~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/security/keys/process_keys.c

Version: ~ [ linux-5.4-rc1 ] ~ [ linux-5.3.2 ] ~ [ linux-5.2.18 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.76 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.146 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.194 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.194 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.74 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-3.9.11 ] ~ [ linux-3.8.13 ] ~ [ linux-3.7.10 ] ~ [ linux-3.6.11 ] ~ [ linux-3.5.7 ] ~ [ linux-3.4.113 ] ~ [ linux-3.3.8 ] ~ [ linux-3.2.102 ] ~ [ linux-3.1.10 ] ~ [ linux-3.0.101 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* Manage a process's keyrings
  2  *
  3  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
  4  * Written by David Howells (dhowells@redhat.com)
  5  *
  6  * This program is free software; you can redistribute it and/or
  7  * modify it under the terms of the GNU General Public License
  8  * as published by the Free Software Foundation; either version
  9  * 2 of the License, or (at your option) any later version.
 10  */
 11 
 12 #include <linux/module.h>
 13 #include <linux/init.h>
 14 #include <linux/sched.h>
 15 #include <linux/keyctl.h>
 16 #include <linux/fs.h>
 17 #include <linux/err.h>
 18 #include <linux/mutex.h>
 19 #include <linux/security.h>
 20 #include <linux/user_namespace.h>
 21 #include <linux/uaccess.h>
 22 #include "internal.h"
 23 
 24 /* Session keyring create vs join semaphore */
 25 static DEFINE_MUTEX(key_session_mutex);
 26 
 27 /* User keyring creation semaphore */
 28 static DEFINE_MUTEX(key_user_keyring_mutex);
 29 
 30 /* The root user's tracking struct */
 31 struct key_user root_key_user = {
 32         .usage          = ATOMIC_INIT(3),
 33         .cons_lock      = __MUTEX_INITIALIZER(root_key_user.cons_lock),
 34         .lock           = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
 35         .nkeys          = ATOMIC_INIT(2),
 36         .nikeys         = ATOMIC_INIT(2),
 37         .uid            = GLOBAL_ROOT_UID,
 38 };
 39 
 40 /*
 41  * Install the user and user session keyrings for the current process's UID.
 42  */
 43 int install_user_keyrings(void)
 44 {
 45         struct user_struct *user;
 46         const struct cred *cred;
 47         struct key *uid_keyring, *session_keyring;
 48         key_perm_t user_keyring_perm;
 49         char buf[20];
 50         int ret;
 51         uid_t uid;
 52 
 53         user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
 54         cred = current_cred();
 55         user = cred->user;
 56         uid = from_kuid(cred->user_ns, user->uid);
 57 
 58         kenter("%p{%u}", user, uid);
 59 
 60         if (user->uid_keyring && user->session_keyring) {
 61                 kleave(" = 0 [exist]");
 62                 return 0;
 63         }
 64 
 65         mutex_lock(&key_user_keyring_mutex);
 66         ret = 0;
 67 
 68         if (!user->uid_keyring) {
 69                 /* get the UID-specific keyring
 70                  * - there may be one in existence already as it may have been
 71                  *   pinned by a session, but the user_struct pointing to it
 72                  *   may have been destroyed by setuid */
 73                 sprintf(buf, "_uid.%u", uid);
 74 
 75                 uid_keyring = find_keyring_by_name(buf, true);
 76                 if (IS_ERR(uid_keyring)) {
 77                         uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID,
 78                                                     cred, user_keyring_perm,
 79                                                     KEY_ALLOC_IN_QUOTA,
 80                                                     NULL, NULL);
 81                         if (IS_ERR(uid_keyring)) {
 82                                 ret = PTR_ERR(uid_keyring);
 83                                 goto error;
 84                         }
 85                 }
 86 
 87                 /* get a default session keyring (which might also exist
 88                  * already) */
 89                 sprintf(buf, "_uid_ses.%u", uid);
 90 
 91                 session_keyring = find_keyring_by_name(buf, true);
 92                 if (IS_ERR(session_keyring)) {
 93                         session_keyring =
 94                                 keyring_alloc(buf, user->uid, INVALID_GID,
 95                                               cred, user_keyring_perm,
 96                                               KEY_ALLOC_IN_QUOTA,
 97                                               NULL, NULL);
 98                         if (IS_ERR(session_keyring)) {
 99                                 ret = PTR_ERR(session_keyring);
100                                 goto error_release;
101                         }
102 
103                         /* we install a link from the user session keyring to
104                          * the user keyring */
105                         ret = key_link(session_keyring, uid_keyring);
106                         if (ret < 0)
107                                 goto error_release_both;
108                 }
109 
110                 /* install the keyrings */
111                 user->uid_keyring = uid_keyring;
112                 user->session_keyring = session_keyring;
113         }
114 
115         mutex_unlock(&key_user_keyring_mutex);
116         kleave(" = 0");
117         return 0;
118 
119 error_release_both:
120         key_put(session_keyring);
121 error_release:
122         key_put(uid_keyring);
123 error:
124         mutex_unlock(&key_user_keyring_mutex);
125         kleave(" = %d", ret);
126         return ret;
127 }
128 
129 /*
130  * Install a thread keyring to the given credentials struct if it didn't have
131  * one already.  This is allowed to overrun the quota.
