process_keys.c 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887
  1. /* Manage a process's keyrings
  2. *
  3. * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
  4. * Written by David Howells (dhowells@redhat.com)
  5. *
  6. * This program is free software; you can redistribute it and/or
  7. * modify it under the terms of the GNU General Public License
  8. * as published by the Free Software Foundation; either version
  9. * 2 of the License, or (at your option) any later version.
  10. */
  11. #include <linux/module.h>
  12. #include <linux/init.h>
  13. #include <linux/sched.h>
  14. #include <linux/keyctl.h>
  15. #include <linux/fs.h>
  16. #include <linux/err.h>
  17. #include <linux/mutex.h>
  18. #include <linux/security.h>
  19. #include <linux/user_namespace.h>
  20. #include <asm/uaccess.h>
  21. #include "internal.h"
  22. /* Session keyring create vs join semaphore */
  23. static DEFINE_MUTEX(key_session_mutex);
  24. /* User keyring creation semaphore */
  25. static DEFINE_MUTEX(key_user_keyring_mutex);
  26. /* The root user's tracking struct */
  27. struct key_user root_key_user = {
  28. .usage = ATOMIC_INIT(3),
  29. .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
  30. .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
  31. .nkeys = ATOMIC_INIT(2),
  32. .nikeys = ATOMIC_INIT(2),
  33. .uid = GLOBAL_ROOT_UID,
  34. };
  35. /*
  36. * Install the user and user session keyrings for the current process's UID.
  37. */
  38. int install_user_keyrings(void)
  39. {
  40. struct user_struct *user;
  41. const struct cred *cred;
  42. struct key *uid_keyring, *session_keyring;
  43. key_perm_t user_keyring_perm;
  44. char buf[20];
  45. int ret;
  46. uid_t uid;
  47. user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
  48. cred = current_cred();
  49. user = cred->user;
  50. uid = from_kuid(cred->user_ns, user->uid);
  51. kenter("%p{%u}", user, uid);
  52. if (user->uid_keyring && user->session_keyring) {
  53. kleave(" = 0 [exist]");
  54. return 0;
  55. }
  56. mutex_lock(&key_user_keyring_mutex);
  57. ret = 0;
  58. if (!user->uid_keyring) {
  59. /* get the UID-specific keyring
  60. * - there may be one in existence already as it may have been
  61. * pinned by a session, but the user_struct pointing to it
  62. * may have been destroyed by setuid */
  63. sprintf(buf, "_uid.%u", uid);
  64. uid_keyring = find_keyring_by_name(buf, true);
  65. if (IS_ERR(uid_keyring)) {
  66. uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
  67. cred, user_keyring_perm,
  68. KEY_ALLOC_UID_KEYRING |
  69. KEY_ALLOC_IN_QUOTA,
  70. NULL);
  71. if (IS_ERR(uid_keyring)) {
  72. ret = PTR_ERR(uid_keyring);
  73. goto error;
  74. }
  75. }
  76. /* get a default session keyring (which might also exist
  77. * already) */
  78. sprintf(buf, "_uid_ses.%u", uid);
  79. session_keyring = find_keyring_by_name(buf, true);
  80. if (IS_ERR(session_keyring)) {
  81. session_keyring =
  82. keyring_alloc(buf, user->uid, INVALID_GID,
  83. cred, user_keyring_perm,
  84. KEY_ALLOC_UID_KEYRING |
  85. KEY_ALLOC_IN_QUOTA,
  86. NULL);
  87. if (IS_ERR(session_keyring)) {
  88. ret = PTR_ERR(session_keyring);
  89. goto error_release;
  90. }
  91. /* we install a link from the user session keyring to
  92. * the user keyring */
  93. ret = key_link(session_keyring, uid_keyring);
  94. if (ret < 0)
  95. goto error_release_both;
  96. }
  97. /* install the keyrings */
  98. user->uid_keyring = uid_keyring;
  99. user->session_keyring = session_keyring;
  100. }
  101. mutex_unlock(&key_user_keyring_mutex);
  102. kleave(" = 0");
  103. return 0;
  104. error_release_both:
  105. key_put(session_keyring);
  106. error_release:
  107. key_put(uid_keyring);
  108. error:
  109. mutex_unlock(&key_user_keyring_mutex);
  110. kleave(" = %d", ret);
  111. return ret;
  112. }
  113. /*
  114. * Install a thread keyring to the given credentials struct if it didn't have
  115. * one already. This is allowed to overrun the quota.
  116. *
  117. * Return: 0 if a thread keyring is now present; -errno on failure.
  118. */
  119. int install_thread_keyring_to_cred(struct cred *new)
  120. {
  121. struct key *keyring;
  122. if (new->thread_keyring)
  123. return 0;
  124. keyring = keyring_alloc("_tid", new->uid, new->gid, new,
  125. KEY_POS_ALL | KEY_USR_VIEW,
  126. KEY_ALLOC_QUOTA_OVERRUN, NULL);
  127. if (IS_ERR(keyring))
  128. return PTR_ERR(keyring);
  129. new->thread_keyring = keyring;
  130. return 0;
  131. }
  132. /*
  133. * Install a thread keyring to the current task if it didn't have one already.
  134. *
  135. * Return: 0 if a thread keyring is now present; -errno on failure.
  136. */
  137. static int install_thread_keyring(void)
  138. {
  139. struct cred *new;
  140. int ret;
  141. new = prepare_creds();
  142. if (!new)
  143. return -ENOMEM;
  144. ret = install_thread_keyring_to_cred(new);
  145. if (ret < 0) {
  146. abort_creds(new);
  147. return ret;
  148. }
  149. return commit_creds(new);
  150. }
  151. /*
  152. * Install a process keyring to the given credentials struct if it didn't have
  153. * one already. This is allowed to overrun the quota.
  154. *
  155. * Return: 0 if a process keyring is now present; -errno on failure.
  156. */
  157. int install_process_keyring_to_cred(struct cred *new)
  158. {
  159. struct key *keyring;
  160. if (new->process_keyring)
  161. return 0;
  162. keyring = keyring_alloc("_pid", new->uid, new->gid, new,
  163. KEY_POS_ALL | KEY_USR_VIEW,
  164. KEY_ALLOC_QUOTA_OVERRUN, NULL);
  165. if (IS_ERR(keyring))
  166. return PTR_ERR(keyring);
  167. new->process_keyring = keyring;
  168. return 0;
  169. }
  170. /*
  171. * Install a process keyring to the current task if it didn't have one already.
  172. *
  173. * Return: 0 if a process keyring is now present; -errno on failure.
  174. */
  175. static int install_process_keyring(void)
  176. {
  177. struct cred *new;
  178. int ret;
  179. new = prepare_creds();
  180. if (!new)
  181. return -ENOMEM;
  182. ret = install_process_keyring_to_cred(new);
  183. if (ret < 0) {
  184. abort_creds(new);
  185. return ret;
  186. }
  187. return commit_creds(new);
  188. }
  189. /*
  190. * Install the given keyring as the session keyring of the given credentials
  191. * struct, replacing the existing one if any. If the given keyring is NULL,
  192. * then install a new anonymous session keyring.
  193. *
  194. * Return: 0 on success; -errno on failure.
  195. */
  196. int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
  197. {
  198. unsigned long flags;
  199. struct key *old;
  200. might_sleep();
  201. /* create an empty session keyring */
  202. if (!keyring) {
  203. flags = KEY_ALLOC_QUOTA_OVERRUN;
  204. if (cred->session_keyring)
  205. flags = KEY_ALLOC_IN_QUOTA;
  206. keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
  207. KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
  208. flags, NULL);
  209. if (IS_ERR(keyring))
  210. return PTR_ERR(keyring);
  211. } else {
  212. __key_get(keyring);
  213. }
  214. /* install the keyring */
  215. old = cred->session_keyring;
  216. rcu_assign_pointer(cred->session_keyring, keyring);
  217. if (old)
  218. key_put(old);
  219. return 0;
  220. }
  221. /*
  222. * Install the given keyring as the session keyring of the current task,
  223. * replacing the existing one if any. If the given keyring is NULL, then
  224. * install a new anonymous session keyring.
