1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/init.h> 13 #include <linux/sched.h> 14 #include <linux/sched/user.h> 15 #include <linux/keyctl.h> 16 #include <linux/fs.h> 17 #include <linux/err.h> 18 #include <linux/mutex.h> 19 #include <linux/security.h> 20 #include <linux/user_namespace.h> 21 #include <linux/uaccess.h> 22 #include <linux/init_task.h> 23 #include <keys/request_key_auth-type.h> 24 #include "internal.h" 25 26 /* Session keyring create vs join semaphore */ 27 static DEFINE_MUTEX(key_session_mutex); 28 29 /* The root user's tracking struct */ 30 struct key_user root_key_user = { 31 .usage = REFCOUNT_INIT(3), 32 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 33 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 34 .nkeys = ATOMIC_INIT(2), 35 .nikeys = ATOMIC_INIT(2), 36 .uid = GLOBAL_ROOT_UID, 37 }; 38 39 /* 40 * Get or create a user register keyring. 41 */ 42 static struct key *get_user_register(struct user_namespace *user_ns) 43 { 44 struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register); 45 46 if (reg_keyring) 47 return reg_keyring; 48 49 down_write(&user_ns->keyring_sem); 50 51 /* Make sure there's a register keyring. It gets owned by the 52 * user_namespace's owner. 53 */ 54 reg_keyring = user_ns->user_keyring_register; 55 if (!reg_keyring) { 56 reg_keyring = keyring_alloc(".user_reg", 57 user_ns->owner, INVALID_GID, 58 &init_cred, 59 KEY_POS_WRITE | KEY_POS_SEARCH | 60 KEY_USR_VIEW | KEY_USR_READ, 61 0, 62 NULL, NULL); 63 if (!IS_ERR(reg_keyring)) 64 smp_store_release(&user_ns->user_keyring_register, 65 reg_keyring); 66 } 67 68 up_write(&user_ns->keyring_sem); 69 70 /* We don't return a ref since the keyring is pinned by the user_ns */ 71 return reg_keyring; 72 } 73 74 /* 75 * Look up the user and user session keyrings for the current process's UID, 76 * creating them if they don't exist. 77 */ 78 int look_up_user_keyrings(struct key **_user_keyring, 79 struct key **_user_session_keyring) 80 { 81 const struct cred *cred = current_cred(); 82 struct user_namespace *user_ns = current_user_ns(); 83 struct key *reg_keyring, *uid_keyring, *session_keyring; 84 key_perm_t user_keyring_perm; 85 key_ref_t uid_keyring_r, session_keyring_r; 86 uid_t uid = from_kuid(user_ns, cred->user->uid); 87 char buf[20]; 88 int ret; 89 90 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 91 92 kenter("%u", uid); 93 94 reg_keyring = get_user_register(user_ns); 95 if (IS_ERR(reg_keyring)) 96 return PTR_ERR(reg_keyring); 97 98 down_write(&user_ns->keyring_sem); 99 ret = 0; 100 101 /* Get the user keyring. Note that there may be one in existence 102 * already as it may have been pinned by a session, but the user_struct 103 * pointing to it may have been destroyed by setuid. 104 */ 105 snprintf(buf, sizeof(buf), "_uid.%u", uid); 106 uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true), 107 &key_type_keyring, buf, false); 108 kdebug("_uid %p", uid_keyring_r); 109 if (uid_keyring_r == ERR_PTR(-EAGAIN)) { 110 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 111 cred, user_keyring_perm, 112 KEY_ALLOC_UID_KEYRING | 113 KEY_ALLOC_IN_QUOTA, 114 NULL, reg_keyring); 115 if (IS_ERR(uid_keyring)) { 116 ret = PTR_ERR(uid_keyring); 117 goto error; 118 } 119 } else if (IS_ERR(uid_keyring_r)) { 120 ret = PTR_ERR(uid_keyring_r); 121 goto error; 122 } else { 123 uid_keyring = key_ref_to_ptr(uid_keyring_r); 124 } 125 126 /* Get a default session keyring (which might also exist already) */ 127 snprintf(buf, sizeof(buf), "_uid_ses.%u", uid); 128 session_keyring_r = keyring_search(make_key_ref(reg_keyring, true), 129 &key_type_keyring, buf, false); 130 kdebug("_uid_ses %p", session_keyring_r); 131 if (session_keyring_r == ERR_PTR(-EAGAIN)) { 132 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID, 133 cred, user_keyring_perm, 134 KEY_ALLOC_UID_KEYRING | 135 KEY_ALLOC_IN_QUOTA, 136 NULL, NULL); 137 if (IS_ERR(session_keyring)) { 138 ret = PTR_ERR(session_keyring); 139 goto error_release; 140 } 141 142 /* We install a link from the user session keyring to 143 * the user keyring. 144 */ 145 ret = key_link(session_keyring, uid_keyring); 146 if (ret < 0) 147 goto error_release_session; 148 149 /* And only then link the user-session keyring to the 150 * register. 151 */ 152 ret = key_link(reg_keyring, session_keyring); 153 if (ret < 0) 154 goto error_release_session; 155 } else if (IS_ERR(session_keyring_r)) { 156 ret = PTR_ERR(session_keyring_r); 157 goto error_release; 158 } else { 159 session_keyring = key_ref_to_ptr(session_keyring_r); 160 } 161 162 up_write(&user_ns->keyring_sem); 163 164 if (_user_session_keyring) 165 *_user_session_keyring = session_keyring; 166 else 167 key_put(session_keyring); 168 if (_user_keyring) 169 *_user_keyring = uid_keyring; 170 else 171 key_put(uid_keyring); 172 kleave(" = 0"); 173 return 0; 174 175 error_release_session: 176 key_put(session_keyring); 177 error_release: 178 key_put(uid_keyring); 179 error: 180 up_write(&user_ns->keyring_sem); 181 kleave(" = %d", ret); 182 return ret; 183 } 184 185 /* 186 * Get the user session keyring if it exists, but don't create it if it 187 * doesn't. 188 */ 189 struct key *get_user_session_keyring_rcu(const struct cred *cred) 190 { 191 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register); 192 key_ref_t session_keyring_r; 193 char buf[20]; 194 195 struct keyring_search_context ctx = { 196 .index_key.type = &key_type_keyring, 197 .index_key.description = buf, 198 .cred = cred, 199 .match_data.cmp = key_default_cmp, 200 .match_data.raw_data = buf, 201 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 202 .flags = KEYRING_SEARCH_DO_STATE_CHECK, 203 }; 204 205 if (!reg_keyring) 206 return NULL; 207 208 ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u", 209 from_kuid(cred->user_ns, 210 cred->user->uid)); 211 212 session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true), 213 &ctx); 214 if (IS_ERR(session_keyring_r)) 215 return NULL; 216 return key_ref_to_ptr(session_keyring_r); 217 } 218 219 /* 220 * Install a thread keyring to the given credentials struct if it didn't have 221 * one already. This is allowed to overrun the quota. 222 * 223 * Return: 0 if a thread keyring is now present; -errno on failure. 224 */ 225 int install_thread_keyring_to_cred(struct cred *new) 226 { 227 struct key *keyring; 228 229 if (new->thread_keyring) 230 return 0; 231 232 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 233 KEY_POS_ALL | KEY_USR_VIEW, 234 KEY_ALLOC_QUOTA_OVERRUN, 235 NULL, NULL); 236 if (IS_ERR(keyring)) 237 return PTR_ERR(keyring); 238 239 new->thread_keyring = keyring; 240 return 0; 241 } 242 243 /* 244 * Install a thread keyring to the current task if it didn't have one already. 245 * 246 * Return: 0 if a thread keyring is now present; -errno on failure. 247 */ 248 static int install_thread_keyring(void) 249 { 250 struct cred *new; 251 int ret; 252 253 new = prepare_creds(); 254 if (!new) 255 return -ENOMEM; 256 257 ret = install_thread_keyring_to_cred(new); 258 if (ret < 0) { 259 abort_creds(new); 260 return ret; 261 } 262 263 return commit_creds(new); 264 } 265 266 /* 267 * Install a process keyring to the given credentials struct if it didn't have 268 * one already. This is allowed to overrun the quota. 269 * 270 * Return: 0 if a process keyring is now present; -errno on failure. 271 */ 272 int install_process_keyring_to_cred(struct cred *new) 273 { 274 struct key *keyring; 275 276 if (new->process_keyring) 277 return 0; 278 279 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 280 KEY_POS_ALL | KEY_USR_VIEW, 281 KEY_ALLOC_QUOTA_OVERRUN, 282 NULL, NULL); 283 if (IS_ERR(keyring)) 284 return PTR_ERR(keyring); 285 286 new->process_keyring = keyring; 287 return 0; 288 } 289 290 /* 291 * Install a process keyring to the current task if it didn't have one already. 292 * 293 * Return: 0 if a process keyring is now present; -errno on failure. 294 */ 295 static int install_process_keyring(void) 296 { 297 struct cred *new; 298 int ret; 299 300 new = prepare_creds(); 301 if (!new) 302 return -ENOMEM; 303 304 ret = install_process_keyring_to_cred(new); 305 if (ret < 0) { 306 abort_creds(new); 307 return ret; 308 } 309 310 return commit_creds(new); 311 } 312 313 /* 314 * Install the given keyring as the session keyring of the given credentials 315 * struct, replacing the existing one if any. If the given keyring is NULL, 316 * then install a new anonymous session keyring. 317 * @cred can not be in use by any task yet. 318 * 319 * Return: 0 on success; -errno on failure. 320 */ 321 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 322 { 323 unsigned long flags; 324 struct key *old; 325 326 might_sleep(); 327 328 /* create an empty session keyring */ 329 if (!keyring) { 330 flags = KEY_ALLOC_QUOTA_OVERRUN; 331 if (cred->session_keyring) 332 flags = KEY_ALLOC_IN_QUOTA; 333 334 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 335 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 336 flags, NULL, NULL); 337 if (IS_ERR(keyring)) 338 return PTR_ERR(keyring); 339 } else { 340 __key_get(keyring); 341 } 342 343 /* install the keyring */ 344 old = cred->session_keyring; 345 cred->session_keyring = keyring; 346 347 if (old) 348 key_put(old); 349 350 return 0; 351 } 352 353 /* 354 * Install the given keyring as the session keyring of the current task, 355 * replacing the existing one if any. If the given keyring is NULL, then 356 * install a new anonymous session keyring. 357 * 358 * Return: 0 on success; -errno on failure. 359 */ 360 static int install_session_keyring(struct key *keyring) 361 { 362 struct cred *new; 363 int ret; 364 365 new = prepare_creds(); 366 if (!new) 367 return -ENOMEM; 368 369 ret = install_session_keyring_to_cred(new, keyring); 370 if (ret < 0) { 371 abort_creds(new); 372 return ret; 373 } 374 375 return commit_creds(new); 376 } 377 378 /* 379 * Handle the fsuid changing. 380 */ 381 void key_fsuid_changed(struct cred *new_cred) 382 { 383 /* update the ownership of the thread keyring */ 384 if (new_cred->thread_keyring) { 385 down_write(&new_cred->thread_keyring->sem); 386 new_cred->thread_keyring->uid = new_cred->fsuid; 387 up_write(&new_cred->thread_keyring->sem); 388 } 389 } 390 391 /* 392 * Handle the fsgid changing. 393 */ 394 void key_fsgid_changed(struct cred *new_cred) 395 { 396 /* update the ownership of the thread keyring */ 397 if (new_cred->thread_keyring) { 398 down_write(&new_cred->thread_keyring->sem); 399 new_cred->thread_keyring->gid = new_cred->fsgid; 400 up_write(&new_cred->thread_keyring->sem); 401 } 402 } 403 404 /* 405 * Search the process keyrings attached to the supplied cred for the first 406 * matching key under RCU conditions (the caller must be holding the RCU read 407 * lock). 408 * 409 * The search criteria are the type and the match function. The description is 410 * given to the match function as a parameter, but doesn't otherwise influence 411 * the search. Typically the match function will compare the description 412 * parameter to the key's description. 413 * 414 * This can only search keyrings that grant Search permission to the supplied 415 * credentials. Keyrings linked to searched keyrings will also be searched if 416 * they grant Search permission too. Keys can only be found if they grant 417 * Search permission to the credentials. 418 * 419 * Returns a pointer to the key with the key usage count incremented if 420 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 421 * matched negative keys. 422 * 423 * In the case of a successful return, the possession attribute is set on the 424 * returned key reference. 425 */ 426 key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx) 427 { 428 struct key *user_session; 429 key_ref_t key_ref, ret, err; 430 const struct cred *cred = ctx->cred; 431 432 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 433 * searchable, but we failed to find a key or we found a negative key; 434 * otherwise we want to return a sample error (probably -EACCES) if 435 * none of the keyrings were searchable 436 * 437 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 438 */ 439 key_ref = NULL; 440 ret = NULL; 441 err = ERR_PTR(-EAGAIN); 442 443 /* search the thread keyring first */ 444 if (cred->thread_keyring) { 445 key_ref = keyring_search_rcu( 446 make_key_ref(cred->thread_keyring, 1), ctx); 447 if (!IS_ERR(key_ref)) 448 goto found; 449 450 switch (PTR_ERR(key_ref)) { 451 case -EAGAIN: /* no key */ 452 case -ENOKEY: /* negative key */ 453 ret = key_ref; 454 break; 455 default: 456 err = key_ref; 457 break; 458 } 459 } 460 461 /* search the process keyring second */ 462 if (cred->process_keyring) { 463 key_ref = keyring_search_rcu( 464 make_key_ref(cred->process_keyring, 1), ctx); 465 if (!IS_ERR(key_ref)) 466 goto found; 467 468 switch (PTR_ERR(key_ref)) { 469 case -EAGAIN: /* no key */ 470 if (ret) 471 break; 472 /* fall through */ 473 case -ENOKEY: /* negative key */ 474 ret = key_ref; 475 break; 476 default: 477 err = key_ref; 478 break; 479 } 480 } 481 482 /* search the session keyring */ 483 if (cred->session_keyring) { 484 key_ref = keyring_search_rcu( 485 make_key_ref(cred->session_keyring, 1), ctx); 486 487 if (!IS_ERR(key_ref)) 488 goto found; 489 490 switch (PTR_ERR(key_ref)) { 491 case -EAGAIN: /* no key */ 492 if (ret) 493 break; 494 /* fall through */ 495 case -ENOKEY: /* negative key */ 496 ret = key_ref; 497 break; 498 default: 499 err = key_ref; 500 break; 501 } 502 } 503 /* or search the user-session keyring */ 504 else if ((user_session = get_user_session_keyring_rcu(cred))) { 505 key_ref = keyring_search_rcu(make_key_ref(user_session, 1), 506 ctx); 507 key_put(user_session); 508 509 if (!IS_ERR(key_ref)) 510 goto found; 511 512 switch (PTR_ERR(key_ref)) { 513 case -EAGAIN: /* no key */ 514 if (ret) 515 break; 516 /* fall through */ 517 case -ENOKEY: /* negative key */ 518 ret = key_ref; 519 break; 520 default: 521 err = key_ref; 522 break; 523 } 524 } 525 526 /* no key - decide on the error we're going to go for */ 527 key_ref = ret ? ret : err; 528 529 found: 530 return key_ref; 531 } 532 533 /* 534 * Search the process keyrings attached to the supplied cred for the first 535 * matching key in the manner of search_my_process_keyrings(), but also search 536 * the keys attached to the assumed authorisation key using its credentials if 537 * one is available. 538 * 539 * The caller must be holding the RCU read lock. 540 * 541 * Return same as search_cred_keyrings_rcu(). 542 */ 543 key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx) 544 { 545 struct request_key_auth *rka; 546 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 547 548 key_ref = search_cred_keyrings_rcu(ctx); 549 if (!IS_ERR(key_ref)) 550 goto found; 551 err = key_ref; 552 553 /* if this process has an instantiation authorisation key, then we also 554 * search the keyrings of the process mentioned there 555 * - we don't permit access to request_key auth keys via this method 556 */ 557 if (ctx->cred->request_key_auth && 558 ctx->cred == current_cred() && 559 ctx->index_key.type != &key_type_request_key_auth 560 ) { 561 const struct cred *cred = ctx->cred; 562 563 if (key_validate(cred->request_key_auth) == 0) { 564 rka = ctx->cred->request_key_auth->payload.data[0]; 565 566 //// was search_process_keyrings() [ie. recursive] 567 ctx->cred = rka->cred; 568 key_ref = search_cred_keyrings_rcu(ctx); 569 ctx->cred = cred; 570 571 if (!IS_ERR(key_ref)) 572 goto found; 573 ret = key_ref; 574 } 575 } 576 577 /* no key - decide on the error we're going to go for */ 578 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 579 key_ref = ERR_PTR(-ENOKEY); 580 else if (err == ERR_PTR(-EACCES)) 581 key_ref = ret; 582 else 583 key_ref = err; 584 585 found: 586 return key_ref; 587 } 588 /* 589 * See if the key we're looking at is the target key. 590 */ 591 bool lookup_user_key_possessed(const struct key *key, 592 const struct key_match_data *match_data) 593 { 594 return key == match_data->raw_data; 595 } 596 597 /* 598 * Look up a key ID given us by userspace with a given permissions mask to get 599 * the key it refers to. 600 * 601 * Flags can be passed to request that special keyrings be created if referred 602 * to directly, to permit partially constructed keys to be found and to skip 603 * validity and permission checks on the found key. 604 * 605 * Returns a pointer to the key with an incremented usage count if successful; 606 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 607 * to a key or the best found key was a negative key; -EKEYREVOKED or 608 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 609 * found key doesn't grant the requested permit or the LSM denied access to it; 610 * or -ENOMEM if a special keyring couldn't be created. 611 * 612 * In the case of a successful return, the possession attribute is set on the 613 * returned key reference. 614 */ 615 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 616 key_perm_t perm) 617 { 618 struct keyring_search_context ctx = { 619 .match_data.cmp = lookup_user_key_possessed, 620 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 621 .flags = (KEYRING_SEARCH_NO_STATE_CHECK | 622 KEYRING_SEARCH_RECURSE), 623 }; 624 struct request_key_auth *rka; 625 struct key *key, *user_session; 626 key_ref_t key_ref, skey_ref; 627 int ret; 628 629 try_again: 630 ctx.cred = get_current_cred(); 631 key_ref = ERR_PTR(-ENOKEY); 632 633 switch (id) { 634 case KEY_SPEC_THREAD_KEYRING: 635 if (!ctx.cred->thread_keyring) { 636 if (!(lflags & KEY_LOOKUP_CREATE)) 637 goto error; 638 639 ret = install_thread_keyring(); 640 if (ret < 0) { 641 key_ref = ERR_PTR(ret); 642 goto error; 643 } 644 goto reget_creds; 645 } 646 647 key = ctx.cred->thread_keyring; 648 __key_get(key); 649 key_ref = make_key_ref(key, 1); 650 break; 651 652 case KEY_SPEC_PROCESS_KEYRING: 653 if (!ctx.cred->process_keyring) { 654 if (!(lflags & KEY_LOOKUP_CREATE)) 655 goto error; 656 657 ret = install_process_keyring(); 658 if (ret < 0) { 659 key_ref = ERR_PTR(ret); 660 goto error; 661 } 662 goto reget_creds; 663 } 664 665 key = ctx.cred->process_keyring; 666 __key_get(key); 667 key_ref = make_key_ref(key, 1); 668 break; 669 670 case KEY_SPEC_SESSION_KEYRING: 671 if (!ctx.cred->session_keyring) { 672 /* always install a session keyring upon access if one 673 * doesn't exist yet */ 674 ret = look_up_user_keyrings(NULL, &user_session); 675 if (ret < 0) 676 goto error; 677 if (lflags & KEY_LOOKUP_CREATE) 678 ret = join_session_keyring(NULL); 679 else 680 ret = install_session_keyring(user_session); 681 682 key_put(user_session); 683 if (ret < 0) 684 goto error; 685 goto reget_creds; 686 } else if (test_bit(KEY_FLAG_UID_KEYRING, 687 &ctx.cred->session_keyring->flags) && 688 lflags & KEY_LOOKUP_CREATE) { 689 ret = join_session_keyring(NULL); 690 if (ret < 0) 691 goto error; 692 goto reget_creds; 693 } 694 695 key = ctx.cred->session_keyring; 696 __key_get(key); 697 key_ref = make_key_ref(key, 1); 698 break; 699 700 case KEY_SPEC_USER_KEYRING: 701 ret = look_up_user_keyrings(&key, NULL); 702 if (ret < 0) 703 goto error; 704 key_ref = make_key_ref(key, 1); 705 break; 706 707 case KEY_SPEC_USER_SESSION_KEYRING: 708 ret = look_up_user_keyrings(NULL, &key); 709 if (ret < 0) 710 goto error; 711 key_ref = make_key_ref(key, 1); 712 break; 713 714 case KEY_SPEC_GROUP_KEYRING: 715 /* group keyrings are not yet supported */ 716 key_ref = ERR_PTR(-EINVAL); 717 goto error; 718 719 case KEY_SPEC_REQKEY_AUTH_KEY: 720 key = ctx.cred->request_key_auth; 721 if (!key) 722 goto error; 723 724 __key_get(key); 725 key_ref = make_key_ref(key, 1); 726 break; 727 728 case KEY_SPEC_REQUESTOR_KEYRING: 729 if (!ctx.cred->request_key_auth) 730 goto error; 731 732 down_read(&ctx.cred->request_key_auth->sem); 733 if (test_bit(KEY_FLAG_REVOKED, 734 &ctx.cred->request_key_auth->flags)) { 735 key_ref = ERR_PTR(-EKEYREVOKED); 736 key = NULL; 737 } else { 738 rka = ctx.cred->request_key_auth->payload.data[0]; 739 key = rka->dest_keyring; 740 __key_get(key); 741 } 742 up_read(&ctx.cred->request_key_auth->sem); 743 if (!key) 744 goto error; 745 key_ref = make_key_ref(key, 1); 746 break; 747 748 default: 749 key_ref = ERR_PTR(-EINVAL); 750 if (id < 1) 751 goto error; 752 753 key = key_lookup(id); 754 if (IS_ERR(key)) { 755 key_ref = ERR_CAST(key); 756 goto error; 757 } 758 759 key_ref = make_key_ref(key, 0); 760 761 /* check to see if we possess the key */ 762 ctx.index_key = key->index_key; 763 ctx.match_data.raw_data = key; 764 kdebug("check possessed"); 765 rcu_read_lock(); 766 skey_ref = search_process_keyrings_rcu(&ctx); 767 rcu_read_unlock(); 768 kdebug("possessed=%p", skey_ref); 769 770 if (!IS_ERR(skey_ref)) { 771 key_put(key); 772 key_ref = skey_ref; 773 } 774 775 break; 776 } 777 778 /* unlink does not use the nominated key in any way, so can skip all 779 * the permission checks as it is only concerned with the keyring */ 780 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 781 ret = 0; 782 goto error; 783 } 784 785 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 786 ret = wait_for_key_construction(key, true); 787 switch (ret) { 788 case -ERESTARTSYS: 789 goto invalid_key; 790 default: 791 if (perm) 792 goto invalid_key; 793 case 0: 794 break; 795 } 796 } else if (perm) { 797 ret = key_validate(key); 798 if (ret < 0) 799 goto invalid_key; 800 } 801 802 ret = -EIO; 803 if (!(lflags & KEY_LOOKUP_PARTIAL) && 804 key_read_state(key) == KEY_IS_UNINSTANTIATED) 805 goto invalid_key; 806 807 /* check the permissions */ 808 ret = key_task_permission(key_ref, ctx.cred, perm); 809 if (ret < 0) 810 goto invalid_key; 811 812 key->last_used_at = ktime_get_real_seconds(); 813 814 error: 815 put_cred(ctx.cred); 816 return key_ref; 817 818 invalid_key: 819 key_ref_put(key_ref); 820 key_ref = ERR_PTR(ret); 821 goto error; 822 823 /* if we attempted to install a keyring, then it may have caused new 824 * creds to be installed */ 825 reget_creds: 826 put_cred(ctx.cred); 827 goto try_again; 828 } 829 EXPORT_SYMBOL(lookup_user_key); 830 831 /* 832 * Join the named keyring as the session keyring if possible else attempt to 833 * create a new one of that name and join that. 834 * 835 * If the name is NULL, an empty anonymous keyring will be installed as the 836 * session keyring. 837 * 838 * Named session keyrings are joined with a semaphore held to prevent the 839 * keyrings from going away whilst the attempt is made to going them and also 840 * to prevent a race in creating compatible session keyrings. 841 */ 842 long join_session_keyring(const char *name) 843 { 844 const struct cred *old; 845 struct cred *new; 846 struct key *keyring; 847 long ret, serial; 848 849 new = prepare_creds(); 850 if (!new) 851 return -ENOMEM; 852 old = current_cred(); 853 854 /* if no name is provided, install an anonymous keyring */ 855 if (!name) { 856 ret = install_session_keyring_to_cred(new, NULL); 857 if (ret < 0) 858 goto error; 859 860 serial = new->session_keyring->serial; 861 ret = commit_creds(new); 862 if (ret == 0) 863 ret = serial; 864 goto okay; 865 } 866 867 /* allow the user to join or create a named keyring */ 868 mutex_lock(&key_session_mutex); 869 870 /* look for an existing keyring of this name */ 871 keyring = find_keyring_by_name(name, false); 872 if (PTR_ERR(keyring) == -ENOKEY) { 873 /* not found - try and create a new one */ 874 keyring = keyring_alloc( 875 name, old->uid, old->gid, old, 876 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 877 KEY_ALLOC_IN_QUOTA, NULL, NULL); 878 if (IS_ERR(keyring)) { 879 ret = PTR_ERR(keyring); 880 goto error2; 881 } 882 } else if (IS_ERR(keyring)) { 883 ret = PTR_ERR(keyring); 884 goto error2; 885 } else if (keyring == new->session_keyring) { 886 ret = 0; 887 goto error3; 888 } 889 890 /* we've got a keyring - now to install it */ 891 ret = install_session_keyring_to_cred(new, keyring); 892 if (ret < 0) 893 goto error3; 894 895 commit_creds(new); 896 mutex_unlock(&key_session_mutex); 897 898 ret = keyring->serial; 899 key_put(keyring); 900 okay: 901 return ret; 902 903 error3: 904 key_put(keyring); 905 error2: 906 mutex_unlock(&key_session_mutex); 907 error: 908 abort_creds(new); 909 return ret; 910 } 911 912 /* 913 * Replace a process's session keyring on behalf of one of its children when 914 * the target process is about to resume userspace execution. 915 */ 916 void key_change_session_keyring(struct callback_head *twork) 917 { 918 const struct cred *old = current_cred(); 919 struct cred *new = container_of(twork, struct cred, rcu); 920 921 if (unlikely(current->flags & PF_EXITING)) { 922 put_cred(new); 923 return; 924 } 925 926 new-> uid = old-> uid; 927 new-> euid = old-> euid; 928 new-> suid = old-> suid; 929 new->fsuid = old->fsuid; 930 new-> gid = old-> gid; 931 new-> egid = old-> egid; 932 new-> sgid = old-> sgid; 933 new->fsgid = old->fsgid; 934 new->user = get_uid(old->user); 935 new->user_ns = get_user_ns(old->user_ns); 936 new->group_info = get_group_info(old->group_info); 937 938 new->securebits = old->securebits; 939 new->cap_inheritable = old->cap_inheritable; 940 new->cap_permitted = old->cap_permitted; 941 new->cap_effective = old->cap_effective; 942 new->cap_ambient = old->cap_ambient; 943 new->cap_bset = old->cap_bset; 944 945 new->jit_keyring = old->jit_keyring; 946 new->thread_keyring = key_get(old->thread_keyring); 947 new->process_keyring = key_get(old->process_keyring); 948 949 security_transfer_creds(new, old); 950 951 commit_creds(new); 952 } 953 954 /* 955 * Make sure that root's user and user-session keyrings exist. 956 */ 957 static int __init init_root_keyring(void) 958 { 959 return look_up_user_keyrings(NULL, NULL); 960 } 961 962 late_initcall(init_root_keyring); 963