Commit | Line | Data |
---|---|---|
69664cf1 | 1 | /* Management of a process's keyrings |
1da177e4 | 2 | * |
69664cf1 | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/sched.h> | |
15 | #include <linux/slab.h> | |
16 | #include <linux/keyctl.h> | |
17 | #include <linux/fs.h> | |
18 | #include <linux/err.h> | |
bb003079 | 19 | #include <linux/mutex.h> |
ee18d64c | 20 | #include <linux/security.h> |
1d1e9756 | 21 | #include <linux/user_namespace.h> |
1da177e4 LT |
22 | #include <asm/uaccess.h> |
23 | #include "internal.h" | |
24 | ||
25 | /* session keyring create vs join semaphore */ | |
bb003079 | 26 | static DEFINE_MUTEX(key_session_mutex); |
1da177e4 | 27 | |
69664cf1 DH |
28 | /* user keyring creation semaphore */ |
29 | static DEFINE_MUTEX(key_user_keyring_mutex); | |
30 | ||
1da177e4 LT |
31 | /* the root user's tracking struct */ |
32 | struct key_user root_key_user = { | |
33 | .usage = ATOMIC_INIT(3), | |
76181c13 | 34 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
6cfd76a2 | 35 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
1da177e4 LT |
36 | .nkeys = ATOMIC_INIT(2), |
37 | .nikeys = ATOMIC_INIT(2), | |
38 | .uid = 0, | |
1d1e9756 | 39 | .user_ns = &init_user_ns, |
1da177e4 LT |
40 | }; |
41 | ||
1da177e4 LT |
42 | /*****************************************************************************/ |
43 | /* | |
69664cf1 | 44 | * install user and user session keyrings for a particular UID |
1da177e4 | 45 | */ |
8bbf4976 | 46 | int install_user_keyrings(void) |
1da177e4 | 47 | { |
d84f4f99 DH |
48 | struct user_struct *user; |
49 | const struct cred *cred; | |
1da177e4 LT |
50 | struct key *uid_keyring, *session_keyring; |
51 | char buf[20]; | |
52 | int ret; | |
53 | ||
d84f4f99 DH |
54 | cred = current_cred(); |
55 | user = cred->user; | |
56 | ||
69664cf1 | 57 | kenter("%p{%u}", user, user->uid); |
1da177e4 | 58 | |
69664cf1 DH |
59 | if (user->uid_keyring) { |
60 | kleave(" = 0 [exist]"); | |
61 | return 0; | |
1da177e4 LT |
62 | } |
63 | ||
69664cf1 DH |
64 | mutex_lock(&key_user_keyring_mutex); |
65 | ret = 0; | |
1da177e4 | 66 | |
69664cf1 DH |
67 | if (!user->uid_keyring) { |
68 | /* get the UID-specific keyring | |
69 | * - there may be one in existence already as it may have been | |
70 | * pinned by a session, but the user_struct pointing to it | |
71 | * may have been destroyed by setuid */ | |
72 | sprintf(buf, "_uid.%u", user->uid); | |
73 | ||
74 | uid_keyring = find_keyring_by_name(buf, true); | |
75 | if (IS_ERR(uid_keyring)) { | |
76 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 77 | cred, KEY_ALLOC_IN_QUOTA, |
69664cf1 DH |
78 | NULL); |
79 | if (IS_ERR(uid_keyring)) { | |
80 | ret = PTR_ERR(uid_keyring); | |
81 | goto error; | |
82 | } | |
83 | } | |
84 | ||
85 | /* get a default session keyring (which might also exist | |
86 | * already) */ | |
87 | sprintf(buf, "_uid_ses.%u", user->uid); | |
88 | ||
89 | session_keyring = find_keyring_by_name(buf, true); | |
90 | if (IS_ERR(session_keyring)) { | |
91 | session_keyring = | |
92 | keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 93 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
69664cf1 DH |
94 | if (IS_ERR(session_keyring)) { |
95 | ret = PTR_ERR(session_keyring); | |
96 | goto error_release; | |
97 | } | |
98 | ||
99 | /* we install a link from the user session keyring to | |
100 | * the user keyring */ | |
101 | ret = key_link(session_keyring, uid_keyring); | |
102 | if (ret < 0) | |
103 | goto error_release_both; | |
104 | } | |
105 | ||
106 | /* install the keyrings */ | |
107 | user->uid_keyring = uid_keyring; | |
108 | user->session_keyring = session_keyring; | |
1da177e4 LT |
109 | } |
110 | ||
69664cf1 DH |
111 | mutex_unlock(&key_user_keyring_mutex); |
112 | kleave(" = 0"); | |
113 | return 0; | |
1da177e4 | 114 | |
69664cf1 DH |
115 | error_release_both: |
116 | key_put(session_keyring); | |
117 | error_release: | |
118 | key_put(uid_keyring); | |
664cceb0 | 119 | error: |
69664cf1 DH |
120 | mutex_unlock(&key_user_keyring_mutex); |
121 | kleave(" = %d", ret); | |
1da177e4 | 122 | return ret; |
69664cf1 | 123 | } |
1da177e4 | 124 | |
1da177e4 | 125 | /* |
d84f4f99 | 126 | * install a fresh thread keyring directly to new credentials |
1da177e4 | 127 | */ |
d84f4f99 | 128 | int install_thread_keyring_to_cred(struct cred *new) |
1da177e4 | 129 | { |
d84f4f99 | 130 | struct key *keyring; |
1da177e4 | 131 | |
d84f4f99 DH |
132 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
133 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
134 | if (IS_ERR(keyring)) | |
135 | return PTR_ERR(keyring); | |
1da177e4 | 136 | |
d84f4f99 DH |
137 | new->thread_keyring = keyring; |
138 | return 0; | |
139 | } | |
1da177e4 | 140 | |
1da177e4 LT |
141 | /* |
142 | * install a fresh thread keyring, discarding the old one | |
143 | */ | |
d84f4f99 | 144 | static int install_thread_keyring(void) |
1da177e4 | 145 | { |
d84f4f99 | 146 | struct cred *new; |
1da177e4 LT |
147 | int ret; |
148 | ||
d84f4f99 DH |
149 | new = prepare_creds(); |
150 | if (!new) | |
151 | return -ENOMEM; | |
1da177e4 | 152 | |
d84f4f99 DH |
153 | BUG_ON(new->thread_keyring); |
154 | ||
155 | ret = install_thread_keyring_to_cred(new); | |
156 | if (ret < 0) { | |
157 | abort_creds(new); | |
158 | return ret; | |
1da177e4 LT |
159 | } |
160 | ||
d84f4f99 DH |
161 | return commit_creds(new); |
162 | } | |
1da177e4 | 163 | |
d84f4f99 DH |
164 | /* |
165 | * install a process keyring directly to a credentials struct | |
166 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | |
167 | * and other -ve on any other error | |
168 | */ | |
169 | int install_process_keyring_to_cred(struct cred *new) | |
170 | { | |
171 | struct key *keyring; | |
172 | int ret; | |
1da177e4 | 173 | |
d84f4f99 DH |
174 | if (new->tgcred->process_keyring) |
175 | return -EEXIST; | |
176 | ||
177 | keyring = keyring_alloc("_pid", new->uid, new->gid, | |
178 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
179 | if (IS_ERR(keyring)) | |
180 | return PTR_ERR(keyring); | |
181 | ||
182 | spin_lock_irq(&new->tgcred->lock); | |
183 | if (!new->tgcred->process_keyring) { | |
184 | new->tgcred->process_keyring = keyring; | |
185 | keyring = NULL; | |
186 | ret = 0; | |
187 | } else { | |
188 | ret = -EEXIST; | |
189 | } | |
190 | spin_unlock_irq(&new->tgcred->lock); | |
191 | key_put(keyring); | |
1da177e4 | 192 | return ret; |
d84f4f99 | 193 | } |
1da177e4 | 194 | |
1da177e4 LT |
195 | /* |
196 | * make sure a process keyring is installed | |
d84f4f99 | 197 | * - we |
1da177e4 | 198 | */ |
d84f4f99 | 199 | static int install_process_keyring(void) |
1da177e4 | 200 | { |
d84f4f99 | 201 | struct cred *new; |
1da177e4 LT |
202 | int ret; |
203 | ||
d84f4f99 DH |
204 | new = prepare_creds(); |
205 | if (!new) | |
206 | return -ENOMEM; | |
1da177e4 | 207 | |
d84f4f99 DH |
208 | ret = install_process_keyring_to_cred(new); |
209 | if (ret < 0) { | |
210 | abort_creds(new); | |
211 | return ret != -EEXIST ?: 0; | |
1da177e4 LT |
212 | } |
213 | ||
d84f4f99 DH |
214 | return commit_creds(new); |
215 | } | |
1da177e4 | 216 | |
1da177e4 | 217 | /* |
d84f4f99 | 218 | * install a session keyring directly to a credentials struct |
