1 /* process_keys.c: management of a process's keyrings 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <asm/uaccess.h> 20 #include "internal.h" 21 22 /* session keyring create vs join semaphore */ 23 static DECLARE_MUTEX(key_session_sem); 24 25 /* the root user's tracking struct */ 26 struct key_user root_key_user = { 27 .usage = ATOMIC_INIT(3), 28 .consq = LIST_HEAD_INIT(root_key_user.consq), 29 .lock = SPIN_LOCK_UNLOCKED, 30 .nkeys = ATOMIC_INIT(2), 31 .nikeys = ATOMIC_INIT(2), 32 .uid = 0, 33 }; 34 35 /* the root user's UID keyring */ 36 struct key root_user_keyring = { 37 .usage = ATOMIC_INIT(1), 38 .serial = 2, 39 .type = &key_type_keyring, 40 .user = &root_key_user, 41 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 42 .perm = KEY_USR_ALL, 43 .flags = 1 << KEY_FLAG_INSTANTIATED, 44 .description = "_uid.0", 45 #ifdef KEY_DEBUGGING 46 .magic = KEY_DEBUG_MAGIC, 47 #endif 48 }; 49 50 /* the root user's default session keyring */ 51 struct key root_session_keyring = { 52 .usage = ATOMIC_INIT(1), 53 .serial = 1, 54 .type = &key_type_keyring, 55 .user = &root_key_user, 56 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 57 .perm = KEY_USR_ALL, 58 .flags = 1 << KEY_FLAG_INSTANTIATED, 59 .description = "_uid_ses.0", 60 #ifdef KEY_DEBUGGING 61 .magic = KEY_DEBUG_MAGIC, 62 #endif 63 }; 64 65 /*****************************************************************************/ 66 /* 67 * allocate the keyrings to be associated with a UID 68 */ 69 int alloc_uid_keyring(struct user_struct *user) 70 { 71 struct key *uid_keyring, *session_keyring; 72 char buf[20]; 73 int ret; 74 75 /* concoct a default session keyring */ 76 sprintf(buf, "_uid_ses.%u", user->uid); 77 78 session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, NULL); 79 if (IS_ERR(session_keyring)) { 80 ret = PTR_ERR(session_keyring); 81 goto error; 82 } 83 84 /* and a UID specific keyring, pointed to by the default session 85 * keyring */ 86 sprintf(buf, "_uid.%u", user->uid); 87 88 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, 89 session_keyring); 90 if (IS_ERR(uid_keyring)) { 91 key_put(session_keyring); 92 ret = PTR_ERR(uid_keyring); 93 goto error; 94 } 95 96 /* install the keyrings */ 97 user->uid_keyring = uid_keyring; 98 user->session_keyring = session_keyring; 99 ret = 0; 100 101 error: 102 return ret; 103 104 } /* end alloc_uid_keyring() */ 105 106 /*****************************************************************************/ 107 /* 108 * deal with the UID changing 109 */ 110 void switch_uid_keyring(struct user_struct *new_user) 111 { 112 #if 0 /* do nothing for now */ 113 struct key *old; 114 115 /* switch to the new user's session keyring if we were running under 116 * root's default session keyring */ 117 if (new_user->uid != 0 && 118 current->session_keyring == &root_session_keyring 119 ) { 120 atomic_inc(&new_user->session_keyring->usage); 121 122 task_lock(current); 123 old = current->session_keyring; 124 current->session_keyring = new_user->session_keyring; 125 task_unlock(current); 126 127 key_put(old); 128 } 129 #endif 130 131 } /* end switch_uid_keyring() */ 132 133 /*****************************************************************************/ 134 /* 135 * install a fresh thread keyring, discarding the old one 136 */ 137 int install_thread_keyring(struct task_struct *tsk) 138 { 139 struct key *keyring, *old; 140 char buf[20]; 141 int ret; 142 143 sprintf(buf, "_tid.%u", tsk->pid); 144 145 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 146 if (IS_ERR(keyring)) { 147 ret = PTR_ERR(keyring); 148 goto error; 149 } 150 151 task_lock(tsk); 152 old = tsk->thread_keyring; 153 tsk->thread_keyring = keyring; 154 task_unlock(tsk); 155 156 ret = 0; 157 158 key_put(old); 159 error: 160 return ret; 161 162 } /* end install_thread_keyring() */ 163 164 /*****************************************************************************/ 165 /* 166 * make sure a process keyring is installed 167 */ 168 int install_process_keyring(struct task_struct *tsk) 169 { 170 unsigned long flags; 171 struct key *keyring; 172 char buf[20]; 173 int ret; 174 175 if (!tsk->signal->process_keyring) { 176 sprintf(buf, "_pid.%u", tsk->tgid); 177 178 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 179 if (IS_ERR(keyring)) { 180 ret = PTR_ERR(keyring); 181 goto error; 182 } 183 184 /* attach keyring */ 185 spin_lock_irqsave(&tsk->sighand->siglock, flags); 186 if (!tsk->signal->process_keyring) { 187 tsk->signal->process_keyring = keyring; 188 keyring = NULL; 189 } 190 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 191 192 key_put(keyring); 193 } 194 195 ret = 0; 196 error: 197 return ret; 198 199 } /* end install_process_keyring() */ 200 201 /*****************************************************************************/ 202 /* 203 * install a session keyring, discarding the old one 204 * - if a keyring is not supplied, an empty one is invented 205 */ 206 static int install_session_keyring(struct task_struct *tsk, 207 struct key *keyring) 208 { 209 unsigned long flags; 210 struct key *old; 211 char buf[20]; 212 int ret; 213 214 /* create an empty session keyring */ 215 if (!keyring) { 216 sprintf(buf, "_ses.%u", tsk->tgid); 217 218 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 219 if (IS_ERR(keyring)) { 220 ret = PTR_ERR(keyring); 221 goto error; 222 } 223 } 224 else { 225 atomic_inc(&keyring->usage); 226 } 227 228 /* install the keyring */ 229 spin_lock_irqsave(&tsk->sighand->siglock, flags); 230 old = rcu_dereference(tsk->signal->session_keyring); 231 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 232 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 233 234 ret = 0; 235 236 /* we're using RCU on the pointer */ 237 synchronize_rcu(); 238 key_put(old); 239 error: 240 return ret; 241 242 } /* end install_session_keyring() */ 243 244 /*****************************************************************************/ 245 /* 246 * copy the keys in a thread group for fork without CLONE_THREAD 247 */ 248 int copy_thread_group_keys(struct task_struct *tsk) 249 { 250 key_check(current->thread_group->session_keyring); 251 key_check(current->thread_group->process_keyring); 252 253 /* no process keyring yet */ 254 tsk->signal->process_keyring = NULL; 255 256 /* same session keyring */ 257 rcu_read_lock(); 258 tsk->signal->session_keyring = 259 key_get(rcu_dereference(current->signal->session_keyring)); 260 rcu_read_unlock(); 261 262 return 0; 263 264 } /* end copy_thread_group_keys() */ 265 266 /*****************************************************************************/ 267 /* 268 * copy the keys for fork 269 */ 270 int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 271 { 272 key_check(tsk->thread_keyring); 273 274 /* no thread keyring yet */ 275 tsk->thread_keyring = NULL; 276 return 0; 277 278 } /* end copy_keys() */ 279 280 /*****************************************************************************/ 281 /* 282 * dispose of thread group keys upon thread group destruction 283 */ 284 void exit_thread_group_keys(struct signal_struct *tg) 285 { 286 key_put(tg->session_keyring); 287 key_put(tg->process_keyring); 288 289 } /* end exit_thread_group_keys() */ 290 291 /*****************************************************************************/ 292 /* 293 * dispose of keys upon thread exit 294 */ 295 void exit_keys(struct task_struct *tsk) 296 { 297 key_put(tsk->thread_keyring); 298 299 } /* end exit_keys() */ 300 301 /*****************************************************************************/ 302 /* 303 * deal with execve() 304 */ 305 int exec_keys(struct task_struct *tsk) 306 { 307 unsigned long flags; 308 struct key *old; 309 310 /* newly exec'd tasks don't get a thread keyring */ 311 task_lock(tsk); 312 old = tsk->thread_keyring; 313 tsk->thread_keyring = NULL; 314 task_unlock(tsk); 315 316 key_put(old); 317 318 /* discard the process keyring from a newly exec'd task */ 319 spin_lock_irqsave(&tsk->sighand->siglock, flags); 320 old = tsk->signal->process_keyring; 321 tsk->signal->process_keyring = NULL; 322 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 323 324 key_put(old); 325 326 return 0; 327 328 } /* end exec_keys() */ 329 330 /*****************************************************************************/ 331 /* 332 * deal with SUID programs 333 * - we might want to make this invent a new session keyring 334 */ 335 int suid_keys(struct task_struct *tsk) 336 { 337 return 0; 338 339 } /* end suid_keys() */ 340 341 /*****************************************************************************/ 342 /* 343 * the filesystem user ID changed 344 */ 345 void key_fsuid_changed(struct task_struct *tsk) 346 { 347 /* update the ownership of the thread keyring */ 348 if (tsk->thread_keyring) { 349 down_write(&tsk->thread_keyring->sem); 350 tsk->thread_keyring->uid = tsk->fsuid; 351 up_write(&tsk->thread_keyring->sem); 352 } 353 354 } /* end key_fsuid_changed() */ 355 356 /*****************************************************************************/ 357 /* 358 * the filesystem group ID changed 359 */ 360 void key_fsgid_changed(struct task_struct *tsk) 361 { 362 /* update the ownership of the thread keyring */ 363 if (tsk->thread_keyring) { 364 down_write(&tsk->thread_keyring->sem); 365 tsk->thread_keyring->gid = tsk->fsgid; 366 up_write(&tsk->thread_keyring->sem); 367 } 368 369 } /* end key_fsgid_changed() */ 370 371 /*****************************************************************************/ 372 /* 373 * search the process keyrings for the first matching key 374 * - we use the supplied match function to see if the description (or other 375 * feature of interest) matches 376 * - we return -EAGAIN if we didn't find any matching key 377 * - we return -ENOKEY if we found only negative matching keys 378 */ 379 struct key *search_process_keyrings(struct key_type *type, 380 const void *description, 381 key_match_func_t match, 382 struct task_struct *context) 383 { 384 struct request_key_auth *rka; 385 struct key *key, *ret, *err, *instkey; 386 387 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 388 * searchable, but we failed to find a key or we found a negative key; 389 * otherwise we want to return a sample error (probably -EACCES) if 390 * none of the keyrings were searchable 391 * 392 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 393 */ 394 key = NULL; 395 ret = NULL; 396 err = ERR_PTR(-EAGAIN); 397 398 /* search the thread keyring first */ 399 if (context->thread_keyring) { 400 key = keyring_search_aux(context->thread_keyring, 401 context, type, description, match); 402 if (!IS_ERR(key)) 403 goto found; 404 405 switch (PTR_ERR(key)) { 406 case -EAGAIN: /* no key */ 407 if (ret) 408 break; 409 case -ENOKEY: /* negative key */ 410 ret = key; 411 break; 412 default: 413 err = key; 414 break; 415 } 416 } 417 418 /* search the process keyring second */ 419 if (context->signal->process_keyring) { 420 key = keyring_search_aux(context->signal->process_keyring, 421 context, type, description, match); 422 if (!IS_ERR(key)) 423 goto found; 424 425 switch (PTR_ERR(key)) { 426 case -EAGAIN: /* no key */ 427 if (ret) 428 break; 429 case -ENOKEY: /* negative key */ 430 ret = key; 431 break; 432 default: 433 err = key; 434 break; 435 } 436 } 437 438 /* search the session keyring */ 439 if (context->signal->session_keyring) { 440 rcu_read_lock(); 441 key = keyring_search_aux( 442 rcu_dereference(context->signal->session_keyring), 443 context, type, description, match); 444 rcu_read_unlock(); 445 446 if (!IS_ERR(key)) 447 goto found; 448 449 switch (PTR_ERR(key)) { 450 case -EAGAIN: /* no key */ 451 if (ret) 452 break; 453 case -ENOKEY: /* negative key */ 454 ret = key; 455 break; 456 default: 457 err = key; 458 break; 459 } 460 461 /* if this process has a session keyring and that has an 462 * instantiation authorisation key in the bottom level, then we 463 * also search the keyrings of the process mentioned there */ 464 if (context != current) 465 goto no_key; 466 467 rcu_read_lock(); 468 instkey = __keyring_search_one( 469 rcu_dereference(context->signal->session_keyring), 470 &key_type_request_key_auth, NULL, 0); 471 rcu_read_unlock(); 472 473 if (IS_ERR(instkey)) 474 goto no_key; 475 476 rka = instkey->payload.data; 477 478 key = search_process_keyrings(type, description, match, 479 rka->context); 480 key_put(instkey); 481 482 if (!IS_ERR(key)) 483 goto found; 484 485 switch (PTR_ERR(key)) { 486 case -EAGAIN: /* no key */ 487 if (ret) 488 break; 489 case -ENOKEY: /* negative key */ 490 ret = key; 491 break; 492 default: 493 err = key; 494 break; 495 } 496 } 497 /* or search the user-session keyring */ 498 else { 499 key = keyring_search_aux(context->user->session_keyring, 500 context, type, description, match); 501 if (!IS_ERR(key)) 502 goto found; 503 504 switch (PTR_ERR(key)) { 505 case -EAGAIN: /* no key */ 506 if (ret) 507 break; 508 case -ENOKEY: /* negative key */ 509 ret = key; 510 break; 511 default: 512 err = key; 513 break; 514 } 515 } 516 517 518 no_key: 519 /* no key - decide on the error we're going to go for */ 520 key = ret ? ret : err; 521 522 found: 523 return key; 524 525 } /* end search_process_keyrings() */ 526 527 /*****************************************************************************/ 528 /* 529 * lookup a key given a key ID from userspace with a given permissions mask 530 * - don't create special keyrings unless so requested 531 * - partially constructed keys aren't found unless requested 532 */ 533 struct key *lookup_user_key(struct task_struct *context, key_serial_t id, 534 int create, int partial, key_perm_t perm) 535 { 536 struct key *key; 537 int ret; 538 539 if (!context) 540 context = current; 541 542 key = ERR_PTR(-ENOKEY); 543 544 switch (id) { 545 case KEY_SPEC_THREAD_KEYRING: 546 if (!context->thread_keyring) { 547 if (!create) 548 goto error; 549 550 ret = install_thread_keyring(context); 551 if (ret < 0) { 552 key = ERR_PTR(ret); 553 goto error; 554 } 555 } 556 557 key = context->thread_keyring; 558 atomic_inc(&key->usage); 559 break; 560 561 case KEY_SPEC_PROCESS_KEYRING: 562 if (!context->signal->process_keyring) { 563 if (!create) 564 goto error; 565 566 ret = install_process_keyring(context); 567 if (ret < 0) { 568 key = ERR_PTR(ret); 569 goto error; 570 } 571 } 572 573 key = context->signal->process_keyring; 574 atomic_inc(&key->usage); 575 break; 576 577 case KEY_SPEC_SESSION_KEYRING: 578 if (!context->signal->session_keyring) { 579 /* always install a session keyring upon access if one 580 * doesn't exist yet */ 581 ret = install_session_keyring( 582 context, context->user->session_keyring); 583 if (ret < 0) 584 goto error; 585 } 586 587 rcu_read_lock(); 588 key = rcu_dereference(context->signal->session_keyring); 589 atomic_inc(&key->usage); 590 rcu_read_unlock(); 591 break; 592 593 case KEY_SPEC_USER_KEYRING: 594 key = context->user->uid_keyring; 595 atomic_inc(&key->usage); 596 break; 597 598 case KEY_SPEC_USER_SESSION_KEYRING: 599 key = context->user->session_keyring; 600 atomic_inc(&key->usage); 601 break; 602 603 case KEY_SPEC_GROUP_KEYRING: 604 /* group keyrings are not yet supported */ 605 key = ERR_PTR(-EINVAL); 606 goto error; 607 608 default: 609 key = ERR_PTR(-EINVAL); 610 if (id < 1) 611 goto error; 612 613 key = key_lookup(id); 614 if (IS_ERR(key)) 615 goto error; 616 break; 617 } 618 619 /* check the status */ 620 if (perm) { 621 ret = key_validate(key); 622 if (ret < 0) 623 goto invalid_key; 624 } 625 626 ret = -EIO; 627 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 628 goto invalid_key; 629 630 /* check the permissions */ 631 ret = -EACCES; 632 633 if (!key_task_permission(key, context, perm)) 634 goto invalid_key; 635 636 error: 637 return key; 638 639 invalid_key: 640 key_put(key); 641 key = ERR_PTR(ret); 642 goto error; 643 644 } /* end lookup_user_key() */ 645 646 /*****************************************************************************/ 647 /* 648 * join the named keyring as the session keyring if possible, or attempt to 649 * create a new one of that name if not 650 * - if the name is NULL, an empty anonymous keyring is installed instead 651 * - named session keyring joining is done with a semaphore held 652 */ 653 long join_session_keyring(const char *name) 654 { 655 struct task_struct *tsk = current; 656 struct key *keyring; 657 long ret; 658 659 /* if no name is provided, install an anonymous keyring */ 660 if (!name) { 661 ret = install_session_keyring(tsk, NULL); 662 if (ret < 0) 663 goto error; 664 665 rcu_read_lock(); 666 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 667 rcu_read_unlock(); 668 goto error; 669 } 670 671 /* allow the user to join or create a named keyring */ 672 down(&key_session_sem); 673 674 /* look for an existing keyring of this name */ 675 keyring = find_keyring_by_name(name, 0); 676 if (PTR_ERR(keyring) == -ENOKEY) { 677 /* not found - try and create a new one */ 678 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 679 if (IS_ERR(keyring)) { 680 ret = PTR_ERR(keyring); 681 goto error2; 682 } 683 } 684 else if (IS_ERR(keyring)) { 685 ret = PTR_ERR(keyring); 686 goto error2; 687 } 688 689 /* we've got a keyring - now to install it */ 690 ret = install_session_keyring(tsk, keyring); 691 if (ret < 0) 692 goto error2; 693 694 ret = keyring->serial; 695 key_put(keyring); 696 697 error2: 698 up(&key_session_sem); 699 error: 700 return ret; 701 702 } /* end join_session_keyring() */ 703