linux/security/keys/process_keys.c
<<
>>
Prefs 
   1/* Manage a process's keyrings
   2 *
   3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 */
  11
  12#include <linux/module.h>
  13#include <linux/init.h>
  14#include <linux/sched.h>
  15#include <linux/keyctl.h>
  16#include <linux/fs.h>
  17#include <linux/err.h>
  18#include <linux/mutex.h>
  19#include <linux/security.h>
  20#include <linux/user_namespace.h>
  21#include <asm/uaccess.h>
  22#include "internal.h"
  23
  24/* Session keyring create vs join semaphore */
  25static DEFINE_MUTEX(key_session_mutex);
  26
  27/* User keyring creation semaphore */
  28static DEFINE_MUTEX(key_user_keyring_mutex);
  29
  30/* The root user's tracking struct */
  31struct key_user root_key_user = {
  32        .usage          = ATOMIC_INIT(3),
  33        .cons_lock      = __MUTEX_INITIALIZER(root_key_user.cons_lock),
  34        .lock           = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
  35        .nkeys          = ATOMIC_INIT(2),
  36        .nikeys         = ATOMIC_INIT(2),
  37        .uid            = GLOBAL_ROOT_UID,
  38};
  39
  40/*
  41 * Install the user and user session keyrings for the current process's UID.
  42 */
  43int install_user_keyrings(void)
  44{
  45        struct user_struct *user;
  46        const struct cred *cred;
  47        struct key *uid_keyring, *session_keyring;
  48        key_perm_t user_keyring_perm;
  49        char buf[20];
  50        int ret;
  51        uid_t uid;
  52
  53        user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
  54        cred = current_cred();
  55        user = cred->user;
  56        uid = from_kuid(cred->user_ns, user->uid);
  57
  58        kenter("%p{%u}", user, uid);
  59
  60        if (user->uid_keyring && user->session_keyring) {
  61                kleave(" = 0 [exist]");
  62                return 0;
  63        }
  64
  65        mutex_lock(&key_user_keyring_mutex);
  66        ret = 0;
  67
  68        if (!user->uid_keyring) {
  69                /* get the UID-specific keyring
  70                 * - there may be one in existence already as it may have been
  71                 *   pinned by a session, but the user_struct pointing to it
  72                 *   may have been destroyed by setuid */
  73                sprintf(buf, "_uid.%u", uid);
  74
  75                uid_keyring = find_keyring_by_name(buf, true);
  76                if (IS_ERR(uid_keyring)) {
  77                        uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
  78                                                    cred, user_keyring_perm,
  79                                                    KEY_ALLOC_IN_QUOTA,
  80                                                    NULL, NULL);
  81                        if (IS_ERR(uid_keyring)) {
  82                                ret = PTR_ERR(uid_keyring);
  83                                goto error;
  84                        }
  85                }
  86
  87                /* get a default session keyring (which might also exist
  88                 * already) */
  89                sprintf(buf, "_uid_ses.%u", uid);
  90
  91                session_keyring = find_keyring_by_name(buf, true);
  92                if (IS_ERR(session_keyring)) {
  93                        session_keyring =
  94                                keyring_alloc(buf, user->uid, INVALID_GID,
  95                                              cred, user_keyring_perm,
  96                                              KEY_ALLOC_IN_QUOTA,
  97                                              NULL, NULL);
  98                        if (IS_ERR(session_keyring)) {
  99                                ret = PTR_ERR(session_keyring);
 100                                goto error_release;
 101                        }
 102
 103                        /* we install a link from the user session keyring to
 104                         * the user keyring */
 105                        ret = key_link(session_keyring, uid_keyring);
 106                        if (ret < 0)
 107                                goto error_release_both;
 108                }
 109
 110                /* install the keyrings */
 111                user->uid_keyring = uid_keyring;
 112                user->session_keyring = session_keyring;
 113        }
 114
 115        mutex_unlock(&key_user_keyring_mutex);
 116        kleave(" = 0");
 117        return 0;
 118
 119error_release_both:
 120        key_put(session_keyring);
 121error_release:
 122        key_put(uid_keyring);
 123error:
 124        mutex_unlock(&key_user_keyring_mutex);
 125        kleave(" = %d", ret);
 126        return ret;
 127}
 128
 129/*
 130 * Install a fresh thread keyring directly to new credentials.  This keyring is
 131 * allowed to overrun the quota.
