From 3acf4035ea020f54a5fcfd203952e04c4dad48c3 Mon Sep 17 00:00:00 2001
From: "Dmitry V. Levin" <ldv@altlinux.org>
Date: Wed, 5 Feb 2014 22:41:45 +0000
Subject: Implement add_key, keyctl, and request_key decoding

* keyctl.c: New file.
* linux/keyctl.h: Likewise.
* Makefile.am (strace_SOURCES): Add keyctl.c.
(EXTRA_DIST): Add linux/keyctl.h.
* linux/dummy.h (sys_add_key, sys_keyctl, sys_request_key): Remove.
* linux/syscall.h (sys_add_key, sys_keyctl, sys_request_key): New
prototypes.
---
 Makefile.am     |   2 +
 keyctl.c        | 455 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 linux/dummy.h   |   3 -
 linux/keyctl.h  |  61 ++++++++
 linux/syscall.h |   3 +
 5 files changed, 521 insertions(+), 3 deletions(-)
 create mode 100644 keyctl.c
 create mode 100644 linux/keyctl.h

diff --git a/Makefile.am b/Makefile.am
index 65929dc..a9d2ff0 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -28,6 +28,7 @@ strace_SOURCES =	\
 	ioprio.c	\
 	ipc.c		\
 	kexec.c		\
+	keyctl.c	\
 	loop.c		\
 	mem.c		\
 	mtd.c		\
@@ -115,6 +116,7 @@ EXTRA_DIST =				\
 	linux/ioctlent.sh		\
 	linux/ioctlsort.c		\
 	linux/kexec.h			\
+	linux/keyctl.h			\
 	linux/m68k/ioctlent.h.in	\
 	linux/m68k/syscallent.h		\
 	linux/metag/ioctlent.h.in	\
diff --git a/keyctl.c b/keyctl.c
new file mode 100644
index 0000000..fa4b7f5
--- /dev/null
+++ b/keyctl.c
@@ -0,0 +1,455 @@
+#include "defs.h"
+#include <linux/keyctl.h>
+
+typedef int32_t key_serial_t;
+
+static const struct xlat key_spec[] = {
+	XLAT(KEY_SPEC_THREAD_KEYRING),
+	XLAT(KEY_SPEC_PROCESS_KEYRING),
+	XLAT(KEY_SPEC_SESSION_KEYRING),
+	XLAT(KEY_SPEC_USER_KEYRING),
+	XLAT(KEY_SPEC_USER_SESSION_KEYRING),
+	XLAT(KEY_SPEC_GROUP_KEYRING),
+	XLAT(KEY_SPEC_REQKEY_AUTH_KEY),
+	XLAT(KEY_SPEC_REQUESTOR_KEYRING),
+	XLAT_END
+};
+
+static void
+print_keyring_serial_number(key_serial_t id)
+{
+	const char *str = xlookup(key_spec, id);
+
+	if (str)
+		tprints(str);
+	else
+		tprintf("%d", id);
+}
+
+int
+sys_add_key(struct tcb *tcp)
+{
+	if (entering(tcp)) {
+		/* type */
+		printstr(tcp, tcp->u_arg[0], -1);
+		/* description */
+		tprints(", ");
+		printstr(tcp, tcp->u_arg[1], -1);
+		/* payload */
+		tprints(", ");
+		printstr(tcp, tcp->u_arg[2], tcp->u_arg[3]);
+		/* payload length */
+		tprintf(", %lu, ", tcp->u_arg[3]);
+		/* keyring serial number */
+		print_keyring_serial_number(tcp->u_arg[4]);
+	}
+	return 0;
+}
+
+int
+sys_request_key(struct tcb *tcp)
+{
+	if (entering(tcp)) {
+		/* type */
+		printstr(tcp, tcp->u_arg[0], -1);
+		/* description */
+		tprints(", ");
+		printstr(tcp, tcp->u_arg[1], -1);
+		/* callout_info */
+		tprints(", ");
+		printstr(tcp, tcp->u_arg[2], -1);
+		/* keyring serial number */
+		tprints(", ");
+		print_keyring_serial_number(tcp->u_arg[3]);
+	}
+	return 0;
+}
+
+static int
+keyctl_get_keyring_id(struct tcb *tcp, key_serial_t id, int create)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprintf(", %d", create);
+	}
+	return 0;
+}
+
+static int
+keyctl_join_session_keyring(struct tcb *tcp, long addr)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		printstr(tcp, addr, -1);
+	}
+	return 0;
+}
+
+static int
+keyctl_update_key(struct tcb *tcp, key_serial_t id, long addr, long len)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprints(", ");
+		printstr(tcp, addr, len);
+		tprintf(", %lu", len);
+	}
+	return 0;
+}
+
+static int
+keyctl_handle_key(struct tcb *tcp, key_serial_t id)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+	}
+	return 0;
+}
+
+static int
+keyctl_handle_key_key(struct tcb *tcp, key_serial_t id1, key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprints(", ");
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_read_key(struct tcb *tcp, key_serial_t id, long addr, long len)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprints(", ");
+	} else {
+		if (addr && syserror(tcp))
+			tprintf("%#lx", addr);
+		else {
+			long rval = tcp->u_rval > len ?
+				    len : (tcp->u_rval ? -1 : 0);
+			printstr(tcp, addr, rval);
+		}
+		tprintf(", %lu", len);
+	}
+	return 0;
+}
+
+static int
+keyctl_keyring_search(struct tcb *tcp, key_serial_t id1, long addr1,
+		      long addr2, key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprints(", ");
+		printstr(tcp, addr1, -1);
+		tprints(", ");
+		printstr(tcp, addr2, -1);
+		tprints(", ");
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_chown_key(struct tcb *tcp, key_serial_t id, int user, int group)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprintf(", %d, %d", user, group);
+	}
+	return 0;
+}
+
+static int
+keyctl_instantiate_key(struct tcb *tcp, key_serial_t id1, long addr,
+		       long len, key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprints(", ");
+		printstr(tcp, addr, len);
+		tprintf(", %lu, ", len);
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_instantiate_key_iov(struct tcb *tcp, key_serial_t id1,
+			   long addr, long len, key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprints(", ");
+		tprint_iov(tcp, len, addr, 1);
+		tprintf(", %lu, ", len);
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_negate_key(struct tcb *tcp, key_serial_t id1, unsigned timeout,
+		  key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprintf(", %u, ", timeout);
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_reject_key(struct tcb *tcp, key_serial_t id1, unsigned timeout,
+		  unsigned error, key_serial_t id2)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id1);
+		tprintf(", %u, %u, ", timeout, error);
+		print_keyring_serial_number(id2);
+	}
+	return 0;
+}
+
+static int
+keyctl_set_timeout(struct tcb *tcp, key_serial_t id, unsigned timeout)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprintf(", %u", timeout);
+	}
+	return 0;
+}
+
+static int
+keyctl_get_persistent(struct tcb *tcp, int uid, key_serial_t id)
+{
+	if (entering(tcp)) {
+		tprintf(", %d, ", uid);
+		print_keyring_serial_number(id);
+	}
+	return 0;
+}
+
+#define KEY_POS_VIEW	0x01000000
+#define KEY_POS_READ	0x02000000
+#define KEY_POS_WRITE	0x04000000
+#define KEY_POS_SEARCH	0x08000000
+#define KEY_POS_LINK	0x10000000
+#define KEY_POS_SETATTR	0x20000000
+#define KEY_POS_ALL	0x3f000000
+#define KEY_USR_VIEW	0x00010000
+#define KEY_USR_READ	0x00020000
+#define KEY_USR_WRITE	0x00040000
+#define KEY_USR_SEARCH	0x00080000
+#define KEY_USR_LINK	0x00100000
+#define KEY_USR_SETATTR	0x00200000
+#define KEY_USR_ALL	0x003f0000
+#define KEY_GRP_VIEW	0x00000100
+#define KEY_GRP_READ	0x00000200
+#define KEY_GRP_WRITE	0x00000400
+#define KEY_GRP_SEARCH	0x00000800
+#define KEY_GRP_LINK	0x00001000
+#define KEY_GRP_SETATTR	0x00002000
+#define KEY_GRP_ALL	0x00003f00
+#define KEY_OTH_VIEW	0x00000001
+#define KEY_OTH_READ	0x00000002
+#define KEY_OTH_WRITE	0x00000004
+#define KEY_OTH_SEARCH	0x00000008
+#define KEY_OTH_LINK	0x00000010
+#define KEY_OTH_SETATTR	0x00000020
+#define KEY_OTH_ALL	0x0000003f
+
+static const struct xlat key_perms[] = {
+	XLAT(KEY_POS_VIEW),
+	XLAT(KEY_POS_READ),
+	XLAT(KEY_POS_WRITE),
+	XLAT(KEY_POS_SEARCH),
+	XLAT(KEY_POS_LINK),
+	XLAT(KEY_POS_SETATTR),
+	XLAT(KEY_POS_ALL),
+	XLAT(KEY_USR_VIEW),
+	XLAT(KEY_USR_READ),
+	XLAT(KEY_USR_WRITE),
+	XLAT(KEY_USR_SEARCH),
+	XLAT(KEY_USR_LINK),
+	XLAT(KEY_USR_SETATTR),
+	XLAT(KEY_USR_ALL),
+	XLAT(KEY_GRP_VIEW),
+	XLAT(KEY_GRP_READ),
+	XLAT(KEY_GRP_WRITE),
+	XLAT(KEY_GRP_SEARCH),
+	XLAT(KEY_GRP_LINK),
+	XLAT(KEY_GRP_SETATTR),
+	XLAT(KEY_GRP_ALL),
+	XLAT(KEY_OTH_VIEW),
+	XLAT(KEY_OTH_READ),
+	XLAT(KEY_OTH_WRITE),
+	XLAT(KEY_OTH_SEARCH),
+	XLAT(KEY_OTH_LINK),
+	XLAT(KEY_OTH_SETATTR),
+	XLAT(KEY_OTH_ALL),
+	XLAT_END
+};
+
+static int
+keyctl_setperm_key(struct tcb *tcp, key_serial_t id, uint32_t perm)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		print_keyring_serial_number(id);
+		tprints(", ");
+		printflags(key_perms, perm, "KEY_???");
+	}
+	return 0;
+}
+
+static const struct xlat key_reqkeys[] = {
+	XLAT(KEY_REQKEY_DEFL_NO_CHANGE),
+	XLAT(KEY_REQKEY_DEFL_DEFAULT),
+	XLAT(KEY_REQKEY_DEFL_THREAD_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_PROCESS_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_SESSION_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_USER_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_USER_SESSION_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_GROUP_KEYRING),
+	XLAT(KEY_REQKEY_DEFL_REQUESTOR_KEYRING),
+	XLAT_END
+};
+
+static int
+keyctl_set_reqkey_keyring(struct tcb *tcp, int reqkey)
+{
+	if (entering(tcp)) {
+		tprints(", ");
+		printxval(key_reqkeys, reqkey, "KEY_REQKEY_DEFL_???");
+	}
+	return 0;
+}
+
+static const struct xlat keyctl_commands[] = {
+	XLAT(KEYCTL_GET_KEYRING_ID),
+	XLAT(KEYCTL_JOIN_SESSION_KEYRING),
+	XLAT(KEYCTL_UPDATE),
+	XLAT(KEYCTL_REVOKE),
+	XLAT(KEYCTL_CHOWN),
+	XLAT(KEYCTL_SETPERM),
+	XLAT(KEYCTL_DESCRIBE),
+	XLAT(KEYCTL_CLEAR),
+	XLAT(KEYCTL_LINK),
+	XLAT(KEYCTL_UNLINK),
+	XLAT(KEYCTL_SEARCH),
+	XLAT(KEYCTL_READ),
+	XLAT(KEYCTL_INSTANTIATE),
+	XLAT(KEYCTL_NEGATE),
+	XLAT(KEYCTL_SET_REQKEY_KEYRING),
+	XLAT(KEYCTL_SET_TIMEOUT),
+	XLAT(KEYCTL_ASSUME_AUTHORITY),
+	XLAT(KEYCTL_GET_SECURITY),
+	XLAT(KEYCTL_SESSION_TO_PARENT),
+	XLAT(KEYCTL_REJECT),
+	XLAT(KEYCTL_INSTANTIATE_IOV),
+	XLAT(KEYCTL_INVALIDATE),
+	XLAT(KEYCTL_GET_PERSISTENT),
+	XLAT_END
+};
+
+int
+sys_keyctl(struct tcb *tcp)
+{
+	int cmd = tcp->u_arg[0];
+
+	if (entering(tcp))
+		printxval(keyctl_commands, cmd, "KEYCTL_???");
+
+	switch (cmd) {
+	case KEYCTL_GET_KEYRING_ID:
+		return keyctl_get_keyring_id(tcp, tcp->u_arg[1], tcp->u_arg[2]);
+
+	case KEYCTL_JOIN_SESSION_KEYRING:
+		return keyctl_join_session_keyring(tcp, tcp->u_arg[1]);
+
+	case KEYCTL_UPDATE:
+		return keyctl_update_key(tcp, tcp->u_arg[1],
+					 tcp->u_arg[2], tcp->u_arg[3]);
+
+	case KEYCTL_REVOKE:
+	case KEYCTL_CLEAR:
+	case KEYCTL_INVALIDATE:
+	case KEYCTL_ASSUME_AUTHORITY:
+		return keyctl_handle_key(tcp, tcp->u_arg[1]);
+
+	case KEYCTL_LINK:
+	case KEYCTL_UNLINK:
+		return keyctl_handle_key_key(tcp, tcp->u_arg[1], tcp->u_arg[2]);
+
+	case KEYCTL_DESCRIBE:
+	case KEYCTL_READ:
+	case KEYCTL_GET_SECURITY:
+		return keyctl_read_key(tcp, tcp->u_arg[1],
+				       tcp->u_arg[2], tcp->u_arg[3]);
+
+	case KEYCTL_SEARCH:
+		return keyctl_keyring_search(tcp, tcp->u_arg[1], tcp->u_arg[2],
+					     tcp->u_arg[3], tcp->u_arg[4]);
+
+	case KEYCTL_CHOWN:
+		return keyctl_chown_key(tcp, tcp->u_arg[1],
+					tcp->u_arg[2], tcp->u_arg[3]);
+
+	case KEYCTL_SETPERM:
+		return keyctl_setperm_key(tcp, tcp->u_arg[1], tcp->u_arg[2]);
+
+	case KEYCTL_INSTANTIATE:
+		return keyctl_instantiate_key(tcp, tcp->u_arg[1], tcp->u_arg[2],
+					      tcp->u_arg[3], tcp->u_arg[4]);
+
+	case KEYCTL_NEGATE:
+		return keyctl_negate_key(tcp, tcp->u_arg[1],
+					 tcp->u_arg[2], tcp->u_arg[3]);
+
+	case KEYCTL_SET_REQKEY_KEYRING:
+		return keyctl_set_reqkey_keyring(tcp, tcp->u_arg[1]);
+
+	case KEYCTL_SET_TIMEOUT:
+		return keyctl_set_timeout(tcp, tcp->u_arg[1], tcp->u_arg[2]);
+
+	case KEYCTL_SESSION_TO_PARENT:
+		return 0;
+
+	case KEYCTL_REJECT:
+		return keyctl_reject_key(tcp, tcp->u_arg[1], tcp->u_arg[2],
+					 tcp->u_arg[3], tcp->u_arg[4]);
+
+	case KEYCTL_INSTANTIATE_IOV:
+		return keyctl_instantiate_key_iov(tcp, tcp->u_arg[1],
+						  tcp->u_arg[2], tcp->u_arg[3],
+						  tcp->u_arg[4]);
+
+	case KEYCTL_GET_PERSISTENT:
+		return keyctl_get_persistent(tcp, tcp->u_arg[1], tcp->u_arg[2]);
+
+	default:
+		if (entering(tcp))
+			tprintf(", %#lx, %#lx, %#lx, %#lx",
+				tcp->u_arg[1], tcp->u_arg[2],
+				tcp->u_arg[3], tcp->u_arg[4]);
+	}
+
+	return 0;
+}
diff --git a/linux/dummy.h b/linux/dummy.h
index 2804499..eefe781 100644
--- a/linux/dummy.h
+++ b/linux/dummy.h
@@ -32,15 +32,12 @@
 #endif
 
 /* still unfinished */
-#define	sys_add_key		printargs
 #define	sys_ioperm		printargs
 #define	sys_iopl		printargs
 #define	sys_kcmp		printargs
-#define	sys_keyctl		printargs
 #define	sys_lookup_dcookie	printargs
 #define	sys_name_to_handle_at	printargs
 #define	sys_open_by_handle_at	printargs
-#define	sys_request_key		printargs
 #define	sys_sysfs		printargs
 #define	sys_vm86old		printargs
 #define	sys_vm86		printargs
diff --git a/linux/keyctl.h b/linux/keyctl.h
new file mode 100644
index 0000000..840cb99
--- /dev/null
+++ b/linux/keyctl.h
@@ -0,0 +1,61 @@
+/* keyctl.h: keyctl command IDs
+ *
+ * Copyright (C) 2004, 2008 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _LINUX_KEYCTL_H
+#define _LINUX_KEYCTL_H
+
+/* special process keyring shortcut IDs */
+#define KEY_SPEC_THREAD_KEYRING		-1	/* - key ID for thread-specific keyring */
+#define KEY_SPEC_PROCESS_KEYRING	-2	/* - key ID for process-specific keyring */
+#define KEY_SPEC_SESSION_KEYRING	-3	/* - key ID for session-specific keyring */
+#define KEY_SPEC_USER_KEYRING		-4	/* - key ID for UID-specific keyring */
+#define KEY_SPEC_USER_SESSION_KEYRING	-5	/* - key ID for UID-session keyring */
+#define KEY_SPEC_GROUP_KEYRING		-6	/* - key ID for GID-specific keyring */
+#define KEY_SPEC_REQKEY_AUTH_KEY	-7	/* - key ID for assumed request_key auth key */
+#define KEY_SPEC_REQUESTOR_KEYRING	-8	/* - key ID for request_key() dest keyring */
+
+/* request-key default keyrings */
+#define KEY_REQKEY_DEFL_NO_CHANGE		-1
+#define KEY_REQKEY_DEFL_DEFAULT			0
+#define KEY_REQKEY_DEFL_THREAD_KEYRING		1
+#define KEY_REQKEY_DEFL_PROCESS_KEYRING		2
+#define KEY_REQKEY_DEFL_SESSION_KEYRING		3
+#define KEY_REQKEY_DEFL_USER_KEYRING		4
+#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING	5
+#define KEY_REQKEY_DEFL_GROUP_KEYRING		6
+#define KEY_REQKEY_DEFL_REQUESTOR_KEYRING	7
+
+/* keyctl commands */
+#define KEYCTL_GET_KEYRING_ID		0	/* ask for a keyring's ID */
+#define KEYCTL_JOIN_SESSION_KEYRING	1	/* join or start named session keyring */
+#define KEYCTL_UPDATE			2	/* update a key */
+#define KEYCTL_REVOKE			3	/* revoke a key */
+#define KEYCTL_CHOWN			4	/* set ownership of a key */
+#define KEYCTL_SETPERM			5	/* set perms on a key */
+#define KEYCTL_DESCRIBE			6	/* describe a key */
+#define KEYCTL_CLEAR			7	/* clear contents of a keyring */
+#define KEYCTL_LINK			8	/* link a key into a keyring */
+#define KEYCTL_UNLINK			9	/* unlink a key from a keyring */
+#define KEYCTL_SEARCH			10	/* search for a key in a keyring */
+#define KEYCTL_READ			11	/* read a key or keyring's contents */
+#define KEYCTL_INSTANTIATE		12	/* instantiate a partially constructed key */
+#define KEYCTL_NEGATE			13	/* negate a partially constructed key */
+#define KEYCTL_SET_REQKEY_KEYRING	14	/* set default request-key keyring */
+#define KEYCTL_SET_TIMEOUT		15	/* set key timeout */
+#define KEYCTL_ASSUME_AUTHORITY		16	/* assume request_key() authorisation */
+#define KEYCTL_GET_SECURITY		17	/* get key security label */
+#define KEYCTL_SESSION_TO_PARENT	18	/* apply session keyring to parent process */
+#define KEYCTL_REJECT			19	/* reject a partially constructed key */
+#define KEYCTL_INSTANTIATE_IOV		20	/* instantiate a partially constructed key */
+#define KEYCTL_INVALIDATE		21	/* invalidate a key */
+#define KEYCTL_GET_PERSISTENT		22	/* get a user's persistent keyring */
+
+#endif /*  _LINUX_KEYCTL_H */
diff --git a/linux/syscall.h b/linux/syscall.h
index 316113e..8725040 100644
--- a/linux/syscall.h
+++ b/linux/syscall.h
@@ -33,6 +33,7 @@
 int sys_accept();
 int sys_accept4();
 int sys_access();
+int sys_add_key();
 int sys_adjtimex();
 int sys_arch_prctl();
 int sys_bind();
@@ -124,6 +125,7 @@ int sys_ioctl();
 int sys_ioprio_get();
 int sys_ioprio_set();
 int sys_ipc();
+int sys_keyctl();
 int sys_kexec_load();
 int sys_kill();
 int sys_link();
@@ -203,6 +205,7 @@ int sys_recvmsg();
 int sys_remap_file_pages();
 int sys_removexattr();
 int sys_renameat();
+int sys_request_key();
 int sys_restart_syscall();
 int sys_rt_sigaction();
 int sys_rt_sigpending();
-- 
cgit v1.2.3