1da177e4 | 219 | */ |
d84f4f99 DH |
220 | static int install_session_keyring_to_cred(struct cred *cred, |
221 | struct key *keyring) | |
1da177e4 | 222 | { |
7e047ef5 | 223 | unsigned long flags; |
1da177e4 | 224 | struct key *old; |
1a26feb9 DH |
225 | |
226 | might_sleep(); | |
1da177e4 LT |
227 | |
228 | /* create an empty session keyring */ | |
229 | if (!keyring) { | |
7e047ef5 | 230 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
d84f4f99 | 231 | if (cred->tgcred->session_keyring) |
7e047ef5 DH |
232 | flags = KEY_ALLOC_IN_QUOTA; |
233 | ||
d84f4f99 DH |
234 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
235 | cred, flags, NULL); | |
1a26feb9 DH |
236 | if (IS_ERR(keyring)) |
237 | return PTR_ERR(keyring); | |
d84f4f99 | 238 | } else { |
1da177e4 LT |
239 | atomic_inc(&keyring->usage); |
240 | } | |
241 | ||
242 | /* install the keyring */ | |
d84f4f99 DH |
243 | spin_lock_irq(&cred->tgcred->lock); |
244 | old = cred->tgcred->session_keyring; | |
245 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); | |
246 | spin_unlock_irq(&cred->tgcred->lock); | |
1da177e4 | 247 | |
1a26feb9 DH |
248 | /* we're using RCU on the pointer, but there's no point synchronising |
249 | * on it if it didn't previously point to anything */ | |
250 | if (old) { | |
251 | synchronize_rcu(); | |
252 | key_put(old); | |
253 | } | |
1da177e4 | 254 | |
1a26feb9 | 255 | return 0; |
d84f4f99 | 256 | } |
1da177e4 | 257 | |
1da177e4 | 258 | /* |
d84f4f99 DH |
259 | * install a session keyring, discarding the old one |
260 | * - if a keyring is not supplied, an empty one is invented | |
1da177e4 | 261 | */ |
d84f4f99 | 262 | static int install_session_keyring(struct key *keyring) |
1da177e4 | 263 | { |
d84f4f99 DH |
264 | struct cred *new; |
265 | int ret; | |
1da177e4 | 266 | |
d84f4f99 DH |
267 | new = prepare_creds(); |
268 | if (!new) | |
269 | return -ENOMEM; | |
1da177e4 | 270 | |
d84f4f99 DH |
271 | ret = install_session_keyring_to_cred(new, NULL); |
272 | if (ret < 0) { | |
273 | abort_creds(new); | |
274 | return ret; | |
275 | } | |
1da177e4 | 276 | |
d84f4f99 DH |
277 | return commit_creds(new); |
278 | } | |
1da177e4 | 279 | |
1da177e4 LT |
280 | /*****************************************************************************/ |
281 | /* | |
282 | * the filesystem user ID changed | |
283 | */ | |
284 | void key_fsuid_changed(struct task_struct *tsk) | |
285 | { | |
286 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
287 | BUG_ON(!tsk->cred); |
288 | if (tsk->cred->thread_keyring) { | |
289 | down_write(&tsk->cred->thread_keyring->sem); | |
290 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | |
291 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 LT |
292 | } |
293 | ||
294 | } /* end key_fsuid_changed() */ | |
295 | ||
296 | /*****************************************************************************/ | |
297 | /* | |
298 | * the filesystem group ID changed | |
299 | */ | |
300 | void key_fsgid_changed(struct task_struct *tsk) | |
301 | { | |
302 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
303 | BUG_ON(!tsk->cred); |
304 | if (tsk->cred->thread_keyring) { | |
305 | down_write(&tsk->cred->thread_keyring->sem); | |
306 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | |
307 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 LT |
308 | } |
309 | ||
310 | } /* end key_fsgid_changed() */ | |
311 | ||
312 | /*****************************************************************************/ | |
313 | /* | |
314 | * search the process keyrings for the first matching key | |
315 | * - we use the supplied match function to see if the description (or other | |
316 | * feature of interest) matches | |
317 | * - we return -EAGAIN if we didn't find any matching key | |
318 | * - we return -ENOKEY if we found only negative matching keys | |
319 | */ | |
664cceb0 DH |
320 | key_ref_t search_process_keyrings(struct key_type *type, |
321 | const void *description, | |
322 | key_match_func_t match, | |
d84f4f99 | 323 | const struct cred *cred) |
1da177e4 | 324 | { |
3e30148c | 325 | struct request_key_auth *rka; |
b5f545c8 | 326 | key_ref_t key_ref, ret, err; |
1da177e4 | 327 | |
04c567d9 DH |
328 | might_sleep(); |
329 | ||
1da177e4 LT |
330 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
331 | * searchable, but we failed to find a key or we found a negative key; | |
332 | * otherwise we want to return a sample error (probably -EACCES) if | |
333 | * none of the keyrings were searchable | |
334 | * | |
335 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | |
336 | */ | |
664cceb0 | 337 | key_ref = NULL; |
1da177e4 LT |
338 | ret = NULL; |
339 | err = ERR_PTR(-EAGAIN); | |
340 | ||
341 | /* search the thread keyring first */ | |
c69e8d9c | 342 | if (cred->thread_keyring) { |
664cceb0 | 343 | key_ref = keyring_search_aux( |
c69e8d9c | 344 | make_key_ref(cred->thread_keyring, 1), |
d84f4f99 | 345 | cred, type, description, match); |
664cceb0 | 346 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
347 | goto found; |
348 | ||
664cceb0 | 349 | switch (PTR_ERR(key_ref)) { |
1da177e4 LT |
350 | case -EAGAIN: /* no key */ |
351 | if (ret) | |
352 | break; | |
353 | case -ENOKEY: /* negative key */ | |
664cceb0 | 354 | ret = key_ref; |
1da177e4 LT |
355 | break; |
356 | default: | |
664cceb0 | 357 | err = key_ref; |
1da177e4 LT |
358 | break; |
359 | } | |
360 | } | |
361 | ||
362 | /* search the process keyring second */ | |
bb952bb9 | 363 | if (cred->tgcred->process_keyring) { |
664cceb0 | 364 | key_ref = keyring_search_aux( |
bb952bb9 | 365 | make_key_ref(cred->tgcred->process_keyring, 1), |
d84f4f99 | 366 | cred, type, description, match); |
664cceb0 | 367 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
368 | goto found; |
369 | ||
664cceb0 | 370 | switch (PTR_ERR(key_ref)) { |
1da177e4 LT |
371 | case -EAGAIN: /* no key */ |
372 | if (ret) | |
373 | break; | |
374 | case -ENOKEY: /* negative key */ | |
664cceb0 | 375 | ret = key_ref; |
1da177e4 LT |
376 | break; |
377 | default: | |
664cceb0 | 378 | err = key_ref; |
1da177e4 LT |
379 | break; |
380 | } | |
381 | } | |
382 | ||
3e30148c | 383 | /* search the session keyring */ |
bb952bb9 | 384 | if (cred->tgcred->session_keyring) { |
8589b4e0 | 385 | rcu_read_lock(); |
664cceb0 DH |
386 | key_ref = keyring_search_aux( |
387 | make_key_ref(rcu_dereference( | |
bb952bb9 | 388 | cred->tgcred->session_keyring), |
664cceb0 | 389 | 1), |
d84f4f99 | 390 | cred, type, description, match); |
8589b4e0 | 391 | rcu_read_unlock(); |
3e30148c | 392 | |
664cceb0 | 393 | if (!IS_ERR(key_ref)) |
3e30148c DH |
394 | goto found; |
395 | ||
664cceb0 | 396 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
397 | case -EAGAIN: /* no key */ |
398 | if (ret) | |
399 | break; | |
400 | case -ENOKEY: /* negative key */ | |
664cceb0 | 401 | ret = key_ref; |
3e30148c DH |
402 | break; |
403 | default: | |
664cceb0 | 404 | err = key_ref; |
3e30148c DH |
405 | break; |
406 | } | |
b5f545c8 DH |
407 | } |
408 | /* or search the user-session keyring */ | |
c69e8d9c | 409 | else if (cred->user->session_keyring) { |
b5f545c8 | 410 | key_ref = keyring_search_aux( |
c69e8d9c | 411 | make_key_ref(cred->user->session_keyring, 1), |
d84f4f99 | 412 | cred, type, description, match); |
664cceb0 | 413 | if (!IS_ERR(key_ref)) |
3e30148c DH |
414 | goto found; |
415 | ||
664cceb0 | 416 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
417 | case -EAGAIN: /* no key */ |
418 | if (ret) | |
419 | break; | |
420 | case -ENOKEY: /* negative key */ | |
664cceb0 | 421 | ret = key_ref; |
3e30148c DH |
422 | break; |
423 | default: | |
664cceb0 | 424 | err = key_ref; |
3e30148c DH |
425 | break; |
426 | } | |
8589b4e0 | 427 | } |
b5f545c8 DH |
428 | |
429 | /* if this process has an instantiation authorisation key, then we also | |
430 | * search the keyrings of the process mentioned there | |
431 | * - we don't permit access to request_key auth keys via this method | |
432 | */ | |
c69e8d9c | 433 | if (cred->request_key_auth && |
d84f4f99 | 434 | cred == current_cred() && |
04c567d9 | 435 | type != &key_type_request_key_auth |
b5f545c8 | 436 | ) { |
04c567d9 | 437 | /* defend against the auth key being revoked */ |
c69e8d9c | 438 | down_read(&cred->request_key_auth->sem); |
b5f545c8 | 439 | |
c69e8d9c DH |
440 | if (key_validate(cred->request_key_auth) == 0) { |
441 | rka = cred->request_key_auth->payload.data; | |
b5f545c8 | 442 | |
04c567d9 | 443 | key_ref = search_process_keyrings(type, description, |
d84f4f99 | 444 | match, rka->cred); |
1da177e4 | 445 | |
c69e8d9c | 446 | up_read(&cred->request_key_auth->sem); |
04c567d9 DH |
447 | |
448 | if (!IS_ERR(key_ref)) | |
449 | goto found; | |
450 | ||
451 | switch (PTR_ERR(key_ref)) { | |
452 | case -EAGAIN: /* no key */ | |
453 | if (ret) | |
454 | break; | |
455 | case -ENOKEY: /* negative key */ | |
456 | ret = key_ref; | |
3e30148c | 457 | break; |
04c567d9 DH |
458 | default: |
459 | err = key_ref; | |
460 | break; | |
461 | } | |
462 | } else { | |
c69e8d9c | 463 | up_read(&cred->request_key_auth->sem); |
3e30148c | 464 | } |
1da177e4 LT |
465 | } |
466 | ||
467 | /* no key - decide on the error we're going to go for */ | |
664cceb0 | 468 | key_ref = ret ? ret : err; |
1da177e4 | 469 | |
3e30148c | 470 | found: |
664cceb0 | 471 | return key_ref; |
1da177e4 | 472 | |
1da177e4 LT |
473 | } /* end search_process_keyrings() */ |
474 | ||
664cceb0 DH |
475 | /*****************************************************************************/ |
476 | /* | |
477 | * see if the key we're looking at is the target key | |
478 | */ | |
479 | static int lookup_user_key_possessed(const struct key *key, const void *target) | |
480 | { | |
481 | return key == target; | |
482 | ||
483 | } /* end lookup_user_key_possessed() */ | |
484 | ||
1da177e4 LT |
485 | /*****************************************************************************/ |
486 | /* | |
487 | * lookup a key given a key ID from userspace with a given permissions mask | |
488 | * - don't create special keyrings unless so requested | |
489 | * - partially constructed keys aren't found unless requested | |
490 | */ | |
5593122e | 491 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
8bbf4976 | 492 | key_perm_t perm) |
1da177e4 | 493 | { |
8bbf4976 | 494 | struct request_key_auth *rka; |
d84f4f99 | 495 | const struct cred *cred; |
1da177e4 | 496 | struct key *key; |
b6dff3ec | 497 | key_ref_t key_ref, skey_ref; |
1da177e4 LT |
498 | int ret; |
499 | ||
bb952bb9 DH |
500 | try_again: |
501 | cred = get_current_cred(); | |
664cceb0 | 502 | key_ref = ERR_PTR(-ENOKEY); |
1da177e4 LT |
503 | |
504 | switch (id) { | |
505 | case KEY_SPEC_THREAD_KEYRING: | |
b6dff3ec | 506 | if (!cred->thread_keyring) { |
