~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/process_keys.c

Version: ~ [ linux-5.12-rc7 ] ~ [ linux-5.11.13 ] ~ [ linux-5.10.29 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.111 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.186 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.230 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.266 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.266 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.18.140 ] ~ [ linux-3.16.85 ] ~ [ linux-3.14.79 ] ~ [ linux-3.12.74 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Manage a process's keyrings
  2  *
  3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
  4  * Written by David Howells (dhowells@redhat.com)
  5  *
  6  * This program is free software; you can redistribute it and/or
  7  * modify it under the terms of the GNU General Public License
  8  * as published by the Free Software Foundation; either version
  9  * 2 of the License, or (at your option) any later version.
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/init.h>
 14 #include <linux/sched.h>
 15 #include <linux/keyctl.h>
 16 #include <linux/fs.h>
 17 #include <linux/err.h>
 18 #include <linux/mutex.h>
 19 #include <linux/security.h>
 20 #include <linux/user_namespace.h>
 21 #include <asm/uaccess.h>
 22 #include "internal.h"
 23 
 24 /* Session keyring create vs join semaphore */
 25 static DEFINE_MUTEX(key_session_mutex);
 26 
 27 /* User keyring creation semaphore */
 28 static DEFINE_MUTEX(key_user_keyring_mutex);
 29 
 30 /* The root user's tracking struct */
 31 struct key_user root_key_user = {
 32         .usage          = ATOMIC_INIT(3),
 33         .cons_lock      = __MUTEX_INITIALIZER(root_key_user.cons_lock),
 34         .lock           = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
 35         .nkeys          = ATOMIC_INIT(2),
 36         .nikeys         = ATOMIC_INIT(2),
 37         .uid            = GLOBAL_ROOT_UID,
 38 };
 39 
 40 /*
 41  * Install the user and user session keyrings for the current process's UID.
 42  */
 43 int install_user_keyrings(void)
 44 {
 45         struct user_struct *user;
 46         const struct cred *cred;
 47         struct key *uid_keyring, *session_keyring;
 48         key_perm_t user_keyring_perm;
 49         char buf[20];
 50         int ret;
 51         uid_t uid;
 52 
 53         user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
 54         cred = current_cred();
 55         user = cred->user;
 56         uid = from_kuid(cred->user_ns, user->uid);
 57 
 58         kenter("%p{%u}", user, uid);
 59 
 60         if (user->uid_keyring && user->session_keyring) {
 61                 kleave(" = 0 [exist]");
 62                 return 0;
 63         }
 64 
 65         mutex_lock(&key_user_keyring_mutex);
 66         ret = 0;
 67 
 68         if (!user->uid_keyring) {
 69                 /* get the UID-specific keyring
 70                  * - there may be one in existence already as it may have been
 71                  *   pinned by a session, but the user_struct pointing to it
 72                  *   may have been destroyed by setuid */
 73                 sprintf(buf, "_uid.%u", uid);
 74 
 75                 uid_keyring = find_keyring_by_name(buf, true);
 76                 if (IS_ERR(uid_keyring)) {
 77                         uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
 78                                                     cred, user_keyring_perm,
 79                                                     KEY_ALLOC_IN_QUOTA, NULL);
 80                         if (IS_ERR(uid_keyring)) {
 81                                 ret = PTR_ERR(uid_keyring);
 82                                 goto error;
 83                         }
 84                 }
 85 
 86                 /* get a default session keyring (which might also exist
 87                  * already) */
 88                 sprintf(buf, "_uid_ses.%u", uid);
 89 
 90                 session_keyring = find_keyring_by_name(buf, true);
 91                 if (IS_ERR(session_keyring)) {
 92                         session_keyring =
 93                                 keyring_alloc(buf, user->uid, INVALID_GID,
 94                                               cred, user_keyring_perm,
 95                                               KEY_ALLOC_IN_QUOTA, NULL);
 96                         if (IS_ERR(session_keyring)) {
 97                                 ret = PTR_ERR(session_keyring);
 98                                 goto error_release;
 99                         }
100 
101                         /* we install a link from the user session keyring to
102                          * the user keyring */
103                         ret = key_link(session_keyring, uid_keyring);
104                         if (ret < 0)
105                                 goto error_release_both;
106                 }
107 
108                 /* install the keyrings */
109                 user->uid_keyring = uid_keyring;
110                 user->session_keyring = session_keyring;
111         }
112 
113         mutex_unlock(&key_user_keyring_mutex);
114         kleave(" = 0");
115         return 0;
116 
117 error_release_both:
118         key_put(session_keyring);
119 error_release:
120         key_put(uid_keyring);
121 error:
122         mutex_unlock(&key_user_keyring_mutex);
123         kleave(" = %d", ret);
124         return ret;
125 }
126 
127 /*
128  * Install a fresh thread keyring directly to new credentials.  This keyring is
129  * allowed to overrun the quota.
130  */
131 int install_thread_keyring_to_cred(struct cred *new)
132 {
133         struct key *keyring;
134 
135         keyring = keyring_alloc("_tid", new->uid, new->gid, new,
136                                 KEY_POS_ALL | KEY_USR_VIEW,
137                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
138         if (IS_ERR(keyring))
139                 return PTR_ERR(keyring);
140 
141         new->thread_keyring = keyring;
142         return 0;
143 }
144 
145 /*
146  * Install a fresh thread keyring, discarding the old one.
147  */
148 static int install_thread_keyring(void)
149 {
150         struct cred *new;
151         int ret;
152 
153         new = prepare_creds();
154         if (!new)
155                 return -ENOMEM;
156 
157         BUG_ON(new->thread_keyring);
158 
159         ret = install_thread_keyring_to_cred(new);
160         if (ret < 0) {
161                 abort_creds(new);
162                 return ret;
163         }
164 
165         return commit_creds(new);
166 }
167 
168 /*
169  * Install a process keyring directly to a credentials struct.
170  *
171  * Returns -EEXIST if there was already a process keyring, 0 if one installed,
172  * and other value on any other error
173  */
174 int install_process_keyring_to_cred(struct cred *new)
175 {
176         struct key *keyring;
177 
178         if (new->process_keyring)
179                 return -EEXIST;
180 
181         keyring = keyring_alloc("_pid", new->uid, new->gid, new,
182                                 KEY_POS_ALL | KEY_USR_VIEW,
183                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
184         if (IS_ERR(keyring))
185                 return PTR_ERR(keyring);
186 
187         new->process_keyring = keyring;
188         return 0;
189 }
190 
191 /*
192  * Make sure a process keyring is installed for the current process.  The
193  * existing process keyring is not replaced.
194  *
195  * Returns 0 if there is a process keyring by the end of this function, some
196  * error otherwise.
197  */
198 static int install_process_keyring(void)
199 {
200         struct cred *new;
201         int ret;
202 
203         new = prepare_creds();
204         if (!new)
205                 return -ENOMEM;
206 
207         ret = install_process_keyring_to_cred(new);
208         if (ret < 0) {
209                 abort_creds(new);
210                 return ret != -EEXIST ? ret : 0;
211         }
212 
213         return commit_creds(new);
214 }
215 
216 /*
217  * Install a session keyring directly to a credentials struct.
218  */
219 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
220 {
221         unsigned long flags;
222         struct key *old;
223 
224         might_sleep();
225 
226         /* create an empty session keyring */
227         if (!keyring) {
228                 flags = KEY_ALLOC_QUOTA_OVERRUN;
229                 if (cred->session_keyring)
230                         flags = KEY_ALLOC_IN_QUOTA;
231 
232                 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
233                                         KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
234                                         flags, NULL);
235                 if (IS_ERR(keyring))
236                         return PTR_ERR(keyring);
237         } else {
238                 __key_get(keyring);
239         }
240 
241         /* install the keyring */
242         old = cred->session_keyring;
243         rcu_assign_pointer(cred->session_keyring, keyring);
244 
245         if (old)
246                 key_put(old);
247 
248         return 0;
249 }
250 
251 /*
252  * Install a session keyring, discarding the old one.  If a keyring is not
253  * supplied, an empty one is invented.
254  */
255 static int install_session_keyring(struct key *keyring)
256 {
257         struct cred *new;
258         int ret;
259 
260         new = prepare_creds();
261         if (!new)
262                 return -ENOMEM;
263 
264         ret = install_session_keyring_to_cred(new, keyring);
265         if (ret < 0) {
266                 abort_creds(new);
267                 return ret;
268         }
269 
270         return commit_creds(new);
271 }
272 
273 /*
274  * Handle the fsuid changing.
275  */
276 void key_fsuid_changed(struct task_struct *tsk)
277 {
278         /* update the ownership of the thread keyring */
279         BUG_ON(!tsk->cred);
280         if (tsk->cred->thread_keyring) {
281                 down_write(&tsk->cred->thread_keyring->sem);
282                 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
283                 up_write(&tsk->cred->thread_keyring->sem);
284         }
285 }
286 
287 /*
288  * Handle the fsgid changing.
289  */
290 void key_fsgid_changed(struct task_struct *tsk)
291 {
292         /* update the ownership of the thread keyring */
293         BUG_ON(!tsk->cred);
294         if (tsk->cred->thread_keyring) {
295                 down_write(&tsk->cred->thread_keyring->sem);
296                 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
297                 up_write(&tsk->cred->thread_keyring->sem);
298         }
299 }
300 
301 /*
302  * Search the process keyrings attached to the supplied cred for the first
303  * matching key.
304  *
305  * The search criteria are the type and the match function.  The description is
306  * given to the match function as a parameter, but doesn't otherwise influence
307  * the search.  Typically the match function will compare the description
308  * parameter to the key's description.
309  *
310  * This can only search keyrings that grant Search permission to the supplied
311  * credentials.  Keyrings linked to searched keyrings will also be searched if
312  * they grant Search permission too.  Keys can only be found if they grant
313  * Search permission to the credentials.
314  *
315  * Returns a pointer to the key with the key usage count incremented if
316  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
317  * matched negative keys.
318  *
319  * In the case of a successful return, the possession attribute is set on the
320  * returned key reference.
321  */
322 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
323 {
324         key_ref_t key_ref, ret, err;
325 
326         /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
327          * searchable, but we failed to find a key or we found a negative key;
328          * otherwise we want to return a sample error (probably -EACCES) if
329          * none of the keyrings were searchable
330          *
331          * in terms of priority: success > -ENOKEY > -EAGAIN > other error
332          */
333         key_ref = NULL;
334         ret = NULL;
335         err = ERR_PTR(-EAGAIN);
336 
337         /* search the thread keyring first */
338         if (ctx->cred->thread_keyring) {
339                 key_ref = keyring_search_aux(
340                         make_key_ref(ctx->cred->thread_keyring, 1), ctx);
341                 if (!IS_ERR(key_ref))
342                         goto found;
343 
344                 switch (PTR_ERR(key_ref)) {
345                 case -EAGAIN: /* no key */
346                 case -ENOKEY: /* negative key */
347                         ret = key_ref;
348                         break;
349                 default:
350                         err = key_ref;
351                         break;
352                 }
353         }
354 
355         /* search the process keyring second */
356         if (ctx->cred->process_keyring) {
357                 key_ref = keyring_search_aux(
358                         make_key_ref(ctx->cred->process_keyring, 1), ctx);
359                 if (!IS_ERR(key_ref))
360                         goto found;
361 
362                 switch (PTR_ERR(key_ref)) {
363                 case -EAGAIN: /* no key */
364                         if (ret)
365                                 break;
366                 case -ENOKEY: /* negative key */
367                         ret = key_ref;
368                         break;
369                 default:
370                         err = key_ref;
371                         break;
372                 }
373         }
374 
375         /* search the session keyring */
376         if (ctx->cred->session_keyring) {
377                 rcu_read_lock();
378                 key_ref = keyring_search_aux(
379                         make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
380                         ctx);
381                 rcu_read_unlock();
382 
383                 if (!IS_ERR(key_ref))
384                         goto found;
385 
386                 switch (PTR_ERR(key_ref)) {
387                 case -EAGAIN: /* no key */
388                         if (ret)
389                                 break;
390                 case -ENOKEY: /* negative key */
391                         ret = key_ref;
392                         break;
393                 default:
394                         err = key_ref;
395                         break;
396                 }
397         }
398         /* or search the user-session keyring */
399         else if (ctx->cred->user->session_keyring) {
400                 key_ref = keyring_search_aux(
401                         make_key_ref(ctx->cred->user->session_keyring, 1),
402                         ctx);
403                 if (!IS_ERR(key_ref))
404                         goto found;
405 
406                 switch (PTR_ERR(key_ref)) {
407                 case -EAGAIN: /* no key */
408                         if (ret)
409                                 break;
410                 case -ENOKEY: /* negative key */
411                         ret = key_ref;
412                         break;
413                 default:
414                         err = key_ref;
415                         break;
416                 }
417         }
418 
419         /* no key - decide on the error we're going to go for */
420         key_ref = ret ? ret : err;
421 
422 found:
423         return key_ref;
424 }
425 
426 /*
427  * Search the process keyrings attached to the supplied cred for the first
428  * matching key in the manner of search_my_process_keyrings(), but also search
429  * the keys attached to the assumed authorisation key using its credentials if
430  * one is available.
431  *
432  * Return same as search_my_process_keyrings().
433  */
434 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
435 {
436         struct request_key_auth *rka;
437         key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
438 
439         might_sleep();
440 
441         key_ref = search_my_process_keyrings(ctx);
442         if (!IS_ERR(key_ref))
443                 goto found;
444         err = key_ref;
445 
446         /* if this process has an instantiation authorisation key, then we also
447          * search the keyrings of the process mentioned there
448          * - we don't permit access to request_key auth keys via this method
449          */
450         if (ctx->cred->request_key_auth &&
451             ctx->cred == current_cred() &&
452             ctx->index_key.type != &key_type_request_key_auth
453             ) {
454                 const struct cred *cred = ctx->cred;
455 
456                 /* defend against the auth key being revoked */
457                 down_read(&cred->request_key_auth->sem);
458 
459                 if (key_validate(ctx->cred->request_key_auth) == 0) {
460                         rka = ctx->cred->request_key_auth->payload.data;
461 
462                         ctx->cred = rka->cred;
463                         key_ref = search_process_keyrings(ctx);
464                         ctx->cred = cred;
465 
466                         up_read(&cred->request_key_auth->sem);
467 
468                         if (!IS_ERR(key_ref))
469                                 goto found;
470 
471                         ret = key_ref;
472                 } else {
473                         up_read(&cred->request_key_auth->sem);
474                 }
475         }
476 
477         /* no key - decide on the error we're going to go for */
478         if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
479                 key_ref = ERR_PTR(-ENOKEY);
480         else if (err == ERR_PTR(-EACCES))
481                 key_ref = ret;
482         else
483                 key_ref = err;
484 
485 found:
486         return key_ref;
487 }
488 
489 /*
490  * See if the key we're looking at is the target key.
491  */
492 int lookup_user_key_possessed(const struct key *key, const void *target)
493 {
494         return key == target;
495 }
496 
497 /*
498  * Look up a key ID given us by userspace with a given permissions mask to get
499  * the key it refers to.
500  *
501  * Flags can be passed to request that special keyrings be created if referred
502  * to directly, to permit partially constructed keys to be found and to skip
503  * validity and permission checks on the found key.
