Openwrt-EcoNet/kernel-49
1
0
Fork 0
Code Activity
Files
kernel-49/security/keys/request_key_auth.c
Greg Kroah-Hartman f61f3b1c19 Merge 4.9.194 into android-4.9 
Changes in 4.9.194
	bridge/mdb: remove wrong use of NLM_F_MULTI
	cdc_ether: fix rndis support for Mediatek based smartphones
	ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()'
	isdn/capi: check message length in capi_write()
	net: Fix null de-reference of device refcount
	net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list
	sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero
	sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()'
	sctp: use transport pf_retrans in sctp_do_8_2_transport_strike
	tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR
	tipc: add NULL pointer check before calling kfree_rcu
	tun: fix use-after-free when register netdev failed
	Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur"
	gpio: fix line flag validation in linehandle_create
	gpio: fix line flag validation in lineevent_create
	Btrfs: fix assertion failure during fsync and use of stale transaction
	genirq: Prevent NULL pointer dereference in resend_irqs()
	KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl
	KVM: x86: work around leak of uninitialized stack contents
	KVM: nVMX: handle page fault in vmread
	MIPS: VDSO: Prevent use of smp_processor_id()
	MIPS: VDSO: Use same -m%-float cflag as the kernel proper
	clk: rockchip: Don't yell about bad mmc phases when getting
	mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue
	driver core: Fix use-after-free and double free on glue directory
	crypto: talitos - check AES key size
	crypto: talitos - fix CTR alg blocksize
	crypto: talitos - check data blocksize in ablkcipher.
	crypto: talitos - fix ECB algs ivsize
	crypto: talitos - Do not modify req->cryptlen on decryption.
	crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking.
	drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto
	nvmem: Use the same permissions for eeprom as for nvmem
	x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning
	USB: usbcore: Fix slab-out-of-bounds bug during device reset
	media: tm6000: double free if usb disconnect while streaming
	powerpc/mm/radix: Use the right page size for vmemmap mapping
	x86/boot: Add missing bootparam that breaks boot on some platforms
	xen-netfront: do not assume sk_buff_head list is empty in error handling
	KVM: coalesced_mmio: add bounds checking
	serial: sprd: correct the wrong sequence of arguments
	tty/serial: atmel: reschedule TX after RX was started
	mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
	ARM: OMAP2+: Fix missing SYSC_HAS_RESET_STATUS for dra7 epwmss
	s390/bpf: fix lcgr instruction encoding
	ARM: OMAP2+: Fix omap4 errata warning on other SoCs
	s390/bpf: use 32-bit index for tail calls
	NFSv4: Fix return values for nfs4_file_open()
	NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup
	Kconfig: Fix the reference to the IDT77105 Phy driver in the description of ATM_NICSTAR_USE_IDT77105
	qed: Add cleanup in qed_slowpath_start()
	ARM: 8874/1: mm: only adjust sections of valid mm structures
	batman-adv: Only read OGM2 tvlv_len after buffer len check
	r8152: Set memory to all 0xFFs on failed reg reads
	x86/apic: Fix arch_dynirq_lower_bound() bug for DT enabled machines
	netfilter: nf_conntrack_ftp: Fix debug output
	NFSv2: Fix eof handling
	NFSv2: Fix write regression
	cifs: set domainName when a domain-key is used in multiuser
	cifs: Use kzfree() to zero out the password
	ARM: 8901/1: add a criteria for pfn_valid of arm
	sky2: Disable MSI on yet another ASUS boards (P6Xxxx)
	perf/x86/intel: Restrict period on Nehalem
	perf/x86/amd/ibs: Fix sample bias for dispatched micro-ops
	tools/power turbostat: fix buffer overrun
	net: seeq: Fix the function used to release some memory in an error handling path
	dmaengine: ti: dma-crossbar: Fix a memory leak bug
	dmaengine: ti: omap-dma: Add cleanup in omap_dma_probe()
	x86/uaccess: Don't leak the AC flags into __get_user() argument evaluation
	keys: Fix missing null pointer check in request_key_auth_describe()
	iommu/amd: Fix race in increase_address_space()
	floppy: fix usercopy direction
	media: technisat-usb2: break out of loop at end of buffer
	ARC: export "abort" for modules
	net_sched: let qdisc_put() accept NULL pointer
	Linux 4.9.194

