1
2
3
4
5
6
7
8
9
10
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/keyctl.h>
16#include <linux/fs.h>
17#include <linux/err.h>
18#include <linux/mutex.h>
19#include <linux/security.h>
20#include <linux/user_namespace.h>
21#include <asm/uaccess.h>
22#include "internal.h"
23
24
25static DEFINE_MUTEX(key_session_mutex);
26
27
28static DEFINE_MUTEX(key_user_keyring_mutex);
29
30
31struct key_user root_key_user = {
32 .usage = ATOMIC_INIT(3),
33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
34 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
35 .nkeys = ATOMIC_INIT(2),
36 .nikeys = ATOMIC_INIT(2),
37 .uid = GLOBAL_ROOT_UID,
38};
39
40
41
42
43int install_user_keyrings(void)
44{
45 struct user_struct *user;
46 const struct cred *cred;
47 struct key *uid_keyring, *session_keyring;
48 key_perm_t user_keyring_perm;
49 char buf[20];
50 int ret;
51 uid_t uid;
52
53 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
54 cred = current_cred();
55 user = cred->user;
56 uid = from_kuid(cred->user_ns, user->uid);
57
58 kenter("%p{%u}", user, uid);
59
60 if (user->uid_keyring && user->session_keyring) {
61 kleave(" = 0 [exist]");
62 return 0;
63 }
64
65 mutex_lock(&key_user_keyring_mutex);
66 ret = 0;
67
68 if (!user->uid_keyring) {
69
70
71
72
73 sprintf(buf, "_uid.%u", uid);
74
75 uid_keyring = find_keyring_by_name(buf, true);
76 if (IS_ERR(uid_keyring)) {
77 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
78 cred, user_keyring_perm,
79 KEY_ALLOC_UID_KEYRING |
80 KEY_ALLOC_IN_QUOTA,
81 NULL);
82 if (IS_ERR(uid_keyring)) {
83 ret = PTR_ERR(uid_keyring);
84 goto error;
85 }
86 }
87
88
89
90 sprintf(buf, "_uid_ses.%u", uid);
91
92 session_keyring = find_keyring_by_name(buf, true);
93 if (IS_ERR(session_keyring)) {
94 session_keyring =
95 keyring_alloc(buf, user->uid, INVALID_GID,
96 cred, user_keyring_perm,
97 KEY_ALLOC_UID_KEYRING |
98 KEY_ALLOC_IN_QUOTA,
99 NULL);
100 if (IS_ERR(session_keyring)) {
101 ret = PTR_ERR(session_keyring);
102 goto error_release;
103 }
104
105
106
107 ret = key_link(session_keyring, uid_keyring);
108 if (ret < 0)
109 goto error_release_both;
110 }
111
112
113 user->uid_keyring = uid_keyring;
114 user->session_keyring = session_keyring;
115 }
116
117 mutex_unlock(&key_user_keyring_mutex);
118 kleave(" = 0");
119 return 0;
120
121error_release_both:
122 key_put(session_keyring);
123error_release:
124 key_put(uid_keyring);
125error:
126 mutex_unlock(&key_user_keyring_mutex);
127 kleave(" = %d", ret);
128 return ret;
129}
130
131
132
133
134
135
136
137int install_thread_keyring_to_cred(struct cred *new)
138{
139 struct key *keyring;
140
141 if (new->thread_keyring)
142 return 0;
143
144 keyring = keyring_alloc("_tid", new->uid, new->gid, new,
145 KEY_POS_ALL | KEY_USR_VIEW,
146 KEY_ALLOC_QUOTA_OVERRUN, NULL);
147 if (IS_ERR(keyring))
148 return PTR_ERR(keyring);
149
150 new->thread_keyring = keyring;
151 return 0;
152}
153
154
155
156
157
158
159static int install_thread_keyring(void)
160{
161 struct cred *new;
162 int ret;
163
164 new = prepare_creds();
165 if (!new)
166 return -ENOMEM;
167
168 ret = install_thread_keyring_to_cred(new);
169 if (ret < 0) {
170 abort_creds(new);
171 return ret;
172 }
173
174 return commit_creds(new);
175}
176
177
178
179
180
181
182
