1 /* Management of a process's keyrings
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/keyctl.h>
18 #include <linux/err.h>
19 #include <linux/mutex.h>
20 #include <asm/uaccess.h>
23 /* session keyring create vs join semaphore */
24 static DEFINE_MUTEX(key_session_mutex);
26 /* user keyring creation semaphore */
27 static DEFINE_MUTEX(key_user_keyring_mutex);
29 /* the root user's tracking struct */
30 struct key_user root_key_user = {
31 .usage = ATOMIC_INIT(3),
32 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
33 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
34 .nkeys = ATOMIC_INIT(2),
35 .nikeys = ATOMIC_INIT(2),
39 /*****************************************************************************/
41 * install user and user session keyrings for a particular UID
43 int install_user_keyrings(void)
45 struct user_struct *user = current->cred->user;
46 struct key *uid_keyring, *session_keyring;
50 kenter("%p{%u}", user, user->uid);
52 if (user->uid_keyring) {
53 kleave(" = 0 [exist]");
57 mutex_lock(&key_user_keyring_mutex);
60 if (!user->uid_keyring) {
61 /* get the UID-specific keyring
62 * - there may be one in existence already as it may have been
63 * pinned by a session, but the user_struct pointing to it
64 * may have been destroyed by setuid */
65 sprintf(buf, "_uid.%u", user->uid);
67 uid_keyring = find_keyring_by_name(buf, true);
68 if (IS_ERR(uid_keyring)) {
69 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1,
70 current, KEY_ALLOC_IN_QUOTA,
72 if (IS_ERR(uid_keyring)) {
73 ret = PTR_ERR(uid_keyring);
78 /* get a default session keyring (which might also exist
80 sprintf(buf, "_uid_ses.%u", user->uid);
82 session_keyring = find_keyring_by_name(buf, true);
83 if (IS_ERR(session_keyring)) {
85 keyring_alloc(buf, user->uid, (gid_t) -1,
86 current, KEY_ALLOC_IN_QUOTA,
88 if (IS_ERR(session_keyring)) {
89 ret = PTR_ERR(session_keyring);
93 /* we install a link from the user session keyring to
95 ret = key_link(session_keyring, uid_keyring);
97 goto error_release_both;
100 /* install the keyrings */
101 user->uid_keyring = uid_keyring;
102 user->session_keyring = session_keyring;
105 mutex_unlock(&key_user_keyring_mutex);
110 key_put(session_keyring);
112 key_put(uid_keyring);
114 mutex_unlock(&key_user_keyring_mutex);
115 kleave(" = %d", ret);
119 /*****************************************************************************/
121 * deal with the UID changing
123 void switch_uid_keyring(struct user_struct *new_user)
125 #if 0 /* do nothing for now */
128 /* switch to the new user's session keyring if we were running under
129 * root's default session keyring */
130 if (new_user->uid != 0 &&
131 current->session_keyring == &root_session_keyring
133 atomic_inc(&new_user->session_keyring->usage);
136 old = current->session_keyring;
137 current->session_keyring = new_user->session_keyring;
138 task_unlock(current);
144 } /* end switch_uid_keyring() */
146 /*****************************************************************************/
148 * install a fresh thread keyring, discarding the old one
150 int install_thread_keyring(void)
152 struct task_struct *tsk = current;
153 struct key *keyring, *old;
157 sprintf(buf, "_tid.%u", tsk->pid);
159 keyring = keyring_alloc(buf, tsk->cred->uid, tsk->cred->gid, tsk,
160 KEY_ALLOC_QUOTA_OVERRUN, NULL);
161 if (IS_ERR(keyring)) {
162 ret = PTR_ERR(keyring);
167 old = tsk->cred->thread_keyring;
168 tsk->cred->thread_keyring = keyring;
177 } /* end install_thread_keyring() */
179 /*****************************************************************************/
181 * make sure a process keyring is installed
183 int install_process_keyring(void)
185 struct task_struct *tsk = current;
192 if (!tsk->cred->tgcred->process_keyring) {
193 sprintf(buf, "_pid.%u", tsk->tgid);
195 keyring = keyring_alloc(buf, tsk->cred->uid, tsk->cred->gid, tsk,
196 KEY_ALLOC_QUOTA_OVERRUN, NULL);
