret = 0; 872 } 873 874 up_write(&key->sem); 875 key_put(key); 876 error: 877 return ret; 878 } 879 880 /* 881 * Get the destination keyring for instantiation and check that the caller has 882 * Write permission on it. 883 */ 884 static long get_instantiation_keyring(key_serial_t ringid, 885 struct request_key_auth *rka, 886 struct key **_dest_keyring) 887 { 888 key_ref_t dkref; 889 890 *_dest_keyring = NULL; 891 892 /* just return a NULL pointer if we weren't asked to make a link */ 893 if (ringid == 0) 894 return 0; 895 896 /* if a specific keyring is nominated by ID, then use that */ 897 if (ringid > 0) { 898 dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); 899 if (IS_ERR(dkref)) 900 return PTR_ERR(dkref); 901 *_dest_keyring = key_ref_to_ptr(dkref); 902 return 0; 903 } 904 905 if (ringid == KEY_SPEC_REQKEY_AUTH_KEY) 906 return -EINVAL; 907 908 /* otherwise specify the destination keyring recorded in the 909 * authorisation key (any KEY_SPEC_*_KEYRING) */ 910 if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) { 911 *_dest_keyring = key_get(rka->dest_keyring); 912 return 0; 913 } 914 915 return -ENOKEY; 916 } 917 918 /* 919 * Change the request_key authorisation key on the current process. 920 */ 921 static int keyctl_change_reqkey_auth(struct key *key) 922 { 923 struct cred *new; 924 925 new = prepare_creds(); 926 if (!new) 927 return -ENOMEM; 928 929 key_put(new->request_key_auth); 930 new->request_key_auth = key_get(key); 931 932 return commit_creds(new); 933 } 934 935 /* 936 * Copy the iovec data from userspace 937 */ 938 static long copy_from_user_iovec(void *buffer, const struct iovec *iov, 939 unsigned ioc) 940 { 941 for (; ioc > 0; ioc--) { 942 if (copy_from_user(buffer, iov->iov_base, iov->iov_len) != 0) 943 return -EFAULT; 944 buffer += iov->iov_len; 945 iov++; 946 } 947 return 0; 948 } 949 950 /* 951 * Instantiate a key with the specified payload and link the key into the 952 * destination keyring if one is given. 953 * 954 * The caller must have the appropriate instantiation permit set for this to 955 * work (see keyctl_assume_authority). No other permissions are required. 956 * 957 * If successful, 0 will be returned. 958 */ 959 long keyctl_instantiate_key_common(key_serial_t id, 960 const struct iovec *payload_iov, 961 unsigned ioc, 962 size_t plen, 963 key_serial_t ringid) 964 { 965 const struct cred *cred = current_cred(); 966 struct request_key_auth *rka; 967 struct key *instkey, *dest_keyring; 968 void *payload; 969 long ret; 970 bool vm = false; 971 972 kenter("%d,,%zu,%d", id, plen, ringid); 973 974 ret = -EINVAL; 975 if (plen > 1024 * 1024 - 1) 976 goto error; 977 978 /* the appropriate instantiation authorisation key must have been 979 * assumed before calling this */ 980 ret = -EPERM; 981 instkey = cred->request_key_auth; 982 if (!instkey) 983 goto error; 984 985 rka = instkey->payload.data; 986 if (rka->target_key->serial != id) 987 goto error; 988 989 /* pull the payload in if one was supplied */ 990 payload = NULL; 991 992 if (payload_iov) { 993 ret = -ENOMEM; 994 payload = kmalloc(plen, GFP_KERNEL); 995 if (!payload) { 996 if (plen <= PAGE_SIZE) 997 goto error; 998 vm = true; 999 payload = vmalloc(plen); 1000 if (!payload) 1001 goto error; 1002 } 1003 1004 ret = copy_from_user_iovec(payload, payload_iov, ioc); 1005 if (ret < 0) 1006 goto error2; 1007 } 1008 1009 /* find the destination keyring amongst those belonging to the 1010 * requesting task */ 1011 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1012 if (ret < 0) 1013 goto error2; 1014 1015 /* instantiate the key and link it into a keyring */ 1016 ret = key_instantiate_and_link(rka->target_key, payload, plen, 1017 dest_keyring, instkey); 1018 1019 key_put(dest_keyring); 1020 1021 /* discard the assumed authority if it's just been disabled by 1022 * instantiation of the key */ 1023 if (ret == 0) 1024 keyctl_change_reqkey_auth(NULL); 1025 1026 error2: 1027 if (!vm) 1028 kfree(payload); 1029 else 1030 vfree(payload); 1031 error: 1032 return ret; 1033 } 1034 1035 /* 1036 * Instantiate a key with the specified payload and link the key into the 1037 * destination keyring if one is given. 1038 * 1039 * The caller must have the appropriate instantiation permit set for this to 1040 * work (see keyctl_assume_authority). No other permissions are required. 1041 * 1042 * If successful, 0 will be returned. 1043 */ 1044 long keyctl_instantiate_key(key_serial_t id, 1045 const void __user *_payload, 1046 size_t plen, 1047 key_serial_t ringid) 1048 { 1049 if (_payload && plen) { 1050 struct iovec iov[1] = { 1051 [0].iov_base = (void __user *)_payload, 1052 [0].iov_len = plen 1053 }; 1054 1055 return keyctl_instantiate_key_common(id, iov, 1, plen, ringid); 1056 } 1057 1058 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1059 } 1060 1061 /* 1062 * Instantiate a key with the specified multipart payload and link the key into 1063 * the destination keyring if one is given. 1064 * 1065 * The caller must have the appropriate instantiation permit set for this to 1066 * work (see keyctl_assume_authority). No other permissions are required. 1067 * 1068 * If successful, 0 will be returned. 1069 */ 1070 long keyctl_instantiate_key_iov(key_serial_t id, 1071 const struct iovec __user *_payload_iov, 1072 unsigned ioc, 1073 key_serial_t ringid) 1074 { 1075 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; 1076 long ret; 1077 1078 if (_payload_iov == 0 || ioc == 0) 1079 goto no_payload; 1080 1081 ret = rw_copy_check_uvector(WRITE, _payload_iov, ioc, 1082 ARRAY_SIZE(iovstack), iovstack, &iov, 1); 1083 if (ret < 0) 1084 return ret; 1085 if (ret == 0) 1086 goto no_payload_free; 1087 1088 ret = keyctl_instantiate_key_common(id, iov, ioc, ret, ringid); 1089 1090 if (iov != iovstack) 1091 kfree(iov); 1092 return ret; 1093 1094 no_payload_free: 1095 if (iov != iovstack) 1096 kfree(iov); 1097 no_payload: 1098 return keyctl_instantiate_key_common(id, NULL, 0, 0, ringid); 1099 } 1100 1101 /* 1102 * Negatively instantiate the key with the given timeout (in seconds) and link 1103 * the key into the destination keyring if one is given. 1104 * 1105 * The caller must have the appropriate instantiation permit set for this to 1106 * work (see keyctl_assume_authority). No other permissions are required. 1107 * 1108 * The key and any links to the key will be automatically garbage collected 1109 * after the timeout expires. 1110 * 1111 * Negative keys are used to rate limit repeated request_key() calls by causing 1112 * them to return -ENOKEY until the negative key expires. 1113 * 1114 * If successful, 0 will be returned. 1115 */ 1116 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) 1117 { 1118 return keyctl_reject_key(id, timeout, ENOKEY, ringid); 1119 } 1120 1121 /* 1122 * Negatively instantiate the key with the given timeout (in seconds) and error 1123 * code and link the key into the destination keyring if one is given. 1124 * 1125 * The caller must have the appropriate instantiation permit set for this to 1126 * work (see keyctl_assume_authority). No other permissions are required. 1127 * 1128 * The key and any links to the key will be automatically garbage collected 1129 * after the timeout expires. 