/security/keys/proc.c

https://bitbucket.org/abioy/linux · C · 339 lines · 257 code · 54 blank · 28 comment · 41 complexity · 61712a711068abb45cfb3c4441019d79 MD5 · raw file

  1. /* proc.c: proc files for key database enumeration
  2. *
  3. * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. */
  11. #include <linux/module.h>
  12. #include <linux/init.h>
  13. #include <linux/sched.h>
  14. #include <linux/fs.h>
  15. #include <linux/proc_fs.h>
  16. #include <linux/seq_file.h>
  17. #include <asm/errno.h>
  18. #include "internal.h"
  19. #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
  20. static int proc_keys_open(struct inode *inode, struct file *file);
  21. static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
  22. static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
  23. static void proc_keys_stop(struct seq_file *p, void *v);
  24. static int proc_keys_show(struct seq_file *m, void *v);
  25. static const struct seq_operations proc_keys_ops = {
  26. .start = proc_keys_start,
  27. .next = proc_keys_next,
  28. .stop = proc_keys_stop,
  29. .show = proc_keys_show,
  30. };
  31. static const struct file_operations proc_keys_fops = {
  32. .open = proc_keys_open,
  33. .read = seq_read,
  34. .llseek = seq_lseek,
  35. .release = seq_release,
  36. };
  37. #endif
  38. static int proc_key_users_open(struct inode *inode, struct file *file);
  39. static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
  40. static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
  41. static void proc_key_users_stop(struct seq_file *p, void *v);
  42. static int proc_key_users_show(struct seq_file *m, void *v);
  43. static const struct seq_operations proc_key_users_ops = {
  44. .start = proc_key_users_start,
  45. .next = proc_key_users_next,
  46. .stop = proc_key_users_stop,
  47. .show = proc_key_users_show,
  48. };
  49. static const struct file_operations proc_key_users_fops = {
  50. .open = proc_key_users_open,
  51. .read = seq_read,
  52. .llseek = seq_lseek,
  53. .release = seq_release,
  54. };
  55. /*****************************************************************************/
  56. /*
  57. * declare the /proc files
  58. */
  59. static int __init key_proc_init(void)
  60. {
  61. struct proc_dir_entry *p;
  62. #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
  63. p = proc_create("keys", 0, NULL, &proc_keys_fops);
  64. if (!p)
  65. panic("Cannot create /proc/keys\n");
  66. #endif
  67. p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
  68. if (!p)
  69. panic("Cannot create /proc/key-users\n");
  70. return 0;
  71. } /* end key_proc_init() */
  72. __initcall(key_proc_init);
  73. /*****************************************************************************/
  74. /*
  75. * implement "/proc/keys" to provides a list of the keys on the system
  76. */
  77. #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
  78. static struct rb_node *key_serial_next(struct rb_node *n)
  79. {
  80. struct user_namespace *user_ns = current_user_ns();
  81. n = rb_next(n);
  82. while (n) {
  83. struct key *key = rb_entry(n, struct key, serial_node);
  84. if (key->user->user_ns == user_ns)
  85. break;
  86. n = rb_next(n);
  87. }
  88. return n;
  89. }
  90. static int proc_keys_open(struct inode *inode, struct file *file)
  91. {
  92. return seq_open(file, &proc_keys_ops);
  93. }
  94. static struct key *find_ge_key(key_serial_t id)
  95. {
  96. struct user_namespace *user_ns = current_user_ns();
  97. struct rb_node *n = key_serial_tree.rb_node;
  98. struct key *minkey = NULL;
  99. while (n) {
  100. struct key *key = rb_entry(n, struct key, serial_node);
  101. if (id < key->serial) {
  102. if (!minkey || minkey->serial > key->serial)
  103. minkey = key;
  104. n = n->rb_left;
  105. } else if (id > key->serial) {
  106. n = n->rb_right;
  107. } else {
  108. minkey = key;
  109. break;
  110. }
  111. key = NULL;
  112. }
  113. if (!minkey)
  114. return NULL;
  115. for (;;) {
  116. if (minkey->user->user_ns == user_ns)
  117. return minkey;
  118. n = rb_next(&minkey->serial_node);
  119. if (!n)
  120. return NULL;
  121. minkey = rb_entry(n, struct key, serial_node);
  122. }
  123. }
  124. static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
  125. __acquires(key_serial_lock)
  126. {
  127. key_serial_t pos = *_pos;
  128. struct key *key;
  129. spin_lock(&key_serial_lock);
  130. if (*_pos > INT_MAX)
  131. return NULL;
  132. key = find_ge_key(pos);
  133. if (!key)
  134. return NULL;
  135. *_pos = key->serial;
  136. return &key->serial_node;
  137. }
  138. static inline key_serial_t key_node_serial(struct rb_node *n)
  139. {
  140. struct key *key = rb_entry(n, struct key, serial_node);
  141. return key->serial;
  142. }
  143. static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
  144. {
  145. struct rb_node *n;
  146. n = key_serial_next(v);
  147. if (n)
  148. *_pos = key_node_serial(n);
  149. return n;
  150. }
  151. static void proc_keys_stop(struct seq_file *p, void *v)
  152. __releases(key_serial_lock)
  153. {
  154. spin_unlock(&key_serial_lock);
  155. }
  156. static int proc_keys_show(struct seq_file *m, void *v)
  157. {
  158. struct rb_node *_p = v;
  159. struct key *key = rb_entry(_p, struct key, serial_node);
  160. struct timespec now;
  161. unsigned long timo;
  162. char xbuf[12];
  163. int rc;
  164. /* check whether the current task is allowed to view the key (assuming
  165. * non-possession)
  166. * - the caller holds a spinlock, and thus the RCU read lock, making our
  167. * access to __current_cred() safe
  168. */
  169. rc = key_task_permission(make_key_ref(key, 0), current_cred(),
  170. KEY_VIEW);
  171. if (rc < 0)
  172. return 0;
  173. now = current_kernel_time();
  174. rcu_read_lock();
  175. /* come up with a suitable timeout value */
  176. if (key->expiry == 0) {
  177. memcpy(xbuf, "perm", 5);
  178. } else if (now.tv_sec >= key->expiry) {
  179. memcpy(xbuf, "expd", 5);
  180. } else {
  181. timo = key->expiry - now.tv_sec;
  182. if (timo < 60)
  183. sprintf(xbuf, "%lus", timo);
  184. else if (timo < 60*60)
  185. sprintf(xbuf, "%lum", timo / 60);
  186. else if (timo < 60*60*24)
  187. sprintf(xbuf, "%luh", timo / (60*60));
  188. else if (timo < 60*60*24*7)
  189. sprintf(xbuf, "%lud", timo / (60*60*24));
  190. else
  191. sprintf(xbuf, "%luw", timo / (60*60*24*7));
  192. }
  193. #define showflag(KEY, LETTER, FLAG) \
  194. (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
  195. seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
  196. key->serial,
  197. showflag(key, 'I', KEY_FLAG_INSTANTIATED),
  198. showflag(key, 'R', KEY_FLAG_REVOKED),
  199. showflag(key, 'D', KEY_FLAG_DEAD),
  200. showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
  201. showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
  202. showflag(key, 'N', KEY_FLAG_NEGATIVE),
  203. atomic_read(&key->usage),
  204. xbuf,
  205. key->perm,
  206. key->uid,
  207. key->gid,
  208. key->type->name);
  209. #undef showflag
  210. if (key->type->describe)
  211. key->type->describe(key, m);
  212. seq_putc(m, '\n');
  213. rcu_read_unlock();
  214. return 0;
  215. }
  216. #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
  217. static struct rb_node *__key_user_next(struct rb_node *n)
  218. {
  219. while (n) {
  220. struct key_user *user = rb_entry(n, struct key_user, node);
  221. if (user->user_ns == current_user_ns())
  222. break;
  223. n = rb_next(n);
  224. }
  225. return n;
  226. }
  227. static struct rb_node *key_user_next(struct rb_node *n)
  228. {
  229. return __key_user_next(rb_next(n));
  230. }
  231. static struct rb_node *key_user_first(struct rb_root *r)
  232. {
  233. struct rb_node *n = rb_first(r);
  234. return __key_user_next(n);
  235. }
  236. /*****************************************************************************/
  237. /*
  238. * implement "/proc/key-users" to provides a list of the key users
  239. */
  240. static int proc_key_users_open(struct inode *inode, struct file *file)
  241. {
  242. return seq_open(file, &proc_key_users_ops);
  243. }
  244. static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
  245. __acquires(key_user_lock)
  246. {
  247. struct rb_node *_p;
  248. loff_t pos = *_pos;
  249. spin_lock(&key_user_lock);
  250. _p = key_user_first(&key_user_tree);
  251. while (pos > 0 && _p) {
  252. pos--;
  253. _p = key_user_next(_p);
  254. }
  255. return _p;
  256. }
  257. static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
  258. {
  259. (*_pos)++;
  260. return key_user_next((struct rb_node *) v);
  261. }
  262. static void proc_key_users_stop(struct seq_file *p, void *v)
  263. __releases(key_user_lock)
  264. {
  265. spin_unlock(&key_user_lock);
  266. }
  267. static int proc_key_users_show(struct seq_file *m, void *v)
  268. {
  269. struct rb_node *_p = v;
  270. struct key_user *user = rb_entry(_p, struct key_user, node);
  271. unsigned maxkeys = (user->uid == 0) ?
  272. key_quota_root_maxkeys : key_quota_maxkeys;
  273. unsigned maxbytes = (user->uid == 0) ?
  274. key_quota_root_maxbytes : key_quota_maxbytes;
  275. seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
  276. user->uid,
  277. atomic_read(&user->usage),
  278. atomic_read(&user->nkeys),
  279. atomic_read(&user->nikeys),
  280. user->qnkeys,
  281. maxkeys,
  282. user->qnbytes,
  283. maxbytes);
  284. return 0;
  285. }