David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 1 | /* Management of a process's keyrings |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 2 | * |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
| 10 | */ |
| 11 | |
| 12 | #include <linux/module.h> |
| 13 | #include <linux/init.h> |
| 14 | #include <linux/sched.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 15 | #include <linux/keyctl.h> |
| 16 | #include <linux/fs.h> |
| 17 | #include <linux/err.h> |
Ingo Molnar | bb00307 | 2006-03-22 00:09:14 -0800 | [diff] [blame] | 18 | #include <linux/mutex.h> |
David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 19 | #include <linux/security.h> |
Serge E. Hallyn | 1d1e975 | 2009-02-26 18:27:38 -0600 | [diff] [blame] | 20 | #include <linux/user_namespace.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 21 | #include <asm/uaccess.h> |
| 22 | #include "internal.h" |
| 23 | |
| 24 | /* session keyring create vs join semaphore */ |
Ingo Molnar | bb00307 | 2006-03-22 00:09:14 -0800 | [diff] [blame] | 25 | static DEFINE_MUTEX(key_session_mutex); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 26 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 27 | /* user keyring creation semaphore */ |
| 28 | static DEFINE_MUTEX(key_user_keyring_mutex); |
| 29 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 30 | /* the root user's tracking struct */ |
| 31 | struct key_user root_key_user = { |
| 32 | .usage = ATOMIC_INIT(3), |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
Peter Zijlstra | 6cfd76a | 2006-12-06 20:37:22 -0800 | [diff] [blame] | 34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 35 | .nkeys = ATOMIC_INIT(2), |
| 36 | .nikeys = ATOMIC_INIT(2), |
| 37 | .uid = 0, |
Serge E. Hallyn | 1d1e975 | 2009-02-26 18:27:38 -0600 | [diff] [blame] | 38 | .user_ns = &init_user_ns, |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 39 | }; |
| 40 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 41 | /* |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 42 | * install user and user session keyrings for a particular UID |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 43 | */ |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 44 | int install_user_keyrings(void) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 45 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 46 | struct user_struct *user; |
| 47 | const struct cred *cred; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 48 | struct key *uid_keyring, *session_keyring; |
| 49 | char buf[20]; |
| 50 | int ret; |
| 51 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 52 | cred = current_cred(); |
| 53 | user = cred->user; |
| 54 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 55 | kenter("%p{%u}", user, user->uid); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 56 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 57 | if (user->uid_keyring) { |
| 58 | kleave(" = 0 [exist]"); |
| 59 | return 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 60 | } |
| 61 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 62 | mutex_lock(&key_user_keyring_mutex); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | ret = 0; |
| 64 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 65 | if (!user->uid_keyring) { |
| 66 | /* get the UID-specific keyring |
| 67 | * - there may be one in existence already as it may have been |
| 68 | * pinned by a session, but the user_struct pointing to it |
| 69 | * may have been destroyed by setuid */ |
| 70 | sprintf(buf, "_uid.%u", user->uid); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 71 | |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 72 | uid_keyring = find_keyring_by_name(buf, true); |
| 73 | if (IS_ERR(uid_keyring)) { |
| 74 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 75 | cred, KEY_ALLOC_IN_QUOTA, |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 76 | NULL); |
| 77 | if (IS_ERR(uid_keyring)) { |
| 78 | ret = PTR_ERR(uid_keyring); |
| 79 | goto error; |
| 80 | } |
| 81 | } |
| 82 | |
| 83 | /* get a default session keyring (which might also exist |
| 84 | * already) */ |
| 85 | sprintf(buf, "_uid_ses.%u", user->uid); |
| 86 | |
| 87 | session_keyring = find_keyring_by_name(buf, true); |
| 88 | if (IS_ERR(session_keyring)) { |
| 89 | session_keyring = |
| 90 | keyring_alloc(buf, user->uid, (gid_t) -1, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 91 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 92 | if (IS_ERR(session_keyring)) { |
| 93 | ret = PTR_ERR(session_keyring); |
| 94 | goto error_release; |
| 95 | } |
| 96 | |
| 97 | /* we install a link from the user session keyring to |
| 98 | * the user keyring */ |
| 99 | ret = key_link(session_keyring, uid_keyring); |
| 100 | if (ret < 0) |
| 101 | goto error_release_both; |
| 102 | } |
| 103 | |
| 104 | /* install the keyrings */ |
| 105 | user->uid_keyring = uid_keyring; |
| 106 | user->session_keyring = session_keyring; |
| 107 | } |
| 108 | |
| 109 | mutex_unlock(&key_user_keyring_mutex); |
| 110 | kleave(" = 0"); |
| 111 | return 0; |
| 112 | |
| 113 | error_release_both: |
| 114 | key_put(session_keyring); |
| 115 | error_release: |
| 116 | key_put(uid_keyring); |
| 117 | error: |
| 118 | mutex_unlock(&key_user_keyring_mutex); |
| 119 | kleave(" = %d", ret); |
| 120 | return ret; |
| 121 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 122 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 123 | /* |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 124 | * install a fresh thread keyring directly to new credentials |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 125 | */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 126 | int install_thread_keyring_to_cred(struct cred *new) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 127 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 128 | struct key *keyring; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 129 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 130 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
| 131 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
| 132 | if (IS_ERR(keyring)) |
| 133 | return PTR_ERR(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 134 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 135 | new->thread_keyring = keyring; |
| 136 | return 0; |
| 137 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 138 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 139 | /* |
| 140 | * install a fresh thread keyring, discarding the old one |
| 141 | */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 142 | static int install_thread_keyring(void) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 143 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 144 | struct cred *new; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 145 | int ret; |
| 146 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 147 | new = prepare_creds(); |
| 148 | if (!new) |
| 149 | return -ENOMEM; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 150 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 151 | BUG_ON(new->thread_keyring); |
| 152 | |
| 153 | ret = install_thread_keyring_to_cred(new); |
| 154 | if (ret < 0) { |
| 155 | abort_creds(new); |
| 156 | return ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 157 | } |
| 158 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 159 | return commit_creds(new); |
| 160 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 161 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 162 | /* |
| 163 | * install a process keyring directly to a credentials struct |
| 164 | * - returns -EEXIST if there was already a process keyring, 0 if one installed, |
| 165 | * and other -ve on any other error |
| 166 | */ |
| 167 | int install_process_keyring_to_cred(struct cred *new) |
| 168 | { |
| 169 | struct key *keyring; |
| 170 | int ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 171 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 172 | if (new->tgcred->process_keyring) |
| 173 | return -EEXIST; |
| 174 | |
| 175 | keyring = keyring_alloc("_pid", new->uid, new->gid, |
| 176 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); |
| 177 | if (IS_ERR(keyring)) |
| 178 | return PTR_ERR(keyring); |
| 179 | |
| 180 | spin_lock_irq(&new->tgcred->lock); |
| 181 | if (!new->tgcred->process_keyring) { |
| 182 | new->tgcred->process_keyring = keyring; |
| 183 | keyring = NULL; |
| 184 | ret = 0; |
| 185 | } else { |
| 186 | ret = -EEXIST; |
| 187 | } |
| 188 | spin_unlock_irq(&new->tgcred->lock); |
| 189 | key_put(keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 190 | return ret; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 191 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 192 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 193 | /* |
| 194 | * make sure a process keyring is installed |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 195 | * - we |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 196 | */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 197 | static int install_process_keyring(void) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 198 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 199 | struct cred *new; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 200 | int ret; |
| 201 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 202 | new = prepare_creds(); |
| 203 | if (!new) |
| 204 | return -ENOMEM; |
David Howells | 1a26feb | 2006-04-10 22:54:26 -0700 | [diff] [blame] | 205 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 206 | ret = install_process_keyring_to_cred(new); |
| 207 | if (ret < 0) { |
| 208 | abort_creds(new); |
Andi Kleen | 27d6379 | 2010-10-28 13:16:13 +0100 | [diff] [blame] | 209 | return ret != -EEXIST ? ret : 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 210 | } |
| 211 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 212 | return commit_creds(new); |
| 213 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 214 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 215 | /* |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 216 | * install a session keyring directly to a credentials struct |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 217 | */ |
Oleg Nesterov | 685bfd2 | 2010-05-26 14:43:00 -0700 | [diff] [blame] | 218 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 219 | { |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 220 | unsigned long flags; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 221 | struct key *old; |
David Howells | 1a26feb | 2006-04-10 22:54:26 -0700 | [diff] [blame] | 222 | |
| 223 | might_sleep(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 224 | |
| 225 | /* create an empty session keyring */ |
| 226 | if (!keyring) { |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 228 | if (cred->tgcred->session_keyring) |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 229 | flags = KEY_ALLOC_IN_QUOTA; |
