keyctl.c 50 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026
  1. // SPDX-License-Identifier: GPL-2.0-or-later
  2. /* Userspace key control operations
  3. *
  4. * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
  5. * Written by David Howells (dhowells@redhat.com)
  6. */
  7. #include <linux/init.h>
  8. #include <linux/sched.h>
  9. #include <linux/sched/task.h>
  10. #include <linux/slab.h>
  11. #include <linux/syscalls.h>
  12. #include <linux/key.h>
  13. #include <linux/keyctl.h>
  14. #include <linux/fs.h>
  15. #include <linux/capability.h>
  16. #include <linux/cred.h>
  17. #include <linux/string.h>
  18. #include <linux/err.h>
  19. #include <linux/vmalloc.h>
  20. #include <linux/security.h>
  21. #include <linux/uio.h>
  22. #include <linux/uaccess.h>
  23. #include <keys/request_key_auth-type.h>
  24. #include "internal.h"
  25. #define KEY_MAX_DESC_SIZE 4096
  26. static const unsigned char keyrings_capabilities[2] = {
  27. [0] = (KEYCTL_CAPS0_CAPABILITIES |
  28. (IS_ENABLED(CONFIG_PERSISTENT_KEYRINGS) ? KEYCTL_CAPS0_PERSISTENT_KEYRINGS : 0) |
  29. (IS_ENABLED(CONFIG_KEY_DH_OPERATIONS) ? KEYCTL_CAPS0_DIFFIE_HELLMAN : 0) |
  30. (IS_ENABLED(CONFIG_ASYMMETRIC_KEY_TYPE) ? KEYCTL_CAPS0_PUBLIC_KEY : 0) |
  31. (IS_ENABLED(CONFIG_BIG_KEYS) ? KEYCTL_CAPS0_BIG_KEY : 0) |
  32. KEYCTL_CAPS0_INVALIDATE |
  33. KEYCTL_CAPS0_RESTRICT_KEYRING |
  34. KEYCTL_CAPS0_MOVE
  35. ),
  36. [1] = (KEYCTL_CAPS1_NS_KEYRING_NAME |
  37. KEYCTL_CAPS1_NS_KEY_TAG |
  38. (IS_ENABLED(CONFIG_KEY_NOTIFICATIONS) ? KEYCTL_CAPS1_NOTIFICATIONS : 0)
  39. ),
  40. };
  41. static int key_get_type_from_user(char *type,
  42. const char __user *_type,
  43. unsigned len)
  44. {
  45. int ret;
  46. ret = strncpy_from_user(type, _type, len);
  47. if (ret < 0)
  48. return ret;
  49. if (ret == 0 || ret >= len)
  50. return -EINVAL;
  51. if (type[0] == '.')
  52. return -EPERM;
  53. type[len - 1] = '\0';
  54. return 0;
  55. }
  56. /*
  57. * Extract the description of a new key from userspace and either add it as a
  58. * new key to the specified keyring or update a matching key in that keyring.
  59. *
  60. * If the description is NULL or an empty string, the key type is asked to
  61. * generate one from the payload.
  62. *
  63. * The keyring must be writable so that we can attach the key to it.
  64. *
  65. * If successful, the new key's serial number is returned, otherwise an error
  66. * code is returned.
  67. */
  68. SYSCALL_DEFINE5(add_key, const char __user *, _type,
  69. const char __user *, _description,
  70. const void __user *, _payload,
  71. size_t, plen,
  72. key_serial_t, ringid)
  73. {
  74. key_ref_t keyring_ref, key_ref;
  75. char type[32], *description;
  76. void *payload;
  77. long ret;
  78. ret = -EINVAL;
  79. if (plen > 1024 * 1024 - 1)
  80. goto error;
  81. /* draw all the data into kernel space */
  82. ret = key_get_type_from_user(type, _type, sizeof(type));
  83. if (ret < 0)
  84. goto error;
  85. description = NULL;
  86. if (_description) {
  87. description = strndup_user(_description, KEY_MAX_DESC_SIZE);
  88. if (IS_ERR(description)) {
  89. ret = PTR_ERR(description);
  90. goto error;
  91. }
  92. if (!*description) {
  93. kfree(description);
  94. description = NULL;
  95. } else if ((description[0] == '.') &&
  96. (strncmp(type, "keyring", 7) == 0)) {
  97. ret = -EPERM;
  98. goto error2;
  99. }
  100. }
  101. /* pull the payload in if one was supplied */
  102. payload = NULL;
  103. if (plen) {
  104. ret = -ENOMEM;
  105. payload = kvmalloc(plen, GFP_KERNEL);
  106. if (!payload)
  107. goto error2;
  108. ret = -EFAULT;
  109. if (copy_from_user(payload, _payload, plen) != 0)
  110. goto error3;
  111. }
  112. /* find the target keyring (which must be writable) */
  113. keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
  114. if (IS_ERR(keyring_ref)) {
  115. ret = PTR_ERR(keyring_ref);
  116. goto error3;
  117. }
  118. /* create or update the requested key and add it to the target
  119. * keyring */
  120. key_ref = key_create_or_update(keyring_ref, type, description,
  121. payload, plen, KEY_PERM_UNDEF,
  122. KEY_ALLOC_IN_QUOTA);
  123. if (!IS_ERR(key_ref)) {
  124. ret = key_ref_to_ptr(key_ref)->serial;
  125. key_ref_put(key_ref);
  126. }
  127. else {
  128. ret = PTR_ERR(key_ref);
  129. }
  130. key_ref_put(keyring_ref);
  131. error3:
  132. kvfree_sensitive(payload, plen);
  133. error2:
  134. kfree(description);
  135. error:
  136. return ret;
  137. }
  138. /*
  139. * Search the process keyrings and keyring trees linked from those for a
  140. * matching key. Keyrings must have appropriate Search permission to be
  141. * searched.
  142. *
  143. * If a key is found, it will be attached to the destination keyring if there's
  144. * one specified and the serial number of the key will be returned.
  145. *
  146. * If no key is found, /sbin/request-key will be invoked if _callout_info is
  147. * non-NULL in an attempt to create a key. The _callout_info string will be
  148. * passed to /sbin/request-key to aid with completing the request. If the
  149. * _callout_info string is "" then it will be changed to "-".
  150. */
  151. SYSCALL_DEFINE4(request_key, const char __user *, _type,
  152. const char __user *, _description,
  153. const char __user *, _callout_info,
  154. key_serial_t, destringid)
  155. {
  156. struct key_type *ktype;
  157. struct key *key;
  158. key_ref_t dest_ref;
  159. size_t callout_len;
  160. char type[32], *description, *callout_info;
  161. long ret;
  162. /* pull the type into kernel space */
  163. ret = key_get_type_from_user(type, _type, sizeof(type));
  164. if (ret < 0)
  165. goto error;
  166. /* pull the description into kernel space */
  167. description = strndup_user(_description, KEY_MAX_DESC_SIZE);
  168. if (IS_ERR(description)) {
  169. ret = PTR_ERR(description);
  170. goto error;
  171. }
  172. /* pull the callout info into kernel space */
  173. callout_info = NULL;
  174. callout_len = 0;
  175. if (_callout_info) {
  176. callout_info = strndup_user(_callout_info, PAGE_SIZE);
  177. if (IS_ERR(callout_info)) {
  178. ret = PTR_ERR(callout_info);
  179. goto error2;
  180. }
  181. callout_len = strlen(callout_info);
  182. }
  183. /* get the destination keyring if specified */
  184. dest_ref = NULL;
  185. if (destringid) {
  186. dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
  187. KEY_NEED_WRITE);
  188. if (IS_ERR(dest_ref)) {
  189. ret = PTR_ERR(dest_ref);
  190. goto error3;
  191. }
  192. }
  193. /* find the key type */
  194. ktype = key_type_lookup(type);
  195. if (IS_ERR(ktype)) {
  196. ret = PTR_ERR(ktype);
  197. goto error4;
  198. }
  199. /* do the search */
  200. key = request_key_and_link(ktype, description, NULL, callout_info,
  201. callout_len, NULL, key_ref_to_ptr(dest_ref),
  202. KEY_ALLOC_IN_QUOTA);
  203. if (IS_ERR(key)) {
  204. ret = PTR_ERR(key);
  205. goto error5;
  206. }
  207. /* wait for the key to finish being constructed */
  208. ret = wait_for_key_construction(key, 1);
  209. if (ret < 0)
  210. goto error6;
  211. ret = key->serial;
  212. error6:
  213. key_put(key);
  214. error5:
  215. key_type_put(ktype);
  216. error4:
  217. key_ref_put(dest_ref);
  218. error3:
  219. kfree(callout_info);
  220. error2:
  221. kfree(description);
  222. error:
  223. return ret;
  224. }
  225. /*
  226. * Get the ID of the specified process keyring.
  227. *
  228. * The requested keyring must have search permission to be found.
  229. *
  230. * If successful, the ID of the requested keyring will be returned.
  231. */
  232. long keyctl_get_keyring_ID(key_serial_t id, int create)
  233. {
  234. key_ref_t key_ref;
  235. unsigned long lflags;
  236. long ret;
  237. lflags = create ? KEY_LOOKUP_CREATE : 0;
  238. key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH);
  239. if (IS_ERR(key_ref)) {
  240. ret = PTR_ERR(key_ref);
  241. goto error;
  242. }
  243. ret = key_ref_to_ptr(key_ref)->serial;
  244. key_ref_put(key_ref);
  245. error:
  246. return ret;
  247. }
  248. /*
  249. * Join a (named) session keyring.
  250. *
  251. * Create and join an anonymous session keyring or join a named session
  252. * keyring, creating it if necessary. A named session keyring must have Search
  253. * permission for it to be joined. Session keyrings without this permit will
  254. * be skipped over. It is not permitted for userspace to create or join
  255. * keyrings whose name begin with a dot.
  256. *
  257. * If successful, the ID of the joined session keyring will be returned.
  258. */
  259. long keyctl_join_session_keyring(const char __user *_name)
  260. {
  261. char *name;
  262. long ret;
  263. /* fetch the name from userspace */
  264. name = NULL;
  265. if (_name) {
  266. name = strndup_user(_name, KEY_MAX_DESC_SIZE);
  267. if (IS_ERR(name)) {
  268. ret = PTR_ERR(name);
  269. goto error;
  270. }
  271. ret = -EPERM;
  272. if (name[0] == '.')
  273. goto error_name;
  274. }
  275. /* join the session */
  276. ret = join_session_keyring(name);
  277. error_name:
  278. kfree(name);
  279. error:
  280. return ret;
  281. }
  282. /*
  283. * Update a key's data payload from the given data.
  284. *
  285. * The key must grant the caller Write permission and the key type must support
  286. * updating for this to work. A negative key can be positively instantiated
  287. * with this call.
  288. *
  289. * If successful, 0 will be returned. If the key type does not support
  290. * updating, then -EOPNOTSUPP will be returned.
  291. */
  292. long keyctl_update_key(key_serial_t id,
  293. const void __user *_payload,
  294. size_t plen)
  295. {
  296. key_ref_t key_ref;
  297. void *payload;
  298. long ret;
  299. ret = -EINVAL;
  300. if (plen > PAGE_SIZE)
  301. goto error;
  302. /* pull the payload in if one was supplied */
  303. payload = NULL;
  304. if (plen) {
  305. ret = -ENOMEM;
  306. payload = kvmalloc(plen, GFP_KERNEL);
  307. if (!payload)
  308. goto error;
  309. ret = -EFAULT;
  310. if (copy_from_user(payload, _payload, plen) != 0)
  311. goto error2;
  312. }
  313. /* find the target key (which must be writable) */
  314. key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
  315. if (IS_ERR(key_ref)) {
  316. ret = PTR_ERR(key_ref);
  317. goto error2;
  318. }
  319. /* update the key */
  320. ret = key_update(key_ref, payload, plen);
  321. key_ref_put(key_ref);
  322. error2:
  323. kvfree_sensitive(payload, plen);
  324. error:
  325. return ret;
  326. }
  327. /*
  328. * Revoke a key.
  329. *
  330. * The key must be grant the caller Write or Setattr permission for this to
  331. * work. The key type should give up its quota claim when revoked. The key
  332. * and any links to the key will be automatically garbage collected after a
  333. * certain amount of time (/proc/sys/kernel/keys/gc_delay).
  334. *
  335. * Keys with KEY_FLAG_KEEP set should not be revoked.
  336. *
  337. * If successful, 0 is returned.
  338. */
  339. long keyctl_revoke_key(key_serial_t id)
  340. {
  341. key_ref_t key_ref;
  342. struct key *key;
  343. long ret;
  344. key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE);
  345. if (IS_ERR(key_ref)) {
  346. ret = PTR_ERR(key_ref);
  347. if (ret != -EACCES)
  348. goto error;
  349. key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
  350. if (IS_ERR(key_ref)) {
  351. ret = PTR_ERR(key_ref);
  352. goto error;
  353. }
  354. }
  355. key = key_ref_to_ptr(key_ref);
  356. ret = 0;
  357. if (test_bit(KEY_FLAG_KEEP, &key->flags))
  358. ret = -EPERM;
  359. else
  360. key_revoke(key);
  361. key_ref_put(key_ref);
  362. error:
  363. return ret;
  364. }
  365. /*
  366. * Invalidate a key.
  367. *
  368. * The key must be grant the caller Invalidate permission for this to work.
  369. * The key and any links to the key will be automatically garbage collected
  370. * immediately.
  371. *
  372. * Keys with KEY_FLAG_KEEP set should not be invalidated.
  373. *
  374. * If successful, 0 is returned.
  375. */
  376. long keyctl_invalidate_key(key_serial_t id)
  377. {
  378. key_ref_t key_ref;
  379. struct key *key;
  380. long ret;
  381. kenter("%d", id);
  382. key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH);
  383. if (IS_ERR(key_ref)) {
  384. ret = PTR_ERR(key_ref);
  385. /* Root is permitted to invalidate certain special keys */
  386. if (capable(CAP_SYS_ADMIN)) {
  387. key_ref = lookup_user_key(id, 0, KEY_SYSADMIN_OVERRIDE);
  388. if (IS_ERR(key_ref))
  389. goto error;
  390. if (test_bit(KEY_FLAG_ROOT_CAN_INVAL,
  391. &key_ref_to_ptr(key_ref)->flags))
  392. goto invalidate;
  393. goto error_put;
  394. }
  395. goto error;
  396. }
  397. invalidate:
  398. key = key_ref_to_ptr(key_ref);
  399. ret = 0;
  400. if (test_bit(KEY_FLAG_KEEP, &key->flags))
  401. ret = -EPERM;
  402. else
  403. key_invalidate(key);
  404. error_put:
  405. key_ref_put(key_ref);
  406. error:
  407. kleave(" = %ld", ret);
  408. return ret;
  409. }
  410. /*
  411. * Clear the specified keyring, creating an empty process keyring if one of the
  412. * special keyring IDs is used.
  413. *
  414. * The keyring must grant the caller Write permission and not have
  415. * KEY_FLAG_KEEP set for this to work. If successful, 0 will be returned.
  416. */
  417. long keyctl_keyring_clear(key_serial_t ringid)
  418. {
  419. key_ref_t keyring_ref;
  420. struct key *keyring;
  421. long ret;
  422. keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
  423. if (IS_ERR(keyring_ref)) {
  424. ret = PTR_ERR(keyring_ref);
  425. /* Root is permitted to invalidate certain special keyrings */
  426. if (capable(CAP_SYS_ADMIN)) {
  427. keyring_ref = lookup_user_key(ringid, 0,
  428. KEY_SYSADMIN_OVERRIDE);
  429. if (IS_ERR(keyring_ref))
  430. goto error;
  431. if (test_bit(KEY_FLAG_ROOT_CAN_CLEAR,
  432. &key_ref_to_ptr(keyring_ref)->flags))
  433. goto clear;
  434. goto error_put;
  435. }
  436. goto error;
  437. }
  438. clear:
  439. keyring = key_ref_to_ptr(keyring_ref);
  440. if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
  441. ret = -EPERM;
  442. else
  443. ret = keyring_clear(keyring);
  444. error_put:
  445. key_ref_put(keyring_ref);
  446. error:
  447. return ret;
  448. }
  449. /*
  450. * Create a link from a keyring to a key if there's no matching key in the
  451. * keyring, otherwise replace the link to the matching key with a link to the
  452. * new key.
  453. *
  454. * The key must grant the caller Link permission and the keyring must grant
  455. * the caller Write permission. Furthermore, if an additional link is created,
  456. * the keyring's quota will be extended.
  457. *
  458. * If successful, 0 will be returned.
  459. */
  460. long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
  461. {
  462. key_ref_t keyring_ref, key_ref;
  463. long ret;
  464. keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
  465. if (IS_ERR(keyring_ref)) {
  466. ret = PTR_ERR(keyring_ref);
  467. goto error;
  468. }
  469. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
  470. if (IS_ERR(key_ref)) {
  471. ret = PTR_ERR(key_ref);
  472. goto error2;
  473. }
  474. ret = key_link(key_ref_to_ptr(keyring_ref), key_ref_to_ptr(key_ref));
  475. key_ref_put(key_ref);
  476. error2:
  477. key_ref_put(keyring_ref);
  478. error:
  479. return ret;
  480. }
  481. /*
  482. * Unlink a key from a keyring.
