~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/proc.c

Version: ~ [ linux-5.4-rc7 ] ~ [ linux-5.3.11 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.84 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.154 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.201 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.201 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.77 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* procfs files for key database enumeration
  2  *
  3  * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
  4  * Written by David Howells (dhowells@redhat.com)
  5  *
  6  * This program is free software; you can redistribute it and/or
  7  * modify it under the terms of the GNU General Public License
  8  * as published by the Free Software Foundation; either version
  9  * 2 of the License, or (at your option) any later version.
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/init.h>
 14 #include <linux/sched.h>
 15 #include <linux/fs.h>
 16 #include <linux/proc_fs.h>
 17 #include <linux/seq_file.h>
 18 #include <asm/errno.h>
 19 #include "internal.h"
 20 
 21 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 22 static int proc_keys_open(struct inode *inode, struct file *file);
 23 static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
 24 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
 25 static void proc_keys_stop(struct seq_file *p, void *v);
 26 static int proc_keys_show(struct seq_file *m, void *v);
 27 
 28 static const struct seq_operations proc_keys_ops = {
 29         .start  = proc_keys_start,
 30         .next   = proc_keys_next,
 31         .stop   = proc_keys_stop,
 32         .show   = proc_keys_show,
 33 };
 34 
 35 static const struct file_operations proc_keys_fops = {
 36         .open           = proc_keys_open,
 37         .read           = seq_read,
 38         .llseek         = seq_lseek,
 39         .release        = seq_release,
 40 };
 41 #endif
 42 
 43 static int proc_key_users_open(struct inode *inode, struct file *file);
 44 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
 45 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
 46 static void proc_key_users_stop(struct seq_file *p, void *v);
 47 static int proc_key_users_show(struct seq_file *m, void *v);
 48 
 49 static const struct seq_operations proc_key_users_ops = {
 50         .start  = proc_key_users_start,
 51         .next   = proc_key_users_next,
 52         .stop   = proc_key_users_stop,
 53         .show   = proc_key_users_show,
 54 };
 55 
 56 static const struct file_operations proc_key_users_fops = {
 57         .open           = proc_key_users_open,
 58         .read           = seq_read,
 59         .llseek         = seq_lseek,
 60         .release        = seq_release,
 61 };
 62 
 63 /*
 64  * Declare the /proc files.
 65  */
 66 static int __init key_proc_init(void)
 67 {
 68         struct proc_dir_entry *p;
 69 
 70 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 71         p = proc_create("keys", 0, NULL, &proc_keys_fops);
 72         if (!p)
 73                 panic("Cannot create /proc/keys\n");
 74 #endif
 75 
 76         p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
 77         if (!p)
 78                 panic("Cannot create /proc/key-users\n");
 79 
 80         return 0;
 81 }
 82 
 83 __initcall(key_proc_init);
 84 
 85 /*
 86  * Implement "/proc/keys" to provide a list of the keys on the system that
 87  * grant View permission to the caller.
 88  */
 89 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
 90 
 91 static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
 92 {
 93         struct user_namespace *user_ns = seq_user_ns(p);
 94 
 95         n = rb_next(n);
 96         while (n) {
 97                 struct key *key = rb_entry(n, struct key, serial_node);
 98                 if (kuid_has_mapping(user_ns, key->user->uid))
 99                         break;
100                 n = rb_next(n);
101         }
102         return n;
103 }
104 
105 static int proc_keys_open(struct inode *inode, struct file *file)
106 {
107         return seq_open(file, &proc_keys_ops);
108 }
109 
110 static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
111 {
112         struct user_namespace *user_ns = seq_user_ns(p);
113         struct rb_node *n = key_serial_tree.rb_node;
114         struct key *minkey = NULL;
115 
116         while (n) {
117                 struct key *key = rb_entry(n, struct key, serial_node);
118                 if (id < key->serial) {
119                         if (!minkey || minkey->serial > key->serial)
120                                 minkey = key;
121                         n = n->rb_left;
122                 } else if (id > key->serial) {
123                         n = n->rb_right;
124                 } else {
125                         minkey = key;
126                         break;
127                 }
128                 key = NULL;
129         }
130 
131         if (!minkey)
132                 return NULL;
133 
134         for (;;) {
135                 if (kuid_has_mapping(user_ns, minkey->user->uid))
136                         return minkey;
137                 n = rb_next(&minkey->serial_node);
138                 if (!n)
139                         return NULL;
140                 minkey = rb_entry(n, struct key, serial_node);
141         }
142 }
143 
144 static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
145         __acquires(key_serial_lock)
146 {
147         key_serial_t pos = *_pos;
148         struct key *key;
149 
150         spin_lock(&key_serial_lock);
151 
152         if (*_pos > INT_MAX)
153                 return NULL;
154         key = find_ge_key(p, pos);
155         if (!key)
156                 return NULL;
157         *_pos = key->serial;
158         return &key->serial_node;
159 }
160 
161 static inline key_serial_t key_node_serial(struct rb_node *n)
162 {
163         struct key *key = rb_entry(n, struct key, serial_node);
164         return key->serial;
165 }
166 
167 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
168 {
169         struct rb_node *n;
170 
171         n = key_serial_next(p, v);
172         if (n)
173                 *_pos = key_node_serial(n);
174         return n;
175 }
176 
177 static void proc_keys_stop(struct seq_file *p, void *v)
178         __releases(key_serial_lock)
179 {
180         spin_unlock(&key_serial_lock);
181 }
182 
183 static int proc_keys_show(struct seq_file *m, void *v)
184 {
185         const struct cred *cred = current_cred();
186         struct rb_node *_p = v;
187         struct key *key = rb_entry(_p, struct key, serial_node);
188         struct timespec now;
189         unsigned long timo;
190         key_ref_t key_ref, skey_ref;
191         char xbuf[12];
192         int rc;
193 
194         key_ref = make_key_ref(key, 0);
195 
196         /* determine if the key is possessed by this process (a test we can
197          * skip if the key does not indicate the possessor can view it
198          */
199         if (key->perm & KEY_POS_VIEW) {
200                 skey_ref = search_my_process_keyrings(key->type, key,
201                                                       lookup_user_key_possessed,
202                                                       true, cred);
203                 if (!IS_ERR(skey_ref)) {
204                         key_ref_put(skey_ref);
205                         key_ref = make_key_ref(key, 1);
206                 }
207         }
208 
209         /* check whether the current task is allowed to view the key (assuming
210          * non-possession)
211          * - the caller holds a spinlock, and thus the RCU read lock, making our
212          *   access to __current_cred() safe
213          */
214         rc = key_task_permission(key_ref, cred, KEY_VIEW);
215         if (rc < 0)
216                 return 0;
217 
218         now = current_kernel_time();
219 
220         rcu_read_lock();
221 
222         /* come up with a suitable timeout value */
223         if (key->expiry == 0) {
224                 memcpy(xbuf, "perm", 5);
225         } else if (now.tv_sec >= key->expiry) {
226                 memcpy(xbuf, "expd", 5);
227         } else {
228                 timo = key->expiry - now.tv_sec;
229 
230                 if (timo < 60)
231                         sprintf(xbuf, "%lus", timo);
232                 else if (timo < 60*60)
233                         sprintf(xbuf, "%lum", timo / 60);
234                 else if (timo < 60*60*24)
235                         sprintf(xbuf, "%luh", timo / (60*60));
236                 else if (timo < 60*60*24*7)
237                         sprintf(xbuf, "%lud", timo / (60*60*24));
238                 else
239                         sprintf(xbuf, "%luw", timo / (60*60*24*7));
240         }
241 
242 #define showflag(KEY, LETTER, FLAG) \
243         (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
244 
245         seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
246                    key->serial,
247                    showflag(key, 'I', KEY_FLAG_INSTANTIATED),
248                    showflag(key, 'R', KEY_FLAG_REVOKED),
249                    showflag(key, 'D', KEY_FLAG_DEAD),
250                    showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
251                    showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
252                    showflag(key, 'N', KEY_FLAG_NEGATIVE),
253                    showflag(key, 'i', KEY_FLAG_INVALIDATED),
254                    atomic_read(&key->usage),
255                    xbuf,
256                    key->perm,
257                    from_kuid_munged(seq_user_ns(m), key->uid),
258                    from_kgid_munged(seq_user_ns(m), key->gid),
259                    key->type->name);
260 
261 #undef showflag
262 
263         if (key->type->describe)
264                 key->type->describe(key, m);
265         seq_putc(m, '\n');
266 
267         rcu_read_unlock();
268         return 0;
269 }
270 
271 #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
272 
273 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
274 {
275         while (n) {
276                 struct key_user *user = rb_entry(n, struct key_user, node);
277                 if (kuid_has_mapping(user_ns, user->uid))
278                         break;
279                 n = rb_next(n);
280         }
281         return n;
282 }
283 
284 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n)
285 {
286         return __key_user_next(user_ns, rb_next(n));
287 }
288 
289 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r)
290 {
291         struct rb_node *n = rb_first(r);
292         return __key_user_next(user_ns, n);
293 }
294 
295 /*
296  * Implement "/proc/key-users" to provides a list of the key users and their
297  * quotas.
298  */
299 static int proc_key_users_open(struct inode *inode, struct file *file)
300 {
301         return seq_open(file, &proc_key_users_ops);
302 }
303 
304 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
305         __acquires(key_user_lock)
306 {
307         struct rb_node *_p;
308         loff_t pos = *_pos;
309 
310         spin_lock(&key_user_lock);
311 
312         _p = key_user_first(seq_user_ns(p), &key_user_tree);
313         while (pos > 0 && _p) {
314                 pos--;
315                 _p = key_user_next(seq_user_ns(p), _p);
316         }
317 
318         return _p;
319 }
320 
321 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
322 {
323         (*_pos)++;
324         return key_user_next(seq_user_ns(p), (struct rb_node *)v);
325 }
326 
327 static void proc_key_users_stop(struct seq_file *p, void *v)
328         __releases(key_user_lock)
329 {
330         spin_unlock(&key_user_lock);
331 }
332 
333 static int proc_key_users_show(struct seq_file *m, void *v)
334 {
335         struct rb_node *_p = v;
336         struct key_user *user = rb_entry(_p, struct key_user, node);
337         unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
338                 key_quota_root_maxkeys : key_quota_maxkeys;
339         unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
340                 key_quota_root_maxbytes : key_quota_maxbytes;
341 
342         seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
343                    from_kuid_munged(seq_user_ns(m), user->uid),
344                    atomic_read(&user->usage),
345                    atomic_read(&user->nkeys),
346                    atomic_read(&user->nikeys),
347                    user->qnkeys,
348                    maxkeys,
349                    user->qnbytes,
350                    maxbytes);
351 
352         return 0;
353 }
354 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp