1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/sched/user.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <linux/mutex.h> 20 #include <linux/security.h> 21 #include <linux/user_namespace.h> 22 #include <linux/uaccess.h> 23 #include "internal.h" 24 25 /* Session keyring create vs join semaphore */ 26 static DEFINE_MUTEX(key_session_mutex); 27 28 /* User keyring creation semaphore */ 29 static DEFINE_MUTEX(key_user_keyring_mutex); 30 31 /* The root user's tracking struct */ 32 struct key_user root_key_user = { 33 .usage = REFCOUNT_INIT(3), 34 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 35 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 36 .nkeys = ATOMIC_INIT(2), 37 .nikeys = ATOMIC_INIT(2), 38 .uid = GLOBAL_ROOT_UID, 39 }; 40 41 /* 42 * Install the user and user session keyrings for the current process's UID. 43 */ 44 int install_user_keyrings(void) 45 { 46 struct user_struct *user; 47 const struct cred *cred; 48 struct key *uid_keyring, *session_keyring; 49 key_perm_t user_keyring_perm; 50 char buf[20]; 51 int ret; 52 uid_t uid; 53 54 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 55 cred = current_cred(); 56 user = cred->user; 57 uid = from_kuid(cred->user_ns, user->uid); 58 59 kenter("%p{%u}", user, uid); 60 61 if (user->uid_keyring && user->session_keyring) { 62 kleave(" = 0 [exist]"); 63 return 0; 64 } 65 66 mutex_lock(&key_user_keyring_mutex); 67 ret = 0; 68 69 if (!user->uid_keyring) { 70 /* get the UID-specific keyring 71 * - there may be one in existence already as it may have been 72 * pinned by a session, but the user_struct pointing to it 73 * may have been destroyed by setuid */ 74 sprintf(buf, "_uid.%u", uid); 75 76 uid_keyring = find_keyring_by_name(buf, true); 77 if (IS_ERR(uid_keyring)) { 78 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 79 cred, user_keyring_perm, 80 KEY_ALLOC_UID_KEYRING | 81 KEY_ALLOC_IN_QUOTA, 82 NULL, NULL); 83 if (IS_ERR(uid_keyring)) { 84 ret = PTR_ERR(uid_keyring); 85 goto error; 86 } 87 } 88 89 /* get a default session keyring (which might also exist 90 * already) */ 91 sprintf(buf, "_uid_ses.%u", uid); 92 93 session_keyring = find_keyring_by_name(buf, true); 94 if (IS_ERR(session_keyring)) { 95 session_keyring = 96 keyring_alloc(buf, user->uid, INVALID_GID, 97 cred, user_keyring_perm, 98 KEY_ALLOC_UID_KEYRING | 99 KEY_ALLOC_IN_QUOTA, 100 NULL, NULL); 101 if (IS_ERR(session_keyring)) { 102 ret = PTR_ERR(session_keyring); 103 goto error_release; 104 } 105 106 /* we install a link from the user session keyring to 107 * the user keyring */ 108 ret = key_link(session_keyring, uid_keyring); 109 if (ret < 0) 110 goto error_release_both; 111 } 112 113 /* install the keyrings */ 114 user->uid_keyring = uid_keyring; 115 user->session_keyring = session_keyring; 116 } 117 118 mutex_unlock(&key_user_keyring_mutex); 119 kleave(" = 0"); 120 return 0; 121 122 error_release_both: 123 key_put(session_keyring); 124 error_release: 125 key_put(uid_keyring); 126 error: 127 mutex_unlock(&key_user_keyring_mutex); 128 kleave(" = %d", ret); 129 return ret; 130 } 131 132 /* 133 * Install a thread keyring to the given credentials struct if it didn't have 134 * one already. This is allowed to overrun the quota. 135 * 136 * Return: 0 if a thread keyring is now present; -errno on failure. 137 */ 138 int install_thread_keyring_to_cred(struct cred *new) 139 { 140 struct key *keyring; 141 142 if (new->thread_keyring) 143 return 0; 144 145 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 146 KEY_POS_ALL | KEY_USR_VIEW, 147 KEY_ALLOC_QUOTA_OVERRUN, 148 NULL, NULL); 149 if (IS_ERR(keyring)) 150 return PTR_ERR(keyring); 151 152 new->thread_keyring = keyring; 153 return 0; 154 } 155 156 /* 157 * Install a thread keyring to the current task if it didn't have one already. 158 * 159 * Return: 0 if a thread keyring is now present; -errno on failure. 