Commit | Line | Data |
---|---|---|
69664cf1 | 1 | /* Management of a process's keyrings |
1da177e4 | 2 | * |
69664cf1 | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
10 | */ | |
11 | ||
12 | #include <linux/module.h> | |
13 | #include <linux/init.h> | |
14 | #include <linux/sched.h> | |
15 | #include <linux/slab.h> | |
16 | #include <linux/keyctl.h> | |
17 | #include <linux/fs.h> | |
18 | #include <linux/err.h> | |
bb003079 | 19 | #include <linux/mutex.h> |
1da177e4 LT |
20 | #include <asm/uaccess.h> |
21 | #include "internal.h" | |
22 | ||
23 | /* session keyring create vs join semaphore */ | |
bb003079 | 24 | static DEFINE_MUTEX(key_session_mutex); |
1da177e4 | 25 | |
69664cf1 DH |
26 | /* user keyring creation semaphore */ |
27 | static DEFINE_MUTEX(key_user_keyring_mutex); | |
28 | ||
1da177e4 LT |
29 | /* the root user's tracking struct */ |
30 | struct key_user root_key_user = { | |
31 | .usage = ATOMIC_INIT(3), | |
76181c13 | 32 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
6cfd76a2 | 33 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
1da177e4 LT |
34 | .nkeys = ATOMIC_INIT(2), |
35 | .nikeys = ATOMIC_INIT(2), | |
36 | .uid = 0, | |
37 | }; | |
38 | ||
1da177e4 LT |
39 | /*****************************************************************************/ |
40 | /* | |
69664cf1 | 41 | * install user and user session keyrings for a particular UID |
1da177e4 | 42 | */ |
8bbf4976 | 43 | int install_user_keyrings(void) |
1da177e4 | 44 | { |
d84f4f99 DH |
45 | struct user_struct *user; |
46 | const struct cred *cred; | |
1da177e4 LT |
47 | struct key *uid_keyring, *session_keyring; |
48 | char buf[20]; | |
49 | int ret; | |
50 | ||
d84f4f99 DH |
51 | cred = current_cred(); |
52 | user = cred->user; | |
53 | ||
69664cf1 | 54 | kenter("%p{%u}", user, user->uid); |
1da177e4 | 55 | |
69664cf1 DH |
56 | if (user->uid_keyring) { |
57 | kleave(" = 0 [exist]"); | |
58 | return 0; | |
1da177e4 LT |
59 | } |
60 | ||
69664cf1 DH |
61 | mutex_lock(&key_user_keyring_mutex); |
62 | ret = 0; | |
1da177e4 | 63 | |
69664cf1 DH |
64 | if (!user->uid_keyring) { |
65 | /* get the UID-specific keyring | |
66 | * - there may be one in existence already as it may have been | |
67 | * pinned by a session, but the user_struct pointing to it | |
68 | * may have been destroyed by setuid */ | |
69 | sprintf(buf, "_uid.%u", user->uid); | |
70 | ||
71 | uid_keyring = find_keyring_by_name(buf, true); | |
72 | if (IS_ERR(uid_keyring)) { | |
73 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 74 | cred, KEY_ALLOC_IN_QUOTA, |
69664cf1 DH |
75 | NULL); |
76 | if (IS_ERR(uid_keyring)) { | |
77 | ret = PTR_ERR(uid_keyring); | |
78 | goto error; | |
79 | } | |
80 | } | |
81 | ||
82 | /* get a default session keyring (which might also exist | |
83 | * already) */ | |
84 | sprintf(buf, "_uid_ses.%u", user->uid); | |
85 | ||
86 | session_keyring = find_keyring_by_name(buf, true); | |
87 | if (IS_ERR(session_keyring)) { | |
88 | session_keyring = | |
89 | keyring_alloc(buf, user->uid, (gid_t) -1, | |
d84f4f99 | 90 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
69664cf1 DH |
91 | if (IS_ERR(session_keyring)) { |
92 | ret = PTR_ERR(session_keyring); | |
93 | goto error_release; | |
94 | } | |
95 | ||
96 | /* we install a link from the user session keyring to | |
97 | * the user keyring */ | |
98 | ret = key_link(session_keyring, uid_keyring); | |
99 | if (ret < 0) | |
100 | goto error_release_both; | |
101 | } | |
102 | ||
103 | /* install the keyrings */ | |