197 if (IS_ERR(keyring)) {
198 ret = PTR_ERR(keyring);
203 spin_lock_irq(&tsk->cred->tgcred->lock);
204 if (!tsk->cred->tgcred->process_keyring) {
205 tsk->cred->tgcred->process_keyring = keyring;
208 spin_unlock_irq(&tsk->cred->tgcred->lock);
217 } /* end install_process_keyring() */
219 /*****************************************************************************/
221 * install a session keyring, discarding the old one
222 * - if a keyring is not supplied, an empty one is invented
224 static int install_session_keyring(struct key *keyring)
226 struct task_struct *tsk = current;
233 /* create an empty session keyring */
235 sprintf(buf, "_ses.%u", tsk->tgid);
237 flags = KEY_ALLOC_QUOTA_OVERRUN;
238 if (tsk->cred->tgcred->session_keyring)
239 flags = KEY_ALLOC_IN_QUOTA;
241 keyring = keyring_alloc(buf, tsk->cred->uid, tsk->cred->gid,
244 return PTR_ERR(keyring);
247 atomic_inc(&keyring->usage);
250 /* install the keyring */
251 spin_lock_irq(&tsk->cred->tgcred->lock);
252 old = tsk->cred->tgcred->session_keyring;
253 rcu_assign_pointer(tsk->cred->tgcred->session_keyring, keyring);
254 spin_unlock_irq(&tsk->cred->tgcred->lock);
256 /* we're using RCU on the pointer, but there's no point synchronising
257 * on it if it didn't previously point to anything */
265 } /* end install_session_keyring() */
267 /*****************************************************************************/
269 * copy the keys for fork
271 int copy_keys(unsigned long clone_flags, struct task_struct *tsk)
273 key_check(tsk->cred->thread_keyring);
274 key_check(tsk->cred->request_key_auth);
276 /* no thread keyring yet */
277 tsk->cred->thread_keyring = NULL;
279 /* copy the request_key() authorisation for this thread */
280 key_get(tsk->cred->request_key_auth);
284 } /* end copy_keys() */
286 /*****************************************************************************/
288 * dispose of per-thread keys upon thread exit
290 void exit_keys(struct task_struct *tsk)
292 key_put(tsk->cred->thread_keyring);
293 key_put(tsk->cred->request_key_auth);
295 } /* end exit_keys() */
297 /*****************************************************************************/
301 int exec_keys(struct task_struct *tsk)
305 /* newly exec'd tasks don't get a thread keyring */
307 old = tsk->cred->thread_keyring;
308 tsk->cred->thread_keyring = NULL;
313 /* discard the process keyring from a newly exec'd task */
314 spin_lock_irq(&tsk->cred->tgcred->lock);
315 old = tsk->cred->tgcred->process_keyring;
316 tsk->cred->tgcred->process_keyring = NULL;
317 spin_unlock_irq(&tsk->cred->tgcred->lock);
323 } /* end exec_keys() */
325 /*****************************************************************************/
327 * deal with SUID programs
328 * - we might want to make this invent a new session keyring
330 int suid_keys(struct task_struct *tsk)
334 } /* end suid_keys() */
336 /*****************************************************************************/
338 * the filesystem user ID changed
340 void key_fsuid_changed(struct task_struct *tsk)
342 /* update the ownership of the thread keyring */
344 if (tsk->cred->thread_keyring) {
345 down_write(&tsk->cred->thread_keyring->sem);
346 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
347 up_write(&tsk->cred->thread_keyring->sem);
350 } /* end key_fsuid_changed() */
352 /*****************************************************************************/
354 * the filesystem group ID changed
356 void key_fsgid_changed(struct task_struct *tsk)
358 /* update the ownership of the thread keyring */
360 if (tsk->cred->thread_keyring) {
361 down_write(&tsk->cred->thread_keyring->sem);
362 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
363 up_write(&tsk->cred->thread_keyring->sem);
366 } /* end key_fsgid_changed() */
368 /*****************************************************************************/
370 * search the process keyrings for the first matching key
371 * - we use the supplied match function to see if the description (or other
372 * feature of interest) matches
373 * - we return -EAGAIN if we didn't find any matching key
374 * - we return -ENOKEY if we found only negative matching keys
376 key_ref_t search_process_keyrings(struct key_type *type,
377 const void *description,
378 key_match_func_t match,
379 struct task_struct *context)
381 struct request_key_auth *rka;
383 key_ref_t key_ref, ret, err;
387 cred = get_task_cred(context);
389 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
390 * searchable, but we failed to find a key or we found a negative key;
391 * otherwise we want to return a sample error (probably -EACCES) if
392 * none of the keyrings were searchable
394 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
398 err = ERR_PTR(-EAGAIN);
400 /* search the thread keyring first */
401 if (cred->thread_keyring) {
402 key_ref = keyring_search_aux(
403 make_key_ref(cred->thread_keyring, 1),
404 context, type, description, match);
405 if (!IS_ERR(key_ref))
408 switch (PTR_ERR(key_ref)) {
409 case -EAGAIN: /* no key */
412 case -ENOKEY: /* negative key */
421 /* search the process keyring second */
422 if (cred->tgcred->process_keyring) {
423 key_ref = keyring_search_aux(
424 make_key_ref(cred->tgcred->process_keyring, 1),
425 context, type, description, match);
426 if (!IS_ERR(key_ref))
429 switch (PTR_ERR(key_ref)) {
430 case -EAGAIN: /* no key */
433 case -ENOKEY: /* negative key */
442 /* search the session keyring */
443 if (cred->tgcred->session_keyring) {
445 key_ref = keyring_search_aux(
446 make_key_ref(rcu_dereference(
447 cred->tgcred->session_keyring),
449 context, type, description, match);
452 if (!IS_ERR(key_ref))
455 switch (PTR_ERR(key_ref)) {
456 case -EAGAIN: /* no key */
459 case -ENOKEY: /* negative key */
467 /* or search the user-session keyring */
468 else if (cred->user->session_keyring) {
469 key_ref = keyring_search_aux(
470 make_key_ref(cred->user->session_keyring, 1),
471 context, type, description, match);
472 if (!IS_ERR(key_ref))
475 switch (PTR_ERR(key_ref)) {
476 case -EAGAIN: /* no key */
479 case -ENOKEY: /* negative key */
488 /* if this process has an instantiation authorisation key, then we also
489 * search the keyrings of the process mentioned there
490 * - we don't permit access to request_key auth keys via this method
492 if (cred->request_key_auth &&
493 context == current &&
494 type != &key_type_request_key_auth
496 /* defend against the auth key being revoked */
497 down_read(&cred->request_key_auth->sem);
499 if (key_validate(cred->request_key_auth) == 0) {
500 rka = cred->request_key_auth->payload.data;
502 key_ref = search_process_keyrings(type, description,
503 match, rka->context);
505 up_read(&cred->request_key_auth->sem);
507 if (!IS_ERR(key_ref))
510 switch (PTR_ERR(key_ref)) {
511 case -EAGAIN: /* no key */
514 case -ENOKEY: /* negative key */
522 up_read(&cred->request_key_auth->sem);
526 /* no key - decide on the error we're going to go for */
527 key_ref = ret ? ret : err;
533 } /* end search_process_keyrings() */
535 /*****************************************************************************/
537 * see if the key we're looking at is the target key
539 static int lookup_user_key_possessed(const struct key *key, const void *target)
541 return key == target;
543 } /* end lookup_user_key_possessed() */
545 /*****************************************************************************/
547 * lookup a key given a key ID from userspace with a given permissions mask
548 * - don't create special keyrings unless so requested
549 * - partially constructed keys aren't found unless requested
551 key_ref_t lookup_user_key(key_serial_t id, int create, int partial,
554 struct request_key_auth *rka;
555 struct task_struct *t = current;
558 key_ref_t key_ref, skey_ref;
562 cred = get_current_cred();
563 key_ref = ERR_PTR(-ENOKEY);
