LXR linux/security/keys/process

   1/* Manage a process's keyrings
   2 *
   3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/sched.h>
  15#include <linux/keyctl.h>
  16#include <linux/fs.h>
  17#include <linux/err.h>
  18#include <linux/mutex.h>
  19#include <linux/security.h>
  20#include <linux/user_namespace.h>
  21#include <asm/uaccess.h>
  22#include "internal.h"
  23
  24/* Session keyring create vs join semaphore */
  25static DEFINE_MUTEX(key_session_mutex);
  26
  27/* User keyring creation semaphore */
  28static DEFINE_MUTEX(key_user_keyring_mutex);
  29
  30/* The root user's tracking struct */
  31struct key_user root_key_user = {
  32        .usage          = ATOMIC_INIT(3),
  33        .cons_lock      = __MUTEX_INITIALIZER(root_key_user.cons_lock),
  34        .lock           = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
  35        .nkeys          = ATOMIC_INIT(2),
  36        .nikeys         = ATOMIC_INIT(2),
  37        .uid            = GLOBAL_ROOT_UID,
  38};
  39
  40/*
  41 * Install the user and user session keyrings for the current process's UID.
  42 */
  43int install_user_keyrings(void)
  44{
  45        struct user_struct *user;
  46        const struct cred *cred;
  47        struct key *uid_keyring, *session_keyring;
  48        key_perm_t user_keyring_perm;
  49        char buf[20];
  50        int ret;
  51        uid_t uid;
  52
  53        user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
  54        cred = current_cred();
  55        user = cred->user;
  56        uid = from_kuid(cred->user_ns, user->uid);
  57
  58        kenter("%p{%u}", user, uid);
  59
  60        if (user->uid_keyring && user->session_keyring) {
  61                kleave(" = 0 [exist]");
  62                return 0;
  63        }
  64
  65        mutex_lock(&key_user_keyring_mutex);
  66        ret = 0;
  67
  68        if (!user->uid_keyring) {
  69                /* get the UID-specific keyring
  70                 * - there may be one in existence already as it may have been
  71                 *   pinned by a session, but the user_struct pointing to it
  72                 *   may have been destroyed by setuid */
  73                sprintf(buf, "_uid.%u", uid);
  74
  75                uid_keyring = find_keyring_by_name(buf, true);
  76                if (IS_ERR(uid_keyring)) {
  77                        uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
  78                                                    cred, user_keyring_perm,
  79                                                    KEY_ALLOC_UID_KEYRING |
  80                                                        KEY_ALLOC_IN_QUOTA,
  81                                                    NULL);
  82                        if (IS_ERR(uid_keyring)) {
  83                                ret = PTR_ERR(uid_keyring);
  84                                goto error;
  85                        }
  86                }
  87
  88                /* get a default session keyring (which might also exist
  89                 * already) */
  90                sprintf(buf, "_uid_ses.%u", uid);
  91
  92                session_keyring = find_keyring_by_name(buf, true);
  93                if (IS_ERR(session_keyring)) {
  94                        session_keyring =
  95                                keyring_alloc(buf, user->uid, INVALID_GID,
  96                                              cred, user_keyring_perm,
  97                                              KEY_ALLOC_UID_KEYRING |
  98                                                  KEY_ALLOC_IN_QUOTA,
  99                                              NULL);
 100                        if (IS_ERR(session_keyring)) {
 101                                ret = PTR_ERR(session_keyring);
 102                                goto error_release;
 103                        }
 104
 105                        /* we install a link from the user session keyring to
 106                         * the user keyring */
 107                        ret = key_link(session_keyring, uid_keyring);
 108                        if (ret < 0)
 109                                goto error_release_both;
 110                }
 111
 112                /* install the keyrings */
 113                user->uid_keyring = uid_keyring;
 114                user->session_keyring = session_keyring;
 115        }
 116
 117        mutex_unlock(&key_user_keyring_mutex);
 118        kleave(" = 0");
 119        return 0;
 120
 121error_release_both:
 122        key_put(session_keyring);
 123error_release:
 124        key_put(uid_keyring);
 125error:
 126        mutex_unlock(&key_user_keyring_mutex);
 127        kleave(" = %d", ret);
 128        return ret;
 129}
 130
 131/*
 132 * Install a thread keyring to the given credentials struct if it didn't have
 133 * one already.  This is allowed to overrun the quota.
