1 /* procfs files for key database enumeration
3 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
16 #include <linux/proc_fs.h>
17 #include <linux/seq_file.h>
18 #include <asm/errno.h>
21 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
22 static int proc_keys_open(struct inode *inode, struct file *file);
23 static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
24 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
25 static void proc_keys_stop(struct seq_file *p, void *v);
26 static int proc_keys_show(struct seq_file *m, void *v);
28 static const struct seq_operations proc_keys_ops = {
29 .start = proc_keys_start,
30 .next = proc_keys_next,
31 .stop = proc_keys_stop,
32 .show = proc_keys_show,
35 static const struct file_operations proc_keys_fops = {
36 .open = proc_keys_open,
39 .release = seq_release,
43 static int proc_key_users_open(struct inode *inode, struct file *file);
44 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
45 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
46 static void proc_key_users_stop(struct seq_file *p, void *v);
47 static int proc_key_users_show(struct seq_file *m, void *v);
49 static const struct seq_operations proc_key_users_ops = {
50 .start = proc_key_users_start,
51 .next = proc_key_users_next,
52 .stop = proc_key_users_stop,
53 .show = proc_key_users_show,
56 static const struct file_operations proc_key_users_fops = {
57 .open = proc_key_users_open,
60 .release = seq_release,
64 * Declare the /proc files.
66 static int __init key_proc_init(void)
68 struct proc_dir_entry *p;
70 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
71 p = proc_create("keys", 0, NULL, &proc_keys_fops);
73 panic("Cannot create /proc/keys\n");
76 p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
78 panic("Cannot create /proc/key-users\n");
83 __initcall(key_proc_init);
86 * Implement "/proc/keys" to provide a list of the keys on the system that
87 * grant View permission to the caller.
89 #ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
91 static struct rb_node *key_serial_next(struct seq_file *p, struct rb_node *n)
93 struct user_namespace *user_ns = seq_user_ns(p);
97 struct key *key = rb_entry(n, struct key, serial_node);
98 if (kuid_has_mapping(user_ns, key->user->uid))
105 static int proc_keys_open(struct inode *inode, struct file *file)
107 return seq_open(file, &proc_keys_ops);
110 static struct key *find_ge_key(struct seq_file *p, key_serial_t id)
112 struct user_namespace *user_ns = seq_user_ns(p);
113 struct rb_node *n = key_serial_tree.rb_node;
114 struct key *minkey = NULL;
117 struct key *key = rb_entry(n, struct key, serial_node);
118 if (id < key->serial) {
119 if (!minkey || minkey->serial > key->serial)
122 } else if (id > key->serial) {
135 if (kuid_has_mapping(user_ns, minkey->user->uid))
137 n = rb_next(&minkey->serial_node);
140 minkey = rb_entry(n, struct key, serial_node);
144 static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
145 __acquires(key_serial_lock)
147 key_serial_t pos = *_pos;
150 spin_lock(&key_serial_lock);
154 key = find_ge_key(p, pos);
158 return &key->serial_node;
161 static inline key_serial_t key_node_serial(struct rb_node *n)
163 struct key *key = rb_entry(n, struct key, serial_node);
167 static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
171 n = key_serial_next(p, v);
173 *_pos = key_node_serial(n);
177 static void proc_keys_stop(struct seq_file *p, void *v)
178 __releases(key_serial_lock)
180 spin_unlock(&key_serial_lock);
183 static int proc_keys_show(struct seq_file *m, void *v)
185 struct rb_node *_p = v;
186 struct key *key = rb_entry(_p, struct key, serial_node);
189 key_ref_t key_ref, skey_ref;
193 struct keyring_search_context ctx = {
194 .index_key.type = key->type,
195 .index_key.description = key->description,
196 .cred = current_cred(),
197 .match = lookup_user_key_possessed,
199 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
200 KEYRING_SEARCH_LOOKUP_DIRECT),
203 key_ref = make_key_ref(key, 0);
205 /* determine if the key is possessed by this process (a test we can
206 * skip if the key does not indicate the possessor can view it
208 if (key->perm & KEY_POS_VIEW) {
209 skey_ref = search_my_process_keyrings(&ctx);
210 if (!IS_ERR(skey_ref)) {
211 key_ref_put(skey_ref);
212 key_ref = make_key_ref(key, 1);
216 /* check whether the current task is allowed to view the key (assuming
218 * - the caller holds a spinlock, and thus the RCU read lock, making our
219 * access to __current_cred() safe
221 rc = key_task_permission(key_ref, ctx.cred, KEY_VIEW);
225 now = current_kernel_time();
229 /* come up with a suitable timeout value */
230 if (key->expiry == 0) {
231 memcpy(xbuf, "perm", 5);
232 } else if (now.tv_sec >= key->expiry) {
233 memcpy(xbuf, "expd", 5);
235 timo = key->expiry - now.tv_sec;
238 sprintf(xbuf, "%lus", timo);
239 else if (timo < 60*60)
240 sprintf(xbuf, "%lum", timo / 60);
241 else if (timo < 60*60*24)
242 sprintf(xbuf, "%luh", timo / (60*60));
243 else if (timo < 60*60*24*7)
244 sprintf(xbuf, "%lud", timo / (60*60*24));
246 sprintf(xbuf, "%luw", timo / (60*60*24*7));
249 #define showflag(KEY, LETTER, FLAG) \
250 (test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
252 seq_printf(m, "%08x %c%c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
254 showflag(key, 'I', KEY_FLAG_INSTANTIATED),
255 showflag(key, 'R', KEY_FLAG_REVOKED),
256 showflag(key, 'D', KEY_FLAG_DEAD),
257 showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
258 showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
259 showflag(key, 'N', KEY_FLAG_NEGATIVE),
260 showflag(key, 'i', KEY_FLAG_INVALIDATED),
261 atomic_read(&key->usage),
264 from_kuid_munged(seq_user_ns(m), key->uid),
265 from_kgid_munged(seq_user_ns(m), key->gid),
270 if (key->type->describe)
271 key->type->describe(key, m);
278 #endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
280 static struct rb_node *__key_user_next(struct user_namespace *user_ns, struct rb_node *n)
283 struct key_user *user = rb_entry(n, struct key_user, node);
284 if (kuid_has_mapping(user_ns, user->uid))
291 static struct rb_node *key_user_next(struct user_namespace *user_ns, struct rb_node *n)
293 return __key_user_next(user_ns, rb_next(n));
296 static struct rb_node *key_user_first(struct user_namespace *user_ns, struct rb_root *r)
298 struct rb_node *n = rb_first(r);
299 return __key_user_next(user_ns, n);
303 * Implement "/proc/key-users" to provides a list of the key users and their
306 static int proc_key_users_open(struct inode *inode, struct file *file)
308 return seq_open(file, &proc_key_users_ops);
311 static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
312 __acquires(key_user_lock)
317 spin_lock(&key_user_lock);
319 _p = key_user_first(seq_user_ns(p), &key_user_tree);
320 while (pos > 0 && _p) {
322 _p = key_user_next(seq_user_ns(p), _p);
328 static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
331 return key_user_next(seq_user_ns(p), (struct rb_node *)v);
334 static void proc_key_users_stop(struct seq_file *p, void *v)
335 __releases(key_user_lock)
337 spin_unlock(&key_user_lock);
340 static int proc_key_users_show(struct seq_file *m, void *v)
342 struct rb_node *_p = v;
343 struct key_user *user = rb_entry(_p, struct key_user, node);
344 unsigned maxkeys = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
345 key_quota_root_maxkeys : key_quota_maxkeys;
346 unsigned maxbytes = uid_eq(user->uid, GLOBAL_ROOT_UID) ?
347 key_quota_root_maxbytes : key_quota_maxbytes;
349 seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
350 from_kuid_munged(seq_user_ns(m), user->uid),
351 atomic_read(&user->usage),
352 atomic_read(&user->nkeys),
353 atomic_read(&user->nikeys),