URL https://opencores.org/ocsvn/test_project/test_project/trunk

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [security/] [keys/] [request_key_auth.c] - Blame information for rev 62

Details | Compare with Previous | View Log


/* request_key_auth.c: request key authorisation controlling key def
 *
 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
 * 2 of the License, or (at your option) any later version.
 *
 * See Documentation/keys-request-key.txt
 */
 
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/err.h>
#include <linux/seq_file.h>
#include <asm/uaccess.h>
#include "internal.h"
 
static int request_key_auth_instantiate(struct key *, const void *, size_t);
static void request_key_auth_describe(const struct key *, struct seq_file *);
static void request_key_auth_revoke(struct key *);
static void request_key_auth_destroy(struct key *);
static long request_key_auth_read(const struct key *, char __user *, size_t);
 
/*
 * the request-key authorisation key type definition
 */
struct key_type key_type_request_key_auth = {
        .name           = ".request_key_auth",
        .def_datalen    = sizeof(struct request_key_auth),
        .instantiate    = request_key_auth_instantiate,
        .describe       = request_key_auth_describe,
        .revoke         = request_key_auth_revoke,
        .destroy        = request_key_auth_destroy,
        .read           = request_key_auth_read,
};
 
/*****************************************************************************/
/*
 * instantiate a request-key authorisation key
 */
static int request_key_auth_instantiate(struct key *key,
                                        const void *data,
                                        size_t datalen)
{
        key->payload.data = (struct request_key_auth *) data;
        return 0;
 
} /* end request_key_auth_instantiate() */
 
/*****************************************************************************/
/*
 * reading a request-key authorisation key retrieves the callout information
 */
static void request_key_auth_describe(const struct key *key,
                                      struct seq_file *m)
{
        struct request_key_auth *rka = key->payload.data;
 
        seq_puts(m, "key:");
        seq_puts(m, key->description);
        seq_printf(m, " pid:%d ci:%zu", rka->pid, strlen(rka->callout_info));
 
} /* end request_key_auth_describe() */
 
/*****************************************************************************/
/*
 * read the callout_info data
 * - the key's semaphore is read-locked
 */
static long request_key_auth_read(const struct key *key,
                                  char __user *buffer, size_t buflen)
{
        struct request_key_auth *rka = key->payload.data;
        size_t datalen;
        long ret;
 
        datalen = strlen(rka->callout_info);
        ret = datalen;
 
        /* we can return the data as is */
        if (buffer && buflen > 0) {
                if (buflen > datalen)
                        buflen = datalen;
 
                if (copy_to_user(buffer, rka->callout_info, buflen) != 0)
                        ret = -EFAULT;
        }
 
        return ret;
 
} /* end request_key_auth_read() */
 
/*****************************************************************************/
/*
 * handle revocation of an authorisation token key
 * - called with the key sem write-locked
 */
static void request_key_auth_revoke(struct key *key)
{
        struct request_key_auth *rka = key->payload.data;
 
        kenter("{%d}", key->serial);
 
        if (rka->context) {
                put_task_struct(rka->context);
                rka->context = NULL;
        }
 
} /* end request_key_auth_revoke() */
 
/*****************************************************************************/
/*
 * destroy an instantiation authorisation token key
 */
static void request_key_auth_destroy(struct key *key)
{
        struct request_key_auth *rka = key->payload.data;
 
        kenter("{%d}", key->serial);
 
        if (rka->context) {
                put_task_struct(rka->context);
                rka->context = NULL;
        }
 
        key_put(rka->target_key);
        kfree(rka->callout_info);
        kfree(rka);
 
} /* end request_key_auth_destroy() */
 
/*****************************************************************************/
/*
 * create an authorisation token for /sbin/request-key or whoever to gain
 * access to the caller's security data
 */
struct key *request_key_auth_new(struct key *target, const char *callout_info)
{
        struct request_key_auth *rka, *irka;
        struct key *authkey = NULL;
        char desc[20];
        int ret;
 
        kenter("%d,", target->serial);
 
        /* allocate a auth record */
        rka = kmalloc(sizeof(*rka), GFP_KERNEL);
        if (!rka) {
                kleave(" = -ENOMEM");
                return ERR_PTR(-ENOMEM);
        }
        rka->callout_info = kmalloc(strlen(callout_info) + 1, GFP_KERNEL);
        if (!rka->callout_info) {
                kleave(" = -ENOMEM");
                kfree(rka);
                return ERR_PTR(-ENOMEM);
        }
 