  483. *
  484. * The keyring must grant the caller Write permission for this to work; the key
  485. * itself need not grant the caller anything. If the last link to a key is
  486. * removed then that key will be scheduled for destruction.
  487. *
  488. * Keys or keyrings with KEY_FLAG_KEEP set should not be unlinked.
  489. *
  490. * If successful, 0 will be returned.
  491. */
  492. long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
  493. {
  494. key_ref_t keyring_ref, key_ref;
  495. struct key *keyring, *key;
  496. long ret;
  497. keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE);
  498. if (IS_ERR(keyring_ref)) {
  499. ret = PTR_ERR(keyring_ref);
  500. goto error;
  501. }
  502. key_ref = lookup_user_key(id, KEY_LOOKUP_PARTIAL, KEY_NEED_UNLINK);
  503. if (IS_ERR(key_ref)) {
  504. ret = PTR_ERR(key_ref);
  505. goto error2;
  506. }
  507. keyring = key_ref_to_ptr(keyring_ref);
  508. key = key_ref_to_ptr(key_ref);
  509. if (test_bit(KEY_FLAG_KEEP, &keyring->flags) &&
  510. test_bit(KEY_FLAG_KEEP, &key->flags))
  511. ret = -EPERM;
  512. else
  513. ret = key_unlink(keyring, key);
  514. key_ref_put(key_ref);
  515. error2:
  516. key_ref_put(keyring_ref);
  517. error:
  518. return ret;
  519. }
  520. /*
  521. * Move a link to a key from one keyring to another, displacing any matching
  522. * key from the destination keyring.
  523. *
  524. * The key must grant the caller Link permission and both keyrings must grant
  525. * the caller Write permission. There must also be a link in the from keyring
  526. * to the key. If both keyrings are the same, nothing is done.
  527. *
  528. * If successful, 0 will be returned.
  529. */
  530. long keyctl_keyring_move(key_serial_t id, key_serial_t from_ringid,
  531. key_serial_t to_ringid, unsigned int flags)
  532. {
  533. key_ref_t key_ref, from_ref, to_ref;
  534. long ret;
  535. if (flags & ~KEYCTL_MOVE_EXCL)
  536. return -EINVAL;
  537. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK);
  538. if (IS_ERR(key_ref))
  539. return PTR_ERR(key_ref);
  540. from_ref = lookup_user_key(from_ringid, 0, KEY_NEED_WRITE);
  541. if (IS_ERR(from_ref)) {
  542. ret = PTR_ERR(from_ref);
  543. goto error2;
  544. }
  545. to_ref = lookup_user_key(to_ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
  546. if (IS_ERR(to_ref)) {
  547. ret = PTR_ERR(to_ref);
  548. goto error3;
  549. }
  550. ret = key_move(key_ref_to_ptr(key_ref), key_ref_to_ptr(from_ref),
  551. key_ref_to_ptr(to_ref), flags);
  552. key_ref_put(to_ref);
  553. error3:
  554. key_ref_put(from_ref);
  555. error2:
  556. key_ref_put(key_ref);
  557. return ret;
  558. }
  559. /*
  560. * Return a description of a key to userspace.
  561. *
  562. * The key must grant the caller View permission for this to work.
  563. *
  564. * If there's a buffer, we place up to buflen bytes of data into it formatted
  565. * in the following way:
  566. *
  567. * type;uid;gid;perm;description<NUL>
  568. *
  569. * If successful, we return the amount of description available, irrespective
  570. * of how much we may have copied into the buffer.
  571. */
  572. long keyctl_describe_key(key_serial_t keyid,
  573. char __user *buffer,
  574. size_t buflen)
  575. {
  576. struct key *key, *instkey;
  577. key_ref_t key_ref;
  578. char *infobuf;
  579. long ret;
  580. int desclen, infolen;
  581. key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
  582. if (IS_ERR(key_ref)) {
  583. /* viewing a key under construction is permitted if we have the
  584. * authorisation token handy */
  585. if (PTR_ERR(key_ref) == -EACCES) {
  586. instkey = key_get_instantiation_authkey(keyid);
  587. if (!IS_ERR(instkey)) {
  588. key_put(instkey);
  589. key_ref = lookup_user_key(keyid,
  590. KEY_LOOKUP_PARTIAL,
  591. KEY_AUTHTOKEN_OVERRIDE);
  592. if (!IS_ERR(key_ref))
  593. goto okay;
  594. }
  595. }
  596. ret = PTR_ERR(key_ref);
  597. goto error;
  598. }
  599. okay:
  600. key = key_ref_to_ptr(key_ref);
  601. desclen = strlen(key->description);
  602. /* calculate how much information we're going to return */
  603. ret = -ENOMEM;
  604. infobuf = kasprintf(GFP_KERNEL,
  605. "%s;%d;%d;%08x;",
  606. key->type->name,
  607. from_kuid_munged(current_user_ns(), key->uid),
  608. from_kgid_munged(current_user_ns(), key->gid),
  609. key->perm);
  610. if (!infobuf)
  611. goto error2;
  612. infolen = strlen(infobuf);
  613. ret = infolen + desclen + 1;
  614. /* consider returning the data */
  615. if (buffer && buflen >= ret) {
  616. if (copy_to_user(buffer, infobuf, infolen) != 0 ||
  617. copy_to_user(buffer + infolen, key->description,
  618. desclen + 1) != 0)
  619. ret = -EFAULT;
  620. }
  621. kfree(infobuf);
  622. error2:
  623. key_ref_put(key_ref);
  624. error:
  625. return ret;
  626. }
  627. /*
  628. * Search the specified keyring and any keyrings it links to for a matching
  629. * key. Only keyrings that grant the caller Search permission will be searched
  630. * (this includes the starting keyring). Only keys with Search permission can
  631. * be found.
  632. *
  633. * If successful, the found key will be linked to the destination keyring if
  634. * supplied and the key has Link permission, and the found key ID will be
  635. * returned.
  636. */
  637. long keyctl_keyring_search(key_serial_t ringid,
  638. const char __user *_type,
  639. const char __user *_description,
  640. key_serial_t destringid)
  641. {
  642. struct key_type *ktype;
  643. key_ref_t keyring_ref, key_ref, dest_ref;
  644. char type[32], *description;
  645. long ret;
  646. /* pull the type and description into kernel space */
  647. ret = key_get_type_from_user(type, _type, sizeof(type));
  648. if (ret < 0)
  649. goto error;
  650. description = strndup_user(_description, KEY_MAX_DESC_SIZE);
  651. if (IS_ERR(description)) {
  652. ret = PTR_ERR(description);
  653. goto error;
  654. }
  655. /* get the keyring at which to begin the search */
  656. keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH);
  657. if (IS_ERR(keyring_ref)) {
  658. ret = PTR_ERR(keyring_ref);
  659. goto error2;
  660. }
  661. /* get the destination keyring if specified */
  662. dest_ref = NULL;
  663. if (destringid) {
  664. dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE,
  665. KEY_NEED_WRITE);
  666. if (IS_ERR(dest_ref)) {
  667. ret = PTR_ERR(dest_ref);
  668. goto error3;
  669. }
  670. }
  671. /* find the key type */
  672. ktype = key_type_lookup(type);
  673. if (IS_ERR(ktype)) {
  674. ret = PTR_ERR(ktype);
  675. goto error4;
  676. }
  677. /* do the search */
  678. key_ref = keyring_search(keyring_ref, ktype, description, true);
  679. if (IS_ERR(key_ref)) {
  680. ret = PTR_ERR(key_ref);
  681. /* treat lack or presence of a negative key the same */
  682. if (ret == -EAGAIN)
  683. ret = -ENOKEY;
  684. goto error5;
  685. }
  686. /* link the resulting key to the destination keyring if we can */
  687. if (dest_ref) {
  688. ret = key_permission(key_ref, KEY_NEED_LINK);
  689. if (ret < 0)
  690. goto error6;
  691. ret = key_link(key_ref_to_ptr(dest_ref), key_ref_to_ptr(key_ref));
  692. if (ret < 0)
  693. goto error6;
  694. }
  695. ret = key_ref_to_ptr(key_ref)->serial;
  696. error6:
  697. key_ref_put(key_ref);
  698. error5:
  699. key_type_put(ktype);
  700. error4:
  701. key_ref_put(dest_ref);
  702. error3:
  703. key_ref_put(keyring_ref);
  704. error2:
  705. kfree(description);
  706. error:
  707. return ret;
  708. }
  709. /*
  710. * Call the read method
  711. */
  712. static long __keyctl_read_key(struct key *key, char *buffer, size_t buflen)
  713. {
  714. long ret;
  715. down_read(&key->sem);
  716. ret = key_validate(key);
  717. if (ret == 0)
  718. ret = key->type->read(key, buffer, buflen);
  719. up_read(&key->sem);
  720. return ret;
  721. }
  722. /*
  723. * Read a key's payload.