 134 *
 135 * Return: 0 if a thread keyring is now present; -errno on failure.
 136 */
 137int install_thread_keyring_to_cred(struct cred *new)
 138{
 139        struct key *keyring;
 140
 141        if (new->thread_keyring)
 142                return 0;
 143
 144        keyring = keyring_alloc("_tid", new->uid, new->gid, new,
 145                                KEY_POS_ALL | KEY_USR_VIEW,
 146                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
 147        if (IS_ERR(keyring))
 148                return PTR_ERR(keyring);
 149
 150        new->thread_keyring = keyring;
 151        return 0;
 152}
 153
 154/*
 155 * Install a thread keyring to the current task if it didn't have one already.
 156 *
 157 * Return: 0 if a thread keyring is now present; -errno on failure.
 158 */
 159static int install_thread_keyring(void)
 160{
 161        struct cred *new;
 162        int ret;
 163
 164        new = prepare_creds();
 165        if (!new)
 166                return -ENOMEM;
 167
 168        ret = install_thread_keyring_to_cred(new);
 169        if (ret < 0) {
 170                abort_creds(new);
 171                return ret;
 172        }
 173
 174        return commit_creds(new);
 175}
 176
 177/*
 178 * Install a process keyring to the given credentials struct if it didn't have
 179 * one already.  This is allowed to overrun the quota.
 180 *
 181 * Return: 0 if a process keyring is now present; -errno on failure.
 182 */
 183int install_process_keyring_to_cred(struct cred *new)
 184{
 185        struct key *keyring;
 186
 187        if (new->process_keyring)
 188                return 0;
 189
 190        keyring = keyring_alloc("_pid", new->uid, new->gid, new,
 191                                KEY_POS_ALL | KEY_USR_VIEW,
 192                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
 193        if (IS_ERR(keyring))
 194                return PTR_ERR(keyring);
 195
 196        new->process_keyring = keyring;
 197        return 0;
 198}
 199
 200/*
 201 * Install a process keyring to the current task if it didn't have one already.
 202 *
 203 * Return: 0 if a process keyring is now present; -errno on failure.
 204 */
 205static int install_process_keyring(void)
 206{
 207        struct cred *new;
 208        int ret;
 209
 210        new = prepare_creds();
 211        if (!new)
 212                return -ENOMEM;
 213
 214        ret = install_process_keyring_to_cred(new);
 215        if (ret < 0) {
 216                abort_creds(new);
 217                return ret;
 218        }
 219
 220        return commit_creds(new);
 221}
 222
 223/*
 224 * Install the given keyring as the session keyring of the given credentials
 225 * struct, replacing the existing one if any.  If the given keyring is NULL,
 226 * then install a new anonymous session keyring.
 227 *
 228 * Return: 0 on success; -errno on failure.
 229 */
 230int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
 231{
 232        unsigned long flags;
 233        struct key *old;
 234
 235        might_sleep();
 236
 237        /* create an empty session keyring */
 238        if (!keyring) {
 239                flags = KEY_ALLOC_QUOTA_OVERRUN;
 240                if (cred->session_keyring)
 241                        flags = KEY_ALLOC_IN_QUOTA;
 242
 243                keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
 244                                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
 245                                        flags, NULL);
 246                if (IS_ERR(keyring))
 247                        return PTR_ERR(keyring);
 248        } else {
 249                __key_get(keyring);
 250        }
 251
 252        /* install the keyring */
 253        old = cred->session_keyring;
 254        rcu_assign_pointer(cred->session_keyring, keyring);
 255
 256        if (old)
 257                key_put(old);
 258
 259        return 0;
 260}
 261
 262/*
 263 * Install the given keyring as the session keyring of the current task,
 264 * replacing the existing one if any.  If the given keyring is NULL, then
 265 * install a new anonymous session keyring.
