Merge branch 'linux-next' of git://git.infradead.org/ubi-2.6
[linux-2.6] / drivers / staging / p9auth / p9auth.c
1 /*
2  * Plan 9 style capability device implementation for the Linux Kernel
3  *
4  * Copyright 2008, 2009 Ashwin Ganti <ashwin.ganti@gmail.com>
5  *
6  * Released under the GPLv2
7  *
8  */
9 #include <linux/init.h>
10 #include <linux/kernel.h>
11 #include <linux/moduleparam.h>
12 #include <linux/slab.h>
13 #include <linux/fs.h>
14 #include <linux/errno.h>
15 #include <linux/fcntl.h>
16 #include <linux/cdev.h>
17 #include <linux/uaccess.h>
18 #include <linux/list.h>
19 #include <linux/mm.h>
20 #include <linux/string.h>
21 #include <linux/crypto.h>
22 #include <linux/highmem.h>
23 #include <linux/scatterlist.h>
24 #include <linux/sched.h>
25 #include <linux/cred.h>
26
27 #ifndef CAP_MAJOR
28 #define CAP_MAJOR 0
29 #endif
30
31 #ifndef CAP_NR_DEVS
32 #define CAP_NR_DEVS 2           /* caphash and capuse */
33 #endif
34
35 #ifndef CAP_NODE_SIZE
36 #define CAP_NODE_SIZE 20
37 #endif
38
39 #define MAX_DIGEST_SIZE  20
40
41 struct cap_node {
42         char data[CAP_NODE_SIZE];
43         struct list_head list;
44 };
45
46 struct cap_dev {
47         struct cap_node *head;
48         int node_size;
49         unsigned long size;
50         struct semaphore sem;
51         struct cdev cdev;
52 };
53
54 static int cap_major = CAP_MAJOR;
55 static int cap_minor;
56 static int cap_nr_devs = CAP_NR_DEVS;
57 static int cap_node_size = CAP_NODE_SIZE;
58
59 module_param(cap_major, int, S_IRUGO);
60 module_param(cap_minor, int, S_IRUGO);
61 module_param(cap_nr_devs, int, S_IRUGO);
62
63 MODULE_AUTHOR("Ashwin Ganti");
64 MODULE_LICENSE("GPL");
65
66 static struct cap_dev *cap_devices;
67
68 static void hexdump(unsigned char *buf, unsigned int len)
69 {
70         while (len--)
71                 printk("%02x", *buf++);
72         printk("\n");
73 }
74
75 static char *cap_hash(char *plain_text, unsigned int plain_text_size,
76                       char *key, unsigned int key_size)
77 {
78         struct scatterlist sg;
79         char *result;
80         struct crypto_hash *tfm;
81         struct hash_desc desc;
82         int ret;
83
84         tfm = crypto_alloc_hash("hmac(sha1)", 0, CRYPTO_ALG_ASYNC);
85         if (IS_ERR(tfm)) {
86                 printk(KERN_ERR
87                        "failed to load transform for hmac(sha1): %ld\n",
88                        PTR_ERR(tfm));
89                 return NULL;
90         }
91
92         desc.tfm = tfm;
93         desc.flags = 0;
94
95         result = kzalloc(MAX_DIGEST_SIZE, GFP_KERNEL);
96         if (!result) {
97                 printk(KERN_ERR "out of memory!\n");
98                 goto out;
99         }
100
101         sg_set_buf(&sg, plain_text, plain_text_size);
102
103         ret = crypto_hash_setkey(tfm, key, key_size);
104         if (ret) {
105                 printk(KERN_ERR "setkey() failed ret=%d\n", ret);
106                 kfree(result);
107                 result = NULL;
108                 goto out;
109         }
110
111         ret = crypto_hash_digest(&desc, &sg, plain_text_size, result);
112         if (ret) {
113                 printk(KERN_ERR "digest () failed ret=%d\n", ret);
114                 kfree(result);
115                 result = NULL;
116                 goto out;
117         }
118
119         printk(KERN_DEBUG "crypto hash digest size %d\n",
120                crypto_hash_digestsize(tfm));
121         hexdump(result, MAX_DIGEST_SIZE);
122
123 out:
124         crypto_free_hash(tfm);
125         return result;
126 }
127
128 static int cap_trim(struct cap_dev *dev)
129 {
130         struct cap_node *tmp;
131         struct list_head *pos, *q;
132         if (dev->head != NULL) {
133                 list_for_each_safe(pos, q, &(dev->head->list)) {
134                         tmp = list_entry(pos, struct cap_node, list);
135                         list_del(pos);
136                         kfree(tmp);
137                 }
138         }
139         return 0;
140 }
141
142 static int cap_open(struct inode *inode, struct file *filp)
143 {
144         struct cap_dev *dev;
145         dev = container_of(inode->i_cdev, struct cap_dev, cdev);
146         filp->private_data = dev;
147
148         /* trim to 0 the length of the device if open was write-only */
149         if ((filp->f_flags & O_ACCMODE) == O_WRONLY) {
150                 if (down_interruptible(&dev->sem))
151                         return -ERESTARTSYS;
152                 cap_trim(dev);
153                 up(&dev->sem);
154         }
155         /* initialise the head if it is NULL */
156         if (dev->head == NULL) {