1130 * 1131 * Negative keys are used to rate limit repeated request_key() calls by causing 1132 * them to return the specified error code until the negative key expires. 1133 * 1134 * If successful, 0 will be returned. 1135 */ 1136 long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error, 1137 key_serial_t ringid) 1138 { 1139 const struct cred *cred = current_cred(); 1140 struct request_key_auth *rka; 1141 struct key *instkey, *dest_keyring; 1142 long ret; 1143 1144 kenter("%d,%u,%u,%d", id, timeout, error, ringid); 1145 1146 /* must be a valid error code and mustn't be a kernel special */ 1147 if (error <= 0 || 1148 error >= MAX_ERRNO || 1149 error == ERESTARTSYS || 1150 error == ERESTARTNOINTR || 1151 error == ERESTARTNOHAND || 1152 error == ERESTART_RESTARTBLOCK) 1153 return -EINVAL; 1154 1155 /* the appropriate instantiation authorisation key must have been 1156 * assumed before calling this */ 1157 ret = -EPERM; 1158 instkey = cred->request_key_auth; 1159 if (!instkey) 1160 goto error; 1161 1162 rka = instkey->payload.data; 1163 if (rka->target_key->serial != id) 1164 goto error; 1165 1166 /* find the destination keyring if present (which must also be 1167 * writable) */ 1168 ret = get_instantiation_keyring(ringid, rka, &dest_keyring); 1169 if (ret < 0) 1170 goto error; 1171 1172 /* instantiate the key and link it into a keyring */ 1173 ret = key_reject_and_link(rka->target_key, timeout, error, 1174 dest_keyring, instkey); 1175 1176 key_put(dest_keyring); 1177 1178 /* discard the assumed authority if it's just been disabled by 1179 * instantiation of the key */ 1180 if (ret == 0) 1181 keyctl_change_reqkey_auth(NULL); 1182 1183 error: 1184 return ret; 1185 } 1186 1187 /* 1188 * Read or set the default keyring in which request_key() will cache keys and 1189 * return the old setting. 1190 * 1191 * If a process keyring is specified then this will be created if it doesn't 1192 * yet exist. The old setting will be returned if successful. 1193 */ 1194 long keyctl_set_reqkey_keyring(int reqkey_defl) 1195 { 1196 struct cred *new; 1197 int ret, old_setting; 1198 1199 old_setting = current_cred_xxx(jit_keyring); 1200 1201 if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE) 1202 return old_setting; 1203 1204 new = prepare_creds(); 1205 if (!new) 1206 return -ENOMEM; 1207 1208 switch (reqkey_defl) { 1209 case KEY_REQKEY_DEFL_THREAD_KEYRING: 1210 ret = install_thread_keyring_to_cred(new); 1211 if (ret < 0) 1212 goto error; 1213 goto set; 1214 1215 case KEY_REQKEY_DEFL_PROCESS_KEYRING: 1216 ret = install_process_keyring_to_cred(new); 1217 if (ret < 0) { 1218 if (ret != -EEXIST) 1219 goto error; 1220 ret = 0; 1221 } 1222 goto set; 1223 1224 case KEY_REQKEY_DEFL_DEFAULT: 1225 case KEY_REQKEY_DEFL_SESSION_KEYRING: 1226 case KEY_REQKEY_DEFL_USER_KEYRING: 1227 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1228 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: 1229 goto set; 1230 1231 case KEY_REQKEY_DEFL_NO_CHANGE: 1232 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1233 default: 1234 ret = -EINVAL; 1235 goto error; 1236 } 1237 1238 set: 1239 new->jit_keyring = reqkey_defl; 1240 commit_creds(new); 1241 return old_setting; 1242 error: 1243 abort_creds(new); 1244 return ret; 1245 } 1246 1247 /* 1248 * Set or clear the timeout on a key. 1249 * 1250 * Either the key must grant the caller Setattr permission or else the caller 1251 * must hold an instantiation authorisation token for the key. 1252 * 1253 * The timeout is either 0 to clear the timeout, or a number of seconds from 1254 * the current time. The key and any links to the key will be automatically 1255 * garbage collected after the timeout expires. 1256 * 1257 * If successful, 0 is returned. 1258 */ 1259 long keyctl_set_timeout(key_serial_t id, unsigned timeout) 1260 { 1261 struct key *key, *instkey; 1262 key_ref_t key_ref; 1263 long ret; 1264 1265 key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, 1266 KEY_SETATTR); 1267 if (IS_ERR(key_ref)) { 1268 /* setting the timeout on a key under construction is permitted 1269 * if we have the authorisation token handy */ 1270 if (PTR_ERR(key_ref) == -EACCES) { 1271 instkey = key_get_instantiation_authkey(id); 1272 if (!IS_ERR(instkey)) { 1273 key_put(instkey); 1274 key_ref = lookup_user_key(id, 1275 KEY_LOOKUP_PARTIAL, 1276 0); 1277 if (!IS_ERR(key_ref)) 1278 goto okay; 1279 } 1280 } 1281 1282 ret = PTR_ERR(key_ref); 1283 goto error; 1284 } 1285 1286 okay: 1287 key = key_ref_to_ptr(key_ref); 1288 key_set_timeout(key, timeout); 1289 key_put(key); 1290 1291 ret = 0; 1292 error: 1293 return ret; 1294 } 1295 1296 /* 1297 * Assume (or clear) the authority to instantiate the specified key. 1298 * 1299 * This sets the authoritative token currently in force for key instantiation. 1300 * This must be done for a key to be instantiated. It has the effect of making 1301 * available all the keys from the caller of the request_key() that created a 1302 * key to request_key() calls made by the caller of this function. 1303 * 1304 * The caller must have the instantiation key in their process keyrings with a 1305 * Search permission grant available to the caller. 1306 * 1307 * If the ID given is 0, then the setting will be cleared and 0 returned. 1308 * 1309 * If the ID given has a matching an authorisation key, then that key will be 1310 * set and its ID will be returned. The authorisation key can be read to get 1311 * the callout information passed to request_key(). 1312 */ 1313 long keyctl_assume_authority(key_serial_t id) 1314 { 1315 struct key *authkey; 1316 long ret; 1317 1318 /* special key IDs aren't permitted */ 1319 ret = -EINVAL; 1320 if (id < 0) 1321 goto error; 1322 1323 /* we divest ourselves of authority if given an ID of 0 */ 1324 if (id == 0) { 1325 ret = keyctl_change_reqkey_auth(NULL); 1326 goto error; 1327 } 1328 1329 /* attempt to assume the authority temporarily granted to us whilst we 1330 * instantiate the specified key 1331 * - the authorisation key must be in the current task's keyrings 1332 * somewhere 1333 */ 1334 authkey = key_get_instantiation_authkey(id); 1335 if (IS_ERR(authkey)) { 1336 ret = PTR_ERR(authkey); 1337 goto error; 1338 } 1339 1340 ret = keyctl_change_reqkey_auth(authkey); 1341 if (ret < 0) 1342 goto error; 1343 key_put(authkey); 1344 1345 ret = authkey->serial; 1346 error: 1347 return ret; 1348 } 1349 1350 /* 1351 * Get a key's the LSM security label. 1352 * 1353 * The key must grant the caller View permission for this to work. 1354 * 1355 * If there's a buffer, then up to buflen bytes of data will be placed into it. 1356 * 1357 * If successful, the amount of information available will be returned, 1358 * irrespective of how much was copied (including the terminal NUL). 