]>
Commit | Line | Data |
---|---|---|
973c9f4f | 1 | /* Manage a process's keyrings |
1da177e4 | 2 | * |
69664cf1 | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/sched.h> | |
1da177e4 LT |
15 | #include <linux/keyctl.h> |
16 | #include <linux/fs.h> | |
17 | #include <linux/err.h> | |
bb003079 | 18 | #include <linux/mutex.h> |
ee18d64c | 19 | #include <linux/security.h> |
1d1e9756 | 20 | #include <linux/user_namespace.h> |
1da177e4 LT |
21 | #include <asm/uaccess.h> |
22 | #include "internal.h" | |
23 | ||
973c9f4f | 24 | /* Session keyring create vs join semaphore */ |
bb003079 | 25 | static DEFINE_MUTEX(key_session_mutex); |
1da177e4 | 26 | |
973c9f4f | 27 | /* User keyring creation semaphore */ |
69664cf1 DH |
28 | static DEFINE_MUTEX(key_user_keyring_mutex); |
29 | ||
973c9f4f | 30 | /* The root user's tracking struct */ |
1da177e4 LT |
31 | struct key_user root_key_user = { |
32 | .usage = ATOMIC_INIT(3), | |
76181c13 | 33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
6cfd76a2 | 34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
1da177e4 LT |
35 | .nkeys = ATOMIC_INIT(2), |
36 | .nikeys = ATOMIC_INIT(2), | |
37 | .uid = 0, | |
1d1e9756 | 38 | .user_ns = &init_user_ns, |
1da177e4 LT |
39 | }; |
40 | ||
1da177e4 | 41 | /* |
973c9f4f | 42 | * Install the user and user session keyrings for the current process's UID. |
1da177e4 | 43 | */ |
8bbf4976 | 44 | int install_user_keyrings(void) |
1da177e4 | 45 | { |
d84f4f99 DH |
46 | struct user_struct *user; |
47 | const struct cred *cred; | |
1da177e4 LT |
48 | struct key *uid_keyring, *session_keyring; |
49 | char buf[20]; | |
50 | int ret; | |
51 | ||
d84f4f99 DH |
52 | cred = current_cred(); |
53 | user = cred->user; | |
54 | ||
69664cf1 | 55 | kenter("%p{%u}", user, user->uid); |
1da177e4 | 56 | |
69664cf1 DH |
57 | if (user->uid_keyring) { |
58 | kleave(" = 0 [exist]"); | |
59 | return 0; | |
1da177e4 LT |
60 | } |
61 | ||
69664cf1 DH |
62 | mutex_lock(&key_user_keyring_mutex); |
63 | ret = 0; | |
1da177e4 | 64 | |
69664cf1 DH |
65 | if (!user->uid_keyring) { |
66 | /* get the UID-specific keyring | |
67 | * - there may be one in existence already as it may have been | |
68 | * pinned by a session, but the user_struct pointing to it | |
69 | * may have been destroyed by setuid */ | |
70 | sprintf(buf, "_uid.%u", user->uid); | |
71 | ||
72 | uid_keyring = find_keyring_by_name(buf, true); | |
73 | if (IS_ERR(uid_keyring)) { | |
74 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 75 | cred, KEY_ALLOC_IN_QUOTA, |
69664cf1 DH |
76 | NULL); |
77 | if (IS_ERR(uid_keyring)) { | |
78 | ret = PTR_ERR(uid_keyring); | |
79 | goto error; | |
80 | } | |
81 | } | |
82 | ||
83 | /* get a default session keyring (which might also exist | |
84 | * already) */ | |
85 | sprintf(buf, "_uid_ses.%u", user->uid); | |
86 | ||
87 | session_keyring = find_keyring_by_name(buf, true); | |
88 | if (IS_ERR(session_keyring)) { | |
89 | session_keyring = | |
90 | keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 91 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
69664cf1 DH |
92 | if (IS_ERR(session_keyring)) { |
93 | ret = PTR_ERR(session_keyring); | |
94 | goto error_release; | |
95 | } | |
96 | ||
97 | /* we install a link from the user session keyring to | |
98 | * the user keyring */ | |
99 | ret = key_link(session_keyring, uid_keyring); | |
100 | if (ret < 0) | |
101 | goto error_release_both; | |
102 | } | |
103 | ||
104 | /* install the keyrings */ | |
105 | user->uid_keyring = uid_keyring; | |
106 | user->session_keyring = session_keyring; | |
1da177e4 LT |
107 | } |
108 | ||
69664cf1 DH |
109 | mutex_unlock(&key_user_keyring_mutex); |
110 | kleave(" = 0"); | |
111 | return 0; | |
1da177e4 | 112 | |
69664cf1 DH |
113 | error_release_both: |
114 | key_put(session_keyring); | |
115 | error_release: | |
116 | key_put(uid_keyring); | |
664cceb0 | 117 | error: |
69664cf1 DH |
118 | mutex_unlock(&key_user_keyring_mutex); |
119 | kleave(" = %d", ret); | |
1da177e4 | 120 | return ret; |
69664cf1 | 121 | } |
1da177e4 | 122 | |
1da177e4 | 123 | /* |
973c9f4f DH |
124 | * Install a fresh thread keyring directly to new credentials. This keyring is |
125 | * allowed to overrun the quota. | |
1da177e4 | 126 | */ |
d84f4f99 | 127 | int install_thread_keyring_to_cred(struct cred *new) |
1da177e4 | 128 | { |
d84f4f99 | 129 | struct key *keyring; |
1da177e4 | 130 | |
d84f4f99 DH |
131 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
132 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
133 | if (IS_ERR(keyring)) | |
134 | return PTR_ERR(keyring); | |
1da177e4 | 135 | |
d84f4f99 DH |
136 | new->thread_keyring = keyring; |
137 | return 0; | |
138 | } | |
1da177e4 | 139 | |
1da177e4 | 140 | /* |
973c9f4f | 141 | * Install a fresh thread keyring, discarding the old one. |
1da177e4 | 142 | */ |
d84f4f99 | 143 | static int install_thread_keyring(void) |
1da177e4 | 144 | { |
d84f4f99 | 145 | struct cred *new; |
1da177e4 LT |
146 | int ret; |
147 | ||
d84f4f99 DH |
148 | new = prepare_creds(); |
149 | if (!new) | |
150 | return -ENOMEM; | |
1da177e4 | 151 | |
d84f4f99 DH |
152 | BUG_ON(new->thread_keyring); |
153 | ||
154 | ret = install_thread_keyring_to_cred(new); | |
155 | if (ret < 0) { | |
156 | abort_creds(new); | |
157 | return ret; | |
1da177e4 LT |
158 | } |
159 | ||
d84f4f99 DH |
160 | return commit_creds(new); |
161 | } | |
1da177e4 | 162 | |
d84f4f99 | 163 | /* |
973c9f4f DH |
164 | * Install a process keyring directly to a credentials struct. |
165 | * | |
166 | * Returns -EEXIST if there was already a process keyring, 0 if one installed, | |
167 | * and other value on any other error | |
d84f4f99 DH |
168 | */ |
169 | int install_process_keyring_to_cred(struct cred *new) | |
170 | { | |
171 | struct key *keyring; | |
1da177e4 | 172 | |
3a50597d | 173 | if (new->process_keyring) |
d84f4f99 DH |
174 | return -EEXIST; |
175 | ||
176 | keyring = keyring_alloc("_pid", new->uid, new->gid, | |
177 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
178 | if (IS_ERR(keyring)) | |
179 | return PTR_ERR(keyring); | |
180 | ||
3a50597d DH |
181 | new->process_keyring = keyring; |
182 | return 0; | |
d84f4f99 | 183 | } |
1da177e4 | 184 | |
1da177e4 | 185 | /* |
973c9f4f DH |
186 | * Make sure a process keyring is installed for the current process. The |
187 | * existing process keyring is not replaced. | |
188 | * | |
189 | * Returns 0 if there is a process keyring by the end of this function, some | |
190 | * error otherwise. | |
1da177e4 | 191 | */ |
d84f4f99 | 192 | static int install_process_keyring(void) |
1da177e4 | 193 | { |
d84f4f99 | 194 | struct cred *new; |
1da177e4 LT |
195 | int ret; |
196 | ||
d84f4f99 DH |
197 | new = prepare_creds(); |
198 | if (!new) | |
199 | return -ENOMEM; | |
1da177e4 | 200 | |
d84f4f99 DH |
201 | ret = install_process_keyring_to_cred(new); |
202 | if (ret < 0) { | |
203 | abort_creds(new); | |
27d63798 | 204 | return ret != -EEXIST ? ret : 0; |
1da177e4 LT |
205 | } |
206 | ||
d84f4f99 DH |
207 | return commit_creds(new); |
208 | } | |
1da177e4 | 209 | |
1da177e4 | 210 | /* |
973c9f4f | 211 | * Install a session keyring directly to a credentials struct. |
1da177e4 | 212 | */ |
685bfd2c | 213 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
1da177e4 | 214 | { |
7e047ef5 | 215 | unsigned long flags; |
1da177e4 | 216 | struct key *old; |
1a26feb9 DH |
217 | |
218 | might_sleep(); | |
1da177e4 LT |
219 | |
220 | /* create an empty session keyring */ | |
221 | if (!keyring) { | |
7e047ef5 | 222 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
3a50597d | 223 | if (cred->session_keyring) |
7e047ef5 DH |
224 | flags = KEY_ALLOC_IN_QUOTA; |
225 | ||
d84f4f99 DH |
226 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