| 230 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
| 232 | cred, flags, NULL); |
David Howells | 1a26feb | 2006-04-10 22:54:26 -0700 | [diff] [blame] | 233 | if (IS_ERR(keyring)) |
| 234 | return PTR_ERR(keyring); |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 235 | } else { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 236 | atomic_inc(&keyring->usage); |
| 237 | } |
| 238 | |
| 239 | /* install the keyring */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 240 | spin_lock_irq(&cred->tgcred->lock); |
| 241 | old = cred->tgcred->session_keyring; |
| 242 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); |
| 243 | spin_unlock_irq(&cred->tgcred->lock); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 244 | |
David Howells | 1a26feb | 2006-04-10 22:54:26 -0700 | [diff] [blame] | 245 | /* we're using RCU on the pointer, but there's no point synchronising |
| 246 | * on it if it didn't previously point to anything */ |
| 247 | if (old) { |
| 248 | synchronize_rcu(); |
| 249 | key_put(old); |
| 250 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 251 | |
David Howells | 1a26feb | 2006-04-10 22:54:26 -0700 | [diff] [blame] | 252 | return 0; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 253 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 254 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 255 | /* |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 256 | * install a session keyring, discarding the old one |
| 257 | * - if a keyring is not supplied, an empty one is invented |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 258 | */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 259 | static int install_session_keyring(struct key *keyring) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 260 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 261 | struct cred *new; |
| 262 | int ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 263 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 264 | new = prepare_creds(); |
| 265 | if (!new) |
| 266 | return -ENOMEM; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 267 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 268 | ret = install_session_keyring_to_cred(new, NULL); |
| 269 | if (ret < 0) { |
| 270 | abort_creds(new); |
| 271 | return ret; |
| 272 | } |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 273 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 274 | return commit_creds(new); |
| 275 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 276 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 277 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 278 | * the filesystem user ID changed |
| 279 | */ |
| 280 | void key_fsuid_changed(struct task_struct *tsk) |
| 281 | { |
| 282 | /* update the ownership of the thread keyring */ |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 283 | BUG_ON(!tsk->cred); |
| 284 | if (tsk->cred->thread_keyring) { |
| 285 | down_write(&tsk->cred->thread_keyring->sem); |
| 286 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; |
| 287 | up_write(&tsk->cred->thread_keyring->sem); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 288 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame^] | 289 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 290 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 291 | /* |
| 292 | * the filesystem group ID changed |
| 293 | */ |
| 294 | void key_fsgid_changed(struct task_struct *tsk) |
| 295 | { |
| 296 | /* update the ownership of the thread keyring */ |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 297 | BUG_ON(!tsk->cred); |
| 298 | if (tsk->cred->thread_keyring) { |
| 299 | down_write(&tsk->cred->thread_keyring->sem); |
| 300 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; |
| 301 | up_write(&tsk->cred->thread_keyring->sem); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 302 | } |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame^] | 303 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 304 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 305 | /* |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 306 | * search only my process keyrings for the first matching key |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 307 | * - we use the supplied match function to see if the description (or other |
| 308 | * feature of interest) matches |
| 309 | * - we return -EAGAIN if we didn't find any matching key |
| 310 | * - we return -ENOKEY if we found only negative matching keys |
| 311 | */ |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 312 | key_ref_t search_my_process_keyrings(struct key_type *type, |
| 313 | const void *description, |
| 314 | key_match_func_t match, |
| 315 | const struct cred *cred) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 316 | { |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 317 | key_ref_t key_ref, ret, err; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 318 | |
| 319 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
| 320 | * searchable, but we failed to find a key or we found a negative key; |
| 321 | * otherwise we want to return a sample error (probably -EACCES) if |
| 322 | * none of the keyrings were searchable |
| 323 | * |
| 324 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error |