1359 */ 1360 long keyctl_get_security(key_serial_t keyid, 1361 char __user *buffer, 1362 size_t buflen) 1363 { 1364 struct key *key, *instkey; 1365 key_ref_t key_ref; 1366 char *context; 1367 long ret; 1368 1369 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); 1370 if (IS_ERR(key_ref)) { 1371 if (PTR_ERR(key_ref) != -EACCES) 1372 return PTR_ERR(key_ref); 1373 1374 /* viewing a key under construction is also permitted if we 1375 * have the authorisation token handy */ 1376 instkey = key_get_instantiation_authkey(keyid); 1377 if (IS_ERR(instkey)) 1378 return PTR_ERR(instkey); 1379 key_put(instkey); 1380 1381 key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, 0); 1382 if (IS_ERR(key_ref)) 1383 return PTR_ERR(key_ref); 1384 } 1385 1386 key = key_ref_to_ptr(key_ref); 1387 ret = security_key_getsecurity(key, &context); 1388 if (ret == 0) { 1389 /* if no information was returned, give userspace an empty 1390 * string */ 1391 ret = 1; 1392 if (buffer && buflen > 0 && 1393 copy_to_user(buffer, "", 1) != 0) 1394 ret = -EFAULT; 1395 } else if (ret > 0) { 1396 /* return as much data as there's room for */ 1397 if (buffer && buflen > 0) { 1398 if (buflen > ret) 1399 buflen = ret; 1400 1401 if (copy_to_user(buffer, context, buflen) != 0) 1402 ret = -EFAULT; 1403 } 1404 1405 kfree(context); 1406 } 1407 1408 key_ref_put(key_ref); 1409 return ret; 1410 } 1411 1412 /* 1413 * Attempt to install the calling process's session keyring on the process's 1414 * parent process. 1415 * 1416 * The keyring must exist and must grant the caller LINK permission, and the 1417 * parent process must be single-threaded and must have the same effective 1418 * ownership as this process and mustn't be SUID/SGID. 1419 * 1420 * The keyring will be emplaced on the parent when it next resumes userspace. 1421 * 1422 * If successful, 0 will be returned. 1423 */ 1424 long keyctl_session_to_parent(void) 1425 { 1426 #ifdef TIF_NOTIFY_RESUME 1427 struct task_struct *me, *parent; 1428 const struct cred *mycred, *pcred; 1429 struct cred *cred, *oldcred; 1430 key_ref_t keyring_r; 1431 int ret; 1432 1433 keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); 1434 if (IS_ERR(keyring_r)) 1435 return PTR_ERR(keyring_r); 1436 1437 /* our parent is going to need a new cred struct, a new tgcred struct 1438 * and new security data, so we allocate them here to prevent ENOMEM in 1439 * our parent */ 1440 ret = -ENOMEM; 1441 cred = cred_alloc_blank(); 1442 if (!cred) 1443 goto error_keyring; 1444 1445 cred->tgcred->session_keyring = key_ref_to_ptr(keyring_r); 1446 keyring_r = NULL; 1447 1448 me = current; 1449 rcu_read_lock(); 1450 write_lock_irq(&tasklist_lock); 1451 1452 parent = me->real_parent; 1453 ret = -EPERM; 1454 1455 /* the parent mustn't be init and mustn't be a kernel thread */ 1456 if (parent->pid <= 1 || !parent->mm) 1457 goto not_permitted; 1458 1459 /* the parent must be single threaded */ 1460 if (!thread_group_empty(parent)) 1461 goto not_permitted; 1462 1463 /* the parent and the child must have different session keyrings or 1464 * there's no point */ 1465 mycred = current_cred(); 1466 pcred = __task_cred(parent); 1467 if (mycred == pcred || 1468 mycred->tgcred->session_keyring == pcred->tgcred->session_keyring) 1469 goto already_same; 1470 1471 /* the parent must have the same effective ownership and mustn't be 1472 * SUID/SGID */ 1473 if (pcred->uid != mycred->euid || 1474 pcred->euid != mycred->euid || 1475 pcred->suid != mycred->euid || 1476 pcred->gid != mycred->egid || 1477 pcred->egid != mycred->egid || 1478 pcred->sgid != mycred->egid) 1479 goto not_permitted; 1480 1481 /* the keyrings must have the same UID */ 1482 if ((pcred->tgcred->session_keyring && 1483 pcred->tgcred->session_keyring->uid != mycred->euid) || 1484 mycred->tgcred->session_keyring->uid != mycred->euid) 1485 goto not_permitted; 1486 1487 /* if there's an already pending keyring replacement, then we replace 1488 * that */ 1489 oldcred = parent->replacement_session_keyring; 1490 1491 /* the replacement session keyring is applied just prior to