132  *
133  * Return: 0 if a thread keyring is now present; -errno on failure.
134  */
135 int install_thread_keyring_to_cred(struct cred *new)
136 {
137         struct key *keyring;
138 
139         if (new->thread_keyring)
140                 return 0;
141 
142         keyring = keyring_alloc("_tid", new->uid, new->gid, new,
143                                 KEY_POS_ALL | KEY_USR_VIEW,
144                                 KEY_ALLOC_QUOTA_OVERRUN,
145                                 NULL, NULL);
146         if (IS_ERR(keyring))
147                 return PTR_ERR(keyring);
148 
149         new->thread_keyring = keyring;
150         return 0;
151 }
152 
153 /*
154  * Install a thread keyring to the current task if it didn't have one already.
155  *
156  * Return: 0 if a thread keyring is now present; -errno on failure.
157  */
158 static int install_thread_keyring(void)
159 {
160         struct cred *new;
161         int ret;
162 
163         new = prepare_creds();
164         if (!new)
165                 return -ENOMEM;
166 
167         ret = install_thread_keyring_to_cred(new);
168         if (ret < 0) {
169                 abort_creds(new);
170                 return ret;
171         }
172 
173         return commit_creds(new);
174 }
175 
176 /*
177  * Install a process keyring to the given credentials struct if it didn't have
178  * one already.  This is allowed to overrun the quota.
179  *
180  * Return: 0 if a process keyring is now present; -errno on failure.
181  */
182 int install_process_keyring_to_cred(struct cred *new)
183 {
184         struct key *keyring;
185 
186         if (new->process_keyring)
187                 return 0;
188 
189         keyring = keyring_alloc("_pid", new->uid, new->gid, new,
190                                 KEY_POS_ALL | KEY_USR_VIEW,
191                                 KEY_ALLOC_QUOTA_OVERRUN,
192                                 NULL, NULL);
193         if (IS_ERR(keyring))
194                 return PTR_ERR(keyring);
195 
196         new->process_keyring = keyring;
197         return 0;
198 }
199 
200 /*
201  * Install a process keyring to the current task if it didn't have one already.
202  *
203  * Return: 0 if a process keyring is now present; -errno on failure.
204  */
205 static int install_process_keyring(void)
206 {
207         struct cred *new;
208         int ret;
209 
210         new = prepare_creds();
211         if (!new)
212                 return -ENOMEM;
213 
214         ret = install_process_keyring_to_cred(new);
215         if (ret < 0) {
216                 abort_creds(new);
217                 return ret;
218         }
219 
220         return commit_creds(new);
221 }
222 
223 /*
224  * Install the given keyring as the session keyring of the given credentials
225  * struct, replacing the existing one if any.  If the given keyring is NULL,
226  * then install a new anonymous session keyring.
227  *
228  * Return: 0 on success; -errno on failure.