  225. *
  226. * Return: 0 on success; -errno on failure.
  227. */
  228. static int install_session_keyring(struct key *keyring)
  229. {
  230. struct cred *new;
  231. int ret;
  232. new = prepare_creds();
  233. if (!new)
  234. return -ENOMEM;
  235. ret = install_session_keyring_to_cred(new, keyring);
  236. if (ret < 0) {
  237. abort_creds(new);
  238. return ret;
  239. }
  240. return commit_creds(new);
  241. }
  242. /*
  243. * Handle the fsuid changing.
  244. */
  245. void key_fsuid_changed(struct task_struct *tsk)
  246. {
  247. /* update the ownership of the thread keyring */
  248. BUG_ON(!tsk->cred);
  249. if (tsk->cred->thread_keyring) {
  250. down_write(&tsk->cred->thread_keyring->sem);
  251. tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
  252. up_write(&tsk->cred->thread_keyring->sem);
  253. }
  254. }
  255. /*
  256. * Handle the fsgid changing.
  257. */
  258. void key_fsgid_changed(struct task_struct *tsk)
  259. {
  260. /* update the ownership of the thread keyring */
  261. BUG_ON(!tsk->cred);
  262. if (tsk->cred->thread_keyring) {
  263. down_write(&tsk->cred->thread_keyring->sem);
  264. tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
  265. up_write(&tsk->cred->thread_keyring->sem);
  266. }
  267. }
  268. /*
  269. * Search the process keyrings attached to the supplied cred for the first
  270. * matching key.
  271. *
  272. * The search criteria are the type and the match function. The description is
  273. * given to the match function as a parameter, but doesn't otherwise influence
  274. * the search. Typically the match function will compare the description
  275. * parameter to the key's description.
  276. *
  277. * This can only search keyrings that grant Search permission to the supplied
  278. * credentials. Keyrings linked to searched keyrings will also be searched if
  279. * they grant Search permission too. Keys can only be found if they grant
  280. * Search permission to the credentials.
  281. *
  282. * Returns a pointer to the key with the key usage count incremented if
  283. * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
  284. * matched negative keys.
  285. *
  286. * In the case of a successful return, the possession attribute is set on the
  287. * returned key reference.
  288. */
  289. key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
  290. {
  291. key_ref_t key_ref, ret, err;
  292. /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
  293. * searchable, but we failed to find a key or we found a negative key;
  294. * otherwise we want to return a sample error (probably -EACCES) if
  295. * none of the keyrings were searchable
  296. *
  297. * in terms of priority: success > -ENOKEY > -EAGAIN > other error
  298. */
  299. key_ref = NULL;
  300. ret = NULL;
  301. err = ERR_PTR(-EAGAIN);
  302. /* search the thread keyring first */
  303. if (ctx->cred->thread_keyring) {
  304. key_ref = keyring_search_aux(
  305. make_key_ref(ctx->cred->thread_keyring, 1), ctx);
  306. if (!IS_ERR(key_ref))
  307. goto found;
  308. switch (PTR_ERR(key_ref)) {
  309. case -EAGAIN: /* no key */
  310. case -ENOKEY: /* negative key */
  311. ret = key_ref;
  312. break;
  313. default:
  314. err = key_ref;
  315. break;
  316. }
  317. }
  318. /* search the process keyring second */
  319. if (ctx->cred->process_keyring) {
  320. key_ref = keyring_search_aux(
  321. make_key_ref(ctx->cred->process_keyring, 1), ctx);
  322. if (!IS_ERR(key_ref))
  323. goto found;
  324. switch (PTR_ERR(key_ref)) {
  325. case -EAGAIN: /* no key */
  326. if (ret)
  327. break;
  328. case -ENOKEY: /* negative key */
  329. ret = key_ref;
  330. break;
  331. default:
  332. err = key_ref;
  333. break;
  334. }
  335. }
  336. /* search the session keyring */
  337. if (ctx->cred->session_keyring) {
  338. rcu_read_lock();
  339. key_ref = keyring_search_aux(
  340. make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
  341. ctx);
  342. rcu_read_unlock();
  343. if (!IS_ERR(key_ref))
  344. goto found;
  345. switch (PTR_ERR(key_ref)) {
  346. case -EAGAIN: /* no key */
  347. if (ret)
  348. break;
  349. case -ENOKEY: /* negative key */
  350. ret = key_ref;
  351. break;
  352. default:
  353. err = key_ref;
  354. break;
  355. }
  356. }
  357. /* or search the user-session keyring */
  358. else if (ctx->cred->user->session_keyring) {
  359. key_ref = keyring_search_aux(
  360. make_key_ref(ctx->cred->user->session_keyring, 1),
  361. ctx);
  362. if (!IS_ERR(key_ref))
  363. goto found;
  364. switch (PTR_ERR(key_ref)) {
  365. case -EAGAIN: /* no key */
  366. if (ret)
  367. break;
  368. case -ENOKEY: /* negative key */
  369. ret = key_ref;
  370. break;
  371. default:
  372. err = key_ref;
  373. break;
  374. }
  375. }
  376. /* no key - decide on the error we're going to go for */
  377. key_ref = ret ? ret : err;
  378. found:
  379. return key_ref;
  380. }
  381. /*
  382. * Search the process keyrings attached to the supplied cred for the first
  383. * matching key in the manner of search_my_process_keyrings(), but also search
  384. * the keys attached to the assumed authorisation key using its credentials if
  385. * one is available.
  386. *
  387. * Return same as search_my_process_keyrings().
  388. */
  389. key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
  390. {
  391. struct request_key_auth *rka;
  392. key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
  393. might_sleep();
  394. key_ref = search_my_process_keyrings(ctx);
  395. if (!IS_ERR(key_ref))
  396. goto found;
  397. err = key_ref;
  398. /* if this process has an instantiation authorisation key, then we also
  399. * search the keyrings of the process mentioned there
  400. * - we don't permit access to request_key auth keys via this method
  401. */
  402. if (ctx->cred->request_key_auth &&
  403. ctx->cred == current_cred() &&
  404. ctx->index_key.type != &key_type_request_key_auth
  405. ) {
  406. const struct cred *cred = ctx->cred;
  407. /* defend against the auth key being revoked */
  408. down_read(&cred->request_key_auth->sem);
  409. if (key_validate(ctx->cred->request_key_auth) == 0) {
  410. rka = ctx->cred->request_key_auth->payload.data[0];
  411. ctx->cred = rka->cred;
  412. key_ref = search_process_keyrings(ctx);
  413. ctx->cred = cred;
  414. up_read(&cred->request_key_auth->sem);
  415. if (!IS_ERR(key_ref))
  416. goto found;
  417. ret = key_ref;
  418. } else {
  419. up_read(&cred->request_key_auth->sem);
  420. }
  421. }
  422. /* no key - decide on the error we're going to go for */
  423. if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
  424. key_ref = ERR_PTR(-ENOKEY);
  425. else if (err == ERR_PTR(-EACCES))
  426. key_ref = ret;
  427. else
  428. key_ref = err;
  429. found:
  430. return key_ref;
  431. }
  432. /*
  433. * See if the key we're looking at is the target key.
  434. */
  435. bool lookup_user_key_possessed(const struct key *key,
  436. const struct key_match_data *match_data)
  437. {
  438. return key == match_data->raw_data;
  439. }
  440. /*
  441. * Look up a key ID given us by userspace with a given permissions mask to get
  442. * the key it refers to.
  443. *
  444. * Flags can be passed to request that special keyrings be created if referred
  445. * to directly, to permit partially constructed keys to be found and to skip
  446. * validity and permission checks on the found key.
