1 /* process_keys.c: management of a process's keyrings 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <linux/mutex.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /* session keyring create vs join semaphore */ 24 static DEFINE_MUTEX(key_session_mutex); 25 26 /* the root user's tracking struct */ 27 struct key_user root_key_user = { 28 .usage = ATOMIC_INIT(3), 29 .consq = LIST_HEAD_INIT(root_key_user.consq), 30 .lock = SPIN_LOCK_UNLOCKED, 31 .nkeys = ATOMIC_INIT(2), 32 .nikeys = ATOMIC_INIT(2), 33 .uid = 0, 34 }; 35 36 /* the root user's UID keyring */ 37 struct key root_user_keyring = { 38 .usage = ATOMIC_INIT(1), 39 .serial = 2, 40 .type = &key_type_keyring, 41 .user = &root_key_user, 42 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 43 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 44 .flags = 1 << KEY_FLAG_INSTANTIATED, 45 .description = "_uid.0", 46 #ifdef KEY_DEBUGGING 47 .magic = KEY_DEBUG_MAGIC, 48 #endif 49 }; 50 51 /* the root user's default session keyring */ 52 struct key root_session_keyring = { 53 .usage = ATOMIC_INIT(1), 54 .serial = 1, 55 .type = &key_type_keyring, 56 .user = &root_key_user, 57 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 58 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 59 .flags = 1 << KEY_FLAG_INSTANTIATED, 60 .description = "_uid_ses.0", 61 #ifdef KEY_DEBUGGING 62 .magic = KEY_DEBUG_MAGIC, 63 #endif 64 }; 65 66 /*****************************************************************************/ 67 /* 68 * allocate the keyrings to be associated with a UID 69 */ 70 int alloc_uid_keyring(struct user_struct *user) 71 { 72 struct key *uid_keyring, *session_keyring; 73 char buf[20]; 74 int ret; 75 76 /* concoct a default session keyring */ 77 sprintf(buf, "_uid_ses.%u", user->uid); 78 79 session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, NULL); 80 if (IS_ERR(session_keyring)) { 81 ret = PTR_ERR(session_keyring); 82 goto error; 83 } 84 85 /* and a UID specific keyring, pointed to by the default session 86 * keyring */ 87 sprintf(buf, "_uid.%u", user->uid); 88 89 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 0, 90 session_keyring); 91 if (IS_ERR(uid_keyring)) { 92 key_put(session_keyring); 93 ret = PTR_ERR(uid_keyring); 94 goto error; 95 } 96 97 /* install the keyrings */ 98 user->uid_keyring = uid_keyring; 99 user->session_keyring = session_keyring; 100 ret = 0; 101 102 error: 103 return ret; 104 105 } /* end alloc_uid_keyring() */ 106 107 /*****************************************************************************/ 108 /* 109 * deal with the UID changing 110 */ 111 void switch_uid_keyring(struct user_struct *new_user) 112 { 113 #if 0 /* do nothing for now */ 114 struct key *old; 115 116 /* switch to the new user's session keyring if we were running under 117 * root's default session keyring */ 118 if (new_user->uid != 0 && 119 current->session_keyring == &root_session_keyring 120 ) { 121 atomic_inc(&new_user->session_keyring->usage); 122 123 task_lock(current); 124 old = current->session_keyring; 125 current->session_keyring = new_user->session_keyring; 126 task_unlock(current); 127 128 key_put(old); 129 } 130 #endif 131 132 } /* end switch_uid_keyring() */ 133 134 /*****************************************************************************/ 135 /* 136 * install a fresh thread keyring, discarding the old one 137 */ 138 int install_thread_keyring(struct task_struct *tsk) 139 { 140 struct key *keyring, *old; 141 char buf[20]; 142 int ret; 143 144 sprintf(buf, "_tid.