504  *
505  * Returns a pointer to the key with an incremented usage count if successful;
506  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
507  * to a key or the best found key was a negative key; -EKEYREVOKED or
508  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
509  * found key doesn't grant the requested permit or the LSM denied access to it;
510  * or -ENOMEM if a special keyring couldn't be created.
511  *
512  * In the case of a successful return, the possession attribute is set on the
513  * returned key reference.
514  */
515 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
516                           key_perm_t perm)
517 {
518         struct keyring_search_context ctx = {
519                 .match  = lookup_user_key_possessed,
520                 .flags  = (KEYRING_SEARCH_NO_STATE_CHECK |
521                            KEYRING_SEARCH_LOOKUP_DIRECT),
522         };
523         struct request_key_auth *rka;
524         struct key *key;
525         key_ref_t key_ref, skey_ref;
526         int ret;
527 
528 try_again:
529         ctx.cred = get_current_cred();
530         key_ref = ERR_PTR(-ENOKEY);
531 
532         switch (id) {
533         case KEY_SPEC_THREAD_KEYRING:
534                 if (!ctx.cred->thread_keyring) {
535                         if (!(lflags & KEY_LOOKUP_CREATE))
536                                 goto error;
537 
538                         ret = install_thread_keyring();
539                         if (ret < 0) {
540                                 key_ref = ERR_PTR(ret);
541                                 goto error;
542                         }
543                         goto reget_creds;
544                 }
545 
546                 key = ctx.cred->thread_keyring;
547                 __key_get(key);
548                 key_ref = make_key_ref(key, 1);
549                 break;
550 
551         case KEY_SPEC_PROCESS_KEYRING:
552                 if (!ctx.cred->process_keyring) {
553                         if (!(lflags & KEY_LOOKUP_CREATE))
554                                 goto error;
555 
556                         ret = install_process_keyring();
557                         if (ret < 0) {
558                                 key_ref = ERR_PTR(ret);
559                                 goto error;
560                         }
561                         goto reget_creds;
562                 }
563 
564                 key = ctx.cred->process_keyring;
565                 __key_get(key);
566                 key_ref = make_key_ref(key, 1);
567                 break;
568 
569         case KEY_SPEC_SESSION_KEYRING:
570                 if (!ctx.cred->session_keyring) {
571                         /* always install a session keyring upon access if one
572                          * doesn't exist yet */
573                         ret = install_user_keyrings();
574                         if (ret < 0)
575                                 goto error;
576                         if (lflags & KEY_LOOKUP_CREATE)
577                                 ret = join_session_keyring(NULL);
578                         else
579                                 ret = install_session_keyring(
580                                         ctx.cred->user->session_keyring);
581 
582                         if (ret < 0)
583                                 goto error;
584                         goto reget_creds;
585                 } else if (ctx.cred->session_keyring ==
586                            ctx.cred->user->session_keyring &&
587                            lflags & KEY_LOOKUP_CREATE) {
588                         ret = join_session_keyring(NULL);
589                         if (ret < 0)
590                                 goto error;
591                         goto reget_creds;
592                 }
593 
594                 rcu_read_lock();
595                 key = rcu_dereference(ctx.cred->session_keyring);
596                 __key_get(key);
597                 rcu_read_unlock();
598                 key_ref = make_key_ref(key, 1);
599                 break;
600 
601         case KEY_SPEC_USER_KEYRING:
602                 if (!ctx.cred->user->uid_keyring) {
603                         ret = install_user_keyrings();
604                         if (ret < 0)
605                                 goto error;
606                 }
607 
608                 key = ctx.cred->user->uid_keyring;
609                 __key_get(key);
610                 key_ref = make_key_ref(key, 1);
611                 break;
612 
613         case KEY_SPEC_USER_SESSION_KEYRING:
614                 if (!ctx.cred->user->session_keyring) {
615                         ret = install_user_keyrings();
616                         if (ret < 0)
617                                 goto error;
618                 }
619 
620                 key = ctx.cred->user->session_keyring;
621                 __key_get(key);
622                 key_ref = make_key_ref(key, 1);
623                 break;
624 
625         case KEY_SPEC_GROUP_KEYRING:
626                 /* group keyrings are not yet supported */
627                 key_ref = ERR_PTR(-EINVAL);
628                 goto error;
629 
630         case KEY_SPEC_REQKEY_AUTH_KEY:
631                 key = ctx.cred->request_key_auth;
632                 if (!key)
633                         goto error;
634 
635                 __key_get(key);
636                 key_ref = make_key_ref(key, 1);
637                 break;
638 
639         case KEY_SPEC_REQUESTOR_KEYRING:
640                 if (!ctx.cred->request_key_auth)
641                         goto error;
642 
643                 down_read(&ctx.cred->request_key_auth->sem);
644                 if (test_bit(KEY_FLAG_REVOKED,
645                              &ctx.cred->request_key_auth->flags)) {
646                         key_ref = ERR_PTR(-EKEYREVOKED);
647                         key = NULL;
648                 } else {
649                         rka = ctx.cred->request_key_auth->payload.data;
650                         key = rka->dest_keyring;
651                         __key_get(key);
652                 }
653                 up_read(&ctx.cred->request_key_auth->sem);
654                 if (!key)
655                         goto error;
656                 key_ref = make_key_ref(key, 1);
657                 break;
658 
659         default:
660                 key_ref = ERR_PTR(-EINVAL);
661                 if (id < 1)
662                         goto error;
663 
664                 key = key_lookup(id);
665                 if (IS_ERR(key)) {
666                         key_ref = ERR_CAST(key);
667                         goto error;
668                 }
669 
670                 key_ref = make_key_ref(key, 0);
671 
672                 /* check to see if we possess the key */
673                 ctx.index_key.type              = key->type;
674                 ctx.index_key.description       = key->description;
675                 ctx.index_key.desc_len          = strlen(key->description);
676                 ctx.match_data                  = key;
677                 kdebug("check possessed");
678                 skey_ref = search_process_keyrings(&ctx);
679                 kdebug("possessed=%p", skey_ref);
680 
681                 if (!IS_ERR(skey_ref)) {
682                         key_put(key);
683                         key_ref = skey_ref;
684                 }
685 
686                 break;
687         }
688 
689         /* unlink does not use the nominated key in any way, so can skip all
690          * the permission checks as it is only concerned with the keyring */
691         if (lflags & KEY_LOOKUP_FOR_UNLINK) {
692                 ret = 0;
693                 goto error;
694         }
695 
696         if (!(lflags & KEY_LOOKUP_PARTIAL)) {
697                 ret = wait_for_key_construction(key, true);
698                 switch (ret) {
699                 case -ERESTARTSYS:
700                         goto invalid_key;
701                 default:
702                         if (perm)
703                                 goto invalid_key;
704                 case 0:
705                         break;
706                 }
707         } else if (perm) {
708                 ret = key_validate(key);
709                 if (ret < 0)
710                         goto invalid_key;
711         }
712 
713         ret = -EIO;
714         if (!(lflags & KEY_LOOKUP_PARTIAL) &&
715             !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
716                 goto invalid_key;
717 
718         /* check the permissions */
719         ret = key_task_permission(key_ref, ctx.cred, perm);
720         if (ret < 0)
721                 goto invalid_key;
722 
723         key->last_used_at = current_kernel_time().tv_sec;
724 
725 error:
726         put_cred(ctx.cred);
727         return key_ref;
728 
729 invalid_key:
730         key_ref_put(key_ref);
731         key_ref = ERR_PTR(ret);
732         goto error;
733 
734         /* if we attempted to install a keyring, then it may have caused new
735          * creds to be installed */
736 reget_creds:
737         put_cred(ctx.cred);
738         goto try_again;
739 }
740 
741 /*
742  * Join the named keyring as the session keyring if possible else attempt to
743  * create a new one of that name and join that.
744  *
745  * If the name is NULL, an empty anonymous keyring will be installed as the
746  * session keyring.
747  *
748  * Named session keyrings are joined with a semaphore held to prevent the
749  * keyrings from going away whilst the attempt is made to going them and also
750  * to prevent a race in creating compatible session keyrings.
751  */
752 long join_session_keyring(const char *name)
753 {
754         const struct cred *old;
755         struct cred *new;
756         struct key *keyring;
757         long ret, serial;
758 
759         new = prepare_creds();
760         if (!new)
761                 return -ENOMEM;
762         old = current_cred();
763 
764         /* if no name is provided, install an anonymous keyring */
765         if (!name) {
766                 ret = install_session_keyring_to_cred(new, NULL);
767                 if (ret < 0)
768                         goto error;
769 
770                 serial = new->session_keyring->serial;
771                 ret = commit_creds(new);
772                 if (ret == 0)
773                         ret = serial;
774                 goto okay;
775         }
776 
777         /* allow the user to join or create a named keyring */
778         mutex_lock(&key_session_mutex);
779 
780         /* look for an existing keyring of this name */
781         keyring = find_keyring_by_name(name, false);
782         if (PTR_ERR(keyring) == -ENOKEY) {
783                 /* not found - try and create a new one */
784                 keyring = keyring_alloc(
785                         name, old->uid, old->gid, old,
786                         KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
787                         KEY_ALLOC_IN_QUOTA, NULL);
788                 if (IS_ERR(keyring)) {
789                         ret = PTR_ERR(keyring);
790                         goto error2;
791                 }
792         } else if (IS_ERR(keyring)) {
793                 ret = PTR_ERR(keyring);
794                 goto error2;
795         } else if (keyring == new->session_keyring) {
796                 key_put(keyring);
797                 ret = 0;
798                 goto error2;
799         }
800 
801         /* we've got a keyring - now to install it */
802         ret = install_session_keyring_to_cred(new, keyring);
803         if (ret < 0)
804                 goto error2;
805 
806         commit_creds(new);
807         mutex_unlock(&key_session_mutex);
808 
809         ret = keyring->serial;
810         key_put(keyring);
811 okay:
812         return ret;
813 
814 error2:
815         mutex_unlock(&key_session_mutex);
816 error:
817         abort_creds(new);
818         return ret;
819 }
820 
821 /*
822  * Replace a process's session keyring on behalf of one of its children when
823  * the target  process is about to resume userspace execution.
824  */
825 void key_change_session_keyring(struct callback_head *twork)
826 {
827         const struct cred *old = current_cred();
828         struct cred *new = container_of(twork, struct cred, rcu);
829 
830         if (unlikely(current->flags & PF_EXITING)) {
831                 put_cred(new);
832                 return;
833         }
834 
835         new->  uid      = old->  uid;
836         new-> euid      = old-> euid;
837         new-> suid      = old-> suid;
838         new->fsuid      = old->fsuid;
839         new->  gid      = old->  gid;
840         new-> egid      = old-> egid;
841         new-> sgid      = old-> sgid;
842         new->fsgid      = old->fsgid;
843         new->user       = get_uid(old->user);
844         new->user_ns    = get_user_ns(old->user_ns);
845         new->group_info = get_group_info(old->group_info);
846 
847         new->securebits = old->securebits;
848         new->cap_inheritable    = old->cap_inheritable;
849         new->cap_permitted      = old->cap_permitted;
850         new->cap_effective      = old->cap_effective;
851         new->cap_bset           = old->cap_bset;
852 
853         new->jit_keyring        = old->jit_keyring;
854         new->thread_keyring     = key_get(old->thread_keyring);
855         new->process_keyring    = key_get(old->process_keyring);
856 
857         security_transfer_creds(new, old);
858 
859         commit_creds(new);
860 }
861 
862 /*
863  * Make sure that root's user and user-session keyrings exist.
864  */
865 static int __init init_root_keyring(void)
866 {
867         return install_user_keyrings();
868 }
869 
870 late_initcall(init_root_keyring);
871 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp