1 /* procfs files for key database enumeration 2 * 3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/fs.h> 16 #include <linux/proc_fs.h> 17 #include <linux/seq_file.h> 18 #include <asm/errno.h> 19 #include "internal.h" 20 21 static int proc_keys_open(struct inode *inode, struct file *file); 22 static void *proc_keys_start(struct seq_file *p, loff_t *_pos); 23 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos); 24 static void proc_keys_stop(struct seq_file *p, void *v); 25 static int proc_keys_show(struct seq_file *m, void *v); 26 27 static const struct seq_operations proc_keys_ops = { 28 .start = proc_keys_start, 29 .next = proc_keys_next, 30 .stop = proc_keys_stop, 31 .show = proc_keys_show, 32 }; 33 34 static const struct file_operations proc_keys_fops = { 35 .open = proc_keys_open, 36 .read = seq_read, 37 .llseek = seq_lseek, 38 .release = seq_release, 39 }; 40 41 static int proc_key_users_open(struct inode *inode, struct file *file); 42 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos); 43 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos); 44 static void proc_key_users_stop(struct seq_file *p, void *v); 45 static int proc_key_users_show(struct seq_file *m, void *v); 46 47 static const struct seq_operations proc_key_users_ops = { 48 .start = proc_key_users_start, 49 .next = proc_key_users_next, 50 .stop = proc_key_users_stop, 51 .show = proc_key_users_show, 52 }; 53 54 static const struct file_operations proc_key_users_fops = { 55 .open = proc_key_users_open, 56 .read = seq_read, 57 .llseek = seq_lseek, 58 .release = seq_release, 59 }; 60 61 /* 62 * Declare the /proc files. 63 */ 64 static int __init key_proc_init(void) 65 { 66 struct proc_dir_entry *p; 67 68 p = proc_create("keys", 0, NULL, &proc_keys_fops); 69 if (!p) 70 panic("Cannot create /proc/keys\n"); 71 72 p = proc_create("key-users", 0, NULL, &proc_key_users_fops); 73 if (!p) 74 panic("Cannot create /proc/key-users\n"); 75 76 return 0; 77 } 78 79 __initcall(key_proc_init); 80 81 /* 82 * Implement "/proc/keys" to provide a list of the keys on the system that 83 * grant View permission to the caller. 84 */ 85 static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n) 86 { 87 struct user_namespace *user_ns = seq_user_ns(p); 88 89 n = rb_next(n); 90 while (n) { 91 struct key *key = rb_entry(n, struct key, serial_node); 92 if (kuid_has_mapping(user_ns, key->user->uid)) 93 break; 94 n = rb_next(n); 95 } 96 return n; 97 } 98 99 static int proc_keys_open(struct inode *inode, struct file *file) 100 { 101 return seq_open(file, &proc_keys_ops); 102 } 103 104 static struct key *find_ge_key(struct seq_file *p, key_serial_t id) 105 { 106 struct user_namespace *user_ns = seq_user_ns(p); 107 struct rb_node *n = key_serial_tree.rb_node; 108 struct key *minkey = NULL; 109 110 while (n) { 111 struct key *key = rb_entry(n, struct key, serial_node); 112 if (id < key->serial) { 113 if (!minkey || minkey->serial > key->serial) 114 minkey = key; 115 n = n->rb_left; 116 } else if (id > key->serial) { 117 n = n->rb_right; 118 } else { 119 minkey = key; 120 break; 121 } 122 key = NULL; 123 } 124 125 if (!minkey) 126 return NULL; 127 128 for (;;) { 129 if (kuid_has_mapping(user_ns, minkey->user->uid)) 130 return minkey; 131 n = rb_next(&minkey->serial_node); 132 if (!n) 133 return NULL; 134 minkey = rb_entry(n, struct key, serial_node); 135 } 136 } 137 138 static void *proc_keys_start(struct seq_file *p, loff_t *_pos) 139 __acquires(key_serial_lock) 140 { 141 key_serial_t pos = *_pos; 142 struct key *key; 143 144 spin_lock(&key_serial_lock); 145 146 if (*_pos > INT_MAX) 147 return NULL; 148 key = find_ge_key(p, pos); 149 if (!key) 150 return NULL; 151 *_pos = key->serial; 152 return &key->serial_node; 153 } 154 155 static inline key_serial_t key_node_serial(struct rb_node *n) 156 { 157 struct key *key = rb_entry(n, struct key, serial_node); 158 return key->serial; 159 } 160 161 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos) 162 { 163 struct rb_node *n; 164 165 n = key_serial_next(p, v); 166 if (n) 167 *_pos = key_node_serial(n); 168 return n; 169 } 170 171 static void proc_keys_stop(struct seq_file *p, void *v) 172 __releases(key_serial_lock) 173 { 174 spin_unlock(&key_serial_lock); 175 } 176 177 static int proc_keys_show(struct seq_file *m, void *v) 178 { 179 struct rb_node *_p = v; 180 struct key *key = rb_entry(_p, struct key, serial_node); 181 struct timespec now; 182 unsigned long timo; 183 key_ref_t key_ref, skey_ref; 184 char xbuf[16]; 185 int rc; 186 187 struct keyring_search_context ctx = { 188 .index_key.type = key->type, 189 .index_key.description = key->description, 190 .cred = m->file->f_cred, 191 .match_data.cmp = lookup_user_key_possessed, 192 .match_data.raw_data = key, 193 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 194 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 195 }; 196 197 key_ref = make_key_ref(key, 0); 198 199 /* determine if the key is possessed by this process (a test we can 200 * skip if the key does not indicate the possessor can view it 201 */ 202 if (key->perm & KEY_POS_VIEW) { 203 skey_ref = search_my_process_keyrings(&ctx); 204 if (!IS_ERR(skey_ref)) { 205 key_ref_put(skey_ref); 206 key_ref = make_key_ref(key, 1); 207 } 208 } 209 210 /* check whether the current task is allowed to view the key */ 211 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW); 212 if (rc < 0) 213 return 0; 214 215 now = current_kernel_time(); 216 217 rcu_read_lock(); 218 219 /* come up with a suitable timeout value */ 220 if (key->expiry == 0) { 221 memcpy(xbuf, "perm", 5); 222 } else if (now.tv_sec >= key->expiry) { 223 memcpy(xbuf, "expd", 5); 224 } else { 225 timo = key->expiry - now.tv_sec; 226 227 if (timo < 60) 228 sprintf(xbuf, "%lus", timo); 229 else if (timo < 60*60) 230 sprintf(xbuf, "%lum", timo / 60); 231 else if (timo < 60*60*24) 232 sprintf(xbuf, "%luh", timo / (60*60)); 233 else if (timo < 60*60*24*7) 234 sprintf(xbuf, "%lud", timo / (60*60*24)); 235 else 236 sprintf(xbuf, "%luw", timo / (60*60*24*7)); 237 } 238 239 #define showflag(KEY, LETTER, FLAG) \ 240 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-') 241 242 seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ", 243 key->serial, 244 showflag(key, 'I', KEY_FLAG_INSTANTIATED), 245 showflag(key, 'R', KEY_FLAG_REVOKED), 246 showflag(key, 'D', KEY_FLAG_DEAD), 247 showflag(key, 'Q', KEY_FLAG_IN_QUOTA), 248 showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT), 249 showflag(key, 'N', KEY_FLAG_NEGATIVE), 250 showflag(key, 'i', KEY_FLAG_INVALIDATED), 251 refcount_read(&key->usage), 252 xbuf, 253 key->perm, 254 from_kuid_munged(seq_user_ns(m), key->uid), 255 from_kgid_munged(seq_user_ns(m), key->gid), 256 key->type->name); 257 258 #undef showflag 259 260 if (key->type->describe) 261 key->type->describe(key, m); 262 seq_putc(m, '\n'); 263 264 rcu_read_unlock(); 265 return 0; 266 } 267 268 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n) 269 { 270 while (n) { 271 struct key_user *user = rb_entry(n, struct key_user, node); 272 if (kuid_has_mapping(user_ns, user->uid)) 273 break; 274 n = rb_next(n); 275 } 276 return n; 277 } 278 279 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n) 280 { 281 return __key_user_next(user_ns, rb_next(n)); 282 } 283 284 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r) 285 { 286 struct rb_node *n = rb_first(r); 287 return __key_user_next(user_ns, n); 288 } 289 290 /* 291 * Implement "/proc/key-users" to provides a list of the key users and their 292 * quotas. 293 */ 294 static int proc_key_users_open(struct inode *inode, struct file *file) 295 { 296 return seq_open(file, &proc_key_users_ops); 297 } 298 299 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos) 300 __acquires(key_user_lock) 301 { 302 struct rb_node *_p; 303 loff_t pos = *_pos; 304 305 spin_lock(&key_user_lock); 306 307 _p = key_user_first(seq_user_ns(p), &key_user_tree); 308 while (pos > 0 && _p) { 309 pos--; 310 _p = key_user_next(seq_user_ns(p), _p); 311 } 312 313 return _p; 314 } 315 316 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos) 317 { 318 (*_pos)++; 319 return key_user_next(seq_user_ns(p), (struct rb_node *)v); 320 } 321 322 static void proc_key_users_stop(struct seq_file *p, void *v) 323 __releases(key_user_lock) 324 { 325 spin_unlock(&key_user_lock); 326 } 327 328 static int proc_key_users_show(struct seq_file *m, void *v) 329 { 330 struct rb_node *_p = v; 331 struct key_user *user = rb_entry(_p, struct key_user, node); 332 unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ? 333 key_quota_root_maxkeys : key_quota_maxkeys; 334 unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ? 335 key_quota_root_maxbytes : key_quota_maxbytes; 336 337 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n", 338 from_kuid_munged(seq_user_ns(m), user->uid), 339 refcount_read(&user->usage), 340 atomic_read(&user->nkeys), 341 atomic_read(&user->nikeys), 342 user->qnkeys, 343 maxkeys, 344 user->qnbytes, 345 maxbytes); 346 347 return 0; 348 } 349