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
2019-09-22 17:06:19 +03:00

283 lines
7.0 KiB
C
Raw Permalink Blame History

/* Request key authorisation token key definition.
*
* Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*
* See Documentation/security/keys-request-key.txt
*/
#include <linux/module.h>
#include <linux/sched.h>
#include <linux/err.h>
#include <linux/seq_file.h>
#include <linux/slab.h>
#include <asm/uaccess.h>
#include "internal.h"
#include <keys/user-type.h>
static int request_key_auth_preparse(struct key_preparsed_payload *);
static void request_key_auth_free_preparse(struct key_preparsed_payload *);
static int request_key_auth_instantiate(struct key *,
struct key_preparsed_payload *);
static void request_key_auth_describe(const struct key *, struct seq_file *);
static void request_key_auth_revoke(struct key *);
static void request_key_auth_destroy(struct key *);
static long request_key_auth_read(const struct key *, char __user *, size_t);
/*
* The request-key authorisation key type definition.
*/
struct key_type key_type_request_key_auth = {
.name = ".request_key_auth",
.def_datalen = sizeof(struct request_key_auth),
.preparse = request_key_auth_preparse,
.free_preparse = request_key_auth_free_preparse,
.instantiate = request_key_auth_instantiate,
.describe = request_key_auth_describe,
.revoke = request_key_auth_revoke,
.destroy = request_key_auth_destroy,
.read = request_key_auth_read,
};
static int request_key_auth_preparse(struct key_preparsed_payload *prep)
{
return 0;
}
static void request_key_auth_free_preparse(struct key_preparsed_payload *prep)
{
}
/*
* Instantiate a request-key authorisation key.
*/
static int request_key_auth_instantiate(struct key *key,
struct key_preparsed_payload *prep)
{
key->payload.data[0] = (struct request_key_auth *)prep->data;
return 0;
}
/*
* Describe an authorisation token.
*/
static void request_key_auth_describe(const struct key *key,
struct seq_file *m)
{
struct request_key_auth *rka = key->payload.data[0];
if (!rka)
return;
seq_puts(m, "key:");
seq_puts(m, key->description);
if (key_is_positive(key))
seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
}
/*
* Read the callout_info data (retrieves the callout information).
* - the key's semaphore is read-locked
*/
static long request_key_auth_read(const struct key *key,
char __user *buffer, size_t buflen)
{
struct request_key_auth *rka = key->payload.data[0];
size_t datalen;
long ret;
if (!rka)
return -EKEYREVOKED;
datalen = rka->callout_len;
ret = datalen;
/* we can return the data as is */
if (buffer && buflen > 0) {
if (buflen > datalen)
buflen = datalen;
if (copy_to_user(buffer, rka->callout_info, buflen) != 0)
ret = -EFAULT;
}
return ret;
}
/*
* Handle revocation of an authorisation token key.
*
* Called with the key sem write-locked.
*/
static void request_key_auth_revoke(struct key *key)
{
struct request_key_auth *rka = key->payload.data[0];
kenter("{%d}", key->serial);
if (rka->cred) {
put_cred(rka->cred);
rka->cred = NULL;
}
}
/*
* Destroy an instantiation authorisation token key.
*/
static void request_key_auth_destroy(struct key *key)
{
struct request_key_auth *rka = key->payload.data[0];
kenter("{%d}", key->serial);
if (rka->cred) {
put_cred(rka->cred);
rka->cred = NULL;
}
key_put(rka->target_key);
key_put(rka->dest_keyring);
kfree(rka->callout_info);
kfree(rka);
}
/*
* Create an authorisation token for /sbin/request-key or whoever to gain
* access to the caller's security data.
*/
struct key *request_key_auth_new(struct key *target, const void *callout_info,
size_t callout_len, struct key *dest_keyring)
{
struct request_key_auth *rka, *irka;
const struct cred *cred = current->cred;
struct key *authkey = NULL;
char desc[20];
int ret;
kenter("%d,", target->serial);
/* allocate a auth record */
rka = kmalloc(sizeof(*rka), GFP_KERNEL);
if (!rka) {
kleave(" = -ENOMEM");
return ERR_PTR(-ENOMEM);
}
rka->callout_info = kmalloc(callout_len, GFP_KERNEL);
if (!rka->callout_info) {
kleave(" = -ENOMEM");
kfree(rka);
return ERR_PTR(-ENOMEM);
}
/* see if the calling process is already servicing the key request of
* another process */
if (cred->request_key_auth) {
/* it is - use that instantiation context here too */
down_read(&cred->request_key_auth->sem);
/* if the auth key has been revoked, then the key we're
* servicing is already instantiated */
if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags))
goto auth_key_revoked;
irka = cred->request_key_auth->payload.data[0];
rka->cred = get_cred(irka->cred);
rka->pid = irka->pid;
up_read(&cred->request_key_auth->sem);
}
else {
/* it isn't - use this process as the context */
rka->cred = get_cred(cred);
rka->pid = current->pid;
}
rka->target_key = key_get(target);
rka->dest_keyring = key_get(dest_keyring);
memcpy(rka->callout_info, callout_info, callout_len);
rka->callout_len = callout_len;
/* allocate the auth key */
sprintf(desc, "%x", target->serial);
authkey = key_alloc(&key_type_request_key_auth, desc,
cred->fsuid, cred->fsgid, cred,
KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
if (IS_ERR(authkey)) {
ret = PTR_ERR(authkey);
goto error_alloc;
}
/* construct the auth key */
ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
if (ret < 0)
goto error_inst;
kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage));
return authkey;
auth_key_revoked:
up_read(&cred->request_key_auth->sem);
kfree(rka->callout_info);
kfree(rka);
kleave("= -EKEYREVOKED");
return ERR_PTR(-EKEYREVOKED);
error_inst:
key_revoke(authkey);
key_put(authkey);
error_alloc:
key_put(rka->target_key);
key_put(rka->dest_keyring);
kfree(rka->callout_info);
kfree(rka);
kleave("= %d", ret);
return ERR_PTR(ret);
}
/*
* Search the current process's keyrings for the authorisation key for
* instantiation of a key.
*/
struct key *key_get_instantiation_authkey(key_serial_t target_id)
{
char description[16];
struct keyring_search_context ctx = {
.index_key.type = &key_type_request_key_auth,
.index_key.description = description,
.cred = current_cred(),
.match_data.cmp = key_default_cmp,
.match_data.raw_data = description,
.match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
.flags = KEYRING_SEARCH_DO_STATE_CHECK,
};
struct key *authkey;
key_ref_t authkey_ref;
ctx.index_key.desc_len = sprintf(description, "%x", target_id);
authkey_ref = search_process_keyrings(&ctx);
if (IS_ERR(authkey_ref)) {
authkey = ERR_CAST(authkey_ref);
if (authkey == ERR_PTR(-EAGAIN))
authkey = ERR_PTR(-ENOKEY);
goto error;
}
authkey = key_ref_to_ptr(authkey_ref);
if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {
key_put(authkey);
authkey = ERR_PTR(-EKEYREVOKED);
}
error:
return authkey;
}
View Git Blame Copy Permalink