1 /* process_keys.c: management of a process's keyrings 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <asm/uaccess.h> 20 #include "internal.h" 21 22 /* session keyring create vs join semaphore */ 23 static DECLARE_MUTEX(key_session_sem); 24 25 /* the root user's tracking struct */ 26 struct key_user root_key_user = { 27 .usage = ATOMIC_INIT(3), 28 .consq = LIST_HEAD_INIT(root_key_user.consq), 29 .lock = SPIN_LOCK_UNLOCKED, 30 .nkeys = ATOMIC_INIT(2), 31 .nikeys = ATOMIC_INIT(2), 32 .uid = 0, 33 }; 34 35 /* the root user's UID keyring */ 36 struct key root_user_keyring = { 37 .usage = ATOMIC_INIT(1), 38 .serial = 2, 39 .type = &key_type_keyring, 40 .user = &root_key_user, 41 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 42 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 43 .flags = 1 << KEY_FLAG_INSTANTIATED, 44 .description = "_uid.0", 45 #ifdef KEY_DEBUGGING 46 .magic = KEY_DEBUG_MAGIC, 47 #endif 48 }; 49 50 /* the root user's default session keyring */ 51 struct key root_session_keyring = { 52 .usage = ATOMIC_INIT(1), 53 .serial = 1, 54 .type = &key_type_keyring, 55 .user = &root_key_user, 56 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 57 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 58 .flags = 1 << KEY_FLAG_INSTANTIATED, 59 .description = "_uid_ses.0", 60 #ifdef KEY_DEBUGGING 61 .magic = KEY_DEBUG_MAGIC, 62 #endif 63 }; 64 65 /*****************************************************************************/ 66 /* 67 * allocate the keyrings to be associated with a UID 68 */ 69 int alloc_uid_keyring(struct user_struct *user) 70 { 71 struct key *uid_keyring, *session_keyring; 72 char buf[20]; 73 int ret; 74 75 /* concoct a default session keyring */ 76 sprintf(buf, "_uid_ses.%u", user->uid); 77 78 session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, NULL); 79 if (IS_ERR(session_keyring)) { 80 ret = PTR_ERR(session_keyring); 81 goto error; 82 } 83 84 /* and a UID specific keyring, pointed to by the default session 85 * keyring */ 86 sprintf(buf, "_uid.%u", user->uid); 87 88 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, 89 session_keyring); 90 if (IS_ERR(uid_keyring)) { 91 key_put(session_keyring); 92 ret = PTR_ERR(uid_keyring); 93 goto error; 94 } 95 96 /* install the keyrings */ 97 user->uid_keyring = uid_keyring; 98 user->session_keyring = session_keyring; 99 ret = 0; 100 101 error: 102 return ret; 103 104 } /* end alloc_uid_keyring() */ 105 106 /*****************************************************************************/ 107 /* 108 * deal with the UID changing 109 */ 110 void switch_uid_keyring(struct user_struct *new_user) 111 { 112 #if 0 /* do nothing for now */ 113 struct key *old; 114 115 /* switch to the new user's session keyring if we were running under 116 * root's default session keyring */ 117 if (new_user->uid != 0 && 118 current->session_keyring == &root_session_keyring 119 ) { 120 atomic_inc(&new_user->session_keyring->usage); 121 122 task_lock(current); 123 old = current->session_keyring; 124 current->session_keyring = new_user->session_keyring; 125 task_unlock(current); 126 127 key_put(old); 128 } 129 #endif 130 131 } /* end switch_uid_keyring() */ 132 133 /*****************************************************************************/ 134 /* 135 * install a fresh thread keyring, discarding the old one 136 */ 137 int install_thread_keyring(struct task_struct *tsk) 138 { 139 struct key *keyring, *old; 140 char buf[20]; 141 int ret; 142 143 sprintf(buf, "_tid.%u", tsk->pid); 144 145 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 146 if (IS_ERR(keyring)) { 147 ret = PTR_ERR(keyring); 148 goto error; 149 } 150 151 task_lock(tsk); 152 old = tsk->thread_keyring; 153 tsk->thread_keyring = keyring; 154 task_unlock(tsk); 155 156 ret = 0; 157 158 key_put(old); 159 error: 160 return ret; 161 162 } /* end install_thread_keyring() */ 163 164 /*****************************************************************************/ 165 /* 166 * make sure a process keyring is installed 167 */ 168 int install_process_keyring(struct task_struct *tsk) 169 { 170 unsigned long flags; 171 struct key *keyring; 172 char buf[20]; 173 int ret; 174 175 if (!tsk->signal->process_keyring) { 176 sprintf(buf, "_pid.%u", tsk->tgid); 177 178 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 179 if (IS_ERR(keyring)) { 180 ret = PTR_ERR(keyring); 181 goto error; 182 } 183 184 /* attach keyring */ 185 spin_lock_irqsave(&tsk->sighand->siglock, flags); 186 if (!tsk->signal->process_keyring) { 187 tsk->signal->process_keyring = keyring; 188 keyring = NULL; 189 } 190 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 191 192 key_put(keyring); 193 } 194 195 ret = 0; 196 error: 197 return ret; 198 199 } /* end install_process_keyring() */ 200 201 /*****************************************************************************/ 202 /* 203 * install a session keyring, discarding the old one 204 * - if a keyring is not supplied, an empty one is invented 205 */ 206 static int install_session_keyring(struct task_struct *tsk, 207 struct key *keyring) 208 { 209 unsigned long flags; 210 struct key *old; 211 char buf[20]; 212 int ret; 213 214 /* create an empty session keyring */ 215 if (!keyring) { 216 sprintf(buf, "_ses.%u", tsk->tgid); 217 218 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 219 if (IS_ERR(keyring)) { 220 ret = PTR_ERR(keyring); 221 goto error; 222 } 223 } 224 else { 225 atomic_inc(&keyring->usage); 226 } 227 228 /* install the keyring */ 229 spin_lock_irqsave(&tsk->sighand->siglock, flags); 230 old = rcu_dereference(tsk->signal->session_keyring); 231 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 232 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 233 234 ret = 0; 235 236 /* we're using RCU on the pointer */ 237 synchronize_rcu(); 238 key_put(old); 239 error: 240 return ret; 241 242 } /* end install_session_keyring() */ 243 244 /*****************************************************************************/ 245 /* 246 * copy the keys in a thread group for fork without CLONE_THREAD 247 */ 248 int copy_thread_group_keys(struct task_struct *tsk) 249 { 250 key_check(current->thread_group->session_keyring); 251 key_check(current->thread_group->process_keyring); 252 253 /* no process keyring yet */ 254 tsk->signal->process_keyring = NULL; 255 256 /* same session keyring */ 257 rcu_read_lock(); 258 tsk->signal->session_keyring = 259 key_get(rcu_dereference(current->signal->session_keyring)); 260 rcu_read_unlock(); 261 262 return 0; 263 264 } /* end copy_thread_group_keys() */ 265 266 /*****************************************************************************/ 267 /* 268 * copy the keys for fork 269 */ 270 int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 271 { 272 key_check(tsk->thread_keyring); 273 key_check(tsk->request_key_auth); 274 275 /* no thread keyring yet */ 276 tsk->thread_keyring = NULL; 277 278 /* copy the request_key() authorisation for this thread */ 279 key_get(tsk->request_key_auth); 280 281 return 0; 282 283 } /* end copy_keys() */ 284 285 /*****************************************************************************/ 286 /* 287 * dispose of thread group keys upon thread group destruction 288 */ 289 void exit_thread_group_keys(struct signal_struct *tg) 290 { 291 key_put(tg->session_keyring); 292 key_put(tg->process_keyring); 293 294 } /* end exit_thread_group_keys() */ 295 296 /*****************************************************************************/ 297 /* 298 * dispose of per-thread keys upon thread exit 299 */ 300 void exit_keys(struct task_struct *tsk) 301 { 302 key_put(tsk->thread_keyring); 303 key_put(tsk->request_key_auth); 304 305 } /* end exit_keys() */ 306 307 /*****************************************************************************/ 308 /* 309 * deal with execve() 310 */ 311 int exec_keys(struct task_struct *tsk) 312 { 313 unsigned long flags; 314 struct key *old; 315 316 /* newly exec'd tasks don't get a thread keyring */ 317 task_lock(tsk); 318 old = tsk->thread_keyring; 319 tsk->thread_keyring = NULL; 320 task_unlock(tsk); 321 322 key_put(old); 323 324 /* discard the process keyring from a newly exec'd task */ 325 spin_lock_irqsave(&tsk->sighand->siglock, flags); 326 old = tsk->signal->process_keyring; 327 tsk->signal->process_keyring = NULL; 328 spin_unlock_irqrestore(&tsk->sighand->siglock, flags); 329 330 key_put(old); 331 332 return 0; 333 334 } /* end exec_keys() */ 335 336 /*****************************************************************************/ 337 /* 338 * deal with SUID programs 339 * - we might want to make this invent a new session keyring 340 */ 341 int suid_keys(struct task_struct *tsk) 342 { 343 return 0; 344 345 } /* end suid_keys() */ 346 347 /*****************************************************************************/ 348 /* 349 * the filesystem user ID changed 350 */ 351 void key_fsuid_changed(struct task_struct *tsk) 352 { 353 /* update the ownership of the thread keyring */ 354 if (tsk->thread_keyring) { 355 down_write(&tsk->thread_keyring->sem); 356 tsk->thread_keyring->uid = tsk->fsuid; 357 up_write(&tsk->thread_keyring->sem); 358 } 359 360 } /* end key_fsuid_changed() */ 361 362 /*****************************************************************************/ 363 /* 364 * the filesystem group ID changed 365 */ 366 void key_fsgid_changed(struct task_struct *tsk) 367 { 368 /* update the ownership of the thread keyring */ 369 if (tsk->thread_keyring) { 370 down_write(&tsk->thread_keyring->sem); 371 tsk->thread_keyring->gid = tsk->fsgid; 372 up_write(&tsk->thread_keyring->sem); 373 } 374 375 } /* end key_fsgid_changed() */ 376 377 /*****************************************************************************/ 378 /* 379 * search the process keyrings for the first matching key 380 * - we use the supplied match function to see if the description (or other 381 * feature of interest) matches 382 * - we return -EAGAIN if we didn't find any matching key 383 * - we return -ENOKEY if we found only negative matching keys 384 */ 385 key_ref_t search_process_keyrings(struct key_type *type, 386 const void *description, 387 key_match_func_t match, 388 struct task_struct *context) 389 { 390 struct request_key_auth *rka; 391 key_ref_t key_ref, ret, err; 392 393 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 394 * searchable, but we failed to find a key or we found a negative key; 395 * otherwise we want to return a sample error (probably -EACCES) if 396 * none of the keyrings were searchable 397 * 398 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 399 */ 400 key_ref = NULL; 401 ret = NULL; 402 err = ERR_PTR(-EAGAIN); 403 404 /* search the thread keyring first */ 405 if (context->thread_keyring) { 406 key_ref = keyring_search_aux( 407 make_key_ref(context->thread_keyring, 1), 408 context, type, description, match); 409 if (!IS_ERR(key_ref)) 410 goto found; 411 412 switch (PTR_ERR(key_ref)) { 413 case -EAGAIN: /* no key */ 414 if (ret) 415 break; 416 case -ENOKEY: /* negative key */ 417 ret = key_ref; 418 break; 419 default: 420 err = key_ref; 421 break; 422 } 423 } 424 425 /* search the process keyring second */ 426 if (context->signal->process_keyring) { 427 key_ref = keyring_search_aux( 428 make_key_ref(context->signal->process_keyring, 1), 429 context, type, description, match); 430 if (!IS_ERR(key_ref)) 431 goto found; 432 433 switch (PTR_ERR(key_ref)) { 434 case -EAGAIN: /* no key */ 435 if (ret) 436 break; 437 case -ENOKEY: /* negative key */ 438 ret = key_ref; 439 break; 440 default: 441 err = key_ref; 442 break; 443 } 444 } 445 446 /* search the session keyring */ 447 if (context->signal->session_keyring) { 448 rcu_read_lock(); 449 key_ref = keyring_search_aux( 450 make_key_ref(rcu_dereference( 451 context->signal->session_keyring), 452 1), 453 context, type, description, match); 454 rcu_read_unlock(); 455 456 if (!IS_ERR(key_ref)) 457 goto found; 458 459 switch (PTR_ERR(key_ref)) { 460 case -EAGAIN: /* no key */ 461 if (ret) 462 break; 463 case -ENOKEY: /* negative key */ 464 ret = key_ref; 465 break; 466 default: 467 err = key_ref; 468 break; 469 } 470 } 471 /* or search the user-session keyring */ 472 else { 473 key_ref = keyring_search_aux( 474 make_key_ref(context->user->session_keyring, 1), 475 context, type, description, match); 476 if (!IS_ERR(key_ref)) 477 goto found; 478 479 switch (PTR_ERR(key_ref)) { 480 case -EAGAIN: /* no key */ 481 if (ret) 482 break; 483 case -ENOKEY: /* negative key */ 484 ret = key_ref; 485 break; 486 default: 487 err = key_ref; 488 break; 489 } 490 } 491 492 /* if this process has an instantiation authorisation key, then we also 493 * search the keyrings of the process mentioned there 494 * - we don't permit access to request_key auth keys via this method 495 */ 496 if (context->request_key_auth && 497 context == current && 498 type != &key_type_request_key_auth && 499 key_validate(context->request_key_auth) == 0 500 ) { 501 rka = context->request_key_auth->payload.data; 502 503 key_ref = search_process_keyrings(type, description, match, 504 rka->context); 505 506 if (!IS_ERR(key_ref)) 507 goto found; 508 509 switch (PTR_ERR(key_ref)) { 510 case -EAGAIN: /* no key */ 511 if (ret) 512 break; 513 case -ENOKEY: /* negative key */ 514 ret = key_ref; 515 break; 516 default: 517 err = key_ref; 518 break; 519 } 520 } 521 522 /* no key - decide on the error we're going to go for */ 523 key_ref = ret ? ret : err; 524 525 found: 526 return key_ref; 527 528 } /* end search_process_keyrings() */ 529 530 /*****************************************************************************/ 531 /* 532 * see if the key we're looking at is the target key 533 */ 534 static int lookup_user_key_possessed(const struct key *key, const void *target) 535 { 536 return key == target; 537 538 } /* end lookup_user_key_possessed() */ 539 540 /*****************************************************************************/ 541 /* 542 * lookup a key given a key ID from userspace with a given permissions mask 543 * - don't create special keyrings unless so requested 544 * - partially constructed keys aren't found unless requested 545 */ 546 key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, 547 int create, int partial, key_perm_t perm) 548 { 549 key_ref_t key_ref, skey_ref; 550 struct key *key; 551 int ret; 552 553 if (!context) 554 context = current; 555 556 key_ref = ERR_PTR(-ENOKEY); 557 558 switch (id) { 559 case KEY_SPEC_THREAD_KEYRING: 560 if (!context->thread_keyring) { 561 if (!create) 562 goto error; 563 564 ret = install_thread_keyring(context); 565 if (ret < 0) { 566 key = ERR_PTR(ret); 567 goto error; 568 } 569 } 570 571 key = context->thread_keyring; 572 atomic_inc(&key->usage); 573 key_ref = make_key_ref(key, 1); 574 break; 575 576 case KEY_SPEC_PROCESS_KEYRING: 577 if (!context->signal->process_keyring) { 578 if (!create) 579 goto error; 580 581 ret = install_process_keyring(context); 582 if (ret < 0) { 583 key = ERR_PTR(ret); 584 goto error; 585 } 586 } 587 588 key = context->signal->process_keyring; 589 atomic_inc(&key->usage); 590 key_ref = make_key_ref(key, 1); 591 break; 592 593 case KEY_SPEC_SESSION_KEYRING: 594 if (!context->signal->session_keyring) { 595 /* always install a session keyring upon access if one 596 * doesn't exist yet */ 597 ret = install_session_keyring( 598 context, context->user->session_keyring); 599 if (ret < 0) 600 goto error; 601 } 602 603 rcu_read_lock(); 604 key = rcu_dereference(context->signal->session_keyring); 605 atomic_inc(&key->usage); 606 rcu_read_unlock(); 607 key_ref = make_key_ref(key, 1); 608 break; 609 610 case KEY_SPEC_USER_KEYRING: 611 key = context->user->uid_keyring; 612 atomic_inc(&key->usage); 613 key_ref = make_key_ref(key, 1); 614 break; 615 616 case KEY_SPEC_USER_SESSION_KEYRING: 617 key = context->user->session_keyring; 618 atomic_inc(&key->usage); 619 key_ref = make_key_ref(key, 1); 620 break; 621 622 case KEY_SPEC_GROUP_KEYRING: 623 /* group keyrings are not yet supported */ 624 key = ERR_PTR(-EINVAL); 625 goto error; 626 627 case KEY_SPEC_REQKEY_AUTH_KEY: 628 key = context->request_key_auth; 629 if (!key) 630 goto error; 631 632 atomic_inc(&key->usage); 633 key_ref = make_key_ref(key, 1); 634 break; 635 636 default: 637 key_ref = ERR_PTR(-EINVAL); 638 if (id < 1) 639 goto error; 640 641 key = key_lookup(id); 642 if (IS_ERR(key)) { 643 key_ref = ERR_PTR(PTR_ERR(key)); 644 goto error; 645 } 646 647 key_ref = make_key_ref(key, 0); 648 649 /* check to see if we possess the key */ 650 skey_ref = search_process_keyrings(key->type, key, 651 lookup_user_key_possessed, 652 current); 653 654 if (!IS_ERR(skey_ref)) { 655 key_put(key); 656 key_ref = skey_ref; 657 } 658 659 break; 660 } 661 662 /* check the status */ 663 if (perm) { 664 ret = key_validate(key); 665 if (ret < 0) 666 goto invalid_key; 667 } 668 669 ret = -EIO; 670 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 671 goto invalid_key; 672 673 /* check the permissions */ 674 ret = key_task_permission(key_ref, context, perm); 675 if (ret < 0) 676 goto invalid_key; 677 678 error: 679 return key_ref; 680 681 invalid_key: 682 key_ref_put(key_ref); 683 key_ref = ERR_PTR(ret); 684 goto error; 685 686 } /* end lookup_user_key() */ 687 688 /*****************************************************************************/ 689 /* 690 * join the named keyring as the session keyring if possible, or attempt to 691 * create a new one of that name if not 692 * - if the name is NULL, an empty anonymous keyring is installed instead 693 * - named session keyring joining is done with a semaphore held 694 */ 695 long join_session_keyring(const char *name) 696 { 697 struct task_struct *tsk = current; 698 struct key *keyring; 699 long ret; 700 701 /* if no name is provided, install an anonymous keyring */ 702 if (!name) { 703 ret = install_session_keyring(tsk, NULL); 704 if (ret < 0) 705 goto error; 706 707 rcu_read_lock(); 708 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 709 rcu_read_unlock(); 710 goto error; 711 } 712 713 /* allow the user to join or create a named keyring */ 714 down(&key_session_sem); 715 716 /* look for an existing keyring of this name */ 717 keyring = find_keyring_by_name(name, 0); 718 if (PTR_ERR(keyring) == -ENOKEY) { 719 /* not found - try and create a new one */ 720 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 721 if (IS_ERR(keyring)) { 722 ret = PTR_ERR(keyring); 723 goto error2; 724 } 725 } 726 else if (IS_ERR(keyring)) { 727 ret = PTR_ERR(keyring); 728 goto error2; 729 } 730 731 /* we've got a keyring - now to install it */ 732 ret = install_session_keyring(tsk, keyring); 733 if (ret < 0) 734 goto error2; 735 736 ret = keyring->serial; 737 key_put(keyring); 738 739 error2: 740 up(&key_session_sem); 741 error: 742 return ret; 743 744 } /* end join_session_keyring() */ 745