  447. *
  448. * Returns a pointer to the key with an incremented usage count if successful;
  449. * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
  450. * to a key or the best found key was a negative key; -EKEYREVOKED or
  451. * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
  452. * found key doesn't grant the requested permit or the LSM denied access to it;
  453. * or -ENOMEM if a special keyring couldn't be created.
  454. *
  455. * In the case of a successful return, the possession attribute is set on the
  456. * returned key reference.
  457. */
  458. key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
  459. key_perm_t perm)
  460. {
  461. struct keyring_search_context ctx = {
  462. .match_data.cmp = lookup_user_key_possessed,
  463. .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
  464. .flags = KEYRING_SEARCH_NO_STATE_CHECK,
  465. };
  466. struct request_key_auth *rka;
  467. struct key *key;
  468. key_ref_t key_ref, skey_ref;
  469. int ret;
  470. try_again:
  471. ctx.cred = get_current_cred();
  472. key_ref = ERR_PTR(-ENOKEY);
  473. switch (id) {
  474. case KEY_SPEC_THREAD_KEYRING:
  475. if (!ctx.cred->thread_keyring) {
  476. if (!(lflags & KEY_LOOKUP_CREATE))
  477. goto error;
  478. ret = install_thread_keyring();
  479. if (ret < 0) {
  480. key_ref = ERR_PTR(ret);
  481. goto error;
  482. }
  483. goto reget_creds;
  484. }
  485. key = ctx.cred->thread_keyring;
  486. __key_get(key);
  487. key_ref = make_key_ref(key, 1);
  488. break;
  489. case KEY_SPEC_PROCESS_KEYRING:
  490. if (!ctx.cred->process_keyring) {
  491. if (!(lflags & KEY_LOOKUP_CREATE))
  492. goto error;
  493. ret = install_process_keyring();
  494. if (ret < 0) {
  495. key_ref = ERR_PTR(ret);
  496. goto error;
  497. }
  498. goto reget_creds;
  499. }
  500. key = ctx.cred->process_keyring;
  501. __key_get(key);
  502. key_ref = make_key_ref(key, 1);
  503. break;
  504. case KEY_SPEC_SESSION_KEYRING:
  505. if (!ctx.cred->session_keyring) {
  506. /* always install a session keyring upon access if one
  507. * doesn't exist yet */
  508. ret = install_user_keyrings();
  509. if (ret < 0)
  510. goto error;
  511. if (lflags & KEY_LOOKUP_CREATE)
  512. ret = join_session_keyring(NULL);
  513. else
  514. ret = install_session_keyring(
  515. ctx.cred->user->session_keyring);
  516. if (ret < 0)
  517. goto error;
  518. goto reget_creds;
  519. } else if (ctx.cred->session_keyring ==
  520. ctx.cred->user->session_keyring &&
  521. lflags & KEY_LOOKUP_CREATE) {
  522. ret = join_session_keyring(NULL);
  523. if (ret < 0)
  524. goto error;
  525. goto reget_creds;
  526. }
  527. rcu_read_lock();
  528. key = rcu_dereference(ctx.cred->session_keyring);
  529. __key_get(key);
  530. rcu_read_unlock();
  531. key_ref = make_key_ref(key, 1);
  532. break;
  533. case KEY_SPEC_USER_KEYRING:
  534. if (!ctx.cred->user->uid_keyring) {
  535. ret = install_user_keyrings();
  536. if (ret < 0)
  537. goto error;
  538. }
  539. key = ctx.cred->user->uid_keyring;
  540. __key_get(key);
  541. key_ref = make_key_ref(key, 1);
  542. break;
  543. case KEY_SPEC_USER_SESSION_KEYRING:
  544. if (!ctx.cred->user->session_keyring) {
  545. ret = install_user_keyrings();
  546. if (ret < 0)
  547. goto error;
  548. }
  549. key = ctx.cred->user->session_keyring;
  550. __key_get(key);
  551. key_ref = make_key_ref(key, 1);
  552. break;
  553. case KEY_SPEC_GROUP_KEYRING:
  554. /* group keyrings are not yet supported */
  555. key_ref = ERR_PTR(-EINVAL);
  556. goto error;
  557. case KEY_SPEC_REQKEY_AUTH_KEY:
  558. key = ctx.cred->request_key_auth;
  559. if (!key)
  560. goto error;
  561. __key_get(key);
  562. key_ref = make_key_ref(key, 1);
  563. break;
  564. case KEY_SPEC_REQUESTOR_KEYRING:
  565. if (!ctx.cred->request_key_auth)
  566. goto error;
  567. down_read(&ctx.cred->request_key_auth->sem);
  568. if (test_bit(KEY_FLAG_REVOKED,
  569. &ctx.cred->request_key_auth->flags)) {
  570. key_ref = ERR_PTR(-EKEYREVOKED);
  571. key = NULL;
  572. } else {
  573. rka = ctx.cred->request_key_auth->payload.data[0];
  574. key = rka->dest_keyring;
  575. __key_get(key);
  576. }
  577. up_read(&ctx.cred->request_key_auth->sem);
  578. if (!key)
  579. goto error;
  580. key_ref = make_key_ref(key, 1);
  581. break;
  582. default:
  583. key_ref = ERR_PTR(-EINVAL);
  584. if (id < 1)
  585. goto error;
  586. key = key_lookup(id);
  587. if (IS_ERR(key)) {
  588. key_ref = ERR_CAST(key);
  589. goto error;
  590. }
  591. key_ref = make_key_ref(key, 0);
  592. /* check to see if we possess the key */
  593. ctx.index_key.type = key->type;
  594. ctx.index_key.description = key->description;
  595. ctx.index_key.desc_len = strlen(key->description);
  596. ctx.match_data.raw_data = key;
  597. kdebug("check possessed");
  598. skey_ref = search_process_keyrings(&ctx);
  599. kdebug("possessed=%p", skey_ref);
  600. if (!IS_ERR(skey_ref)) {
  601. key_put(key);
  602. key_ref = skey_ref;
  603. }
  604. break;
  605. }
  606. /* unlink does not use the nominated key in any way, so can skip all
  607. * the permission checks as it is only concerned with the keyring */
  608. if (lflags & KEY_LOOKUP_FOR_UNLINK) {
  609. ret = 0;
  610. goto error;
  611. }
  612. if (!(lflags & KEY_LOOKUP_PARTIAL)) {
  613. ret = wait_for_key_construction(key, true);
  614. switch (ret) {
  615. case -ERESTARTSYS:
  616. goto invalid_key;
  617. default:
  618. if (perm)
  619. goto invalid_key;
  620. case 0:
  621. break;
  622. }
  623. } else if (perm) {
  624. ret = key_validate(key);
  625. if (ret < 0)
  626. goto invalid_key;
  627. }
  628. ret = -EIO;
  629. if (!(lflags & KEY_LOOKUP_PARTIAL) &&
  630. key_read_state(key) == KEY_IS_UNINSTANTIATED)
  631. goto invalid_key;
  632. /* check the permissions */
  633. ret = key_task_permission(key_ref, ctx.cred, perm);
  634. if (ret < 0)
  635. goto invalid_key;
  636. key->last_used_at = current_kernel_time().tv_sec;
  637. error:
  638. put_cred(ctx.cred);
  639. return key_ref;
  640. invalid_key:
  641. key_ref_put(key_ref);
  642. key_ref = ERR_PTR(ret);
  643. goto error;
  644. /* if we attempted to install a keyring, then it may have caused new
  645. * creds to be installed */
  646. reget_creds:
  647. put_cred(ctx.cred);
  648. goto try_again;
  649. }
  650. /*
  651. * Join the named keyring as the session keyring if possible else attempt to
  652. * create a new one of that name and join that.
  653. *
  654. * If the name is NULL, an empty anonymous keyring will be installed as the
  655. * session keyring.
  656. *
  657. * Named session keyrings are joined with a semaphore held to prevent the
  658. * keyrings from going away whilst the attempt is made to going them and also
  659. * to prevent a race in creating compatible session keyrings.
  660. */
  661. long join_session_keyring(const char *name)
  662. {
  663. const struct cred *old;
  664. struct cred *new;
  665. struct key *keyring;
  666. long ret, serial;
  667. new = prepare_creds();
  668. if (!new)
  669. return -ENOMEM;
  670. old = current_cred();
  671. /* if no name is provided, install an anonymous keyring */
  672. if (!name) {
  673. ret = install_session_keyring_to_cred(new, NULL);
  674. if (ret < 0)
  675. goto error;
  676. serial = new->session_keyring->serial;
  677. ret = commit_creds(new);
  678. if (ret == 0)
  679. ret = serial;
  680. goto okay;
  681. }
  682. /* allow the user to join or create a named keyring */
  683. mutex_lock(&key_session_mutex);
  684. /* look for an existing keyring of this name */
  685. keyring = find_keyring_by_name(name, false);
  686. if (PTR_ERR(keyring) == -ENOKEY) {
  687. /* not found - try and create a new one */
  688. keyring = keyring_alloc(
  689. name, old->uid, old->gid, old,
  690. KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
  691. KEY_ALLOC_IN_QUOTA, NULL);
  692. if (IS_ERR(keyring)) {
  693. ret = PTR_ERR(keyring);
  694. goto error2;
  695. }
  696. } else if (IS_ERR(keyring)) {
  697. ret = PTR_ERR(keyring);
  698. goto error2;
  699. } else if (keyring == new->session_keyring) {
  700. ret = 0;
  701. goto error3;
  702. }
  703. /* we've got a keyring - now to install it */
  704. ret = install_session_keyring_to_cred(new, keyring);
  705. if (ret < 0)
  706. goto error3;
  707. commit_creds(new);
  708. mutex_unlock(&key_session_mutex);
  709. ret = keyring->serial;
  710. key_put(keyring);
  711. okay:
  712. return ret;
  713. error3:
  714. key_put(keyring);
  715. error2:
  716. mutex_unlock(&key_session_mutex);
  717. error:
  718. abort_creds(new);
  719. return ret;
  720. }
  721. /*
  722. * Replace a process's session keyring on behalf of one of its children when
  723. * the target process is about to resume userspace execution.
  724. */
  725. void key_change_session_keyring(struct callback_head *twork)
  726. {
  727. const struct cred *old = current_cred();
  728. struct cred *new = container_of(twork, struct cred, rcu);
  729. if (unlikely(current->flags & PF_EXITING)) {
  730. put_cred(new);
  731. return;
  732. }
  733. new-> uid = old-> uid;
  734. new-> euid = old-> euid;
  735. new-> suid = old-> suid;
  736. new->fsuid = old->fsuid;
  737. new-> gid = old-> gid;
  738. new-> egid = old-> egid;
  739. new-> sgid = old-> sgid;
  740. new->fsgid = old->fsgid;
  741. new->user = get_uid(old->user);
  742. new->user_ns = get_user_ns(old->user_ns);
  743. new->group_info = get_group_info(old->group_info);
  744. new->securebits = old->securebits;
  745. new->cap_inheritable = old->cap_inheritable;
  746. new->cap_permitted = old->cap_permitted;
  747. new->cap_effective = old->cap_effective;
  748. new->cap_ambient = old->cap_ambient;
  749. new->cap_bset = old->cap_bset;
  750. new->jit_keyring = old->jit_keyring;
  751. new->thread_keyring = key_get(old->thread_keyring);
  752. new->process_keyring = key_get(old->process_keyring);
  753. security_transfer_creds(new, old);
  754. commit_creds(new);
  755. }
  756. /*
  757. * Make sure that root's user and user-session keyrings exist.
  758. */
  759. static int __init init_root_keyring(void)
  760. {
  761. return install_user_keyrings();
  762. }
  763. late_initcall(init_root_keyring);