1 /* keyctl.c: userspace keyctl operations
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/syscalls.h>
17 #include <linux/keyctl.h>
19 #include <linux/err.h>
20 #include <asm/uaccess.h>
23 /*****************************************************************************/
25 * extract the description of a new key from userspace and either add it as a
26 * new key to the specified keyring or update a matching key in that keyring
27 * - the keyring must be writable
28 * - returns the new key's serial number
29 * - implements add_key()
31 asmlinkage long sys_add_key(const char __user *_type,
32 const char __user *_description,
33 const void __user *_payload,
37 struct key *keyring, *key;
38 char type[32], *description;
46 /* draw all the data into kernel space */
47 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
53 dlen = strnlen_user(_description, PAGE_SIZE - 1);
58 if (dlen > PAGE_SIZE - 1)
62 description = kmalloc(dlen + 1, GFP_KERNEL);
67 if (copy_from_user(description, _description, dlen + 1) != 0)
70 /* pull the payload in if one was supplied */
75 payload = kmalloc(plen, GFP_KERNEL);
80 if (copy_from_user(payload, _payload, plen) != 0)
84 /* find the target keyring (which must be writable) */
85 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
86 if (IS_ERR(keyring)) {
87 ret = PTR_ERR(keyring);
91 /* create or update the requested key and add it to the target
93 key = key_create_or_update(keyring, type, description,
111 } /* end sys_add_key() */
113 /*****************************************************************************/
115 * search the process keyrings for a matching key
116 * - nested keyrings may also be searched if they have Search permission
117 * - if a key is found, it will be attached to the destination keyring if
118 * there's one specified
119 * - /sbin/request-key will be invoked if _callout_info is non-NULL
120 * - the _callout_info string will be passed to /sbin/request-key
121 * - if the _callout_info string is empty, it will be rendered as "-"
122 * - implements request_key()
124 asmlinkage long sys_request_key(const char __user *_type,
125 const char __user *_description,
126 const char __user *_callout_info,
127 key_serial_t destringid)
129 struct key_type *ktype;
130 struct key *key, *dest;
131 char type[32], *description, *callout_info;
134 /* pull the type into kernel space */
135 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
140 /* pull the description into kernel space */
142 dlen = strnlen_user(_description, PAGE_SIZE - 1);
147 if (dlen > PAGE_SIZE - 1)
151 description = kmalloc(dlen + 1, GFP_KERNEL);
156 if (copy_from_user(description, _description, dlen + 1) != 0)
159 /* pull the callout info into kernel space */
163 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
168 if (dlen > PAGE_SIZE - 1)
172 callout_info = kmalloc(dlen + 1, GFP_KERNEL);
177 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
181 /* get the destination keyring if specified */
184 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
191 /* find the key type */
192 ktype = key_type_lookup(type);
194 ret = PTR_ERR(ktype);
199 key = request_key(ktype, description, callout_info);
205 /* link the resulting key to the destination keyring */
207 ret = key_link(dest, key);
227 } /* end sys_request_key() */
229 /*****************************************************************************/
231 * get the ID of the specified process keyring
232 * - the keyring must have search permission to be found
233 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
235 long keyctl_get_keyring_ID(key_serial_t id, int create)
240 key = lookup_user_key(id, create, 0, KEY_SEARCH);
251 } /* end keyctl_get_keyring_ID() */
253 /*****************************************************************************/
255 * join the session keyring
256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
258 long keyctl_join_session_keyring(const char __user *_name)
263 /* fetch the name from userspace */
267 nlen = strnlen_user(_name, PAGE_SIZE - 1);
272 if (nlen > PAGE_SIZE - 1)
276 name = kmalloc(nlen + 1, GFP_KERNEL);
281 if (copy_from_user(name, _name, nlen + 1) != 0)
285 /* join the session */
286 ret = join_session_keyring(name);
293 } /* end keyctl_join_session_keyring() */
295 /*****************************************************************************/
297 * update a key's data payload
298 * - the key must be writable
299 * - implements keyctl(KEYCTL_UPDATE)
301 long keyctl_update_key(key_serial_t id,
302 const void __user *_payload,
310 if (plen > PAGE_SIZE)
313 /* pull the payload in if one was supplied */
317 payload = kmalloc(plen, GFP_KERNEL);
322 if (copy_from_user(payload, _payload, plen) != 0)
326 /* find the target key (which must be writable) */
327 key = lookup_user_key(id, 0, 0, KEY_WRITE);
334 ret = key_update(key, payload, plen);
342 } /* end keyctl_update_key() */
344 /*****************************************************************************/
347 * - the key must be writable
348 * - implements keyctl(KEYCTL_REVOKE)
350 long keyctl_revoke_key(key_serial_t id)
355 key = lookup_user_key(id, 0, 0, KEY_WRITE);
368 } /* end keyctl_revoke_key() */
370 /*****************************************************************************/
372 * clear the specified process keyring
373 * - the keyring must be writable
374 * - implements keyctl(KEYCTL_CLEAR)
376 long keyctl_keyring_clear(key_serial_t ringid)
381 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
382 if (IS_ERR(keyring)) {
383 ret = PTR_ERR(keyring);
387 ret = keyring_clear(keyring);
393 } /* end keyctl_keyring_clear() */
395 /*****************************************************************************/
397 * link a key into a keyring
398 * - the keyring must be writable
399 * - the key must be linkable
400 * - implements keyctl(KEYCTL_LINK)
402 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
404 struct key *keyring, *key;
407 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
408 if (IS_ERR(keyring)) {
409 ret = PTR_ERR(keyring);
413 key = lookup_user_key(id, 1, 0, KEY_LINK);
419 ret = key_link(keyring, key);
427 } /* end keyctl_keyring_link() */
429 /*****************************************************************************/
431 * unlink the first attachment of a key from a keyring
432 * - the keyring must be writable
433 * - we don't need any permissions on the key
434 * - implements keyctl(KEYCTL_UNLINK)
436 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
438 struct key *keyring, *key;
441 keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE);
442 if (IS_ERR(keyring)) {
443 ret = PTR_ERR(keyring);
447 key = lookup_user_key(id, 0, 0, 0);
453 ret = key_unlink(keyring, key);
461 } /* end keyctl_keyring_unlink() */
463 /*****************************************************************************/
465 * describe a user key
466 * - the key must have view permission
467 * - if there's a buffer, we place up to buflen bytes of data into it
468 * - unless there's an error, we return the amount of description available,
469 * irrespective of how much we may have copied
470 * - the description is formatted thus:
471 * type;uid;gid;perm;description<NUL>
472 * - implements keyctl(KEYCTL_DESCRIBE)
474 long keyctl_describe_key(key_serial_t keyid,
482 key = lookup_user_key(keyid, 0, 1, KEY_VIEW);
488 /* calculate how much description we're going to return */
490 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
494 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
500 key->description ? key->description :""
503 /* include a NUL char at the end of the data */
504 if (ret > PAGE_SIZE - 1)
509 /* consider returning the data */
510 if (buffer && buflen > 0) {
514 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
524 } /* end keyctl_describe_key() */
526 /*****************************************************************************/
528 * search the specified keyring for a matching key
529 * - the start keyring must be searchable
530 * - nested keyrings may also be searched if they are searchable
531 * - only keys with search permission may be found
532 * - if a key is found, it will be attached to the destination keyring if
533 * there's one specified
534 * - implements keyctl(KEYCTL_SEARCH)
536 long keyctl_keyring_search(key_serial_t ringid,
537 const char __user *_type,
538 const char __user *_description,
539 key_serial_t destringid)
541 struct key_type *ktype;
542 struct key *keyring, *key, *dest;
543 char type[32], *description;
546 /* pull the type and description into kernel space */
547 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
553 dlen = strnlen_user(_description, PAGE_SIZE - 1);
558 if (dlen > PAGE_SIZE - 1)
562 description = kmalloc(dlen + 1, GFP_KERNEL);
567 if (copy_from_user(description, _description, dlen + 1) != 0)
570 /* get the keyring at which to begin the search */
571 keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH);
572 if (IS_ERR(keyring)) {
573 ret = PTR_ERR(keyring);
577 /* get the destination keyring if specified */
580 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
587 /* find the key type */
588 ktype = key_type_lookup(type);
590 ret = PTR_ERR(ktype);
595 key = keyring_search(keyring, ktype, description);
599 /* treat lack or presence of a negative key the same */
605 /* link the resulting key to the destination keyring if we can */
608 if (!key_permission(key, KEY_LINK))
611 ret = key_link(dest, key);
631 } /* end keyctl_keyring_search() */
633 /*****************************************************************************/
635 * see if the key we're looking at is the target key
637 static int keyctl_read_key_same(const struct key *key, const void *target)
639 return key == target;
641 } /* end keyctl_read_key_same() */
643 /*****************************************************************************/
645 * read a user key's payload
646 * - the keyring must be readable or the key must be searchable from the
648 * - if there's a buffer, we place up to buflen bytes of data into it
649 * - unless there's an error, we return the amount of data in the key,
650 * irrespective of how much we may have copied
651 * - implements keyctl(KEYCTL_READ)
653 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
655 struct key *key, *skey;
658 /* find the key first */
659 key = lookup_user_key(keyid, 0, 0, 0);
661 /* see if we can read it directly */
662 if (key_permission(key, KEY_READ))
665 /* can't; see if it's searchable from this process's
668 if (key_permission(key, KEY_SEARCH)) {
669 /* okay - we do have search permission on the key
670 * itself, but do we have the key? */
671 skey = search_process_keyrings_aux(key->type, key,
672 keyctl_read_key_same);
683 /* the key is probably readable - now try to read it */
687 ret = key_validate(key);
690 if (key->type->read) {
691 /* read the data with the semaphore held (since we
693 down_read(&key->sem);
694 ret = key->type->read(key, buffer, buflen);
704 } /* end keyctl_read_key() */
706 /*****************************************************************************/
708 * change the ownership of a key
709 * - the keyring owned by the changer
710 * - if the uid or gid is -1, then that parameter is not changed
711 * - implements keyctl(KEYCTL_CHOWN)
713 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
719 if (uid == (uid_t) -1 && gid == (gid_t) -1)
722 key = lookup_user_key(id, 1, 1, 0);
728 /* make the changes with the locks held to prevent chown/chown races */
730 down_write(&key->sem);
731 write_lock(&key->lock);
733 if (!capable(CAP_SYS_ADMIN)) {
734 /* only the sysadmin can chown a key to some other UID */
735 if (uid != (uid_t) -1 && key->uid != uid)
738 /* only the sysadmin can set the key's GID to a group other
739 * than one of those that the current process subscribes to */
740 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
744 /* change the UID (have to update the quotas) */
745 if (uid != (uid_t) -1 && uid != key->uid) {
746 /* don't support UID changing yet */
752 if (gid != (gid_t) -1)
758 write_unlock(&key->lock);
764 } /* end keyctl_chown_key() */
766 /*****************************************************************************/
768 * change the permission mask on a key
769 * - the keyring owned by the changer
770 * - implements keyctl(KEYCTL_SETPERM)
772 long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
778 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
781 key = lookup_user_key(id, 1, 1, 0);
787 /* make the changes with the locks held to prevent chown/chmod
790 down_write(&key->sem);
791 write_lock(&key->lock);
793 /* if we're not the sysadmin, we can only chmod a key that we
795 if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid)
798 /* changing the permissions mask */
803 write_unlock(&key->lock);
809 } /* end keyctl_setperm_key() */
811 /*****************************************************************************/
813 * instantiate the key with the specified payload, and, if one is given, link
814 * the key into the keyring
816 long keyctl_instantiate_key(key_serial_t id,
817 const void __user *_payload,
821 struct key *key, *keyring;
829 /* pull the payload in if one was supplied */
834 payload = kmalloc(plen, GFP_KERNEL);
839 if (copy_from_user(payload, _payload, plen) != 0)
843 /* find the target key (which must be writable) */
844 key = lookup_user_key(id, 0, 1, KEY_WRITE);
850 /* find the destination keyring if present (which must also be
854 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
855 if (IS_ERR(keyring)) {
856 ret = PTR_ERR(keyring);
861 /* instantiate the key and link it into a keyring */
862 ret = key_instantiate_and_link(key, payload, plen, keyring);
872 } /* end keyctl_instantiate_key() */
874 /*****************************************************************************/
876 * negatively instantiate the key with the given timeout (in seconds), and, if
877 * one is given, link the key into the keyring
879 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
881 struct key *key, *keyring;
884 /* find the target key (which must be writable) */
885 key = lookup_user_key(id, 0, 1, KEY_WRITE);
891 /* find the destination keyring if present (which must also be
895 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
896 if (IS_ERR(keyring)) {
897 ret = PTR_ERR(keyring);
902 /* instantiate the key and link it into a keyring */
903 ret = key_negate_and_link(key, timeout, keyring);
911 } /* end keyctl_negate_key() */
913 /*****************************************************************************/
915 * the key control system call
917 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
918 unsigned long arg4, unsigned long arg5)
921 case KEYCTL_GET_KEYRING_ID:
922 return keyctl_get_keyring_ID((key_serial_t) arg2,
925 case KEYCTL_JOIN_SESSION_KEYRING:
926 return keyctl_join_session_keyring((const char __user *) arg2);
929 return keyctl_update_key((key_serial_t) arg2,
930 (const void __user *) arg3,
934 return keyctl_revoke_key((key_serial_t) arg2);
936 case KEYCTL_DESCRIBE:
937 return keyctl_describe_key((key_serial_t) arg2,
938 (char __user *) arg3,
942 return keyctl_keyring_clear((key_serial_t) arg2);
945 return keyctl_keyring_link((key_serial_t) arg2,
946 (key_serial_t) arg3);
949 return keyctl_keyring_unlink((key_serial_t) arg2,
950 (key_serial_t) arg3);
953 return keyctl_keyring_search((key_serial_t) arg2,
954 (const char __user *) arg3,
955 (const char __user *) arg4,
956 (key_serial_t) arg5);
959 return keyctl_read_key((key_serial_t) arg2,
960 (char __user *) arg3,
964 return keyctl_chown_key((key_serial_t) arg2,
969 return keyctl_setperm_key((key_serial_t) arg2,
972 case KEYCTL_INSTANTIATE:
973 return keyctl_instantiate_key((key_serial_t) arg2,
974 (const void __user *) arg3,
976 (key_serial_t) arg5);
979 return keyctl_negate_key((key_serial_t) arg2,
981 (key_serial_t) arg4);
987 } /* end sys_keyctl() */