157                 dev->head = kmalloc(sizeof(struct cap_node), GFP_KERNEL);
158                 INIT_LIST_HEAD(&(dev->head->list));
159         }
160         return 0;
161 }
162
163 static int cap_release(struct inode *inode, struct file *filp)
164 {
165         return 0;
166 }
167
168 static ssize_t cap_write(struct file *filp, const char __user *buf,
169                          size_t count, loff_t *f_pos)
170 {
171         struct cap_node *node_ptr, *tmp;
172         struct list_head *pos;
173         struct cap_dev *dev = filp->private_data;
174         ssize_t retval = -ENOMEM;
175         struct cred *new;
176         int len, target_int, source_int, flag = 0;
177         char *user_buf, *user_buf_running, *source_user, *target_user,
178             *rand_str, *hash_str, *result;
179
180         if (down_interruptible(&dev->sem))
181                 return -ERESTARTSYS;
182
183         node_ptr = kmalloc(sizeof(struct cap_node), GFP_KERNEL);
184         user_buf = kzalloc(count, GFP_KERNEL);
185
186         if (copy_from_user(user_buf, buf, count)) {
187                 retval = -EFAULT;
188                 goto out;
189         }
190
191         /*
192          * If the minor number is 0 ( /dev/caphash ) then simply add the
193          * hashed capability supplied by the user to the list of hashes
194          */
195         if (0 == iminor(filp->f_dentry->d_inode)) {
196                 printk(KERN_INFO "Capability being written to /dev/caphash : \n");
197                 hexdump(user_buf, count);
198                 memcpy(node_ptr->data, user_buf, count);
199                 list_add(&(node_ptr->list), &(dev->head->list));
200         } else {
201                 /*
202                  * break the supplied string into tokens with @ as the
203                  * delimiter If the string is "user1@user2@randomstring" we
204                  * need to split it and hash 'user1@user2' using 'randomstring'
205                  * as the key.
206                  */
207                 user_buf_running = kstrdup(user_buf, GFP_KERNEL);
208                 source_user = strsep(&user_buf_running, "@");
209                 target_user = strsep(&user_buf_running, "@");
210                 rand_str = strsep(&user_buf_running, "@");
211
212                 /* hash the string user1@user2 with rand_str as the key */
213                 len = strlen(source_user) + strlen(target_user) + 1;
214                 hash_str = kzalloc(len, GFP_KERNEL);
215                 strcat(hash_str, source_user);
216                 strcat(hash_str, "@");
217                 strcat(hash_str, target_user);
218
219                 printk(KERN_ALERT "the source user is %s \n", source_user);
220                 printk(KERN_ALERT "the target user is %s \n", target_user);
221
222                 result = cap_hash(hash_str, len, rand_str, strlen(rand_str));
223                 if (NULL == result) {
224                         retval = -EFAULT;
225                         goto out;
226                 }
227                 memcpy(node_ptr->data, result, CAP_NODE_SIZE);
228                 /* Change the process's uid if the hash is present in the
229                  * list of hashes
230                  */
231                 list_for_each(pos, &(cap_devices->head->list)) {
232                         /*
233                          * Change the user id of the process if the hashes
234                          * match
235                          */
236                         if (0 ==
237                             memcmp(result,
238                                    list_entry(pos, struct cap_node,
239                                               list)->data,
240                                    CAP_NODE_SIZE)) {
241                                 target_int = (unsigned int)
242                                     simple_strtol(target_user, NULL, 0);
243                                 source_int = (unsigned int)
244                                     simple_strtol(source_user, NULL, 0);
245                                 flag = 1;
246
247                                 /*
248                                  * Check whether the process writing to capuse
249                                  * is actually owned by the source owner
250                                  */
251                                 if (source_int != current_uid()) {
252                                         printk(KERN_ALERT
253                                                "Process is not owned by the source user of the capability.\n");
254                                         retval = -EFAULT;
255                                         goto out;
