Linux-2.6.12-rc2
[linux-2.6/next.git] / security / keys / keyctl.c
blobdc0011b3fac92e8a8c623a0f8d92696d8052a241
1 /* keyctl.c: userspace keyctl operations
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/syscalls.h>
17 #include <linux/keyctl.h>
18 #include <linux/fs.h>
19 #include <linux/err.h>
20 #include <asm/uaccess.h>
21 #include "internal.h"
23 /*****************************************************************************/
25 * extract the description of a new key from userspace and either add it as a
26 * new key to the specified keyring or update a matching key in that keyring
27 * - the keyring must be writable
28 * - returns the new key's serial number
29 * - implements add_key()
31 asmlinkage long sys_add_key(const char __user *_type,
32 const char __user *_description,
33 const void __user *_payload,
34 size_t plen,
35 key_serial_t ringid)
37 struct key *keyring, *key;
38 char type[32], *description;
39 void *payload;
40 long dlen, ret;
42 ret = -EINVAL;
43 if (plen > 32767)
44 goto error;
46 /* draw all the data into kernel space */
47 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
48 if (ret < 0)
49 goto error;
50 type[31] = '\0';
52 ret = -EFAULT;
53 dlen = strnlen_user(_description, PAGE_SIZE - 1);
54 if (dlen <= 0)
55 goto error;
57 ret = -EINVAL;
58 if (dlen > PAGE_SIZE - 1)
59 goto error;
61 ret = -ENOMEM;
62 description = kmalloc(dlen + 1, GFP_KERNEL);
63 if (!description)
64 goto error;
66 ret = -EFAULT;
67 if (copy_from_user(description, _description, dlen + 1) != 0)
68 goto error2;
70 /* pull the payload in if one was supplied */
71 payload = NULL;
73 if (_payload) {
74 ret = -ENOMEM;
75 payload = kmalloc(plen, GFP_KERNEL);
76 if (!payload)
77 goto error2;
79 ret = -EFAULT;
80 if (copy_from_user(payload, _payload, plen) != 0)
81 goto error3;
84 /* find the target keyring (which must be writable) */
85 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
86 if (IS_ERR(keyring)) {
87 ret = PTR_ERR(keyring);
88 goto error3;
91 /* create or update the requested key and add it to the target
92 * keyring */
93 key = key_create_or_update(keyring, type, description,
94 payload, plen, 0);
95 if (!IS_ERR(key)) {
96 ret = key->serial;
97 key_put(key);
99 else {
100 ret = PTR_ERR(key);
103 key_put(keyring);
104 error3:
105 kfree(payload);
106 error2:
107 kfree(description);
108 error:
109 return ret;
111 } /* end sys_add_key() */
113 /*****************************************************************************/
115 * search the process keyrings for a matching key
116 * - nested keyrings may also be searched if they have Search permission
117 * - if a key is found, it will be attached to the destination keyring if
118 * there's one specified
119 * - /sbin/request-key will be invoked if _callout_info is non-NULL
120 * - the _callout_info string will be passed to /sbin/request-key
121 * - if the _callout_info string is empty, it will be rendered as "-"
122 * - implements request_key()
124 asmlinkage long sys_request_key(const char __user *_type,
125 const char __user *_description,
126 const char __user *_callout_info,
127 key_serial_t destringid)
129 struct key_type *ktype;
130 struct key *key, *dest;
131 char type[32], *description, *callout_info;
132 long dlen, ret;
134 /* pull the type into kernel space */
135 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
136 if (ret < 0)
137 goto error;
138 type[31] = '\0';
140 /* pull the description into kernel space */
141 ret = -EFAULT;
142 dlen = strnlen_user(_description, PAGE_SIZE - 1);
143 if (dlen <= 0)
144 goto error;
146 ret = -EINVAL;
147 if (dlen > PAGE_SIZE - 1)
148 goto error;
150 ret = -ENOMEM;
151 description = kmalloc(dlen + 1, GFP_KERNEL);
152 if (!description)
153 goto error;
155 ret = -EFAULT;
156 if (copy_from_user(description, _description, dlen + 1) != 0)
157 goto error2;
159 /* pull the callout info into kernel space */
160 callout_info = NULL;
161 if (_callout_info) {
162 ret = -EFAULT;
163 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
164 if (dlen <= 0)
165 goto error2;
167 ret = -EINVAL;
168 if (dlen > PAGE_SIZE - 1)
169 goto error2;
171 ret = -ENOMEM;
172 callout_info = kmalloc(dlen + 1, GFP_KERNEL);
173 if (!callout_info)
174 goto error2;
176 ret = -EFAULT;
177 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
178 goto error3;
181 /* get the destination keyring if specified */
182 dest = NULL;
183 if (destringid) {
184 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
185 if (IS_ERR(dest)) {
186 ret = PTR_ERR(dest);
187 goto error3;
191 /* find the key type */
192 ktype = key_type_lookup(type);
193 if (IS_ERR(ktype)) {
194 ret = PTR_ERR(ktype);
195 goto error4;
198 /* do the search */
199 key = request_key(ktype, description, callout_info);
200 if (IS_ERR(key)) {
201 ret = PTR_ERR(key);
202 goto error5;
205 /* link the resulting key to the destination keyring */
206 if (dest) {
207 ret = key_link(dest, key);
208 if (ret < 0)
209 goto error6;
212 ret = key->serial;
214 error6:
215 key_put(key);
216 error5:
217 key_type_put(ktype);
218 error4:
219 key_put(dest);
220 error3:
221 kfree(callout_info);
222 error2:
223 kfree(description);
224 error:
225 return ret;
227 } /* end sys_request_key() */
229 /*****************************************************************************/
231 * get the ID of the specified process keyring
232 * - the keyring must have search permission to be found
233 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
235 long keyctl_get_keyring_ID(key_serial_t id, int create)
237 struct key *key;
238 long ret;
240 key = lookup_user_key(id, create, 0, KEY_SEARCH);
241 if (IS_ERR(key)) {
242 ret = PTR_ERR(key);
243 goto error;
246 ret = key->serial;
247 key_put(key);
248 error:
249 return ret;
251 } /* end keyctl_get_keyring_ID() */
253 /*****************************************************************************/
255 * join the session keyring
256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
258 long keyctl_join_session_keyring(const char __user *_name)
260 char *name;
261 long nlen, ret;
263 /* fetch the name from userspace */
264 name = NULL;
265 if (_name) {
266 ret = -EFAULT;
267 nlen = strnlen_user(_name, PAGE_SIZE - 1);
268 if (nlen <= 0)
269 goto error;
271 ret = -EINVAL;
272 if (nlen > PAGE_SIZE - 1)
273 goto error;
275 ret = -ENOMEM;
276 name = kmalloc(nlen + 1, GFP_KERNEL);
277 if (!name)
278 goto error;
280 ret = -EFAULT;
281 if (copy_from_user(name, _name, nlen + 1) != 0)
282 goto error2;
285 /* join the session */
286 ret = join_session_keyring(name);
288 error2:
289 kfree(name);
290 error:
291 return ret;
293 } /* end keyctl_join_session_keyring() */
295 /*****************************************************************************/
297 * update a key's data payload
298 * - the key must be writable
299 * - implements keyctl(KEYCTL_UPDATE)
301 long keyctl_update_key(key_serial_t id,
302 const void __user *_payload,
303 size_t plen)
305 struct key *key;
306 void *payload;
307 long ret;
309 ret = -EINVAL;
310 if (plen > PAGE_SIZE)
311 goto error;
313 /* pull the payload in if one was supplied */
314 payload = NULL;
315 if (_payload) {
316 ret = -ENOMEM;
317 payload = kmalloc(plen, GFP_KERNEL);
318 if (!payload)
319 goto error;
321 ret = -EFAULT;
322 if (copy_from_user(payload, _payload, plen) != 0)
323 goto error2;
326 /* find the target key (which must be writable) */
327 key = lookup_user_key(id, 0, 0, KEY_WRITE);
328 if (IS_ERR(key)) {
329 ret = PTR_ERR(key);
330 goto error2;
333 /* update the key */
334 ret = key_update(key, payload, plen);
336 key_put(key);
337 error2:
338 kfree(payload);
339 error:
340 return ret;
342 } /* end keyctl_update_key() */
344 /*****************************************************************************/
346 * revoke a key
347 * - the key must be writable
348 * - implements keyctl(KEYCTL_REVOKE)
350 long keyctl_revoke_key(key_serial_t id)
352 struct key *key;
353 long ret;
355 key = lookup_user_key(id, 0, 0, KEY_WRITE);
356 if (IS_ERR(key)) {
357 ret = PTR_ERR(key);
358 goto error;
361 key_revoke(key);
362 ret = 0;
364 key_put(key);
365 error:
366 return 0;
368 } /* end keyctl_revoke_key() */
370 /*****************************************************************************/
372 * clear the specified process keyring
373 * - the keyring must be writable
374 * - implements keyctl(KEYCTL_CLEAR)
376 long keyctl_keyring_clear(key_serial_t ringid)
378 struct key *keyring;
379 long ret;
381 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
382 if (IS_ERR(keyring)) {
383 ret = PTR_ERR(keyring);
384 goto error;
387 ret = keyring_clear(keyring);
389 key_put(keyring);
390 error:
391 return ret;
393 } /* end keyctl_keyring_clear() */
395 /*****************************************************************************/
397 * link a key into a keyring
398 * - the keyring must be writable
399 * - the key must be linkable
400 * - implements keyctl(KEYCTL_LINK)
402 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
404 struct key *keyring, *key;
405 long ret;
407 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
408 if (IS_ERR(keyring)) {
409 ret = PTR_ERR(keyring);
410 goto error;
413 key = lookup_user_key(id, 1, 0, KEY_LINK);
414 if (IS_ERR(key)) {
415 ret = PTR_ERR(key);
416 goto error2;
419 ret = key_link(keyring, key);
421 key_put(key);
422 error2:
423 key_put(keyring);
424 error:
425 return ret;
427 } /* end keyctl_keyring_link() */
429 /*****************************************************************************/
431 * unlink the first attachment of a key from a keyring
432 * - the keyring must be writable
433 * - we don't need any permissions on the key
434 * - implements keyctl(KEYCTL_UNLINK)
436 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
438 struct key *keyring, *key;
439 long ret;
441 keyring = lookup_user_key(ringid, 0, 0, KEY_WRITE);
442 if (IS_ERR(keyring)) {
443 ret = PTR_ERR(keyring);
444 goto error;
447 key = lookup_user_key(id, 0, 0, 0);
448 if (IS_ERR(key)) {
449 ret = PTR_ERR(key);
450 goto error2;
453 ret = key_unlink(keyring, key);
455 key_put(key);
456 error2:
457 key_put(keyring);
458 error:
459 return ret;
461 } /* end keyctl_keyring_unlink() */
463 /*****************************************************************************/
465 * describe a user key
466 * - the key must have view permission
467 * - if there's a buffer, we place up to buflen bytes of data into it
468 * - unless there's an error, we return the amount of description available,
469 * irrespective of how much we may have copied
470 * - the description is formatted thus:
471 * type;uid;gid;perm;description<NUL>
472 * - implements keyctl(KEYCTL_DESCRIBE)
474 long keyctl_describe_key(key_serial_t keyid,
475 char __user *buffer,
476 size_t buflen)
478 struct key *key;
479 char *tmpbuf;
480 long ret;
482 key = lookup_user_key(keyid, 0, 1, KEY_VIEW);
483 if (IS_ERR(key)) {
484 ret = PTR_ERR(key);
485 goto error;
488 /* calculate how much description we're going to return */
489 ret = -ENOMEM;
490 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
491 if (!tmpbuf)
492 goto error2;
494 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
495 "%s;%d;%d;%06x;%s",
496 key->type->name,
497 key->uid,
498 key->gid,
499 key->perm,
500 key->description ? key->description :""
503 /* include a NUL char at the end of the data */
504 if (ret > PAGE_SIZE - 1)
505 ret = PAGE_SIZE - 1;
506 tmpbuf[ret] = 0;
507 ret++;
509 /* consider returning the data */
510 if (buffer && buflen > 0) {
511 if (buflen > ret)
512 buflen = ret;
514 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
515 ret = -EFAULT;
518 kfree(tmpbuf);
519 error2:
520 key_put(key);
521 error:
522 return ret;
524 } /* end keyctl_describe_key() */
526 /*****************************************************************************/
528 * search the specified keyring for a matching key
529 * - the start keyring must be searchable
530 * - nested keyrings may also be searched if they are searchable
531 * - only keys with search permission may be found
532 * - if a key is found, it will be attached to the destination keyring if
533 * there's one specified
534 * - implements keyctl(KEYCTL_SEARCH)
536 long keyctl_keyring_search(key_serial_t ringid,
537 const char __user *_type,
538 const char __user *_description,
539 key_serial_t destringid)
541 struct key_type *ktype;
542 struct key *keyring, *key, *dest;
543 char type[32], *description;
544 long dlen, ret;
546 /* pull the type and description into kernel space */
547 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
548 if (ret < 0)
549 goto error;
550 type[31] = '\0';
552 ret = -EFAULT;
553 dlen = strnlen_user(_description, PAGE_SIZE - 1);
554 if (dlen <= 0)
555 goto error;
557 ret = -EINVAL;
558 if (dlen > PAGE_SIZE - 1)
559 goto error;
561 ret = -ENOMEM;
562 description = kmalloc(dlen + 1, GFP_KERNEL);
563 if (!description)
564 goto error;
566 ret = -EFAULT;
567 if (copy_from_user(description, _description, dlen + 1) != 0)
568 goto error2;
570 /* get the keyring at which to begin the search */
571 keyring = lookup_user_key(ringid, 0, 0, KEY_SEARCH);
572 if (IS_ERR(keyring)) {
573 ret = PTR_ERR(keyring);
574 goto error2;
577 /* get the destination keyring if specified */
578 dest = NULL;
579 if (destringid) {
580 dest = lookup_user_key(destringid, 1, 0, KEY_WRITE);
581 if (IS_ERR(dest)) {
582 ret = PTR_ERR(dest);
583 goto error3;
587 /* find the key type */
588 ktype = key_type_lookup(type);
589 if (IS_ERR(ktype)) {
590 ret = PTR_ERR(ktype);
591 goto error4;
594 /* do the search */
595 key = keyring_search(keyring, ktype, description);
596 if (IS_ERR(key)) {
597 ret = PTR_ERR(key);
599 /* treat lack or presence of a negative key the same */
600 if (ret == -EAGAIN)
601 ret = -ENOKEY;
602 goto error5;
605 /* link the resulting key to the destination keyring if we can */
606 if (dest) {
607 ret = -EACCES;
608 if (!key_permission(key, KEY_LINK))
609 goto error6;
611 ret = key_link(dest, key);
612 if (ret < 0)
613 goto error6;
616 ret = key->serial;
618 error6:
619 key_put(key);
620 error5:
621 key_type_put(ktype);
622 error4:
623 key_put(dest);
624 error3:
625 key_put(keyring);
626 error2:
627 kfree(description);
628 error:
629 return ret;
631 } /* end keyctl_keyring_search() */
633 /*****************************************************************************/
635 * see if the key we're looking at is the target key
637 static int keyctl_read_key_same(const struct key *key, const void *target)
639 return key == target;
641 } /* end keyctl_read_key_same() */
643 /*****************************************************************************/
645 * read a user key's payload
646 * - the keyring must be readable or the key must be searchable from the
647 * process's keyrings
648 * - if there's a buffer, we place up to buflen bytes of data into it
649 * - unless there's an error, we return the amount of data in the key,
650 * irrespective of how much we may have copied
651 * - implements keyctl(KEYCTL_READ)
653 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
655 struct key *key, *skey;
656 long ret;
658 /* find the key first */
659 key = lookup_user_key(keyid, 0, 0, 0);
660 if (!IS_ERR(key)) {
661 /* see if we can read it directly */
662 if (key_permission(key, KEY_READ))
663 goto can_read_key;
665 /* can't; see if it's searchable from this process's
666 * keyrings */
667 ret = -ENOKEY;
668 if (key_permission(key, KEY_SEARCH)) {
669 /* okay - we do have search permission on the key
670 * itself, but do we have the key? */
671 skey = search_process_keyrings_aux(key->type, key,
672 keyctl_read_key_same);
673 if (!IS_ERR(skey))
674 goto can_read_key2;
677 goto error2;
680 ret = -ENOKEY;
681 goto error;
683 /* the key is probably readable - now try to read it */
684 can_read_key2:
685 key_put(skey);
686 can_read_key:
687 ret = key_validate(key);
688 if (ret == 0) {
689 ret = -EOPNOTSUPP;
690 if (key->type->read) {
691 /* read the data with the semaphore held (since we
692 * might sleep) */
693 down_read(&key->sem);
694 ret = key->type->read(key, buffer, buflen);
695 up_read(&key->sem);
699 error2:
700 key_put(key);
701 error:
702 return ret;
704 } /* end keyctl_read_key() */
706 /*****************************************************************************/
708 * change the ownership of a key
709 * - the keyring owned by the changer
710 * - if the uid or gid is -1, then that parameter is not changed
711 * - implements keyctl(KEYCTL_CHOWN)
713 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
715 struct key *key;
716 long ret;
718 ret = 0;
719 if (uid == (uid_t) -1 && gid == (gid_t) -1)
720 goto error;
722 key = lookup_user_key(id, 1, 1, 0);
723 if (IS_ERR(key)) {
724 ret = PTR_ERR(key);
725 goto error;
728 /* make the changes with the locks held to prevent chown/chown races */
729 ret = -EACCES;
730 down_write(&key->sem);
731 write_lock(&key->lock);
733 if (!capable(CAP_SYS_ADMIN)) {
734 /* only the sysadmin can chown a key to some other UID */
735 if (uid != (uid_t) -1 && key->uid != uid)
736 goto no_access;
738 /* only the sysadmin can set the key's GID to a group other
739 * than one of those that the current process subscribes to */
740 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
741 goto no_access;
744 /* change the UID (have to update the quotas) */
745 if (uid != (uid_t) -1 && uid != key->uid) {
746 /* don't support UID changing yet */
747 ret = -EOPNOTSUPP;
748 goto no_access;
751 /* change the GID */
752 if (gid != (gid_t) -1)
753 key->gid = gid;
755 ret = 0;
757 no_access:
758 write_unlock(&key->lock);
759 up_write(&key->sem);
760 key_put(key);
761 error:
762 return ret;
764 } /* end keyctl_chown_key() */
766 /*****************************************************************************/
768 * change the permission mask on a key
769 * - the keyring owned by the changer
770 * - implements keyctl(KEYCTL_SETPERM)
772 long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
774 struct key *key;
775 long ret;
777 ret = -EINVAL;
778 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
779 goto error;
781 key = lookup_user_key(id, 1, 1, 0);
782 if (IS_ERR(key)) {
783 ret = PTR_ERR(key);
784 goto error;
787 /* make the changes with the locks held to prevent chown/chmod
788 * races */
789 ret = -EACCES;
790 down_write(&key->sem);
791 write_lock(&key->lock);
793 /* if we're not the sysadmin, we can only chmod a key that we
794 * own */
795 if (!capable(CAP_SYS_ADMIN) && key->uid != current->fsuid)
796 goto no_access;
798 /* changing the permissions mask */
799 key->perm = perm;
800 ret = 0;
802 no_access:
803 write_unlock(&key->lock);
804 up_write(&key->sem);
805 key_put(key);
806 error:
807 return ret;
809 } /* end keyctl_setperm_key() */
811 /*****************************************************************************/
813 * instantiate the key with the specified payload, and, if one is given, link
814 * the key into the keyring
816 long keyctl_instantiate_key(key_serial_t id,
817 const void __user *_payload,
818 size_t plen,
819 key_serial_t ringid)
821 struct key *key, *keyring;
822 void *payload;
823 long ret;
825 ret = -EINVAL;
826 if (plen > 32767)
827 goto error;
829 /* pull the payload in if one was supplied */
830 payload = NULL;
832 if (_payload) {
833 ret = -ENOMEM;
834 payload = kmalloc(plen, GFP_KERNEL);
835 if (!payload)
836 goto error;
838 ret = -EFAULT;
839 if (copy_from_user(payload, _payload, plen) != 0)
840 goto error2;
843 /* find the target key (which must be writable) */
844 key = lookup_user_key(id, 0, 1, KEY_WRITE);
845 if (IS_ERR(key)) {
846 ret = PTR_ERR(key);
847 goto error2;
850 /* find the destination keyring if present (which must also be
851 * writable) */
852 keyring = NULL;
853 if (ringid) {
854 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
855 if (IS_ERR(keyring)) {
856 ret = PTR_ERR(keyring);
857 goto error3;
861 /* instantiate the key and link it into a keyring */
862 ret = key_instantiate_and_link(key, payload, plen, keyring);
864 key_put(keyring);
865 error3:
866 key_put(key);
867 error2:
868 kfree(payload);
869 error:
870 return ret;
872 } /* end keyctl_instantiate_key() */
874 /*****************************************************************************/
876 * negatively instantiate the key with the given timeout (in seconds), and, if
877 * one is given, link the key into the keyring
879 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
881 struct key *key, *keyring;
882 long ret;
884 /* find the target key (which must be writable) */
885 key = lookup_user_key(id, 0, 1, KEY_WRITE);
886 if (IS_ERR(key)) {
887 ret = PTR_ERR(key);
888 goto error;
891 /* find the destination keyring if present (which must also be
892 * writable) */
893 keyring = NULL;
894 if (ringid) {
895 keyring = lookup_user_key(ringid, 1, 0, KEY_WRITE);
896 if (IS_ERR(keyring)) {
897 ret = PTR_ERR(keyring);
898 goto error2;
902 /* instantiate the key and link it into a keyring */
903 ret = key_negate_and_link(key, timeout, keyring);
905 key_put(keyring);
906 error2:
907 key_put(key);
908 error:
909 return ret;
911 } /* end keyctl_negate_key() */
913 /*****************************************************************************/
915 * the key control system call
917 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
918 unsigned long arg4, unsigned long arg5)
920 switch (option) {
921 case KEYCTL_GET_KEYRING_ID:
922 return keyctl_get_keyring_ID((key_serial_t) arg2,
923 (int) arg3);
925 case KEYCTL_JOIN_SESSION_KEYRING:
926 return keyctl_join_session_keyring((const char __user *) arg2);
928 case KEYCTL_UPDATE:
929 return keyctl_update_key((key_serial_t) arg2,
930 (const void __user *) arg3,
931 (size_t) arg4);
933 case KEYCTL_REVOKE:
934 return keyctl_revoke_key((key_serial_t) arg2);
936 case KEYCTL_DESCRIBE:
937 return keyctl_describe_key((key_serial_t) arg2,
938 (char __user *) arg3,
939 (unsigned) arg4);
941 case KEYCTL_CLEAR:
942 return keyctl_keyring_clear((key_serial_t) arg2);
944 case KEYCTL_LINK:
945 return keyctl_keyring_link((key_serial_t) arg2,
946 (key_serial_t) arg3);
948 case KEYCTL_UNLINK:
949 return keyctl_keyring_unlink((key_serial_t) arg2,
950 (key_serial_t) arg3);
952 case KEYCTL_SEARCH:
953 return keyctl_keyring_search((key_serial_t) arg2,
954 (const char __user *) arg3,
955 (const char __user *) arg4,
956 (key_serial_t) arg5);
958 case KEYCTL_READ:
959 return keyctl_read_key((key_serial_t) arg2,
960 (char __user *) arg3,
961 (size_t) arg4);
963 case KEYCTL_CHOWN:
964 return keyctl_chown_key((key_serial_t) arg2,
965 (uid_t) arg3,
966 (gid_t) arg4);
968 case KEYCTL_SETPERM:
969 return keyctl_setperm_key((key_serial_t) arg2,
970 (key_perm_t) arg3);
972 case KEYCTL_INSTANTIATE:
973 return keyctl_instantiate_key((key_serial_t) arg2,
974 (const void __user *) arg3,
975 (size_t) arg4,
976 (key_serial_t) arg5);
978 case KEYCTL_NEGATE:
979 return keyctl_negate_key((key_serial_t) arg2,
980 (unsigned) arg3,
981 (key_serial_t) arg4);
983 default:
984 return -EOPNOTSUPP;
987 } /* end sys_keyctl() */