%u", tsk->pid); 145 146 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 147 if (IS_ERR(keyring)) { 148 ret = PTR_ERR(keyring); 149 goto error; 150 } 151 152 task_lock(tsk); 153 old = tsk->thread_keyring; 154 tsk->thread_keyring = keyring; 155 task_unlock(tsk); 156 157 ret = 0; 158 159 key_put(old); 160 error: 161 return ret; 162 163 } /* end install_thread_keyring() */ 164 165 /*****************************************************************************/ 166 /* 167 * make sure a process keyring is installed 168 */ 169 int install_process_keyring(struct task_struct *tsk) 170 { 171 struct key *keyring; 172 char buf[20]; 173 int ret; 174 175 might_sleep(); 176 177 if (!tsk->signal->process_keyring) { 178 sprintf(buf, "_pid.%u", tsk->tgid); 179 180 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 181 if (IS_ERR(keyring)) { 182 ret = PTR_ERR(keyring); 183 goto error; 184 } 185 186 /* attach keyring */ 187 spin_lock_irq(&tsk->sighand->siglock); 188 if (!tsk->signal->process_keyring) { 189 tsk->signal->process_keyring = keyring; 190 keyring = NULL; 191 } 192 spin_unlock_irq(&tsk->sighand->siglock); 193 194 key_put(keyring); 195 } 196 197 ret = 0; 198 error: 199 return ret; 200 201 } /* end install_process_keyring() */ 202 203 /*****************************************************************************/ 204 /* 205 * install a session keyring, discarding the old one 206 * - if a keyring is not supplied, an empty one is invented 207 */ 208 static int install_session_keyring(struct task_struct *tsk, 209 struct key *keyring) 210 { 211 struct key *old; 212 char buf[20]; 213 214 might_sleep(); 215 216 /* create an empty session keyring */ 217 if (!keyring) { 218 sprintf(buf, "_ses.%u", tsk->tgid); 219 220 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, 1, NULL); 221 if (IS_ERR(keyring)) 222 return PTR_ERR(keyring); 223 } 224 else { 225 atomic_inc(&keyring->usage); 226 } 227 228 /* install the keyring */ 229 spin_lock_irq(&tsk->sighand->siglock); 230 old = tsk->signal->session_keyring; 231 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 232 spin_unlock_irq(&tsk->sighand->siglock); 233 234 /* we're using RCU on the pointer, but there's no point synchronising 235 * on it if it didn't previously point to anything */ 236 if (old) { 237 synchronize_rcu(); 238 key_put(old); 239 } 240 241 return 0; 242 243 } /* end install_session_keyring() */ 244 245 /*****************************************************************************/ 246 /* 247 * copy the keys in a thread group for fork without CLONE_THREAD 248 */ 249 int copy_thread_group_keys(struct task_struct *tsk) 250 { 251 key_check(current->thread_group->session_keyring); 252 key_check(current->thread_group->process_keyring); 253 254 /* no process keyring yet */ 255 tsk->signal->process_keyring = NULL; 256 257 /* same session keyring */ 258 rcu_read_lock(); 259 tsk->signal->session_keyring = 260 key_get(rcu_dereference(current->signal->session_keyring)); 261 rcu_read_unlock(); 262 263 return 0; 264 265 } /* end copy_thread_group_keys() */ 266 267 /*****************************************************************************/ 268 /* 269 * copy the keys for fork 270 */ 271 int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 272 { 273 key_check(tsk->thread_keyring); 274 key_check(tsk->request_key_auth); 275 276 /* no thread keyring yet */ 277 tsk->thread_keyring = NULL; 278 279 /* copy the request_key() authorisation for this thread */ 280 key_get(tsk->request_key_auth); 281 282 return 0; 283 284 } /* end copy_keys() */ 285 286 /*****************************************************************************/ 287 /* 288 * dispose of thread group keys upon thread group destruction 289 */ 290 void exit_thread_group_keys(struct signal_struct *tg) 291 { 292 key_put(tg->session_keyring); 293 key_put(tg->process_keyring); 294 295 } /* end exit_thread_group_keys() */ 296 297 /*****************************************************************************/ 298 /* 299 * dispose of per-thread