 132 */
 133int install_thread_keyring_to_cred(struct cred *new)
 134{
 135        struct key *keyring;
 136
 137        keyring = keyring_alloc("_tid", new->uid, new->gid, new,
 138                                KEY_POS_ALL | KEY_USR_VIEW,
 139                                KEY_ALLOC_QUOTA_OVERRUN,
 140                                NULL, NULL);
 141        if (IS_ERR(keyring))
 142                return PTR_ERR(keyring);
 143
 144        new->thread_keyring = keyring;
 145        return 0;
 146}
 147
 148/*
 149 * Install a fresh thread keyring, discarding the old one.
 150 */
 151static int install_thread_keyring(void)
 152{
 153        struct cred *new;
 154        int ret;
 155
 156        new = prepare_creds();
 157        if (!new)
 158                return -ENOMEM;
 159
 160        BUG_ON(new->thread_keyring);
 161
 162        ret = install_thread_keyring_to_cred(new);
 163        if (ret < 0) {
 164                abort_creds(new);
 165                return ret;
 166        }
 167
 168        return commit_creds(new);
 169}
 170
 171/*
 172 * Install a process keyring directly to a credentials struct.
 173 *
 174 * Returns -EEXIST if there was already a process keyring, 0 if one installed,
 175 * and other value on any other error
 176 */
 177int install_process_keyring_to_cred(struct cred *new)
 178{
 179        struct key *keyring;
 180
 181        if (new->process_keyring)
 182                return -EEXIST;
 183
 184        keyring = keyring_alloc("_pid", new->uid, new->gid, new,
 185                                KEY_POS_ALL | KEY_USR_VIEW,
 186                                KEY_ALLOC_QUOTA_OVERRUN,
 187                                NULL, NULL);
 188        if (IS_ERR(keyring))
 189                return PTR_ERR(keyring);
 190
 191        new->process_keyring = keyring;
 192        return 0;
 193}
 194
 195/*
 196 * Make sure a process keyring is installed for the current process.  The
 197 * existing process keyring is not replaced.
 198 *
 199 * Returns 0 if there is a process keyring by the end of this function, some
 200 * error otherwise.
 201 */
 202static int install_process_keyring(void)
 203{
 204        struct cred *new;
 205        int ret;
 206
 207        new = prepare_creds();
 208        if (!new)
 209                return -ENOMEM;
 210
 211        ret = install_process_keyring_to_cred(new);
 212        if (ret < 0) {
 213                abort_creds(new);
 214                return ret != -EEXIST ? ret : 0;
 215        }
 216
 217        return commit_creds(new);
 218}
 219
 220/*
 221 * Install a session keyring directly to a credentials struct.
 222 */
 223int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
 224{
 225        unsigned long flags;
 226        struct key *old;
 227
 228        might_sleep();
 229
 230        /* create an empty session keyring */
 231        if (!keyring) {
 232                flags = KEY_ALLOC_QUOTA_OVERRUN;
 233                if (cred->session_keyring)
 234                        flags = KEY_ALLOC_IN_QUOTA;
 235
 236                keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
 237                                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
 238                                        flags, NULL, NULL);
 239                if (IS_ERR(keyring))
 240                        return PTR_ERR(keyring);
 241        } else {
 242                __key_get(keyring);
 243        }
 244
 245        /* install the keyring */
 246        old = cred->session_keyring;
 247        rcu_assign_pointer(cred->session_keyring, keyring);
 248
 249        if (old)
 250                key_put(old);
 251
 252        return 0;
 253}
 254
 255/*
 256 * Install a session keyring, discarding the old one.  If a keyring is not
 257 * supplied, an empty one is invented.
