security/keys/keyctl.c at v2.6.12-rc2 · tjh.dev/kernel

tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
kernel / security / keys / keyctl.c
at v2.6.12-rc2 987 lines 22 kB view raw
  1/* keyctl.c: userspace keyctl operations
  2 *
  3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
  4 * Written by David Howells (dhowells@redhat.com)
  5 *
  6 * This program is free software; you can redistribute it and/or
  7 * modify it under the terms of the GNU General Public License
  8 * as published by the Free Software Foundation; either version
  9 * 2 of the License, or (at your option) any later version.
 10 */
 11
 12#include <linux/module.h>
 13#include <linux/init.h>
 14#include <linux/sched.h>
 15#include <linux/slab.h>
 16#include <linux/syscalls.h>
 17#include <linux/keyctl.h>
 18#include <linux/fs.h>
 19#include <linux/err.h>
 20#include <asm/uaccess.h>
 21#include "internal.h"
 22
 23/*****************************************************************************/
 24/*
 25 * extract the description of a new key from userspace and either add it as a
 26 * new key to the specified keyring or update a matching key in that keyring
 27 * - the keyring must be writable
 28 * - returns the new key's serial number
 29 * - implements add_key()
 30 */
 31asmlinkage long sys_add_key(const char __user *_type,
 32			    const char __user *_description,
 33			    const void __user *_payload,
 34			    size_t plen,
 35			    key_serial_t ringid)
 36{
 37	struct key *keyring, *key;
 38	char type[32], *description;
 39	void *payload;
 40	long dlen, ret;
 41
 42	ret = -EINVAL;
 43	if (plen > 32767)
 44		goto error;
 45
 46	/* draw all the data into kernel space */
 47	ret = strncpy_from_user(type, _type, sizeof(type) - 1);
 48	if (ret < 0)
 49		goto error;
 50	type[31] = '\0';
 51
 52	ret = -EFAULT;
 53	dlen = strnlen_user(_description, PAGE_SIZE - 1);
 54	if (dlen <= 0)
 55		goto error;
 56
 57	ret = -EINVAL;
 58	if (dlen > PAGE_SIZE - 1)
 59		goto error;
 60
 61	ret = -ENOMEM;
 62	description = kmalloc(dlen + 1, GFP_KERNEL);
 63	if (!description)
 64		goto error;
 65
 66	ret = -EFAULT;
 67	if (copy_from_user(description, _description, dlen + 1) != 0)
 68		goto error2;
 69
 70	/* pull the payload in if one was supplied */
 71	payload = NULL;
 72
 73	if (_payload) {
 74		ret = -ENOMEM;
 75		payload = kmalloc(plen, GFP_KERNEL);
 76		if (!payload)
 77			goto error2;
 78
 79		ret = -EFAULT;
 80		if (copy_from_user(payload, _payload, plen) != 0)
 81			goto error3;
 82	}
 83
 84	/* find the target keyring (which must be writable) */
 85	keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
 86	if (IS_ERR(keyring)) {
 87		ret = PTR_ERR(keyring);
 88		goto error3;
 89	}
 90
 91	/* create or update the requested key and add it to the target
 92	 * keyring */
 93	key = key_create_or_update(keyring, type, description,
 94				   payload, plen, 0);
 95	if (!IS_ERR(key)) {
 96		ret = key->serial;
 97		key_put(key);
 98	}
 99	else {
100		ret = PTR_ERR(key);
101	}
102
103	key_put(keyring);
104 error3:
105	kfree(payload);
106 error2:
107	kfree(description);
108 error:
109	return ret;
110
111} /* end sys_add_key() */
112
113/*****************************************************************************/
114/*
115 * search the process keyrings for a matching key
116 * - nested keyrings may also be searched if they have Search permission
117 * - if a key is found, it will be attached to the destination keyring if
118 *   there's one specified
119 * - /sbin/request-key will be invoked if _callout_info is non-NULL
120 *   - the _callout_info string will be passed to /sbin/request-key