  724. *
  725. * The key must either grant the caller Read permission, or it must grant the
  726. * caller Search permission when searched for from the process keyrings.
  727. *
  728. * If successful, we place up to buflen bytes of data into the buffer, if one
  729. * is provided, and return the amount of data that is available in the key,
  730. * irrespective of how much we copied into the buffer.
  731. */
  732. long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
  733. {
  734. struct key *key;
  735. key_ref_t key_ref;
  736. long ret;
  737. char *key_data = NULL;
  738. size_t key_data_len;
  739. /* find the key first */
  740. key_ref = lookup_user_key(keyid, 0, KEY_DEFER_PERM_CHECK);
  741. if (IS_ERR(key_ref)) {
  742. ret = -ENOKEY;
  743. goto out;
  744. }
  745. key = key_ref_to_ptr(key_ref);
  746. ret = key_read_state(key);
  747. if (ret < 0)
  748. goto key_put_out; /* Negatively instantiated */
  749. /* see if we can read it directly */
  750. ret = key_permission(key_ref, KEY_NEED_READ);
  751. if (ret == 0)
  752. goto can_read_key;
  753. if (ret != -EACCES)
  754. goto key_put_out;
  755. /* we can't; see if it's searchable from this process's keyrings
  756. * - we automatically take account of the fact that it may be
  757. * dangling off an instantiation key
  758. */
  759. if (!is_key_possessed(key_ref)) {
  760. ret = -EACCES;
  761. goto key_put_out;
  762. }
  763. /* the key is probably readable - now try to read it */
  764. can_read_key:
  765. if (!key->type->read) {
  766. ret = -EOPNOTSUPP;
  767. goto key_put_out;
  768. }
  769. if (!buffer || !buflen) {
  770. /* Get the key length from the read method */
  771. ret = __keyctl_read_key(key, NULL, 0);
  772. goto key_put_out;
  773. }
  774. /*
  775. * Read the data with the semaphore held (since we might sleep)
  776. * to protect against the key being updated or revoked.
  777. *
  778. * Allocating a temporary buffer to hold the keys before
  779. * transferring them to user buffer to avoid potential
  780. * deadlock involving page fault and mmap_lock.
  781. *
  782. * key_data_len = (buflen <= PAGE_SIZE)
  783. * ? buflen : actual length of key data
  784. *
  785. * This prevents allocating arbitrary large buffer which can
  786. * be much larger than the actual key length. In the latter case,
  787. * at least 2 passes of this loop is required.
  788. */
  789. key_data_len = (buflen <= PAGE_SIZE) ? buflen : 0;
  790. for (;;) {
  791. if (key_data_len) {
  792. key_data = kvmalloc(key_data_len, GFP_KERNEL);
  793. if (!key_data) {
  794. ret = -ENOMEM;
  795. goto key_put_out;
  796. }
  797. }
  798. ret = __keyctl_read_key(key, key_data, key_data_len);
  799. /*
  800. * Read methods will just return the required length without
  801. * any copying if the provided length isn't large enough.
  802. */
  803. if (ret <= 0 || ret > buflen)
  804. break;
  805. /*
  806. * The key may change (unlikely) in between 2 consecutive
  807. * __keyctl_read_key() calls. In this case, we reallocate
  808. * a larger buffer and redo the key read when
  809. * key_data_len < ret <= buflen.
  810. */
  811. if (ret > key_data_len) {
  812. if (unlikely(key_data))
  813. kvfree_sensitive(key_data, key_data_len);
  814. key_data_len = ret;
  815. continue; /* Allocate buffer */
  816. }
  817. if (copy_to_user(buffer, key_data, ret))
  818. ret = -EFAULT;
  819. break;
  820. }
  821. kvfree_sensitive(key_data, key_data_len);
  822. key_put_out:
  823. key_put(key);
  824. out:
  825. return ret;
  826. }
  827. /*
  828. * Change the ownership of a key
  829. *
  830. * The key must grant the caller Setattr permission for this to work, though
  831. * the key need not be fully instantiated yet. For the UID to be changed, or
  832. * for the GID to be changed to a group the caller is not a member of, the
  833. * caller must have sysadmin capability. If either uid or gid is -1 then that
  834. * attribute is not changed.
  835. *
  836. * If the UID is to be changed, the new user must have sufficient quota to
  837. * accept the key. The quota deduction will be removed from the old user to
  838. * the new user should the attribute be changed.
  839. *
  840. * If successful, 0 will be returned.
  841. */
  842. long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group)
  843. {
  844. struct key_user *newowner, *zapowner = NULL;
  845. struct key *key;
  846. key_ref_t key_ref;
  847. long ret;
  848. kuid_t uid;
  849. kgid_t gid;
  850. unsigned long flags;
  851. uid = make_kuid(current_user_ns(), user);
  852. gid = make_kgid(current_user_ns(), group);
  853. ret = -EINVAL;
  854. if ((user != (uid_t) -1) && !uid_valid(uid))
  855. goto error;
  856. if ((group != (gid_t) -1) && !gid_valid(gid))
  857. goto error;
  858. ret = 0;
  859. if (user == (uid_t) -1 && group == (gid_t) -1)
  860. goto error;
  861. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
  862. KEY_NEED_SETATTR);
  863. if (IS_ERR(key_ref)) {
  864. ret = PTR_ERR(key_ref);
  865. goto error;
  866. }
  867. key = key_ref_to_ptr(key_ref);
  868. /* make the changes with the locks held to prevent chown/chown races */
  869. ret = -EACCES;
  870. down_write(&key->sem);
  871. {
  872. bool is_privileged_op = false;
  873. /* only the sysadmin can chown a key to some other UID */
  874. if (user != (uid_t) -1 && !uid_eq(key->uid, uid))
  875. is_privileged_op = true;
  876. /* only the sysadmin can set the key's GID to a group other
  877. * than one of those that the current process subscribes to */
  878. if (group != (gid_t) -1 && !gid_eq(gid, key->gid) && !in_group_p(gid))
  879. is_privileged_op = true;
  880. if (is_privileged_op && !capable(CAP_SYS_ADMIN))
  881. goto error_put;
  882. }
  883. /* change the UID */
  884. if (user != (uid_t) -1 && !uid_eq(uid, key->uid)) {
  885. ret = -ENOMEM;
  886. newowner = key_user_lookup(uid);
  887. if (!newowner)
  888. goto error_put;
  889. /* transfer the quota burden to the new user */
  890. if (test_bit(KEY_FLAG_IN_QUOTA, &key->flags)) {
  891. unsigned maxkeys = uid_eq(uid, GLOBAL_ROOT_UID) ?
  892. key_quota_root_maxkeys : key_quota_maxkeys;
  893. unsigned maxbytes = uid_eq(uid, GLOBAL_ROOT_UID) ?
  894. key_quota_root_maxbytes : key_quota_maxbytes;
  895. spin_lock_irqsave(&newowner->lock, flags);
  896. if (newowner->qnkeys + 1 > maxkeys ||
  897. newowner->qnbytes + key->quotalen > maxbytes ||
  898. newowner->qnbytes + key->quotalen <
  899. newowner->qnbytes)
  900. goto quota_overrun;
  901. newowner->qnkeys++;
  902. newowner->qnbytes += key->quotalen;
  903. spin_unlock_irqrestore(&newowner->lock, flags);
  904. spin_lock_irqsave(&key->user->lock, flags);
  905. key->user->qnkeys--;
  906. key->user->qnbytes -= key->quotalen;
  907. spin_unlock_irqrestore(&key->user->lock, flags);
  908. }
  909. atomic_dec(&key->user->nkeys);
  910. atomic_inc(&newowner->nkeys);
  911. if (key->state != KEY_IS_UNINSTANTIATED) {
  912. atomic_dec(&key->user->nikeys);
  913. atomic_inc(&newowner->nikeys);
  914. }
  915. zapowner = key->user;
  916. key->user = newowner;
  917. key->uid = uid;
  918. }
  919. /* change the GID */
  920. if (group != (gid_t) -1)
  921. key->gid = gid;
  922. notify_key(key, NOTIFY_KEY_SETATTR, 0);
  923. ret = 0;
  924. error_put:
  925. up_write(&key->sem);
  926. key_put(key);
  927. if (zapowner)
  928. key_user_put(zapowner);
  929. error:
  930. return ret;
  931. quota_overrun:
  932. spin_unlock_irqrestore(&newowner->lock, flags);
  933. zapowner = newowner;
  934. ret = -EDQUOT;
  935. goto error_put;
  936. }
  937. /*
  938. * Change the permission mask on a key.
