linux/security/keys/process_keys.c
<<
>>
Prefs 
   1/* Manage a process's keyrings
   2 *
   3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/sched.h>
  15#include <linux/sched/user.h>
  16#include <linux/keyctl.h>
  17#include <linux/fs.h>
  18#include <linux/err.h>
  19#include <linux/mutex.h>
  20#include <linux/security.h>
  21#include <linux/user_namespace.h>
  22#include <linux/uaccess.h>
  23#include "internal.h"
  24
  25/* Session keyring create vs join semaphore */
  26static DEFINE_MUTEX(key_session_mutex);
  27
  28/* User keyring creation semaphore */
  29static DEFINE_MUTEX(key_user_keyring_mutex);
  30
  31/* The root user's tracking struct */
  32struct key_user root_key_user = {
  33        .usage          = REFCOUNT_INIT(3),
  34        .cons_lock      = __MUTEX_INITIALIZER(root_key_user.cons_lock),
  35        .lock           = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
  36        .nkeys          = ATOMIC_INIT(2),
  37        .nikeys         = ATOMIC_INIT(2),
  38        .uid            = GLOBAL_ROOT_UID,
  39};
  40
  41/*
  42 * Install the user and user session keyrings for the current process's UID.
  43 */
  44int install_user_keyrings(void)
  45{
  46        struct user_struct *user;
  47        const struct cred *cred;
  48        struct key *uid_keyring, *session_keyring;
  49        key_perm_t user_keyring_perm;
  50        char buf[20];
  51        int ret;
  52        uid_t uid;
  53
  54        user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
  55        cred = current_cred();
  56        user = cred->user;
  57        uid = from_kuid(cred->user_ns, user->uid);
  58
  59        kenter("%p{%u}", user, uid);
  60
  61        if (user->uid_keyring && user->session_keyring) {
  62                kleave(" = 0 [exist]");
  63                return 0;
  64        }
  65
  66        mutex_lock(&key_user_keyring_mutex);
  67        ret = 0;
  68
  69        if (!user->uid_keyring) {
  70                /* get the UID-specific keyring
  71                 * - there may be one in existence already as it may have been
  72                 *   pinned by a session, but the user_struct pointing to it
  73                 *   may have been destroyed by setuid */
  74                sprintf(buf, "_uid.%u", uid);
  75
  76                uid_keyring = find_keyring_by_name(buf, true);
  77                if (IS_ERR(uid_keyring)) {
  78                        uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
  79                                                    cred, user_keyring_perm,
  80                                                    KEY_ALLOC_UID_KEYRING |
  81                                                        KEY_ALLOC_IN_QUOTA,
  82                                                    NULL, NULL);
  83                        if (IS_ERR(uid_keyring)) {
  84                                ret = PTR_ERR(uid_keyring);
  85                                goto error;
  86                        }
  87                }
  88
  89                /* get a default session keyring (which might also exist
  90                 * already) */
  91                sprintf(buf, "_uid_ses.%u", uid);
  92
  93                session_keyring = find_keyring_by_name(buf, true);
  94                if (IS_ERR(session_keyring)) {
  95                        session_keyring =
  96                                keyring_alloc(buf, user->uid, INVALID_GID,
  97                                              cred, user_keyring_perm,
  98                                              KEY_ALLOC_UID_KEYRING |
  99                                                  KEY_ALLOC_IN_QUOTA,
 100                                              NULL, NULL);
 101                        if (IS_ERR(session_keyring)) {
 102                                ret = PTR_ERR(session_keyring);
 103                                goto error_release;
 104                        }
 105
 106                        /* we install a link from the user session keyring to
 107                         * the user keyring */
 108                        ret = key_link(session_keyring, uid_keyring);
 109                        if (ret < 0)
 110                                goto error_release_both;
 111                }
 112
 113                /* install the keyrings */
 114                user->uid_keyring = uid_keyring;
 115                user->session_keyring = session_keyring;
 116        }
 117
 118        mutex_unlock(&key_user_keyring_mutex);
 119        kleave(" = 0");
 120        return 0;
 121
 122error_release_both:
 123        key_put(session_keyring);
 124error_release:
 125        key_put(uid_keyring);
 126error:
 127        mutex_unlock(&key_user_keyring_mutex);
 128        kleave(" = %d", ret);
 129        return ret;
 130}
 131
 132/*
 133 * Install a thread keyring to the given credentials struct if it didn't have
 134 * one already.  This is allowed to overrun the quota.