229  */
230 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
231 {
232         unsigned long flags;
233         struct key *old;
234 
235         might_sleep();
236 
237         /* create an empty session keyring */
238         if (!keyring) {
239                 flags = KEY_ALLOC_QUOTA_OVERRUN;
240                 if (cred->session_keyring)
241                         flags = KEY_ALLOC_IN_QUOTA;
242 
243                 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
244                                         KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
245                                         flags, NULL, NULL);
246                 if (IS_ERR(keyring))
247                         return PTR_ERR(keyring);
248         } else {
249                 __key_get(keyring);
250         }
251 
252         /* install the keyring */
253         old = cred->session_keyring;
254         rcu_assign_pointer(cred->session_keyring, keyring);
255 
256         if (old)
257                 key_put(old);
258 
259         return 0;
260 }
261 
262 /*
263  * Install the given keyring as the session keyring of the current task,
264  * replacing the existing one if any.  If the given keyring is NULL, then
265  * install a new anonymous session keyring.
266  *
267  * Return: 0 on success; -errno on failure.
268  */
269 static int install_session_keyring(struct key *keyring)
270 {
271         struct cred *new;
272         int ret;
273 
274         new = prepare_creds();
275         if (!new)
276                 return -ENOMEM;
277 
278         ret = install_session_keyring_to_cred(new, keyring);
279         if (ret < 0) {
280                 abort_creds(new);
281                 return ret;
282         }
283 
284         return commit_creds(new);
285 }
286 
287 /*
288  * Handle the fsuid changing.
289  */
290 void key_fsuid_changed(struct task_struct *tsk)
291 {
292         /* update the ownership of the thread keyring */
293         BUG_ON(!tsk->cred);
294         if (tsk->cred->thread_keyring) {
295                 down_write(&tsk->cred->thread_keyring->sem);
296                 tsk->cred->thread_keyring->uid = tsk->cred->fsuid;
297                 up_write(&tsk->cred->thread_keyring->sem);
298         }
299 }
300 
301 /*
302  * Handle the fsgid changing.
303  */
304 void key_fsgid_changed(struct task_struct *tsk)
305 {
306         /* update the ownership of the thread keyring */
307         BUG_ON(!tsk->cred);
308         if (tsk->cred->thread_keyring) {
309                 down_write(&tsk->cred->thread_keyring->sem);
310                 tsk->cred->thread_keyring->gid = tsk->cred->fsgid;
311                 up_write(&tsk->cred->thread_keyring->sem);
312         }
313 }
314 
315 /*
316  * Search the process keyrings attached to the supplied cred for the first
317  * matching key.
318  *
319  * The search criteria are the type and the match function.  The description is
320  * given to the match function as a parameter, but doesn't otherwise influence
321  * the search.  Typically the match function will compare the description
322  * parameter to the key's description.
323  *
324  * This can only search keyrings that grant Search permission to the supplied
325  * credentials.  Keyrings linked to searched keyrings will also be searched if
326  * they grant Search permission too.  Keys can only be found if they grant
327  * Search permission to the credentials.
328  *
329  * Returns a pointer to the key with the key usage count incremented if
330  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
331  * matched negative keys.
332  *
333  * In the case of a successful return, the possession attribute is set on the
334  * returned key reference.
335  */
336 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx)
337 {
338         key_ref_t key_ref, ret, err;
339 
340         /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
341          * searchable, but we failed to find a key or we found a negative key;
342          * otherwise we want to return a sample error (probably -EACCES) if
343          * none of the keyrings were searchable
344          *
345          * in terms of priority: success > -ENOKEY > -EAGAIN > other error
346          */
347         key_ref = NULL;
348         ret = NULL;
349         err = ERR_PTR(-EAGAIN);
350 
351         /* search the thread keyring first */
352         if (ctx->cred->thread_keyring) {
353                 key_ref = keyring_search_aux(
354                         make_key_ref(ctx->cred->thread_keyring, 1), ctx);
355                 if (!IS_ERR(key_ref))
356                         goto found;
357 
358                 switch (PTR_ERR(key_ref)) {
359                 case -EAGAIN: /* no key */
360                 case -ENOKEY: /* negative key */
361                         ret = key_ref;
362                         break;
363                 default:
364                         err = key_ref;
365                         break;
366                 }
367         }
368 
369         /* search the process keyring second */
370         if (ctx->cred->process_keyring) {
371                 key_ref = keyring_search_aux(
372                         make_key_ref(ctx->cred->process_keyring, 1), ctx);
373                 if (!IS_ERR(key_ref))
374                         goto found;
375 
376                 switch (PTR_ERR(key_ref)) {
377                 case -EAGAIN: /* no key */
378                         if (ret)
379                                 break;
380                 case -ENOKEY: /* negative key */
381                         ret = key_ref;
382                         break;
383                 default:
384                         err = key_ref;
385                         break;
386                 }
387         }
388 
389         /* search the session keyring */
390         if (ctx->cred->session_keyring) {
391                 rcu_read_lock();
392                 key_ref = keyring_search_aux(
393                         make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1),
394                         ctx);
395                 rcu_read_unlock();
396 
397                 if (!IS_ERR(key_ref))
398                         goto found;
399 
400                 switch (PTR_ERR(key_ref)) {
401                 case -EAGAIN: /* no key */
402                         if (ret)
403                                 break;
404                 case -ENOKEY: /* negative key */
405                         ret = key_ref;
406                         break;
407                 default:
408                         err = key_ref;
409                         break;
410                 }
411         }
412         /* or search the user-session keyring */
413         else if (ctx->cred->user->session_keyring) {
414                 key_ref = keyring_search_aux(
415                         make_key_ref(ctx->cred->user->session_keyring, 1),
416                         ctx);
417                 if (!IS_ERR(key_ref))
418                         goto found;
419 
420                 switch (PTR_ERR(key_ref)) {
421                 case -EAGAIN: /* no key */
422                         if (ret)
423                                 break;
424                 case -ENOKEY: /* negative key */
425                         ret = key_ref;
426                         break;
427                 default:
428                         err = key_ref;
429                         break;
430                 }
431         }
432 
433         /* no key - decide on the error we're going to go for */
434         key_ref = ret ? ret : err;
435 
436 found:
437         return key_ref;
438 }
439 
440 /*
441  * Search the process keyrings attached to the supplied cred for the first
442  * matching key in the manner of search_my_process_keyrings(), but also search
443  * the keys attached to the assumed authorisation key using its credentials if
444  * one is available.
445  *
446  * Return same as search_my_process_keyrings().
447  */
448 key_ref_t search_process_keyrings(struct keyring_search_context *ctx)
449 {
450         struct request_key_auth *rka;
451         key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
452 
453         might_sleep();
454 
455         key_ref = search_my_process_keyrings(ctx);
456         if (!IS_ERR(key_ref))
457                 goto found;
458         err = key_ref;
459 
460         /* if this process has an instantiation authorisation key, then we also
461          * search the keyrings of the process mentioned there
462          * - we don't permit access to request_key auth keys via this method
463          */
464         if (ctx->cred->request_key_auth &&
465             ctx->cred == current_cred() &&
466             ctx->index_key.type != &key_type_request_key_auth
467             ) {
468                 const struct cred *cred = ctx->cred;
469 
470                 /* defend against the auth key being revoked */
471                 down_read(&cred->request_key_auth->sem);
472 
473                 if (key_validate(ctx->cred->request_key_auth) == 0) {
474                         rka = ctx->cred->request_key_auth->payload.data[0];
475 
476                         ctx->cred = rka->cred;
477                         key_ref = search_process_keyrings(ctx);
478                         ctx->cred = cred;
479 
480                         up_read(&cred->request_key_auth->sem);
481 
482                         if (!IS_ERR(key_ref))
483                                 goto found;
484 
485                         ret = key_ref;
486                 } else {
487                         up_read(&cred->request_key_auth->sem);
488                 }
489         }
490 
491         /* no key - decide on the error we're going to go for */
492         if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
493                 key_ref = ERR_PTR(-ENOKEY);
494         else if (err == ERR_PTR(-EACCES))
495                 key_ref = ret;
496         else
497                 key_ref = err;
498 
499 found:
500         return key_ref;
501 }
502 
503 /*
504  * See if the key we're looking at is the target key.
505  */
506 bool lookup_user_key_possessed(const struct key *key,
507                                const struct key_match_data *match_data)
508 {
509         return key == match_data->raw_data;
510 }
511 
512 /*
513  * Look up a key ID given us by userspace with a given permissions mask to get
514  * the key it refers to.
515  *
516  * Flags can be passed to request that special keyrings be created if referred
517  * to directly, to permit partially constructed keys to be found and to skip
518  * validity and permission checks on the found key.
519  *
520  * Returns a pointer to the key with an incremented usage count if successful;
521  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
522  * to a key or the best found key was a negative key; -EKEYREVOKED or
523  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
524  * found key doesn't grant the requested permit or the LSM denied access to it;
525  * or -ENOMEM if a special keyring couldn't be created.
526  *
527  * In the case of a successful return, the possession attribute is set on the
528  * returned key reference.
529  */
530 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
531                           key_perm_t perm)
532 {
533         struct keyring_search_context ctx = {
534                 .match_data.cmp         = lookup_user_key_possessed,
535                 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
536                 .flags                  = KEYRING_SEARCH_NO_STATE_CHECK,
537         };
538         struct request_key_auth *rka;
539         struct key *key;
540         key_ref_t key_ref, skey_ref;
541         int ret;
542 
543 try_again:
544         ctx.cred = get_current_cred();
545         key_ref = ERR_PTR(-ENOKEY);
546 
547         switch (id) {
548         case KEY_SPEC_THREAD_KEYRING:
549                 if (!ctx.cred->thread_keyring) {
550                         if (!(lflags & KEY_LOOKUP_CREATE))
551                                 goto error;
552 
553                         ret = install_thread_keyring();
554                         if (ret < 0) {
555                                 key_ref = ERR_PTR(ret);
556                                 goto error;
557                         }
558                         goto reget_creds;
559                 }
560 
561                 key = ctx.cred->thread_keyring;
562                 __key_get(key);
563                 key_ref = make_key_ref(key, 1);
564                 break;
565 
566         case KEY_SPEC_PROCESS_KEYRING:
567                 if (!ctx.cred->process_keyring) {
568                         if (!(lflags & KEY_LOOKUP_CREATE))
569                                 goto error;
570 
571                         ret = install_process_keyring();
572                         if (ret < 0) {
573                                 key_ref = ERR_PTR(ret);
574                                 goto error;
575                         }
576                         goto reget_creds;
577                 }
578 
579                 key = ctx.cred->process_keyring;
580                 __key_get(key);
581                 key_ref = make_key_ref(key, 1);
582                 break;
583 
584         case KEY_SPEC_SESSION_KEYRING:
585                 if (!ctx.cred->session_keyring) {
586                         /* always install a session keyring upon access if one
587                          * doesn't exist yet */
588                         ret = install_user_keyrings();
589                         if (ret < 0)
590                                 goto error;
591                         if (lflags & KEY_LOOKUP_CREATE)
592                                 ret = join_session_keyring(NULL);
593                         else
594                                 ret = install_session_keyring(
595                                         ctx.cred->user->session_keyring);
596 
597                         if (ret < 0)
598                                 goto error;
599                         goto reget_creds;
600                 } else if (ctx.cred->session_keyring ==
601                            ctx.cred->user->session_keyring &&
602                            lflags & KEY_LOOKUP_CREATE) {
603                         ret = join_session_keyring(NULL);
604                         if (ret < 0)
605                                 goto error;
606                         goto reget_creds;
607                 }
608 
609                 rcu_read_lock();
610                 key = rcu_dereference(ctx.cred->session_keyring);
611                 __key_get(key);
612                 rcu_read_unlock();
613                 key_ref = make_key_ref(key, 1);
614                 break;
615 
616         case KEY_SPEC_USER_KEYRING:
617                 if (!ctx.cred->user->uid_keyring) {
618                         ret = install_user_keyrings();
619                         if (ret < 0)
620                                 goto error;
621                 }
622 
623                 key = ctx.cred->user->uid_keyring;
624                 __key_get(key);
625                 key_ref = make_key_ref(key, 1);
626                 break;
627 
628         case KEY_SPEC_USER_SESSION_KEYRING:
629                 if (!ctx.cred->user->session_keyring) {
630                         ret = install_user_keyrings();
631                         if (ret < 0)
632                                 goto error;
633                 }
634 
635                 key = ctx.cred->user->session_keyring;
636                 __key_get(key);
637                 key_ref = make_key_ref(key, 1);
638                 break;
639 
640         case KEY_SPEC_GROUP_KEYRING:
641                 /* group keyrings are not yet supported */
642                 key_ref = ERR_PTR(-EINVAL);
643                 goto error;
644 
645         case KEY_SPEC_REQKEY_AUTH_KEY:
646                 key = ctx.cred->request_key_auth;
647                 if (!key)
648                         goto error;
649 
650                 __key_get(key);
651                 key_ref = make_key_ref(key, 1);
652                 break;
653 
654         case KEY_SPEC_REQUESTOR_KEYRING:
655                 if (!ctx.cred->request_key_auth)
656                         goto error;
657 
658                 down_read(&ctx.cred->request_key_auth->sem);
659                 if (test_bit(KEY_FLAG_REVOKED,
660                              &ctx.cred->request_key_auth->flags)) {
661                         key_ref = ERR_PTR(-EKEYREVOKED);
662                         key = NULL;
663                 } else {
664                         rka = ctx.cred->request_key_auth->payload.data[0];
665                         key = rka->dest_keyring;
666                         __key_get(key);
667                 }
668                 up_read(&ctx.cred->request_key_auth->sem);
669                 if (!key)
670                         goto error;
671                 key_ref = make_key_ref(key, 1);
672                 break;
673 
674         default:
675                 key_ref = ERR_PTR(-EINVAL);
676                 if (id < 1)
677                         goto error;
678 
679                 key = key_lookup(id);
680                 if (IS_ERR(key)) {
681                         key_ref = ERR_CAST(key);
682                         goto error;
683                 }
684 
685                 key_ref = make_key_ref(key, 0);
686 
687                 /* check to see if we possess the key */
688                 ctx.index_key.type              = key->type;
689                 ctx.index_key.description       = key->description;
690                 ctx.index_key.desc_len          = strlen(key->description);
691                 ctx.match_data.raw_data         = key;
692                 kdebug("check possessed");
693                 skey_ref = search_process_keyrings(&ctx);
694                 kdebug("possessed=%p", skey_ref);
695 
696                 if (!IS_ERR(skey_ref)) {
697                         key_put(key);
698                         key_ref = skey_ref;
699                 }
700 
701                 break;
702         }
703 
704         /* unlink does not use the nominated key in any way, so can skip all
705          * the permission checks as it is only concerned with the keyring */
706         if (lflags & KEY_LOOKUP_FOR_UNLINK) {
707                 ret = 0;
708                 goto error;
709         }
710 
711         if (!(lflags & KEY_LOOKUP_PARTIAL)) {
712                 ret = wait_for_key_construction(key, true);
713                 switch (ret) {
714                 case -ERESTARTSYS:
715                         goto invalid_key;
716                 default:
717                         if (perm)
718                                 goto invalid_key;
719                 case 0:
720                         break;
721                 }
722         } else if (perm) {
723                 ret = key_validate(key);
724                 if (ret < 0)
725                         goto invalid_key;
726         }
727 
728         ret = -EIO;
729         if (!(lflags & KEY_LOOKUP_PARTIAL) &&
730             !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
731                 goto invalid_key;
732 
733         /* check the permissions */
734         ret = key_task_permission(key_ref, ctx.cred, perm);
735         if (ret < 0)
736                 goto invalid_key;
737 
738         key->last_used_at = current_kernel_time().tv_sec;
739 
740 error:
741         put_cred(ctx.cred);
742         return key_ref;
743 
744 invalid_key:
745         key_ref_put(key_ref);
746         key_ref = ERR_PTR(ret);
747         goto error;
748 
749         /* if we attempted to install a keyring, then it may have caused new
750          * creds to be installed */
751 reget_creds:
752         put_cred(ctx.cred);
753         goto try_again;
754 }
755 
756 /*
757  * Join the named keyring as the session keyring if possible else attempt to
758  * create a new one of that name and join that.
759  *
760  * If the name is NULL, an empty anonymous keyring will be installed as the
761  * session keyring.
762  *
763  * Named session keyrings are joined with a semaphore held to prevent the
764  * keyrings from going away whilst the attempt is made to going them and also
765  * to prevent a race in creating compatible session keyrings.
766  */
767 long join_session_keyring(const char *name)
768 {
769         const struct cred *old;
770         struct cred *new;
771         struct key *keyring;
772         long ret, serial;
773 
774         new = prepare_creds();
775         if (!new)
776                 return -ENOMEM;
777         old = current_cred();
778 
779         /* if no name is provided, install an anonymous keyring */
780         if (!name) {
781                 ret = install_session_keyring_to_cred(new, NULL);
782                 if (ret < 0)
783                         goto error;
784 
785                 serial = new->session_keyring->serial;
786                 ret = commit_creds(new);
787                 if (ret == 0)
788                         ret = serial;
789                 goto okay;
790         }
791 
792         /* allow the user to join or create a named keyring */
793         mutex_lock(&key_session_mutex);
794 
795         /* look for an existing keyring of this name */
796         keyring = find_keyring_by_name(name, false);
797         if (PTR_ERR(keyring) == -ENOKEY) {
798                 /* not found - try and create a new one */
799                 keyring = keyring_alloc(
800                         name, old->uid, old->gid, old,
801                         KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
802                         KEY_ALLOC_IN_QUOTA, NULL, NULL);
803                 if (IS_ERR(keyring)) {
804                         ret = PTR_ERR(keyring);
805                         goto error2;
806                 }
807         } else if (IS_ERR(keyring)) {
808                 ret = PTR_ERR(keyring);
809                 goto error2;
810         } else if (keyring == new->session_keyring) {
811                 key_put(keyring);
812                 ret = 0;
813                 goto error2;
814         }
815 
816         /* we've got a keyring - now to install it */
817         ret = install_session_keyring_to_cred(new, keyring);
818         if (ret < 0)
819                 goto error2;
820 
821         commit_creds(new);
822         mutex_unlock(&key_session_mutex);
823 
824         ret = keyring->serial;
825         key_put(keyring);
826 okay:
827         return ret;
828 
829 error2:
830         mutex_unlock(&key_session_mutex);
831 error:
832         abort_creds(new);
833         return ret;
834 }
835 
836 /*
837  * Replace a process's session keyring on behalf of one of its children when
838  * the target  process is about to resume userspace execution.
839  */
840 void key_change_session_keyring(struct callback_head *twork)
841 {
842         const struct cred *old = current_cred();
843         struct cred *new = container_of(twork, struct cred, rcu);
844 
845         if (unlikely(current->flags & PF_EXITING)) {
846                 put_cred(new);
847                 return;
848         }
849 
850         new->  uid      = old->  uid;
851         new-> euid      = old-> euid;
852         new-> suid      = old-> suid;
853         new->fsuid      = old->fsuid;
854         new->  gid      = old->  gid;
855         new-> egid      = old-> egid;
856         new-> sgid      = old-> sgid;
857         new->fsgid      = old->fsgid;
858         new->user       = get_uid(old->user);
859         new->user_ns    = get_user_ns(old->user_ns);
860         new->group_info = get_group_info(old->group_info);
861 
862         new->securebits = old->securebits;
863         new->cap_inheritable    = old->cap_inheritable;
864         new->cap_permitted      = old->cap_permitted;
865         new->cap_effective      = old->cap_effective;
866         new->cap_ambient        = old->cap_ambient;
867         new->cap_bset           = old->cap_bset;
868 
869         new->jit_keyring        = old->jit_keyring;
870         new->thread_keyring     = key_get(old->thread_keyring);
871         new->process_keyring    = key_get(old->process_keyring);
872 
873         security_transfer_creds(new, old);
874 
875         commit_creds(new);
876 }
877 
878 /*
879  * Make sure that root's user and user-session keyrings exist.
880  */
881 static int __init init_root_keyring(void)
882 {
883         return install_user_keyrings();
884 }
885 
886 late_initcall(init_root_keyring);
887 

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | Wiki (Japanese) | Wiki (English) | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

osdn.jp