  939. *
  940. * The key must grant the caller Setattr permission for this to work, though
  941. * the key need not be fully instantiated yet. If the caller does not have
  942. * sysadmin capability, it may only change the permission on keys that it owns.
  943. */
  944. long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
  945. {
  946. struct key *key;
  947. key_ref_t key_ref;
  948. long ret;
  949. ret = -EINVAL;
  950. if (perm & ~(KEY_POS_ALL | KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
  951. goto error;
  952. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
  953. KEY_NEED_SETATTR);
  954. if (IS_ERR(key_ref)) {
  955. ret = PTR_ERR(key_ref);
  956. goto error;
  957. }
  958. key = key_ref_to_ptr(key_ref);
  959. /* make the changes with the locks held to prevent chown/chmod races */
  960. ret = -EACCES;
  961. down_write(&key->sem);
  962. /* if we're not the sysadmin, we can only change a key that we own */
  963. if (uid_eq(key->uid, current_fsuid()) || capable(CAP_SYS_ADMIN)) {
  964. key->perm = perm;
  965. notify_key(key, NOTIFY_KEY_SETATTR, 0);
  966. ret = 0;
  967. }
  968. up_write(&key->sem);
  969. key_put(key);
  970. error:
  971. return ret;
  972. }
  973. /*
  974. * Get the destination keyring for instantiation and check that the caller has
  975. * Write permission on it.
  976. */
  977. static long get_instantiation_keyring(key_serial_t ringid,
  978. struct request_key_auth *rka,
  979. struct key **_dest_keyring)
  980. {
  981. key_ref_t dkref;
  982. *_dest_keyring = NULL;
  983. /* just return a NULL pointer if we weren't asked to make a link */
  984. if (ringid == 0)
  985. return 0;
  986. /* if a specific keyring is nominated by ID, then use that */
  987. if (ringid > 0) {
  988. dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE);
  989. if (IS_ERR(dkref))
  990. return PTR_ERR(dkref);
  991. *_dest_keyring = key_ref_to_ptr(dkref);
  992. return 0;
  993. }
  994. if (ringid == KEY_SPEC_REQKEY_AUTH_KEY)
  995. return -EINVAL;
  996. /* otherwise specify the destination keyring recorded in the
  997. * authorisation key (any KEY_SPEC_*_KEYRING) */
  998. if (ringid >= KEY_SPEC_REQUESTOR_KEYRING) {
  999. *_dest_keyring = key_get(rka->dest_keyring);
  1000. return 0;
  1001. }
  1002. return -ENOKEY;
  1003. }
  1004. /*
  1005. * Change the request_key authorisation key on the current process.
  1006. */
  1007. static int keyctl_change_reqkey_auth(struct key *key)
  1008. {
  1009. struct cred *new;
  1010. new = prepare_creds();
  1011. if (!new)
  1012. return -ENOMEM;
  1013. key_put(new->request_key_auth);
  1014. new->request_key_auth = key_get(key);
  1015. return commit_creds(new);
  1016. }
  1017. /*
  1018. * Instantiate a key with the specified payload and link the key into the
  1019. * destination keyring if one is given.
  1020. *
  1021. * The caller must have the appropriate instantiation permit set for this to
  1022. * work (see keyctl_assume_authority). No other permissions are required.
  1023. *
  1024. * If successful, 0 will be returned.
  1025. */
  1026. static long keyctl_instantiate_key_common(key_serial_t id,
  1027. struct iov_iter *from,
  1028. key_serial_t ringid)
  1029. {
  1030. const struct cred *cred = current_cred();
  1031. struct request_key_auth *rka;
  1032. struct key *instkey, *dest_keyring;
  1033. size_t plen = from ? iov_iter_count(from) : 0;
  1034. void *payload;
  1035. long ret;
  1036. kenter("%d,,%zu,%d", id, plen, ringid);
  1037. if (!plen)
  1038. from = NULL;
  1039. ret = -EINVAL;
  1040. if (plen > 1024 * 1024 - 1)
  1041. goto error;
  1042. /* the appropriate instantiation authorisation key must have been
  1043. * assumed before calling this */
  1044. ret = -EPERM;
  1045. instkey = cred->request_key_auth;
  1046. if (!instkey)
  1047. goto error;
  1048. rka = instkey->payload.data[0];
  1049. if (rka->target_key->serial != id)
  1050. goto error;
  1051. /* pull the payload in if one was supplied */
  1052. payload = NULL;
  1053. if (from) {
  1054. ret = -ENOMEM;
  1055. payload = kvmalloc(plen, GFP_KERNEL);
  1056. if (!payload)
  1057. goto error;
  1058. ret = -EFAULT;
  1059. if (!copy_from_iter_full(payload, plen, from))
  1060. goto error2;
  1061. }
  1062. /* find the destination keyring amongst those belonging to the
  1063. * requesting task */
  1064. ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
  1065. if (ret < 0)
  1066. goto error2;
  1067. /* instantiate the key and link it into a keyring */
  1068. ret = key_instantiate_and_link(rka->target_key, payload, plen,
  1069. dest_keyring, instkey);
  1070. key_put(dest_keyring);
  1071. /* discard the assumed authority if it's just been disabled by
  1072. * instantiation of the key */
  1073. if (ret == 0)
  1074. keyctl_change_reqkey_auth(NULL);
  1075. error2:
  1076. kvfree_sensitive(payload, plen);
  1077. error:
  1078. return ret;
  1079. }
  1080. /*
  1081. * Instantiate a key with the specified payload and link the key into the
  1082. * destination keyring if one is given.
  1083. *
  1084. * The caller must have the appropriate instantiation permit set for this to
  1085. * work (see keyctl_assume_authority). No other permissions are required.
  1086. *
  1087. * If successful, 0 will be returned.
  1088. */
  1089. long keyctl_instantiate_key(key_serial_t id,
  1090. const void __user *_payload,
  1091. size_t plen,
  1092. key_serial_t ringid)
  1093. {
  1094. if (_payload && plen) {
  1095. struct iov_iter from;
  1096. int ret;
  1097. ret = import_ubuf(ITER_SOURCE, (void __user *)_payload, plen,
  1098. &from);
  1099. if (unlikely(ret))
  1100. return ret;
  1101. return keyctl_instantiate_key_common(id, &from, ringid);
  1102. }
  1103. return keyctl_instantiate_key_common(id, NULL, ringid);
  1104. }
  1105. /*
  1106. * Instantiate a key with the specified multipart payload and link the key into
  1107. * the destination keyring if one is given.
  1108. *
  1109. * The caller must have the appropriate instantiation permit set for this to
  1110. * work (see keyctl_assume_authority). No other permissions are required.
  1111. *
  1112. * If successful, 0 will be returned.
  1113. */
  1114. long keyctl_instantiate_key_iov(key_serial_t id,
  1115. const struct iovec __user *_payload_iov,
  1116. unsigned ioc,
  1117. key_serial_t ringid)
  1118. {
  1119. struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
  1120. struct iov_iter from;
  1121. long ret;
  1122. if (!_payload_iov)
  1123. ioc = 0;
  1124. ret = import_iovec(ITER_SOURCE, _payload_iov, ioc,
  1125. ARRAY_SIZE(iovstack), &iov, &from);
  1126. if (ret < 0)
  1127. return ret;
  1128. ret = keyctl_instantiate_key_common(id, &from, ringid);
  1129. kfree(iov);
  1130. return ret;
  1131. }
  1132. /*
  1133. * Negatively instantiate the key with the given timeout (in seconds) and link
  1134. * the key into the destination keyring if one is given.
  1135. *
  1136. * The caller must have the appropriate instantiation permit set for this to
  1137. * work (see keyctl_assume_authority). No other permissions are required.
  1138. *
  1139. * The key and any links to the key will be automatically garbage collected
  1140. * after the timeout expires.
  1141. *
  1142. * Negative keys are used to rate limit repeated request_key() calls by causing
  1143. * them to return -ENOKEY until the negative key expires.
  1144. *
  1145. * If successful, 0 will be returned.
  1146. */
  1147. long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
  1148. {
  1149. return keyctl_reject_key(id, timeout, ENOKEY, ringid);
  1150. }
  1151. /*
  1152. * Negatively instantiate the key with the given timeout (in seconds) and error
  1153. * code and link the key into the destination keyring if one is given.
  1154. *
  1155. * The caller must have the appropriate instantiation permit set for this to
  1156. * work (see keyctl_assume_authority). No other permissions are required.
  1157. *
  1158. * The key and any links to the key will be automatically garbage collected
  1159. * after the timeout expires.
  1160. *
  1161. * Negative keys are used to rate limit repeated request_key() calls by causing
  1162. * them to return the specified error code until the negative key expires.
  1163. *
  1164. * If successful, 0 will be returned.
  1165. */
  1166. long keyctl_reject_key(key_serial_t id, unsigned timeout, unsigned error,
  1167. key_serial_t ringid)
  1168. {
  1169. const struct cred *cred = current_cred();
  1170. struct request_key_auth *rka;
  1171. struct key *instkey, *dest_keyring;
  1172. long ret;
  1173. kenter("%d,%u,%u,%d", id, timeout, error, ringid);
  1174. /* must be a valid error code and mustn't be a kernel special */
  1175. if (error <= 0 ||
  1176. error >= MAX_ERRNO ||
  1177. error == ERESTARTSYS ||
  1178. error == ERESTARTNOINTR ||
  1179. error == ERESTARTNOHAND ||
  1180. error == ERESTART_RESTARTBLOCK)
  1181. return -EINVAL;
  1182. /* the appropriate instantiation authorisation key must have been
  1183. * assumed before calling this */
  1184. ret = -EPERM;
  1185. instkey = cred->request_key_auth;
  1186. if (!instkey)
  1187. goto error;
  1188. rka = instkey->payload.data[0];
  1189. if (rka->target_key->serial != id)
  1190. goto error;
  1191. /* find the destination keyring if present (which must also be
  1192. * writable) */
  1193. ret = get_instantiation_keyring(ringid, rka, &dest_keyring);
  1194. if (ret < 0)
  1195. goto error;
  1196. /* instantiate the key and link it into a keyring */
  1197. ret = key_reject_and_link(rka->target_key, timeout, error,
  1198. dest_keyring, instkey);
  1199. key_put(dest_keyring);
  1200. /* discard the assumed authority if it's just been disabled by
  1201. * instantiation of the key */
  1202. if (ret == 0)
  1203. keyctl_change_reqkey_auth(NULL);
  1204. error:
  1205. return ret;
  1206. }
  1207. /*
  1208. * Read or set the default keyring in which request_key() will cache keys and
  1209. * return the old setting.
  1210. *
  1211. * If a thread or process keyring is specified then it will be created if it
  1212. * doesn't yet exist. The old setting will be returned if successful.
  1213. */
  1214. long keyctl_set_reqkey_keyring(int reqkey_defl)
  1215. {
  1216. struct cred *new;
  1217. int ret, old_setting;
  1218. old_setting = current_cred_xxx(jit_keyring);
  1219. if (reqkey_defl == KEY_REQKEY_DEFL_NO_CHANGE)
  1220. return old_setting;
  1221. new = prepare_creds();
  1222. if (!new)
  1223. return -ENOMEM;
  1224. switch (reqkey_defl) {
  1225. case KEY_REQKEY_DEFL_THREAD_KEYRING:
  1226. ret = install_thread_keyring_to_cred(new);
  1227. if (ret < 0)
  1228. goto error;
  1229. goto set;
  1230. case KEY_REQKEY_DEFL_PROCESS_KEYRING:
  1231. ret = install_process_keyring_to_cred(new);
  1232. if (ret < 0)
  1233. goto error;
  1234. goto set;
  1235. case KEY_REQKEY_DEFL_DEFAULT:
  1236. case KEY_REQKEY_DEFL_SESSION_KEYRING:
  1237. case KEY_REQKEY_DEFL_USER_KEYRING:
  1238. case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
  1239. case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
  1240. goto set;
  1241. case KEY_REQKEY_DEFL_NO_CHANGE:
  1242. case KEY_REQKEY_DEFL_GROUP_KEYRING:
  1243. default:
  1244. ret = -EINVAL;
  1245. goto error;
  1246. }
  1247. set:
  1248. new->jit_keyring = reqkey_defl;
  1249. commit_creds(new);
  1250. return old_setting;
  1251. error:
  1252. abort_creds(new);
  1253. return ret;
  1254. }
  1255. /*
  1256. * Set or clear the timeout on a key.
  1257. *
  1258. * Either the key must grant the caller Setattr permission or else the caller
  1259. * must hold an instantiation authorisation token for the key.
  1260. *
  1261. * The timeout is either 0 to clear the timeout, or a number of seconds from
  1262. * the current time. The key and any links to the key will be automatically
  1263. * garbage collected after the timeout expires.
  1264. *
  1265. * Keys with KEY_FLAG_KEEP set should not be timed out.
  1266. *
  1267. * If successful, 0 is returned.
  1268. */
  1269. long keyctl_set_timeout(key_serial_t id, unsigned timeout)
  1270. {
  1271. struct key *key, *instkey;
  1272. key_ref_t key_ref;
  1273. long ret;
  1274. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL,
  1275. KEY_NEED_SETATTR);
  1276. if (IS_ERR(key_ref)) {
  1277. /* setting the timeout on a key under construction is permitted
  1278. * if we have the authorisation token handy */
  1279. if (PTR_ERR(key_ref) == -EACCES) {
  1280. instkey = key_get_instantiation_authkey(id);
  1281. if (!IS_ERR(instkey)) {
  1282. key_put(instkey);
  1283. key_ref = lookup_user_key(id,
  1284. KEY_LOOKUP_PARTIAL,
  1285. KEY_AUTHTOKEN_OVERRIDE);
  1286. if (!IS_ERR(key_ref))
  1287. goto okay;
  1288. }
  1289. }
  1290. ret = PTR_ERR(key_ref);
  1291. goto error;
  1292. }
  1293. okay:
  1294. key = key_ref_to_ptr(key_ref);
  1295. ret = 0;
  1296. if (test_bit(KEY_FLAG_KEEP, &key->flags)) {
  1297. ret = -EPERM;
  1298. } else {
  1299. key_set_timeout(key, timeout);
  1300. notify_key(key, NOTIFY_KEY_SETATTR, 0);
  1301. }
  1302. key_put(key);
  1303. error:
  1304. return ret;
  1305. }
  1306. /*
  1307. * Assume (or clear) the authority to instantiate the specified key.
  1308. *
  1309. * This sets the authoritative token currently in force for key instantiation.
  1310. * This must be done for a key to be instantiated. It has the effect of making
  1311. * available all the keys from the caller of the request_key() that created a
  1312. * key to request_key() calls made by the caller of this function.
  1313. *
  1314. * The caller must have the instantiation key in their process keyrings with a
  1315. * Search permission grant available to the caller.
  1316. *
  1317. * If the ID given is 0, then the setting will be cleared and 0 returned.
  1318. *
  1319. * If the ID given has a matching an authorisation key, then that key will be
  1320. * set and its ID will be returned. The authorisation key can be read to get
  1321. * the callout information passed to request_key().
  1322. */
  1323. long keyctl_assume_authority(key_serial_t id)
  1324. {
  1325. struct key *authkey;
  1326. long ret;
  1327. /* special key IDs aren't permitted */
  1328. ret = -EINVAL;
  1329. if (id < 0)
  1330. goto error;
  1331. /* we divest ourselves of authority if given an ID of 0 */
  1332. if (id == 0) {
  1333. ret = keyctl_change_reqkey_auth(NULL);
  1334. goto error;
  1335. }
  1336. /* attempt to assume the authority temporarily granted to us whilst we
  1337. * instantiate the specified key
  1338. * - the authorisation key must be in the current task's keyrings
  1339. * somewhere
  1340. */
  1341. authkey = key_get_instantiation_authkey(id);
  1342. if (IS_ERR(authkey)) {
  1343. ret = PTR_ERR(authkey);
  1344. goto error;
  1345. }
  1346. ret = keyctl_change_reqkey_auth(authkey);
  1347. if (ret == 0)
  1348. ret = authkey->serial;
  1349. key_put(authkey);
  1350. error:
  1351. return ret;
  1352. }
  1353. /*
  1354. * Get a key's the LSM security label.
  1355. *
  1356. * The key must grant the caller View permission for this to work.
  1357. *
  1358. * If there's a buffer, then up to buflen bytes of data will be placed into it.
  1359. *
  1360. * If successful, the amount of information available will be returned,
  1361. * irrespective of how much was copied (including the terminal NUL).
  1362. */
  1363. long keyctl_get_security(key_serial_t keyid,
  1364. char __user *buffer,
  1365. size_t buflen)
  1366. {
  1367. struct key *key, *instkey;
  1368. key_ref_t key_ref;
  1369. char *context;
  1370. long ret;
  1371. key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW);
  1372. if (IS_ERR(key_ref)) {
  1373. if (PTR_ERR(key_ref) != -EACCES)
  1374. return PTR_ERR(key_ref);
  1375. /* viewing a key under construction is also permitted if we
  1376. * have the authorisation token handy */
  1377. instkey = key_get_instantiation_authkey(keyid);
  1378. if (IS_ERR(instkey))
  1379. return PTR_ERR(instkey);
  1380. key_put(instkey);
  1381. key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL,
  1382. KEY_AUTHTOKEN_OVERRIDE);
  1383. if (IS_ERR(key_ref))
  1384. return PTR_ERR(key_ref);
  1385. }
  1386. key = key_ref_to_ptr(key_ref);
  1387. ret = security_key_getsecurity(key, &context);
  1388. if (ret == 0) {
  1389. /* if no information was returned, give userspace an empty
  1390. * string */
  1391. ret = 1;
  1392. if (buffer && buflen > 0 &&
  1393. copy_to_user(buffer, "", 1) != 0)
  1394. ret = -EFAULT;
  1395. } else if (ret > 0) {
  1396. /* return as much data as there's room for */
  1397. if (buffer && buflen > 0) {
  1398. if (buflen > ret)
  1399. buflen = ret;
  1400. if (copy_to_user(buffer, context, buflen) != 0)
  1401. ret = -EFAULT;
  1402. }
  1403. kfree(context);
  1404. }
  1405. key_ref_put(key_ref);
  1406. return ret;
  1407. }
  1408. /*
  1409. * Attempt to install the calling process's session keyring on the process's
  1410. * parent process.
  1411. *
  1412. * The keyring must exist and must grant the caller LINK permission, and the
  1413. * parent process must be single-threaded and must have the same effective
  1414. * ownership as this process and mustn't be SUID/SGID.
  1415. *
  1416. * The keyring will be emplaced on the parent when it next resumes userspace.
  1417. *
  1418. * If successful, 0 will be returned.
  1419. */
  1420. long keyctl_session_to_parent(void)
  1421. {
  1422. struct task_struct *me, *parent;
  1423. const struct cred *mycred, *pcred;
  1424. struct callback_head *newwork, *oldwork;
  1425. key_ref_t keyring_r;
  1426. struct cred *cred;
  1427. int ret;
  1428. keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK);
  1429. if (IS_ERR(keyring_r))
  1430. return PTR_ERR(keyring_r);
  1431. ret = -ENOMEM;
  1432. /* our parent is going to need a new cred struct, a new tgcred struct
  1433. * and new security data, so we allocate them here to prevent ENOMEM in
  1434. * our parent */
  1435. cred = cred_alloc_blank();
  1436. if (!cred)
  1437. goto error_keyring;
  1438. newwork = &cred->rcu;
  1439. cred->session_keyring = key_ref_to_ptr(keyring_r);
  1440. keyring_r = NULL;
  1441. init_task_work(newwork, key_change_session_keyring);
  1442. me = current;
  1443. rcu_read_lock();
  1444. write_lock_irq(&tasklist_lock);
  1445. ret = -EPERM;
  1446. oldwork = NULL;
  1447. parent = rcu_dereference_protected(me->real_parent,
  1448. lockdep_is_held(&tasklist_lock));
  1449. /* the parent mustn't be init and mustn't be a kernel thread */
  1450. if (parent->pid <= 1 || !parent->mm)
  1451. goto unlock;
  1452. /* the parent must be single threaded */
  1453. if (!thread_group_empty(parent))
  1454. goto unlock;
  1455. /* the parent and the child must have different session keyrings or
  1456. * there's no point */
  1457. mycred = current_cred();
  1458. pcred = __task_cred(parent);
  1459. if (mycred == pcred ||
  1460. mycred->session_keyring == pcred->session_keyring) {
  1461. ret = 0;
  1462. goto unlock;
  1463. }
  1464. /* the parent must have the same effective ownership and mustn't be
  1465. * SUID/SGID */
  1466. if (!uid_eq(pcred->uid, mycred->euid) ||
  1467. !uid_eq(pcred->euid, mycred->euid) ||
  1468. !uid_eq(pcred->suid, mycred->euid) ||
  1469. !gid_eq(pcred->gid, mycred->egid) ||
  1470. !gid_eq(pcred->egid, mycred->egid) ||
  1471. !gid_eq(pcred->sgid, mycred->egid))
  1472. goto unlock;
  1473. /* the keyrings must have the same UID */
  1474. if ((pcred->session_keyring &&
  1475. !uid_eq(pcred->session_keyring->uid, mycred->euid)) ||
  1476. !uid_eq(mycred->session_keyring->uid, mycred->euid))
  1477. goto unlock;
  1478. /* cancel an already pending keyring replacement */
  1479. oldwork = task_work_cancel_func(parent, key_change_session_keyring);
  1480. /* the replacement session keyring is applied just prior to userspace
  1481. * restarting */
  1482. ret = task_work_add(parent, newwork, TWA_RESUME);
  1483. if (!ret)
  1484. newwork = NULL;
  1485. unlock:
  1486. write_unlock_irq(&tasklist_lock);
  1487. rcu_read_unlock();
  1488. if (oldwork)
  1489. put_cred(container_of(oldwork, struct cred, rcu));
  1490. if (newwork)
  1491. put_cred(cred);
  1492. return ret;
  1493. error_keyring:
  1494. key_ref_put(keyring_r);
  1495. return ret;
  1496. }
  1497. /*
  1498. * Apply a restriction to a given keyring.
  1499. *
  1500. * The caller must have Setattr permission to change keyring restrictions.
  1501. *
  1502. * The requested type name may be a NULL pointer to reject all attempts
  1503. * to link to the keyring. In this case, _restriction must also be NULL.
  1504. * Otherwise, both _type and _restriction must be non-NULL.
  1505. *
  1506. * Returns 0 if successful.
  1507. */
  1508. long keyctl_restrict_keyring(key_serial_t id, const char __user *_type,
  1509. const char __user *_restriction)
  1510. {
  1511. key_ref_t key_ref;
  1512. char type[32];
  1513. char *restriction = NULL;
  1514. long ret;
  1515. key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR);
  1516. if (IS_ERR(key_ref))
  1517. return PTR_ERR(key_ref);
  1518. ret = -EINVAL;
  1519. if (_type) {
  1520. if (!_restriction)
  1521. goto error;
  1522. ret = key_get_type_from_user(type, _type, sizeof(type));
  1523. if (ret < 0)
  1524. goto error;
  1525. restriction = strndup_user(_restriction, PAGE_SIZE);
  1526. if (IS_ERR(restriction)) {
  1527. ret = PTR_ERR(restriction);
  1528. goto error;
  1529. }
  1530. } else {
  1531. if (_restriction)
  1532. goto error;
  1533. }
  1534. ret = keyring_restrict(key_ref, _type ? type : NULL, restriction);
  1535. kfree(restriction);
  1536. error:
  1537. key_ref_put(key_ref);
  1538. return ret;
  1539. }
  1540. #ifdef CONFIG_KEY_NOTIFICATIONS
  1541. /*
  1542. * Watch for changes to a key.
  1543. *
  1544. * The caller must have View permission to watch a key or keyring.