160 */ 161 static int install_thread_keyring(void) 162 { 163 struct cred *new; 164 int ret; 165 166 new = prepare_creds(); 167 if (!new) 168 return -ENOMEM; 169 170 ret = install_thread_keyring_to_cred(new); 171 if (ret < 0) { 172 abort_creds(new); 173 return ret; 174 } 175 176 return commit_creds(new); 177 } 178 179 /* 180 * Install a process keyring to the given credentials struct if it didn't have 181 * one already. This is allowed to overrun the quota. 182 * 183 * Return: 0 if a process keyring is now present; -errno on failure. 184 */ 185 int install_process_keyring_to_cred(struct cred *new) 186 { 187 struct key *keyring; 188 189 if (new->process_keyring) 190 return 0; 191 192 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 193 KEY_POS_ALL | KEY_USR_VIEW, 194 KEY_ALLOC_QUOTA_OVERRUN, 195 NULL, NULL); 196 if (IS_ERR(keyring)) 197 return PTR_ERR(keyring); 198 199 new->process_keyring = keyring; 200 return 0; 201 } 202 203 /* 204 * Install a process keyring to the current task if it didn't have one already. 205 * 206 * Return: 0 if a process keyring is now present; -errno on failure. 207 */ 208 static int install_process_keyring(void) 209 { 210 struct cred *new; 211 int ret; 212 213 new = prepare_creds(); 214 if (!new) 215 return -ENOMEM; 216 217 ret = install_process_keyring_to_cred(new); 218 if (ret < 0) { 219 abort_creds(new); 220 return ret; 221 } 222 223 return commit_creds(new); 224 } 225 226 /* 227 * Install the given keyring as the session keyring of the given credentials 228 * struct, replacing the existing one if any. If the given keyring is NULL, 229 * then install a new anonymous session keyring. 230 * 231 * Return: 0 on success; -errno on failure. 232 */ 233 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 234 { 235 unsigned long flags; 236 struct key *old; 237 238 might_sleep(); 239 240 /* create an empty session keyring */ 241 if (!keyring) { 242 flags = KEY_ALLOC_QUOTA_OVERRUN; 243 if (cred->session_keyring) 244 flags = KEY_ALLOC_IN_QUOTA; 245 246 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 247 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 248 flags, NULL, NULL); 249 if (IS_ERR(keyring)) 250 return PTR_ERR(keyring); 251 } else { 252 __key_get(keyring); 253 } 254 255 /* install the keyring */ 256 old = cred->session_keyring; 257 rcu_assign_pointer(cred->session_keyring, keyring); 258 259 if (old) 260 key_put(old); 261 262 return 0; 263 } 264 265 /* 266 * Install the given keyring as the session keyring of the current task, 267 * replacing the existing one if any. If the given keyring is NULL, then 268 * install a new anonymous session keyring. 269 * 270 * Return: 0 on success; -errno on failure. 271 */ 272 static int install_session_keyring(struct key *keyring) 273 { 274 struct cred *new; 275 int ret; 276 277 new = prepare_creds(); 278 if (!new) 279 return -ENOMEM; 280 281 ret = install_session_keyring_to_cred(new, keyring); 282 if (ret < 0) { 283 abort_creds(new); 284 return ret; 285 } 286 287 return commit_creds(new); 288 } 289 290 /* 291 * Handle the fsuid changing. 292 */ 293 void key_fsuid_changed(struct task_struct *tsk) 294 { 295 /* update the ownership of the thread keyring */ 296 BUG_ON(!tsk->cred); 297 if (tsk->cred->thread_keyring) { 298 down_write(&tsk->cred->thread_keyring->sem); 299 tsk->cred->thread_keyring->uid = tsk->cred->fsuid; 300 up_write(&tsk->cred->thread_keyring->sem); 301 } 302 } 303 304 /* 305 * Handle the fsgid changing. 