keys upon thread exit 300 */ 301 void exit_keys(struct task_struct *tsk) 302 { 303 key_put(tsk->thread_keyring); 304 key_put(tsk->request_key_auth); 305 306 } /* end exit_keys() */ 307 308 /*****************************************************************************/ 309 /* 310 * deal with execve() 311 */ 312 int exec_keys(struct task_struct *tsk) 313 { 314 struct key *old; 315 316 /* newly exec'd tasks don't get a thread keyring */ 317 task_lock(tsk); 318 old = tsk->thread_keyring; 319 tsk->thread_keyring = NULL; 320 task_unlock(tsk); 321 322 key_put(old); 323 324 /* discard the process keyring from a newly exec'd task */ 325 spin_lock_irq(&tsk->sighand->siglock); 326 old = tsk->signal->process_keyring; 327 tsk->signal->process_keyring = NULL; 328 spin_unlock_irq(&tsk->sighand->siglock); 329 330 key_put(old); 331 332 return 0; 333 334 } /* end exec_keys() */ 335 336 /*****************************************************************************/ 337 /* 338 * deal with SUID programs 339 * - we might want to make this invent a new session keyring 340 */ 341 int suid_keys(struct task_struct *tsk) 342 { 343 return 0; 344 345 } /* end suid_keys() */ 346 347 /*****************************************************************************/ 348 /* 349 * the filesystem user ID changed 350 */ 351 void key_fsuid_changed(struct task_struct *tsk) 352 { 353 /* update the ownership of the thread keyring */ 354 if (tsk->thread_keyring) { 355 down_write(&tsk->thread_keyring->sem); 356 tsk->thread_keyring->uid = tsk->fsuid; 357 up_write(&tsk->thread_keyring->sem); 358 } 359 360 } /* end key_fsuid_changed() */ 361 362 /*****************************************************************************/ 363 /* 364 * the filesystem group ID changed 365 */ 366 void key_fsgid_changed(struct task_struct *tsk) 367 { 368 /* update the ownership of the thread keyring */ 369 if (tsk->thread_keyring) { 370 down_write(&tsk->thread_keyring->sem); 371 tsk->thread_keyring->gid = tsk->fsgid; 372 up_write(&tsk->thread_keyring->sem); 373 } 374 375 } /* end key_fsgid_changed() */ 376 377 /*****************************************************************************/ 378 /* 379 * search the process keyrings for the first matching key 380 * - we use the supplied match function to see if the description (or other 381 * feature of interest) matches 382 * - we return -EAGAIN if we didn't find any matching key 383 * - we return -ENOKEY if we found only negative matching keys 384 */ 385 key_ref_t search_process_keyrings(struct key_type *type, 386 const void *description, 387 key_match_func_t match, 388 struct task_struct *context) 389 { 390 struct request_key_auth *rka; 391 key_ref_t key_ref, ret, err; 392 393 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 394 * searchable, but we failed to find a key or we found a negative key; 395 * otherwise we want to return a sample error (probably -EACCES) if 396 * none of the keyrings were searchable 397 * 398 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 399 */ 400 key_ref = NULL; 401 ret = NULL; 402 err = ERR_PTR(-EAGAIN); 403 404 /* search the thread keyring first */ 405 if (context->thread_keyring) { 406 key_ref = keyring_search_aux( 407 make_key_ref(context->thread_keyring, 1), 408 context, type, description, match); 409 if (!IS_ERR(key_ref)) 410 goto found; 411 412 switch (PTR_ERR(key_ref)) { 413 case -EAGAIN: /* no key */ 414 if (ret) 415 break; 416 case -ENOKEY: /* negative key */ 417 ret = key_ref; 418 break; 419 default: 420 err = key_ref; 421 break; 422 } 423 } 424 425 /* search the process keyring second */ 426 if (context->signal->process_keyring) { 427 key_ref = keyring_search_aux( 428 make_key_ref(context->signal->process_keyring, 1), 429 context, type, description, match); 