 266 *
 267 * Return: 0 on success; -errno on failure.
 268 */
 269static int install_session_keyring(struct key *keyring)
 270{
 271        struct cred *new;
 272        int ret;
 273
 274        new = prepare_creds();
 275        if (!new)
 276                return -ENOMEM;
 277
 278        ret = install_session_keyring_to_cred(new, keyring);
 279        if (ret < 0) {
 280                abort_creds(new);
 281                return ret;
 282        }
 283
 284        return commit_creds(new);
 285}
 286
 287/*
 288 * Handle the fsuid changing.
 289 */
 290void key_fsuid_changed(struct task_struct *tsk)
 291{
 292        /* update the ownership of the thread keyring */
 293        BUG_ON(!tsk->cred);
 294        if (tsk->cred->thread_keyring) {
 295                down_write(&tsk->cred->thread_keyring->sem);
 296                tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
 297                up_write(&tsk->cred->thread_keyring->sem);
 298        }
 299}
 300
 301/*
 302 * Handle the fsgid changing.
 303 */
 304void key_fsgid_changed(struct task_struct *tsk)
 305{
 306        /* update the ownership of the thread keyring */
 307        BUG_ON(!tsk->cred);
 308        if (tsk->cred->thread_keyring) {
 309                down_write(&tsk->cred->thread_keyring->sem);
 310                tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
 311                up_write(&tsk->cred->thread_keyring->sem);
 312        }
 313}
 314
 315/*
 316 * Search the process keyrings attached to the supplied cred for the first
 317 * matching key.
 318 *
 319 * The search criteria are the type and the match function.  The description is
 320 * given to the match function as a parameter, but doesn't otherwise influence
 321 * the search.  Typically the match function will compare the description
 322 * parameter to the key's description.
 323 *
 324 * This can only search keyrings that grant Search permission to the supplied
 325 * credentials.  Keyrings linked to searched keyrings will also be searched if
 326 * they grant Search permission too.  Keys can only be found if they grant
 327 * Search permission to the credentials.
 328 *
 329 * Returns a pointer to the key with the key usage count incremented if
 330 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
 331 * matched negative keys.
 332 *
 333 * In the case of a successful return, the possession attribute is set on the
 334 * returned key reference.
 335 */
 336key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
 337{
 338        key_ref_t key_ref, ret, err;
 339
 340        /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
 341         * searchable, but we failed to find a key or we found a negative key;
 342         * otherwise we want to return a sample error (probably -EACCES) if
 343         * none of the keyrings were searchable
 344         *
 345         * in terms of priority: success > -ENOKEY > -EAGAIN > other error
 346         */
 347        key_ref = NULL;
 348        ret = NULL;
 349        err = ERR_PTR(-EAGAIN);
 350
 351        /* search the thread keyring first */
 352        if (ctx->cred->thread_keyring) {
 353                key_ref = keyring_search_aux(
 354                        make_key_ref(ctx->cred->thread_keyring, 1), ctx);
 355                if (!IS_ERR(key_ref))
 356                        goto found;
 357
 358                switch (PTR_ERR(key_ref)) {
 359                case -EAGAIN: /* no key */
 360                case -ENOKEY: /* negative key */
 361                        ret = key_ref;
 362                        break;
 363                default:
 364                        err = key_ref;
 365                        break;
 366                }
 367        }
 368
 369        /* search the process keyring second */
 370        if (ctx->cred->process_keyring) {
 371                key_ref = keyring_search_aux(
 372                        make_key_ref(ctx->cred->process_keyring, 1), ctx);
 373                if (!IS_ERR(key_ref))
 374                        goto found;
 375
 376                switch (PTR_ERR(key_ref)) {
 377                case -EAGAIN: /* no key */
 378                        if (ret)
 379                                break;
 380                case -ENOKEY: /* negative key */
 381                        ret = key_ref;
 382                        break;
 383                default:
 384                        err = key_ref;
 385                        break;
 386                }
 387        }
 388
 389        /* search the session keyring */
 390        if (ctx->cred->session_keyring) {
 391                rcu_read_lock();
 392                key_ref = keyring_search_aux(
 393                        make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
 394                        ctx);
 395                rcu_read_unlock();
 396
