projects / linux-2.6-block.git / blame
| Commit | Line | Data |
|---|---|---|
| 69664cf1 | 1 | /* Management of a process's keyrings |
| 1da177e4 | 2 | * |
| 69664cf1 | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
| 1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * | |
| 6 | * This program is free software; you can redistribute it and/or | |
| 7 | * modify it under the terms of the GNU General Public License | |
| 8 | * as published by the Free Software Foundation; either version | |
| 9 | * 2 of the License, or (at your option) any later version. | |
| 10 | */ | |
| 11 | ||
| 12 | #include <linux/module.h> | |
| 13 | #include <linux/init.h> | |
| 14 | #include <linux/sched.h> | |
| 15 | #include <linux/slab.h> | |
| 16 | #include <linux/keyctl.h> | |
| 17 | #include <linux/fs.h> | |
| 18 | #include <linux/err.h> | |
| bb003079 | 19 | #include <linux/mutex.h> |
| 1da177e4 LT |
20 | #include <asm/uaccess.h> |
| 21 | #include "internal.h" | |
| 22 | ||
| 23 | /* session keyring create vs join semaphore */ | |
| bb003079 | 24 | static DEFINE_MUTEX(key_session_mutex); |
| 1da177e4 | 25 | |
| 69664cf1 DH |
26 | /* user keyring creation semaphore */ |
| 27 | static DEFINE_MUTEX(key_user_keyring_mutex); | |
| 28 | ||
| 1da177e4 LT |
29 | /* the root user's tracking struct */ |
| 30 | struct key_user root_key_user = { | |
| 31 | .usage = ATOMIC_INIT(3), | |
| 76181c13 | 32 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
| 6cfd76a2 | 33 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
| 1da177e4 LT |
34 | .nkeys = ATOMIC_INIT(2), |
| 35 | .nikeys = ATOMIC_INIT(2), | |
| 36 | .uid = 0, | |
| 37 | }; | |
| 38 | ||
| 1da177e4 LT |
39 | /*****************************************************************************/ |
| 40 | /* | |
| 69664cf1 | 41 | * install user and user session keyrings for a particular UID |
| 1da177e4 | 42 | */ |
| 8bbf4976 | 43 | int install_user_keyrings(void) |
| 1da177e4 | 44 | { |
| d84f4f99 DH |
45 | struct user_struct *user; |
| 46 | const struct cred *cred; | |
| 1da177e4 LT |
47 | struct key *uid_keyring, *session_keyring; |
| 48 | char buf[20]; | |
| 49 | int ret; | |
| 50 | ||
| d84f4f99 DH |
51 | cred = current_cred(); |
| 52 | user = cred->user; | |
| 53 | ||
| 69664cf1 | 54 | kenter("%p{%u}", user, user->uid); |
| 1da177e4 | 55 | |
| 69664cf1 DH |
56 | if (user->uid_keyring) { |
| 57 | kleave(" = 0 [exist]"); | |
| 58 | return 0; | |
| 1da177e4 LT |
59 | } |
| 60 | ||
| 69664cf1 DH |
61 | mutex_lock(&key_user_keyring_mutex); |
| 62 | ret = 0; | |
| 1da177e4 | 63 | |
| 69664cf1 DH |
64 | if (!user->uid_keyring) { |
| 65 | /* get the UID-specific keyring | |
| 66 | * - there may be one in existence already as it may have been | |
| 67 | * pinned by a session, but the user_struct pointing to it | |
| 68 | * may have been destroyed by setuid */ | |
| 69 | sprintf(buf, "_uid.%u", user->uid); | |
| 70 | ||
| 71 | uid_keyring = find_keyring_by_name(buf, true); | |
| 72 | if (IS_ERR(uid_keyring)) { | |
| 73 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | |
| d84f4f99 | 74 | cred, KEY_ALLOC_IN_QUOTA, |
| 69664cf1 DH |
75 | NULL); |
| 76 | if (IS_ERR(uid_keyring)) { | |
| 77 | ret = PTR_ERR(uid_keyring); | |
| 78 | goto error; | |
| 79 | } | |
| 80 | } | |
| 81 | ||
| 82 | /* get a default session keyring (which might also exist | |
| 83 | * already) */ | |
| 84 | sprintf(buf, "_uid_ses.%u", user->uid); | |
| 85 | ||
| 86 | session_keyring = find_keyring_by_name(buf, true); | |
| 87 | if (IS_ERR(session_keyring)) { | |
| 88 | session_keyring = | |
| 89 | keyring_alloc(buf, user->uid, (gid_t) -1, | |
| d84f4f99 | 90 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
| 69664cf1 DH |
91 | if (IS_ERR(session_keyring)) { |
| 92 | ret = PTR_ERR(session_keyring); | |
| 93 | goto error_release; | |
| 94 | } | |
| 95 | ||
| 96 | /* we install a link from the user session keyring to | |
| 97 | * the user keyring */ | |
| 98 | ret = key_link(session_keyring, uid_keyring); | |
| 99 | if (ret < 0) | |
| 100 | goto error_release_both; | |
| 101 | } | |
| 102 | ||
| 103 | /* install the keyrings */ | |
| 104 | user->uid_keyring = uid_keyring; | |
| 105 | user->session_keyring = session_keyring; | |
| 1da177e4 LT |
106 | } |
| 107 | ||
| 69664cf1 DH |
108 | mutex_unlock(&key_user_keyring_mutex); |
| 109 | kleave(" = 0"); | |
| 110 | return 0; | |
| 1da177e4 | 111 | |
| 69664cf1 DH |
112 | error_release_both: |
| 113 | key_put(session_keyring); | |
| 114 | error_release: | |
| 115 | key_put(uid_keyring); | |
| 664cceb0 | 116 | error: |
| 69664cf1 DH |
117 | mutex_unlock(&key_user_keyring_mutex); |
| 118 | kleave(" = %d", ret); | |
| 1da177e4 | 119 | return ret; |
| 69664cf1 | 120 | } |
| 1da177e4 | 121 | |
| 1da177e4 | 122 | /* |
| d84f4f99 | 123 | * install a fresh thread keyring directly to new credentials |
| 1da177e4 | 124 | */ |
| d84f4f99 | 125 | int install_thread_keyring_to_cred(struct cred *new) |
| 1da177e4 | 126 | { |
| d84f4f99 | 127 | struct key *keyring; |
| 1da177e4 | 128 | |
| d84f4f99 DH |
129 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
| 130 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
| 131 | if (IS_ERR(keyring)) | |
| 132 | return PTR_ERR(keyring); | |
| 1da177e4 | 133 | |
| d84f4f99 DH |
134 | new->thread_keyring = keyring; |
| 135 | return 0; | |
| 136 | } | |
| 1da177e4 | 137 | |
| 1da177e4 LT |
138 | /* |
| 139 | * install a fresh thread keyring, discarding the old one | |
| 140 | */ | |
| d84f4f99 | 141 | static int install_thread_keyring(void) |
| 1da177e4 | 142 | { |
| d84f4f99 | 143 | struct cred *new; |
| 1da177e4 LT |
144 | int ret; |
| 145 | ||
| d84f4f99 DH |
146 | new = prepare_creds(); |
| 147 | if (!new) | |
| 148 | return -ENOMEM; | |
| 1da177e4 | 149 | |
| d84f4f99 DH |
150 | BUG_ON(new->thread_keyring); |
| 151 | ||
| 152 | ret = install_thread_keyring_to_cred(new); | |
| 153 | if (ret < 0) { | |
| 154 | abort_creds(new); | |
| 155 | return ret; | |
| 1da177e4 LT |
156 | } |
| 157 | ||
| d84f4f99 DH |
158 | return commit_creds(new); |
| 159 | } | |
| 1da177e4 | 160 | |
| d84f4f99 DH |
161 | /* |
| 162 | * install a process keyring directly to a credentials struct | |
| 163 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | |
| 164 | * and other -ve on any other error | |
| 165 | */ | |
| 166 | int install_process_keyring_to_cred(struct cred *new) | |
| 167 | { | |
| 168 | struct key *keyring; | |
| 169 | int ret; | |
| 1da177e4 | 170 | |
| d84f4f99 DH |
171 | if (new->tgcred->process_keyring) |
| 172 | return -EEXIST; | |
| 173 | ||
| 174 | keyring = keyring_alloc("_pid", new->uid, new->gid, | |
| 175 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
| 176 | if (IS_ERR(keyring)) | |
| 177 | return PTR_ERR(keyring); | |
| 178 | ||
| 179 | spin_lock_irq(&new->tgcred->lock); | |
| 180 | if (!new->tgcred->process_keyring) { | |
| 181 | new->tgcred->process_keyring = keyring; | |
| 182 | keyring = NULL; | |
| 183 | ret = 0; | |
| 184 | } else { | |
| 185 | ret = -EEXIST; | |
| 186 | } | |
| 187 | spin_unlock_irq(&new->tgcred->lock); | |
| 188 | key_put(keyring); | |
| 1da177e4 | 189 | return ret; |
| d84f4f99 | 190 | } |
| 1da177e4 | 191 | |
| 1da177e4 LT |
192 | /* |
| 193 | * make sure a process keyring is installed | |
| d84f4f99 | 194 | * - we |
| 1da177e4 | 195 | */ |
| d84f4f99 | 196 | static int install_process_keyring(void) |
| 1da177e4 | 197 | { |
| d84f4f99 | 198 | struct cred *new; |
| 1da177e4 LT |
199 | int ret; |
| 200 | ||
| d84f4f99 DH |
201 | new = prepare_creds(); |
| 202 | if (!new) | |
| 203 | return -ENOMEM; | |
| 1da177e4 | 204 | |
| d84f4f99 DH |
205 | ret = install_process_keyring_to_cred(new); |
| 206 | if (ret < 0) { | |
| 207 | abort_creds(new); | |
| 208 | return ret != -EEXIST ?: 0; | |
| 1da177e4 LT |
209 | } |
| 210 | ||
| d84f4f99 DH |
211 | return commit_creds(new); |
| 212 | } | |
| 1da177e4 | 213 | |
| 1da177e4 | 214 | /* |
| d84f4f99 | 215 | * install a session keyring directly to a credentials struct |
| 1da177e4 | 216 | */ |
| d84f4f99 DH |
217 | static int install_session_keyring_to_cred(struct cred *cred, |
| 218 | struct key *keyring) | |
| 1da177e4 | 219 | { |
| 7e047ef5 | 220 | unsigned long flags; |
| 1da177e4 | 221 | struct key *old; |
| 1a26feb9 DH |
222 | |
| 223 | might_sleep(); | |
| 1da177e4 LT |
224 | |
| 225 | /* create an empty session keyring */ | |
| 226 | if (!keyring) { | |
| 7e047ef5 | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
| d84f4f99 | 228 | if (cred->tgcred->session_keyring) |
| 7e047ef5 DH |
229 | flags = KEY_ALLOC_IN_QUOTA; |
| 230 | ||
| d84f4f99 DH |
231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
| 232 | cred, flags, NULL); | |
| 1a26feb9 DH |
233 | if (IS_ERR(keyring)) |
| 234 | return PTR_ERR(keyring); | |
| d84f4f99 | 235 | } else { |
| 1da177e4 LT |
236 | atomic_inc(&keyring->usage); |
| 237 | } | |
| 238 | ||
| 239 | /* install the keyring */ | |
| d84f4f99 DH |
240 | spin_lock_irq(&cred->tgcred->lock); |
| 241 | old = cred->tgcred->session_keyring; | |
| 242 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); | |
| 243 | spin_unlock_irq(&cred->tgcred->lock); | |
| 1da177e4 | 244 | |
| 1a26feb9 DH |
245 | /* we're using RCU on the pointer, but there's no point synchronising |
| 246 | * on it if it didn't previously point to anything */ | |
| 247 | if (old) { | |
| 248 | synchronize_rcu(); | |
| 249 | key_put(old); | |
| 250 | } | |
| 1da177e4 | 251 | |
| 1a26feb9 | 252 | return 0; |
| d84f4f99 | 253 | } |
| 1da177e4 | 254 | |
| 1da177e4 | 255 | /* |
| d84f4f99 DH |
256 | * install a session keyring, discarding the old one |
| 257 | * - if a keyring is not supplied, an empty one is invented | |
| 1da177e4 | 258 | */ |
| d84f4f99 | 259 | static int install_session_keyring(struct key *keyring) |
| 1da177e4 | 260 | { |
| d84f4f99 DH |
261 | struct cred *new; |
| 262 | int ret; | |
| 1da177e4 | 263 | |
| d84f4f99 DH |
264 | new = prepare_creds(); |
| 265 | if (!new) | |
| 266 | return -ENOMEM; | |
| 1da177e4 | 267 | |
| d84f4f99 DH |
268 | ret = install_session_keyring_to_cred(new, NULL); |
| 269 | if (ret < 0) { | |
| 270 | abort_creds(new); | |
| 271 | return ret; | |
| 272 | } | |
| 1da177e4 | 273 | |
| d84f4f99 DH |
274 | return commit_creds(new); |
| 275 | } | |
| 1da177e4 | 276 | |
| 1da177e4 LT |
277 | /*****************************************************************************/ |
| 278 | /* | |
| 279 | * the filesystem user ID changed | |
| 280 | */ | |
| 281 | void key_fsuid_changed(struct task_struct *tsk) | |
| 282 | { | |
| 283 | /* update the ownership of the thread keyring */ | |
| b6dff3ec DH |
284 | BUG_ON(!tsk->cred); |
| 285 | if (tsk->cred->thread_keyring) { | |
| 286 | down_write(&tsk->cred->thread_keyring->sem); | |
| 287 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | |
| 288 | up_write(&tsk->cred->thread_keyring->sem); | |
| 1da177e4 LT |
289 | } |
| 290 | ||
| 291 | } /* end key_fsuid_changed() */ | |
| 292 | ||
| 293 | /*****************************************************************************/ | |
| 294 | /* | |
| 295 | * the filesystem group ID changed | |
| 296 | */ | |
| 297 | void key_fsgid_changed(struct task_struct *tsk) | |
| 298 | { | |
| 299 | /* update the ownership of the thread keyring */ | |
| b6dff3ec DH |
300 | BUG_ON(!tsk->cred); |
| 301 | if (tsk->cred->thread_keyring) { | |
| 302 | down_write(&tsk->cred->thread_keyring->sem); | |
| 303 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | |
| 304 | up_write(&tsk->cred->thread_keyring->sem); | |
| 1da177e4 LT |
305 | } |
| 306 | ||
| 307 | } /* end key_fsgid_changed() */ | |
| 308 | ||
| 309 | /*****************************************************************************/ | |
| 310 | /* | |
| 311 | * search the process keyrings for the first matching key | |
| 312 | * - we use the supplied match function to see if the description (or other | |
| 313 | * feature of interest) matches | |
| 314 | * - we return -EAGAIN if we didn't find any matching key | |
| 315 | * - we return -ENOKEY if we found only negative matching keys | |
| 316 | */ | |
| 664cceb0 DH |
317 | key_ref_t search_process_keyrings(struct key_type *type, |
| 318 | const void *description, | |
| 319 | key_match_func_t match, | |
| d84f4f99 | 320 | const struct cred *cred) |
| 1da177e4 | 321 | { |
| 3e30148c | 322 | struct request_key_auth *rka; |
| b5f545c8 | 323 | key_ref_t key_ref, ret, err; |
| 1da177e4 | 324 | |
| 04c567d9 DH |
325 | might_sleep(); |
| 326 | ||
| 1da177e4 LT |
327 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
| 328 | * searchable, but we failed to find a key or we found a negative key; | |
| 329 | * otherwise we want to return a sample error (probably -EACCES) if | |
| 330 | * none of the keyrings were searchable | |
| 331 | * | |
| 332 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | |
| 333 | */ | |
| 664cceb0 | 334 | key_ref = NULL; |
| 1da177e4 LT |
335 | ret = NULL; |
| 336 | err = ERR_PTR(-EAGAIN); | |
| 337 | ||
| 338 | /* search the thread keyring first */ | |
| c69e8d9c | 339 | if (cred->thread_keyring) { |
| 664cceb0 | 340 | key_ref = keyring_search_aux( |
| c69e8d9c | 341 | make_key_ref(cred->thread_keyring, 1), |
| d84f4f99 | 342 | cred, type, description, match); |
| 664cceb0 | 343 | if (!IS_ERR(key_ref)) |
| 1da177e4 LT |
344 | goto found; |
| 345 | ||
| 664cceb0 | 346 | switch (PTR_ERR(key_ref)) { |
| 1da177e4 LT |
347 | case -EAGAIN: /* no key */ |
| 348 | if (ret) | |
| 349 | break; | |
| 350 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 351 | ret = key_ref; |
| 1da177e4 LT |
352 | break; |
| 353 | default: | |
| 664cceb0 | 354 | err = key_ref; |
| 1da177e4 LT |
355 | break; |
| 356 | } | |
| 357 | } | |
| 358 | ||
| 359 | /* search the process keyring second */ | |
| bb952bb9 | 360 | if (cred->tgcred->process_keyring) { |
| 664cceb0 | 361 | key_ref = keyring_search_aux( |
| bb952bb9 | 362 | make_key_ref(cred->tgcred->process_keyring, 1), |
| d84f4f99 | 363 | cred, type, description, match); |
| 664cceb0 | 364 | if (!IS_ERR(key_ref)) |
| 1da177e4 LT |
365 | goto found; |
| 366 | ||
| 664cceb0 | 367 | switch (PTR_ERR(key_ref)) { |
| 1da177e4 LT |
368 | case -EAGAIN: /* no key */ |
| 369 | if (ret) | |
| 370 | break; | |
| 371 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 372 | ret = key_ref; |
| 1da177e4 LT |
373 | break; |
| 374 | default: | |
| 664cceb0 | 375 | err = key_ref; |
| 1da177e4 LT |
376 | break; |
| 377 | } | |
| 378 | } | |
| 379 | ||
| 3e30148c | 380 | /* search the session keyring */ |
| bb952bb9 | 381 | if (cred->tgcred->session_keyring) { |
| 8589b4e0 | 382 | rcu_read_lock(); |
| 664cceb0 DH |
383 | key_ref = keyring_search_aux( |
| 384 | make_key_ref(rcu_dereference( | |
| bb952bb9 | 385 | cred->tgcred->session_keyring), |
| 664cceb0 | 386 | 1), |
| d84f4f99 | 387 | cred, type, description, match); |
| 8589b4e0 | 388 | rcu_read_unlock(); |
| 3e30148c | 389 | |
| 664cceb0 | 390 | if (!IS_ERR(key_ref)) |
| 3e30148c DH |
391 | goto found; |
| 392 | ||
| 664cceb0 | 393 | switch (PTR_ERR(key_ref)) { |
| 3e30148c DH |
394 | case -EAGAIN: /* no key */ |
| 395 | if (ret) | |
| 396 | break; | |
| 397 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 398 | ret = key_ref; |
| 3e30148c DH |
399 | break; |
| 400 | default: | |
| 664cceb0 | 401 | err = key_ref; |
| 3e30148c DH |
402 | break; |
| 403 | } | |
| b5f545c8 DH |
404 | } |
| 405 | /* or search the user-session keyring */ | |
| c69e8d9c | 406 | else if (cred->user->session_keyring) { |
| b5f545c8 | 407 | key_ref = keyring_search_aux( |
| c69e8d9c | 408 | make_key_ref(cred->user->session_keyring, 1), |
| d84f4f99 | 409 | cred, type, description, match); |
| 664cceb0 | 410 | if (!IS_ERR(key_ref)) |
| 3e30148c DH |
411 | goto found; |
| 412 | ||
| 664cceb0 | 413 | switch (PTR_ERR(key_ref)) { |
| 3e30148c DH |
414 | case -EAGAIN: /* no key */ |
| 415 | if (ret) | |
| 416 | break; | |
| 417 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 418 | ret = key_ref; |
| 3e30148c DH |
419 | break; |
| 420 | default: | |
| 664cceb0 | 421 | err = key_ref; |
| 3e30148c DH |
422 | break; |
| 423 | } | |
| 8589b4e0 | 424 | } |
| b5f545c8 DH |
425 | |
| 426 | /* if this process has an instantiation authorisation key, then we also | |
| 427 | * search the keyrings of the process mentioned there | |
| 428 | * - we don't permit access to request_key auth keys via this method | |
| 429 | */ | |
| c69e8d9c | 430 | if (cred->request_key_auth && |
| d84f4f99 | 431 | cred == current_cred() && |
| 04c567d9 | 432 | type != &key_type_request_key_auth |
| b5f545c8 | 433 | ) { |
| 04c567d9 | 434 | /* defend against the auth key being revoked */ |
| c69e8d9c | 435 | down_read(&cred->request_key_auth->sem); |
| b5f545c8 | 436 | |
| c69e8d9c DH |
437 | if (key_validate(cred->request_key_auth) == 0) { |
| 438 | rka = cred->request_key_auth->payload.data; | |
| b5f545c8 | 439 | |
| 04c567d9 | 440 | key_ref = search_process_keyrings(type, description, |
| d84f4f99 | 441 | match, rka->cred); |
| 1da177e4 | 442 | |
| c69e8d9c | 443 | up_read(&cred->request_key_auth->sem); |
| 04c567d9 DH |
444 | |
| 445 | if (!IS_ERR(key_ref)) | |
| 446 | goto found; | |
| 447 | ||
| 448 | switch (PTR_ERR(key_ref)) { | |
| 449 | case -EAGAIN: /* no key */ | |
| 450 | if (ret) | |
| 451 | break; | |
| 452 | case -ENOKEY: /* negative key */ | |
| 453 | ret = key_ref; | |
| 3e30148c | 454 | break; |
| 04c567d9 DH |
455 | default: |
| 456 | err = key_ref; | |
| 457 | break; | |
| 458 | } | |
| 459 | } else { | |
| c69e8d9c | 460 | up_read(&cred->request_key_auth->sem); |
| 3e30148c | 461 | } |
| 1da177e4 LT |
462 | } |
| 463 | ||
| 464 | /* no key - decide on the error we're going to go for */ | |
| 664cceb0 | 465 | key_ref = ret ? ret : err; |
| 1da177e4 | 466 | |
| 3e30148c | 467 | found: |
| 664cceb0 | 468 | return key_ref; |
| 1da177e4 | 469 | |
| 1da177e4 LT |
470 | } /* end search_process_keyrings() */ |
| 471 | ||
| 664cceb0 DH |
472 | /*****************************************************************************/ |
| 473 | /* | |
| 474 | * see if the key we're looking at is the target key | |
| 475 | */ | |
| 476 | static int lookup_user_key_possessed(const struct key *key, const void *target) | |
| 477 | { | |
| 478 | return key == target; | |
| 479 | ||
| 480 | } /* end lookup_user_key_possessed() */ | |
| 481 | ||
| 1da177e4 LT |
482 | /*****************************************************************************/ |
| 483 | /* | |
| 484 | * lookup a key given a key ID from userspace with a given permissions mask | |
| 485 | * - don't create special keyrings unless so requested | |
| 486 | * - partially constructed keys aren't found unless requested | |
| 487 | */ | |
| 8bbf4976 DH |
488 | key_ref_t lookup_user_key(key_serial_t id, int create, int partial, |
| 489 | key_perm_t perm) | |
| 1da177e4 | 490 | { |
| 8bbf4976 | 491 | struct request_key_auth *rka; |
| d84f4f99 | 492 | const struct cred *cred; |
| 1da177e4 | 493 | struct key *key; |
| b6dff3ec | 494 | key_ref_t key_ref, skey_ref; |
| 1da177e4 LT |
495 | int ret; |
| 496 | ||
| bb952bb9 DH |
497 | try_again: |
| 498 | cred = get_current_cred(); | |
| 664cceb0 | 499 | key_ref = ERR_PTR(-ENOKEY); |
| 1da177e4 LT |
500 | |
| 501 | switch (id) { | |
| 502 | case KEY_SPEC_THREAD_KEYRING: | |
| b6dff3ec | 503 | if (!cred->thread_keyring) { |
| 1da177e4 LT |
504 | if (!create) |
| 505 | goto error; | |
| 506 | ||
| 8bbf4976 | 507 | ret = install_thread_keyring(); |
| 1da177e4 LT |
508 | if (ret < 0) { |
| 509 | key = ERR_PTR(ret); | |
| 510 | goto error; | |
| 511 | } | |
| bb952bb9 | 512 | goto reget_creds; |
| 1da177e4 LT |
513 | } |
| 514 | ||
| b6dff3ec | 515 | key = cred->thread_keyring; |
| 1da177e4 | 516 | atomic_inc(&key->usage); |
| 664cceb0 | 517 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
518 | break; |
| 519 | ||
| 520 | case KEY_SPEC_PROCESS_KEYRING: | |
| bb952bb9 | 521 | if (!cred->tgcred->process_keyring) { |
| 1da177e4 LT |
522 | if (!create) |
| 523 | goto error; | |
| 524 | ||
| 8bbf4976 | 525 | ret = install_process_keyring(); |
| 1da177e4 LT |
526 | if (ret < 0) { |
| 527 | key = ERR_PTR(ret); | |
| 528 | goto error; | |
| 529 | } | |
| bb952bb9 | 530 | goto reget_creds; |
| 1da177e4 LT |
531 | } |
| 532 | ||
| bb952bb9 | 533 | key = cred->tgcred->process_keyring; |
| 1da177e4 | 534 | atomic_inc(&key->usage); |
| 664cceb0 | 535 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
536 | break; |
| 537 | ||
| 538 | case KEY_SPEC_SESSION_KEYRING: | |
| bb952bb9 | 539 | if (!cred->tgcred->session_keyring) { |
| 1da177e4 LT |
540 | /* always install a session keyring upon access if one |
| 541 | * doesn't exist yet */ | |
| 8bbf4976 | 542 | ret = install_user_keyrings(); |
| 69664cf1 DH |
543 | if (ret < 0) |
| 544 | goto error; | |
| b6dff3ec DH |
545 | ret = install_session_keyring( |
| 546 | cred->user->session_keyring); | |
| d84f4f99 | 547 | |
| 1da177e4 LT |
548 | if (ret < 0) |
| 549 | goto error; | |
| bb952bb9 | 550 | goto reget_creds; |
| 1da177e4 LT |
551 | } |
| 552 | ||
| 3e30148c | 553 | rcu_read_lock(); |
| bb952bb9 | 554 | key = rcu_dereference(cred->tgcred->session_keyring); |
| 1da177e4 | 555 | atomic_inc(&key->usage); |
| 3e30148c | 556 | rcu_read_unlock(); |
| 664cceb0 | 557 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
558 | break; |
| 559 | ||
| 560 | case KEY_SPEC_USER_KEYRING: | |
| b6dff3ec | 561 | if (!cred->user->uid_keyring) { |
| 8bbf4976 | 562 | ret = install_user_keyrings(); |
| 69664cf1 DH |
563 | if (ret < 0) |
| 564 | goto error; | |
| 565 | } | |
| 566 | ||
| b6dff3ec | 567 | key = cred->user->uid_keyring; |
| 1da177e4 | 568 | atomic_inc(&key->usage); |
| 664cceb0 | 569 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
570 | break; |
| 571 | ||
| 572 | case KEY_SPEC_USER_SESSION_KEYRING: | |
| b6dff3ec | 573 | if (!cred->user->session_keyring) { |
| 8bbf4976 | 574 | ret = install_user_keyrings(); |
| 69664cf1 DH |
575 | if (ret < 0) |
| 576 | goto error; | |
| 577 | } | |
| 578 | ||
| b6dff3ec | 579 | key = cred->user->session_keyring; |
| 1da177e4 | 580 | atomic_inc(&key->usage); |
| 664cceb0 | 581 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
582 | break; |
| 583 | ||
| 584 | case KEY_SPEC_GROUP_KEYRING: | |
| 585 | /* group keyrings are not yet supported */ | |
| 586 | key = ERR_PTR(-EINVAL); | |
| 587 | goto error; | |
| 588 | ||
| b5f545c8 | 589 | case KEY_SPEC_REQKEY_AUTH_KEY: |
| b6dff3ec | 590 | key = cred->request_key_auth; |
| b5f545c8 DH |
591 | if (!key) |
| 592 | goto error; | |
| 593 | ||
| 594 | atomic_inc(&key->usage); | |
| 595 | key_ref = make_key_ref(key, 1); | |
| 596 | break; | |
| 597 | ||
| 8bbf4976 | 598 | case KEY_SPEC_REQUESTOR_KEYRING: |
| b6dff3ec | 599 | if (!cred->request_key_auth) |
| 8bbf4976 DH |
600 | goto error; |
| 601 | ||
| b6dff3ec DH |
602 | down_read(&cred->request_key_auth->sem); |
| 603 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { | |
| 8bbf4976 DH |
604 | key_ref = ERR_PTR(-EKEYREVOKED); |
| 605 | key = NULL; | |
| 606 | } else { | |
| b6dff3ec | 607 | rka = cred->request_key_auth->payload.data; |
| 8bbf4976 DH |
608 | key = rka->dest_keyring; |
| 609 | atomic_inc(&key->usage); | |
| 610 | } | |
| b6dff3ec | 611 | up_read(&cred->request_key_auth->sem); |
| 8bbf4976 DH |
612 | if (!key) |
| 613 | goto error; | |
| 614 | key_ref = make_key_ref(key, 1); | |
| 615 | break; | |
| 616 | ||
| 1da177e4 | 617 | default: |
| 664cceb0 | 618 | key_ref = ERR_PTR(-EINVAL); |
| 1da177e4 LT |
619 | if (id < 1) |
| 620 | goto error; | |
| 621 | ||
| 622 | key = key_lookup(id); | |
| 664cceb0 | 623 | if (IS_ERR(key)) { |
| e231c2ee | 624 | key_ref = ERR_CAST(key); |
| 1da177e4 | 625 | goto error; |
| 664cceb0 DH |
626 | } |
| 627 | ||
| 628 | key_ref = make_key_ref(key, 0); | |
| 629 | ||
| 630 | /* check to see if we possess the key */ | |
| 631 | skey_ref = search_process_keyrings(key->type, key, | |
| 632 | lookup_user_key_possessed, | |
| d84f4f99 | 633 | cred); |
| 664cceb0 DH |
634 | |
| 635 | if (!IS_ERR(skey_ref)) { | |
| 636 | key_put(key); | |
| 637 | key_ref = skey_ref; | |
| 638 | } | |
| 639 | ||
| 1da177e4 LT |
640 | break; |
| 641 | } | |
| 642 | ||
| 76181c13 DH |
643 | if (!partial) { |
| 644 | ret = wait_for_key_construction(key, true); | |
| 645 | switch (ret) { | |
| 646 | case -ERESTARTSYS: | |
| 647 | goto invalid_key; | |
| 648 | default: | |
| 649 | if (perm) | |
| 650 | goto invalid_key; | |
| 651 | case 0: | |
| 652 | break; | |
| 653 | } | |
| 654 | } else if (perm) { | |
| 1da177e4 LT |
655 | ret = key_validate(key); |
| 656 | if (ret < 0) | |
| 657 | goto invalid_key; | |
| 658 | } | |
| 659 | ||
| 660 | ret = -EIO; | |
| 76d8aeab | 661 | if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
| 1da177e4 LT |
662 | goto invalid_key; |
| 663 | ||
| 3e30148c | 664 | /* check the permissions */ |
| d84f4f99 | 665 | ret = key_task_permission(key_ref, cred, perm); |
| 29db9190 | 666 | if (ret < 0) |
| 1da177e4 LT |
667 | goto invalid_key; |
| 668 | ||
| 664cceb0 | 669 | error: |
| bb952bb9 | 670 | put_cred(cred); |
| 664cceb0 | 671 | return key_ref; |
| 1da177e4 | 672 | |
| 664cceb0 DH |
673 | invalid_key: |
| 674 | key_ref_put(key_ref); | |
| 675 | key_ref = ERR_PTR(ret); | |
| 1da177e4 LT |
676 | goto error; |
| 677 | ||
| bb952bb9 DH |
678 | /* if we attempted to install a keyring, then it may have caused new |
| 679 | * creds to be installed */ | |
| 680 | reget_creds: | |
| 681 | put_cred(cred); | |
| 682 | goto try_again; | |
| 683 | ||
| 1da177e4 LT |
684 | } /* end lookup_user_key() */ |
| 685 | ||
| 686 | /*****************************************************************************/ | |
| 687 | /* | |
| 688 | * join the named keyring as the session keyring if possible, or attempt to | |
| 689 | * create a new one of that name if not | |
| 690 | * - if the name is NULL, an empty anonymous keyring is installed instead | |
| 691 | * - named session keyring joining is done with a semaphore held | |
| 692 | */ | |
| 693 | long join_session_keyring(const char *name) | |
| 694 | { | |
| d84f4f99 DH |
695 | const struct cred *old; |
| 696 | struct cred *new; | |
| 1da177e4 | 697 | struct key *keyring; |
| d84f4f99 DH |
698 | long ret, serial; |
| 699 | ||
| 700 | /* only permit this if there's a single thread in the thread group - | |
| 701 | * this avoids us having to adjust the creds on all threads and risking | |
| 702 | * ENOMEM */ | |
| 703 | if (!is_single_threaded(current)) | |
| 704 | return -EMLINK; | |
| 705 | ||
| 706 | new = prepare_creds(); | |
| 707 | if (!new) | |
| 708 | return -ENOMEM; | |
| 709 | old = current_cred(); | |
| 1da177e4 LT |
710 | |
| 711 | /* if no name is provided, install an anonymous keyring */ | |
| 712 | if (!name) { | |
| d84f4f99 | 713 | ret = install_session_keyring_to_cred(new, NULL); |
| 1da177e4 LT |
714 | if (ret < 0) |
| 715 | goto error; | |
| 716 | ||
| d84f4f99 DH |
717 | serial = new->tgcred->session_keyring->serial; |
| 718 | ret = commit_creds(new); | |
| 719 | if (ret == 0) | |
| 720 | ret = serial; | |
| 721 | goto okay; | |
| 1da177e4 LT |
722 | } |
| 723 | ||
| 724 | /* allow the user to join or create a named keyring */ | |
| bb003079 | 725 | mutex_lock(&key_session_mutex); |
| 1da177e4 LT |
726 | |
| 727 | /* look for an existing keyring of this name */ | |
| 69664cf1 | 728 | keyring = find_keyring_by_name(name, false); |
| 1da177e4 LT |
729 | if (PTR_ERR(keyring) == -ENOKEY) { |
| 730 | /* not found - try and create a new one */ | |
| d84f4f99 | 731 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
| 7e047ef5 | 732 | KEY_ALLOC_IN_QUOTA, NULL); |
| 1da177e4 LT |
733 | if (IS_ERR(keyring)) { |
| 734 | ret = PTR_ERR(keyring); | |
| bcf945d3 | 735 | goto error2; |
| 1da177e4 | 736 | } |
| d84f4f99 | 737 | } else if (IS_ERR(keyring)) { |
| 1da177e4 LT |
738 | ret = PTR_ERR(keyring); |
| 739 | goto error2; | |
| 740 | } | |
| 741 | ||
| 742 | /* we've got a keyring - now to install it */ | |
| d84f4f99 | 743 | ret = install_session_keyring_to_cred(new, keyring); |
| 1da177e4 LT |
744 | if (ret < 0) |
| 745 | goto error2; | |
| 746 | ||
| d84f4f99 DH |
747 | commit_creds(new); |
| 748 | mutex_unlock(&key_session_mutex); | |
| 749 | ||
| 1da177e4 LT |
750 | ret = keyring->serial; |
| 751 | key_put(keyring); | |
| d84f4f99 DH |
752 | okay: |
| 753 | return ret; | |
| 1da177e4 | 754 | |
| 664cceb0 | 755 | error2: |
| bb003079 | 756 | mutex_unlock(&key_session_mutex); |
| 664cceb0 | 757 | error: |
| d84f4f99 | 758 | abort_creds(new); |
| 1da177e4 | 759 | return ret; |
| d84f4f99 | 760 | } |