430 if (!IS_ERR(key_ref)) 431 goto found; 432 433 switch (PTR_ERR(key_ref)) { 434 case -EAGAIN: /* no key */ 435 if (ret) 436 break; 437 case -ENOKEY: /* negative key */ 438 ret = key_ref; 439 break; 440 default: 441 err = key_ref; 442 break; 443 } 444 } 445 446 /* search the session keyring */ 447 if (context->signal->session_keyring) { 448 rcu_read_lock(); 449 key_ref = keyring_search_aux( 450 make_key_ref(rcu_dereference( 451 context->signal->session_keyring), 452 1), 453 context, type, description, match); 454 rcu_read_unlock(); 455 456 if (!IS_ERR(key_ref)) 457 goto found; 458 459 switch (PTR_ERR(key_ref)) { 460 case -EAGAIN: /* no key */ 461 if (ret) 462 break; 463 case -ENOKEY: /* negative key */ 464 ret = key_ref; 465 break; 466 default: 467 err = key_ref; 468 break; 469 } 470 } 471 /* or search the user-session keyring */ 472 else { 473 key_ref = keyring_search_aux( 474 make_key_ref(context->user->session_keyring, 1), 475 context, type, description, match); 476 if (!IS_ERR(key_ref)) 477 goto found; 478 479 switch (PTR_ERR(key_ref)) { 480 case -EAGAIN: /* no key */ 481 if (ret) 482 break; 483 case -ENOKEY: /* negative key */ 484 ret = key_ref; 485 break; 486 default: 487 err = key_ref; 488 break; 489 } 490 } 491 492 /* if this process has an instantiation authorisation key, then we also 493 * search the keyrings of the process mentioned there 494 * - we don't permit access to request_key auth keys via this method 495 */ 496 if (context->request_key_auth && 497 context == current && 498 type != &key_type_request_key_auth && 499 key_validate(context->request_key_auth) == 0 500 ) { 501 rka = context->request_key_auth->payload.data; 502 503 key_ref = search_process_keyrings(type, description, match, 504 rka->context); 505 506 if (!IS_ERR(key_ref)) 507 goto found; 508 509 switch (PTR_ERR(key_ref)) { 510 case -EAGAIN: /* no key */ 511 if (ret) 512 break; 513 case -ENOKEY: /* negative key */ 514 ret = key_ref; 515 break; 516 default: 517 err = key_ref; 518 break; 519 } 520 } 521 522 /* no key - decide on the error we're going to go for */ 523 key_ref = ret ? ret : err; 524 525 found: 526 return key_ref; 527 528 } /* end search_process_keyrings() */ 529 530 /*****************************************************************************/ 531 /* 532 * see if the key we're looking at is the target key 533 */ 534 static int lookup_user_key_possessed(const struct key *key, const void *target) 535 { 536 return key == target; 537 538 } /* end lookup_user_key_possessed() */ 539 540 /*****************************************************************************/ 541 /* 542 * lookup a key given a key ID from userspace with a given permissions mask 543 * - don't create special keyrings unless so requested 544 * - partially constructed keys aren't found unless requested 545 */ 546 key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, 547 int create, int partial, key_perm_t perm) 548 { 549 key_ref_t key_ref, skey_ref; 550 struct key *key; 551 int ret; 552 553 if (!context) 554 context = current; 555 556 key_ref = ERR_PTR(-ENOKEY); 557 558 switch (id) { 559 case KEY_SPEC_THREAD_KEYRING: 560 if (!context->thread_keyring) { 561 if (!create) 562 goto error; 563 564 ret = install_thread_keyring(context); 565 if (ret < 0) { 566 key = ERR_PTR(ret); 567 goto error; 568 } 569 } 570 571 key = context->thread_keyring; 572 atomic_inc(&key->usage); 573 key_ref = make_key_ref(key, 1); 574 break; 575 576 case KEY_SPEC_PROCESS_KEYRING: 577 if (!context->signal->process_keyring) { 578 if (!create) 579 goto error; 580 581 ret = install_process_keyring(context); 582 if (ret < 0) { 583 key = ERR_PTR(ret); 584 goto error; 585 } 586 } 587 588 key = context->signal->process_keyring; 589 atomic_inc(&key->usage); 590 key_ref = make_key_ref(key, 1); 591 break; 592 593 case KEY_SPEC_SESSION_KEYRING: 594 if (!context->signal->session_keyring) { 595 /* always install a session keyring upon access if one 596 * doesn't exist yet */ 597 ret = install_session_keyring( 598 context, context->user->session_keyring); 599 if (ret < 0) 600 goto error; 601 } 602 603 rcu_read_lock(); 604 key = rcu_dereference(context->signal->session_keyring); 605 atomic_inc(&key->usage); 606 rcu_read_unlock(); 607 key_ref = make_key_ref(key, 1); 608 break; 609 610 case KEY_SPEC_USER_KEYRING: 611 key = context->user->uid_keyring; 612 atomic_inc(&key->usage); 613 key_ref = make_key_ref(key, 1); 614 break; 615 616 case KEY_SPEC_USER_SESSION_KEYRING: 617 key = context->user->session_keyring; 618 atomic_inc(&key->usage); 619 key_ref = make_key_ref(key, 1); 620 break; 621 622 case KEY_SPEC_GROUP_KEYRING: 623 /* group keyrings are not yet supported */ 624 key = ERR_PTR(-EINVAL); 625 goto error; 626 627 case KEY_SPEC_REQKEY_AUTH_KEY: 628 key = context->request_key_auth; 629 if (!key) 630 goto error; 631 632 atomic_inc(&key->usage); 633 key_ref = make_key_ref(key, 1); 634 break; 635 636 default: 637 key_ref = ERR_PTR(-EINVAL); 638 if (id < 1) 639 goto error; 640 641 key = key_lookup(id); 642 if (IS_ERR(key)) { 643 key_ref = ERR_PTR(PTR_ERR(key)); 644 goto error; 645 } 646 647 key_ref = make_key_ref(key, 0); 648 649 /* check to see if we possess the key */ 650 skey_ref = search_process_keyrings(key->type, key, 651 lookup_user_key_possessed, 652 current); 653 654 if (!IS_ERR(skey_ref)) { 655 key_put(key); 656 key_ref = skey_ref; 657 } 658 659 break; 660 } 661 662 /* check the status */ 663 if (perm) { 664 ret = key_validate(key); 665 if (ret < 0) 666 goto invalid_key; 667 } 668 669 ret = -EIO; 670 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 671 goto invalid_key; 672 673 /* check the permissions */ 674 ret = key_task_permission(key_ref, context, perm); 675 if (ret < 0) 676 goto invalid_key; 677 678 error: 679 return key_ref; 680 681 invalid_key: 682 key_ref_put(key_ref); 683 key_ref = ERR_PTR(ret); 684 goto error; 685 686 } /* end lookup_user_key() */ 687 688 /*****************************************************************************/ 689 /* 690 * join the named keyring as the session keyring if possible, or attempt to 691 * create a new one of that name if not 692 * - if the name is NULL, an empty anonymous keyring is installed instead 693 * - named session keyring joining is done with a semaphore held 694 */ 695 long join_session_keyring(const char *name) 696 { 697 struct task_struct *tsk = current; 698 struct key *keyring; 699 long ret; 700 701 /* if no name is provided, install an anonymous keyring */ 702 if (!name) { 703 ret = install_session_keyring(tsk, NULL); 704 if (ret < 0) 705 goto error; 706 707 rcu_read_lock(); 708 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 709 rcu_read_unlock(); 710 goto error; 711 } 712 713 /* allow the user to join or create a named keyring */ 714 mutex_lock(&key_session_mutex); 715 716 /* look for an existing keyring of this name */ 717 keyring = find_keyring_by_name(name, 0); 718 if (PTR_ERR(keyring) == -ENOKEY) { 719 /* not found - try and create a new one */ 720 keyring = keyring_alloc(name, tsk->uid, tsk->gid, 0, NULL); 721 if (IS_ERR(keyring)) { 722 ret = PTR_ERR(keyring); 723 goto error2; 724 } 725 } 726 else if (IS_ERR(keyring)) { 727 ret = PTR_ERR(keyring); 728 goto error2; 729 } 730 731 /* we've got a keyring - now to install it */ 732 ret = install_session_keyring(tsk, keyring); 733 if (ret < 0) 734 goto error2; 735 736 ret = keyring->serial; 737 key_put(keyring); 738 739 error2: 740 mutex_unlock(&key_session_mutex); 741 error: 742 return ret; 743 744 } /* end join_session_keyring() */ 745