 135 *
 136 * Return: 0 if a thread keyring is now present; -errno on failure.
 137 */
 138int install_thread_keyring_to_cred(struct cred *new)
 139{
 140        struct key *keyring;
 141
 142        if (new->thread_keyring)
 143                return 0;
 144
 145        keyring = keyring_alloc("_tid", new->uid, new->gid, new,
 146                                KEY_POS_ALL | KEY_USR_VIEW,
 147                                KEY_ALLOC_QUOTA_OVERRUN,
 148                                NULL, NULL);
 149        if (IS_ERR(keyring))
 150                return PTR_ERR(keyring);
 151
 152        new->thread_keyring = keyring;
 153        return 0;
 154}
 155
 156/*
 157 * Install a thread keyring to the current task if it didn't have one already.
 158 *
 159 * Return: 0 if a thread keyring is now present; -errno on failure.
 160 */
 161static int install_thread_keyring(void)
 162{
 163        struct cred *new;
 164        int ret;
 165
 166        new = prepare_creds();
 167        if (!new)
 168                return -ENOMEM;
 169
 170        ret = install_thread_keyring_to_cred(new);
 171        if (ret < 0) {
 172                abort_creds(new);
 173                return ret;
 174        }
 175
 176        return commit_creds(new);
 177}
 178
 179/*
 180 * Install a process keyring to the given credentials struct if it didn't have
 181 * one already.  This is allowed to overrun the quota.
 182 *
 183 * Return: 0 if a process keyring is now present; -errno on failure.
 184 */
 185int install_process_keyring_to_cred(struct cred *new)
 186{
 187        struct key *keyring;
 188
 189        if (new->process_keyring)
 190                return 0;
 191
 192        keyring = keyring_alloc("_pid", new->uid, new->gid, new,
 193                                KEY_POS_ALL | KEY_USR_VIEW,
 194                                KEY_ALLOC_QUOTA_OVERRUN,
 195                                NULL, NULL);
 196        if (IS_ERR(keyring))
 197                return PTR_ERR(keyring);
 198
 199        new->process_keyring = keyring;
 200        return 0;
 201}
 202
 203/*
 204 * Install a process keyring to the current task if it didn't have one already.
 205 *
 206 * Return: 0 if a process keyring is now present; -errno on failure.
 207 */
 208static int install_process_keyring(void)
 209{
 210        struct cred *new;
 211        int ret;
 212
 213        new = prepare_creds();
 214        if (!new)
 215                return -ENOMEM;
 216
 217        ret = install_process_keyring_to_cred(new);
 218        if (ret < 0) {
 219                abort_creds(new);
 220                return ret;
 221        }
 222
 223        return commit_creds(new);
 224}
 225
 226/*
 227 * Install the given keyring as the session keyring of the given credentials
 228 * struct, replacing the existing one if any.  If the given keyring is NULL,
 229 * then install a new anonymous session keyring.
 230 *
 231 * Return: 0 on success; -errno on failure.
 232 */
 233int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
 234{
 235        unsigned long flags;
 236        struct key *old;
 237
 238        might_sleep();
 239
 240        /* create an empty session keyring */
 241        if (!keyring) {
 242                flags = KEY_ALLOC_QUOTA_OVERRUN;
 243                if (cred->session_keyring)
 244                        flags = KEY_ALLOC_IN_QUOTA;
 245
 246                keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
 247                                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
 248                                        flags, NULL, NULL);
 249                if (IS_ERR(keyring))
 250                        return PTR_ERR(keyring);
 251        } else {
 252                __key_get(keyring);
 253        }
 254
 255        /* install the keyring */
 256        old = cred->session_keyring;
 257        rcu_assign_pointer(cred->session_keyring, keyring);
 258
 259        if (old)
 260                key_put(old);
 261
 262        return 0;
 263}
 264
 265/*
 266 * Install the given keyring as the session keyring of the current task,
 267 * replacing the existing one if any.  If the given keyring is NULL, then
 268 * install a new anonymous session keyring.
 269 *
 270 * Return: 0 on success; -errno on failure.
 271 */
 272static int install_session_keyring(struct key *keyring)
 273{
 274        struct cred *new;
 275        int ret;
 276
 277        new = prepare_creds();
 278        if (!new)
 279                return -ENOMEM;
 280
 281        ret = install_session_keyring_to_cred(new, keyring);
 282        if (ret < 0) {
 283                abort_creds(new);
 284                return ret;
 285        }
 286
 287        return commit_creds(new);
 288}
 289
 290/*
 291 * Handle the fsuid changing.
 292 */
 293void key_fsuid_changed(struct task_struct *tsk)
 294{
 295        /* update the ownership of the thread keyring */
 296        BUG_ON(!tsk->cred);
 297        if (tsk->cred->thread_keyring) {
 298                down_write(&tsk->cred->thread_keyring->sem);
 299                tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
 300                up_write(&tsk->cred->thread_keyring->sem);
 301        }
 302}
 303
 304/*
 305 * Handle the fsgid changing.
 306 */
 307void key_fsgid_changed(struct task_struct *tsk)
 308{
 309        /* update the ownership of the thread keyring */
 310        BUG_ON(!tsk->cred);
 311        if (tsk->cred->thread_keyring) {
 312                down_write(&tsk->cred->thread_keyring->sem);
 313                tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
 314                up_write(&tsk->cred->thread_keyring->sem);
 315        }
 316}
 317
 318/*
 319 * Search the process keyrings attached to the supplied cred for the first
 320 * matching key.
 321 *
 322 * The search criteria are the type and the match function.  The description is
 323 * given to the match function as a parameter, but doesn't otherwise influence
 324 * the search.  Typically the match function will compare the description
 325 * parameter to the key's description.
 326 *
 327 * This can only search keyrings that grant Search permission to the supplied
 328 * credentials.  Keyrings linked to searched keyrings will also be searched if
 329 * they grant Search permission too.  Keys can only be found if they grant
 330 * Search permission to the credentials.
 331 *
 332 * Returns a pointer to the key with the key usage count incremented if
 333 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
 334 * matched negative keys.
 335 *
 336 * In the case of a successful return, the possession attribute is set on the
 337 * returned key reference.
 338 */
 339key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
 340{
 341        key_ref_t key_ref, ret, err;
 342
 343        /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
 344         * searchable, but we failed to find a key or we found a negative key;
 345         * otherwise we want to return a sample error (probably -EACCES) if
 346         * none of the keyrings were searchable
 347         *
 348         * in terms of priority: success > -ENOKEY > -EAGAIN > other error
 349         */
 350        key_ref = NULL;
 351        ret = NULL;
 352        err = ERR_PTR(-EAGAIN);
 353
 354        /* search the thread keyring first */
 355        if (ctx->cred->thread_keyring) {
 356                key_ref = keyring_search_aux(
 357                        make_key_ref(ctx->cred->thread_keyring, 1), ctx);
 358                if (!IS_ERR(key_ref))
 359                        goto found;
 360
 361                switch (PTR_ERR(key_ref)) {
 362                case -EAGAIN: /* no key */
 363                case -ENOKEY: /* negative key */
 364                        ret = key_ref;
 365                        break;
 366                default:
 367                        err = key_ref;
 368                        break;
 369                }
 370        }
 371
 372        /* search the process keyring second */
 373        if (ctx->cred->process_keyring) {
 374                key_ref = keyring_search_aux(
 375                        make_key_ref(ctx->cred->process_keyring, 1), ctx);
 376                if (!IS_ERR(key_ref))
 377                        goto found;
 378
 379                switch (PTR_ERR(key_ref)) {
 380                case -EAGAIN: /* no key */
 381                        if (ret)
 382                                break;
 383                case -ENOKEY: /* negative key */
 384                        ret = key_ref;
 385                        break;
 386                default:
 387                        err = key_ref;
 388                        break;
 389                }
 390        }
 391
 392        /* search the session keyring */
 393        if (ctx->cred->session_keyring) {
 394                rcu_read_lock();
 395                key_ref = keyring_search_aux(
 396                        make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
 397                        ctx);
 398                rcu_read_unlock();
 399
 400                if (!IS_ERR(key_ref))
 401                        goto found;
 402
 403                switch (PTR_ERR(key_ref)) {
 404                case -EAGAIN: /* no key */
 405                        if (ret)
 406                                break;
 407                case -ENOKEY: /* negative key */
 408                        ret = key_ref;
 409                        break;
 410                default:
 411                        err = key_ref;
 412                        break;
 413                }
 414        }
 415        /* or search the user-session keyring */
 416        else if (ctx->cred->user->session_keyring) {
 417                key_ref = keyring_search_aux(
 418                        make_key_ref(ctx->cred->user->session_keyring, 1),
 419                        ctx);
 420                if (!IS_ERR(key_ref))
 421                        goto found;
 422
 423                switch (PTR_ERR(key_ref)) {
 424                case -EAGAIN: /* no key */
 425                        if (ret)
 426                                break;
 427                case -ENOKEY: /* negative key */
 428                        ret = key_ref;
 429                        break;
 430                default:
 431                        err = key_ref;
 432                        break;
 433                }
 434        }
 435
 436        /* no key - decide on the error we're going to go for */
 437        key_ref = ret ? ret : err;
 438
 439found:
 440        return key_ref;
 441}
 442
 443/*
 444 * Search the process keyrings attached to the supplied cred for the first
 445 * matching key in the manner of search_my_process_keyrings(), but also search
 446 * the keys attached to the assumed authorisation key using its credentials if
 447 * one is available.
 448 *
 449 * Return same as search_my_process_keyrings().
 450 */
 451key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
 452{
 453        struct request_key_auth *rka;
 454        key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
 455
 456        might_sleep();
 457
 458        key_ref = search_my_process_keyrings(ctx);
 459        if (!IS_ERR(key_ref))
 460                goto found;
 461        err = key_ref;
 462
 463        /* if this process has an instantiation authorisation key, then we also
 464         * search the keyrings of the process mentioned there
 465         * - we don't permit access to request_key auth keys via this method
 466         */
 467        if (ctx->cred->request_key_auth &&
 468            ctx->cred == current_cred() &&
 469            ctx->index_key.type != &key_type_request_key_auth
 470            ) {
 471                const struct cred *cred = ctx->cred;
 472
 473                /* defend against the auth key being revoked */
 474                down_read(&cred->request_key_auth->sem);
 475
 476                if (key_validate(ctx->cred->request_key_auth) == 0) {
 477                        rka = ctx->cred->request_key_auth->payload.data[0];
 478
 479                        ctx->cred = rka->cred;
 480                        key_ref = search_process_keyrings(ctx);
 481                        ctx->cred = cred;
 482
 483                        up_read(&cred->request_key_auth->sem);
 484
 485                        if (!IS_ERR(key_ref))
 486                                goto found;
 487
 488                        ret = key_ref;
 489                } else {
 490                        up_read(&cred->request_key_auth->sem);
 491                }
 492        }
 493
 494        /* no key - decide on the error we're going to go for */
 495        if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
 496                key_ref = ERR_PTR(-ENOKEY);
 497        else if (err == ERR_PTR(-EACCES))
 498                key_ref = ret;
 499        else
 500                key_ref = err;
 501
 502found:
 503        return key_ref;
 504}
 505
 506/*
 507 * See if the key we're looking at is the target key.
 508 */
 509bool lookup_user_key_possessed(const struct key *key,
 510                               const struct key_match_data *match_data)
 511{
 512        return key == match_data->raw_data;
 513}
 514
 515/*
 516 * Look up a key ID given us by userspace with a given permissions mask to get
 517 * the key it refers to.
 518 *
 519 * Flags can be passed to request that special keyrings be created if referred
 520 * to directly, to permit partially constructed keys to be found and to skip
 521 * validity and permission checks on the found key.
 522 *
 523 * Returns a pointer to the key with an incremented usage count if successful;
 524 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
 525 * to a key or the best found key was a negative key; -EKEYREVOKED or
 526 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
 527 * found key doesn't grant the requested permit or the LSM denied access to it;
 528 * or -ENOMEM if a special keyring couldn't be created.
 529 *
 530 * In the case of a successful return, the possession attribute is set on the
 531 * returned key reference.
 532 */
 533key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 534                          key_perm_t perm)
 535{
 536        struct keyring_search_context ctx = {
 537                .match_data.cmp         = lookup_user_key_possessed,
 538                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
 539                .flags                  = KEYRING_SEARCH_NO_STATE_CHECK,
 540        };
 541        struct request_key_auth *rka;
 542        struct key *key;
 543        key_ref_t key_ref, skey_ref;
 544        int ret;
 545
 546try_again:
 547        ctx.cred = get_current_cred();
 548        key_ref = ERR_PTR(-ENOKEY);
 549
 550        switch (id) {
 551        case KEY_SPEC_THREAD_KEYRING:
 552                if (!ctx.cred->thread_keyring) {
 553                        if (!(lflags & KEY_LOOKUP_CREATE))
 554                                goto error;
 555
 556                        ret = install_thread_keyring();
 557                        if (ret < 0) {
 558                                key_ref = ERR_PTR(ret);
 559                                goto error;
 560                        }
 561                        goto reget_creds;
 562                }
 563
 564                key = ctx.cred->thread_keyring;
 565                __key_get(key);
 566                key_ref = make_key_ref(key, 1);
 567                break;
 568
 569        case KEY_SPEC_PROCESS_KEYRING:
 570                if (!ctx.cred->process_keyring) {
 571                        if (!(lflags & KEY_LOOKUP_CREATE))
 572                                goto error;
 573
 574                        ret = install_process_keyring();
 575                        if (ret < 0) {
 576                                key_ref = ERR_PTR(ret);
 577                                goto error;
 578                        }
 579                        goto reget_creds;
 580                }
 581
 582                key = ctx.cred->process_keyring;
 583                __key_get(key);
 584                key_ref = make_key_ref(key, 1);
 585                break;
 586
 587        case KEY_SPEC_SESSION_KEYRING:
 588                if (!ctx.cred->session_keyring) {
 589                        /* always install a session keyring upon access if one
 590                         * doesn't exist yet */
 591                        ret = install_user_keyrings();
 592                        if (ret < 0)
 593                                goto error;
 594                        if (lflags & KEY_LOOKUP_CREATE)
 595                                ret = join_session_keyring(NULL);
 596                        else
 597                                ret = install_session_keyring(
 598                                        ctx.cred->user->session_keyring);
 599
 600                        if (ret < 0)
 601                                goto error;
 602                        goto reget_creds;
 603                } else if (ctx.cred->session_keyring ==
 604                           ctx.cred->user->session_keyring &&
 605                           lflags & KEY_LOOKUP_CREATE) {
 606                        ret = join_session_keyring(NULL);
 607                        if (ret < 0)
 608                                goto error;
 609                        goto reget_creds;
 610                }
 611
 612                rcu_read_lock();
 613                key = rcu_dereference(ctx.cred->session_keyring);
 614                __key_get(key);
 615                rcu_read_unlock();
 616                key_ref = make_key_ref(key, 1);
 617                break;
 618
 619        case KEY_SPEC_USER_KEYRING:
 620                if (!ctx.cred->user->uid_keyring) {
 621                        ret = install_user_keyrings();
 622                        if (ret < 0)
 623                                goto error;
 624                }
 625
 626                key = ctx.cred->user->uid_keyring;
 627                __key_get(key);
 628                key_ref = make_key_ref(key, 1);
 629                break;
 630
 631        case KEY_SPEC_USER_SESSION_KEYRING:
 632                if (!ctx.cred->user->session_keyring) {
 633                        ret = install_user_keyrings();
 634                        if (ret < 0)
 635                                goto error;
 636                }
 637
 638                key = ctx.cred->user->session_keyring;
 639                __key_get(key);
 640                key_ref = make_key_ref(key, 1);
 641                break;
 642
 643        case KEY_SPEC_GROUP_KEYRING:
 644                /* group keyrings are not yet supported */
 645                key_ref = ERR_PTR(-EINVAL);
 646                goto error;
 647
 648        case KEY_SPEC_REQKEY_AUTH_KEY:
 649                key = ctx.cred->request_key_auth;
 650                if (!key)
 651                        goto error;
 652
 653                __key_get(key);
 654                key_ref = make_key_ref(key, 1);
 655                break;
 656
 657        case KEY_SPEC_REQUESTOR_KEYRING:
 658                if (!ctx.cred->request_key_auth)
 659                        goto error;
 660
 661                down_read(&ctx.cred->request_key_auth->sem);
 662                if (test_bit(KEY_FLAG_REVOKED,
 663                             &ctx.cred->request_key_auth->flags)) {
 664                        key_ref = ERR_PTR(-EKEYREVOKED);
 665                        key = NULL;
 666                } else {
 667                        rka = ctx.cred->request_key_auth->payload.data[0];
 668                        key = rka->dest_keyring;
 669                        __key_get(key);
 670                }
 671                up_read(&ctx.cred->request_key_auth->sem);
 672                if (!key)
 673                        goto error;
 674                key_ref = make_key_ref(key, 1);
 675                break;
 676
 677        default:
 678                key_ref = ERR_PTR(-EINVAL);
 679                if (id < 1)
 680                        goto error;
 681
 682                key = key_lookup(id);
 683                if (IS_ERR(key)) {
 684                        key_ref = ERR_CAST(key);
 685                        goto error;
 686                }
 687
 688                key_ref = make_key_ref(key, 0);
 689
 690                /* check to see if we possess the key */
 691                ctx.index_key.type              = key->type;
 692                ctx.index_key.description       = key->description;
 693                ctx.index_key.desc_len          = strlen(key->description);
 694                ctx.match_data.raw_data         = key;
 695                kdebug("check possessed");
 696                skey_ref = search_process_keyrings(&ctx);
 697                kdebug("possessed=%p", skey_ref);
 698
 699                if (!IS_ERR(skey_ref)) {
 700                        key_put(key);
 701                        key_ref = skey_ref;
 702                }
 703
 704                break;
 705        }
 706
 707        /* unlink does not use the nominated key in any way, so can skip all
 708         * the permission checks as it is only concerned with the keyring */
 709        if (lflags & KEY_LOOKUP_FOR_UNLINK) {
 710                ret = 0;
 711                goto error;
 712        }
 713
 714        if (!(lflags & KEY_LOOKUP_PARTIAL)) {
 715                ret = wait_for_key_construction(key, true);
 716                switch (ret) {
 717                case -ERESTARTSYS:
 718                        goto invalid_key;
 719                default:
 720                        if (perm)
 721                                goto invalid_key;
 722                case 0:
 723                        break;
 724                }
 725        } else if (perm) {
 726                ret = key_validate(key);
 727                if (ret < 0)
 728                        goto invalid_key;
 729        }
 730
 731        ret = -EIO;
 732        if (!(lflags & KEY_LOOKUP_PARTIAL) &&
 733            key_read_state(key) == KEY_IS_UNINSTANTIATED)
 734                goto invalid_key;
 735
 736        /* check the permissions */
 737        ret = key_task_permission(key_ref, ctx.cred, perm);
 738        if (ret < 0)
 739                goto invalid_key;
 740
 741        key->last_used_at = ktime_get_real_seconds();
 742
 743error:
 744        put_cred(ctx.cred);
 745        return key_ref;
 746
 747invalid_key:
 748        key_ref_put(key_ref);
 749        key_ref = ERR_PTR(ret);
 750        goto error;
 751
 752        /* if we attempted to install a keyring, then it may have caused new
 753         * creds to be installed */
 754reget_creds:
 755        put_cred(ctx.cred);
 756        goto try_again;
 757}
 758
 759/*
 760 * Join the named keyring as the session keyring if possible else attempt to
 761 * create a new one of that name and join that.
 762 *
 763 * If the name is NULL, an empty anonymous keyring will be installed as the
 764 * session keyring.
 765 *
 766 * Named session keyrings are joined with a semaphore held to prevent the
 767 * keyrings from going away whilst the attempt is made to going them and also
 768 * to prevent a race in creating compatible session keyrings.
 769 */
 770long join_session_keyring(const char *name)
 771{
 772        const struct cred *old;
 773        struct cred *new;
 774        struct key *keyring;
 775        long ret, serial;
 776
 777        new = prepare_creds();
 778        if (!new)
 779                return -ENOMEM;
 780        old = current_cred();
 781
 782        /* if no name is provided, install an anonymous keyring */
 783        if (!name) {
 784                ret = install_session_keyring_to_cred(new, NULL);
 785                if (ret < 0)
 786                        goto error;
 787
 788                serial = new->session_keyring->serial;
 789                ret = commit_creds(new);
 790                if (ret == 0)
 791                        ret = serial;
 792                goto okay;
 793        }
 794
 795        /* allow the user to join or create a named keyring */
 796        mutex_lock(&key_session_mutex);
 797
 798        /* look for an existing keyring of this name */
 799        keyring = find_keyring_by_name(name, false);
 800        if (PTR_ERR(keyring) == -ENOKEY) {
 801                /* not found - try and create a new one */
 802                keyring = keyring_alloc(
 803                        name, old->uid, old->gid, old,
 804                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
 805                        KEY_ALLOC_IN_QUOTA, NULL, NULL);
 806                if (IS_ERR(keyring)) {
 807                        ret = PTR_ERR(keyring);
 808                        goto error2;
 809                }
 810        } else if (IS_ERR(keyring)) {
 811                ret = PTR_ERR(keyring);
 812                goto error2;
 813        } else if (keyring == new->session_keyring) {
 814                ret = 0;
 815                goto error3;
 816        }
 817
 818        /* we've got a keyring - now to install it */
 819        ret = install_session_keyring_to_cred(new, keyring);
 820        if (ret < 0)
 821                goto error3;
 822
 823        commit_creds(new);
 824        mutex_unlock(&key_session_mutex);
 825
 826        ret = keyring->serial;
 827        key_put(keyring);
 828okay:
 829        return ret;
 830
 831error3:
 832        key_put(keyring);
 833error2:
 834        mutex_unlock(&key_session_mutex);
 835error:
 836        abort_creds(new);
 837        return ret;
 838}
 839
 840/*
 841 * Replace a process's session keyring on behalf of one of its children when
 842 * the target  process is about to resume userspace execution.
 843 */
 844void key_change_session_keyring(struct callback_head *twork)
 845{
 846        const struct cred *old = current_cred();
 847        struct cred *new = container_of(twork, struct cred, rcu);
 848
 849        if (unlikely(current->flags & PF_EXITING)) {
 850                put_cred(new);
 851                return;
 852        }
 853
 854        new->  uid      = old->  uid;
 855        new-> euid      = old-> euid;
 856        new-> suid      = old-> suid;
 857        new->fsuid      = old->fsuid;
 858        new->  gid      = old->  gid;
 859        new-> egid      = old-> egid;
 860        new-> sgid      = old-> sgid;
 861        new->fsgid      = old->fsgid;
 862        new->user       = get_uid(old->user);
 863        new->user_ns    = get_user_ns(old->user_ns);
 864        new->group_info = get_group_info(old->group_info);
 865
 866        new->securebits = old->securebits;
 867        new->cap_inheritable    = old->cap_inheritable;
 868        new->cap_permitted      = old->cap_permitted;
 869        new->cap_effective      = old->cap_effective;
 870        new->cap_ambient        = old->cap_ambient;
 871        new->cap_bset           = old->cap_bset;
 872
 873        new->jit_keyring        = old->jit_keyring;
 874        new->thread_keyring     = key_get(old->thread_keyring);
 875        new->process_keyring    = key_get(old->process_keyring);
 876
 877        security_transfer_creds(new, old);
 878
 879        commit_creds(new);
 880}
 881
 882/*
 883 * Make sure that root's user and user-session keyrings exist.
 884 */
 885static int __init init_root_keyring(void)
 886{
 887        return install_user_keyrings();
 888}
 889
 890late_initcall(init_root_keyring);
 891
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.