 258 */
 259static int install_session_keyring(struct key *keyring)
 260{
 261        struct cred *new;
 262        int ret;
 263
 264        new = prepare_creds();
 265        if (!new)
 266                return -ENOMEM;
 267
 268        ret = install_session_keyring_to_cred(new, keyring);
 269        if (ret < 0) {
 270                abort_creds(new);
 271                return ret;
 272        }
 273
 274        return commit_creds(new);
 275}
 276
 277/*
 278 * Handle the fsuid changing.
 279 */
 280void key_fsuid_changed(struct task_struct *tsk)
 281{
 282        /* update the ownership of the thread keyring */
 283        BUG_ON(!tsk->cred);
 284        if (tsk->cred->thread_keyring) {
 285                down_write(&tsk->cred->thread_keyring->sem);
 286                tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
 287                up_write(&tsk->cred->thread_keyring->sem);
 288        }
 289}
 290
 291/*
 292 * Handle the fsgid changing.
 293 */
 294void key_fsgid_changed(struct task_struct *tsk)
 295{
 296        /* update the ownership of the thread keyring */
 297        BUG_ON(!tsk->cred);
 298        if (tsk->cred->thread_keyring) {
 299                down_write(&tsk->cred->thread_keyring->sem);
 300                tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
 301                up_write(&tsk->cred->thread_keyring->sem);
 302        }
 303}
 304
 305/*
 306 * Search the process keyrings attached to the supplied cred for the first
 307 * matching key.
 308 *
 309 * The search criteria are the type and the match function.  The description is
 310 * given to the match function as a parameter, but doesn't otherwise influence
 311 * the search.  Typically the match function will compare the description
 312 * parameter to the key's description.
 313 *
 314 * This can only search keyrings that grant Search permission to the supplied
 315 * credentials.  Keyrings linked to searched keyrings will also be searched if
 316 * they grant Search permission too.  Keys can only be found if they grant
 317 * Search permission to the credentials.
 318 *
 319 * Returns a pointer to the key with the key usage count incremented if
 320 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
 321 * matched negative keys.
 322 *
 323 * In the case of a successful return, the possession attribute is set on the
 324 * returned key reference.
 325 */
 326key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
 327{
 328        key_ref_t key_ref, ret, err;
 329
 330        /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
 331         * searchable, but we failed to find a key or we found a negative key;
 332         * otherwise we want to return a sample error (probably -EACCES) if
 333         * none of the keyrings were searchable
 334         *
 335         * in terms of priority: success > -ENOKEY > -EAGAIN > other error
 336         */
 337        key_ref = NULL;
 338        ret = NULL;
 339        err = ERR_PTR(-EAGAIN);
 340
 341        /* search the thread keyring first */
 342        if (ctx->cred->thread_keyring) {
 343                key_ref = keyring_search_aux(
 344                        make_key_ref(ctx->cred->thread_keyring, 1), ctx);
 345                if (!IS_ERR(key_ref))
 346                        goto found;
 347
 348                switch (PTR_ERR(key_ref)) {
 349                case -EAGAIN: /* no key */
 350                case -ENOKEY: /* negative key */
 351                        ret = key_ref;
 352                        break;
 353                default:
 354                        err = key_ref;
 355                        break;
 356                }
 357        }
 358
 359        /* search the process keyring second */
 360        if (ctx->cred->process_keyring) {
 361                key_ref = keyring_search_aux(
 362                        make_key_ref(ctx->cred->process_keyring, 1), ctx);
 363                if (!IS_ERR(key_ref))
 364                        goto found;
 365
 366                switch (PTR_ERR(key_ref)) {
 367                case -EAGAIN: /* no key */
 368                        if (ret)
 369                                break;
 370                case -ENOKEY: /* negative key */
 371                        ret = key_ref;
 372                        break;
 373                default:
 374                        err = key_ref;
 375                        break;
 376                }
 377        }
 378
 379        /* search the session keyring */
 380        if (ctx->cred->session_keyring) {
 381                rcu_read_lock();
 382                key_ref = keyring_search_aux(
 383                        make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
 384                        ctx);
 385                rcu_read_unlock();
 386
 387                if (!IS_ERR(key_ref))
 388                        goto found;
 389
 390                switch (PTR_ERR(key_ref)) {
 391                case -EAGAIN: /* no key */
 392                        if (ret)
 393                                break;
 394                case -ENOKEY: /* negative key */
 395                        ret = key_ref;
 396                        break;
 397                default:
 398                        err = key_ref;
 399                        break;
 400                }
 401        }
 402        /* or search the user-session keyring */
 403        else if (ctx->cred->user->session_keyring) {
 404                key_ref = keyring_search_aux(
 405                        make_key_ref(ctx->cred->user->session_keyring, 1),
 406                        ctx);
 407                if (!IS_ERR(key_ref))
 408                        goto found;
 409
 410                switch (PTR_ERR(key_ref)) {
 411                case -EAGAIN: /* no key */
 412                        if (ret)
 413                                break;
 414                case -ENOKEY: /* negative key */
 415                        ret = key_ref;
 416                        break;
 417                default:
 418                        err = key_ref;
 419                        break;
 420                }
 421        }
 422
 423        /* no key - decide on the error we're going to go for */
 424        key_ref = ret ? ret : err;
 425
 426found:
 427        return key_ref;
 428}
 429
 430/*
 431 * Search the process keyrings attached to the supplied cred for the first
 432 * matching key in the manner of search_my_process_keyrings(), but also search
 433 * the keys attached to the assumed authorisation key using its credentials if
 434 * one is available.
 435 *
 436 * Return same as search_my_process_keyrings().
 437 */
 438key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
 439{
 440        struct request_key_auth *rka;
 441        key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
 442
 443        might_sleep();
 444
 445        key_ref = search_my_process_keyrings(ctx);
 446        if (!IS_ERR(key_ref))
 447                goto found;
 448        err = key_ref;
 449
 450        /* if this process has an instantiation authorisation key, then we also
 451         * search the keyrings of the process mentioned there
 452         * - we don't permit access to request_key auth keys via this method
 453         */
 454        if (ctx->cred->request_key_auth &&
 455            ctx->cred == current_cred() &&
 456            ctx->index_key.type != &key_type_request_key_auth
 457            ) {
 458                const struct cred *cred = ctx->cred;
 459
 460                /* defend against the auth key being revoked */
 461                down_read(&cred->request_key_auth->sem);
 462
 463                if (key_validate(ctx->cred->request_key_auth) == 0) {
 464                        rka = ctx->cred->request_key_auth->payload.data[0];
 465
 466                        ctx->cred = rka->cred;
 467                        key_ref = search_process_keyrings(ctx);
 468                        ctx->cred = cred;
 469
 470                        up_read(&cred->request_key_auth->sem);
 471
 472                        if (!IS_ERR(key_ref))
 473                                goto found;
 474
 475                        ret = key_ref;
 476                } else {
 477                        up_read(&cred->request_key_auth->sem);
 478                }
 479        }
 480
 481        /* no key - decide on the error we're going to go for */
 482        if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
 483                key_ref = ERR_PTR(-ENOKEY);
 484        else if (err == ERR_PTR(-EACCES))
 485                key_ref = ret;
 486        else
 487                key_ref = err;
 488
 489found:
 490        return key_ref;
 491}
 492
 493/*
 494 * See if the key we're looking at is the target key.
 495 */
 496bool lookup_user_key_possessed(const struct key *key,
 497                               const struct key_match_data *match_data)
 498{
 499        return key == match_data->raw_data;
 500}
 501
 502/*
 503 * Look up a key ID given us by userspace with a given permissions mask to get
 504 * the key it refers to.
 505 *
 506 * Flags can be passed to request that special keyrings be created if referred
 507 * to directly, to permit partially constructed keys to be found and to skip
 508 * validity and permission checks on the found key.
 509 *
 510 * Returns a pointer to the key with an incremented usage count if successful;
 511 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
 512 * to a key or the best found key was a negative key; -EKEYREVOKED or
 513 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
 514 * found key doesn't grant the requested permit or the LSM denied access to it;
 515 * or -ENOMEM if a special keyring couldn't be created.