104 | user->uid_keyring = uid_keyring; | |
105 | user->session_keyring = session_keyring; | |
1da177e4 LT |
106 | } |
107 | ||
69664cf1 DH |
108 | mutex_unlock(&key_user_keyring_mutex); |
109 | kleave(" = 0"); | |
110 | return 0; | |
1da177e4 | 111 | |
69664cf1 DH |
112 | error_release_both: |
113 | key_put(session_keyring); | |
114 | error_release: | |
115 | key_put(uid_keyring); | |
664cceb0 | 116 | error: |
69664cf1 DH |
117 | mutex_unlock(&key_user_keyring_mutex); |
118 | kleave(" = %d", ret); | |
1da177e4 | 119 | return ret; |
69664cf1 | 120 | } |
1da177e4 | 121 | |
1da177e4 | 122 | /* |
d84f4f99 | 123 | * install a fresh thread keyring directly to new credentials |
1da177e4 | 124 | */ |
d84f4f99 | 125 | int install_thread_keyring_to_cred(struct cred *new) |
1da177e4 | 126 | { |
d84f4f99 | 127 | struct key *keyring; |
1da177e4 | 128 | |
d84f4f99 DH |
129 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
130 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
131 | if (IS_ERR(keyring)) | |
132 | return PTR_ERR(keyring); | |
1da177e4 | 133 | |
d84f4f99 DH |
134 | new->thread_keyring = keyring; |
135 | return 0; | |
136 | } | |
1da177e4 | 137 | |
1da177e4 LT |
138 | /* |
139 | * install a fresh thread keyring, discarding the old one | |
140 | */ | |
d84f4f99 | 141 | static int install_thread_keyring(void) |
1da177e4 | 142 | { |
d84f4f99 | 143 | struct cred *new; |
1da177e4 LT |
144 | int ret; |
145 | ||
d84f4f99 DH |
146 | new = prepare_creds(); |
147 | if (!new) | |
148 | return -ENOMEM; | |
1da177e4 | 149 | |
d84f4f99 DH |
150 | BUG_ON(new->thread_keyring); |
151 | ||
152 | ret = install_thread_keyring_to_cred(new); | |
153 | if (ret < 0) { | |
154 | abort_creds(new); | |
155 | return ret; | |
1da177e4 LT |
156 | } |
157 | ||
d84f4f99 DH |
158 | return commit_creds(new); |
159 | } | |
1da177e4 | 160 | |
d84f4f99 DH |
161 | /* |
162 | * install a process keyring directly to a credentials struct | |
163 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, | |
164 | * and other -ve on any other error | |
165 | */ | |
166 | int install_process_keyring_to_cred(struct cred *new) | |
167 | { | |
168 | struct key *keyring; | |
169 | int ret; | |
1da177e4 | 170 | |
d84f4f99 DH |
171 | if (new->tgcred->process_keyring) |
172 | return -EEXIST; | |
173 | ||
174 | keyring = keyring_alloc("_pid", new->uid, new->gid, | |
175 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
176 | if (IS_ERR(keyring)) | |
177 | return PTR_ERR(keyring); | |
178 | ||
179 | spin_lock_irq(&new->tgcred->lock); | |
180 | if (!new->tgcred->process_keyring) { | |
181 | new->tgcred->process_keyring = keyring; | |
182 | keyring = NULL; | |
183 | ret = 0; | |
184 | } else { | |
185 | ret = -EEXIST; | |
186 | } | |
187 | spin_unlock_irq(&new->tgcred->lock); | |
188 | key_put(keyring); | |
1da177e4 | 189 | return ret; |
d84f4f99 | 190 | } |
1da177e4 | 191 | |
1da177e4 LT |
192 | /* |
193 | * make sure a process keyring is installed | |
d84f4f99 | 194 | * - we |
1da177e4 | 195 | */ |
d84f4f99 | 196 | static int install_process_keyring(void) |
1da177e4 | 197 | { |
d84f4f99 | 198 | struct cred *new; |
1da177e4 LT |
199 | int ret; |
200 | ||
d84f4f99 DH |
201 | new = prepare_creds(); |
202 | if (!new) | |
203 | return -ENOMEM; | |
1da177e4 | 204 | |
d84f4f99 DH |
205 | ret = install_process_keyring_to_cred(new); |
206 | if (ret < 0) { | |
207 | abort_creds(new); | |
208 | return ret != -EEXIST ?: 0; | |
1da177e4 LT |
209 | } |
210 | ||
d84f4f99 DH |
211 | return commit_creds(new); |
212 | } | |
1da177e4 | 213 | |
1da177e4 | 214 | /* |
d84f4f99 | 215 | * install a session keyring directly to a credentials struct |
1da177e4 | 216 | */ |
d84f4f99 DH |
217 | static int install_session_keyring_to_cred(struct cred *cred, |
218 | struct key *keyring) | |
1da177e4 | 219 | { |
7e047ef5 | 220 | unsigned long flags; |
1da177e4 | 221 | struct key *old; |
1a26feb9 DH |
222 | |
223 | might_sleep(); | |
1da177e4 LT |
224 | |
225 | /* create an empty session keyring */ | |
226 | if (!keyring) { | |
7e047ef5 | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
d84f4f99 | 228 | if (cred->tgcred->session_keyring) |
7e047ef5 DH |
229 | flags = KEY_ALLOC_IN_QUOTA; |
230 | ||
d84f4f99 DH |
231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
232 | cred, flags, NULL); | |
1a26feb9 DH |
233 | if (IS_ERR(keyring)) |
234 | return PTR_ERR(keyring); | |
d84f4f99 | 235 | } else { |
1da177e4 LT |
236 | atomic_inc(&keyring->usage); |
237 | } | |
238 | ||
239 | /* install the keyring */ | |
d84f4f99 DH |
240 | spin_lock_irq(&cred->tgcred->lock); |
241 | old = cred->tgcred->session_keyring; | |
242 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); | |
243 | spin_unlock_irq(&cred->tgcred->lock); | |
1da177e4 | 244 | |
1a26feb9 DH |
245 | /* we're using RCU on the pointer, but there's no point synchronising |
246 | * on it if it didn't previously point to anything */ | |
247 | if (old) { | |
248 | synchronize_rcu(); | |
249 | key_put(old); | |
250 | } | |
1da177e4 | 251 | |
1a26feb9 | 252 | return 0; |
d84f4f99 | 253 | } |
1da177e4 | 254 | |
1da177e4 | 255 | /* |
d84f4f99 DH |
256 | * install a session keyring, discarding the old one |
257 | * - if a keyring is not supplied, an empty one is invented | |
1da177e4 | 258 | */ |
d84f4f99 | 259 | static int install_session_keyring(struct key *keyring) |
1da177e4 | 260 | { |
d84f4f99 DH |
261 | struct cred *new; |
262 | int ret; | |
1da177e4 | 263 | |
d84f4f99 DH |
264 | new = prepare_creds(); |
265 | if (!new) | |
266 | return -ENOMEM; | |
1da177e4 | 267 | |
d84f4f99 DH |
268 | ret = install_session_keyring_to_cred(new, NULL); |
269 | if (ret < 0) { | |
270 | abort_creds(new); | |
271 | return ret; | |
272 | } | |
1da177e4 | 273 | |
d84f4f99 DH |
274 | return commit_creds(new); |
275 | } | |
1da177e4 LT |
276 | |
277 | /*****************************************************************************/ | |
278 | /* | |
279 | * deal with execve() | |
280 | */ | |
281 | int exec_keys(struct task_struct *tsk) | |
282 | { | |
d84f4f99 DH |
283 | struct thread_group_cred *tgcred = NULL; |
284 | struct cred *new; | |
1da177e4 | 285 | |
d84f4f99 DH |
286 | #ifdef CONFIG_KEYS |
287 | tgcred = kmalloc(sizeof(*tgcred), GFP_KERNEL); | |
288 | if (!tgcred) | |
289 | return -ENOMEM; | |
290 | #endif | |
1da177e4 | 291 | |
d84f4f99 DH |
292 | new = prepare_creds(); |
293 | if (new < 0) | |
294 | return -ENOMEM; | |
1da177e4 | 295 | |
d84f4f99 DH |
296 | /* newly exec'd tasks don't get a thread keyring */ |
297 | key_put(new->thread_keyring); | |
298 | new->thread_keyring = NULL; | |
1da177e4 | 299 | |
d84f4f99 DH |
300 | /* create a new per-thread-group creds for all this set of threads to |
301 | * share */ | |
302 | memcpy(tgcred, new->tgcred, sizeof(struct thread_group_cred)); | |
1da177e4 | 303 | |
d84f4f99 DH |
304 | atomic_set(&tgcred->usage, 1); |
305 | spin_lock_init(&tgcred->lock); | |
1da177e4 | 306 | |
d84f4f99 DH |
307 | /* inherit the session keyring; new process keyring */ |
308 | key_get(tgcred->session_keyring); | |
309 | tgcred->process_keyring = NULL; | |
1da177e4 | 310 | |
d84f4f99 DH |
311 | release_tgcred(new); |
312 | new->tgcred = tgcred; | |
313 | ||
314 | commit_creds(new); | |
1da177e4 LT |
315 | return 0; |
316 | ||
d84f4f99 | 317 | } /* end exec_keys() */ |
1da177e4 LT |
318 | |
319 | /*****************************************************************************/ | |
320 | /* | |
321 | * the filesystem user ID changed | |
322 | */ | |
323 | void key_fsuid_changed(struct task_struct *tsk) | |
324 | { | |
325 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
326 | BUG_ON(!tsk->cred); |
327 | if (tsk->cred->thread_keyring) { | |
328 | down_write(&tsk->cred->thread_keyring->sem); | |
329 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | |
330 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 LT |
331 | } |
332 | ||
333 | } /* end key_fsuid_changed() */ | |
334 | ||
335 | /*****************************************************************************/ | |
336 | /* | |
337 | * the filesystem group ID changed | |
338 | */ | |
339 | void key_fsgid_changed(struct task_struct *tsk) | |
340 | { | |
341 | /* update the ownership of the thread keyring */ | |
b6dff3ec DH |
342 | BUG_ON(!tsk->cred); |
343 | if (tsk->cred->thread_keyring) { | |
344 | down_write(&tsk->cred->thread_keyring->sem); | |
345 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | |
346 | up_write(&tsk->cred->thread_keyring->sem); | |
1da177e4 LT |
347 | } |
348 | ||
349 | } /* end key_fsgid_changed() */ | |
350 | ||
351 | /*****************************************************************************/ | |
352 | /* | |
353 | * search the process keyrings for the first matching key | |
354 | * - we use the supplied match function to see if the description (or other | |
355 | * feature of interest) matches | |
356 | * - we return -EAGAIN if we didn't find any matching key | |
357 | * - we return -ENOKEY if we found only negative matching keys | |
358 | */ | |
664cceb0 DH |
359 | key_ref_t search_process_keyrings(struct key_type *type, |
360 | const void *description, | |
361 | key_match_func_t match, | |
d84f4f99 | 362 | const struct cred *cred) |
1da177e4 | 363 | { |
3e30148c | 364 | struct request_key_auth *rka; |
b5f545c8 | 365 | key_ref_t key_ref, ret, err; |
1da177e4 | 366 | |
04c567d9 DH |
367 | might_sleep(); |
368 | ||
1da177e4 LT |
369 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
370 | * searchable, but we failed to find a key or we found a negative key; | |
371 | * otherwise we want to return a sample error (probably -EACCES) if | |
372 | * none of the keyrings were searchable | |
373 | * | |
374 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | |
375 | */ | |
664cceb0 | 376 | key_ref = NULL; |
1da177e4 LT |
377 | ret = NULL; |
378 | err = ERR_PTR(-EAGAIN); | |
379 | ||
380 | /* search the thread keyring first */ | |
c69e8d9c | 381 | if (cred->thread_keyring) { |
664cceb0 | 382 | key_ref = keyring_search_aux( |
c69e8d9c | 383 | make_key_ref(cred->thread_keyring, 1), |
d84f4f99 | 384 | cred, type, description, match); |
664cceb0 | 385 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
386 | goto found; |
387 | ||
664cceb0 | 388 | switch (PTR_ERR(key_ref)) { |
1da177e4 LT |
389 | case -EAGAIN: /* no key */ |
390 | if (ret) | |
391 | break; | |
392 | case -ENOKEY: /* negative key */ | |
664cceb0 | 393 | ret = key_ref; |
1da177e4 LT |
394 | break; |
395 | default: | |
664cceb0 | 396 | err = key_ref; |
1da177e4 LT |
397 | break; |
398 | } | |
399 | } | |
400 | ||
401 | /* search the process keyring second */ | |
bb952bb9 | 402 | if (cred->tgcred->process_keyring) { |
664cceb0 | 403 | key_ref = keyring_search_aux( |
bb952bb9 | 404 | make_key_ref(cred->tgcred->process_keyring, 1), |
d84f4f99 | 405 | cred, type, description, match); |
664cceb0 | 406 | if (!IS_ERR(key_ref)) |
1da177e4 LT |
407 | goto found; |
408 | ||
664cceb0 | 409 | switch (PTR_ERR(key_ref)) { |
1da177e4 LT |
410 | case -EAGAIN: /* no key */ |
411 | if (ret) | |
412 | break; | |
413 | case -ENOKEY: /* negative key */ | |
664cceb0 | 414 | ret = key_ref; |
1da177e4 LT |
415 | break; |
416 | default: | |
664cceb0 | 417 | err = key_ref; |
1da177e4 LT |
418 | break; |
419 | } | |
420 | } | |
421 | ||
3e30148c | 422 | /* search the session keyring */ |
bb952bb9 | 423 | if (cred->tgcred->session_keyring) { |
8589b4e0 | 424 | rcu_read_lock(); |
664cceb0 DH |
425 | key_ref = keyring_search_aux( |
426 | make_key_ref(rcu_dereference( | |
bb952bb9 | 427 | cred->tgcred->session_keyring), |
664cceb0 | 428 | 1), |
d84f4f99 | 429 | cred, type, description, match); |
8589b4e0 | 430 | rcu_read_unlock(); |
3e30148c | 431 | |
664cceb0 | 432 | if (!IS_ERR(key_ref)) |
3e30148c DH |
433 | goto found; |
434 | ||
664cceb0 | 435 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
436 | case -EAGAIN: /* no key */ |
437 | if (ret) | |
438 | break; | |
439 | case -ENOKEY: /* negative key */ | |
664cceb0 | 440 | ret = key_ref; |
3e30148c DH |
441 | break; |
442 | default: | |
664cceb0 | 443 | err = key_ref; |
3e30148c DH |
444 | break; |
445 | } | |
b5f545c8 DH |
446 | } |
447 | /* or search the user-session keyring */ | |
c69e8d9c | 448 | else if (cred->user->session_keyring) { |
b5f545c8 | 449 | key_ref = keyring_search_aux( |
c69e8d9c | 450 | make_key_ref(cred->user->session_keyring, 1), |
d84f4f99 | 451 | cred, type, description, match); |
664cceb0 | 452 | if (!IS_ERR(key_ref)) |
3e30148c DH |
453 | goto found; |
454 | ||
664cceb0 | 455 | switch (PTR_ERR(key_ref)) { |
3e30148c DH |
456 | case -EAGAIN: /* no key */ |
457 | if (ret) | |
458 | break; | |
459 | case -ENOKEY: /* negative key */ | |
664cceb0 | 460 | ret = key_ref; |
3e30148c DH |
461 | break; |
462 | default: | |
664cceb0 | 463 | err = key_ref; |
3e30148c DH |
464 | break; |
465 | } | |
8589b4e0 | 466 | } |
b5f545c8 DH |
467 | |
468 | /* if this process has an instantiation authorisation key, then we also | |
469 | * search the keyrings of the process mentioned there | |
470 | * - we don't permit access to request_key auth keys via this method | |
471 | */ | |
c69e8d9c | 472 | if (cred->request_key_auth && |
d84f4f99 | 473 | cred == current_cred() && |
04c567d9 | 474 | type != &key_type_request_key_auth |
b5f545c8 | 475 | ) { |
04c567d9 | 476 | /* defend against the auth key being revoked */ |
c69e8d9c | 477 | down_read(&cred->request_key_auth->sem); |
b5f545c8 | 478 | |
c69e8d9c DH |
479 | if (key_validate(cred->request_key_auth) == 0) { |
480 | rka = cred->request_key_auth->payload.data; | |
b5f545c8 | 481 | |
04c567d9 | 482 | key_ref = search_process_keyrings(type, description, |
d84f4f99 | 483 | match, rka->cred); |
1da177e4 | 484 | |
c69e8d9c | 485 | up_read(&cred->request_key_auth->sem); |
04c567d9 DH |
486 | |
487 | if (!IS_ERR(key_ref)) | |
488 | goto found; | |
489 | ||
490 | switch (PTR_ERR(key_ref)) { | |
491 | case -EAGAIN: /* no key */ | |
492 | if (ret) | |
493 | break; | |
494 | case -ENOKEY: /* negative key */ | |
495 | ret = key_ref; | |
3e30148c | 496 | break; |
04c567d9 DH |
497 | default: |
498 | err = key_ref; | |
499 | break; | |
500 | } | |
501 | } else { | |
c69e8d9c | 502 | up_read(&cred->request_key_auth->sem); |
3e30148c | 503 | } |
1da177e4 LT |
504 | } |
505 | ||
506 | /* no key - decide on the error we're going to go for */ | |
664cceb0 | 507 | key_ref = ret ? ret : err; |
1da177e4 | 508 | |
3e30148c | 509 | found: |
664cceb0 | 510 | return key_ref; |
1da177e4 | 511 | |
1da177e4 LT |
512 | } /* end search_process_keyrings() */ |
513 | ||
664cceb0 DH |
514 | /*****************************************************************************/ |
515 | /* | |
516 | * see if the key we're looking at is the target key | |
517 | */ | |
518 | static int lookup_user_key_possessed(const struct key *key, const void *target) | |
519 | { | |
520 | return key == target; | |
521 | ||
522 | } /* end lookup_user_key_possessed() */ | |
523 | ||
1da177e4 LT |
524 | /*****************************************************************************/ |
525 | /* | |
526 | * lookup a key given a key ID from userspace with a given permissions mask | |
527 | * - don't create special keyrings unless so requested | |
528 | * - partially constructed keys aren't found unless requested | |
529 | */ | |
8bbf4976 DH |
530 | key_ref_t lookup_user_key(key_serial_t id, int create, int partial, |
531 | key_perm_t perm) | |
1da177e4 | 532 | { |
8bbf4976 | 533 | struct request_key_auth *rka; |
d84f4f99 | 534 | const struct cred *cred; |
1da177e4 | 535 | struct key *key; |
b6dff3ec | 536 | key_ref_t key_ref, skey_ref; |
1da177e4 LT |
537 | int ret; |
538 | ||
bb952bb9 DH |
539 | try_again: |
540 | cred = get_current_cred(); | |
664cceb0 | 541 | key_ref = ERR_PTR(-ENOKEY); |
1da177e4 LT |
542 | |
543 | switch (id) { | |
544 | case KEY_SPEC_THREAD_KEYRING: | |
b6dff3ec | 545 | if (!cred->thread_keyring) { |
1da177e4 LT |
546 | if (!create) |
547 | goto error; | |
548 | ||
8bbf4976 | 549 | ret = install_thread_keyring(); |
1da177e4 LT |
550 | if (ret < 0) { |
551 | key = ERR_PTR(ret); | |
552 | goto error; | |
553 | } | |
bb952bb9 | 554 | goto reget_creds; |
1da177e4 LT |
555 | } |
556 | ||
b6dff3ec | 557 | key = cred->thread_keyring; |
1da177e4 | 558 | atomic_inc(&key->usage); |
664cceb0 | 559 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
560 | break; |
561 | ||
562 | case KEY_SPEC_PROCESS_KEYRING: | |
bb952bb9 | 563 | if (!cred->tgcred->process_keyring) { |
1da177e4 LT |
564 | if (!create) |
565 | goto error; | |
566 | ||
8bbf4976 | 567 | ret = install_process_keyring(); |
1da177e4 LT |
568 | if (ret < 0) { |
569 | key = ERR_PTR(ret); | |
570 | goto error; | |
571 | } | |
bb952bb9 | 572 | goto reget_creds; |
1da177e4 LT |
573 | } |
574 | ||
bb952bb9 | 575 | key = cred->tgcred->process_keyring; |
1da177e4 | 576 | atomic_inc(&key->usage); |
664cceb0 | 577 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
578 | break; |
579 | ||
580 | case KEY_SPEC_SESSION_KEYRING: | |
bb952bb9 | 581 | if (!cred->tgcred->session_keyring) { |
1da177e4 LT |
582 | /* always install a session keyring upon access if one |
583 | * doesn't exist yet */ | |
8bbf4976 | 584 | ret = install_user_keyrings(); |
69664cf1 DH |
585 | if (ret < 0) |
586 | goto error; | |
b6dff3ec DH |
587 | ret = install_session_keyring( |
588 | cred->user->session_keyring); | |
d84f4f99 | 589 | |
1da177e4 LT |
590 | if (ret < 0) |
591 | goto error; | |
bb952bb9 | 592 | goto reget_creds; |
1da177e4 LT |
593 | } |
594 | ||
3e30148c | 595 | rcu_read_lock(); |
bb952bb9 | 596 | key = rcu_dereference(cred->tgcred->session_keyring); |
1da177e4 | 597 | atomic_inc(&key->usage); |
3e30148c | 598 | rcu_read_unlock(); |
664cceb0 | 599 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
600 | break; |
601 | ||
602 | case KEY_SPEC_USER_KEYRING: | |
b6dff3ec | 603 | if (!cred->user->uid_keyring) { |
8bbf4976 | 604 | ret = install_user_keyrings(); |
69664cf1 DH |
605 | if (ret < 0) |
606 | goto error; | |
607 | } | |
608 | ||
b6dff3ec | 609 | key = cred->user->uid_keyring; |
1da177e4 | 610 | atomic_inc(&key->usage); |
664cceb0 | 611 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
612 | break; |
613 | ||
614 | case KEY_SPEC_USER_SESSION_KEYRING: | |
b6dff3ec | 615 | if (!cred->user->session_keyring) { |
8bbf4976 | 616 | ret = install_user_keyrings(); |
69664cf1 DH |
617 | if (ret < 0) |
618 | goto error; | |
619 | } | |
620 | ||
b6dff3ec | 621 | key = cred->user->session_keyring; |
1da177e4 | 622 | atomic_inc(&key->usage); |
664cceb0 | 623 | key_ref = make_key_ref(key, 1); |
1da177e4 LT |
624 | break; |
625 | ||
626 | case KEY_SPEC_GROUP_KEYRING: | |
627 | /* group keyrings are not yet supported */ | |
628 | key = ERR_PTR(-EINVAL); | |
629 | goto error; | |
630 | ||
b5f545c8 | 631 | case KEY_SPEC_REQKEY_AUTH_KEY: |
b6dff3ec | 632 | key = cred->request_key_auth; |
b5f545c8 DH |
633 | if (!key) |
634 | goto error; | |
635 | ||
636 | atomic_inc(&key->usage); | |
637 | key_ref = make_key_ref(key, 1); | |
638 | break; | |
639 | ||
8bbf4976 | 640 | case KEY_SPEC_REQUESTOR_KEYRING: |
b6dff3ec | 641 | if (!cred->request_key_auth) |
8bbf4976 DH |
642 | goto error; |
643 | ||
b6dff3ec DH |
644 | down_read(&cred->request_key_auth->sem); |
645 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { | |
8bbf4976 DH |
646 | key_ref = ERR_PTR(-EKEYREVOKED); |
647 | key = NULL; | |
648 | } else { | |
b6dff3ec | 649 | rka = cred->request_key_auth->payload.data; |
8bbf4976 DH |
650 | key = rka->dest_keyring; |
651 | atomic_inc(&key->usage); | |
652 | } | |
b6dff3ec | 653 | up_read(&cred->request_key_auth->sem); |
8bbf4976 DH |
654 | if (!key) |
655 | goto error; | |
656 | key_ref = make_key_ref(key, 1); | |
657 | break; | |
658 | ||
1da177e4 | 659 | default: |
664cceb0 | 660 | key_ref = ERR_PTR(-EINVAL); |
1da177e4 LT |
661 | if (id < 1) |
662 | goto error; | |
663 | ||
664 | key = key_lookup(id); | |
664cceb0 | 665 | if (IS_ERR(key)) { |
e231c2ee | 666 | key_ref = ERR_CAST(key); |
1da177e4 | 667 | goto error; |
664cceb0 DH |
668 | } |
669 | ||
670 | key_ref = make_key_ref(key, 0); | |
671 | ||
672 | /* check to see if we possess the key */ | |
673 | skey_ref = search_process_keyrings(key->type, key, | |
674 | lookup_user_key_possessed, | |
d84f4f99 | 675 | cred); |
664cceb0 DH |
676 | |
677 | if (!IS_ERR(skey_ref)) { | |
678 | key_put(key); | |
679 | key_ref = skey_ref; | |
680 | } | |
681 | ||
1da177e4 LT |
682 | break; |
683 | } | |
684 | ||
76181c13 DH |
685 | if (!partial) { |
686 | ret = wait_for_key_construction(key, true); | |
687 | switch (ret) { | |
688 | case -ERESTARTSYS: | |
689 | goto invalid_key; | |
690 | default: | |
691 | if (perm) | |
692 | goto invalid_key; | |
693 | case 0: | |
694 | break; | |
695 | } | |
696 | } else if (perm) { | |
1da177e4 LT |
697 | ret = key_validate(key); |
698 | if (ret < 0) | |
699 | goto invalid_key; | |
700 | } | |
701 | ||
702 | ret = -EIO; | |
76d8aeab | 703 | if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
1da177e4 LT |
704 | goto invalid_key; |
705 | ||
3e30148c | 706 | /* check the permissions */ |
d84f4f99 | 707 | ret = key_task_permission(key_ref, cred, perm); |
29db9190 | 708 | if (ret < 0) |
1da177e4 LT |
709 | goto invalid_key; |
710 | ||
664cceb0 | 711 | error: |
bb952bb9 | 712 | put_cred(cred); |
664cceb0 | 713 | return key_ref; |
1da177e4 | 714 | |
664cceb0 DH |
715 | invalid_key: |
716 | key_ref_put(key_ref); | |
717 | key_ref = ERR_PTR(ret); | |
1da177e4 LT |
718 | goto error; |
719 | ||
bb952bb9 DH |
720 | /* if we attempted to install a keyring, then it may have caused new |
721 | * creds to be installed */ | |
722 | reget_creds: | |
723 | put_cred(cred); | |
724 | goto try_again; | |
725 | ||
1da177e4 LT |
726 | } /* end lookup_user_key() */ |
727 | ||
728 | /*****************************************************************************/ | |
729 | /* | |
730 | * join the named keyring as the session keyring if possible, or attempt to | |
731 | * create a new one of that name if not | |
732 | * - if the name is NULL, an empty anonymous keyring is installed instead | |
733 | * - named session keyring joining is done with a semaphore held | |
734 | */ | |
735 | long join_session_keyring(const char *name) | |
736 | { | |
d84f4f99 DH |
737 | const struct cred *old; |
738 | struct cred *new; | |
1da177e4 | 739 | struct key *keyring; |
d84f4f99 DH |
740 | long ret, serial; |
741 | ||
742 | /* only permit this if there's a single thread in the thread group - | |
743 | * this avoids us having to adjust the creds on all threads and risking | |
744 | * ENOMEM */ | |
745 | if (!is_single_threaded(current)) | |
746 | return -EMLINK; | |
747 | ||
748 | new = prepare_creds(); | |
749 | if (!new) | |
750 | return -ENOMEM; | |
751 | old = current_cred(); | |
1da177e4 LT |
752 | |
753 | /* if no name is provided, install an anonymous keyring */ | |
754 | if (!name) { | |
d84f4f99 | 755 | ret = install_session_keyring_to_cred(new, NULL); |
1da177e4 LT |
756 | if (ret < 0) |
757 | goto error; | |
758 | ||
d84f4f99 DH |
759 | serial = new->tgcred->session_keyring->serial; |
760 | ret = commit_creds(new); | |
761 | if (ret == 0) | |
762 | ret = serial; | |
763 | goto okay; | |
1da177e4 LT |
764 | } |
765 | ||
766 | /* allow the user to join or create a named keyring */ | |
bb003079 | 767 | mutex_lock(&key_session_mutex); |
1da177e4 LT |
768 | |
769 | /* look for an existing keyring of this name */ | |
69664cf1 | 770 | keyring = find_keyring_by_name(name, false); |
1da177e4 LT |
771 | if (PTR_ERR(keyring) == -ENOKEY) { |
772 | /* not found - try and create a new one */ | |
d84f4f99 | 773 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
7e047ef5 | 774 | KEY_ALLOC_IN_QUOTA, NULL); |
1da177e4 LT |
775 | if (IS_ERR(keyring)) { |
776 | ret = PTR_ERR(keyring); | |
bcf945d3 | 777 | goto error2; |
1da177e4 | 778 | } |
d84f4f99 | 779 | } else if (IS_ERR(keyring)) { |
1da177e4 LT |
780 | ret = PTR_ERR(keyring); |
781 | goto error2; | |
782 | } | |
783 | ||
784 | /* we've got a keyring - now to install it */ | |
d84f4f99 | 785 | ret = install_session_keyring_to_cred(new, keyring); |
1da177e4 LT |
786 | if (ret < 0) |
787 | goto error2; | |
788 | ||
d84f4f99 DH |
789 | commit_creds(new); |
790 | mutex_unlock(&key_session_mutex); | |
791 | ||
1da177e4 LT |
792 | ret = keyring->serial; |
793 | key_put(keyring); | |
d84f4f99 DH |
794 | okay: |
795 | return ret; | |
1da177e4 | 796 | |
664cceb0 | 797 | error2: |
bb003079 | 798 | mutex_unlock(&key_session_mutex); |
664cceb0 | 799 | error: |
d84f4f99 | 800 | abort_creds(new); |
1da177e4 | 801 | return ret; |
d84f4f99 | 802 | } |