121 *   - if the _callout_info string is empty, it will be rendered as "-"
122 * - implements request_key()
123 */
124asmlinkage long sys_request_key(const char __user *_type,
125				const char __user *_description,
126				const char __user *_callout_info,
127				key_serial_t destringid)
128{
129	struct key_type *ktype;
130	struct key *key, *dest;
131	char type[32], *description, *callout_info;
132	long dlen, ret;
133
134	/* pull the type into kernel space */
135	ret = strncpy_from_user(type, _type, sizeof(type) - 1);
136	if (ret < 0)
137		goto error;
138	type[31] = '\0';
139
140	/* pull the description into kernel space */
141	ret = -EFAULT;
142	dlen = strnlen_user(_description, PAGE_SIZE - 1);
143	if (dlen <= 0)
144		goto error;
145
146	ret = -EINVAL;
147	if (dlen > PAGE_SIZE - 1)
148		goto error;
149
150	ret = -ENOMEM;
151	description = kmalloc(dlen + 1, GFP_KERNEL);
152	if (!description)
153		goto error;
154
155	ret = -EFAULT;
156	if (copy_from_user(description, _description, dlen + 1) != 0)
157		goto error2;
158
159	/* pull the callout info into kernel space */
160	callout_info = NULL;
161	if (_callout_info) {
162		ret = -EFAULT;
163		dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
164		if (dlen <= 0)
165			goto error2;
166
167		ret = -EINVAL;
168		if (dlen > PAGE_SIZE - 1)
169			goto error2;
170
171		ret = -ENOMEM;
172		callout_info = kmalloc(dlen + 1, GFP_KERNEL);
173		if (!callout_info)
174			goto error2;
175
176		ret = -EFAULT;
177		if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
178			goto error3;
179	}
180
181	/* get the destination keyring if specified */
182	dest = NULL;
183	if (destringid) {
184		dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
185		if (IS_ERR(dest)) {
186			ret = PTR_ERR(dest);
187			goto error3;
188		}
189	}
190
191	/* find the key type */
192	ktype = key_type_lookup(type);
193	if (IS_ERR(ktype)) {
194		ret = PTR_ERR(ktype);
195		goto error4;
196	}
197
198	/* do the search */
199	key = request_key(ktype, description, callout_info);
200	if (IS_ERR(key)) {
201		ret = PTR_ERR(key);
202		goto error5;
203	}
204
205	/* link the resulting key to the destination keyring */
206	if (dest) {
207		ret = key_link(dest, key);
208		if (ret < 0)
209			goto error6;
210	}
211
212	ret = key->serial;
213
214 error6:
215	key_put(key);
216 error5:
217	key_type_put(ktype);
218 error4:
219	key_put(dest);
220 error3:
221	kfree(callout_info);
222 error2:
223	kfree(description);
224 error:
225	return ret;
226
227} /* end sys_request_key() */
228
229/*****************************************************************************/
230/*
231 * get the ID of the specified process keyring
232 * - the keyring must have search permission to be found
233 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
234 */
235long keyctl_get_keyring_ID(key_serial_t id, int create)
236{
237	struct key *key;
238	long ret;
239
240	key = lookup_user_key(id, create, 0, KEY_SEARCH);
241	if (IS_ERR(key)) {
242		ret = PTR_ERR(key);
243		goto error;
244	}
245
246	ret = key->serial;
247	key_put(key);
248 error:
249	return ret;
250
251} /* end keyctl_get_keyring_ID() */
252
253/*****************************************************************************/
254/*
255 * join the session keyring
256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
257 */
258long keyctl_join_session_keyring(const char __user *_name)
259{
260	char *name;
261	long nlen, ret;
262
263	/* fetch the name from userspace */
264	name = NULL;
265	if (_name) {
266		ret = -EFAULT;
267		nlen = strnlen_user(_name, PAGE_SIZE - 1);
268		if (nlen <= 0)
269			goto error;
270
271		ret = -EINVAL;
272		if (nlen > PAGE_SIZE - 1)
273			goto error;
274
275		ret = -ENOMEM;
276		name = kmalloc(nlen + 1, GFP_KERNEL);
277		if (!name)
278			goto error;
279
280		ret = -EFAULT;
281		if (copy_from_user(name, _name, nlen + 1) != 0)
282			goto error2;
283	}
284
285	/* join the session */
286	ret = join_session_keyring(name);
287
288 error2:
289	kfree(name);
290 error:
291	return ret;
292
293} /* end keyctl_join_session_keyring() */
294
295/*****************************************************************************/
296/*
297 * update a key's data payload
298 * - the key must be writable
299 * - implements keyctl(KEYCTL_UPDATE)
300 */
301long keyctl_update_key(key_serial_t id,
302		       const void __user *_payload,
303		       size_t plen)
304{
305	struct key *key;
306	void *payload;
307	long ret;
308
309	ret = -EINVAL;
310	if (plen > PAGE_SIZE)
311		goto error;
312
313	/* pull the payload in if one was supplied */
314	payload = NULL;
315	if (_payload) {
316		ret = -ENOMEM;
317		payload = kmalloc(plen, GFP_KERNEL);
318		if (!payload)
319			goto error;
320
321		ret = -EFAULT;
322		if (copy_from_user(payload, _payload, plen) != 0)
323			goto error2;
324	}
325
326	/* find the target key (which must be writable) */
327	key = lookup_user_key(id, 0, 0, KEY_WRITE);
328	if (IS_ERR(key)) {
329		ret = PTR_ERR(key);
330		goto error2;
331	}
332
333	/* update the key */
334	ret = key_update(key, payload, plen);
335
336	key_put(key);
337 error2:
338	kfree(payload);
339 error:
340	return ret;
341
342} /* end keyctl_update_key() */
343
344/*****************************************************************************/
345/*
346 * revoke a key
347 * - the key must be writable
348 * - implements keyctl(KEYCTL_REVOKE)
349 */
350long keyctl_revoke_key(key_serial_t id)
351{
352	struct key *key;
353	long ret;
354
355	key = lookup_user_key(id, 0, 0, KEY_WRITE);
356	if (IS_ERR(key)) {
357		ret = PTR_ERR(key);
358		goto error;
359	}
360
361	key_revoke(key);
362	ret = 0;
363
364	key_put(key);
365 error:
366	return 0;
367
368} /* end keyctl_revoke_key() */
369
370/*****************************************************************************/
371/*
372 * clear the specified process keyring
373 * - the keyring must be writable
374 * - implements keyctl(KEYCTL_CLEAR)
375 */
376long keyctl_keyring_clear(key_serial_t ringid)
377{
378	struct key *keyring;
379	long ret;
380
381	keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
382	if (IS_ERR(keyring)) {
383		ret = PTR_ERR(keyring);
384		goto error;
385	}
386
387	ret = keyring_clear(keyring);
388
389	key_put(keyring);
390 error:
391	return ret;
392
393} /* end keyctl_keyring_clear() */
394
395/*****************************************************************************/
396/*
397 * link a key into a keyring
398 * - the keyring must be writable
399 * - the key must be linkable
400 * - implements keyctl(KEYCTL_LINK)
401 */
402long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
403{
404	struct key *keyring, *key;
405	long ret;
406
407	keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
408	if (IS_ERR(keyring)) {
409		ret = PTR_ERR(keyring);
410		goto error;
411	}
412
413	key = lookup_user_key(id, 1, 0, KEY_LINK);
414	if (IS_ERR(key)) {
415		ret = PTR_ERR(key);
416		goto error2;
417	}
418
419	ret = key_link(keyring, key);
420
421	key_put(key);
422 error2:
423	key_put(keyring);
424 error:
425	return ret;
426
427} /* end keyctl_keyring_link() */
428
429/*****************************************************************************/
430/*
431 * unlink the first attachment of a key from a keyring
432 * - the keyring must be writable
433 * - we don't need any permissions on the key
434 * - implements keyctl(KEYCTL_UNLINK)
435 */
436long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
437{
438	struct key *keyring, *key;
439	long ret;
440
441	keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE);
442	if (IS_ERR(keyring)) {
443		ret = PTR_ERR(keyring);
444		goto error;
445	}
446
447	key = lookup_user_key(id, 0, 0, 0);
448	if (IS_ERR(key)) {
449		ret = PTR_ERR(key);
450		goto error2;
451	}
452
453	ret = key_unlink(keyring, key);
454
455	key_put(key);
456 error2:
457	key_put(keyring);
458 error:
459	return ret;
460
461} /* end keyctl_keyring_unlink() */
462
463/*****************************************************************************/
464/*
465 * describe a user key
466 * - the key must have view permission
467 * - if there's a buffer, we place up to buflen bytes of data into it
468 * - unless there's an error, we return the amount of description available,
469 *   irrespective of how much we may have copied
470 * - the description is formatted thus:
471 *	type;uid;gid;perm;description<NUL>
472 * - implements keyctl(KEYCTL_DESCRIBE)
473 */
474long keyctl_describe_key(key_serial_t keyid,
475			 char __user *buffer,
476			 size_t buflen)
477{
478	struct key *key;
479	char *tmpbuf;
480	long ret;
481
482	key = lookup_user_key(keyid, 0, 1, KEY_VIEW);
483	if (IS_ERR(key)) {
484		ret = PTR_ERR(key);
485		goto error;
486	}
487
488	/* calculate how much description we're going to return */
489	ret = -ENOMEM;
490	tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
491	if (!tmpbuf)
492		goto error2;
493
494	ret = snprintf(tmpbuf, PAGE_SIZE - 1,
495		       "%s;%d;%d;%06x;%s",
496		       key->type->name,
497		       key->uid,
498		       key->gid,
499		       key->perm,
500		       key->description ? key->description :""
501		       );
502
503	/* include a NUL char at the end of the data */
504	if (ret > PAGE_SIZE - 1)
505		ret = PAGE_SIZE - 1;
506	tmpbuf[ret] = 0;
507	ret++;
508
509	/* consider returning the data */
510	if (buffer && buflen > 0) {
511		if (buflen > ret)
512			buflen = ret;
513
514		if (copy_to_user(buffer, tmpbuf, buflen) != 0)
515			ret = -EFAULT;
516	}
517
518	kfree(tmpbuf);
519 error2:
520	key_put(key);
521 error:
522	return ret;
523
524} /* end keyctl_describe_key() */
525
526/*****************************************************************************/
527/*
528 * search the specified keyring for a matching key
529 * - the start keyring must be searchable
530 * - nested keyrings may also be searched if they are searchable
531 * - only keys with search permission may be found
532 * - if a key is found, it will be attached to the destination keyring if
533 *   there's one specified
534 * - implements keyctl(KEYCTL_SEARCH)
535 */
536long keyctl_keyring_search(key_serial_t ringid,
537			   const char __user *_type,
538			   const char __user *_description,
539			   key_serial_t destringid)
540{
541	struct key_type *ktype;
542	struct key *keyring, *key, *dest;
543	char type[32], *description;
544	long dlen, ret;
545
546	/* pull the type and description into kernel space */
547	ret = strncpy_from_user(type, _type, sizeof(type) - 1);
548	if (ret < 0)
549		goto error;
550	type[31] = '\0';
551
552	ret = -EFAULT;
553	dlen = strnlen_user(_description, PAGE_SIZE - 1);
554	if (dlen <= 0)
555		goto error;
556
557	ret = -EINVAL;
558	if (dlen > PAGE_SIZE - 1)
559		goto error;
560
561	ret = -ENOMEM;
562	description = kmalloc(dlen + 1, GFP_KERNEL);
563	if (!description)
564		goto error;
565
566	ret = -EFAULT;
567	if (copy_from_user(description, _description, dlen + 1) != 0)
568		goto error2;
569
570	/* get the keyring at which to begin the search */
571	keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH);
572	if (IS_ERR(keyring)) {
573		ret = PTR_ERR(keyring);
574		goto error2;
575	}
576
577	/* get the destination keyring if specified */
578	dest = NULL;
579	if (destringid) {
580		dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
581		if (IS_ERR(dest)) {
582			ret = PTR_ERR(dest);
583			goto error3;
584		}
585	}
586
587	/* find the key type */
588	ktype = key_type_lookup(type);
589	if (IS_ERR(ktype)) {
590		ret = PTR_ERR(ktype);
591		goto error4;
592	}
593
594	/* do the search */
595	key = keyring_search(keyring, ktype, description);
596	if (IS_ERR(key)) {
597		ret = PTR_ERR(key);
598
599		/* treat lack or presence of a negative key the same */
600		if (ret == -EAGAIN)
601			ret = -ENOKEY;
602		goto error5;
603	}
604
605	/* link the resulting key to the destination keyring if we can */
606	if (dest) {
607		ret = -EACCES;
608		if (!key_permission(key, KEY_LINK))
609			goto error6;
610
611		ret = key_link(dest, key);
612		if (ret < 0)
613			goto error6;
614	}
615
616	ret = key->serial;
617
618 error6:
619	key_put(key);
620 error5:
621	key_type_put(ktype);
622 error4:
623	key_put(dest);
624 error3:
625	key_put(keyring);
626 error2:
627	kfree(description);
628 error:
629	return ret;
630
631} /* end keyctl_keyring_search() */
632
633/*****************************************************************************/
634/*
635 * see if the key we're looking at is the target key
636 */
637static int keyctl_read_key_same(const struct key *key, const void *target)
638{
639	return key == target;
640
641} /* end keyctl_read_key_same() */
642
643/*****************************************************************************/
644/*
645 * read a user key's payload
646 * - the keyring must be readable or the key must be searchable from the
647 *   process's keyrings
648 * - if there's a buffer, we place up to buflen bytes of data into it
649 * - unless there's an error, we return the amount of data in the key,
650 *   irrespective of how much we may have copied
651 * - implements keyctl(KEYCTL_READ)
652 */
653long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
654{
655	struct key *key, *skey;
656	long ret;
657
658	/* find the key first */
659	key = lookup_user_key(keyid, 0, 0, 0);
660	if (!IS_ERR(key)) {
661		/* see if we can read it directly */
662		if (key_permission(key, KEY_READ))
663			goto can_read_key;
664
665		/* can't; see if it's searchable from this process's
666		 * keyrings */
667		ret = -ENOKEY;
668		if (key_permission(key, KEY_SEARCH)) {
669			/* okay - we do have search permission on the key
670			 * itself, but do we have the key? */
671			skey = search_process_keyrings_aux(key->type, key,
672							   keyctl_read_key_same);
673			if (!IS_ERR(skey))
674				goto can_read_key2;
675		}
676
677		goto error2;
678	}
679
680	ret = -ENOKEY;
681	goto error;
682
683	/* the key is probably readable - now try to read it */
684 can_read_key2:
685	key_put(skey);
686 can_read_key:
687	ret = key_validate(key);
688	if (ret == 0) {
689		ret = -EOPNOTSUPP;
690		if (key->type->read) {
691			/* read the data with the semaphore held (since we
692			 * might sleep) */
693			down_read(&key->sem);
694			ret = key->type->read(key, buffer, buflen);
695			up_read(&key->sem);
696		}
697	}
698
699 error2:
700	key_put(key);
701 error:
702	return ret;
703
704} /* end keyctl_read_key() */
705
706/*****************************************************************************/
707/*
708 * change the ownership of a key
709 * - the keyring owned by the changer
710 * - if the uid or gid is -1, then that parameter is not changed
711 * - implements keyctl(KEYCTL_CHOWN)
712 */
713long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
714{
715	struct key *key;
716	long ret;
717
718	ret = 0;
719	if (uid == (uid_t) -1 && gid == (gid_t) -1)
720		goto error;
721
722	key = lookup_user_key(id, 1, 1, 0);
723	if (IS_ERR(key)) {
724		ret = PTR_ERR(key);
725		goto error;
726	}
727
728	/* make the changes with the locks held to prevent chown/chown races */
729	ret = -EACCES;
730	down_write(&key->sem);
731	write_lock(&key->lock);
732
733	if (!capable(CAP_SYS_ADMIN)) {
734		/* only the sysadmin can chown a key to some other UID */
735		if (uid != (uid_t) -1 && key->uid != uid)
736			goto no_access;
737
738		/* only the sysadmin can set the key's GID to a group other
739		 * than one of those that the current process subscribes to */
740		if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
741			goto no_access;
742	}
743
744	/* change the UID (have to update the quotas) */
745	if (uid != (uid_t) -1 && uid != key->uid) {
746		/* don't support UID changing yet */
747		ret = -EOPNOTSUPP;
748		goto no_access;
749	}
750
751	/* change the GID */
752	if (gid != (gid_t) -1)
753		key->gid = gid;
754
755	ret = 0;
756
757 no_access:
758	write_unlock(&key->lock);
759	up_write(&key->sem);
760	key_put(key);
761 error:
762	return ret;
763
764} /* end keyctl_chown_key() */
765
766/*****************************************************************************/
767/*
768 * change the permission mask on a key
769 * - the keyring owned by the changer
770 * - implements keyctl(KEYCTL_SETPERM)
771 */
772long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
773{
774	struct key *key;
775	long ret;
776
777	ret = -EINVAL;
778	if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
779		goto error;
780
781	key = lookup_user_key(id, 1, 1, 0);
782	if (IS_ERR(key)) {
783		ret = PTR_ERR(key);
784		goto error;
785	}
786
787	/* make the changes with the locks held to prevent chown/chmod
788	 * races */
789	ret = -EACCES;
790	down_write(&key->sem);
791	write_lock(&key->lock);
792
793	/* if we're not the sysadmin, we can only chmod a key that we
794	 * own */
795	if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid)
796		goto no_access;
797
798	/* changing the permissions mask */
799	key->perm = perm;
800	ret = 0;
801
802 no_access:
803	write_unlock(&key->lock);
804	up_write(&key->sem);
805	key_put(key);
806 error:
807	return ret;
808
809} /* end keyctl_setperm_key() */
810
811/*****************************************************************************/
812/*
813 * instantiate the key with the specified payload, and, if one is given, link
814 * the key into the keyring
815 */
816long keyctl_instantiate_key(key_serial_t id,
817			    const void __user *_payload,
818			    size_t plen,
819			    key_serial_t ringid)
820{
821	struct key *key, *keyring;
822	void *payload;
823	long ret;
824
825	ret = -EINVAL;
826	if (plen > 32767)
827		goto error;
828
829	/* pull the payload in if one was supplied */
830	payload = NULL;
831
832	if (_payload) {
833		ret = -ENOMEM;
834		payload = kmalloc(plen, GFP_KERNEL);
835		if (!payload)
836			goto error;
837
838		ret = -EFAULT;
839		if (copy_from_user(payload, _payload, plen) != 0)
840			goto error2;
841	}
842
843	/* find the target key (which must be writable) */
844	key = lookup_user_key(id, 0, 1, KEY_WRITE);
845	if (IS_ERR(key)) {
846		ret = PTR_ERR(key);
847		goto error2;
848	}
849
850	/* find the destination keyring if present (which must also be
851	 * writable) */
852	keyring = NULL;
853	if (ringid) {
854		keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
855		if (IS_ERR(keyring)) {
856			ret = PTR_ERR(keyring);
857			goto error3;
858		}
859	}
860
861	/* instantiate the key and link it into a keyring */
862	ret = key_instantiate_and_link(key, payload, plen, keyring);
863
864	key_put(keyring);
865 error3:
866	key_put(key);
867 error2:
868	kfree(payload);
869 error:
870	return ret;
871
872} /* end keyctl_instantiate_key() */
873
874/*****************************************************************************/
875/*
876 * negatively instantiate the key with the given timeout (in seconds), and, if
877 * one is given, link the key into the keyring
878 */
879long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
880{
881	struct key *key, *keyring;
882	long ret;
883
884	/* find the target key (which must be writable) */
885	key = lookup_user_key(id, 0, 1, KEY_WRITE);
886	if (IS_ERR(key)) {
887		ret = PTR_ERR(key);
888		goto error;
889	}
890
891	/* find the destination keyring if present (which must also be
892	 * writable) */
893	keyring = NULL;
894	if (ringid) {
895		keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
896		if (IS_ERR(keyring)) {
897			ret = PTR_ERR(keyring);
898			goto error2;
899		}
900	}
901
902	/* instantiate the key and link it into a keyring */
903	ret = key_negate_and_link(key, timeout, keyring);
904
905	key_put(keyring);
906 error2:
907	key_put(key);
908 error:
909	return ret;
910
911} /* end keyctl_negate_key() */
912
913/*****************************************************************************/
914/*
915 * the key control system call
916 */
917asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
918			   unsigned long arg4, unsigned long arg5)
919{
920	switch (option) {
921	case KEYCTL_GET_KEYRING_ID:
922		return keyctl_get_keyring_ID((key_serial_t) arg2,
923					     (int) arg3);
924
925	case KEYCTL_JOIN_SESSION_KEYRING:
926		return keyctl_join_session_keyring((const char __user *) arg2);
927
928	case KEYCTL_UPDATE:
929		return keyctl_update_key((key_serial_t) arg2,
930					 (const void __user *) arg3,
931					 (size_t) arg4);
932
933	case KEYCTL_REVOKE:
934		return keyctl_revoke_key((key_serial_t) arg2);
935
936	case KEYCTL_DESCRIBE:
937		return keyctl_describe_key((key_serial_t) arg2,
938					   (char __user *) arg3,
939					   (unsigned) arg4);
940
941	case KEYCTL_CLEAR:
942		return keyctl_keyring_clear((key_serial_t) arg2);
943
944	case KEYCTL_LINK:
945		return keyctl_keyring_link((key_serial_t) arg2,
946					   (key_serial_t) arg3);
947
948	case KEYCTL_UNLINK:
949		return keyctl_keyring_unlink((key_serial_t) arg2,
950					     (key_serial_t) arg3);
951
952	case KEYCTL_SEARCH:
953		return keyctl_keyring_search((key_serial_t) arg2,
954					     (const char __user *) arg3,
955					     (const char __user *) arg4,
956					     (key_serial_t) arg5);
957
958	case KEYCTL_READ:
959		return keyctl_read_key((key_serial_t) arg2,
960				       (char __user *) arg3,
961				       (size_t) arg4);
962
963	case KEYCTL_CHOWN:
964		return keyctl_chown_key((key_serial_t) arg2,
965					(uid_t) arg3,
966					(gid_t) arg4);
967
968	case KEYCTL_SETPERM:
969		return keyctl_setperm_key((key_serial_t) arg2,
970					  (key_perm_t) arg3);
971
972	case KEYCTL_INSTANTIATE:
973		return keyctl_instantiate_key((key_serial_t) arg2,
974					      (const void __user *) arg3,
975					      (size_t) arg4,
976					      (key_serial_t) arg5);
977
978	case KEYCTL_NEGATE:
979		return keyctl_negate_key((key_serial_t) arg2,
980					 (unsigned) arg3,
981					 (key_serial_t) arg4);
982
983	default:
984		return -EOPNOTSUPP;
985	}
986
987} /* end sys_keyctl() */