[NET]: Add netlink connector.
[linux-2.6/verdex.git] / security / keys / keyctl.c
bloba6516a64b297898923ca760e2e3b779880021c30
1 /* keyctl.c: userspace keyctl operations
3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/syscalls.h>
17 #include <linux/keyctl.h>
18 #include <linux/fs.h>
19 #include <linux/err.h>
20 #include <asm/uaccess.h>
21 #include "internal.h"
23 /*****************************************************************************/
25 * extract the description of a new key from userspace and either add it as a
26 * new key to the specified keyring or update a matching key in that keyring
27 * - the keyring must be writable
28 * - returns the new key's serial number
29 * - implements add_key()
31 asmlinkage long sys_add_key(const char __user *_type,
32 const char __user *_description,
33 const void __user *_payload,
34 size_t plen,
35 key_serial_t ringid)
37 struct key *keyring, *key;
38 char type[32], *description;
39 void *payload;
40 long dlen, ret;
42 ret = -EINVAL;
43 if (plen > 32767)
44 goto error;
46 /* draw all the data into kernel space */
47 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
48 if (ret < 0)
49 goto error;
50 type[31] = '\0';
52 ret = -EPERM;
53 if (type[0] == '.')
54 goto error;
56 ret = -EFAULT;
57 dlen = strnlen_user(_description, PAGE_SIZE - 1);
58 if (dlen <= 0)
59 goto error;
61 ret = -EINVAL;
62 if (dlen > PAGE_SIZE - 1)
63 goto error;
65 ret = -ENOMEM;
66 description = kmalloc(dlen + 1, GFP_KERNEL);
67 if (!description)
68 goto error;
70 ret = -EFAULT;
71 if (copy_from_user(description, _description, dlen + 1) != 0)
72 goto error2;
74 /* pull the payload in if one was supplied */
75 payload = NULL;
77 if (_payload) {
78 ret = -ENOMEM;
79 payload = kmalloc(plen, GFP_KERNEL);
80 if (!payload)
81 goto error2;
83 ret = -EFAULT;
84 if (copy_from_user(payload, _payload, plen) != 0)
85 goto error3;
88 /* find the target keyring (which must be writable) */
89 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
90 if (IS_ERR(keyring)) {
91 ret = PTR_ERR(keyring);
92 goto error3;
95 /* create or update the requested key and add it to the target
96 * keyring */
97 key = key_create_or_update(keyring, type, description,
98 payload, plen, 0);
99 if (!IS_ERR(key)) {
100 ret = key->serial;
101 key_put(key);
103 else {
104 ret = PTR_ERR(key);
107 key_put(keyring);
108 error3:
109 kfree(payload);
110 error2:
111 kfree(description);
112 error:
113 return ret;
115 } /* end sys_add_key() */
117 /*****************************************************************************/
119 * search the process keyrings for a matching key
120 * - nested keyrings may also be searched if they have Search permission
121 * - if a key is found, it will be attached to the destination keyring if
122 * there's one specified
123 * - /sbin/request-key will be invoked if _callout_info is non-NULL
124 * - the _callout_info string will be passed to /sbin/request-key
125 * - if the _callout_info string is empty, it will be rendered as "-"
126 * - implements request_key()
128 asmlinkage long sys_request_key(const char __user *_type,
129 const char __user *_description,
130 const char __user *_callout_info,
131 key_serial_t destringid)
133 struct key_type *ktype;
134 struct key *key, *dest;
135 char type[32], *description, *callout_info;
136 long dlen, ret;
138 /* pull the type into kernel space */
139 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
140 if (ret < 0)
141 goto error;
142 type[31] = '\0';
144 ret = -EPERM;
145 if (type[0] == '.')