183int install_process_keyring_to_cred(struct cred *new)
184{
185 struct key *keyring;
186
187 if (new->process_keyring)
188 return 0;
189
190 keyring = keyring_alloc("_pid", new->uid, new->gid, new,
191 KEY_POS_ALL | KEY_USR_VIEW,
192 KEY_ALLOC_QUOTA_OVERRUN, NULL);
193 if (IS_ERR(keyring))
194 return PTR_ERR(keyring);
195
196 new->process_keyring = keyring;
197 return 0;
198}
199
200
201
202
203
204
205static int install_process_keyring(void)
206{
207 struct cred *new;
208 int ret;
209
210 new = prepare_creds();
211 if (!new)
212 return -ENOMEM;
213
214 ret = install_process_keyring_to_cred(new);
215 if (ret < 0) {
216 abort_creds(new);
217 return ret;
218 }
219
220 return commit_creds(new);
221}
222
223
224
225
226
227
228
229
230int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
231{
232 unsigned long flags;
233 struct key *old;
234
235 might_sleep();
236
237
238 if (!keyring) {
239 flags = KEY_ALLOC_QUOTA_OVERRUN;
240 if (cred->session_keyring)
241 flags = KEY_ALLOC_IN_QUOTA;
242
243 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
244 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
245 flags, NULL);
246 if (IS_ERR(keyring))
247 return PTR_ERR(keyring);
248 } else {
249 __key_get(keyring);
250 }
251
252
253 old = cred->session_keyring;
254 rcu_assign_pointer(cred->session_keyring, keyring);
255
256 if (old)
257 key_put(old);
258
259 return 0;
260}
261
262
263
264
265
266
267
268
269static int install_session_keyring(struct key *keyring)
270{
271 struct cred *new;
272 int ret;
273
274 new = prepare_creds();
275 if (!new)
276 return -ENOMEM;
277
278 ret = install_session_keyring_to_cred(new, keyring);
279 if (ret < 0) {
280 abort_creds(new);
281 return ret;
282 }
283
284 return commit_creds(new);
285}
286
287
288
289
290void key_fsuid_changed(struct task_struct *tsk)
291{
292
293 BUG_ON(!tsk->cred);
294 if (tsk->cred->thread_keyring) {
295 down_write(&tsk->cred->thread_keyring->sem);
296 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
297 up_write(&tsk->cred->thread_keyring->sem);
298 }
299}
300
301
302
303
304void key_fsgid_changed(struct task_struct *tsk)
305{
306
307 BUG_ON(!tsk->cred);
308 if (tsk->cred->thread_keyring) {
309 down_write(&tsk->cred->thread_keyring->sem);
310 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
311 up_write(&tsk->cred->thread_keyring->sem);
312 }
313}
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
337{
338 key_ref_t key_ref, ret, err;
339
340
341
342
343
344
345
346
347 key_ref = NULL;
348 ret = NULL;
349 err = ERR_PTR(-EAGAIN);
350
351
352 if (ctx->cred->thread_keyring) {
353 key_ref = keyring_search_aux(
354 make_key_ref(ctx->cred->thread_keyring, 1), ctx);
355 if (!IS_ERR(key_ref))
356 goto found;
357
358 switch (PTR_ERR(key_ref)) {
359 case -EAGAIN:
360 case -ENOKEY:
361 ret = key_ref;
362 break;
363 default:
364 err = key_ref;
365 break;
366 }
367 }
368
369
370 if (ctx->cred->process_keyring) {
371 key_ref = keyring_search_aux(
372 make_key_ref(ctx->cred->process_keyring, 1), ctx);
373 if (!IS_ERR(key_ref))
374 goto found;
375
376 switch (PTR_ERR(key_ref)) {
377 case -EAGAIN:
378 if (ret)
379 break;
380 case -ENOKEY:
381 ret = key_ref;
382 break;
383 default:
384 err = key_ref;
385 break;
386 }
387 }
388
389
390 if (ctx->cred->session_keyring) {
391 rcu_read_lock();
392 key_ref = keyring_search_aux(
393 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
394 ctx);
395 rcu_read_unlock();
396
397 if (!IS_ERR(key_ref))
398 goto found;
399
400 switch (PTR_ERR(key_ref)) {
401 case -EAGAIN:
402 if (ret)
403 break;
404 case -ENOKEY:
405 ret = key_ref;
406 break;
407 default:
408 err = key_ref;
409 break;
410 }
411 }
412
413 else if (ctx->cred->user->session_keyring) {
414 key_ref = keyring_search_aux(
415 make_key_ref(ctx->cred->user->session_keyring, 1),
416 ctx);
417 if (!IS_ERR(key_ref))
418 goto found;
419
420 switch (PTR_ERR(key_ref)) {
421 case -EAGAIN:
422 if (ret)
423 break;
424 case -ENOKEY:
425 ret = key_ref;
426 break;
427 default:
428 err = key_ref;
429 break;
430 }
431 }
432
433
434 key_ref = ret ? ret : err;
435
436found:
437 return key_ref;
438}
439
440
441
442
443
444
445
446
447
448key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
449{
450 struct request_key_auth *rka;
451 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
452
453 might_sleep();
454
455 key_ref = search_my_process_keyrings(ctx);
456 if (!IS_ERR(key_ref))
457 goto found;
458 err = key_ref;
459
460
461
462
463
464 if (ctx->cred->request_key_auth &&
465 ctx->cred == current_cred() &&
466 ctx->index_key.type != &key_type_request_key_auth
467 ) {
468 const struct cred *cred = ctx->cred;
469
470
471 down_read(&cred->request_key_auth->sem);
472
473 if (key_validate(ctx->cred->request_key_auth) == 0) {
474 rka = ctx->cred->request_key_auth->payload.data;
475
476 ctx->cred = rka->cred;
477 key_ref = search_process_keyrings(ctx);
478 ctx->cred = cred;
479
480 up_read(&cred->request_key_auth->sem);
481
482 if (!IS_ERR(key_ref))
483 goto found;
484
485 ret = key_ref;
486 } else {
487 up_read(&cred->request_key_auth->sem);
488 }
489 }
490
491
492 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
493 key_ref = ERR_PTR(-ENOKEY);
494 else if (err == ERR_PTR(-EACCES))
495 key_ref = ret;
496 else
497 key_ref = err;
498
499found:
500 return key_ref;
501}
502
503
504
505
506int lookup_user_key_possessed(const struct key *key, const void *target)
507{
508 return key == target;
509}
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
530 key_perm_t perm)
531{
532 struct keyring_search_context ctx = {
533 .match = lookup_user_key_possessed,
534 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
535 KEYRING_SEARCH_LOOKUP_DIRECT),
536 };
537 struct request_key_auth *rka;
538 struct key *key;
539 key_ref_t key_ref, skey_ref;
540 int ret;
541
542try_again:
543 ctx.cred = get_current_cred();
544 key_ref = ERR_PTR(-ENOKEY);
545
546 switch (id) {
547 case KEY_SPEC_THREAD_KEYRING:
548 if (!ctx.cred->thread_keyring) {
549 if (!(lflags & KEY_LOOKUP_CREATE))
550 goto error;
551
552 ret = install_thread_keyring();
553 if (ret < 0) {
554 key_ref = ERR_PTR(ret);
555 goto error;
556 }
557 goto reget_creds;
558 }
559
560 key = ctx.cred->thread_keyring;
561 __key_get(key);
562 key_ref = make_key_ref(key, 1);
563 break;
564
565 case KEY_SPEC_PROCESS_KEYRING:
566 if (!ctx.cred->process_keyring) {
567 if (!(lflags & KEY_LOOKUP_CREATE))
568 goto error;
569
570 ret = install_process_keyring();
571 if (ret < 0) {
572 key_ref = ERR_PTR(ret);
573 goto error;
574 }
575 goto reget_creds;
576 }