  1545. */
  1546. long keyctl_watch_key(key_serial_t id, int watch_queue_fd, int watch_id)
  1547. {
  1548. struct watch_queue *wqueue;
  1549. struct watch_list *wlist = NULL;
  1550. struct watch *watch = NULL;
  1551. struct key *key;
  1552. key_ref_t key_ref;
  1553. long ret;
  1554. if (watch_id < -1 || watch_id > 0xff)
  1555. return -EINVAL;
  1556. key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_VIEW);
  1557. if (IS_ERR(key_ref))
  1558. return PTR_ERR(key_ref);
  1559. key = key_ref_to_ptr(key_ref);
  1560. wqueue = get_watch_queue(watch_queue_fd);
  1561. if (IS_ERR(wqueue)) {
  1562. ret = PTR_ERR(wqueue);
  1563. goto err_key;
  1564. }
  1565. if (watch_id >= 0) {
  1566. ret = -ENOMEM;
  1567. if (!key->watchers) {
  1568. wlist = kzalloc_obj(*wlist);
  1569. if (!wlist)
  1570. goto err_wqueue;
  1571. init_watch_list(wlist, NULL);
  1572. }
  1573. watch = kzalloc_obj(*watch);
  1574. if (!watch)
  1575. goto err_wlist;
  1576. init_watch(watch, wqueue);
  1577. watch->id = key->serial;
  1578. watch->info_id = (u32)watch_id << WATCH_INFO_ID__SHIFT;
  1579. ret = security_watch_key(key);
  1580. if (ret < 0)
  1581. goto err_watch;
  1582. down_write(&key->sem);
  1583. if (!key->watchers) {
  1584. key->watchers = wlist;
  1585. wlist = NULL;
  1586. }
  1587. ret = add_watch_to_object(watch, key->watchers);
  1588. up_write(&key->sem);
  1589. if (ret == 0)
  1590. watch = NULL;
  1591. } else {
  1592. ret = -EBADSLT;
  1593. if (key->watchers) {
  1594. down_write(&key->sem);
  1595. ret = remove_watch_from_object(key->watchers,
  1596. wqueue, key_serial(key),
  1597. false);
  1598. up_write(&key->sem);
  1599. }
  1600. }
  1601. err_watch:
  1602. kfree(watch);
  1603. err_wlist:
  1604. kfree(wlist);
  1605. err_wqueue:
  1606. put_watch_queue(wqueue);
  1607. err_key:
  1608. key_put(key);
  1609. return ret;
  1610. }
  1611. #endif /* CONFIG_KEY_NOTIFICATIONS */
  1612. /*
  1613. * Get keyrings subsystem capabilities.
  1614. */
  1615. long keyctl_capabilities(unsigned char __user *_buffer, size_t buflen)
  1616. {
  1617. size_t size = buflen;
  1618. if (size > 0) {
  1619. if (size > sizeof(keyrings_capabilities))
  1620. size = sizeof(keyrings_capabilities);
  1621. if (copy_to_user(_buffer, keyrings_capabilities, size) != 0)
  1622. return -EFAULT;
  1623. if (size < buflen &&
  1624. clear_user(_buffer + size, buflen - size) != 0)
  1625. return -EFAULT;
  1626. }
  1627. return sizeof(keyrings_capabilities);
  1628. }
  1629. /*
  1630. * The key control system call
  1631. */
  1632. SYSCALL_DEFINE5(keyctl, int, option, unsigned long, arg2, unsigned long, arg3,
  1633. unsigned long, arg4, unsigned long, arg5)
  1634. {
  1635. switch (option) {
  1636. case KEYCTL_GET_KEYRING_ID:
  1637. return keyctl_get_keyring_ID((key_serial_t) arg2,
  1638. (int) arg3);
  1639. case KEYCTL_JOIN_SESSION_KEYRING:
  1640. return keyctl_join_session_keyring((const char __user *) arg2);
  1641. case KEYCTL_UPDATE:
  1642. return keyctl_update_key((key_serial_t) arg2,
  1643. (const void __user *) arg3,
  1644. (size_t) arg4);
  1645. case KEYCTL_REVOKE:
  1646. return keyctl_revoke_key((key_serial_t) arg2);
  1647. case KEYCTL_DESCRIBE:
  1648. return keyctl_describe_key((key_serial_t) arg2,
  1649. (char __user *) arg3,
  1650. (unsigned) arg4);
  1651. case KEYCTL_CLEAR:
  1652. return keyctl_keyring_clear((key_serial_t) arg2);
  1653. case KEYCTL_LINK:
  1654. return keyctl_keyring_link((key_serial_t) arg2,
  1655. (key_serial_t) arg3);
  1656. case KEYCTL_UNLINK:
  1657. return keyctl_keyring_unlink((key_serial_t) arg2,
  1658. (key_serial_t) arg3);
  1659. case KEYCTL_SEARCH:
  1660. return keyctl_keyring_search((key_serial_t) arg2,
  1661. (const char __user *) arg3,
  1662. (const char __user *) arg4,
  1663. (key_serial_t) arg5);
  1664. case KEYCTL_READ:
  1665. return keyctl_read_key((key_serial_t) arg2,
  1666. (char __user *) arg3,
  1667. (size_t) arg4);
  1668. case KEYCTL_CHOWN:
  1669. return keyctl_chown_key((key_serial_t) arg2,
  1670. (uid_t) arg3,
  1671. (gid_t) arg4);
  1672. case KEYCTL_SETPERM:
  1673. return keyctl_setperm_key((key_serial_t) arg2,
  1674. (key_perm_t) arg3);
  1675. case KEYCTL_INSTANTIATE:
  1676. return keyctl_instantiate_key((key_serial_t) arg2,
  1677. (const void __user *) arg3,
  1678. (size_t) arg4,
  1679. (key_serial_t) arg5);
  1680. case KEYCTL_NEGATE:
  1681. return keyctl_negate_key((key_serial_t) arg2,
  1682. (unsigned) arg3,
  1683. (key_serial_t) arg4);
  1684. case KEYCTL_SET_REQKEY_KEYRING:
  1685. return keyctl_set_reqkey_keyring(arg2);
  1686. case KEYCTL_SET_TIMEOUT:
  1687. return keyctl_set_timeout((key_serial_t) arg2,
  1688. (unsigned) arg3);
  1689. case KEYCTL_ASSUME_AUTHORITY:
  1690. return keyctl_assume_authority((key_serial_t) arg2);
  1691. case KEYCTL_GET_SECURITY:
  1692. return keyctl_get_security((key_serial_t) arg2,
  1693. (char __user *) arg3,
  1694. (size_t) arg4);
  1695. case KEYCTL_SESSION_TO_PARENT:
  1696. return keyctl_session_to_parent();
  1697. case KEYCTL_REJECT:
  1698. return keyctl_reject_key((key_serial_t) arg2,
  1699. (unsigned) arg3,
  1700. (unsigned) arg4,
  1701. (key_serial_t) arg5);
  1702. case KEYCTL_INSTANTIATE_IOV:
  1703. return keyctl_instantiate_key_iov(
  1704. (key_serial_t) arg2,
  1705. (const struct iovec __user *) arg3,
  1706. (unsigned) arg4,
  1707. (key_serial_t) arg5);
  1708. case KEYCTL_INVALIDATE:
  1709. return keyctl_invalidate_key((key_serial_t) arg2);
  1710. case KEYCTL_GET_PERSISTENT:
  1711. return keyctl_get_persistent((uid_t)arg2, (key_serial_t)arg3);
  1712. case KEYCTL_DH_COMPUTE:
  1713. return keyctl_dh_compute((struct keyctl_dh_params __user *) arg2,
  1714. (char __user *) arg3, (size_t) arg4,
  1715. (struct keyctl_kdf_params __user *) arg5);
  1716. case KEYCTL_RESTRICT_KEYRING:
  1717. return keyctl_restrict_keyring((key_serial_t) arg2,
  1718. (const char __user *) arg3,
  1719. (const char __user *) arg4);
  1720. case KEYCTL_PKEY_QUERY:
  1721. if (arg3 != 0)
  1722. return -EINVAL;
  1723. return keyctl_pkey_query((key_serial_t)arg2,
  1724. (const char __user *)arg4,
  1725. (struct keyctl_pkey_query __user *)arg5);
  1726. case KEYCTL_PKEY_ENCRYPT:
  1727. case KEYCTL_PKEY_DECRYPT:
  1728. case KEYCTL_PKEY_SIGN:
  1729. return keyctl_pkey_e_d_s(
  1730. option,
  1731. (const struct keyctl_pkey_params __user *)arg2,
  1732. (const char __user *)arg3,
  1733. (const void __user *)arg4,
  1734. (void __user *)arg5);
  1735. case KEYCTL_PKEY_VERIFY:
  1736. return keyctl_pkey_verify(
  1737. (const struct keyctl_pkey_params __user *)arg2,
  1738. (const char __user *)arg3,
  1739. (const void __user *)arg4,
  1740. (const void __user *)arg5);
  1741. case KEYCTL_MOVE:
  1742. return keyctl_keyring_move((key_serial_t)arg2,
  1743. (key_serial_t)arg3,
  1744. (key_serial_t)arg4,
  1745. (unsigned int)arg5);
  1746. case KEYCTL_CAPABILITIES:
  1747. return keyctl_capabilities((unsigned char __user *)arg2, (size_t)arg3);
  1748. case KEYCTL_WATCH_KEY:
  1749. return keyctl_watch_key((key_serial_t)arg2, (int)arg3, (int)arg4);
  1750. default:
  1751. return -EOPNOTSUPP;
  1752. }
  1753. }