146 goto error;
148 /* pull the description into kernel space */
149 ret = -EFAULT;
150 dlen = strnlen_user(_description, PAGE_SIZE - 1);
151 if (dlen <= 0)
152 goto error;
154 ret = -EINVAL;
155 if (dlen > PAGE_SIZE - 1)
156 goto error;
158 ret = -ENOMEM;
159 description = kmalloc(dlen + 1, GFP_KERNEL);
160 if (!description)
161 goto error;
163 ret = -EFAULT;
164 if (copy_from_user(description, _description, dlen + 1) != 0)
165 goto error2;
167 /* pull the callout info into kernel space */
168 callout_info = NULL;
169 if (_callout_info) {
170 ret = -EFAULT;
171 dlen = strnlen_user(_callout_info, PAGE_SIZE - 1);
172 if (dlen <= 0)
173 goto error2;
175 ret = -EINVAL;
176 if (dlen > PAGE_SIZE - 1)
177 goto error2;
179 ret = -ENOMEM;
180 callout_info = kmalloc(dlen + 1, GFP_KERNEL);
181 if (!callout_info)
182 goto error2;
184 ret = -EFAULT;
185 if (copy_from_user(callout_info, _callout_info, dlen + 1) != 0)
186 goto error3;
189 /* get the destination keyring if specified */
190 dest = NULL;
191 if (destringid) {
192 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
193 if (IS_ERR(dest)) {
194 ret = PTR_ERR(dest);
195 goto error3;
199 /* find the key type */
200 ktype = key_type_lookup(type);
201 if (IS_ERR(ktype)) {
202 ret = PTR_ERR(ktype);
203 goto error4;
206 /* do the search */
207 key = request_key_and_link(ktype, description, callout_info, dest);
208 if (IS_ERR(key)) {
209 ret = PTR_ERR(key);
210 goto error5;
213 ret = key->serial;
215 key_put(key);
216 error5:
217 key_type_put(ktype);
218 error4:
219 key_put(dest);
220 error3:
221 kfree(callout_info);
222 error2:
223 kfree(description);
224 error:
225 return ret;
227 } /* end sys_request_key() */
229 /*****************************************************************************/
231 * get the ID of the specified process keyring
232 * - the keyring must have search permission to be found
233 * - implements keyctl(KEYCTL_GET_KEYRING_ID)
235 long keyctl_get_keyring_ID(key_serial_t id, int create)
237 struct key *key;
238 long ret;
240 key = lookup_user_key(NULL, id, create, 0, KEY_SEARCH);
241 if (IS_ERR(key)) {
242 ret = PTR_ERR(key);
243 goto error;
246 ret = key->serial;
247 key_put(key);
248 error:
249 return ret;
251 } /* end keyctl_get_keyring_ID() */
253 /*****************************************************************************/
255 * join the session keyring
256 * - implements keyctl(KEYCTL_JOIN_SESSION_KEYRING)
258 long keyctl_join_session_keyring(const char __user *_name)
260 char *name;
261 long nlen, ret;
263 /* fetch the name from userspace */
264 name = NULL;
265 if (_name) {
266 ret = -EFAULT;
267 nlen = strnlen_user(_name, PAGE_SIZE - 1);
268 if (nlen <= 0)
269 goto error;
271 ret = -EINVAL;
272 if (nlen > PAGE_SIZE - 1)
273 goto error;
275 ret = -ENOMEM;
276 name = kmalloc(nlen + 1, GFP_KERNEL);
277 if (!name)
278 goto error;
280 ret = -EFAULT;
281 if (copy_from_user(name, _name, nlen + 1) != 0)
282 goto error2;
285 /* join the session */
286 ret = join_session_keyring(name);
288 error2:
289 kfree(name);
290 error:
291 return ret;
293 } /* end keyctl_join_session_keyring() */
295 /*****************************************************************************/
297 * update a key's data payload
298 * - the key must be writable
299 * - implements keyctl(KEYCTL_UPDATE)
301 long keyctl_update_key(key_serial_t id,
302 const void __user *_payload,
303 size_t plen)
305 struct key *key;
306 void *payload;
307 long ret;
309 ret = -EINVAL;
310 if (plen > PAGE_SIZE)
311 goto error;
313 /* pull the payload in if one was supplied */
314 payload = NULL;
315 if (_payload) {
316 ret = -ENOMEM;
317 payload = kmalloc(plen, GFP_KERNEL);
318 if (!payload)
319 goto error;
321 ret = -EFAULT;
322 if (copy_from_user(payload, _payload, plen) != 0)
323 goto error2;
326 /* find the target key (which must be writable) */
327 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
328 if (IS_ERR(key)) {
329 ret = PTR_ERR(key);
330 goto error2;
333 /* update the key */
334 ret = key_update(key, payload, plen);
336 key_put(key);
337 error2:
338 kfree(payload);
339 error:
340 return ret;
342 } /* end keyctl_update_key() */
344 /*****************************************************************************/
346 * revoke a key
347 * - the key must be writable
348 * - implements keyctl(KEYCTL_REVOKE)
350 long keyctl_revoke_key(key_serial_t id)
352 struct key *key;
353 long ret;
355 key = lookup_user_key(NULL, id, 0, 0, KEY_WRITE);
356 if (IS_ERR(key)) {
357 ret = PTR_ERR(key);
358 goto error;
361 key_revoke(key);
362 ret = 0;
364 key_put(key);
365 error:
366 return ret;
368 } /* end keyctl_revoke_key() */
370 /*****************************************************************************/
372 * clear the specified process keyring
373 * - the keyring must be writable
374 * - implements keyctl(KEYCTL_CLEAR)
376 long keyctl_keyring_clear(key_serial_t ringid)
378 struct key *keyring;
379 long ret;
381 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
382 if (IS_ERR(keyring)) {
383 ret = PTR_ERR(keyring);
384 goto error;
387 ret = keyring_clear(keyring);
389 key_put(keyring);
390 error:
391 return ret;
393 } /* end keyctl_keyring_clear() */
395 /*****************************************************************************/
397 * link a key into a keyring
398 * - the keyring must be writable
399 * - the key must be linkable
400 * - implements keyctl(KEYCTL_LINK)
402 long keyctl_keyring_link(key_serial_t id, key_serial_t ringid)
404 struct key *keyring, *key;
405 long ret;
407 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
408 if (IS_ERR(keyring)) {
409 ret = PTR_ERR(keyring);
410 goto error;
413 key = lookup_user_key(NULL, id, 1, 0, KEY_LINK);
414 if (IS_ERR(key)) {
415 ret = PTR_ERR(key);
416 goto error2;
419 ret = key_link(keyring, key);
421 key_put(key);
422 error2:
423 key_put(keyring);
424 error:
425 return ret;
427 } /* end keyctl_keyring_link() */
429 /*****************************************************************************/
431 * unlink the first attachment of a key from a keyring
432 * - the keyring must be writable
433 * - we don't need any permissions on the key
434 * - implements keyctl(KEYCTL_UNLINK)
436 long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid)
438 struct key *keyring, *key;
439 long ret;
441 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_WRITE);
442 if (IS_ERR(keyring)) {
443 ret = PTR_ERR(keyring);
444 goto error;
447 key = lookup_user_key(NULL, id, 0, 0, 0);
448 if (IS_ERR(key)) {
449 ret = PTR_ERR(key);
450 goto error2;
453 ret = key_unlink(keyring, key);
455 key_put(key);
456 error2:
457 key_put(keyring);
458 error:
459 return ret;
461 } /* end keyctl_keyring_unlink() */
463 /*****************************************************************************/
465 * describe a user key
466 * - the key must have view permission
467 * - if there's a buffer, we place up to buflen bytes of data into it
468 * - unless there's an error, we return the amount of description available,
