Loading...
1/* procfs files for key database enumeration
2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/fs.h>
16#include <linux/proc_fs.h>
17#include <linux/seq_file.h>
18#include <asm/errno.h>
19#include "internal.h"
20
21static int proc_keys_open(struct inode *inode, struct file *file);
22static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
23static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
24static void proc_keys_stop(struct seq_file *p, void *v);
25static int proc_keys_show(struct seq_file *m, void *v);
26
27static const struct seq_operations proc_keys_ops = {
28 .start = proc_keys_start,
29 .next = proc_keys_next,
30 .stop = proc_keys_stop,
31 .show = proc_keys_show,
32};
33
34static const struct file_operations proc_keys_fops = {
35 .open = proc_keys_open,
36 .read = seq_read,
37 .llseek = seq_lseek,
38 .release = seq_release,
39};
40
41static int proc_key_users_open(struct inode *inode, struct file *file);
42static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
43static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
44static void proc_key_users_stop(struct seq_file *p, void *v);
45static int proc_key_users_show(struct seq_file *m, void *v);
46
47static const struct seq_operations proc_key_users_ops = {
48 .start = proc_key_users_start,
49 .next = proc_key_users_next,
50 .stop = proc_key_users_stop,
51 .show = proc_key_users_show,
52};
53
54static const struct file_operations proc_key_users_fops = {
55 .open = proc_key_users_open,
56 .read = seq_read,
57 .llseek = seq_lseek,
58 .release = seq_release,
59};
60
61/*
62 * Declare the /proc files.
63 */
64static int __init key_proc_init(void)
65{
66 struct proc_dir_entry *p;
67
68 p = proc_create("keys", 0, NULL, &proc_keys_fops);
69 if (!p)
70 panic("Cannot create /proc/keys\n");
71
72 p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
73 if (!p)
74 panic("Cannot create /proc/key-users\n");
75
76 return 0;
77}
78
79__initcall(key_proc_init);
80
81/*
82 * Implement "/proc/keys" to provide a list of the keys on the system that
83 * grant View permission to the caller.
84 */
85static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
86{
87 struct user_namespace *user_ns = seq_user_ns(p);
88
89 n = rb_next(n);
90 while (n) {
91 struct key *key = rb_entry(n, struct key, serial_node);
92 if (kuid_has_mapping(user_ns, key->user->uid))
93 break;
94 n = rb_next(n);
95 }
96 return n;
97}
98
99static int proc_keys_open(struct inode *inode, struct file *file)
100{
101 return seq_open(file, &proc_keys_ops);
102}
103
104static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
105{
106 struct user_namespace *user_ns = seq_user_ns(p);
107 struct rb_node *n = key_serial_tree.rb_node;
108 struct key *minkey = NULL;
109
110 while (n) {
111 struct key *key = rb_entry(n, struct key, serial_node);
112 if (id < key->serial) {
113 if (!minkey || minkey->serial > key->serial)
114 minkey = key;
115 n = n->rb_left;
116 } else if (id > key->serial) {
117 n = n->rb_right;
118 } else {
119 minkey = key;
120 break;
121 }
122 key = NULL;
123 }
124
125 if (!minkey)
126 return NULL;
127
128 for (;;) {
129 if (kuid_has_mapping(user_ns, minkey->user->uid))
130 return minkey;
131 n = rb_next(&minkey->serial_node);
132 if (!n)
133 return NULL;
134 minkey = rb_entry(n, struct key, serial_node);
135 }
136}
137
138static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
139 __acquires(key_serial_lock)
140{
141 key_serial_t pos = *_pos;
142 struct key *key;
143
144 spin_lock(&key_serial_lock);
145
146 if (*_pos > INT_MAX)
147 return NULL;
148 key = find_ge_key(p, pos);
149 if (!key)
150 return NULL;
151 *_pos = key->serial;
152 return &key->serial_node;
153}
154
155static inline key_serial_t key_node_serial(struct rb_node *n)
156{
157 struct key *key = rb_entry(n, struct key, serial_node);
158 return key->serial;
159}
160
161static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
162{
163 struct rb_node *n;
164
165 n = key_serial_next(p, v);
166 if (n)
167 *_pos = key_node_serial(n);
168 return n;
169}
170
171static void proc_keys_stop(struct seq_file *p, void *v)
172 __releases(key_serial_lock)
173{
174 spin_unlock(&key_serial_lock);
175}
176
177static int proc_keys_show(struct seq_file *m, void *v)
178{
179 struct rb_node *_p = v;
180 struct key *key = rb_entry(_p, struct key, serial_node);
181 struct timespec now;
182 unsigned long timo;
183 key_ref_t key_ref, skey_ref;
184 char xbuf[12];
185 int rc;
186
187 struct keyring_search_context ctx = {
188 .index_key.type = key->type,
189 .index_key.description = key->description,
190 .cred = current_cred(),
191 .match_data.cmp = lookup_user_key_possessed,
192 .match_data.raw_data = key,
193 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
194 .flags = KEYRING_SEARCH_NO_STATE_CHECK,
195 };
196
197 key_ref = make_key_ref(key, 0);
198
199 /* determine if the key is possessed by this process (a test we can
200 * skip if the key does not indicate the possessor can view it
201 */
202 if (key->perm & KEY_POS_VIEW) {
203 skey_ref = search_my_process_keyrings(&ctx);
204 if (!IS_ERR(skey_ref)) {
205 key_ref_put(skey_ref);
206 key_ref = make_key_ref(key, 1);
207 }
208 }
209
210 /* check whether the current task is allowed to view the key (assuming
211 * non-possession)
212 * - the caller holds a spinlock, and thus the RCU read lock, making our
213 * access to __current_cred() safe
214 */
215 rc = key_task_permission(key_ref, ctx.cred, KEY_NEED_VIEW);
216 if (rc < 0)
217 return 0;
218
219 now = current_kernel_time();
220
221 rcu_read_lock();
222
223 /* come up with a suitable timeout value */
224 if (key->expiry == 0) {
225 memcpy(xbuf, "perm", 5);
226 } else if (now.tv_sec >= key->expiry) {
227 memcpy(xbuf, "expd", 5);
228 } else {
229 timo = key->expiry - now.tv_sec;
230
231 if (timo < 60)
232 sprintf(xbuf, "%lus", timo);
233 else if (timo < 60*60)
234 sprintf(xbuf, "%lum", timo / 60);
235 else if (timo < 60*60*24)
236 sprintf(xbuf, "%luh", timo / (60*60));
237 else if (timo < 60*60*24*7)
238 sprintf(xbuf, "%lud", timo / (60*60*24));
239 else
240 sprintf(xbuf, "%luw", timo / (60*60*24*7));
241 }
242
243#define showflag(KEY, LETTER, FLAG) \
244 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
245
246 seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
247 key->serial,
248 showflag(key, 'I', KEY_FLAG_INSTANTIATED),
249 showflag(key, 'R', KEY_FLAG_REVOKED),
250 showflag(key, 'D', KEY_FLAG_DEAD),
251 showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
252 showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
253 showflag(key, 'N', KEY_FLAG_NEGATIVE),
254 showflag(key, 'i', KEY_FLAG_INVALIDATED),
255 atomic_read(&key->usage),
256 xbuf,
257 key->perm,
258 from_kuid_munged(seq_user_ns(m), key->uid),
259 from_kgid_munged(seq_user_ns(m), key->gid),
260 key->type->name);
261
262#undef showflag
263
264 if (key->type->describe)
265 key->type->describe(key, m);
266 seq_putc(m, '\n');
267
268 rcu_read_unlock();
269 return 0;
270}
271
272static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
273{
274 while (n) {
275 struct key_user *user = rb_entry(n, struct key_user, node);
276 if (kuid_has_mapping(user_ns, user->uid))
277 break;
278 n = rb_next(n);
279 }
280 return n;
281}
282
283static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n)
284{
285 return __key_user_next(user_ns, rb_next(n));
286}
287
288static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r)
289{
290 struct rb_node *n = rb_first(r);
291 return __key_user_next(user_ns, n);
292}
293
294/*
295 * Implement "/proc/key-users" to provides a list of the key users and their
296 * quotas.
297 */
298static int proc_key_users_open(struct inode *inode, struct file *file)
299{
300 return seq_open(file, &proc_key_users_ops);
301}
302
303static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
304 __acquires(key_user_lock)
305{
306 struct rb_node *_p;
307 loff_t pos = *_pos;
308
309 spin_lock(&key_user_lock);
310
311 _p = key_user_first(seq_user_ns(p), &key_user_tree);
312 while (pos > 0 && _p) {
313 pos--;
314 _p = key_user_next(seq_user_ns(p), _p);
315 }
316
317 return _p;
318}
319
320static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
321{
322 (*_pos)++;
323 return key_user_next(seq_user_ns(p), (struct rb_node *)v);
324}
325
326static void proc_key_users_stop(struct seq_file *p, void *v)
327 __releases(key_user_lock)
328{
329 spin_unlock(&key_user_lock);
330}
331
332static int proc_key_users_show(struct seq_file *m, void *v)
333{
334 struct rb_node *_p = v;
335 struct key_user *user = rb_entry(_p, struct key_user, node);
336 unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
337 key_quota_root_maxkeys : key_quota_maxkeys;
338 unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
339 key_quota_root_maxbytes : key_quota_maxbytes;
340
341 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
342 from_kuid_munged(seq_user_ns(m), user->uid),
343 atomic_read(&user->usage),
344 atomic_read(&user->nkeys),
345 atomic_read(&user->nikeys),
346 user->qnkeys,
347 maxkeys,
348 user->qnbytes,
349 maxbytes);
350
351 return 0;
352}
1/* procfs files for key database enumeration
2 *
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/fs.h>
16#include <linux/proc_fs.h>
17#include <linux/seq_file.h>
18#include <asm/errno.h>
19#include "internal.h"
20
21#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
22static int proc_keys_open(struct inode *inode, struct file *file);
23static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
24static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
25static void proc_keys_stop(struct seq_file *p, void *v);
26static int proc_keys_show(struct seq_file *m, void *v);
27
28static const struct seq_operations proc_keys_ops = {
29 .start = proc_keys_start,
30 .next = proc_keys_next,
31 .stop = proc_keys_stop,
32 .show = proc_keys_show,
33};
34
35static const struct file_operations proc_keys_fops = {
36 .open = proc_keys_open,
37 .read = seq_read,
38 .llseek = seq_lseek,
39 .release = seq_release,
40};
41#endif
42
43static int proc_key_users_open(struct inode *inode, struct file *file);
44static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
45static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
46static void proc_key_users_stop(struct seq_file *p, void *v);
47static int proc_key_users_show(struct seq_file *m, void *v);
48
49static const struct seq_operations proc_key_users_ops = {
50 .start = proc_key_users_start,
51 .next = proc_key_users_next,
52 .stop = proc_key_users_stop,
53 .show = proc_key_users_show,
54};
55
56static const struct file_operations proc_key_users_fops = {
57 .open = proc_key_users_open,
58 .read = seq_read,
59 .llseek = seq_lseek,
60 .release = seq_release,
61};
62
63/*
64 * Declare the /proc files.
65 */
66static int __init key_proc_init(void)
67{
68 struct proc_dir_entry *p;
69
70#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
71 p = proc_create("keys", 0, NULL, &proc_keys_fops);
72 if (!p)
73 panic("Cannot create /proc/keys\n");
74#endif
75
76 p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
77 if (!p)
78 panic("Cannot create /proc/key-users\n");
79
80 return 0;
81}
82
83__initcall(key_proc_init);
84
85/*
86 * Implement "/proc/keys" to provide a list of the keys on the system that
87 * grant View permission to the caller.
88 */
89#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
90
91static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
92{
93 struct user_namespace *user_ns = seq_user_ns(p);
94
95 n = rb_next(n);
96 while (n) {
97 struct key *key = rb_entry(n, struct key, serial_node);
98 if (kuid_has_mapping(user_ns, key->user->uid))
99 break;
100 n = rb_next(n);
101 }
102 return n;
103}
104
105static int proc_keys_open(struct inode *inode, struct file *file)
106{
107 return seq_open(file, &proc_keys_ops);
108}
109
110static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
111{
112 struct user_namespace *user_ns = seq_user_ns(p);
113 struct rb_node *n = key_serial_tree.rb_node;
114 struct key *minkey = NULL;
115
116 while (n) {
117 struct key *key = rb_entry(n, struct key, serial_node);
118 if (id < key->serial) {
119 if (!minkey || minkey->serial > key->serial)
120 minkey = key;
121 n = n->rb_left;
122 } else if (id > key->serial) {
123 n = n->rb_right;
124 } else {
125 minkey = key;
126 break;
127 }
128 key = NULL;
129 }
130
131 if (!minkey)
132 return NULL;
133
134 for (;;) {
135 if (kuid_has_mapping(user_ns, minkey->user->uid))
136 return minkey;
137 n = rb_next(&minkey->serial_node);
138 if (!n)
139 return NULL;
140 minkey = rb_entry(n, struct key, serial_node);
141 }
142}
143
144static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
145 __acquires(key_serial_lock)
146{
147 key_serial_t pos = *_pos;
148 struct key *key;
149
150 spin_lock(&key_serial_lock);
151
152 if (*_pos > INT_MAX)
153 return NULL;
154 key = find_ge_key(p, pos);
155 if (!key)
156 return NULL;
157 *_pos = key->serial;
158 return &key->serial_node;
159}
160
161static inline key_serial_t key_node_serial(struct rb_node *n)
162{
163 struct key *key = rb_entry(n, struct key, serial_node);
164 return key->serial;
165}
166
167static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
168{
169 struct rb_node *n;
170
171 n = key_serial_next(p, v);
172 if (n)
173 *_pos = key_node_serial(n);
174 return n;
175}
176
177static void proc_keys_stop(struct seq_file *p, void *v)
178 __releases(key_serial_lock)
179{
180 spin_unlock(&key_serial_lock);
181}
182
183static int proc_keys_show(struct seq_file *m, void *v)
184{
185 struct rb_node *_p = v;
186 struct key *key = rb_entry(_p, struct key, serial_node);
187 struct timespec now;
188 unsigned long timo;
189 key_ref_t key_ref, skey_ref;
190 char xbuf[12];
191 int rc;
192
193 struct keyring_search_context ctx = {
194 .index_key.type = key->type,
195 .index_key.description = key->description,
196 .cred = current_cred(),
197 .match = lookup_user_key_possessed,
198 .match_data = key,
199 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
200 KEYRING_SEARCH_LOOKUP_DIRECT),
201 };
202
203 key_ref = make_key_ref(key, 0);
204
205 /* determine if the key is possessed by this process (a test we can
206 * skip if the key does not indicate the possessor can view it
207 */
208 if (key->perm & KEY_POS_VIEW) {
209 skey_ref = search_my_process_keyrings(&ctx);
210 if (!IS_ERR(skey_ref)) {
211 key_ref_put(skey_ref);
212 key_ref = make_key_ref(key, 1);
213 }
214 }
215
216 /* check whether the current task is allowed to view the key (assuming
217 * non-possession)
218 * - the caller holds a spinlock, and thus the RCU read lock, making our
219 * access to __current_cred() safe
220 */
221 rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW);
222 if (rc < 0)
223 return 0;
224
225 now = current_kernel_time();
226
227 rcu_read_lock();
228
229 /* come up with a suitable timeout value */