566 case KEY_SPEC_THREAD_KEYRING:
567 if (!cred->thread_keyring) {
571 ret = install_thread_keyring();
579 key = cred->thread_keyring;
580 atomic_inc(&key->usage);
581 key_ref = make_key_ref(key, 1);
584 case KEY_SPEC_PROCESS_KEYRING:
585 if (!cred->tgcred->process_keyring) {
589 ret = install_process_keyring();
597 key = cred->tgcred->process_keyring;
598 atomic_inc(&key->usage);
599 key_ref = make_key_ref(key, 1);
602 case KEY_SPEC_SESSION_KEYRING:
603 if (!cred->tgcred->session_keyring) {
604 /* always install a session keyring upon access if one
605 * doesn't exist yet */
606 ret = install_user_keyrings();
609 ret = install_session_keyring(
610 cred->user->session_keyring);
617 key = rcu_dereference(cred->tgcred->session_keyring);
618 atomic_inc(&key->usage);
620 key_ref = make_key_ref(key, 1);
623 case KEY_SPEC_USER_KEYRING:
624 if (!cred->user->uid_keyring) {
625 ret = install_user_keyrings();
630 key = cred->user->uid_keyring;
631 atomic_inc(&key->usage);
632 key_ref = make_key_ref(key, 1);
635 case KEY_SPEC_USER_SESSION_KEYRING:
636 if (!cred->user->session_keyring) {
637 ret = install_user_keyrings();
642 key = cred->user->session_keyring;
643 atomic_inc(&key->usage);
644 key_ref = make_key_ref(key, 1);
647 case KEY_SPEC_GROUP_KEYRING:
648 /* group keyrings are not yet supported */
649 key = ERR_PTR(-EINVAL);
652 case KEY_SPEC_REQKEY_AUTH_KEY:
653 key = cred->request_key_auth;
657 atomic_inc(&key->usage);
658 key_ref = make_key_ref(key, 1);
661 case KEY_SPEC_REQUESTOR_KEYRING:
662 if (!cred->request_key_auth)
665 down_read(&cred->request_key_auth->sem);
666 if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) {
667 key_ref = ERR_PTR(-EKEYREVOKED);
670 rka = cred->request_key_auth->payload.data;
671 key = rka->dest_keyring;
672 atomic_inc(&key->usage);
674 up_read(&cred->request_key_auth->sem);
677 key_ref = make_key_ref(key, 1);
681 key_ref = ERR_PTR(-EINVAL);
685 key = key_lookup(id);
687 key_ref = ERR_CAST(key);
691 key_ref = make_key_ref(key, 0);
693 /* check to see if we possess the key */
694 skey_ref = search_process_keyrings(key->type, key,
695 lookup_user_key_possessed,
698 if (!IS_ERR(skey_ref)) {
707 ret = wait_for_key_construction(key, true);
718 ret = key_validate(key);
724 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
727 /* check the permissions */
728 ret = key_task_permission(key_ref, t, perm);
737 key_ref_put(key_ref);
738 key_ref = ERR_PTR(ret);
741 /* if we attempted to install a keyring, then it may have caused new
742 * creds to be installed */
747 } /* end lookup_user_key() */
749 /*****************************************************************************/
751 * join the named keyring as the session keyring if possible, or attempt to
752 * create a new one of that name if not
753 * - if the name is NULL, an empty anonymous keyring is installed instead
754 * - named session keyring joining is done with a semaphore held
756 long join_session_keyring(const char *name)
758 struct task_struct *tsk = current;
759 struct cred *cred = current->cred;
763 /* if no name is provided, install an anonymous keyring */
765 ret = install_session_keyring(NULL);
770 ret = rcu_dereference(cred->tgcred->session_keyring)->serial;
775 /* allow the user to join or create a named keyring */
776 mutex_lock(&key_session_mutex);
778 /* look for an existing keyring of this name */
779 keyring = find_keyring_by_name(name, false);
780 if (PTR_ERR(keyring) == -ENOKEY) {
781 /* not found - try and create a new one */
782 keyring = keyring_alloc(name, cred->uid, cred->gid, tsk,
783 KEY_ALLOC_IN_QUOTA, NULL);
784 if (IS_ERR(keyring)) {
785 ret = PTR_ERR(keyring);
789 else if (IS_ERR(keyring)) {
790 ret = PTR_ERR(keyring);
794 /* we've got a keyring - now to install it */
795 ret = install_session_keyring(keyring);
799 ret = keyring->serial;
803 mutex_unlock(&key_session_mutex);
807 } /* end join_session_keyring() */