577
578 key = ctx.cred->process_keyring;
579 __key_get(key);
580 key_ref = make_key_ref(key, 1);
581 break;
582
583 case KEY_SPEC_SESSION_KEYRING:
584 if (!ctx.cred->session_keyring) {
585
586
587 ret = install_user_keyrings();
588 if (ret < 0)
589 goto error;
590 if (lflags & KEY_LOOKUP_CREATE)
591 ret = join_session_keyring(NULL);
592 else
593 ret = install_session_keyring(
594 ctx.cred->user->session_keyring);
595
596 if (ret < 0)
597 goto error;
598 goto reget_creds;
599 } else if (ctx.cred->session_keyring ==
600 ctx.cred->user->session_keyring &&
601 lflags & KEY_LOOKUP_CREATE) {
602 ret = join_session_keyring(NULL);
603 if (ret < 0)
604 goto error;
605 goto reget_creds;
606 }
607
608 rcu_read_lock();
609 key = rcu_dereference(ctx.cred->session_keyring);
610 __key_get(key);
611 rcu_read_unlock();
612 key_ref = make_key_ref(key, 1);
613 break;
614
615 case KEY_SPEC_USER_KEYRING:
616 if (!ctx.cred->user->uid_keyring) {
617 ret = install_user_keyrings();
618 if (ret < 0)
619 goto error;
620 }
621
622 key = ctx.cred->user->uid_keyring;
623 __key_get(key);
624 key_ref = make_key_ref(key, 1);
625 break;
626
627 case KEY_SPEC_USER_SESSION_KEYRING:
628 if (!ctx.cred->user->session_keyring) {
629 ret = install_user_keyrings();
630 if (ret < 0)
631 goto error;
632 }
633
634 key = ctx.cred->user->session_keyring;
635 __key_get(key);
636 key_ref = make_key_ref(key, 1);
637 break;
638
639 case KEY_SPEC_GROUP_KEYRING:
640
641 key_ref = ERR_PTR(-EINVAL);
642 goto error;
643
644 case KEY_SPEC_REQKEY_AUTH_KEY:
645 key = ctx.cred->request_key_auth;
646 if (!key)
647 goto error;
648
649 __key_get(key);
650 key_ref = make_key_ref(key, 1);
651 break;
652
653 case KEY_SPEC_REQUESTOR_KEYRING:
654 if (!ctx.cred->request_key_auth)
655 goto error;
656
657 down_read(&ctx.cred->request_key_auth->sem);
658 if (test_bit(KEY_FLAG_REVOKED,
659 &ctx.cred->request_key_auth->flags)) {
660 key_ref = ERR_PTR(-EKEYREVOKED);
661 key = NULL;
662 } else {
663 rka = ctx.cred->request_key_auth->payload.data;
664 key = rka->dest_keyring;
665 __key_get(key);
666 }
667 up_read(&ctx.cred->request_key_auth->sem);
668 if (!key)
669 goto error;
670 key_ref = make_key_ref(key, 1);
671 break;
672
673 default:
674 key_ref = ERR_PTR(-EINVAL);
675 if (id < 1)
676 goto error;
677
678 key = key_lookup(id);
679 if (IS_ERR(key)) {
680 key_ref = ERR_CAST(key);
681 goto error;
682 }
683
684 key_ref = make_key_ref(key, 0);
685
686
687 ctx.index_key.type = key->type;
688 ctx.index_key.description = key->description;
689 ctx.index_key.desc_len = strlen(key->description);
690 ctx.match_data = key;
691 kdebug("check possessed");
692 skey_ref = search_process_keyrings(&ctx);
693 kdebug("possessed=%p", skey_ref);
694
695 if (!IS_ERR(skey_ref)) {
696 key_put(key);
697 key_ref = skey_ref;
698 }
699
700 break;
701 }
702
703
704
705 if (lflags & KEY_LOOKUP_FOR_UNLINK) {
706 ret = 0;
707 goto error;
708 }
709
710 if (!(lflags & KEY_LOOKUP_PARTIAL)) {
711 ret = wait_for_key_construction(key, true);
712 switch (ret) {
713 case -ERESTARTSYS:
714 goto invalid_key;
715 default:
716 if (perm)
717 goto invalid_key;
718 case 0:
719 break;
720 }
721 } else if (perm) {
722 ret = key_validate(key);
723 if (ret < 0)
724 goto invalid_key;
725 }
726
727 ret = -EIO;