230 if (key->expiry == 0) {
231 memcpy(xbuf, "perm", 5);
232 } else if (now.tv_sec >= key->expiry) {
233 memcpy(xbuf, "expd", 5);
234 } else {
235 timo = key->expiry - now.tv_sec;
236
237 if (timo < 60)
238 sprintf(xbuf, "%lus", timo);
239 else if (timo < 60*60)
240 sprintf(xbuf, "%lum", timo / 60);
241 else if (timo < 60*60*24)
242 sprintf(xbuf, "%luh", timo / (60*60));
243 else if (timo < 60*60*24*7)
244 sprintf(xbuf, "%lud", timo / (60*60*24));
245 else
246 sprintf(xbuf, "%luw", timo / (60*60*24*7));
247 }
248
249#define showflag(KEY, LETTER, FLAG) \
250 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
251
252 seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
253 key->serial,
254 showflag(key, 'I', KEY_FLAG_INSTANTIATED),
255 showflag(key, 'R', KEY_FLAG_REVOKED),
256 showflag(key, 'D', KEY_FLAG_DEAD),
257 showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
258 showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
259 showflag(key, 'N', KEY_FLAG_NEGATIVE),
260 showflag(key, 'i', KEY_FLAG_INVALIDATED),
261 atomic_read(&key->usage),
262 xbuf,
263 key->perm,
264 from_kuid_munged(seq_user_ns(m), key->uid),
265 from_kgid_munged(seq_user_ns(m), key->gid),
266 key->type->name);
267
268#undef showflag
269
270 if (key->type->describe)
271 key->type->describe(key, m);
272 seq_putc(m, '\n');
273
274 rcu_read_unlock();
275 return 0;
276}
277
278#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
279
280static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
281{
282 while (n) {
283 struct key_user *user = rb_entry(n, struct key_user, node);
284 if (kuid_has_mapping(user_ns, user->uid))
285 break;
286 n = rb_next(n);
287 }
288 return n;
289}
290
291static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n)
292{
293 return __key_user_next(user_ns, rb_next(n));
294}
295
296static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r)
297{
298 struct rb_node *n = rb_first(r);
299 return __key_user_next(user_ns, n);
300}
301
302/*
303 * Implement "/proc/key-users" to provides a list of the key users and their
304 * quotas.
305 */
306static int proc_key_users_open(struct inode *inode, struct file *file)
307{
308 return seq_open(file, &proc_key_users_ops);
309}
310
311static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
312 __acquires(key_user_lock)
313{
314 struct rb_node *_p;
315 loff_t pos = *_pos;
316
317 spin_lock(&key_user_lock);
318
319 _p = key_user_first(seq_user_ns(p), &key_user_tree);
320 while (pos > 0 && _p) {
321 pos--;
322 _p = key_user_next(seq_user_ns(p), _p);
323 }
324
325 return _p;
326}
327
328static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
329{
330 (*_pos)++;
331 return key_user_next(seq_user_ns(p), (struct rb_node *)v);
332}
333
334static void proc_key_users_stop(struct seq_file *p, void *v)
335 __releases(key_user_lock)
336{
337 spin_unlock(&key_user_lock);
338}
339
340static int proc_key_users_show(struct seq_file *m, void *v)
341{
342 struct rb_node *_p = v;
343 struct key_user *user = rb_entry(_p, struct key_user, node);
344 unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
345 key_quota_root_maxkeys : key_quota_maxkeys;
346 unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
347 key_quota_root_maxbytes : key_quota_maxbytes;
348
349 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
350 from_kuid_munged(seq_user_ns(m), user->uid),
351 atomic_read(&user->usage),
352 atomic_read(&user->nkeys),
353 atomic_read(&user->nikeys),
354 user->qnkeys,
355 maxkeys,
356 user->qnbytes,
357 maxbytes);
358
359 return 0;
360}