306 */ 307 void key_fsgid_changed(struct task_struct *tsk) 308 { 309 /* update the ownership of the thread keyring */ 310 BUG_ON(!tsk->cred); 311 if (tsk->cred->thread_keyring) { 312 down_write(&tsk->cred->thread_keyring->sem); 313 tsk->cred->thread_keyring->gid = tsk->cred->fsgid; 314 up_write(&tsk->cred->thread_keyring->sem); 315 } 316 } 317 318 /* 319 * Search the process keyrings attached to the supplied cred for the first 320 * matching key. 321 * 322 * The search criteria are the type and the match function. The description is 323 * given to the match function as a parameter, but doesn't otherwise influence 324 * the search. Typically the match function will compare the description 325 * parameter to the key's description. 326 * 327 * This can only search keyrings that grant Search permission to the supplied 328 * credentials. Keyrings linked to searched keyrings will also be searched if 329 * they grant Search permission too. Keys can only be found if they grant 330 * Search permission to the credentials. 331 * 332 * Returns a pointer to the key with the key usage count incremented if 333 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 334 * matched negative keys. 335 * 336 * In the case of a successful return, the possession attribute is set on the 337 * returned key reference. 338 */ 339 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx) 340 { 341 key_ref_t key_ref, ret, err; 342 343 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 344 * searchable, but we failed to find a key or we found a negative key; 345 * otherwise we want to return a sample error (probably -EACCES) if 346 * none of the keyrings were searchable 347 * 348 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 349 */ 350 key_ref = NULL; 351 ret = NULL; 352 err = ERR_PTR(-EAGAIN); 353 354 /* search the thread keyring first */ 355 if (ctx->cred->thread_keyring) { 356 key_ref = keyring_search_aux( 357 make_key_ref(ctx->cred->thread_keyring, 1), ctx); 358 if (!IS_ERR(key_ref)) 359 goto found; 360 361 switch (PTR_ERR(key_ref)) { 362 case -EAGAIN: /* no key */ 363 case -ENOKEY: /* negative key */ 364 ret = key_ref; 365 break; 366 default: 367 err = key_ref; 368 break; 369 } 370 } 371 372 /* search the process keyring second */ 373 if (ctx->cred->process_keyring) { 374 key_ref = keyring_search_aux( 375 make_key_ref(ctx->cred->process_keyring, 1), ctx); 376 if (!IS_ERR(key_ref)) 377 goto found; 378 379 switch (PTR_ERR(key_ref)) { 380 case -EAGAIN: /* no key */ 381 if (ret) 382 break; 383 case -ENOKEY: /* negative key */ 384 ret = key_ref; 385 break; 386 default: 387 err = key_ref; 388 break; 389 } 390 } 391 392 /* search the session keyring */ 393 if (ctx->cred->session_keyring) { 394 rcu_read_lock(); 395 key_ref = keyring_search_aux( 396 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1), 397 ctx); 398 rcu_read_unlock(); 399 400 if (!IS_ERR(key_ref)) 401 goto found; 402 403 switch (PTR_ERR(key_ref)) { 404 case -EAGAIN: /* no key */ 405 if (ret) 406 break; 407 case -ENOKEY: /* negative key */ 408 ret = key_ref; 409 break; 410 default: 411 err = key_ref; 412 break; 413 } 414 } 415 /* or search the user-session keyring */ 416 else if (ctx->cred->user->session_keyring) { 417 key_ref = keyring_search_aux( 418 make_key_ref(ctx->cred->user->session_keyring, 1), 419 ctx); 420 if (!IS_ERR(key_ref)) 421 goto found; 422 423 switch (PTR_ERR(key_ref)) { 424 case -EAGAIN: /* no key */ 425 if (ret) 426 break; 427 case -ENOKEY: /* negative key */ 428 ret = key_ref; 429 break; 430 default: 431 err = key_ref; 432 break; 433 } 434 } 435 436 /* no key - decide on the error we're going to go for */ 437 key_ref = ret ? ret : err; 438 439 found: 440 return key_ref; 441 } 442 443 /* 444 * Search the process keyrings attached to the supplied cred for the first 445 * matching key in the manner of search_my_process_keyrings(), but also search 446 * the keys attached to the assumed authorisation key using its credentials if 447 * one is available. 448 * 449 * Return same as search_my_process_keyrings(). 450 */ 451 key_ref_t search_process_keyrings(struct keyring_search_context *ctx) 452 { 453 struct request_key_auth *rka; 454 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 455 456 might_sleep(); 457 458 key_ref = search_my_process_keyrings(ctx); 459 if (!IS_ERR(key_ref)) 460 goto found; 461 err = key_ref; 462 463 /* if this process has an instantiation authorisation key, then we also 464 * search the keyrings of the process mentioned there 465 * - we don't permit access to request_key auth keys via this method 466 */ 467 if (ctx->cred->request_key_auth && 468 ctx->cred == current_cred() && 469 ctx->index_key.type != &key_type_request_key_auth 470 ) { 471 const struct cred *cred = ctx->cred; 472 473 /* defend against the auth key being revoked */ 474 down_read(&cred->request_key_auth->sem); 475 476 if (key_validate(ctx->cred->request_key_auth) == 0) { 477 rka = ctx->cred->request_key_auth->payload.data[0]; 478 479 ctx->cred = rka->cred; 480 key_ref = search_process_keyrings(ctx); 481 ctx->cred = cred; 482 483 up_read(&cred->request_key_auth->sem); 484 485 if (!IS_ERR(key_ref)) 486 goto found; 487 488 ret = key_ref; 489 } else { 490 up_read(&cred->request_key_auth->sem); 491 } 492 } 493 494 /* no key - decide on the error we're going to go for */ 495 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 496 key_ref = ERR_PTR(-ENOKEY); 497 else if (err == ERR_PTR(-EACCES)) 498 key_ref = ret; 499 else 500 key_ref = err; 501 502 found: 503 return key_ref; 504 } 505 506 /* 507 * See if the key we're looking at is the target key. 508 */ 509 bool lookup_user_key_possessed(const struct key *key, 510 const struct key_match_data *match_data) 511 { 512 return key == match_data->raw_data; 513 } 514 515 /* 516 * Look up a key ID given us by userspace with a given permissions mask to get 517 * the key it refers to. 518 * 519 * Flags can be passed to request that special keyrings be created if referred 520 * to directly, to permit partially constructed keys to be found and to skip 521 * validity and permission checks on the found key. 522 * 523 * Returns a pointer to the key with an incremented usage count if successful; 524 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 525 * to a key or the best found key was a negative key; -EKEYREVOKED or 526 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 527 * found key doesn't grant the requested permit or the LSM denied access to it; 528 * or -ENOMEM if a special keyring couldn't be created. 529 * 530 * In the case of a successful return, the possession attribute is set on the 531 * returned key reference. 532 */ 533 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 534 key_perm_t perm) 535 { 536 struct keyring_search_context ctx = { 537 .match_data.cmp = lookup_user_key_possessed, 538 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 539 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 540 }; 541 struct request_key_auth *rka; 542 struct key *key; 543 key_ref_t key_ref, skey_ref; 544 int ret; 545 546 try_again: 547 ctx.cred = get_current_cred(); 548 key_ref = ERR_PTR(-ENOKEY); 549 550 switch (id) { 551 case KEY_SPEC_THREAD_KEYRING: 552 if (!ctx.cred->thread_keyring) { 553 if (!(lflags & KEY_LOOKUP_CREATE)) 554 goto error; 555 556 ret = install_thread_keyring(); 557 if (ret < 0) { 558 key_ref = ERR_PTR(ret); 559 goto error; 560 } 561 goto reget_creds; 562 } 563 564 key = ctx.cred->thread_keyring; 565 __key_get(key); 566 key_ref = make_key_ref(key, 1); 567 break; 568 569 case KEY_SPEC_PROCESS_KEYRING: 570 if (!ctx.cred->process_keyring) { 571 if (!(lflags & KEY_LOOKUP_CREATE)) 572 goto error; 573 574 ret = install_process_keyring(); 575 if (ret < 0) { 576 key_ref = ERR_PTR(ret); 577 goto error; 578 } 579 goto reget_creds; 580 } 581 582 key = ctx.cred->process_keyring; 583 __key_get(key); 584 key_ref = make_key_ref(key, 1); 585 break; 586 587 case KEY_SPEC_SESSION_KEYRING: 588 if (!ctx.cred->session_keyring) { 589 /* always install a session keyring upon access if one 590 * doesn't exist yet */ 591 ret = install_user_keyrings(); 592 if (ret < 0) 593 goto error; 594 if (lflags & KEY_LOOKUP_CREATE) 595 ret = join_session_keyring(NULL); 596 else 597 ret = install_session_keyring( 598 ctx.cred->user->session_keyring); 599 600 if (ret < 0) 601 goto error; 602 goto reget_creds; 603 } else if (ctx.cred->session_keyring == 604 ctx.cred->user->session_keyring && 605 lflags & KEY_LOOKUP_CREATE) { 606 ret = join_session_keyring(NULL); 607 if (ret < 0) 608 goto error; 609 goto reget_creds; 610 } 611 612 rcu_read_lock(); 613 key = rcu_dereference(ctx.cred->session_keyring); 614 __key_get(key); 615 rcu_read_unlock(); 616 key_ref = make_key_ref(key, 1); 617 break; 618 619 case KEY_SPEC_USER_KEYRING: 620 if (!ctx.cred->user->uid_keyring) { 621 ret = install_user_keyrings(); 622 if (ret < 0) 623 goto error; 624 } 625 626 key = ctx.cred->user->uid_keyring; 627 __key_get(key); 628 key_ref = make_key_ref(key, 1); 629 break; 630 631 case KEY_SPEC_USER_SESSION_KEYRING: 632 if (!ctx.cred->user->session_keyring) { 633 ret = install_user_keyrings(); 634 if (ret < 0) 635 goto error; 636 } 637 638 key = ctx.cred->user->session_keyring; 639 __key_get(key); 640 key_ref = make_key_ref(key, 1); 641 break; 642 643 case KEY_SPEC_GROUP_KEYRING: 644 /* group keyrings are not yet supported */ 645 key_ref = ERR_PTR(-EINVAL); 646 goto error; 647 648 case KEY_SPEC_REQKEY_AUTH_KEY: 649 key = ctx.cred->request_key_auth; 650 if (!key) 651 goto error; 652 653 __key_get(key); 654 key_ref = make_key_ref(key, 1); 655 break; 656 657 case KEY_SPEC_REQUESTOR_KEYRING: 658 if (!ctx.cred->request_key_auth) 659 goto error; 660 661 down_read(&ctx.cred->request_key_auth->sem); 662 if (test_bit(KEY_FLAG_REVOKED, 663 &ctx.cred->request_key_auth->flags)) { 664 key_ref = ERR_PTR(-EKEYREVOKED); 665 key = NULL; 666 } else { 667 rka = ctx.cred->request_key_auth->payload.data[0]; 668 key = rka->dest_keyring; 669 __key_get(key); 670 } 671 up_read(&ctx.cred->request_key_auth->sem); 672 if (!key) 673 goto error; 674 key_ref = make_key_ref(key, 1); 675 break; 676 677 default: 678 key_ref = ERR_PTR(-EINVAL); 679 if (id < 1) 680 goto error; 681 682 key = key_lookup(id); 683 if (IS_ERR(key)) { 684 key_ref = ERR_CAST(key); 685 goto error; 686 } 687 688 key_ref = make_key_ref(key, 0); 689 690 /* check to see if we possess the key */ 691 ctx.index_key.type = key->type; 692 ctx.index_key.description = key->description; 693 ctx.index_key.desc_len = strlen(key->description); 694 ctx.match_data.raw_data = key; 695 kdebug("check possessed"); 696 skey_ref = search_process_keyrings(&ctx); 697 kdebug("possessed=%p", skey_ref); 698 699 if (!IS_ERR(skey_ref)) { 700 key_put(key); 701 key_ref = skey_ref; 702 } 703 704 break; 705 } 706 707 /* unlink does not use the nominated key in any way, so can skip all 708 * the permission checks as it is only concerned with the keyring */ 709 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 710 ret = 0; 711 goto error; 712 } 713 714 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 715 ret = wait_for_key_construction(key, true); 716 switch (ret) { 717 case -ERESTARTSYS: 718 goto invalid_key; 719 default: 720 if (perm) 721 goto invalid_key; 722 case 0: 723 break; 724 } 725 } else if (perm) { 726 ret = key_validate(key); 727 if (ret < 0) 728 goto invalid_key; 729 } 730 731 ret = -EIO; 732 if (!(lflags & KEY_LOOKUP_PARTIAL) && 733 key_read_state(key) == KEY_IS_UNINSTANTIATED) 734 goto invalid_key; 735 736 /* check the permissions */ 737 ret = key_task_permission(key_ref, ctx.cred, perm); 738 if (ret < 0) 739 goto invalid_key; 740 741 key->last_used_at = ktime_get_real_seconds(); 742 743 error: 744 put_cred(ctx.cred); 745 return key_ref; 746 747 invalid_key: 748 key_ref_put(key_ref); 749 key_ref = ERR_PTR(ret); 750 goto error; 751 752 /* if we attempted to install a keyring, then it may have caused new 753 * creds to be installed */ 754 reget_creds: 755 put_cred(ctx.cred); 756 goto try_again; 757 } 758 759 /* 760 * Join the named keyring as the session keyring if possible else attempt to 761 * create a new one of that name and join that. 762 * 763 * If the name is NULL, an empty anonymous keyring will be installed as the 764 * session keyring. 765 * 766 * Named session keyrings are joined with a semaphore held to prevent the 767 * keyrings from going away whilst the attempt is made to going them and also 768 * to prevent a race in creating compatible session keyrings. 769 */ 770 long join_session_keyring(const char *name) 771 { 772 const struct cred *old; 773 struct cred *new; 774 struct key *keyring; 775 long ret, serial; 776 777 new = prepare_creds(); 778 if (!new) 779 return -ENOMEM; 780 old = current_cred(); 781 782 /* if no name is provided, install an anonymous keyring */ 783 if (!name) { 784 ret = install_session_keyring_to_cred(new, NULL); 785 if (ret < 0) 786 goto error; 787 788 serial = new->session_keyring->serial; 789 ret = commit_creds(new); 790 if (ret == 0) 791 ret = serial; 792 goto okay; 793 } 794 795 /* allow the user to join or create a named keyring */ 796 mutex_lock(&key_session_mutex); 797 798 /* look for an existing keyring of this name */ 799 keyring = find_keyring_by_name(name, false); 800 if (PTR_ERR(keyring) == -ENOKEY) { 801 /* not found - try and create a new one */ 802 keyring = keyring_alloc( 803 name, old->uid, old->gid, old, 804 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 805 KEY_ALLOC_IN_QUOTA, NULL, NULL); 806 if (IS_ERR(keyring)) { 807 ret = PTR_ERR(keyring); 808 goto error2; 809 } 810 } else if (IS_ERR(keyring)) { 811 ret = PTR_ERR(keyring); 812 goto error2; 813 } else if (keyring == new->session_keyring) { 814 ret = 0; 815 goto error3; 816 } 817 818 /* we've got a keyring - now to install it */ 819 ret = install_session_keyring_to_cred(new, keyring); 820 if (ret < 0) 821 goto error3; 822 823 commit_creds(new); 824 mutex_unlock(&key_session_mutex); 825 826 ret = keyring->serial; 827 key_put(keyring); 828 okay: 829 return ret; 830 831 error3: 832 key_put(keyring); 833 error2: 834 mutex_unlock(&key_session_mutex); 835 error: 836 abort_creds(new); 837 return ret; 838 } 839 840 /* 841 * Replace a process's session keyring on behalf of one of its children when 842 * the target process is about to resume userspace execution. 843 */ 844 void key_change_session_keyring(struct callback_head *twork) 845 { 846 const struct cred *old = current_cred(); 847 struct cred *new = container_of(twork, struct cred, rcu); 848 849 if (unlikely(current->flags & PF_EXITING)) { 850 put_cred(new); 851 return; 852 } 853 854 new-> uid = old-> uid; 855 new-> euid = old-> euid; 856 new-> suid = old-> suid; 857 new->fsuid = old->fsuid; 858 new-> gid = old-> gid; 859 new-> egid = old-> egid; 860 new-> sgid = old-> sgid; 861 new->fsgid = old->fsgid; 862 new->user = get_uid(old->user); 863 new->user_ns = get_user_ns(old->user_ns); 864 new->group_info = get_group_info(old->group_info); 865 866 new->securebits = old->securebits; 867 new->cap_inheritable = old->cap_inheritable; 868 new->cap_permitted = old->cap_permitted; 869 new->cap_effective = old->cap_effective; 870 new->cap_ambient = old->cap_ambient; 871 new->cap_bset = old->cap_bset; 872 873 new->jit_keyring = old->jit_keyring; 874 new->thread_keyring = key_get(old->thread_keyring); 875 new->process_keyring = key_get(old->process_keyring); 876 877 security_transfer_creds(new, old); 878 879 commit_creds(new); 880 } 881 882 /* 883 * Make sure that root's user and user-session keyrings exist. 884 */ 885 static int __init init_root_keyring(void) 886 { 887 return install_user_keyrings(); 888 } 889 890 late_initcall(init_root_keyring); 891