| 325 | */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 326 | key_ref = NULL; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 327 | ret = NULL; |
| 328 | err = ERR_PTR(-EAGAIN); |
| 329 | |
| 330 | /* search the thread keyring first */ |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 331 | if (cred->thread_keyring) { |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 332 | key_ref = keyring_search_aux( |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 333 | make_key_ref(cred->thread_keyring, 1), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 334 | cred, type, description, match); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 335 | if (!IS_ERR(key_ref)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 336 | goto found; |
| 337 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 338 | switch (PTR_ERR(key_ref)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 339 | case -EAGAIN: /* no key */ |
| 340 | if (ret) |
| 341 | break; |
| 342 | case -ENOKEY: /* negative key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 343 | ret = key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 344 | break; |
| 345 | default: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 346 | err = key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 347 | break; |
| 348 | } |
| 349 | } |
| 350 | |
| 351 | /* search the process keyring second */ |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 352 | if (cred->tgcred->process_keyring) { |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 353 | key_ref = keyring_search_aux( |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 354 | make_key_ref(cred->tgcred->process_keyring, 1), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 355 | cred, type, description, match); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 356 | if (!IS_ERR(key_ref)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 357 | goto found; |
| 358 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 359 | switch (PTR_ERR(key_ref)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 360 | case -EAGAIN: /* no key */ |
| 361 | if (ret) |
| 362 | break; |
| 363 | case -ENOKEY: /* negative key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 364 | ret = key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 365 | break; |
| 366 | default: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 367 | err = key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 368 | break; |
| 369 | } |
| 370 | } |
| 371 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 372 | /* search the session keyring */ |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 373 | if (cred->tgcred->session_keyring) { |
David Howells | 8589b4e | 2005-06-23 22:00:53 -0700 | [diff] [blame] | 374 | rcu_read_lock(); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 375 | key_ref = keyring_search_aux( |
| 376 | make_key_ref(rcu_dereference( |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 377 | cred->tgcred->session_keyring), |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 378 | 1), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 379 | cred, type, description, match); |
David Howells | 8589b4e | 2005-06-23 22:00:53 -0700 | [diff] [blame] | 380 | rcu_read_unlock(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 381 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 382 | if (!IS_ERR(key_ref)) |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 383 | goto found; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 384 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 385 | switch (PTR_ERR(key_ref)) { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 386 | case -EAGAIN: /* no key */ |
| 387 | if (ret) |
| 388 | break; |
| 389 | case -ENOKEY: /* negative key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 390 | ret = key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 391 | break; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 392 | default: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 393 | err = key_ref; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 394 | break; |
| 395 | } |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 396 | } |
| 397 | /* or search the user-session keyring */ |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 398 | else if (cred->user->session_keyring) { |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 399 | key_ref = keyring_search_aux( |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 400 | make_key_ref(cred->user->session_keyring, 1), |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 401 | cred, type, description, match); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 402 | if (!IS_ERR(key_ref)) |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 403 | goto found; |
| 404 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 405 | switch (PTR_ERR(key_ref)) { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 406 | case -EAGAIN: /* no key */ |
| 407 | if (ret) |
| 408 | break; |
| 409 | case -ENOKEY: /* negative key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 410 | ret = key_ref; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 411 | break; |
| 412 | default: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 413 | err = key_ref; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 414 | break; |
| 415 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 416 | } |
| 417 | |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 418 | /* no key - decide on the error we're going to go for */ |
| 419 | key_ref = ret ? ret : err; |
| 420 | |
| 421 | found: |
| 422 | return key_ref; |
| 423 | } |
| 424 | |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 425 | /* |
| 426 | * search the process keyrings for the first matching key |
| 427 | * - we use the supplied match function to see if the description (or other |
| 428 | * feature of interest) matches |
| 429 | * - we return -EAGAIN if we didn't find any matching key |
| 430 | * - we return -ENOKEY if we found only negative matching keys |
| 431 | */ |
| 432 | key_ref_t search_process_keyrings(struct key_type *type, |
| 433 | const void *description, |
| 434 | key_match_func_t match, |
| 435 | const struct cred *cred) |
| 436 | { |
| 437 | struct request_key_auth *rka; |
| 438 | key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; |
| 439 | |
| 440 | might_sleep(); |
| 441 | |
| 442 | key_ref = search_my_process_keyrings(type, description, match, cred); |
| 443 | if (!IS_ERR(key_ref)) |
| 444 | goto found; |
| 445 | err = key_ref; |
| 446 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 447 | /* if this process has an instantiation authorisation key, then we also |
| 448 | * search the keyrings of the process mentioned there |
| 449 | * - we don't permit access to request_key auth keys via this method |
| 450 | */ |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 451 | if (cred->request_key_auth && |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 452 | cred == current_cred() && |
David Howells | 04c567d | 2006-06-22 14:47:18 -0700 | [diff] [blame] | 453 | type != &key_type_request_key_auth |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 454 | ) { |
David Howells | 04c567d | 2006-06-22 14:47:18 -0700 | [diff] [blame] | 455 | /* defend against the auth key being revoked */ |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 456 | down_read(&cred->request_key_auth->sem); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 457 | |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 458 | if (key_validate(cred->request_key_auth) == 0) { |
| 459 | rka = cred->request_key_auth->payload.data; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 460 | |
David Howells | 04c567d | 2006-06-22 14:47:18 -0700 | [diff] [blame] | 461 | key_ref = search_process_keyrings(type, description, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 462 | match, rka->cred); |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 463 | |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 464 | up_read(&cred->request_key_auth->sem); |
David Howells | 04c567d | 2006-06-22 14:47:18 -0700 | [diff] [blame] | 465 | |
| 466 | if (!IS_ERR(key_ref)) |
| 467 | goto found; |
| 468 | |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 469 | ret = key_ref; |
David Howells | 04c567d | 2006-06-22 14:47:18 -0700 | [diff] [blame] | 470 | } else { |
David Howells | c69e8d9 | 2008-11-14 10:39:19 +1100 | [diff] [blame] | 471 | up_read(&cred->request_key_auth->sem); |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 472 | } |
| 473 | } |
| 474 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 475 | /* no key - decide on the error we're going to go for */ |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 476 | if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) |
| 477 | key_ref = ERR_PTR(-ENOKEY); |
| 478 | else if (err == ERR_PTR(-EACCES)) |
| 479 | key_ref = ret; |
| 480 | else |
| 481 | key_ref = err; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 482 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 483 | found: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 484 | return key_ref; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame^] | 485 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 486 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 487 | /* |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 488 | * see if the key we're looking at is the target key |
| 489 | */ |
David Howells | 927942a | 2010-06-11 17:31:10 +0100 | [diff] [blame] | 490 | int lookup_user_key_possessed(const struct key *key, const void *target) |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 491 | { |
| 492 | return key == target; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame^] | 493 | } |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 494 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 495 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 496 | * lookup a key given a key ID from userspace with a given permissions mask |
| 497 | * - don't create special keyrings unless so requested |
| 498 | * - partially constructed keys aren't found unless requested |
| 499 | */ |
David Howells | 5593122 | 2009-09-02 09:13:45 +0100 | [diff] [blame] | 500 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 501 | key_perm_t perm) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 502 | { |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 503 | struct request_key_auth *rka; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 504 | const struct cred *cred; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 505 | struct key *key; |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 506 | key_ref_t key_ref, skey_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 507 | int ret; |
| 508 | |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 509 | try_again: |
| 510 | cred = get_current_cred(); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 511 | key_ref = ERR_PTR(-ENOKEY); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 512 | |
| 513 | switch (id) { |
| 514 | case KEY_SPEC_THREAD_KEYRING: |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 515 | if (!cred->thread_keyring) { |
David Howells | 5593122 | 2009-09-02 09:13:45 +0100 | [diff] [blame] | 516 | if (!(lflags & KEY_LOOKUP_CREATE)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 517 | goto error; |
| 518 | |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 519 | ret = install_thread_keyring(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 520 | if (ret < 0) { |
Dan Carpenter | 4d09ec0 | 2010-05-17 14:42:35 +0100 | [diff] [blame] | 521 | key_ref = ERR_PTR(ret); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 522 | goto error; |
| 523 | } |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 524 | goto reget_creds; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 525 | } |
| 526 | |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 527 | key = cred->thread_keyring; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 528 | atomic_inc(&key->usage); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 529 | key_ref = make_key_ref(key, 1); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 530 | break; |
| 531 | |
| 532 | case KEY_SPEC_PROCESS_KEYRING: |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 533 | if (!cred->tgcred->process_keyring) { |
David Howells | 5593122 | 2009-09-02 09:13:45 +0100 | [diff] [blame] | 534 | if (!(lflags & KEY_LOOKUP_CREATE)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 535 | goto error; |
| 536 | |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 537 | ret = install_process_keyring(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 538 | if (ret < 0) { |
Dan Carpenter | 4d09ec0 | 2010-05-17 14:42:35 +0100 | [diff] [blame] | 539 | key_ref = ERR_PTR(ret); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 540 | goto error; |
| 541 | } |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 542 | goto reget_creds; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 543 | } |
| 544 | |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 545 | key = cred->tgcred->process_keyring; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 546 | atomic_inc(&key->usage); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 547 | key_ref = make_key_ref(key, 1); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 548 | break; |
| 549 | |
| 550 | case KEY_SPEC_SESSION_KEYRING: |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 551 | if (!cred->tgcred->session_keyring) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 552 | /* always install a session keyring upon access if one |
| 553 | * doesn't exist yet */ |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 554 | ret = install_user_keyrings(); |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 555 | if (ret < 0) |
| 556 | goto error; |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 557 | ret = install_session_keyring( |
| 558 | cred->user->session_keyring); |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 559 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 560 | if (ret < 0) |
| 561 | goto error; |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 562 | goto reget_creds; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 563 | } |
| 564 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 565 | rcu_read_lock(); |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 566 | key = rcu_dereference(cred->tgcred->session_keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 567 | atomic_inc(&key->usage); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 568 | rcu_read_unlock(); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 569 | key_ref = make_key_ref(key, 1); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 570 | break; |
| 571 | |
| 572 | case KEY_SPEC_USER_KEYRING: |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 573 | if (!cred->user->uid_keyring) { |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 574 | ret = install_user_keyrings(); |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 575 | if (ret < 0) |
| 576 | goto error; |
| 577 | } |
| 578 | |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 579 | key = cred->user->uid_keyring; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 580 | atomic_inc(&key->usage); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 581 | key_ref = make_key_ref(key, 1); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 582 | break; |
| 583 | |
| 584 | case KEY_SPEC_USER_SESSION_KEYRING: |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 585 | if (!cred->user->session_keyring) { |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 586 | ret = install_user_keyrings(); |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 587 | if (ret < 0) |
| 588 | goto error; |
| 589 | } |
| 590 | |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 591 | key = cred->user->session_keyring; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 592 | atomic_inc(&key->usage); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 593 | key_ref = make_key_ref(key, 1); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 594 | break; |
| 595 | |
| 596 | case KEY_SPEC_GROUP_KEYRING: |
| 597 | /* group keyrings are not yet supported */ |
Dan Carpenter | 4d09ec0 | 2010-05-17 14:42:35 +0100 | [diff] [blame] | 598 | key_ref = ERR_PTR(-EINVAL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 599 | goto error; |
| 600 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 601 | case KEY_SPEC_REQKEY_AUTH_KEY: |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 602 | key = cred->request_key_auth; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 603 | if (!key) |
| 604 | goto error; |
| 605 | |
| 606 | atomic_inc(&key->usage); |
| 607 | key_ref = make_key_ref(key, 1); |
| 608 | break; |
| 609 | |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 610 | case KEY_SPEC_REQUESTOR_KEYRING: |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 611 | if (!cred->request_key_auth) |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 612 | goto error; |
| 613 | |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 614 | down_read(&cred->request_key_auth->sem); |
| 615 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 616 | key_ref = ERR_PTR(-EKEYREVOKED); |
| 617 | key = NULL; |
| 618 | } else { |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 619 | rka = cred->request_key_auth->payload.data; |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 620 | key = rka->dest_keyring; |
| 621 | atomic_inc(&key->usage); |
| 622 | } |
David Howells | b6dff3e | 2008-11-14 10:39:16 +1100 | [diff] [blame] | 623 | up_read(&cred->request_key_auth->sem); |
David Howells | 8bbf4976 | 2008-11-14 10:39:14 +1100 | [diff] [blame] | 624 | if (!key) |
| 625 | goto error; |
| 626 | key_ref = make_key_ref(key, 1); |
| 627 | break; |
| 628 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 629 | default: |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 630 | key_ref = ERR_PTR(-EINVAL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 631 | if (id < 1) |
| 632 | goto error; |
| 633 | |
| 634 | key = key_lookup(id); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 635 | if (IS_ERR(key)) { |
David Howells | e231c2e | 2008-02-07 00:15:26 -0800 | [diff] [blame] | 636 | key_ref = ERR_CAST(key); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 637 | goto error; |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 638 | } |
| 639 | |
| 640 | key_ref = make_key_ref(key, 0); |
| 641 | |
| 642 | /* check to see if we possess the key */ |
| 643 | skey_ref = search_process_keyrings(key->type, key, |
| 644 | lookup_user_key_possessed, |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 645 | cred); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 646 | |
| 647 | if (!IS_ERR(skey_ref)) { |
| 648 | key_put(key); |
| 649 | key_ref = skey_ref; |
| 650 | } |
| 651 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 652 | break; |
| 653 | } |
| 654 | |
David Howells | 5593122 | 2009-09-02 09:13:45 +0100 | [diff] [blame] | 655 | /* unlink does not use the nominated key in any way, so can skip all |
| 656 | * the permission checks as it is only concerned with the keyring */ |
| 657 | if (lflags & KEY_LOOKUP_FOR_UNLINK) { |
| 658 | ret = 0; |
| 659 | goto error; |
| 660 | } |
| 661 | |
| 662 | if (!(lflags & KEY_LOOKUP_PARTIAL)) { |
David Howells | 76181c1 | 2007-10-16 23:29:46 -0700 | [diff] [blame] | 663 | ret = wait_for_key_construction(key, true); |
| 664 | switch (ret) { |
| 665 | case -ERESTARTSYS: |
| 666 | goto invalid_key; |
| 667 | default: |
| 668 | if (perm) |
| 669 | goto invalid_key; |
| 670 | case 0: |
| 671 | break; |
| 672 | } |
| 673 | } else if (perm) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 674 | ret = key_validate(key); |
| 675 | if (ret < 0) |
| 676 | goto invalid_key; |
| 677 | } |
| 678 | |
| 679 | ret = -EIO; |
David Howells | 5593122 | 2009-09-02 09:13:45 +0100 | [diff] [blame] | 680 | if (!(lflags & KEY_LOOKUP_PARTIAL) && |
| 681 | !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 682 | goto invalid_key; |
| 683 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 684 | /* check the permissions */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 685 | ret = key_task_permission(key_ref, cred, perm); |
David Howells | 29db919 | 2005-10-30 15:02:44 -0800 | [diff] [blame] | 686 | if (ret < 0) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 687 | goto invalid_key; |
| 688 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 689 | error: |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 690 | put_cred(cred); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 691 | return key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 692 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 693 | invalid_key: |
| 694 | key_ref_put(key_ref); |
| 695 | key_ref = ERR_PTR(ret); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 696 | goto error; |
| 697 | |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 698 | /* if we attempted to install a keyring, then it may have caused new |
| 699 | * creds to be installed */ |
| 700 | reget_creds: |
| 701 | put_cred(cred); |
| 702 | goto try_again; |
David Howells | a8b17ed | 2011-01-20 16:38:27 +0000 | [diff] [blame^] | 703 | } |
David Howells | bb952bb | 2008-11-14 10:39:20 +1100 | [diff] [blame] | 704 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 705 | /* |
| 706 | * join the named keyring as the session keyring if possible, or attempt to |
| 707 | * create a new one of that name if not |
| 708 | * - if the name is NULL, an empty anonymous keyring is installed instead |
| 709 | * - named session keyring joining is done with a semaphore held |
| 710 | */ |
| 711 | long join_session_keyring(const char *name) |
| 712 | { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 713 | const struct cred *old; |
| 714 | struct cred *new; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 715 | struct key *keyring; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 716 | long ret, serial; |
| 717 | |
| 718 | /* only permit this if there's a single thread in the thread group - |
| 719 | * this avoids us having to adjust the creds on all threads and risking |
| 720 | * ENOMEM */ |
Oleg Nesterov | 5bb459b | 2009-07-10 03:48:23 +0200 | [diff] [blame] | 721 | if (!current_is_single_threaded()) |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 722 | return -EMLINK; |
| 723 | |
| 724 | new = prepare_creds(); |
| 725 | if (!new) |
| 726 | return -ENOMEM; |
| 727 | old = current_cred(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 728 | |
| 729 | /* if no name is provided, install an anonymous keyring */ |
| 730 | if (!name) { |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 731 | ret = install_session_keyring_to_cred(new, NULL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 732 | if (ret < 0) |
| 733 | goto error; |
| 734 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 735 | serial = new->tgcred->session_keyring->serial; |
| 736 | ret = commit_creds(new); |
| 737 | if (ret == 0) |
| 738 | ret = serial; |
| 739 | goto okay; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 740 | } |
| 741 | |
| 742 | /* allow the user to join or create a named keyring */ |
Ingo Molnar | bb00307 | 2006-03-22 00:09:14 -0800 | [diff] [blame] | 743 | mutex_lock(&key_session_mutex); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 744 | |
| 745 | /* look for an existing keyring of this name */ |
David Howells | 69664cf | 2008-04-29 01:01:31 -0700 | [diff] [blame] | 746 | keyring = find_keyring_by_name(name, false); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 747 | if (PTR_ERR(keyring) == -ENOKEY) { |
| 748 | /* not found - try and create a new one */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 749 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 750 | KEY_ALLOC_IN_QUOTA, NULL); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 751 | if (IS_ERR(keyring)) { |
| 752 | ret = PTR_ERR(keyring); |
David Howells | bcf945d | 2005-08-04 13:07:06 -0700 | [diff] [blame] | 753 | goto error2; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 754 | } |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 755 | } else if (IS_ERR(keyring)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 756 | ret = PTR_ERR(keyring); |
| 757 | goto error2; |
| 758 | } |
| 759 | |
| 760 | /* we've got a keyring - now to install it */ |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 761 | ret = install_session_keyring_to_cred(new, keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 762 | if (ret < 0) |
| 763 | goto error2; |
| 764 | |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 765 | commit_creds(new); |
| 766 | mutex_unlock(&key_session_mutex); |
| 767 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 768 | ret = keyring->serial; |
| 769 | key_put(keyring); |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 770 | okay: |
| 771 | return ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 772 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 773 | error2: |
Ingo Molnar | bb00307 | 2006-03-22 00:09:14 -0800 | [diff] [blame] | 774 | mutex_unlock(&key_session_mutex); |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 775 | error: |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 776 | abort_creds(new); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 777 | return ret; |
David Howells | d84f4f9 | 2008-11-14 10:39:23 +1100 | [diff] [blame] | 778 | } |
David Howells | ee18d64 | 2009-09-02 09:14:21 +0100 | [diff] [blame] | 779 | |
| 780 | /* |
| 781 | * Replace a process's session keyring when that process resumes userspace on |
| 782 | * behalf of one of its children |
| 783 | */ |
| 784 | void key_replace_session_keyring(void) |
| 785 | { |
| 786 | const struct cred *old; |
| 787 | struct cred *new; |
| 788 | |
| 789 | if (!current->replacement_session_keyring) |
| 790 | return; |
| 791 | |
| 792 | write_lock_irq(&tasklist_lock); |
| 793 | new = current->replacement_session_keyring; |
| 794 | current->replacement_session_keyring = NULL; |
| 795 | write_unlock_irq(&tasklist_lock); |
| 796 | |
| 797 | if (!new) |
| 798 | return; |
| 799 | |
| 800 | old = current_cred(); |
| 801 | new-> uid = old-> uid; |
| 802 | new-> euid = old-> euid; |
| 803 | new-> suid = old-> suid; |
| 804 | new->fsuid = old->fsuid; |
| 805 | new-> gid = old-> gid; |
| 806 | new-> egid = old-> egid; |
| 807 | new-> sgid = old-> sgid; |
| 808 | new->fsgid = old->fsgid; |
| 809 | new->user = get_uid(old->user); |
| 810 | new->group_info = get_group_info(old->group_info); |
| 811 | |
| 812 | new->securebits = old->securebits; |
| 813 | new->cap_inheritable = old->cap_inheritable; |
| 814 | new->cap_permitted = old->cap_permitted; |
| 815 | new->cap_effective = old->cap_effective; |
| 816 | new->cap_bset = old->cap_bset; |
| 817 | |
| 818 | new->jit_keyring = old->jit_keyring; |
| 819 | new->thread_keyring = key_get(old->thread_keyring); |
| 820 | new->tgcred->tgid = old->tgcred->tgid; |
| 821 | new->tgcred->process_keyring = key_get(old->tgcred->process_keyring); |
| 822 | |
| 823 | security_transfer_creds(new, old); |
| 824 | |
| 825 | commit_creds(new); |
| 826 | } |