 397                if (!IS_ERR(key_ref))
 398                        goto found;
 399
 400                switch (PTR_ERR(key_ref)) {
 401                case -EAGAIN: /* no key */
 402                        if (ret)
 403                                break;
 404                case -ENOKEY: /* negative key */
 405                        ret = key_ref;
 406                        break;
 407                default:
 408                        err = key_ref;
 409                        break;
 410                }
 411        }
 412        /* or search the user-session keyring */
 413        else if (ctx->cred->user->session_keyring) {
 414                key_ref = keyring_search_aux(
 415                        make_key_ref(ctx->cred->user->session_keyring, 1),
 416                        ctx);
 417                if (!IS_ERR(key_ref))
 418                        goto found;
 419
 420                switch (PTR_ERR(key_ref)) {
 421                case -EAGAIN: /* no key */
 422                        if (ret)
 423                                break;
 424                case -ENOKEY: /* negative key */
 425                        ret = key_ref;
 426                        break;
 427                default:
 428                        err = key_ref;
 429                        break;
 430                }
 431        }
 432
 433        /* no key - decide on the error we're going to go for */
 434        key_ref = ret ? ret : err;
 435
 436found:
 437        return key_ref;
 438}
 439
 440/*
 441 * Search the process keyrings attached to the supplied cred for the first
 442 * matching key in the manner of search_my_process_keyrings(), but also search
 443 * the keys attached to the assumed authorisation key using its credentials if
 444 * one is available.
 445 *
 446 * Return same as search_my_process_keyrings().
 447 */
 448key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
 449{
 450        struct request_key_auth *rka;
 451        key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
 452
 453        might_sleep();
 454
 455        key_ref = search_my_process_keyrings(ctx);
 456        if (!IS_ERR(key_ref))
 457                goto found;
 458        err = key_ref;
 459
 460        /* if this process has an instantiation authorisation key, then we also
 461         * search the keyrings of the process mentioned there
 462         * - we don't permit access to request_key auth keys via this method
 463         */
 464        if (ctx->cred->request_key_auth &&
 465            ctx->cred == current_cred() &&
 466            ctx->index_key.type != &key_type_request_key_auth
 467            ) {
 468                const struct cred *cred = ctx->cred;
 469
 470                /* defend against the auth key being revoked */
 471                down_read(&cred->request_key_auth->sem);
 472
 473                if (key_validate(ctx->cred->request_key_auth) == 0) {
 474                        rka = ctx->cred->request_key_auth->payload.data;
 475
 476                        ctx->cred = rka->cred;
 477                        key_ref = search_process_keyrings(ctx);
 478                        ctx->cred = cred;
 479
 480                        up_read(&cred->request_key_auth->sem);
 481
 482                        if (!IS_ERR(key_ref))
 483                                goto found;
 484
 485                        ret = key_ref;
 486                } else {
 487                        up_read(&cred->request_key_auth->sem);
 488                }
 489        }
 490
 491        /* no key - decide on the error we're going to go for */
 492        if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
 493                key_ref = ERR_PTR(-ENOKEY);
 494        else if (err == ERR_PTR(-EACCES))
 495                key_ref = ret;
 496        else
 497                key_ref = err;
 498
 499found:
 500        return key_ref;
 501}
 502
 503/*
 504 * See if the key we're looking at is the target key.
 505 */
 506int lookup_user_key_possessed(const struct key *key, const void *target)
 507{
 508        return key == target;
 509}
 510
 511/*
 512 * Look up a key ID given us by userspace with a given permissions mask to get
 513 * the key it refers to.
 514 *
 515 * Flags can be passed to request that special keyrings be created if referred
 516 * to directly, to permit partially constructed keys to be found and to skip
 517 * validity and permission checks on the found key.
 518 *
 519 * Returns a pointer to the key with an incremented usage count if successful;
 520 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
 521 * to a key or the best found key was a negative key; -EKEYREVOKED or
 522 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
 523 * found key doesn't grant the requested permit or the LSM denied access to it;
 524 * or -ENOMEM if a special keyring couldn't be created.
 525 *
 526 * In the case of a successful return, the possession attribute is set on the
 527 * returned key reference.
 528 */
 529key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 530                          key_perm_t perm)
 531{
 532        struct keyring_search_context ctx = {
 533                .match  = lookup_user_key_possessed,
 534                .flags  = (KEYRING_SEARCH_NO_STATE_CHECK |
 535                           KEYRING_SEARCH_LOOKUP_DIRECT),
 536        };
 537        struct request_key_auth *rka;
 538        struct key *key;
 539        key_ref_t key_ref, skey_ref;
 540        int ret;
 541
 542try_again:
 543        ctx.cred = get_current_cred();
 544        key_ref = ERR_PTR(-ENOKEY);
 545
 546        switch (id) {
 547        case KEY_SPEC_THREAD_KEYRING:
 548                if (!ctx.cred->thread_keyring) {
 549                        if (!(lflags & KEY_LOOKUP_CREATE))
 550                                goto error;
 551
 552                        ret = install_thread_keyring();
 553                        if (ret < 0) {
 554                                key_ref = ERR_PTR(ret);
 555                                goto error;
 556                        }
 557                        goto reget_creds;
 558                }
 559
 560                key = ctx.cred->thread_keyring;
 561                __key_get(key);
 562                key_ref = make_key_ref(key, 1);
 563                break;
 564
 565        case KEY_SPEC_PROCESS_KEYRING:
 566                if (!ctx.cred->process_keyring) {
 567                        if (!(lflags & KEY_LOOKUP_CREATE))
 568                                goto error;
 569
 570                        ret = install_process_keyring();
 571                        if (ret < 0) {
 572                                key_ref = ERR_PTR(ret);
 573                                goto error;
 574                        }
 575                        goto reget_creds;
 576                }
 577
 578                key = ctx.cred->process_keyring;
 579                __key_get(key);
 580                key_ref = make_key_ref(key, 1);
 581                break;
 582
 583        case KEY_SPEC_SESSION_KEYRING:
 584                if (!ctx.cred->session_keyring) {
 585                        /* always install a session keyring upon access if one
 586                         * doesn't exist yet */
 587                        ret = install_user_keyrings();
 588                        if (ret < 0)
 589                                goto error;
 590                        if (lflags & KEY_LOOKUP_CREATE)
 591                                ret = join_session_keyring(NULL);
 592                        else
 593                                ret = install_session_keyring(
 594                                        ctx.cred->user->session_keyring);
 595
 596                        if (ret < 0)
 597                                goto error;
 598                        goto reget_creds;
 599                } else if (ctx.cred->session_keyring ==
 600                           ctx.cred->user->session_keyring &&
 601                           lflags & KEY_LOOKUP_CREATE) {
 602                        ret = join_session_keyring(NULL);
 603                        if (ret < 0)
 604                                goto error;
 605                        goto reget_creds;
 606                }
 607
 608                rcu_read_lock();
 609                key = rcu_dereference(ctx.cred->session_keyring);
 610                __key_get(key);
 611                rcu_read_unlock();
 612                key_ref = make_key_ref(key, 1);
 613                break;
 614
 615        case KEY_SPEC_USER_KEYRING:
 616                if (!ctx.cred->user->uid_keyring) {
 617                        ret = install_user_keyrings();
 618                        if (ret < 0)
 619                                goto error;
 620                }
 621
 622                key = ctx.cred->user->uid_keyring;
 623                __key_get(key);
 624                key_ref = make_key_ref(key, 1);
 625                break;
 626
 627        case KEY_SPEC_USER_SESSION_KEYRING:
 628                if (!ctx.cred->user->session_keyring) {
 629                        ret = install_user_keyrings();
 630                        if (ret < 0)
 631                                goto error;
 632                }
 633
 634                key = ctx.cred->user->session_keyring;
 635                __key_get(key);
 636                key_ref = make_key_ref(key, 1);
 637                break;
 638
 639        case KEY_SPEC_GROUP_KEYRING:
 640                /* group keyrings are not yet supported */
 641                key_ref = ERR_PTR(-EINVAL);
 642                goto error;
 643
 644        case KEY_SPEC_REQKEY_AUTH_KEY:
 645                key = ctx.cred->request_key_auth;
 646                if (!key)
 647                        goto error;
 648
 649                __key_get(key);
 650                key_ref = make_key_ref(key, 1);
 651                break;
 652
 653        case KEY_SPEC_REQUESTOR_KEYRING:
 654                if (!ctx.cred->request_key_auth)
 655                        goto error;
 656
 657                down_read(&ctx.cred->request_key_auth->sem);
 658                if (test_bit(KEY_FLAG_REVOKED,
 659                             &ctx.cred->request_key_auth->flags)) {
 660                        key_ref = ERR_PTR(-EKEYREVOKED);
 661                        key = NULL;
 662                } else {
 663                        rka = ctx.cred->request_key_auth->payload.data;
 664                        key = rka->dest_keyring;
 665                        __key_get(key);
 666                }
 667                up_read(&ctx.cred->request_key_auth->sem);
 668                if (!key)
 669                        goto error;
 670                key_ref = make_key_ref(key, 1);
 671                break;
 672
 673        default:
 674                key_ref = ERR_PTR(-EINVAL);
 675                if (id < 1)
 676                        goto error;
 677
 678                key = key_lookup(id);
 679                if (IS_ERR(key)) {
 680                        key_ref = ERR_CAST(key);
 681                        goto error;
 682                }
 683
 684                key_ref = make_key_ref(key, 0);
 685
 686                /* check to see if we possess the key */
 687                ctx.index_key.type              = key->type;
 688                ctx.index_key.description       = key->description;
 689                ctx.index_key.desc_len          = strlen(key->description);
 690                ctx.match_data                  = key;
 691                kdebug("check possessed");
 692                skey_ref = search_process_keyrings(&ctx);
 693                kdebug("possessed=%p", skey_ref);
 694
 695                if (!IS_ERR(skey_ref)) {
 696                        key_put(key);
 697                        key_ref = skey_ref;
 698                }
 699
 700                break;
 701        }
 702
 703        /* unlink does not use the nominated key in any way, so can skip all
 704         * the permission checks as it is only concerned with the keyring */
 705        if (lflags & KEY_LOOKUP_FOR_UNLINK) {
 706                ret = 0;
 707                goto error;
 708        }
 709
 710        if (!(lflags & KEY_LOOKUP_PARTIAL)) {
 711                ret = wait_for_key_construction(key, true);
 712                switch (ret) {
 713                case -ERESTARTSYS:
 714                        goto invalid_key;
 715                default:
 716                        if (perm)
 717                                goto invalid_key;
 718                case 0:
 719                        break;
 720                }
 721        } else if (perm) {
 722                ret = key_validate(key);
 723                if (ret < 0)
 724                        goto invalid_key;
 725        }
 726
 727        ret = -EIO;
 728        if (!(lflags & KEY_LOOKUP_PARTIAL) &&
 729            key_read_state(key) == KEY_IS_UNINSTANTIATED)
 730                goto invalid_key;
 731
 732        /* check the permissions */
 733        ret = key_task_permission(key_ref, ctx.cred, perm);
 734        if (ret < 0)
 735                goto invalid_key;
 736
 737        key->last_used_at = current_kernel_time().tv_sec;
 738
 739error:
 740        put_cred(ctx.cred);
 741        return key_ref;
 742
 743invalid_key:
 744        key_ref_put(key_ref);
 745        key_ref = ERR_PTR(ret);
 746        goto error;
 747
 748        /* if we attempted to install a keyring, then it may have caused new
 749         * creds to be installed */
 750reget_creds:
 751        put_cred(ctx.cred);
 752        goto try_again;
 753}
 754
 755/*
 756 * Join the named keyring as the session keyring if possible else attempt to
 757 * create a new one of that name and join that.
 758 *
 759 * If the name is NULL, an empty anonymous keyring will be installed as the
 760 * session keyring.
 761 *
 762 * Named session keyrings are joined with a semaphore held to prevent the
 763 * keyrings from going away whilst the attempt is made to going them and also
 764 * to prevent a race in creating compatible session keyrings.
 765 */
 766long join_session_keyring(const char *name)
 767{
 768        const struct cred *old;
 769        struct cred *new;
 770        struct key *keyring;
 771        long ret, serial;
 772
 773        new = prepare_creds();
 774        if (!new)
 775                return -ENOMEM;
 776        old = current_cred();
 777
 778        /* if no name is provided, install an anonymous keyring */
 779        if (!name) {
 780                ret = install_session_keyring_to_cred(new, NULL);
 781                if (ret < 0)
 782                        goto error;
 783
 784                serial = new->session_keyring->serial;
 785                ret = commit_creds(new);
 786                if (ret == 0)
 787                        ret = serial;
 788                goto okay;
 789        }
 790
 791        /* allow the user to join or create a named keyring */
 792        mutex_lock(&key_session_mutex);
 793
 794        /* look for an existing keyring of this name */
 795        keyring = find_keyring_by_name(name, false);
 796        if (PTR_ERR(keyring) == -ENOKEY) {
 797                /* not found - try and create a new one */
 798                keyring = keyring_alloc(
 799                        name, old->uid, old->gid, old,
 800                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
 801                        KEY_ALLOC_IN_QUOTA, NULL);
 802                if (IS_ERR(keyring)) {
 803                        ret = PTR_ERR(keyring);
 804                        goto error2;
 805                }
 806        } else if (IS_ERR(keyring)) {
 807                ret = PTR_ERR(keyring);
 808                goto error2;
 809        } else if (keyring == new->session_keyring) {
 810                ret = 0;
 811                goto error3;
 812        }
 813
 814        /* we've got a keyring - now to install it */
 815        ret = install_session_keyring_to_cred(new, keyring);
 816        if (ret < 0)
 817                goto error3;
 818
 819        commit_creds(new);
 820        mutex_unlock(&key_session_mutex);
 821
 822        ret = keyring->serial;
 823        key_put(keyring);
 824okay:
 825        return ret;
 826
 827error3:
 828        key_put(keyring);
 829error2:
 830        mutex_unlock(&key_session_mutex);
 831error:
 832        abort_creds(new);
 833        return ret;
 834}
 835
 836/*
 837 * Replace a process's session keyring on behalf of one of its children when
 838 * the target  process is about to resume userspace execution.
 839 */
 840void key_change_session_keyring(struct callback_head *twork)
 841{
 842        const struct cred *old = current_cred();
 843        struct cred *new = container_of(twork, struct cred, rcu);
 844
 845        if (unlikely(current->flags & PF_EXITING)) {
 846                put_cred(new);
 847                return;
 848        }
 849
 850        new->  uid      = old->  uid;
 851        new-> euid      = old-> euid;
 852        new-> suid      = old-> suid;
 853        new->fsuid      = old->fsuid;
 854        new->  gid      = old->  gid;
 855        new-> egid      = old-> egid;
 856        new-> sgid      = old-> sgid;
 857        new->fsgid      = old->fsgid;
 858        new->user       = get_uid(old->user);
 859        new->user_ns    = get_user_ns(old->user_ns);
 860        new->group_info = get_group_info(old->group_info);
 861
 862        new->securebits = old->securebits;
 863        new->cap_inheritable    = old->cap_inheritable;
 864        new->cap_permitted      = old->cap_permitted;
 865        new->cap_effective      = old->cap_effective;
 866        new->cap_ambient        = old->cap_ambient;
 867        new->cap_bset           = old->cap_bset;
 868
 869        new->jit_keyring        = old->jit_keyring;
 870        new->thread_keyring     = key_get(old->thread_keyring);
 871        new->process_keyring    = key_get(old->process_keyring);
 872
 873        security_transfer_creds(new, old);
 874
 875        commit_creds(new);
 876}
 877
 878/*
 879 * Make sure that root's user and user-session keyrings exist.
 880 */
 881static int __init init_root_keyring(void)
 882{
 883        return install_user_keyrings();
 884}
 885
 886late_initcall(init_root_keyring);
 887