userspace 1492 * restarting */ 1493 parent->replacement_session_keyring = cred; 1494 cred = NULL; 1495 set_ti_thread_flag(task_thread_info(parent), TIF_NOTIFY_RESUME); 1496 1497 write_unlock_irq(&tasklist_lock); 1498 rcu_read_unlock(); 1499 if (oldcred) 1500 put_cred(oldcred); 1501 return 0; 1502 1503 already_same: 1504 ret = 0; 1505 not_permitted: 1506 write_unlock_irq(&tasklist_lock); 1507 rcu_read_unlock(); 1508 put_cred(cred); 1509 return ret; 1510 1511 error_keyring: 1512 key_ref_put(keyring_r); 1513 return ret; 1514 1515 #else /* !TIF_NOTIFY_RESUME */ 1516 /* 1517 * To be removed when TIF_NOTIFY_RESUME has been implemented on 1518 * m68k/xtensa 1519 */ 1520 #warning TIF_NOTIFY_RESUME not implemented 1521 return -EOPNOTSUPP; 1522 #endif /* !TIF_NOTIFY_RESUME */ 1523 } 1524 1525 /* 1526 * The key control system call 1527 */ 1528 SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3, 1529 unsigned long, arg4, unsigned long, arg5) 1530 { 1531 switch (option) { 1532 case KEYCTL_GET_KEYRING_ID: 1533 return keyctl_get_keyring_ID((key_serial_t) arg2, 1534 (int) arg3); 1535 1536 case KEYCTL_JOIN_SESSION_KEYRING: 1537 return keyctl_join_session_keyring((const char __user *) arg2); 1538 1539 case KEYCTL_UPDATE: 1540 return keyctl_update_key((key_serial_t) arg2, 1541 (const void __user *) arg3, 1542 (size_t) arg4); 1543 1544 case KEYCTL_REVOKE: 1545 return keyctl_revoke_key((key_serial_t) arg2); 1546 1547 case KEYCTL_DESCRIBE: 1548 return keyctl_describe_key((key_serial_t) arg2, 1549 (char __user *) arg3, 1550 (unsigned) arg4); 1551 1552 case KEYCTL_CLEAR: 1553 return keyctl_keyring_clear((key_serial_t) arg2); 1554 1555 case KEYCTL_LINK: 1556 return keyctl_keyring_link((key_serial_t) arg2, 1557 (key_serial_t) arg3); 1558 1559 case KEYCTL_UNLINK: 1560 return keyctl_keyring_unlink((key_serial_t) arg2, 1561 (key_serial_t) arg3); 1562 1563 case KEYCTL_SEARCH: 1564 return keyctl_keyring_search((key_serial_t) arg2, 1565 (const char __user *) arg3, 1566 (const char __user *) arg4, 1567 (key_serial_t) arg5); 1568 1569 case KEYCTL_READ: 1570 return keyctl_read_key((key_serial_t) arg2, 1571 (char __user *) arg3, 1572 (size_t) arg4); 1573 1574 case KEYCTL_CHOWN: 1575 return keyctl_chown_key((key_serial_t) arg2, 1576 (uid_t) arg3, 1577 (gid_t) arg4); 1578 1579 case KEYCTL_SETPERM: 1580 return keyctl_setperm_key((key_serial_t) arg2, 1581 (key_perm_t) arg3); 1582 1583 case KEYCTL_INSTANTIATE: 1584 return keyctl_instantiate_key((key_serial_t) arg2, 1585 (const void __user *) arg3, 1586 (size_t) arg4, 1587 (key_serial_t) arg5); 1588 1589 case KEYCTL_NEGATE: 1590 return keyctl_negate_key((key_serial_t) arg2, 1591 (unsigned) arg3, 1592 (key_serial_t) arg4); 1593 1594 case KEYCTL_SET_REQKEY_KEYRING: 1595 return keyctl_set_reqkey_keyring(arg2); 1596 1597 case KEYCTL_SET_TIMEOUT: 1598 return keyctl_set_timeout((key_serial_t) arg2, 1599 (unsigned) arg3); 1600 1601 case KEYCTL_ASSUME_AUTHORITY: 1602 return keyctl_assume_authority((key_serial_t) arg2); 1603 1604 case KEYCTL_GET_SECURITY: 1605 return keyctl_get_security((key_serial_t) arg2, 1606 (char __user *) arg3, 1607 (size_t) arg4); 1608 1609 case KEYCTL_SESSION_TO_PARENT: 1610 return keyctl_session_to_parent(); 1611 1612 case KEYCTL_REJECT: 1613 return keyctl_reject_key((key_serial_t) arg2, 1614 (unsigned) arg3, 1615 (unsigned) arg4, 1616 (key_serial_t) arg5); 1617 1618 case KEYCTL_INSTANTIATE_IOV: 1619 return keyctl_instantiate_key_iov( 1620 (key_serial_t) arg2, 1621 (const struct iovec __user *) arg3, 1622 (unsigned) arg4, 1623 (key_serial_t) arg5); 1624 1625 default: 1626 return -EOPNOTSUPP; 1627 } 1628 } 1629