1
/* procfs files for key database enumeration
3
* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4
* Written by David Howells (dhowells@redhat.com)
6
* This program is free software; you can redistribute it and/or
7
* modify it under the terms of the GNU General Public License
8
* as published by the Free Software Foundation; either version
9
* 2 of the License, or (at your option) any later version.
12
#include <linux/module.h>
13
#include <linux/init.h>
14
#include <linux/sched.h>
16
#include <linux/proc_fs.h>
17
#include <linux/seq_file.h>
18
#include <asm/errno.h>
21
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
22
static int proc_keys_open(struct inode *inode, struct file *file);
23
static void *proc_keys_start(struct seq_file *p, loff_t *_pos);
24
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos);
25
static void proc_keys_stop(struct seq_file *p, void *v);
26
static int proc_keys_show(struct seq_file *m, void *v);
28
static const struct seq_operations proc_keys_ops = {
29
.start = proc_keys_start,
30
.next = proc_keys_next,
31
.stop = proc_keys_stop,
32
.show = proc_keys_show,
35
static const struct file_operations proc_keys_fops = {
36
.open = proc_keys_open,
39
.release = seq_release,
43
static int proc_key_users_open(struct inode *inode, struct file *file);
44
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos);
45
static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos);
46
static void proc_key_users_stop(struct seq_file *p, void *v);
47
static int proc_key_users_show(struct seq_file *m, void *v);
49
static const struct seq_operations proc_key_users_ops = {
50
.start = proc_key_users_start,
51
.next = proc_key_users_next,
52
.stop = proc_key_users_stop,
53
.show = proc_key_users_show,
56
static const struct file_operations proc_key_users_fops = {
57
.open = proc_key_users_open,
60
.release = seq_release,
64
* Declare the /proc files.
66
static int __init key_proc_init(void)
68
struct proc_dir_entry *p;
70
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
71
p = proc_create("keys", 0, NULL, &proc_keys_fops);
73
panic("Cannot create /proc/keys\n");
76
p = proc_create("key-users", 0, NULL, &proc_key_users_fops);
78
panic("Cannot create /proc/key-users\n");
83
__initcall(key_proc_init);
86
* Implement "/proc/keys" to provide a list of the keys on the system that
87
* grant View permission to the caller.
89
#ifdef CONFIG_KEYS_DEBUG_PROC_KEYS
91
static struct rb_node *key_serial_next(struct rb_node *n)
93
struct user_namespace *user_ns = current_user_ns();
97
struct key *key = rb_entry(n, struct key, serial_node);
98
if (key->user->user_ns == user_ns)
105
static int proc_keys_open(struct inode *inode, struct file *file)
107
return seq_open(file, &proc_keys_ops);
110
static struct key *find_ge_key(key_serial_t id)
112
struct user_namespace *user_ns = current_user_ns();
113
struct rb_node *n = key_serial_tree.rb_node;
114
struct key *minkey = NULL;
117
struct key *key = rb_entry(n, struct key, serial_node);
118
if (id < key->serial) {
119
if (!minkey || minkey->serial > key->serial)
122
} else if (id > key->serial) {
135
if (minkey->user->user_ns == user_ns)
137
n = rb_next(&minkey->serial_node);
140
minkey = rb_entry(n, struct key, serial_node);
144
static void *proc_keys_start(struct seq_file *p, loff_t *_pos)
145
__acquires(key_serial_lock)
147
key_serial_t pos = *_pos;
150
spin_lock(&key_serial_lock);
154
key = find_ge_key(pos);
158
return &key->serial_node;
161
static inline key_serial_t key_node_serial(struct rb_node *n)
163
struct key *key = rb_entry(n, struct key, serial_node);
167
static void *proc_keys_next(struct seq_file *p, void *v, loff_t *_pos)
171
n = key_serial_next(v);
173
*_pos = key_node_serial(n);
177
static void proc_keys_stop(struct seq_file *p, void *v)
178
__releases(key_serial_lock)
180
spin_unlock(&key_serial_lock);
183
static int proc_keys_show(struct seq_file *m, void *v)
185
const struct cred *cred = current_cred();
186
struct rb_node *_p = v;
187
struct key *key = rb_entry(_p, struct key, serial_node);
190
key_ref_t key_ref, skey_ref;
194
key_ref = make_key_ref(key, 0);
196
/* determine if the key is possessed by this process (a test we can
197
* skip if the key does not indicate the possessor can view it
199
if (key->perm & KEY_POS_VIEW) {
200
skey_ref = search_my_process_keyrings(key->type, key,
201
lookup_user_key_possessed,
203
if (!IS_ERR(skey_ref)) {
204
key_ref_put(skey_ref);
205
key_ref = make_key_ref(key, 1);
209
/* check whether the current task is allowed to view the key (assuming
211
* - the caller holds a spinlock, and thus the RCU read lock, making our
212
* access to __current_cred() safe
214
rc = key_task_permission(key_ref, cred, KEY_VIEW);
218
now = current_kernel_time();
222
/* come up with a suitable timeout value */
223
if (key->expiry == 0) {
224
memcpy(xbuf, "perm", 5);
225
} else if (now.tv_sec >= key->expiry) {
226
memcpy(xbuf, "expd", 5);
228
timo = key->expiry - now.tv_sec;
231
sprintf(xbuf, "%lus", timo);
232
else if (timo < 60*60)
233
sprintf(xbuf, "%lum", timo / 60);
234
else if (timo < 60*60*24)
235
sprintf(xbuf, "%luh", timo / (60*60));
236
else if (timo < 60*60*24*7)
237
sprintf(xbuf, "%lud", timo / (60*60*24));
239
sprintf(xbuf, "%luw", timo / (60*60*24*7));
242
#define showflag(KEY, LETTER, FLAG) \
243
(test_bit(FLAG, &(KEY)->flags) ? LETTER : '-')
245
seq_printf(m, "%08x %c%c%c%c%c%c %5d %4s %08x %5d %5d %-9.9s ",
247
showflag(key, 'I', KEY_FLAG_INSTANTIATED),
248
showflag(key, 'R', KEY_FLAG_REVOKED),
249
showflag(key, 'D', KEY_FLAG_DEAD),
250
showflag(key, 'Q', KEY_FLAG_IN_QUOTA),
251
showflag(key, 'U', KEY_FLAG_USER_CONSTRUCT),
252
showflag(key, 'N', KEY_FLAG_NEGATIVE),
253
atomic_read(&key->usage),
262
if (key->type->describe)
263
key->type->describe(key, m);
270
#endif /* CONFIG_KEYS_DEBUG_PROC_KEYS */
272
static struct rb_node *__key_user_next(struct rb_node *n)
275
struct key_user *user = rb_entry(n, struct key_user, node);
276
if (user->user_ns == current_user_ns())
283
static struct rb_node *key_user_next(struct rb_node *n)
285
return __key_user_next(rb_next(n));
288
static struct rb_node *key_user_first(struct rb_root *r)
290
struct rb_node *n = rb_first(r);
291
return __key_user_next(n);
295
* Implement "/proc/key-users" to provides a list of the key users and their
298
static int proc_key_users_open(struct inode *inode, struct file *file)
300
return seq_open(file, &proc_key_users_ops);
303
static void *proc_key_users_start(struct seq_file *p, loff_t *_pos)
304
__acquires(key_user_lock)
309
spin_lock(&key_user_lock);
311
_p = key_user_first(&key_user_tree);
312
while (pos > 0 && _p) {
314
_p = key_user_next(_p);
320
static void *proc_key_users_next(struct seq_file *p, void *v, loff_t *_pos)
323
return key_user_next((struct rb_node *)v);
326
static void proc_key_users_stop(struct seq_file *p, void *v)
327
__releases(key_user_lock)
329
spin_unlock(&key_user_lock);
332
static int proc_key_users_show(struct seq_file *m, void *v)
334
struct rb_node *_p = v;
335
struct key_user *user = rb_entry(_p, struct key_user, node);
336
unsigned maxkeys = (user->uid == 0) ?
337
key_quota_root_maxkeys : key_quota_maxkeys;
338
unsigned maxbytes = (user->uid == 0) ?
339
key_quota_root_maxbytes : key_quota_maxbytes;
341
seq_printf(m, "%5u: %5d %d/%d %d/%d %d/%d\n",
343
atomic_read(&user->usage),
344
atomic_read(&user->nkeys),
345
atomic_read(&user->nikeys),