227 | cred, flags, NULL); | |
1a26feb9 DH |
228 | if (IS_ERR(keyring)) |
229 | return PTR_ERR(keyring); | |
d84f4f99 | 230 | } else { |
1da177e4 LT |
231 | atomic_inc(&keyring->usage); |
232 | } | |
233 | ||
234 | /* install the keyring */ | |
3a50597d DH |
235 | old = cred->session_keyring; |
236 | rcu_assign_pointer(cred->session_keyring, keyring); | |
237 | ||
238 | if (old) | |
1a26feb9 | 239 | key_put(old); |
1da177e4 | 240 | |
1a26feb9 | 241 | return 0; |
d84f4f99 | 242 | } |
1da177e4 | 243 | |
1da177e4 | 244 | /* |
973c9f4f DH |
245 | * Install a session keyring, discarding the old one. If a keyring is not |
246 | * supplied, an empty one is invented. | |
1da177e4 | 247 | */ |
d84f4f99 | 248 | static int install_session_keyring(struct key *keyring) |
1da177e4 | 249 | { |
d84f4f99 DH |
250 | struct cred *new; |
251 | int ret; | |
1da177e4 | 252 | |
d84f4f99 DH |
253 | new = prepare_creds(); |
254 | if (!new) | |
255 | return -ENOMEM; | |
1da177e4 | 256 | |
99599537 | 257 | ret = install_session_keyring_to_cred(new, keyring); |
d84f4f99 DH |
258 | if (ret < 0) { |
259 | abort_creds(new); | |
260 | return ret; | |
261 | } | |
1da177e4 | 262 | |
d84f4f99 DH |
263 | return commit_creds(new); |
264 | } | |
1da177e4 | 265 | |
1da177e4 | 266 | /* |
973c9f4f | 267 | * Handle the fsuid changing. |
1da177e4 LT |
268 | */ |
269 | void key_fsuid_changed(struct task_struct *tsk) | |
270 | { | |
271 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
272 | BUG_ON(!tsk->cred); |
273 | if (tsk->cred->thread_keyring) { | |
274 | down_write(&tsk->cred->thread_keyring->sem); | |
275 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | |
276 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 | 277 | } |
a8b17ed0 | 278 | } |
1da177e4 | 279 | |
1da177e4 | 280 | /* |
973c9f4f | 281 | * Handle the fsgid changing. |
1da177e4 LT |
282 | */ |
283 | void key_fsgid_changed(struct task_struct *tsk) | |
284 | { | |
285 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
286 | BUG_ON(!tsk->cred); |
287 | if (tsk->cred->thread_keyring) { | |
288 | down_write(&tsk->cred->thread_keyring->sem); | |
289 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | |
290 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 | 291 | } |
a8b17ed0 | 292 | } |
1da177e4 | 293 | |
1da177e4 | 294 | /* |
973c9f4f DH |
295 | * Search the process keyrings attached to the supplied cred for the first |
296 | * matching key. | |
297 | * | |
298 | * The search criteria are the type and the match function. The description is | |
299 | * given to the match function as a parameter, but doesn't otherwise influence | |
300 | * the search. Typically the match function will compare the description | |
301 | * parameter to the key's description. | |
302 | * | |
303 | * This can only search keyrings that grant Search permission to the supplied | |
304 | * credentials. Keyrings linked to searched keyrings will also be searched if | |
305 | * they grant Search permission too. Keys can only be found if they grant | |
306 | * Search permission to the credentials. | |
307 | * | |
308 | * Returns a pointer to the key with the key usage count incremented if | |
309 | * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only | |
310 | * matched negative keys. | |
311 | * | |
312 | * In the case of a successful return, the possession attribute is set on the | |
313 | * returned key reference. | |
1da177e4 | 314 | */ |
927942aa DH |
315 | key_ref_t search_my_process_keyrings(struct key_type *type, |
316 | const void *description, | |
317 | key_match_func_t match, | |
78b7280c | 318 | bool no_state_check, |
927942aa | 319 | const struct cred *cred) |
1da177e4 | 320 | { |
b5f545c8 | 321 | key_ref_t key_ref, ret, err; |
1da177e4 LT |
322 | |
323 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were | |