 516 *
 517 * In the case of a successful return, the possession attribute is set on the
 518 * returned key reference.
 519 */
 520key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 521                          key_perm_t perm)
 522{
 523        struct keyring_search_context ctx = {
 524                .match_data.cmp         = lookup_user_key_possessed,
 525                .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
 526                .flags                  = KEYRING_SEARCH_NO_STATE_CHECK,
 527        };
 528        struct request_key_auth *rka;
 529        struct key *key;
 530        key_ref_t key_ref, skey_ref;
 531        int ret;
 532
 533try_again:
 534        ctx.cred = get_current_cred();
 535        key_ref = ERR_PTR(-ENOKEY);
 536
 537        switch (id) {
 538        case KEY_SPEC_THREAD_KEYRING:
 539                if (!ctx.cred->thread_keyring) {
 540                        if (!(lflags & KEY_LOOKUP_CREATE))
 541                                goto error;
 542
 543                        ret = install_thread_keyring();
 544                        if (ret < 0) {
 545                                key_ref = ERR_PTR(ret);
 546                                goto error;
 547                        }
 548                        goto reget_creds;
 549                }
 550
 551                key = ctx.cred->thread_keyring;
 552                __key_get(key);
 553                key_ref = make_key_ref(key, 1);
 554                break;
 555
 556        case KEY_SPEC_PROCESS_KEYRING:
 557                if (!ctx.cred->process_keyring) {
 558                        if (!(lflags & KEY_LOOKUP_CREATE))
 559                                goto error;
 560
 561                        ret = install_process_keyring();
 562                        if (ret < 0) {
 563                                key_ref = ERR_PTR(ret);
 564                                goto error;
 565                        }
 566                        goto reget_creds;
 567                }
 568
 569                key = ctx.cred->process_keyring;
 570                __key_get(key);
 571                key_ref = make_key_ref(key, 1);
 572                break;
 573
 574        case KEY_SPEC_SESSION_KEYRING:
 575                if (!ctx.cred->session_keyring) {
 576                        /* always install a session keyring upon access if one
 577                         * doesn't exist yet */
 578                        ret = install_user_keyrings();
 579                        if (ret < 0)
 580                                goto error;
 581                        if (lflags & KEY_LOOKUP_CREATE)
 582                                ret = join_session_keyring(NULL);
 583                        else
 584                                ret = install_session_keyring(
 585                                        ctx.cred->user->session_keyring);
 586
 587                        if (ret < 0)
 588                                goto error;
 589                        goto reget_creds;
 590                } else if (ctx.cred->session_keyring ==
 591                           ctx.cred->user->session_keyring &&
 592                           lflags & KEY_LOOKUP_CREATE) {
 593                        ret = join_session_keyring(NULL);
 594                        if (ret < 0)
 595                                goto error;
 596                        goto reget_creds;
 597                }
 598
 599                rcu_read_lock();
 600                key = rcu_dereference(ctx.cred->session_keyring);
 601                __key_get(key);
 602                rcu_read_unlock();
 603                key_ref = make_key_ref(key, 1);
 604                break;
 605
 606        case KEY_SPEC_USER_KEYRING:
 607                if (!ctx.cred->user->uid_keyring) {
 608                        ret = install_user_keyrings();
 609                        if (ret < 0)
 610                                goto error;
 611                }
 612
 613                key = ctx.cred->user->uid_keyring;
 614                __key_get(key);
 615                key_ref = make_key_ref(key, 1);
 616                break;
 617
 618        case KEY_SPEC_USER_SESSION_KEYRING:
 619                if (!ctx.cred->user->session_keyring) {
 620                        ret = install_user_keyrings();
 621                        if (ret < 0)
 622                                goto error;
 623                }
 624
 625                key = ctx.cred->user->session_keyring;
 626                __key_get(key);
 627                key_ref = make_key_ref(key, 1);
 628                break;
 629
 630        case KEY_SPEC_GROUP_KEYRING:
 631                /* group keyrings are not yet supported */
 632                key_ref = ERR_PTR(-EINVAL);
 633                goto error;
 634
 635        case KEY_SPEC_REQKEY_AUTH_KEY:
 636                key = ctx.cred->request_key_auth;
 637                if (!key)
 638                        goto error;
 639
 640                __key_get(key);
 641                key_ref = make_key_ref(key, 1);
 642                break;
 643
 644        case KEY_SPEC_REQUESTOR_KEYRING:
 645                if (!ctx.cred->request_key_auth)
 646                        goto error;
 647
 648                down_read(&ctx.cred->request_key_auth->sem);
 649                if (test_bit(KEY_FLAG_REVOKED,
 650                             &ctx.cred->request_key_auth->flags)) {
 651                        key_ref = ERR_PTR(-EKEYREVOKED);
 652                        key = NULL;
 653                } else {
 654                        rka = ctx.cred->request_key_auth->payload.data[0];
 655                        key = rka->dest_keyring;
 656                        __key_get(key);
 657                }
 658                up_read(&ctx.cred->request_key_auth->sem);
 659                if (!key)
 660                        goto error;
 661                key_ref = make_key_ref(key, 1);
 662                break;
 663
 664        default:
 665                key_ref = ERR_PTR(-EINVAL);
 666                if (id < 1)
 667                        goto error;
 668
 669                key = key_lookup(id);
 670                if (IS_ERR(key)) {
 671                        key_ref = ERR_CAST(key);
 672                        goto error;
 673                }
 674
 675                key_ref = make_key_ref(key, 0);
 676
 677                /* check to see if we possess the key */
 678                ctx.index_key.type              = key->type;
 679                ctx.index_key.description       = key->description;
 680                ctx.index_key.desc_len          = strlen(key->description);
 681                ctx.match_data.raw_data         = key;
 682                kdebug("check possessed");
 683                skey_ref = search_process_keyrings(&ctx);
 684                kdebug("possessed=%p", skey_ref);
 685
 686                if (!IS_ERR(skey_ref)) {
 687                        key_put(key);
 688                        key_ref = skey_ref;
 689                }
 690
 691                break;
 692        }
 693
 694        /* unlink does not use the nominated key in any way, so can skip all
 695         * the permission checks as it is only concerned with the keyring */
 696        if (lflags & KEY_LOOKUP_FOR_UNLINK) {
 697                ret = 0;
 698                goto error;
 699        }
 700
 701        if (!(lflags & KEY_LOOKUP_PARTIAL)) {
 702                ret = wait_for_key_construction(key, true);
 703                switch (ret) {
 704                case -ERESTARTSYS:
 705                        goto invalid_key;
 706                default:
 707                        if (perm)
 708                                goto invalid_key;
 709                case 0:
 710                        break;
 711                }
 712        } else if (perm) {
 713                ret = key_validate(key);
 714                if (ret < 0)
 715                        goto invalid_key;
 716        }
 717
 718        ret = -EIO;
 719        if (!(lflags & KEY_LOOKUP_PARTIAL) &&
 720            !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
 721                goto invalid_key;
 722
 723        /* check the permissions */
 724        ret = key_task_permission(key_ref, ctx.cred, perm);
 725        if (ret < 0)
 726                goto invalid_key;
 727
 728        key->last_used_at = current_kernel_time().tv_sec;
 729
 730error:
 731        put_cred(ctx.cred);
 732        return key_ref;
 733
 734invalid_key:
 735        key_ref_put(key_ref);
 736        key_ref = ERR_PTR(ret);
 737        goto error;
 738
 739        /* if we attempted to install a keyring, then it may have caused new
 740         * creds to be installed */
 741reget_creds:
 742        put_cred(ctx.cred);
 743        goto try_again;
 744}
 745
 746/*
 747 * Join the named keyring as the session keyring if possible else attempt to
 748 * create a new one of that name and join that.
 749 *
 750 * If the name is NULL, an empty anonymous keyring will be installed as the
 751 * session keyring.
 752 *
 753 * Named session keyrings are joined with a semaphore held to prevent the
 754 * keyrings from going away whilst the attempt is made to going them and also
 755 * to prevent a race in creating compatible session keyrings.
 756 */
 757long join_session_keyring(const char *name)
 758{
 759        const struct cred *old;
 760        struct cred *new;
 761        struct key *keyring;
 762        long ret, serial;
 763
 764        new = prepare_creds();
 765        if (!new)
 766                return -ENOMEM;
 767        old = current_cred();
 768
 769        /* if no name is provided, install an anonymous keyring */
 770        if (!name) {
 771                ret = install_session_keyring_to_cred(new, NULL);
 772                if (ret < 0)
 773                        goto error;
 774
 775                serial = new->session_keyring->serial;
 776                ret = commit_creds(new);
 777                if (ret == 0)
 778                        ret = serial;
 779                goto okay;
 780        }
 781
 782        /* allow the user to join or create a named keyring */
 783        mutex_lock(&key_session_mutex);
 784
 785        /* look for an existing keyring of this name */
 786        keyring = find_keyring_by_name(name, false);
 787        if (PTR_ERR(keyring) == -ENOKEY) {
 788                /* not found - try and create a new one */
 789                keyring = keyring_alloc(
 790                        name, old->uid, old->gid, old,
 791                        KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
 792                        KEY_ALLOC_IN_QUOTA, NULL, NULL);
 793                if (IS_ERR(keyring)) {
 794                        ret = PTR_ERR(keyring);
 795                        goto error2;
 796                }
 797        } else if (IS_ERR(keyring)) {
 798                ret = PTR_ERR(keyring);
 799                goto error2;
 800        } else if (keyring == new->session_keyring) {
 801                key_put(keyring);
 802                ret = 0;
 803                goto error2;
 804        }
 805
 806        /* we've got a keyring - now to install it */
 807        ret = install_session_keyring_to_cred(new, keyring);
 808        if (ret < 0)
 809                goto error2;
 810
 811        commit_creds(new);
 812        mutex_unlock(&key_session_mutex);
 813
 814        ret = keyring->serial;
 815        key_put(keyring);
 816okay:
 817        return ret;
 818
 819error2:
 820        mutex_unlock(&key_session_mutex);
 821error:
 822        abort_creds(new);
 823        return ret;
 824}
 825
 826/*
 827 * Replace a process's session keyring on behalf of one of its children when
 828 * the target  process is about to resume userspace execution.
 829 */
 830void key_change_session_keyring(struct callback_head *twork)
 831{
 832        const struct cred *old = current_cred();
 833        struct cred *new = container_of(twork, struct cred, rcu);
 834
 835        if (unlikely(current->flags & PF_EXITING)) {
 836                put_cred(new);
 837                return;
 838        }
 839
 840        new->  uid      = old->  uid;
 841        new-> euid      = old-> euid;
 842        new-> suid      = old-> suid;
 843        new->fsuid      = old->fsuid;
 844        new->  gid      = old->  gid;
 845        new-> egid      = old-> egid;
 846        new-> sgid      = old-> sgid;
 847        new->fsgid      = old->fsgid;
 848        new->user       = get_uid(old->user);
 849        new->user_ns    = get_user_ns(old->user_ns);
 850        new->group_info = get_group_info(old->group_info);
 851
 852        new->securebits = old->securebits;
 853        new->cap_inheritable    = old->cap_inheritable;
 854        new->cap_permitted      = old->cap_permitted;
 855        new->cap_effective      = old->cap_effective;
 856        new->cap_ambient        = old->cap_ambient;
 857        new->cap_bset           = old->cap_bset;
 858
 859        new->jit_keyring        = old->jit_keyring;
 860        new->thread_keyring     = key_get(old->thread_keyring);
 861        new->process_keyring    = key_get(old->process_keyring);
 862
 863        security_transfer_creds(new, old);
 864
 865        commit_creds(new);
 866}
 867
 868/*
 869 * Make sure that root's user and user-session keyrings exist.
 870 */
 871static int __init init_root_keyring(void)
 872{
 873        return install_user_keyrings();
 874}
 875
 876late_initcall(init_root_keyring);
 877
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.