        /* see if the calling process is already servicing the key request of
         * another process */
        if (current->request_key_auth) {
                /* it is - use that instantiation context here too */
                down_read(&current->request_key_auth->sem);
 
                /* if the auth key has been revoked, then the key we're
                 * servicing is already instantiated */
                if (test_bit(KEY_FLAG_REVOKED,
                             &current->request_key_auth->flags))
                        goto auth_key_revoked;
 
                irka = current->request_key_auth->payload.data;
                rka->context = irka->context;
                rka->pid = irka->pid;
                get_task_struct(rka->context);
 
                up_read(&current->request_key_auth->sem);
        }
        else {
                /* it isn't - use this process as the context */
                rka->context = current;
                rka->pid = current->pid;
                get_task_struct(rka->context);
        }
 
        rka->target_key = key_get(target);
        strcpy(rka->callout_info, callout_info);
 
        /* allocate the auth key */
        sprintf(desc, "%x", target->serial);
 
        authkey = key_alloc(&key_type_request_key_auth, desc,
                            current->fsuid, current->fsgid, current,
                            KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
                            KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
        if (IS_ERR(authkey)) {
                ret = PTR_ERR(authkey);
                goto error_alloc;
        }
 
        /* construct and attach to the keyring */
        ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
        if (ret < 0)
                goto error_inst;
 
        kleave(" = {%d}", authkey->serial);
        return authkey;
 
auth_key_revoked:
        up_read(&current->request_key_auth->sem);
        kfree(rka->callout_info);
        kfree(rka);
        kleave("= -EKEYREVOKED");
        return ERR_PTR(-EKEYREVOKED);
 
error_inst:
        key_revoke(authkey);
        key_put(authkey);
error_alloc:
        key_put(rka->target_key);
        kfree(rka->callout_info);
        kfree(rka);
        kleave("= %d", ret);
        return ERR_PTR(ret);
 
} /* end request_key_auth_new() */
 
/*****************************************************************************/
/*
 * see if an authorisation key is associated with a particular key
 */
static int key_get_instantiation_authkey_match(const struct key *key,
                                               const void *_id)
{
        struct request_key_auth *rka = key->payload.data;
        key_serial_t id = (key_serial_t)(unsigned long) _id;
 
        return rka->target_key->serial == id;
 
} /* end key_get_instantiation_authkey_match() */
 
/*****************************************************************************/
/*
 * get the authorisation key for instantiation of a specific key if attached to
 * the current process's keyrings
 * - this key is inserted into a keyring and that is set as /sbin/request-key's
 *   session keyring
 * - a target_id of zero specifies any valid token
 */
struct key *key_get_instantiation_authkey(key_serial_t target_id)
{
        struct key *authkey;
        key_ref_t authkey_ref;
 
        authkey_ref = search_process_keyrings(
                &key_type_request_key_auth,
                (void *) (unsigned long) target_id,
                key_get_instantiation_authkey_match,
                current);
 
        if (IS_ERR(authkey_ref)) {
                authkey = ERR_PTR(PTR_ERR(authkey_ref));
                goto error;
        }
 
        authkey = key_ref_to_ptr(authkey_ref);
        if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {
                key_put(authkey);
                authkey = ERR_PTR(-EKEYREVOKED);
        }
 
error:
        return authkey;
 
} /* end key_get_instantiation_authkey() */

Browse

Tools

Subversion Repositories test_project

[/] [test_project/] [trunk/] [linux_sd_driver/] [security/] [keys/] [request_key_auth.c] - Blame information for rev 62

Line No.	Rev	Author	Line
1	62	marcus.erl	`/* request_key_auth.c: request key authorisation controlling key def`
2			`*`
3			`* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.`
4			`* Written by David Howells (dhowells@redhat.com)`
5			`*`
6			`* This program is free software; you can redistribute it and/or`
7			`* modify it under the terms of the GNU General Public License`
8			`* as published by the Free Software Foundation; either version`
9			`* 2 of the License, or (at your option) any later version.`
10			`*`
11			`* See Documentation/keys-request-key.txt`
12			`*/`
13
14			`#include <linux/module.h>`
15			`#include <linux/sched.h>`
16			`#include <linux/err.h>`
17			`#include <linux/seq_file.h>`
18			`#include <asm/uaccess.h>`
19			`#include "internal.h"`
20
21			`static int request_key_auth_instantiate(struct key , const void , size_t);`
22			`static void request_key_auth_describe(const struct key , struct seq_file );`
23			`static void request_key_auth_revoke(struct key *);`
24			`static void request_key_auth_destroy(struct key *);`
25			`static long request_key_auth_read(const struct key , char __user , size_t);`
26
27			`/*`
28			`* the request-key authorisation key type definition`
29			`*/`
30			`struct key_type key_type_request_key_auth = {`
31			`.name = ".request_key_auth",`
32			`.def_datalen = sizeof(struct request_key_auth),`
33			`.instantiate = request_key_auth_instantiate,`
34			`.describe = request_key_auth_describe,`
35			`.revoke = request_key_auth_revoke,`
36			`.destroy = request_key_auth_destroy,`
37			`.read = request_key_auth_read,`
38			`};`
39
40			`/*****************************************************************************/`
41			`/*`
42			`* instantiate a request-key authorisation key`
43			`*/`
44			`static int request_key_auth_instantiate(struct key *key,`
45			`const void *data,`
46			`size_t datalen)`
47			`{`
48			`key->payload.data = (struct request_key_auth *) data;`
49			`return 0;`
50
51			`} /* end request_key_auth_instantiate() */`
52
53			`/*****************************************************************************/`
54			`/*`
55			`* reading a request-key authorisation key retrieves the callout information`
56			`*/`
57			`static void request_key_auth_describe(const struct key *key,`
58			`struct seq_file *m)`
59			`{`
60			`struct request_key_auth *rka = key->payload.data;`
61
62			`seq_puts(m, "key:");`
63			`seq_puts(m, key->description);`
64			`seq_printf(m, " pid:%d ci:%zu", rka->pid, strlen(rka->callout_info));`
65
66			`} /* end request_key_auth_describe() */`
67
68			`/*****************************************************************************/`
69			`/*`
70			`* read the callout_info data`
71			`* - the key's semaphore is read-locked`
72			`*/`
73			`static long request_key_auth_read(const struct key *key,`
74			`char __user *buffer, size_t buflen)`
75			`{`
76			`struct request_key_auth *rka = key->payload.data;`
77			`size_t datalen;`
78			`long ret;`
79
80			`datalen = strlen(rka->callout_info);`
81			`ret = datalen;`
82
83			`/* we can return the data as is */`
84			`if (buffer && buflen > 0) {`
85			`if (buflen > datalen)`
86			`buflen = datalen;`
87
88			`if (copy_to_user(buffer, rka->callout_info, buflen) != 0)`
89			`ret = -EFAULT;`
90			`}`
91
92			`return ret;`
93
94			`} /* end request_key_auth_read() */`
95
96			`/*****************************************************************************/`
97			`/*`
98			`* handle revocation of an authorisation token key`
99			`* - called with the key sem write-locked`
100			`*/`
101			`static void request_key_auth_revoke(struct key *key)`
102			`{`
103			`struct request_key_auth *rka = key->payload.data;`
104
105			`kenter("{%d}", key->serial);`
106
107			`if (rka->context) {`
108			`put_task_struct(rka->context);`
109			`rka->context = NULL;`
110			`}`
111
112			`} /* end request_key_auth_revoke() */`
113
114			`/*****************************************************************************/`
115			`/*`
116			`* destroy an instantiation authorisation token key`
117			`*/`
118			`static void request_key_auth_destroy(struct key *key)`
119			`{`
120			`struct request_key_auth *rka = key->payload.data;`
121
122			`kenter("{%d}", key->serial);`
123
124			`if (rka->context) {`
125			`put_task_struct(rka->context);`
126			`rka->context = NULL;`
127			`}`
128
129			`key_put(rka->target_key);`
130			`kfree(rka->callout_info);`
131			`kfree(rka);`
132
133			`} /* end request_key_auth_destroy() */`
134
135			`/*****************************************************************************/`
136			`/*`
137			`* create an authorisation token for /sbin/request-key or whoever to gain`
138			`* access to the caller's security data`
139			`*/`
140			`struct key request_key_auth_new(struct key target, const char *callout_info)`
141			`{`
142			`struct request_key_auth rka, irka;`
143			`struct key *authkey = NULL;`
144			`char desc[20];`
145			`int ret;`
146
147			`kenter("%d,", target->serial);`
148
149			`/* allocate a auth record */`
150			`rka = kmalloc(sizeof(*rka), GFP_KERNEL);`
151			`if (!rka) {`
152			`kleave(" = -ENOMEM");`
153			`return ERR_PTR(-ENOMEM);`
154			`}`
155			`rka->callout_info = kmalloc(strlen(callout_info) + 1, GFP_KERNEL);`
156			`if (!rka->callout_info) {`
157			`kleave(" = -ENOMEM");`
158			`kfree(rka);`
159			`return ERR_PTR(-ENOMEM);`
160			`}`
161
162			`/* see if the calling process is already servicing the key request of`
163			`* another process */`
164			`if (current->request_key_auth) {`
165			`/* it is - use that instantiation context here too */`
166			`down_read(&current->request_key_auth->sem);`
167
168			`/* if the auth key has been revoked, then the key we're`
169			`* servicing is already instantiated */`
170			`if (test_bit(KEY_FLAG_REVOKED,`
171			`&current->request_key_auth->flags))`
172			`goto auth_key_revoked;`
173
174			`irka = current->request_key_auth->payload.data;`
175			`rka->context = irka->context;`
176			`rka->pid = irka->pid;`
177			`get_task_struct(rka->context);`
178
179			`up_read(&current->request_key_auth->sem);`
180			`}`
181			`else {`
182			`/* it isn't - use this process as the context */`
183			`rka->context = current;`
184			`rka->pid = current->pid;`
185			`get_task_struct(rka->context);`
186			`}`
187
188			`rka->target_key = key_get(target);`
189			`strcpy(rka->callout_info, callout_info);`
190
191			`/* allocate the auth key */`
192			`sprintf(desc, "%x", target->serial);`
193
194			`authkey = key_alloc(&key_type_request_key_auth, desc,`
195			`current->fsuid, current->fsgid, current,`
196			`KEY_POS_VIEW \| KEY_POS_READ \| KEY_POS_SEARCH \|`
197			`KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);`
198			`if (IS_ERR(authkey)) {`
199			`ret = PTR_ERR(authkey);`
200			`goto error_alloc;`
201			`}`
202
203			`/* construct and attach to the keyring */`
204			`ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);`
205			`if (ret < 0)`
206			`goto error_inst;`
207
208			`kleave(" = {%d}", authkey->serial);`
209			`return authkey;`
210
211			`auth_key_revoked:`
212			`up_read(&current->request_key_auth->sem);`
213			`kfree(rka->callout_info);`
214			`kfree(rka);`
215			`kleave("= -EKEYREVOKED");`
216			`return ERR_PTR(-EKEYREVOKED);`
217
218			`error_inst:`
219			`key_revoke(authkey);`
220			`key_put(authkey);`
221			`error_alloc:`
222			`key_put(rka->target_key);`
223			`kfree(rka->callout_info);`
224			`kfree(rka);`
225			`kleave("= %d", ret);`
226			`return ERR_PTR(ret);`
227
228			`} /* end request_key_auth_new() */`
229
230			`/*****************************************************************************/`
231			`/*`
232			`* see if an authorisation key is associated with a particular key`
233			`*/`
234			`static int key_get_instantiation_authkey_match(const struct key *key,`
235			`const void *_id)`
236			`{`
237			`struct request_key_auth *rka = key->payload.data;`
238			`key_serial_t id = (key_serial_t)(unsigned long) _id;`
239
240			`return rka->target_key->serial == id;`
241
242			`} /* end key_get_instantiation_authkey_match() */`
243
244			`/*****************************************************************************/`
245			`/*`
246			`* get the authorisation key for instantiation of a specific key if attached to`
247			`* the current process's keyrings`
248			`* - this key is inserted into a keyring and that is set as /sbin/request-key's`
249			`* session keyring`
250			`* - a target_id of zero specifies any valid token`
251			`*/`
252			`struct key *key_get_instantiation_authkey(key_serial_t target_id)`
253			`{`
254			`struct key *authkey;`
255			`key_ref_t authkey_ref;`
256
257			`authkey_ref = search_process_keyrings(`
258			`&key_type_request_key_auth,`
259			`(void *) (unsigned long) target_id,`
260			`key_get_instantiation_authkey_match,`
261			`current);`
262
263			`if (IS_ERR(authkey_ref)) {`
264			`authkey = ERR_PTR(PTR_ERR(authkey_ref));`
265			`goto error;`
266			`}`
267
268			`authkey = key_ref_to_ptr(authkey_ref);`
269			`if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {`
270			`key_put(authkey);`
271			`authkey = ERR_PTR(-EKEYREVOKED);`
272			`}`
273
274			`error:`
275			`return authkey;`
276
277			`} /* end key_get_instantiation_authkey() */`