324 | * searchable, but we failed to find a key or we found a negative key; | |
325 | * otherwise we want to return a sample error (probably -EACCES) if | |
326 | * none of the keyrings were searchable | |
327 | * | |
328 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | |
329 | */ | |
664cceb0 | 330 | key_ref = NULL; |
1da177e4 LT |
331 | ret = NULL; |
332 | err = ERR_PTR(-EAGAIN); | |
333 | ||
334 | /* search the thread keyring first */ | |
c69e8d9c | 335 | if (cred->thread_keyring) { |
664cceb0 | 336 | key_ref = keyring_search_aux( |
c69e8d9c | 337 | make_key_ref(cred->thread_keyring, 1), |
78b7280c | 338 | cred, type, description, match, no_state_check); |
664cceb0 | 339 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
340 | goto found; |
341 | ||
664cceb0 | 342 | switch (PTR_ERR(key_ref)) { |
1da177e4 | 343 | case -EAGAIN: /* no key */ |
1da177e4 | 344 | case -ENOKEY: /* negative key */ |
664cceb0 | 345 | ret = key_ref; |
1da177e4 LT |
346 | break; |
347 | default: | |
664cceb0 | 348 | err = key_ref; |
1da177e4 LT |
349 | break; |
350 | } | |
351 | } | |
352 | ||
353 | /* search the process keyring second */ | |
3a50597d | 354 | if (cred->process_keyring) { |
664cceb0 | 355 | key_ref = keyring_search_aux( |
3a50597d | 356 | make_key_ref(cred->process_keyring, 1), |
78b7280c | 357 | cred, type, description, match, no_state_check); |
664cceb0 | 358 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
359 | goto found; |
360 | ||
664cceb0 | 361 | switch (PTR_ERR(key_ref)) { |
1da177e4 LT |
362 | case -EAGAIN: /* no key */ |
363 | if (ret) | |
364 | break; | |
365 | case -ENOKEY: /* negative key */ | |
664cceb0 | 366 | ret = key_ref; |
1da177e4 LT |
367 | break; |
368 | default: | |
664cceb0 | 369 | err = key_ref; |
1da177e4 LT |
370 | break; |
371 | } | |
372 | } | |
373 | ||
3e30148c | 374 | /* search the session keyring */ |
3a50597d | 375 | if (cred->session_keyring) { |
8589b4e0 | 376 | rcu_read_lock(); |
664cceb0 | 377 | key_ref = keyring_search_aux( |
3a50597d | 378 | make_key_ref(rcu_dereference(cred->session_keyring), 1), |
78b7280c | 379 | cred, type, description, match, no_state_check); |
8589b4e0 | 380 | rcu_read_unlock(); |
3e30148c | 381 | |
664cceb0 | 382 | if (!IS_ERR(key_ref)) |
3e30148c DH |
383 | goto found; |
384 | ||
664cceb0 | 385 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
386 | case -EAGAIN: /* no key */ |
387 | if (ret) | |
388 | break; | |
389 | case -ENOKEY: /* negative key */ | |
664cceb0 | 390 | ret = key_ref; |
3e30148c DH |
391 | break; |
392 | default: | |
664cceb0 | 393 | err = key_ref; |
3e30148c DH |
394 | break; |
395 | } | |
b5f545c8 DH |
396 | } |
397 | /* or search the user-session keyring */ | |
c69e8d9c | 398 | else if (cred->user->session_keyring) { |
b5f545c8 | 399 | key_ref = keyring_search_aux( |
c69e8d9c | 400 | make_key_ref(cred->user->session_keyring, 1), |
78b7280c | 401 | cred, type, description, match, no_state_check); |
664cceb0 | 402 | if (!IS_ERR(key_ref)) |
3e30148c DH |
403 | goto found; |
404 | ||
664cceb0 | 405 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
406 | case -EAGAIN: /* no key */ |
407 | if (ret) | |
408 | break; | |
409 | case -ENOKEY: /* negative key */ | |
664cceb0 | 410 | ret = key_ref; |
3e30148c DH |
411 | break; |
412 | default: | |
664cceb0 | 413 | err = key_ref; |
3e30148c DH |
414 | break; |
415 | } | |
8589b4e0 | 416 | } |
b5f545c8 | 417 | |
927942aa DH |
418 | /* no key - decide on the error we're going to go for */ |
419 | key_ref = ret ? ret : err; | |
420 | ||
421 | found: | |
422 | return key_ref; | |
423 | } | |
424 | ||
927942aa | 425 | /* |
973c9f4f DH |
426 | * Search the process keyrings attached to the supplied cred for the first |
427 | * matching key in the manner of search_my_process_keyrings(), but also search | |
428 | * the keys attached to the assumed authorisation key using its credentials if | |
429 | * one is available. | |
430 | * | |
431 | * Return same as search_my_process_keyrings(). | |
927942aa DH |
432 | */ |
433 | key_ref_t search_process_keyrings(struct key_type *type, | |
434 | const void *description, | |
435 | key_match_func_t match, | |
436 | const struct cred *cred) | |
437 | { | |
438 | struct request_key_auth *rka; | |
439 | key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; | |
440 | ||
441 | might_sleep(); | |
442 | ||
78b7280c DH |
443 | key_ref = search_my_process_keyrings(type, description, match, |
444 | false, cred); | |
927942aa DH |
445 | if (!IS_ERR(key_ref)) |
446 | goto found; | |
447 | err = key_ref; | |
448 | ||
b5f545c8 DH |
449 | /* if this process has an instantiation authorisation key, then we also |
450 | * search the keyrings of the process mentioned there | |
451 | * - we don't permit access to request_key auth keys via this method | |
452 | */ | |
c69e8d9c | 453 | if (cred->request_key_auth && |
d84f4f99 | 454 | cred == current_cred() && |
04c567d9 | 455 | type != &key_type_request_key_auth |
b5f545c8 | 456 | ) { |
04c567d9 | 457 | /* defend against the auth key being revoked */ |
c69e8d9c | 458 | down_read(&cred->request_key_auth->sem); |
b5f545c8 | 459 | |
c69e8d9c DH |
460 | if (key_validate(cred->request_key_auth) == 0) { |
461 | rka = cred->request_key_auth->payload.data; | |
b5f545c8 | 462 | |
04c567d9 | 463 | key_ref = search_process_keyrings(type, description, |
d84f4f99 | 464 | match, rka->cred); |
1da177e4 | 465 | |
c69e8d9c | 466 | up_read(&cred->request_key_auth->sem); |
04c567d9 DH |
467 | |
468 | if (!IS_ERR(key_ref)) | |
469 | goto found; | |
470 | ||
927942aa | 471 | ret = key_ref; |
04c567d9 | 472 | } else { |
c69e8d9c | 473 | up_read(&cred->request_key_auth->sem); |
3e30148c | 474 | } |
1da177e4 LT |
475 | } |
476 | ||
477 | /* no key - decide on the error we're going to go for */ | |
927942aa DH |
478 | if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) |
479 | key_ref = ERR_PTR(-ENOKEY); | |
480 | else if (err == ERR_PTR(-EACCES)) | |
481 | key_ref = ret; | |
482 | else | |
483 | key_ref = err; | |
1da177e4 | 484 | |
3e30148c | 485 | found: |
664cceb0 | 486 | return key_ref; |
a8b17ed0 | 487 | } |
1da177e4 | 488 | |
664cceb0 | 489 | /* |
973c9f4f | 490 | * See if the key we're looking at is the target key. |
664cceb0 | 491 | */ |
927942aa | 492 | int lookup_user_key_possessed(const struct key *key, const void *target) |
664cceb0 DH |
493 | { |
494 | return key == target; | |
a8b17ed0 | 495 | } |
664cceb0 | 496 | |
1da177e4 | 497 | /* |
973c9f4f DH |
498 | * Look up a key ID given us by userspace with a given permissions mask to get |
499 | * the key it refers to. | |
500 | * | |
501 | * Flags can be passed to request that special keyrings be created if referred | |
502 | * to directly, to permit partially constructed keys to be found and to skip | |
503 | * validity and permission checks on the found key. | |
504 | * | |
505 | * Returns a pointer to the key with an incremented usage count if successful; | |
506 | * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond | |
507 | * to a key or the best found key was a negative key; -EKEYREVOKED or | |
508 | * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the | |
509 | * found key doesn't grant the requested permit or the LSM denied access to it; | |
510 | * or -ENOMEM if a special keyring couldn't be created. | |
511 | * | |
512 | * In the case of a successful return, the possession attribute is set on the | |
513 | * returned key reference. | |
1da177e4 | 514 | */ |
5593122e | 515 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
8bbf4976 | 516 | key_perm_t perm) |
1da177e4 | 517 | { |
8bbf4976 | 518 | struct request_key_auth *rka; |
d84f4f99 | 519 | const struct cred *cred; |
1da177e4 | 520 | struct key *key; |
b6dff3ec | 521 | key_ref_t key_ref, skey_ref; |
1da177e4 LT |
522 | int ret; |
523 | ||
bb952bb9 DH |
524 | try_again: |
525 | cred = get_current_cred(); | |
664cceb0 | 526 | key_ref = ERR_PTR(-ENOKEY); |
1da177e4 LT |
527 | |
528 | switch (id) { | |
529 | case KEY_SPEC_THREAD_KEYRING: | |
b6dff3ec | 530 | if (!cred->thread_keyring) { |
5593122e | 531 | if (!(lflags & KEY_LOOKUP_CREATE)) |
1da177e4 LT |
532 | goto error; |
533 | ||
8bbf4976 | 534 | ret = install_thread_keyring(); |
1da177e4 | 535 | if (ret < 0) { |
4d09ec0f | 536 | key_ref = ERR_PTR(ret); |
1da177e4 LT |
537 | goto error; |
538 | } | |
bb952bb9 | 539 | goto reget_creds; |
1da177e4 LT |
540 | } |
541 | ||
b6dff3ec | 542 | key = cred->thread_keyring; |
1da177e4 | 543 | atomic_inc(&key->usage); |
664cceb0 | 544 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
545 | break; |
546 | ||
547 | case KEY_SPEC_PROCESS_KEYRING: | |
3a50597d | 548 | if (!cred->process_keyring) { |
5593122e | 549 | if (!(lflags & KEY_LOOKUP_CREATE)) |
1da177e4 LT |
550 | goto error; |
551 | ||
8bbf4976 | 552 | ret = install_process_keyring(); |
1da177e4 | 553 | if (ret < 0) { |
4d09ec0f | 554 | key_ref = ERR_PTR(ret); |
1da177e4 LT |
555 | goto error; |
556 | } | |
bb952bb9 | 557 | goto reget_creds; |
1da177e4 LT |
558 | } |
559 | ||
3a50597d | 560 | key = cred->process_keyring; |
1da177e4 | 561 | atomic_inc(&key->usage); |
664cceb0 | 562 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
563 | break; |
564 | ||
565 | case KEY_SPEC_SESSION_KEYRING: | |
3a50597d | 566 | if (!cred->session_keyring) { |
1da177e4 LT |
567 | /* always install a session keyring upon access if one |
568 | * doesn't exist yet */ | |
8bbf4976 | 569 | ret = install_user_keyrings(); |
69664cf1 DH |
570 | if (ret < 0) |
571 | goto error; | |
3ecf1b4f DH |
572 | if (lflags & KEY_LOOKUP_CREATE) |
573 | ret = join_session_keyring(NULL); | |
574 | else | |
575 | ret = install_session_keyring( | |
576 | cred->user->session_keyring); | |
d84f4f99 | 577 | |
1da177e4 LT |
578 | if (ret < 0) |
579 | goto error; | |
bb952bb9 | 580 | goto reget_creds; |
3a50597d | 581 | } else if (cred->session_keyring == |
3ecf1b4f DH |
582 | cred->user->session_keyring && |
583 | lflags & KEY_LOOKUP_CREATE) { | |
584 | ret = join_session_keyring(NULL); | |
585 | if (ret < 0) | |
586 | goto error; | |
587 | goto reget_creds; | |
1da177e4 LT |
588 | } |
589 | ||
3e30148c | 590 | rcu_read_lock(); |
3a50597d | 591 | key = rcu_dereference(cred->session_keyring); |
1da177e4 | 592 | atomic_inc(&key->usage); |
3e30148c | 593 | rcu_read_unlock(); |
664cceb0 | 594 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
595 | break; |
596 | ||
597 | case KEY_SPEC_USER_KEYRING: | |
b6dff3ec | 598 | if (!cred->user->uid_keyring) { |
8bbf4976 | 599 | ret = install_user_keyrings(); |
69664cf1 DH |
600 | if (ret < 0) |
601 | goto error; | |
602 | } | |
603 | ||
b6dff3ec | 604 | key = cred->user->uid_keyring; |
1da177e4 | 605 | atomic_inc(&key->usage); |
664cceb0 | 606 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
607 | break; |
608 | ||
609 | case KEY_SPEC_USER_SESSION_KEYRING: | |
b6dff3ec | 610 | if (!cred->user->session_keyring) { |
8bbf4976 | 611 | ret = install_user_keyrings(); |
69664cf1 DH |
612 | if (ret < 0) |
613 | goto error; | |
614 | } | |
615 | ||
b6dff3ec | 616 | key = cred->user->session_keyring; |
1da177e4 | 617 | atomic_inc(&key->usage); |
664cceb0 | 618 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
619 | break; |
620 | ||
621 | case KEY_SPEC_GROUP_KEYRING: | |
622 | /* group keyrings are not yet supported */ | |
4d09ec0f | 623 | key_ref = ERR_PTR(-EINVAL); |
1da177e4 LT |
624 | goto error; |
625 | ||
b5f545c8 | 626 | case KEY_SPEC_REQKEY_AUTH_KEY: |
b6dff3ec | 627 | key = cred->request_key_auth; |
b5f545c8 DH |
628 | if (!key) |
629 | goto error; | |
630 | ||
631 | atomic_inc(&key->usage); | |
632 | key_ref = make_key_ref(key, 1); | |
633 | break; | |
634 | ||
8bbf4976 | 635 | case KEY_SPEC_REQUESTOR_KEYRING: |
b6dff3ec | 636 | if (!cred->request_key_auth) |
8bbf4976 DH |
637 | goto error; |
638 | ||
b6dff3ec | 639 | down_read(&cred->request_key_auth->sem); |
f67dabbd DC |
640 | if (test_bit(KEY_FLAG_REVOKED, |
641 | &cred->request_key_auth->flags)) { | |
8bbf4976 DH |
642 | key_ref = ERR_PTR(-EKEYREVOKED); |
643 | key = NULL; | |
644 | } else { | |
b6dff3ec | 645 | rka = cred->request_key_auth->payload.data; |
8bbf4976 DH |
646 | key = rka->dest_keyring; |
647 | atomic_inc(&key->usage); | |
648 | } | |
b6dff3ec | 649 | up_read(&cred->request_key_auth->sem); |
8bbf4976 DH |
650 | if (!key) |
651 | goto error; | |
652 | key_ref = make_key_ref(key, 1); | |
653 | break; | |
654 | ||
1da177e4 | 655 | default: |
664cceb0 | 656 | key_ref = ERR_PTR(-EINVAL); |
1da177e4 LT |
657 | if (id < 1) |
658 | goto error; | |
659 | ||
660 | key = key_lookup(id); | |
664cceb0 | 661 | if (IS_ERR(key)) { |
e231c2ee | 662 | key_ref = ERR_CAST(key); |
1da177e4 | 663 | goto error; |
664cceb0 DH |
664 | } |
665 | ||
666 | key_ref = make_key_ref(key, 0); | |
667 | ||
668 | /* check to see if we possess the key */ | |
669 | skey_ref = search_process_keyrings(key->type, key, | |
670 | lookup_user_key_possessed, | |
d84f4f99 | 671 | cred); |
664cceb0 DH |
672 | |
673 | if (!IS_ERR(skey_ref)) { | |
674 | key_put(key); | |
675 | key_ref = skey_ref; | |
676 | } | |
677 | ||
1da177e4 LT |
678 | break; |
679 | } | |
680 | ||
5593122e DH |
681 | /* unlink does not use the nominated key in any way, so can skip all |
682 | * the permission checks as it is only concerned with the keyring */ | |
683 | if (lflags & KEY_LOOKUP_FOR_UNLINK) { | |
684 | ret = 0; | |
685 | goto error; | |
686 | } | |
687 | ||
688 | if (!(lflags & KEY_LOOKUP_PARTIAL)) { | |
76181c13 DH |
689 | ret = wait_for_key_construction(key, true); |
690 | switch (ret) { | |
691 | case -ERESTARTSYS: | |
692 | goto invalid_key; | |
693 | default: | |
694 | if (perm) | |
695 | goto invalid_key; | |
696 | case 0: | |
697 | break; | |
698 | } | |
699 | } else if (perm) { | |
1da177e4 LT |
700 | ret = key_validate(key); |
701 | if (ret < 0) | |
702 | goto invalid_key; | |
703 | } | |
704 | ||
705 | ret = -EIO; | |
5593122e DH |
706 | if (!(lflags & KEY_LOOKUP_PARTIAL) && |
707 | !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) | |
1da177e4 LT |
708 | goto invalid_key; |
709 | ||
3e30148c | 710 | /* check the permissions */ |
d84f4f99 | 711 | ret = key_task_permission(key_ref, cred, perm); |
29db9190 | 712 | if (ret < 0) |
1da177e4 LT |
713 | goto invalid_key; |
714 | ||
31d5a79d DH |
715 | key->last_used_at = current_kernel_time().tv_sec; |
716 | ||
664cceb0 | 717 | error: |
bb952bb9 | 718 | put_cred(cred); |
664cceb0 | 719 | return key_ref; |
1da177e4 | 720 | |
664cceb0 DH |
721 | invalid_key: |
722 | key_ref_put(key_ref); | |
723 | key_ref = ERR_PTR(ret); | |
1da177e4 LT |
724 | goto error; |
725 | ||
bb952bb9 DH |
726 | /* if we attempted to install a keyring, then it may have caused new |
727 | * creds to be installed */ | |
728 | reget_creds: | |
729 | put_cred(cred); | |
730 | goto try_again; | |
a8b17ed0 | 731 | } |
bb952bb9 | 732 | |
1da177e4 | 733 | /* |
973c9f4f DH |
734 | * Join the named keyring as the session keyring if possible else attempt to |
735 | * create a new one of that name and join that. | |
736 | * | |
737 | * If the name is NULL, an empty anonymous keyring will be installed as the | |
738 | * session keyring. | |
739 | * | |
740 | * Named session keyrings are joined with a semaphore held to prevent the | |
741 | * keyrings from going away whilst the attempt is made to going them and also | |
742 | * to prevent a race in creating compatible session keyrings. | |
1da177e4 LT |
743 | */ |
744 | long join_session_keyring(const char *name) | |
745 | { | |
d84f4f99 DH |
746 | const struct cred *old; |
747 | struct cred *new; | |
1da177e4 | 748 | struct key *keyring; |
d84f4f99 DH |
749 | long ret, serial; |
750 | ||
d84f4f99 DH |
751 | new = prepare_creds(); |
752 | if (!new) | |
753 | return -ENOMEM; | |
754 | old = current_cred(); | |
1da177e4 LT |
755 | |
756 | /* if no name is provided, install an anonymous keyring */ | |
757 | if (!name) { | |
d84f4f99 | 758 | ret = install_session_keyring_to_cred(new, NULL); |
1da177e4 LT |
759 | if (ret < 0) |
760 | goto error; | |
761 | ||
3a50597d | 762 | serial = new->session_keyring->serial; |
d84f4f99 DH |
763 | ret = commit_creds(new); |
764 | if (ret == 0) | |
765 | ret = serial; | |
766 | goto okay; | |
1da177e4 LT |
767 | } |
768 | ||
769 | /* allow the user to join or create a named keyring */ | |
bb003079 | 770 | mutex_lock(&key_session_mutex); |
1da177e4 LT |
771 | |
772 | /* look for an existing keyring of this name */ | |
69664cf1 | 773 | keyring = find_keyring_by_name(name, false); |
1da177e4 LT |
774 | if (PTR_ERR(keyring) == -ENOKEY) { |
775 | /* not found - try and create a new one */ | |
d84f4f99 | 776 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
7e047ef5 | 777 | KEY_ALLOC_IN_QUOTA, NULL); |
1da177e4 LT |
778 | if (IS_ERR(keyring)) { |
779 | ret = PTR_ERR(keyring); | |
bcf945d3 | 780 | goto error2; |
1da177e4 | 781 | } |
d84f4f99 | 782 | } else if (IS_ERR(keyring)) { |
1da177e4 LT |
783 | ret = PTR_ERR(keyring); |
784 | goto error2; | |
3a50597d DH |
785 | } else if (keyring == new->session_keyring) { |
786 | ret = 0; | |
787 | goto error2; | |
1da177e4 LT |
788 | } |
789 | ||
790 | /* we've got a keyring - now to install it */ | |
d84f4f99 | 791 | ret = install_session_keyring_to_cred(new, keyring); |
1da177e4 LT |
792 | if (ret < 0) |
793 | goto error2; | |
794 | ||
d84f4f99 DH |
795 | commit_creds(new); |
796 | mutex_unlock(&key_session_mutex); | |
797 | ||
1da177e4 LT |
798 | ret = keyring->serial; |
799 | key_put(keyring); | |
d84f4f99 DH |
800 | okay: |
801 | return ret; | |
1da177e4 | 802 | |
664cceb0 | 803 | error2: |
bb003079 | 804 | mutex_unlock(&key_session_mutex); |
664cceb0 | 805 | error: |
d84f4f99 | 806 | abort_creds(new); |
1da177e4 | 807 | return ret; |
d84f4f99 | 808 | } |
ee18d64c DH |
809 | |
810 | /* | |
973c9f4f DH |
811 | * Replace a process's session keyring on behalf of one of its children when |
812 | * the target process is about to resume userspace execution. | |
ee18d64c | 813 | */ |
67d12145 | 814 | void key_change_session_keyring(struct callback_head *twork) |
ee18d64c | 815 | { |
413cd3d9 | 816 | const struct cred *old = current_cred(); |
67d12145 | 817 | struct cred *new = container_of(twork, struct cred, rcu); |
ee18d64c | 818 | |
413cd3d9 ON |
819 | if (unlikely(current->flags & PF_EXITING)) { |
820 | put_cred(new); | |
ee18d64c | 821 | return; |
413cd3d9 | 822 | } |
ee18d64c | 823 | |
ee18d64c DH |
824 | new-> uid = old-> uid; |
825 | new-> euid = old-> euid; | |
826 | new-> suid = old-> suid; | |
827 | new->fsuid = old->fsuid; | |
828 | new-> gid = old-> gid; | |
829 | new-> egid = old-> egid; | |
830 | new-> sgid = old-> sgid; | |
831 | new->fsgid = old->fsgid; | |
832 | new->user = get_uid(old->user); | |
0093ccb6 | 833 | new->user_ns = get_user_ns(new->user_ns); |
ee18d64c DH |
834 | new->group_info = get_group_info(old->group_info); |
835 | ||
836 | new->securebits = old->securebits; | |
837 | new->cap_inheritable = old->cap_inheritable; | |
838 | new->cap_permitted = old->cap_permitted; | |
839 | new->cap_effective = old->cap_effective; | |
840 | new->cap_bset = old->cap_bset; | |
841 | ||
842 | new->jit_keyring = old->jit_keyring; | |
843 | new->thread_keyring = key_get(old->thread_keyring); | |
3a50597d | 844 | new->process_keyring = key_get(old->process_keyring); |
ee18d64c DH |
845 | |
846 | security_transfer_creds(new, old); | |
847 | ||
848 | commit_creds(new); | |
849 | } |