~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/proc.c

Version: ~ [ linux-5.12-rc7 ] ~ [ linux-5.11.13 ] ~ [ linux-5.10.29 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.111 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.186 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.230 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.266 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.266 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* procfs files for key database enumeration
  2  *
  3  * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
  4  * Written by David Howells (dhowells@redhat.com)
  5  *
  6  * This program is free software; you can redistribute it and/or
  7  * modify it under the terms of the GNU General Public License
  8  * as published by the Free Software Foundation; either version
  9  * 2 of the License, or (at your option) any later version.
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/init.h>
 14 #include <linux/sched.h>
 15 #include <linux/fs.h>
 16 #include <linux/proc_fs.h>
 17 #include <linux/seq_file.h>
 18 #include <asm/errno.h>
 19 #include "internal.h"
 20 
 21 static int proc_keys_open(struct inode *inode, struct file *file);
 22 static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
 23 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
 24 static void proc_keys_stop(struct seq_file *p, void *v);
 25 static int proc_keys_show(struct seq_file *m, void *v);
 26 
 27 static const struct seq_operations proc_keys_ops = {
 28         .start  = proc_keys_start,
 29         .next   = proc_keys_next,
 30         .stop   = proc_keys_stop,
 31         .show   = proc_keys_show,
 32 };
 33 
 34 static const struct file_operations proc_keys_fops = {
 35         .open           = proc_keys_open,
 36         .read           = seq_read,
 37         .llseek         = seq_lseek,
 38         .release        = seq_release,
 39 };
 40 
 41 static int proc_key_users_open(struct inode *inode, struct file *file);
 42 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
 43 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
 44 static void proc_key_users_stop(struct seq_file *p, void *v);
 45 static int proc_key_users_show(struct seq_file *m, void *v);
 46 
 47 static const struct seq_operations proc_key_users_ops = {
 48         .start  = proc_key_users_start,
 49         .next   = proc_key_users_next,
 50         .stop   = proc_key_users_stop,
 51         .show   = proc_key_users_show,
 52 };
 53 
 54 static const struct file_operations proc_key_users_fops = {
 55         .open           = proc_key_users_open,
 56         .read           = seq_read,
 57         .llseek         = seq_lseek,
 58         .release        = seq_release,
 59 };
 60 
 61 /*
 62  * Declare the /proc files.
 63  */
 64 static int __init key_proc_init(void)
 65 {
 66         struct proc_dir_entry *p;
 67 
 68         p = proc_create("keys", 0, NULL, &proc_keys_fops);
 69         if (!p)
 70                 panic("Cannot create /proc/keys\n");
 71 
 72         p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
 73         if (!p)
 74                 panic("Cannot create /proc/key-users\n");
 75 
 76         return 0;
 77 }
 78 
 79 __initcall(key_proc_init);
 80 
 81 /*
 82  * Implement "/proc/keys" to provide a list of the keys on the system that
 83  * grant View permission to the caller.
 84  */
 85 static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
 86 {
 87         struct user_namespace *user_ns = seq_user_ns(p);
 88 
 89         n = rb_next(n);
 90         while (n) {
 91                 struct key *key = rb_entry(n, struct key, serial_node);
 92                 if (kuid_has_mapping(user_ns, key->user->uid))
 93                         break;
 94                 n = rb_next(n);
 95         }
 96         return n;
 97 }
 98 
 99 static int proc_keys_open(struct inode *inode, struct file *file)
100 {
101         return seq_open(file, &proc_keys_ops);
102 }
103 
104 static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
105 {
106         struct user_namespace *user_ns = seq_user_ns(p);
107         struct rb_node *n = key_serial_tree.rb_node;
108         struct key *minkey = NULL;
109 
110         while (n) {
111                 struct key *key = rb_entry(n, struct key, serial_node);
112                 if (id < key->serial) {
113                         if (!minkey || minkey->serial > key->serial)
114                                 minkey = key;
115                         n = n->rb_left;
116                 } else if (id > key->serial) {
117                         n = n->rb_right;
118                 } else {
119                         minkey = key;
120                         break;
121                 }
122                 key = NULL;
123         }
124 
125         if (!minkey)
126                 return NULL;
127 
128         for (;;) {
129                 if (kuid_has_mapping(user_ns, minkey->user->uid))
130                         return minkey;
131                 n = rb_next(&minkey->serial_node);
132                 if (!n)
133                         return NULL;
134                 minkey = rb_entry(n, struct key, serial_node);
135         }
136 }
137 
138 static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
139         __acquires(key_serial_lock)
140 {
141         key_serial_t pos = *_pos;
142         struct key *key;
143 
144         spin_lock(&key_serial_lock);
145 
146         if (*_pos > INT_MAX)
147                 return NULL;
148         key = find_ge_key(p, pos);
149         if (!key)
150                 return NULL;
151         *_pos = key->serial;
152         return &key->serial_node;
153 }
154 
155 static inline key_serial_t key_node_serial(struct rb_node *n)
156 {
157         struct key *key = rb_entry(n, struct key, serial_node);
158         return key->serial;
159 }
160 
161 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
162 {
163         struct rb_node *n;
164 
165         n = key_serial_next(p, v);
166         if (n)
167                 *_pos = key_node_serial(n);
168         return n;
169 }
170 
171 static void proc_keys_stop(struct seq_file *p, void *v)
172         __releases(key_serial_lock)
173 {
174         spin_unlock(&key_serial_lock);
175 }
176 
177 static int proc_keys_show(struct seq_file *m, void *v)
178 {
179         struct rb_node *_p = v;