728 if (!(lflags & KEY_LOOKUP_PARTIAL) &&
729 key_read_state(key) == KEY_IS_UNINSTANTIATED)
730 goto invalid_key;
731
732
733 ret = key_task_permission(key_ref, ctx.cred, perm);
734 if (ret < 0)
735 goto invalid_key;
736
737 key->last_used_at = current_kernel_time().tv_sec;
738
739error:
740 put_cred(ctx.cred);
741 return key_ref;
742
743invalid_key:
744 key_ref_put(key_ref);
745 key_ref = ERR_PTR(ret);
746 goto error;
747
748
749
750reget_creds:
751 put_cred(ctx.cred);
752 goto try_again;
753}
754EXPORT_SYMBOL(lookup_user_key);
755
756
757
758
759
760
761
762
763
764
765
766
767long join_session_keyring(const char *name)
768{
769 const struct cred *old;
770 struct cred *new;
771 struct key *keyring;
772 long ret, serial;
773
774 new = prepare_creds();
775 if (!new)
776 return -ENOMEM;
777 old = current_cred();
778
779
780 if (!name) {
781 ret = install_session_keyring_to_cred(new, NULL);
782 if (ret < 0)
783 goto error;
784
785 serial = new->session_keyring->serial;
786 ret = commit_creds(new);
787 if (ret == 0)
788 ret = serial;
789 goto okay;
790 }
791
792
793 mutex_lock(&key_session_mutex);
794
795
796 keyring = find_keyring_by_name(name, false);
797 if (PTR_ERR(keyring) == -ENOKEY) {
798
799 keyring = keyring_alloc(
800 name, old->uid, old->gid, old,
801 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
802 KEY_ALLOC_IN_QUOTA, NULL);
803 if (IS_ERR(keyring)) {
804 ret = PTR_ERR(keyring);
805 goto error2;
806 }
807 } else if (IS_ERR(keyring)) {
808 ret = PTR_ERR(keyring);
809 goto error2;
810 } else if (keyring == new->session_keyring) {
811 ret = 0;
812 goto error3;
813 }
814
815
816 ret = install_session_keyring_to_cred(new, keyring);
817 if (ret < 0)
818 goto error3;
819
820 commit_creds(new);
821 mutex_unlock(&key_session_mutex);
822
823 ret = keyring->serial;
824 key_put(keyring);
825okay:
826 return ret;
827
828error3:
829 key_put(keyring);
830error2:
831 mutex_unlock(&key_session_mutex);
832error:
833 abort_creds(new);
834 return ret;
835}
836
837
838
839
840
841void key_change_session_keyring(struct callback_head *twork)
842{
843 const struct cred *old = current_cred();
844 struct cred *new = container_of(twork, struct cred, rcu);
845
846 if (unlikely(current->flags & PF_EXITING)) {
847 put_cred(new);
848 return;
849 }
850
851 new-> uid = old-> uid;
852 new-> euid = old-> euid;
853 new-> suid = old-> suid;
854 new->fsuid = old->fsuid;
855 new-> gid = old-> gid;
856 new-> egid = old-> egid;
857 new-> sgid = old-> sgid;
858 new->fsgid = old->fsgid;
859 new->user = get_uid(old->user);
860 new->user_ns = get_user_ns(old->user_ns);
861 new->group_info = get_group_info(old->group_info);
862
863 new->securebits = old->securebits;
864 new->cap_inheritable = old->cap_inheritable;
865 new->cap_permitted = old->cap_permitted;
866 new->cap_effective = old->cap_effective;
867 new->cap_ambient = old->cap_ambient;
868 new->cap_bset = old->cap_bset;
869
870 new->jit_keyring = old->jit_keyring;
871 new->thread_keyring = key_get(old->thread_keyring);
872 new->process_keyring = key_get(old->process_keyring);
873
874 security_transfer_creds(new, old);
875
876 commit_creds(new);
877}
878
879
880
881
882static int __init init_root_keyring(void)
883{
884 return install_user_keyrings();
885}
886
887late_initcall(init_root_keyring);
888