5593122e | 507 | if (!(lflags & KEY_LOOKUP_CREATE)) |
1da177e4 LT |
508 | goto error; |
509 | ||
8bbf4976 | 510 | ret = install_thread_keyring(); |
1da177e4 LT |
511 | if (ret < 0) { |
512 | key = ERR_PTR(ret); | |
513 | goto error; | |
514 | } | |
bb952bb9 | 515 | goto reget_creds; |
1da177e4 LT |
516 | } |
517 | ||
b6dff3ec | 518 | key = cred->thread_keyring; |
1da177e4 | 519 | atomic_inc(&key->usage); |
664cceb0 | 520 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
521 | break; |
522 | ||
523 | case KEY_SPEC_PROCESS_KEYRING: | |
bb952bb9 | 524 | if (!cred->tgcred->process_keyring) { |
5593122e | 525 | if (!(lflags & KEY_LOOKUP_CREATE)) |
1da177e4 LT |
526 | goto error; |
527 | ||
8bbf4976 | 528 | ret = install_process_keyring(); |
1da177e4 LT |
529 | if (ret < 0) { |
530 | key = ERR_PTR(ret); | |
531 | goto error; | |
532 | } | |
bb952bb9 | 533 | goto reget_creds; |
1da177e4 LT |
534 | } |
535 | ||
bb952bb9 | 536 | key = cred->tgcred->process_keyring; |
1da177e4 | 537 | atomic_inc(&key->usage); |
664cceb0 | 538 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
539 | break; |
540 | ||
541 | case KEY_SPEC_SESSION_KEYRING: | |
bb952bb9 | 542 | if (!cred->tgcred->session_keyring) { |
1da177e4 LT |
543 | /* always install a session keyring upon access if one |
544 | * doesn't exist yet */ | |
8bbf4976 | 545 | ret = install_user_keyrings(); |
69664cf1 DH |
546 | if (ret < 0) |
547 | goto error; | |
b6dff3ec DH |
548 | ret = install_session_keyring( |
549 | cred->user->session_keyring); | |
d84f4f99 | 550 | |
1da177e4 LT |
551 | if (ret < 0) |
552 | goto error; | |
bb952bb9 | 553 | goto reget_creds; |
1da177e4 LT |
554 | } |
555 | ||
3e30148c | 556 | rcu_read_lock(); |
bb952bb9 | 557 | key = rcu_dereference(cred->tgcred->session_keyring); |
1da177e4 | 558 | atomic_inc(&key->usage); |
3e30148c | 559 | rcu_read_unlock(); |
664cceb0 | 560 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
561 | break; |
562 | ||
563 | case KEY_SPEC_USER_KEYRING: | |
b6dff3ec | 564 | if (!cred->user->uid_keyring) { |
8bbf4976 | 565 | ret = install_user_keyrings(); |
69664cf1 DH |
566 | if (ret < 0) |
567 | goto error; | |
568 | } | |
569 | ||
b6dff3ec | 570 | key = cred->user->uid_keyring; |
1da177e4 | 571 | atomic_inc(&key->usage); |
664cceb0 | 572 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
573 | break; |
574 | ||
575 | case KEY_SPEC_USER_SESSION_KEYRING: | |
b6dff3ec | 576 | if (!cred->user->session_keyring) { |
8bbf4976 | 577 | ret = install_user_keyrings(); |
69664cf1 DH |
578 | if (ret < 0) |
579 | goto error; | |
580 | } | |
581 | ||
b6dff3ec | 582 | key = cred->user->session_keyring; |
1da177e4 | 583 | atomic_inc(&key->usage); |
664cceb0 | 584 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
585 | break; |
586 | ||
587 | case KEY_SPEC_GROUP_KEYRING: | |
588 | /* group keyrings are not yet supported */ | |
589 | key = ERR_PTR(-EINVAL); | |
590 | goto error; | |
591 | ||
b5f545c8 | 592 | case KEY_SPEC_REQKEY_AUTH_KEY: |
b6dff3ec | 593 | key = cred->request_key_auth; |
b5f545c8 DH |
594 | if (!key) |
595 | goto error; | |
596 | ||
597 | atomic_inc(&key->usage); | |
598 | key_ref = make_key_ref(key, 1); | |
599 | break; | |
600 | ||
8bbf4976 | 601 | case KEY_SPEC_REQUESTOR_KEYRING: |
b6dff3ec | 602 | if (!cred->request_key_auth) |
8bbf4976 DH |
603 | goto error; |
604 | ||
b6dff3ec DH |
605 | down_read(&cred->request_key_auth->sem); |
606 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { | |
8bbf4976 DH |
607 | key_ref = ERR_PTR(-EKEYREVOKED); |
608 | key = NULL; | |
609 | } else { | |
b6dff3ec | 610 | rka = cred->request_key_auth->payload.data; |
8bbf4976 DH |
611 | key = rka->dest_keyring; |
612 | atomic_inc(&key->usage); | |
613 | } | |
b6dff3ec | 614 | up_read(&cred->request_key_auth->sem); |
8bbf4976 DH |
615 | if (!key) |
616 | goto error; | |
617 | key_ref = make_key_ref(key, 1); | |
618 | break; | |
619 | ||
1da177e4 | 620 | default: |
664cceb0 | 621 | key_ref = ERR_PTR(-EINVAL); |
1da177e4 LT |
622 | if (id < 1) |
623 | goto error; | |
624 | ||
625 | key = key_lookup(id); | |
664cceb0 | 626 | if (IS_ERR(key)) { |
e231c2ee | 627 | key_ref = ERR_CAST(key); |
1da177e4 | 628 | goto error; |
664cceb0 DH |
629 | } |
630 | ||
631 | key_ref = make_key_ref(key, 0); | |
632 | ||
633 | /* check to see if we possess the key */ | |
634 | skey_ref = search_process_keyrings(key->type, key, | |
635 | lookup_user_key_possessed, | |
d84f4f99 | 636 | cred); |
664cceb0 DH |
637 | |
638 | if (!IS_ERR(skey_ref)) { | |
639 | key_put(key); | |
640 | key_ref = skey_ref; | |
641 | } | |
642 | ||
1da177e4 LT |
643 | break; |
644 | } | |
645 | ||
5593122e DH |
646 | /* unlink does not use the nominated key in any way, so can skip all |
647 | * the permission checks as it is only concerned with the keyring */ | |
648 | if (lflags & KEY_LOOKUP_FOR_UNLINK) { | |
649 | ret = 0; | |
650 | goto error; | |
651 | } | |
652 | ||
653 | if (!(lflags & KEY_LOOKUP_PARTIAL)) { | |
76181c13 DH |
654 | ret = wait_for_key_construction(key, true); |
655 | switch (ret) { | |
656 | case -ERESTARTSYS: | |
657 | goto invalid_key; | |
658 | default: | |
659 | if (perm) | |
660 | goto invalid_key; | |
661 | case 0: | |
662 | break; | |
663 | } | |
664 | } else if (perm) { | |
1da177e4 LT |
665 | ret = key_validate(key); |
666 | if (ret < 0) | |
667 | goto invalid_key; | |
668 | } | |
669 | ||
670 | ret = -EIO; | |
5593122e DH |
671 | if (!(lflags & KEY_LOOKUP_PARTIAL) && |
672 | !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) | |
1da177e4 LT |
673 | goto invalid_key; |
674 | ||
3e30148c | 675 | /* check the permissions */ |
d84f4f99 | 676 | ret = key_task_permission(key_ref, cred, perm); |
29db9190 | 677 | if (ret < 0) |
1da177e4 LT |
678 | goto invalid_key; |
679 | ||
664cceb0 | 680 | error: |
bb952bb9 | 681 | put_cred(cred); |
664cceb0 | 682 | return key_ref; |
1da177e4 | 683 | |
664cceb0 DH |
684 | invalid_key: |
685 | key_ref_put(key_ref); | |
686 | key_ref = ERR_PTR(ret); | |
1da177e4 LT |
687 | goto error; |
688 | ||
bb952bb9 DH |
689 | /* if we attempted to install a keyring, then it may have caused new |
690 | * creds to be installed */ | |
691 | reget_creds: | |
692 | put_cred(cred); | |
693 | goto try_again; | |
694 | ||
1da177e4 LT |
695 | } /* end lookup_user_key() */ |
696 | ||
697 | /*****************************************************************************/ | |
698 | /* | |
699 | * join the named keyring as the session keyring if possible, or attempt to | |
700 | * create a new one of that name if not | |
701 | * - if the name is NULL, an empty anonymous keyring is installed instead | |
702 | * - named session keyring joining is done with a semaphore held | |
703 | */ | |
704 | long join_session_keyring(const char *name) | |
705 | { | |
d84f4f99 DH |
706 | const struct cred *old; |
707 | struct cred *new; | |
1da177e4 | 708 | struct key *keyring; |
d84f4f99 DH |
709 | long ret, serial; |
710 | ||
711 | /* only permit this if there's a single thread in the thread group - | |
712 | * this avoids us having to adjust the creds on all threads and risking | |
713 | * ENOMEM */ | |
5bb459bb | 714 | if (!current_is_single_threaded()) |
d84f4f99 DH |
715 | return -EMLINK; |
716 | ||
717 | new = prepare_creds(); | |
718 | if (!new) | |
719 | return -ENOMEM; | |
720 | old = current_cred(); | |
1da177e4 LT |
721 | |
722 | /* if no name is provided, install an anonymous keyring */ | |
723 | if (!name) { | |
d84f4f99 | 724 | ret = install_session_keyring_to_cred(new, NULL); |
1da177e4 LT |
725 | if (ret < 0) |
726 | goto error; | |
727 | ||
d84f4f99 DH |
728 | serial = new->tgcred->session_keyring->serial; |
729 | ret = commit_creds(new); | |
730 | if (ret == 0) | |
731 | ret = serial; | |
732 | goto okay; | |
1da177e4 LT |
733 | } |
734 | ||
735 | /* allow the user to join or create a named keyring */ | |
bb003079 | 736 | mutex_lock(&key_session_mutex); |
1da177e4 LT |
737 | |
738 | /* look for an existing keyring of this name */ | |
69664cf1 | 739 | keyring = find_keyring_by_name(name, false); |
1da177e4 LT |
740 | if (PTR_ERR(keyring) == -ENOKEY) { |
741 | /* not found - try and create a new one */ | |
d84f4f99 | 742 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
7e047ef5 | 743 | KEY_ALLOC_IN_QUOTA, NULL); |
1da177e4 LT |
744 | if (IS_ERR(keyring)) { |
745 | ret = PTR_ERR(keyring); | |
bcf945d3 | 746 | goto error2; |
1da177e4 | 747 | } |
d84f4f99 | 748 | } else if (IS_ERR(keyring)) { |
1da177e4 LT |
749 | ret = PTR_ERR(keyring); |
750 | goto error2; | |
751 | } | |
752 | ||
753 | /* we've got a keyring - now to install it */ | |
d84f4f99 | 754 | ret = install_session_keyring_to_cred(new, keyring); |
1da177e4 LT |
755 | if (ret < 0) |
756 | goto error2; | |
757 | ||
d84f4f99 DH |
758 | commit_creds(new); |
759 | mutex_unlock(&key_session_mutex); | |
760 | ||
1da177e4 LT |
761 | ret = keyring->serial; |
762 | key_put(keyring); | |
d84f4f99 DH |
763 | okay: |
764 | return ret; | |
1da177e4 | 765 | |
664cceb0 | 766 | error2: |
bb003079 | 767 | mutex_unlock(&key_session_mutex); |
664cceb0 | 768 | error: |
d84f4f99 | 769 | abort_creds(new); |
1da177e4 | 770 | return ret; |
d84f4f99 | 771 | } |
ee18d64c DH |
772 | |
773 | /* | |
774 | * Replace a process's session keyring when that process resumes userspace on | |
775 | * behalf of one of its children | |
776 | */ | |
777 | void key_replace_session_keyring(void) | |
778 | { | |
779 | const struct cred *old; | |
780 | struct cred *new; | |
781 | ||
782 | if (!current->replacement_session_keyring) | |
783 | return; | |
784 | ||
785 | write_lock_irq(&tasklist_lock); | |
786 | new = current->replacement_session_keyring; | |
787 | current->replacement_session_keyring = NULL; | |
788 | write_unlock_irq(&tasklist_lock); | |
789 | ||
790 | if (!new) | |
791 | return; | |
792 | ||
793 | old = current_cred(); | |
794 | new-> uid = old-> uid; | |
795 | new-> euid = old-> euid; | |
796 | new-> suid = old-> suid; | |
797 | new->fsuid = old->fsuid; | |
798 | new-> gid = old-> gid; | |
799 | new-> egid = old-> egid; | |
800 | new-> sgid = old-> sgid; | |
801 | new->fsgid = old->fsgid; | |
802 | new->user = get_uid(old->user); | |
803 | new->group_info = get_group_info(old->group_info); | |
804 | ||
805 | new->securebits = old->securebits; | |
806 | new->cap_inheritable = old->cap_inheritable; | |
807 | new->cap_permitted = old->cap_permitted; | |
808 | new->cap_effective = old->cap_effective; | |
809 | new->cap_bset = old->cap_bset; | |
810 | ||
811 | new->jit_keyring = old->jit_keyring; | |
812 | new->thread_keyring = key_get(old->thread_keyring); | |
813 | new->tgcred->tgid = old->tgcred->tgid; | |
814 | new->tgcred->process_keyring = key_get(old->tgcred->process_keyring); | |
815 | ||
816 | security_transfer_creds(new, old); | |
817 | ||
818 | commit_creds(new); | |
819 | } |