180         struct key *key = rb_entry(_p, struct key, serial_node);
181         unsigned long flags;
182         key_ref_t key_ref, skey_ref;
183         time64_t now, expiry;
184         char xbuf[16];
185         short state;
186         u64 timo;
187         int rc;
188 
189         struct keyring_search_context ctx = {
190                 .index_key.type         = key->type,
191                 .index_key.description  = key->description,
192                 .cred                   = m->file->f_cred,
193                 .match_data.cmp         = lookup_user_key_possessed,
194                 .match_data.raw_data    = key,
195                 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
196                 .flags                  = KEYRING_SEARCH_NO_STATE_CHECK,
197         };
198 
199         key_ref = make_key_ref(key, 0);
200 
201         /* determine if the key is possessed by this process (a test we can
202          * skip if the key does not indicate the possessor can view it
203          */
204         if (key->perm & KEY_POS_VIEW) {
205                 skey_ref = search_my_process_keyrings(&ctx);
206                 if (!IS_ERR(skey_ref)) {
207                         key_ref_put(skey_ref);
208                         key_ref = make_key_ref(key, 1);
209                 }
210         }
211 
212         /* check whether the current task is allowed to view the key */
213         rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);
214         if (rc < 0)
215                 return 0;
216 
217         now = ktime_get_real_seconds();
218 
219         rcu_read_lock();
220 
221         /* come up with a suitable timeout value */
222         expiry = READ_ONCE(key->expiry);
223         if (expiry == 0) {
224                 memcpy(xbuf, "perm", 5);
225         } else if (now >= expiry) {
226                 memcpy(xbuf, "expd", 5);
227         } else {
228                 timo = expiry - now;
229 
230                 if (timo < 60)
231                         sprintf(xbuf, "%llus", timo);
232                 else if (timo < 60*60)
233                         sprintf(xbuf, "%llum", div_u64(timo, 60));
234                 else if (timo < 60*60*24)
235                         sprintf(xbuf, "%lluh", div_u64(timo, 60 * 60));
236                 else if (timo < 60*60*24*7)
237                         sprintf(xbuf, "%llud", div_u64(timo, 60 * 60 * 24));
238                 else
239                         sprintf(xbuf, "%lluw", div_u64(timo, 60 * 60 * 24 * 7));
240         }
241 
242         state = key_read_state(key);
243 
244 #define showflag(FLAGS, LETTER, FLAG) \
245         ((FLAGS & (1 << FLAG)) ? LETTER : '-')
246 
247         flags = READ_ONCE(key->flags);
248         seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
249                    key->serial,
250                    state != KEY_IS_UNINSTANTIATED ? 'I' : '-',
251                    showflag(flags, 'R', KEY_FLAG_REVOKED),
252                    showflag(flags, 'D', KEY_FLAG_DEAD),
253                    showflag(flags, 'Q', KEY_FLAG_IN_QUOTA),
254                    showflag(flags, 'U', KEY_FLAG_USER_CONSTRUCT),
255                    state < 0 ? 'N' : '-',
256                    showflag(flags, 'i', KEY_FLAG_INVALIDATED),
257                    refcount_read(&key->usage),
258                    xbuf,
259                    key->perm,
260                    from_kuid_munged(seq_user_ns(m), key->uid),
261                    from_kgid_munged(seq_user_ns(m), key->gid),
262                    key->type->name);
263 
264 #undef showflag
265 
266         if (key->type->describe)
267                 key->type->describe(key, m);
268         seq_putc(m, '\n');
269 
270         rcu_read_unlock();
271         return 0;
272 }
273 
274 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
275 {
276         while (n) {
277                 struct key_user *user = rb_entry(n, struct key_user, node);
278                 if (kuid_has_mapping(user_ns, user->uid))
279                         break;
280                 n = rb_next(n);
281         }
282         return n;
283 }
284 
285 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n)
286 {
287         return __key_user_next(user_ns, rb_next(n));
288 }
289 
290 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r)
291 {
292         struct rb_node *n = rb_first(r);
293         return __key_user_next(user_ns, n);
294 }
295 
296 /*
297  * Implement "/proc/key-users" to provides a list of the key users and their
298  * quotas.
299  */
300 static int proc_key_users_open(struct inode *inode, struct file *file)
301 {
302         return seq_open(file, &proc_key_users_ops);
303 }
304 
305 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
306         __acquires(key_user_lock)
307 {
308         struct rb_node *_p;
309         loff_t pos = *_pos;
310 
311         spin_lock(&key_user_lock);
312 
313         _p = key_user_first(seq_user_ns(p), &key_user_tree);
314         while (pos > 0 && _p) {
315                 pos--;
316                 _p = key_user_next(seq_user_ns(p), _p);
317         }
318 
319         return _p;
320 }
321 
322 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
323 {
324         (*_pos)++;
325         return key_user_next(seq_user_ns(p), (struct rb_node *)v);
326 }
327 
328 static void proc_key_users_stop(struct seq_file *p, void *v)
329         __releases(key_user_lock)
330 {
331         spin_unlock(&key_user_lock);
332 }
333 
334 static int proc_key_users_show(struct seq_file *m, void *v)
335 {
336         struct rb_node *_p = v;
337         struct key_user *user = rb_entry(_p, struct key_user, node);
338         unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
339                 key_quota_root_maxkeys : key_quota_maxkeys;
340         unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
341                 key_quota_root_maxbytes : key_quota_maxbytes;
342 
343         seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
344                    from_kuid_munged(seq_user_ns(m), user->uid),
345                    refcount_read(&user->usage),
346                    atomic_read(&user->nkeys),
347                    atomic_read(&user->nikeys),
348                    user->qnkeys,
349                    maxkeys,
350                    user->qnbytes,
351                    maxbytes);
352 
353         return 0;
354 }
355 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp