1 /* procfs files for key database enumeration
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
16 #include <linux/proc_fs.h>
17 #include <linux/seq_file.h>
18 #include <asm/errno.h>
21 static int proc_keys_open(struct inode
*inode
, struct file
*file
);
22 static void *proc_keys_start(struct seq_file
*p
, loff_t
*_pos
);
23 static void *proc_keys_next(struct seq_file
*p
, void *v
, loff_t
*_pos
);
24 static void proc_keys_stop(struct seq_file
*p
, void *v
);
25 static int proc_keys_show(struct seq_file
*m
, void *v
);
27 static const struct seq_operations proc_keys_ops
= {
28 .start
= proc_keys_start
,
29 .next
= proc_keys_next
,
30 .stop
= proc_keys_stop
,
31 .show
= proc_keys_show
,
34 static const struct file_operations proc_keys_fops
= {
35 .open
= proc_keys_open
,
38 .release
= seq_release
,
41 static int proc_key_users_open(struct inode
*inode
, struct file
*file
);
42 static void *proc_key_users_start(struct seq_file
*p
, loff_t
*_pos
);
43 static void *proc_key_users_next(struct seq_file
*p
, void *v
, loff_t
*_pos
);
44 static void proc_key_users_stop(struct seq_file
*p
, void *v
);
45 static int proc_key_users_show(struct seq_file
*m
, void *v
);
47 static const struct seq_operations proc_key_users_ops
= {
48 .start
= proc_key_users_start
,
49 .next
= proc_key_users_next
,
50 .stop
= proc_key_users_stop
,
51 .show
= proc_key_users_show
,
54 static const struct file_operations proc_key_users_fops
= {
55 .open
= proc_key_users_open
,
58 .release
= seq_release
,
62 * Declare the /proc files.
64 static int __init
key_proc_init(void)
66 struct proc_dir_entry
*p
;
68 p
= proc_create("keys", 0, NULL
, &proc_keys_fops
);
70 panic("Cannot create /proc/keys\n");
72 p
= proc_create("key-users", 0, NULL
, &proc_key_users_fops
);
74 panic("Cannot create /proc/key-users\n");
79 __initcall(key_proc_init
);
82 * Implement "/proc/keys" to provide a list of the keys on the system that
83 * grant View permission to the caller.
85 static struct rb_node
*key_serial_next(struct seq_file
*p
, struct rb_node
*n
)
87 struct user_namespace
*user_ns
= seq_user_ns(p
);
91 struct key
*key
= rb_entry(n
, struct key
, serial_node
);
92 if (kuid_has_mapping(user_ns
, key
->user
->uid
))
99 static int proc_keys_open(struct inode
*inode
, struct file
*file
)
101 return seq_open(file
, &proc_keys_ops
);
104 static struct key
*find_ge_key(struct seq_file
*p
, key_serial_t id
)
106 struct user_namespace
*user_ns
= seq_user_ns(p
);
107 struct rb_node
*n
= key_serial_tree
.rb_node
;
108 struct key
*minkey
= NULL
;
111 struct key
*key
= rb_entry(n
, struct key
, serial_node
);
112 if (id
< key
->serial
) {
113 if (!minkey
|| minkey
->serial
> key
->serial
)
116 } else if (id
> key
->serial
) {
129 if (kuid_has_mapping(user_ns
, minkey
->user
->uid
))
131 n
= rb_next(&minkey
->serial_node
);
134 minkey
= rb_entry(n
, struct key
, serial_node
);
138 static void *proc_keys_start(struct seq_file
*p
, loff_t
*_pos
)
139 __acquires(key_serial_lock
)
141 key_serial_t pos
= *_pos
;
144 spin_lock(&key_serial_lock
);
148 key
= find_ge_key(p
, pos
);
152 return &key
->serial_node
;
155 static inline key_serial_t
key_node_serial(struct rb_node
*n
)
157 struct key
*key
= rb_entry(n
, struct key
, serial_node
);
161 static void *proc_keys_next(struct seq_file
*p
, void *v
, loff_t
*_pos
)
165 n
= key_serial_next(p
, v
);
167 *_pos
= key_node_serial(n
);
171 static void proc_keys_stop(struct seq_file
*p
, void *v
)
172 __releases(key_serial_lock
)
174 spin_unlock(&key_serial_lock
);
177 static int proc_keys_show(struct seq_file
*m
, void *v
)
179 struct rb_node
*_p
= v
;
180 struct key
*key
= rb_entry(_p
, struct key
, serial_node
);
183 key_ref_t key_ref
, skey_ref
;
187 struct keyring_search_context ctx
= {
188 .index_key
.type
= key
->type
,
189 .index_key
.description
= key
->description
,
190 .cred
= current_cred(),
191 .match_data
.cmp
= lookup_user_key_possessed
,
192 .match_data
.raw_data
= key
,
193 .match_data
.lookup_type
= KEYRING_SEARCH_LOOKUP_DIRECT
,
194 .flags
= KEYRING_SEARCH_NO_STATE_CHECK
,
197 key_ref
= make_key_ref(key
, 0);
199 /* determine if the key is possessed by this process (a test we can
200 * skip if the key does not indicate the possessor can view it
202 if (key
->perm
& KEY_POS_VIEW
) {
203 skey_ref
= search_my_process_keyrings(&ctx
);
204 if (!IS_ERR(skey_ref
)) {
205 key_ref_put(skey_ref
);
206 key_ref
= make_key_ref(key
, 1);
210 /* check whether the current task is allowed to view the key (assuming
212 * - the caller holds a spinlock, and thus the RCU read lock, making our
213 * access to __current_cred() safe
215 rc
= key_task_permission(key_ref
, ctx
.cred
, KEY_NEED_VIEW
);
219 now
= current_kernel_time();
223 /* come up with a suitable timeout value */
224 if (key
->expiry
== 0) {
225 memcpy(xbuf
, "perm", 5);
226 } else if (now
.tv_sec
>= key
->expiry
) {
227 memcpy(xbuf
, "expd", 5);
229 timo
= key
->expiry
- now
.tv_sec
;
232 sprintf(xbuf
, "%lus", timo
);
233 else if (timo
< 60*60)
234 sprintf(xbuf
, "%lum", timo
/ 60);
235 else if (timo
< 60*60*24)
236 sprintf(xbuf
, "%luh", timo
/ (60*60));
237 else if (timo
< 60*60*24*7)
238 sprintf(xbuf
, "%lud", timo
/ (60*60*24));
240 sprintf(xbuf
, "%luw", timo
/ (60*60*24*7));
243 #define showflag(KEY, LETTER, FLAG) \
244 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
246 seq_printf(m
, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
248 showflag(key
, 'I', KEY_FLAG_INSTANTIATED
),
249 showflag(key
, 'R', KEY_FLAG_REVOKED
),
250 showflag(key
, 'D', KEY_FLAG_DEAD
),
251 showflag(key
, 'Q', KEY_FLAG_IN_QUOTA
),
252 showflag(key
, 'U', KEY_FLAG_USER_CONSTRUCT
),
253 showflag(key
, 'N', KEY_FLAG_NEGATIVE
),
254 showflag(key
, 'i', KEY_FLAG_INVALIDATED
),
255 atomic_read(&key
->usage
),
258 from_kuid_munged(seq_user_ns(m
), key
->uid
),
259 from_kgid_munged(seq_user_ns(m
), key
->gid
),
264 if (key
->type
->describe
)
265 key
->type
->describe(key
, m
);
272 static struct rb_node
*__key_user_next(struct user_namespace
*user_ns
, struct rb_node
*n
)
275 struct key_user
*user
= rb_entry(n
, struct key_user
, node
);
276 if (kuid_has_mapping(user_ns
, user
->uid
))
283 static struct rb_node
*key_user_next(struct user_namespace
*user_ns
, struct rb_node
*n
)
285 return __key_user_next(user_ns
, rb_next(n
));
288 static struct rb_node
*key_user_first(struct user_namespace
*user_ns
, struct rb_root
*r
)
290 struct rb_node
*n
= rb_first(r
);
291 return __key_user_next(user_ns
, n
);
295 * Implement "/proc/key-users" to provides a list of the key users and their
298 static int proc_key_users_open(struct inode
*inode
, struct file
*file
)
300 return seq_open(file
, &proc_key_users_ops
);
303 static void *proc_key_users_start(struct seq_file
*p
, loff_t
*_pos
)
304 __acquires(key_user_lock
)
309 spin_lock(&key_user_lock
);
311 _p
= key_user_first(seq_user_ns(p
), &key_user_tree
);
312 while (pos
> 0 && _p
) {
314 _p
= key_user_next(seq_user_ns(p
), _p
);
320 static void *proc_key_users_next(struct seq_file
*p
, void *v
, loff_t
*_pos
)
323 return key_user_next(seq_user_ns(p
), (struct rb_node
*)v
);
326 static void proc_key_users_stop(struct seq_file
*p
, void *v
)
327 __releases(key_user_lock
)
329 spin_unlock(&key_user_lock
);
332 static int proc_key_users_show(struct seq_file
*m
, void *v
)
334 struct rb_node
*_p
= v
;
335 struct key_user
*user
= rb_entry(_p
, struct key_user
, node
);
336 unsigned maxkeys
= uid_eq(user
->uid
, GLOBAL_ROOT_UID
) ?
337 key_quota_root_maxkeys
: key_quota_maxkeys
;
338 unsigned maxbytes
= uid_eq(user
->uid
, GLOBAL_ROOT_UID
) ?
339 key_quota_root_maxbytes
: key_quota_maxbytes
;
341 seq_printf(m
, "%5u: %5d %d/%d %d/%d %d/%d\n",
342 from_kuid_munged(seq_user_ns(m
), user
->uid
),
343 atomic_read(&user
->usage
),
344 atomic_read(&user
->nkeys
),
345 atomic_read(&user
->nikeys
),