469 * irrespective of how much we may have copied
470 * - the description is formatted thus:
471 * type;uid;gid;perm;description<NUL>
472 * - implements keyctl(KEYCTL_DESCRIBE)
474 long keyctl_describe_key(key_serial_t keyid,
475 char __user *buffer,
476 size_t buflen)
478 struct key *key, *instkey;
479 char *tmpbuf;
480 long ret;
482 key = lookup_user_key(NULL, keyid, 0, 1, KEY_VIEW);
483 if (IS_ERR(key)) {
484 /* viewing a key under construction is permitted if we have the
485 * authorisation token handy */
486 if (PTR_ERR(key) == -EACCES) {
487 instkey = key_get_instantiation_authkey(keyid);
488 if (!IS_ERR(instkey)) {
489 key_put(instkey);
490 key = lookup_user_key(NULL, keyid, 0, 1, 0);
491 if (!IS_ERR(key))
492 goto okay;
496 ret = PTR_ERR(key);
497 goto error;
500 okay:
501 /* calculate how much description we're going to return */
502 ret = -ENOMEM;
503 tmpbuf = kmalloc(PAGE_SIZE, GFP_KERNEL);
504 if (!tmpbuf)
505 goto error2;
507 ret = snprintf(tmpbuf, PAGE_SIZE - 1,
508 "%s;%d;%d;%06x;%s",
509 key->type->name,
510 key->uid,
511 key->gid,
512 key->perm,
513 key->description ? key->description :""
516 /* include a NUL char at the end of the data */
517 if (ret > PAGE_SIZE - 1)
518 ret = PAGE_SIZE - 1;
519 tmpbuf[ret] = 0;
520 ret++;
522 /* consider returning the data */
523 if (buffer && buflen > 0) {
524 if (buflen > ret)
525 buflen = ret;
527 if (copy_to_user(buffer, tmpbuf, buflen) != 0)
528 ret = -EFAULT;
531 kfree(tmpbuf);
532 error2:
533 key_put(key);
534 error:
535 return ret;
537 } /* end keyctl_describe_key() */
539 /*****************************************************************************/
541 * search the specified keyring for a matching key
542 * - the start keyring must be searchable
543 * - nested keyrings may also be searched if they are searchable
544 * - only keys with search permission may be found
545 * - if a key is found, it will be attached to the destination keyring if
546 * there's one specified
547 * - implements keyctl(KEYCTL_SEARCH)
549 long keyctl_keyring_search(key_serial_t ringid,
550 const char __user *_type,
551 const char __user *_description,
552 key_serial_t destringid)
554 struct key_type *ktype;
555 struct key *keyring, *key, *dest;
556 char type[32], *description;
557 long dlen, ret;
559 /* pull the type and description into kernel space */
560 ret = strncpy_from_user(type, _type, sizeof(type) - 1);
561 if (ret < 0)
562 goto error;
563 type[31] = '\0';
565 ret = -EFAULT;
566 dlen = strnlen_user(_description, PAGE_SIZE - 1);
567 if (dlen <= 0)
568 goto error;
570 ret = -EINVAL;
571 if (dlen > PAGE_SIZE - 1)
572 goto error;
574 ret = -ENOMEM;
575 description = kmalloc(dlen + 1, GFP_KERNEL);
576 if (!description)
577 goto error;
579 ret = -EFAULT;
580 if (copy_from_user(description, _description, dlen + 1) != 0)
581 goto error2;
583 /* get the keyring at which to begin the search */
584 keyring = lookup_user_key(NULL, ringid, 0, 0, KEY_SEARCH);
585 if (IS_ERR(keyring)) {
586 ret = PTR_ERR(keyring);
587 goto error2;
590 /* get the destination keyring if specified */
591 dest = NULL;
592 if (destringid) {
593 dest = lookup_user_key(NULL, destringid, 1, 0, KEY_WRITE);
594 if (IS_ERR(dest)) {
595 ret = PTR_ERR(dest);
596 goto error3;
600 /* find the key type */
601 ktype = key_type_lookup(type);
602 if (IS_ERR(ktype)) {
603 ret = PTR_ERR(ktype);
604 goto error4;
607 /* do the search */
608 key = keyring_search(keyring, ktype, description);
609 if (IS_ERR(key)) {
610 ret = PTR_ERR(key);
612 /* treat lack or presence of a negative key the same */
613 if (ret == -EAGAIN)
614 ret = -ENOKEY;
615 goto error5;
618 /* link the resulting key to the destination keyring if we can */
619 if (dest) {
620 ret = -EACCES;
621 if (!key_permission(key, KEY_LINK))
622 goto error6;
624 ret = key_link(dest, key);
625 if (ret < 0)
626 goto error6;
629 ret = key->serial;
631 error6:
632 key_put(key);
633 error5:
634 key_type_put(ktype);
635 error4:
636 key_put(dest);
637 error3:
638 key_put(keyring);
639 error2:
640 kfree(description);
641 error:
642 return ret;
644 } /* end keyctl_keyring_search() */
646 /*****************************************************************************/
648 * see if the key we're looking at is the target key
650 static int keyctl_read_key_same(const struct key *key, const void *target)
652 return key == target;
654 } /* end keyctl_read_key_same() */
656 /*****************************************************************************/
658 * read a user key's payload
659 * - the keyring must be readable or the key must be searchable from the
660 * process's keyrings
661 * - if there's a buffer, we place up to buflen bytes of data into it
662 * - unless there's an error, we return the amount of data in the key,
663 * irrespective of how much we may have copied
664 * - implements keyctl(KEYCTL_READ)
666 long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen)
668 struct key *key, *skey;
669 long ret;
671 /* find the key first */
672 key = lookup_user_key(NULL, keyid, 0, 0, 0);
673 if (!IS_ERR(key)) {
674 /* see if we can read it directly */
675 if (key_permission(key, KEY_READ))
676 goto can_read_key;
678 /* we can't; see if it's searchable from this process's
679 * keyrings
680 * - we automatically take account of the fact that it may be
681 * dangling off an instantiation key
683 skey = search_process_keyrings(key->type, key,
684 keyctl_read_key_same, current);
685 if (!IS_ERR(skey))
686 goto can_read_key2;
688 ret = PTR_ERR(skey);
689 if (ret == -EAGAIN)
690 ret = -EACCES;
691 goto error2;
694 ret = -ENOKEY;
695 goto error;
697 /* the key is probably readable - now try to read it */
698 can_read_key2:
699 key_put(skey);
700 can_read_key:
701 ret = key_validate(key);
702 if (ret == 0) {
703 ret = -EOPNOTSUPP;
704 if (key->type->read) {
705 /* read the data with the semaphore held (since we
706 * might sleep) */
707 down_read(&key->sem);
708 ret = key->type->read(key, buffer, buflen);
709 up_read(&key->sem);
713 error2:
714 key_put(key);
715 error:
716 return ret;
718 } /* end keyctl_read_key() */
720 /*****************************************************************************/
722 * change the ownership of a key
723 * - the keyring owned by the changer
724 * - if the uid or gid is -1, then that parameter is not changed
725 * - implements keyctl(KEYCTL_CHOWN)
727 long keyctl_chown_key(key_serial_t id, uid_t uid, gid_t gid)
729 struct key *key;
730 long ret;
732 ret = 0;
733 if (uid == (uid_t) -1 && gid == (gid_t) -1)
734 goto error;
736 key = lookup_user_key(NULL, id, 1, 1, 0);
737 if (IS_ERR(key)) {
738 ret = PTR_ERR(key);
739 goto error;
742 /* make the changes with the locks held to prevent chown/chown races */
743 ret = -EACCES;
744 down_write(&key->sem);
746 if (!capable(CAP_SYS_ADMIN)) {
747 /* only the sysadmin can chown a key to some other UID */
748 if (uid != (uid_t) -1 && key->uid != uid)
749 goto no_access;
751 /* only the sysadmin can set the key's GID to a group other
752 * than one of those that the current process subscribes to */
753 if (gid != (gid_t) -1 && gid != key->gid && !in_group_p(gid))
754 goto no_access;
757 /* change the UID (have to update the quotas) */
758 if (uid != (uid_t) -1 && uid != key->uid) {
759 /* don't support UID changing yet */
760 ret = -EOPNOTSUPP;
761 goto no_access;
764 /* change the GID */
765 if (gid != (gid_t) -1)
766 key->gid = gid;
768 ret = 0;
770 no_access:
771 up_write(&key->sem);
772 key_put(key);
773 error:
774 return ret;
776 } /* end keyctl_chown_key() */
778 /*****************************************************************************/
780 * change the permission mask on a key
781 * - the keyring owned by the changer
782 * - implements keyctl(KEYCTL_SETPERM)
784 long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
786 struct key *key;
787 long ret;
789 ret = -EINVAL;
790 if (perm & ~(KEY_USR_ALL | KEY_GRP_ALL | KEY_OTH_ALL))
791 goto error;
793 key = lookup_user_key(NULL, id, 1, 1, 0);
794 if (IS_ERR(key)) {
795 ret = PTR_ERR(key);
796 goto error;
799 /* make the changes with the locks held to prevent chown/chmod races */
800 ret = -EACCES;
801 down_write(&key->sem);
803 /* if we're not the sysadmin, we can only change a key that we own */
804 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) {
805 key->perm = perm;
806 ret = 0;
809 up_write(&key->sem);
810 key_put(key);
811 error:
812 return ret;
814 } /* end keyctl_setperm_key() */
816 /*****************************************************************************/
818 * instantiate the key with the specified payload, and, if one is given, link
819 * the key into the keyring
821 long keyctl_instantiate_key(key_serial_t id,
822 const void __user *_payload,
823 size_t plen,
824 key_serial_t ringid)
826 struct request_key_auth *rka;
827 struct key *instkey, *keyring;
828 void *payload;
829 long ret;
831 ret = -EINVAL;
832 if (plen > 32767)
833 goto error;
835 /* pull the payload in if one was supplied */
836 payload = NULL;
838 if (_payload) {
839 ret = -ENOMEM;
840 payload = kmalloc(plen, GFP_KERNEL);
841 if (!payload)
842 goto error;
844 ret = -EFAULT;
845 if (copy_from_user(payload, _payload, plen) != 0)
846 goto error2;
849 /* find the instantiation authorisation key */
850 instkey = key_get_instantiation_authkey(id);
851 if (IS_ERR(instkey)) {
852 ret = PTR_ERR(instkey);
853 goto error2;
856 rka = instkey->payload.data;
858 /* find the destination keyring amongst those belonging to the
859 * requesting task */
860 keyring = NULL;
861 if (ringid) {
862 keyring = lookup_user_key(rka->context, ringid, 1, 0,
863 KEY_WRITE);
864 if (IS_ERR(keyring)) {
865 ret = PTR_ERR(keyring);
866 goto error3;
870 /* instantiate the key and link it into a keyring */
871 ret = key_instantiate_and_link(rka->target_key, payload, plen,
872 keyring, instkey);
874 key_put(keyring);
875 error3:
876 key_put(instkey);
877 error2:
878 kfree(payload);
879 error:
880 return ret;
882 } /* end keyctl_instantiate_key() */
884 /*****************************************************************************/
886 * negatively instantiate the key with the given timeout (in seconds), and, if
887 * one is given, link the key into the keyring
889 long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
891 struct request_key_auth *rka;
892 struct key *instkey, *keyring;
893 long ret;
895 /* find the instantiation authorisation key */
896 instkey = key_get_instantiation_authkey(id);
897 if (IS_ERR(instkey)) {
898 ret = PTR_ERR(instkey);
899 goto error;