256                                 }
257                                 /*
258                                  * What all id's need to be changed here? uid,
259                                  * euid, fsid, savedids ??  Currently I am
260                                  * changing the effective user id since most of
261                                  * the authorisation decisions are based on it
262                                  */
263                                 new = prepare_creds();
264                                 if (!new) {
265                                         retval = -ENOMEM;
266                                         goto out;
267                                 }
268                                 new->uid = (uid_t) target_int;
269                                 new->euid = (uid_t) target_int;
270                                 retval = commit_creds(new);
271                                 if (retval)
272                                         goto out;
273
274                                 /*
275                                  * Remove the capability from the list and
276                                  * break
277                                  */
278                                 tmp = list_entry(pos, struct cap_node, list);
279                                 list_del(pos);
280                                 kfree(tmp);
281                                 break;
282                         }
283                 }
284                 if (0 == flag) {
285                         /*
286                          * The capability is not present in the list of the
287                          * hashes stored, hence return failure
288                          */
289                         printk(KERN_ALERT
290                                "Invalid capabiliy written to /dev/capuse \n");
291                         retval = -EFAULT;
292                         goto out;
293                 }
294         }
295         *f_pos += count;
296         retval = count;
297         /* update the size */
298         if (dev->size < *f_pos)
299                 dev->size = *f_pos;
300
301 out:
302         up(&dev->sem);
303         return retval;
304 }
305
306 static const struct file_operations cap_fops = {
307         .owner = THIS_MODULE,
308         .write = cap_write,
309         .open = cap_open,
310         .release = cap_release,
311 };
312
313 static void cap_cleanup_module(void)
314 {
315         int i;
316         dev_t devno = MKDEV(cap_major, cap_minor);
317         if (cap_devices) {
318                 for (i = 0; i < cap_nr_devs; i++) {
319                         cap_trim(cap_devices + i);
320                         cdev_del(&cap_devices[i].cdev);
321                 }
322                 kfree(cap_devices);
323         }
324         unregister_chrdev_region(devno, cap_nr_devs);
325
326 }
327
328 static void cap_setup_cdev(struct cap_dev *dev, int index)
329 {
330         int err, devno = MKDEV(cap_major, cap_minor + index);
331         cdev_init(&dev->cdev, &cap_fops);
332         dev->cdev.owner = THIS_MODULE;
333         dev->cdev.ops = &cap_fops;
334         err = cdev_add(&dev->cdev, devno, 1);
335         if (err)
336                 printk(KERN_NOTICE "Error %d adding cap%d", err, index);
337 }
338
339 static int cap_init_module(void)
340 {
341         int result, i;
342         dev_t dev = 0;
343
344         if (cap_major) {
345                 dev = MKDEV(cap_major, cap_minor);
346                 result = register_chrdev_region(dev, cap_nr_devs, "cap");
347         } else {
348                 result = alloc_chrdev_region(&dev, cap_minor, cap_nr_devs,
349                                              "cap");
350                 cap_major = MAJOR(dev);
351         }
352
353         if (result < 0) {
354                 printk(KERN_WARNING "cap: can't get major %d\n",
355                        cap_major);
356                 return result;
357         }
358
359         cap_devices = kzalloc(cap_nr_devs * sizeof(struct cap_dev),
360                               GFP_KERNEL);
361         if (!cap_devices) {
362                 result = -ENOMEM;
363                 goto fail;
364         }
365
366         /* Initialize each device. */
367         for (i = 0; i < cap_nr_devs; i++) {
368                 cap_devices[i].node_size = cap_node_size;
369                 init_MUTEX(&cap_devices[i].sem);
370                 cap_setup_cdev(&cap_devices[i], i);
371         }
372
373         return 0;
374
375 fail:
376         cap_cleanup_module();
377         return result;
378 }
379
380 module_init(cap_init_module);
381 module_exit(cap_cleanup_module);
382
383