1 /* process_keys.c: management of a process's keyrings 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <asm/uaccess.h> 20 #include "internal.h" 21 22 /* session keyring create vs join semaphore */ 23 static DECLARE_MUTEX(key_session_sem); 24 25 /* the root user's tracking struct */ 26 struct key_user root_key_user = { 27 .usage = ATOMIC_INIT(3), 28 .consq = LIST_HEAD_INIT(root_key_user.consq), 29 .lock = SPIN_LOCK_UNLOCKED, 30 .nkeys = ATOMIC_INIT(2), 31 .nikeys = ATOMIC_INIT(2), 32 .uid = 0, 33 }; 34 35 /* the root user's UID keyring */ 36 struct key root_user_keyring = { 37 .usage = ATOMIC_INIT(1), 38 .serial = 2, 39 .type = &key_type_keyring, 40 .user = &root_key_user, 41 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 42 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 43 .flags = 1 << KEY_FLAG_INSTANTIATED, 44 .description = "_uid.0", 45 #ifdef KEY_DEBUGGING 46 .magic = KEY_DEBUG_MAGIC, 47 #endif 48 }; 49 50 /* the root user's default session keyring */ 51 struct key root_session_keyring = { 52 .usage = ATOMIC_INIT(1), 53 .serial = 1, 54 .type = &key_type_keyring, 55 .user = &root_key_user, 56 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 57 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 58 .flags = 1 << KEY_FLAG_INSTANTIATED, 59 .description = "_uid_ses.0", 60 #ifdef KEY_DEBUGGING 61 .magic = KEY_DEBUG_MAGIC, 62 #endif 63 }; 64 65 /*****************************************************************************/ 66 /* 67 * allocate the keyrings to be associated with a UID 68 */ 69 int alloc_uid_keyring(struct user_struct *user) 70 { 71 struct key *uid_keyring, *session_keyring; 72 char buf[20]; 73 int ret; 74 75 /* concoct a default session keyring */ 76 sprintf(buf, "_uid_ses.%u", user->uid); 77 78 session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, NULL); 79 if (IS_ERR(session_keyring)) { 80 ret = PTR_ERR(session_keyring); 81 goto error; 82 } 83 84 /* and a UID specific keyring, pointed to by the default session 85 * keyring */ 86 sprintf(buf, "_uid.%u", user->uid); 87 88 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, 89 session_keyring); 90 if (IS_ERR(uid_keyring)) { 91 key_put(session_keyring); 92 ret = PTR_ERR(uid_keyring); 93 goto error; 94 } 95 96 /* install the keyrings */ 97 user->uid_keyring = uid_keyring; 98 user->session_keyring = session_keyring; 99 ret = 0; 100 101 error: 102 return ret; 103 104 } /* end alloc_uid_keyring() */ 105 106 /*****************************************************************************/ 107 /* 108 * deal with the UID changing 109 */ 110 void switch_uid_keyring(struct user_struct *new_user) 111 { 112 #if 0 /* do nothing for now */ 113 struct key *old; 114 115 /* switch to the new user's session keyring if we were running under 116 * root's default session keyring */ 117 if (new_user->uid != 0 && 118 current->session_keyring == &root_session_keyring 119 ) { 120 atomic_inc(&new_user->session_keyring->usage); 121 122 task_lock(current); 123 old = current->session_keyring; 124 current->session_keyring = new_user->session_keyring; 125 task_unlock(current); 126 127 key_put(old); 128 } 129 #endif 130 131 } /* end switch_uid_keyring() */ 132 133 /*****************************************************************************/ 134 /* 135 * install a fresh thread keyring, discarding the old one 136 */ 137 int install_thread_keyring(struct task_struct *tsk) 138 { 139 struct key *keyring, *old; 140 char buf[20]; 141 int ret; 142 143 sprintf(buf, "_tid.%u", tsk->pid); 144 145 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 146 if (IS_ERR(keyring)) { 147 ret = PTR_ERR(keyring); 148 goto error; 149 } 150 151 task_lock(tsk); 152 old = tsk->thread_keyring; 153 tsk->thread_keyring = keyring; 154 task_unlock(tsk); 155 156 ret = 0; 157 158 key_put(old); 159 error: 160 return ret; 161 162 } /* end install_thread_keyring() */ 163 164 /*****************************************************************************/ 165 /* 166 * make sure a process keyring is installed 167 */ 168 int install_process_keyring(struct task_struct *tsk) 169 { 170 unsigned long flags; 171 struct key *keyring; 172 char buf[20]; 173 int ret; 174 175 if (!tsk->signal->process_keyring) { 176 sprintf(buf, "_pid.%u", tsk->tgid); 177 178 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 179 if (IS_ERR(keyring)) { 180 ret = PTR_ERR(keyring); 181 goto error; 182 } 183 184 /* attach keyring */ 185 spin_lock_irqsave(&tsk->sighand->siglock, flags); 186 if (!tsk->signal->process_keyring) { 187 tsk->signal->process_keyring = keyring; 188 keyring = NULL; 189 } 190 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 191 192 key_put(keyring); 193 } 194 195 ret = 0; 196 error: 197 return ret; 198 199 } /* end install_process_keyring() */ 200 201 /*****************************************************************************/ 202 /* 203 * install a session keyring, discarding the old one 204 * - if a keyring is not supplied, an empty one is invented 205 */ 206 static int install_session_keyring(struct task_struct *tsk, 207 struct key *keyring) 208 { 209 unsigned long flags; 210 struct key *old; 211 char buf[20]; 212 int ret; 213 214 /* create an empty session keyring */ 215 if (!keyring) { 216 sprintf(buf, "_ses.%u", tsk->tgid); 217 218 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 219 if (IS_ERR(keyring)) { 220 ret = PTR_ERR(keyring); 221 goto error; 222 } 223 } 224 else { 225 atomic_inc(&keyring->usage); 226 } 227 228 /* install the keyring */ 229 spin_lock_irqsave(&tsk->sighand->siglock, flags); 230 old = rcu_dereference(tsk->signal->session_keyring); 231 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 232 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 233 234 ret = 0; 235 236 /* we're using RCU on the pointer */ 237 synchronize_rcu(); 238 key_put(old); 239 error: 240 return ret; 241 242 } /* end install_session_keyring() */ 243 244 /*****************************************************************************/ 245 /* 246 * copy the keys in a thread group for fork without CLONE_THREAD 247 */ 248 int copy_thread_group_keys(struct task_struct *tsk) 249 { 250 key_check(current->thread_group->session_keyring); 251 key_check(current->thread_group->process_keyring); 252 253 /* no process keyring yet */ 254 tsk->signal->process_keyring = NULL; 255 256 /* same session keyring */ 257 rcu_read_lock(); 258 tsk->signal->session_keyring = 259 key_get(rcu_dereference(current->signal->session_keyring)); 260 rcu_read_unlock(); 261 262 return 0; 263 264 } /* end copy_thread_group_keys() */ 265 266 /*****************************************************************************/ 267 /* 268 * copy the keys for fork 269 */ 270 int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 271 { 272 key_check(tsk->thread_keyring); 273 274 /* no thread keyring yet */ 275 tsk->thread_keyring = NULL; 276 return 0; 277 278 } /* end copy_keys() */ 279 280 /*****************************************************************************/ 281 /* 282 * dispose of thread group keys upon thread group destruction 283 */ 284 void exit_thread_group_keys(struct signal_struct *tg) 285 { 286 key_put(tg->session_keyring); 287 key_put(tg->process_keyring); 288 289 } /* end exit_thread_group_keys() */ 290 291 /*****************************************************************************/ 292 /* 293 * dispose of keys upon thread exit 294 */ 295 void exit_keys(struct task_struct *tsk) 296 { 297 key_put(tsk->thread_keyring); 298 299 } /* end exit_keys() */ 300 301 /*****************************************************************************/ 302 /* 303 * deal with execve() 304 */ 305 int exec_keys(struct task_struct *tsk) 306 { 307 unsigned long flags; 308 struct key *old; 309 310 /* newly exec'd tasks don't get a thread keyring */ 311 task_lock(tsk); 312 old = tsk->thread_keyring; 313 tsk->thread_keyring = NULL; 314 task_unlock(tsk); 315 316 key_put(old); 317 318 /* discard the process keyring from a newly exec'd task */ 319 spin_lock_irqsave(&tsk->sighand->siglock, flags); 320 old = tsk->signal->process_keyring; 321 tsk->signal->process_keyring = NULL; 322 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 323 324 key_put(old); 325 326 return 0; 327 328 } /* end exec_keys() */ 329 330 /*****************************************************************************/ 331 /* 332 * deal with SUID programs 333 * - we might want to make this invent a new session keyring 334 */ 335 int suid_keys(struct task_struct *tsk) 336 { 337 return 0; 338 339 } /* end suid_keys() */ 340 341 /*****************************************************************************/ 342 /* 343 * the filesystem user ID changed 344 */ 345 void key_fsuid_changed(struct task_struct *tsk) 346 { 347 /* update the ownership of the thread keyring */ 348 if (tsk->thread_keyring) { 349 down_write(&tsk->thread_keyring->sem); 350 tsk->thread_keyring->uid = tsk->fsuid; 351 up_write(&tsk->thread_keyring->sem); 352 } 353 354 } /* end key_fsuid_changed() */ 355 356 /*****************************************************************************/ 357 /* 358 * the filesystem group ID changed 359 */ 360 void key_fsgid_changed(struct task_struct *tsk) 361 { 362 /* update the ownership of the thread keyring */ 363 if (tsk->thread_keyring) { 364 down_write(&tsk->thread_keyring->sem); 365 tsk->thread_keyring->gid = tsk->fsgid; 366 up_write(&tsk->thread_keyring->sem); 367 } 368 369 } /* end key_fsgid_changed() */ 370 371 /*****************************************************************************/ 372 /* 373 * search the process keyrings for the first matching key 374 * - we use the supplied match function to see if the description (or other 375 * feature of interest) matches 376 * - we return -EAGAIN if we didn't find any matching key 377 * - we return -ENOKEY if we found only negative matching keys 378 */ 379 key_ref_t search_process_keyrings(struct key_type *type, 380 const void *description, 381 key_match_func_t match, 382 struct task_struct *context) 383 { 384 struct request_key_auth *rka; 385 key_ref_t key_ref, ret, err, instkey_ref; 386 387 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 388 * searchable, but we failed to find a key or we found a negative key; 389 * otherwise we want to return a sample error (probably -EACCES) if 390 * none of the keyrings were searchable 391 * 392 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 393 */ 394 key_ref = NULL; 395 ret = NULL; 396 err = ERR_PTR(-EAGAIN); 397 398 /* search the thread keyring first */ 399 if (context->thread_keyring) { 400 key_ref = keyring_search_aux( 401 make_key_ref(context->thread_keyring, 1), 402 context, type, description, match); 403 if (!IS_ERR(key_ref)) 404 goto found; 405 406 switch (PTR_ERR(key_ref)) { 407 case -EAGAIN: /* no key */ 408 if (ret) 409 break; 410 case -ENOKEY: /* negative key */ 411 ret = key_ref; 412 break; 413 default: 414 err = key_ref; 415 break; 416 } 417 } 418 419 /* search the process keyring second */ 420 if (context->signal->process_keyring) { 421 key_ref = keyring_search_aux( 422 make_key_ref(context->signal->process_keyring, 1), 423 context, type, description, match); 424 if (!IS_ERR(key_ref)) 425 goto found; 426 427 switch (PTR_ERR(key_ref)) { 428 case -EAGAIN: /* no key */ 429 if (ret) 430 break; 431 case -ENOKEY: /* negative key */ 432 ret = key_ref; 433 break; 434 default: 435 err = key_ref; 436 break; 437 } 438 } 439 440 /* search the session keyring */ 441 if (context->signal->session_keyring) { 442 rcu_read_lock(); 443 key_ref = keyring_search_aux( 444 make_key_ref(rcu_dereference( 445 context->signal->session_keyring), 446 1), 447 context, type, description, match); 448 rcu_read_unlock(); 449 450 if (!IS_ERR(key_ref)) 451 goto found; 452 453 switch (PTR_ERR(key_ref)) { 454 case -EAGAIN: /* no key */ 455 if (ret) 456 break; 457 case -ENOKEY: /* negative key */ 458 ret = key_ref; 459 break; 460 default: 461 err = key_ref; 462 break; 463 } 464 465 /* if this process has a session keyring and that has an 466 * instantiation authorisation key in the bottom level, then we 467 * also search the keyrings of the process mentioned there */ 468 if (context != current) 469 goto no_key; 470 471 rcu_read_lock(); 472 instkey_ref = __keyring_search_one( 473 make_key_ref(rcu_dereference( 474 context->signal->session_keyring), 475 1), 476 &key_type_request_key_auth, NULL, 0); 477 rcu_read_unlock(); 478 479 if (IS_ERR(instkey_ref)) 480 goto no_key; 481 482 rka = key_ref_to_ptr(instkey_ref)->payload.data; 483 484 key_ref = search_process_keyrings(type, description, match, 485 rka->context); 486 key_ref_put(instkey_ref); 487 488 if (!IS_ERR(key_ref)) 489 goto found; 490 491 switch (PTR_ERR(key_ref)) { 492 case -EAGAIN: /* no key */ 493 if (ret) 494 break; 495 case -ENOKEY: /* negative key */ 496 ret = key_ref; 497 break; 498 default: 499 err = key_ref; 500 break; 501 } 502 } 503 /* or search the user-session keyring */ 504 else { 505 key_ref = keyring_search_aux( 506 make_key_ref(context->user->session_keyring, 1), 507 context, type, description, match); 508 if (!IS_ERR(key_ref)) 509 goto found; 510 511 switch (PTR_ERR(key_ref)) { 512 case -EAGAIN: /* no key */ 513 if (ret) 514 break; 515 case -ENOKEY: /* negative key */ 516 ret = key_ref; 517 break; 518 default: 519 err = key_ref; 520 break; 521 } 522 } 523 524 525 no_key: 526 /* no key - decide on the error we're going to go for */ 527 key_ref = ret ? ret : err; 528 529 found: 530 return key_ref; 531 532 } /* end search_process_keyrings() */ 533 534 /*****************************************************************************/ 535 /* 536 * see if the key we're looking at is the target key 537 */ 538 static int lookup_user_key_possessed(const struct key *key, const void *target) 539 { 540 return key == target; 541 542 } /* end lookup_user_key_possessed() */ 543 544 /*****************************************************************************/ 545 /* 546 * lookup a key given a key ID from userspace with a given permissions mask 547 * - don't create special keyrings unless so requested 548 * - partially constructed keys aren't found unless requested 549 */ 550 key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, 551 int create, int partial, key_perm_t perm) 552 { 553 key_ref_t key_ref, skey_ref; 554 struct key *key; 555 int ret; 556 557 if (!context) 558 context = current; 559 560 key_ref = ERR_PTR(-ENOKEY); 561 562 switch (id) { 563 case KEY_SPEC_THREAD_KEYRING: 564 if (!context->thread_keyring) { 565 if (!create) 566 goto error; 567 568 ret = install_thread_keyring(context); 569 if (ret < 0) { 570 key = ERR_PTR(ret); 571 goto error; 572 } 573 } 574 575 key = context->thread_keyring; 576 atomic_inc(&key->usage); 577 key_ref = make_key_ref(key, 1); 578 break; 579 580 case KEY_SPEC_PROCESS_KEYRING: 581 if (!context->signal->process_keyring) { 582 if (!create) 583 goto error; 584 585 ret = install_process_keyring(context); 586 if (ret < 0) { 587 key = ERR_PTR(ret); 588 goto error; 589 } 590 } 591 592 key = context->signal->process_keyring; 593 atomic_inc(&key->usage); 594 key_ref = make_key_ref(key, 1); 595 break; 596 597 case KEY_SPEC_SESSION_KEYRING: 598 if (!context->signal->session_keyring) { 599 /* always install a session keyring upon access if one 600 * doesn't exist yet */ 601 ret = install_session_keyring( 602 context, context->user->session_keyring); 603 if (ret < 0) 604 goto error; 605 } 606 607 rcu_read_lock(); 608 key = rcu_dereference(context->signal->session_keyring); 609 atomic_inc(&key->usage); 610 rcu_read_unlock(); 611 key_ref = make_key_ref(key, 1); 612 break; 613 614 case KEY_SPEC_USER_KEYRING: 615 key = context->user->uid_keyring; 616 atomic_inc(&key->usage); 617 key_ref = make_key_ref(key, 1); 618 break; 619 620 case KEY_SPEC_USER_SESSION_KEYRING: 621 key = context->user->session_keyring; 622 atomic_inc(&key->usage); 623 key_ref = make_key_ref(key, 1); 624 break; 625 626 case KEY_SPEC_GROUP_KEYRING: 627 /* group keyrings are not yet supported */ 628 key = ERR_PTR(-EINVAL); 629 goto error; 630 631 default: 632 key_ref = ERR_PTR(-EINVAL); 633 if (id < 1) 634 goto error; 635 636 key = key_lookup(id); 637 if (IS_ERR(key)) { 638 key_ref = ERR_PTR(PTR_ERR(key)); 639 goto error; 640 } 641 642 key_ref = make_key_ref(key, 0); 643 644 /* check to see if we possess the key */ 645 skey_ref = search_process_keyrings(key->type, key, 646 lookup_user_key_possessed, 647 current); 648 649 if (!IS_ERR(skey_ref)) { 650 key_put(key); 651 key_ref = skey_ref; 652 } 653 654 break; 655 } 656 657 /* check the status */ 658 if (perm) { 659 ret = key_validate(key); 660 if (ret < 0) 661 goto invalid_key; 662 } 663 664 ret = -EIO; 665 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 666 goto invalid_key; 667 668 /* check the permissions */ 669 ret = key_task_permission(key_ref, context, perm); 670 if (ret < 0) 671 goto invalid_key; 672 673 error: 674 return key_ref; 675 676 invalid_key: 677 key_ref_put(key_ref); 678 key_ref = ERR_PTR(ret); 679 goto error; 680 681 } /* end lookup_user_key() */ 682 683 /*****************************************************************************/ 684 /* 685 * join the named keyring as the session keyring if possible, or attempt to 686 * create a new one of that name if not 687 * - if the name is NULL, an empty anonymous keyring is installed instead 688 * - named session keyring joining is done with a semaphore held 689 */ 690 long join_session_keyring(const char *name) 691 { 692 struct task_struct *tsk = current; 693 struct key *keyring; 694 long ret; 695 696 /* if no name is provided, install an anonymous keyring */ 697 if (!name) { 698 ret = install_session_keyring(tsk, NULL); 699 if (ret < 0) 700 goto error; 701 702 rcu_read_lock(); 703 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 704 rcu_read_unlock(); 705 goto error; 706 } 707 708 /* allow the user to join or create a named keyring */ 709 down(&key_session_sem); 710 711 /* look for an existing keyring of this name */ 712 keyring = find_keyring_by_name(name, 0); 713 if (PTR_ERR(keyring) == -ENOKEY) { 714 /* not found - try and create a new one */ 715 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 716 if (IS_ERR(keyring)) { 717 ret = PTR_ERR(keyring); 718 goto error2; 719 } 720 } 721 else if (IS_ERR(keyring)) { 722 ret = PTR_ERR(keyring); 723 goto error2; 724 } 725 726 /* we've got a keyring - now to install it */ 727 ret = install_session_keyring(tsk, keyring); 728 if (ret < 0) 729 goto error2; 730 731 ret = keyring->serial; 732 key_put(keyring); 733 734 error2: 735 up(&key_session_sem); 736 error: 737 return ret; 738 739 } /* end join_session_keyring() */ 740