902 rka = instkey->payload.data;
904 /* find the destination keyring if present (which must also be
905 * writable) */
906 keyring = NULL;
907 if (ringid) {
908 keyring = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
909 if (IS_ERR(keyring)) {
910 ret = PTR_ERR(keyring);
911 goto error2;
915 /* instantiate the key and link it into a keyring */
916 ret = key_negate_and_link(rka->target_key, timeout, keyring, instkey);
918 key_put(keyring);
919 error2:
920 key_put(instkey);
921 error:
922 return ret;
924 } /* end keyctl_negate_key() */
926 /*****************************************************************************/
928 * set the default keyring in which request_key() will cache keys
929 * - return the old setting
931 long keyctl_set_reqkey_keyring(int reqkey_defl)
933 int ret;
935 switch (reqkey_defl) {
936 case KEY_REQKEY_DEFL_THREAD_KEYRING:
937 ret = install_thread_keyring(current);
938 if (ret < 0)
939 return ret;
940 goto set;
942 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
943 ret = install_process_keyring(current);
944 if (ret < 0)
945 return ret;
947 case KEY_REQKEY_DEFL_DEFAULT:
948 case KEY_REQKEY_DEFL_SESSION_KEYRING:
949 case KEY_REQKEY_DEFL_USER_KEYRING:
950 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
951 set:
952 current->jit_keyring = reqkey_defl;
954 case KEY_REQKEY_DEFL_NO_CHANGE:
955 return current->jit_keyring;
957 case KEY_REQKEY_DEFL_GROUP_KEYRING:
958 default:
959 return -EINVAL;
962 } /* end keyctl_set_reqkey_keyring() */
964 /*****************************************************************************/
966 * the key control system call
968 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
969 unsigned long arg4, unsigned long arg5)
971 switch (option) {
972 case KEYCTL_GET_KEYRING_ID:
973 return keyctl_get_keyring_ID((key_serial_t) arg2,
974 (int) arg3);
976 case KEYCTL_JOIN_SESSION_KEYRING:
977 return keyctl_join_session_keyring((const char __user *) arg2);
979 case KEYCTL_UPDATE:
980 return keyctl_update_key((key_serial_t) arg2,
981 (const void __user *) arg3,
982 (size_t) arg4);
984 case KEYCTL_REVOKE:
985 return keyctl_revoke_key((key_serial_t) arg2);
987 case KEYCTL_DESCRIBE:
988 return keyctl_describe_key((key_serial_t) arg2,
989 (char __user *) arg3,
990 (unsigned) arg4);
992 case KEYCTL_CLEAR:
993 return keyctl_keyring_clear((key_serial_t) arg2);
995 case KEYCTL_LINK:
996 return keyctl_keyring_link((key_serial_t) arg2,
997 (key_serial_t) arg3);
999 case KEYCTL_UNLINK:
1000 return keyctl_keyring_unlink((key_serial_t) arg2,
1001 (key_serial_t) arg3);
1003 case KEYCTL_SEARCH:
1004 return keyctl_keyring_search((key_serial_t) arg2,
1005 (const char __user *) arg3,
1006 (const char __user *) arg4,
1007 (key_serial_t) arg5);
1009 case KEYCTL_READ:
1010 return keyctl_read_key((key_serial_t) arg2,
1011 (char __user *) arg3,
1012 (size_t) arg4);
1014 case KEYCTL_CHOWN:
1015 return keyctl_chown_key((key_serial_t) arg2,
1016 (uid_t) arg3,
1017 (gid_t) arg4);
1019 case KEYCTL_SETPERM:
1020 return keyctl_setperm_key((key_serial_t) arg2,
1021 (key_perm_t) arg3);
1023 case KEYCTL_INSTANTIATE:
1024 return keyctl_instantiate_key((key_serial_t) arg2,
1025 (const void __user *) arg3,
1026 (size_t) arg4,
1027 (key_serial_t) arg5);
1029 case KEYCTL_NEGATE:
1030 return keyctl_negate_key((key_serial_t) arg2,
1031 (unsigned) arg3,
1032 (key_serial_t) arg4);
1034 case KEYCTL_SET_REQKEY_KEYRING:
1035 return keyctl_set_reqkey_keyring(arg2);
1037 default:
1038 return -EOPNOTSUPP;
1041 } /* end sys_keyctl() */