projects / GitHub / mt8127 / android_kernel_alcatel_ttab.git / blame
| Commit | Line | Data |
|---|---|---|
| 973c9f4f | 1 | /* Manage a process's keyrings |
| 1da177e4 | 2 | * |
| 69664cf1 | 3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
| 1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * | |
| 6 | * This program is free software; you can redistribute it and/or | |
| 7 | * modify it under the terms of the GNU General Public License | |
| 8 | * as published by the Free Software Foundation; either version | |
| 9 | * 2 of the License, or (at your option) any later version. | |
| 10 | */ | |
| 11 | ||
| 12 | #include <linux/module.h> | |
| 13 | #include <linux/init.h> | |
| 14 | #include <linux/sched.h> | |
| 1da177e4 LT |
15 | #include <linux/keyctl.h> |
| 16 | #include <linux/fs.h> | |
| 17 | #include <linux/err.h> | |
| bb003079 | 18 | #include <linux/mutex.h> |
| ee18d64c | 19 | #include <linux/security.h> |
| 1d1e9756 | 20 | #include <linux/user_namespace.h> |
| 1da177e4 LT |
21 | #include <asm/uaccess.h> |
| 22 | #include "internal.h" | |
| 23 | ||
| 973c9f4f | 24 | /* Session keyring create vs join semaphore */ |
| bb003079 | 25 | static DEFINE_MUTEX(key_session_mutex); |
| 1da177e4 | 26 | |
| 973c9f4f | 27 | /* User keyring creation semaphore */ |
| 69664cf1 DH |
28 | static DEFINE_MUTEX(key_user_keyring_mutex); |
| 29 | ||
| 973c9f4f | 30 | /* The root user's tracking struct */ |
| 1da177e4 LT |
31 | struct key_user root_key_user = { |
| 32 | .usage = ATOMIC_INIT(3), | |
| 76181c13 | 33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
| 6cfd76a2 | 34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
| 1da177e4 LT |
35 | .nkeys = ATOMIC_INIT(2), |
| 36 | .nikeys = ATOMIC_INIT(2), | |
| 37 | .uid = 0, | |
| 1d1e9756 | 38 | .user_ns = &init_user_ns, |
| 1da177e4 LT |
39 | }; |
| 40 | ||
| 1da177e4 | 41 | /* |
| 973c9f4f | 42 | * Install the user and user session keyrings for the current process's UID. |
| 1da177e4 | 43 | */ |
| 8bbf4976 | 44 | int install_user_keyrings(void) |
| 1da177e4 | 45 | { |
| d84f4f99 DH |
46 | struct user_struct *user; |
| 47 | const struct cred *cred; | |
| 1da177e4 | 48 | struct key *uid_keyring, *session_keyring; |
| 96b5c8fe | 49 | key_perm_t user_keyring_perm; |
| 1da177e4 LT |
50 | char buf[20]; |
| 51 | int ret; | |
| 52 | ||
| 96b5c8fe | 53 | user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; |
| d84f4f99 DH |
54 | cred = current_cred(); |
| 55 | user = cred->user; | |
| 56 | ||
| 69664cf1 | 57 | kenter("%p{%u}", user, user->uid); |
| 1da177e4 | 58 | |
| 69664cf1 DH |
59 | if (user->uid_keyring) { |
| 60 | kleave(" = 0 [exist]"); | |
| 61 | return 0; | |
| 1da177e4 LT |
62 | } |
| 63 | ||
| 69664cf1 DH |
64 | mutex_lock(&key_user_keyring_mutex); |
| 65 | ret = 0; | |
| 1da177e4 | 66 | |
| 69664cf1 DH |
67 | if (!user->uid_keyring) { |
| 68 | /* get the UID-specific keyring | |
| 69 | * - there may be one in existence already as it may have been | |
| 70 | * pinned by a session, but the user_struct pointing to it | |
| 71 | * may have been destroyed by setuid */ | |
| 72 | sprintf(buf, "_uid.%u", user->uid); | |
| 73 | ||
| 74 | uid_keyring = find_keyring_by_name(buf, true); | |
| 75 | if (IS_ERR(uid_keyring)) { | |
| 76 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, | |
| 96b5c8fe DH |
77 | cred, user_keyring_perm, |
| 78 | KEY_ALLOC_IN_QUOTA, NULL); | |
| 69664cf1 DH |
79 | if (IS_ERR(uid_keyring)) { |
| 80 | ret = PTR_ERR(uid_keyring); | |
| 81 | goto error; | |
| 82 | } | |
| 83 | } | |
| 84 | ||
| 85 | /* get a default session keyring (which might also exist | |
| 86 | * already) */ | |
| 87 | sprintf(buf, "_uid_ses.%u", user->uid); | |
| 88 | ||
| 89 | session_keyring = find_keyring_by_name(buf, true); | |
| 90 | if (IS_ERR(session_keyring)) { | |
| 91 | session_keyring = | |
| 92 | keyring_alloc(buf, user->uid, (gid_t) -1, | |
| 96b5c8fe DH |
93 | cred, user_keyring_perm, |
| 94 | KEY_ALLOC_IN_QUOTA, NULL); | |
| 69664cf1 DH |
95 | if (IS_ERR(session_keyring)) { |
| 96 | ret = PTR_ERR(session_keyring); | |
| 97 | goto error_release; | |
| 98 | } | |
| 99 | ||
| 100 | /* we install a link from the user session keyring to | |
| 101 | * the user keyring */ | |
| 102 | ret = key_link(session_keyring, uid_keyring); | |
| 103 | if (ret < 0) | |
| 104 | goto error_release_both; | |
| 105 | } | |
| 106 | ||
| 107 | /* install the keyrings */ | |
| 108 | user->uid_keyring = uid_keyring; | |
| 109 | user->session_keyring = session_keyring; | |
| 1da177e4 LT |
110 | } |
| 111 | ||
| 69664cf1 DH |
112 | mutex_unlock(&key_user_keyring_mutex); |
| 113 | kleave(" = 0"); | |
| 114 | return 0; | |
| 1da177e4 | 115 | |
| 69664cf1 DH |
116 | error_release_both: |
| 117 | key_put(session_keyring); | |
| 118 | error_release: | |
| 119 | key_put(uid_keyring); | |
| 664cceb0 | 120 | error: |
| 69664cf1 DH |
121 | mutex_unlock(&key_user_keyring_mutex); |
| 122 | kleave(" = %d", ret); | |
| 1da177e4 | 123 | return ret; |
| 69664cf1 | 124 | } |
| 1da177e4 | 125 | |
| 1da177e4 | 126 | /* |
| 973c9f4f DH |
127 | * Install a fresh thread keyring directly to new credentials. This keyring is |
| 128 | * allowed to overrun the quota. | |
| 1da177e4 | 129 | */ |
| d84f4f99 | 130 | int install_thread_keyring_to_cred(struct cred *new) |
| 1da177e4 | 131 | { |
| d84f4f99 | 132 | struct key *keyring; |
| 1da177e4 | 133 | |
| d84f4f99 | 134 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
| 96b5c8fe | 135 | KEY_POS_ALL | KEY_USR_VIEW, |
| d84f4f99 DH |
136 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
| 137 | if (IS_ERR(keyring)) | |
| 138 | return PTR_ERR(keyring); | |
| 1da177e4 | 139 | |
| d84f4f99 DH |
140 | new->thread_keyring = keyring; |
| 141 | return 0; | |
| 142 | } | |
| 1da177e4 | 143 | |
| 1da177e4 | 144 | /* |
| 973c9f4f | 145 | * Install a fresh thread keyring, discarding the old one. |
| 1da177e4 | 146 | */ |
| d84f4f99 | 147 | static int install_thread_keyring(void) |
| 1da177e4 | 148 | { |
| d84f4f99 | 149 | struct cred *new; |
| 1da177e4 LT |
150 | int ret; |
| 151 | ||
| d84f4f99 DH |
152 | new = prepare_creds(); |
| 153 | if (!new) | |
| 154 | return -ENOMEM; | |
| 1da177e4 | 155 | |
| d84f4f99 DH |
156 | BUG_ON(new->thread_keyring); |
| 157 | ||
| 158 | ret = install_thread_keyring_to_cred(new); | |
| 159 | if (ret < 0) { | |
| 160 | abort_creds(new); | |
| 161 | return ret; | |
| 1da177e4 LT |
162 | } |
| 163 | ||
| d84f4f99 DH |
164 | return commit_creds(new); |
| 165 | } | |
| 1da177e4 | 166 | |
| d84f4f99 | 167 | /* |
| 973c9f4f DH |
168 | * Install a process keyring directly to a credentials struct. |
| 169 | * | |
| 170 | * Returns -EEXIST if there was already a process keyring, 0 if one installed, | |
| 171 | * and other value on any other error | |
| d84f4f99 DH |
172 | */ |
| 173 | int install_process_keyring_to_cred(struct cred *new) | |
| 174 | { | |
| 175 | struct key *keyring; | |
| 1da177e4 | 176 | |
| 3a50597d | 177 | if (new->process_keyring) |
| d84f4f99 DH |
178 | return -EEXIST; |
| 179 | ||
| 96b5c8fe DH |
180 | keyring = keyring_alloc("_pid", new->uid, new->gid, new, |
| 181 | KEY_POS_ALL | KEY_USR_VIEW, | |
| 182 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
| d84f4f99 DH |
183 | if (IS_ERR(keyring)) |
| 184 | return PTR_ERR(keyring); | |
| 185 | ||
| 3a50597d DH |
186 | new->process_keyring = keyring; |
| 187 | return 0; | |
| d84f4f99 | 188 | } |
| 1da177e4 | 189 | |
| 1da177e4 | 190 | /* |
| 973c9f4f DH |
191 | * Make sure a process keyring is installed for the current process. The |
| 192 | * existing process keyring is not replaced. | |
| 193 | * | |
| 194 | * Returns 0 if there is a process keyring by the end of this function, some | |
| 195 | * error otherwise. | |
| 1da177e4 | 196 | */ |
| d84f4f99 | 197 | static int install_process_keyring(void) |
| 1da177e4 | 198 | { |
| d84f4f99 | 199 | struct cred *new; |
| 1da177e4 LT |
200 | int ret; |
| 201 | ||
| d84f4f99 DH |
202 | new = prepare_creds(); |
| 203 | if (!new) | |
| 204 | return -ENOMEM; | |
| 1da177e4 | 205 | |
| d84f4f99 DH |
206 | ret = install_process_keyring_to_cred(new); |
| 207 | if (ret < 0) { | |
| 208 | abort_creds(new); | |
| 27d63798 | 209 | return ret != -EEXIST ? ret : 0; |
| 1da177e4 LT |
210 | } |
| 211 | ||
| d84f4f99 DH |
212 | return commit_creds(new); |
| 213 | } | |
| 1da177e4 | 214 | |
| 1da177e4 | 215 | /* |
| 973c9f4f | 216 | * Install a session keyring directly to a credentials struct. |
| 1da177e4 | 217 | */ |
| 685bfd2c | 218 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
| 1da177e4 | 219 | { |
| 7e047ef5 | 220 | unsigned long flags; |
| 1da177e4 | 221 | struct key *old; |
| 1a26feb9 DH |
222 | |
| 223 | might_sleep(); | |
| 1da177e4 LT |
224 | |
| 225 | /* create an empty session keyring */ | |
| 226 | if (!keyring) { | |
| 7e047ef5 | 227 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
| 3a50597d | 228 | if (cred->session_keyring) |
| 7e047ef5 DH |
229 | flags = KEY_ALLOC_IN_QUOTA; |
| 230 | ||
| 96b5c8fe DH |
231 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, |
| 232 | KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, | |
| 233 | flags, NULL); | |
| 1a26feb9 DH |
234 | if (IS_ERR(keyring)) |
| 235 | return PTR_ERR(keyring); | |
| d84f4f99 | 236 | } else { |
| 1da177e4 LT |
237 | atomic_inc(&keyring->usage); |
| 238 | } | |
| 239 | ||
| 240 | /* install the keyring */ | |
| 3a50597d DH |
241 | old = cred->session_keyring; |
| 242 | rcu_assign_pointer(cred->session_keyring, keyring); | |
| 243 | ||
| 244 | if (old) | |
| 1a26feb9 | 245 | key_put(old); |
| 1da177e4 | 246 | |
| 1a26feb9 | 247 | return 0; |
| d84f4f99 | 248 | } |
| 1da177e4 | 249 | |
| 1da177e4 | 250 | /* |
| 973c9f4f DH |
251 | * Install a session keyring, discarding the old one. If a keyring is not |
| 252 | * supplied, an empty one is invented. | |
| 1da177e4 | 253 | */ |
| d84f4f99 | 254 | static int install_session_keyring(struct key *keyring) |
| 1da177e4 | 255 | { |
| d84f4f99 DH |
256 | struct cred *new; |
| 257 | int ret; | |
| 1da177e4 | 258 | |
| d84f4f99 DH |
259 | new = prepare_creds(); |
| 260 | if (!new) | |
| 261 | return -ENOMEM; | |
| 1da177e4 | 262 | |
| 99599537 | 263 | ret = install_session_keyring_to_cred(new, keyring); |
| d84f4f99 DH |
264 | if (ret < 0) { |
| 265 | abort_creds(new); | |
| 266 | return ret; | |
| 267 | } | |
| 1da177e4 | 268 | |
| d84f4f99 DH |
269 | return commit_creds(new); |
| 270 | } | |
| 1da177e4 | 271 | |
| 1da177e4 | 272 | /* |
| 973c9f4f | 273 | * Handle the fsuid changing. |
| 1da177e4 LT |
274 | */ |
| 275 | void key_fsuid_changed(struct task_struct *tsk) | |
| 276 | { | |
| 277 | /* update the ownership of the thread keyring */ | |
| b6dff3ec DH |
278 | BUG_ON(!tsk->cred); |
| 279 | if (tsk->cred->thread_keyring) { | |
| 280 | down_write(&tsk->cred->thread_keyring->sem); | |
| 281 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; | |
| 282 | up_write(&tsk->cred->thread_keyring->sem); | |
| 1da177e4 | 283 | } |
| a8b17ed0 | 284 | } |
| 1da177e4 | 285 | |
| 1da177e4 | 286 | /* |
| 973c9f4f | 287 | * Handle the fsgid changing. |
| 1da177e4 LT |
288 | */ |
| 289 | void key_fsgid_changed(struct task_struct *tsk) | |
| 290 | { | |
| 291 | /* update the ownership of the thread keyring */ | |
| b6dff3ec DH |
292 | BUG_ON(!tsk->cred); |
| 293 | if (tsk->cred->thread_keyring) { | |
| 294 | down_write(&tsk->cred->thread_keyring->sem); | |
| 295 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; | |
| 296 | up_write(&tsk->cred->thread_keyring->sem); | |
| 1da177e4 | 297 | } |
| a8b17ed0 | 298 | } |
| 1da177e4 | 299 | |
| 1da177e4 | 300 | /* |
| 973c9f4f DH |
301 | * Search the process keyrings attached to the supplied cred for the first |
| 302 | * matching key. | |
| 303 | * | |
| 304 | * The search criteria are the type and the match function. The description is | |
| 305 | * given to the match function as a parameter, but doesn't otherwise influence | |
| 306 | * the search. Typically the match function will compare the description | |
| 307 | * parameter to the key's description. | |
| 308 | * | |
| 309 | * This can only search keyrings that grant Search permission to the supplied | |
| 310 | * credentials. Keyrings linked to searched keyrings will also be searched if | |
| 311 | * they grant Search permission too. Keys can only be found if they grant | |
| 312 | * Search permission to the credentials. | |
| 313 | * | |
| 314 | * Returns a pointer to the key with the key usage count incremented if | |
| 315 | * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only | |
| 316 | * matched negative keys. | |
| 317 | * | |
| 318 | * In the case of a successful return, the possession attribute is set on the | |
| 319 | * returned key reference. | |
| 1da177e4 | 320 | */ |
| 927942aa DH |
321 | key_ref_t search_my_process_keyrings(struct key_type *type, |
| 322 | const void *description, | |
| 323 | key_match_func_t match, | |
| 78b7280c | 324 | bool no_state_check, |
| 927942aa | 325 | const struct cred *cred) |
| 1da177e4 | 326 | { |
| b5f545c8 | 327 | key_ref_t key_ref, ret, err; |
| 1da177e4 LT |
328 | |
| 329 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were | |
| 330 | * searchable, but we failed to find a key or we found a negative key; | |
| 331 | * otherwise we want to return a sample error (probably -EACCES) if | |
| 332 | * none of the keyrings were searchable | |
| 333 | * | |
| 334 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error | |
| 335 | */ | |
| 664cceb0 | 336 | key_ref = NULL; |
| 1da177e4 LT |
337 | ret = NULL; |
| 338 | err = ERR_PTR(-EAGAIN); | |
| 339 | ||
| 340 | /* search the thread keyring first */ | |
| c69e8d9c | 341 | if (cred->thread_keyring) { |
| 664cceb0 | 342 | key_ref = keyring_search_aux( |
| c69e8d9c | 343 | make_key_ref(cred->thread_keyring, 1), |
| 78b7280c | 344 | cred, type, description, match, no_state_check); |
| 664cceb0 | 345 | if (!IS_ERR(key_ref)) |
| 1da177e4 LT |
346 | goto found; |
| 347 | ||
| 664cceb0 | 348 | switch (PTR_ERR(key_ref)) { |
| 1da177e4 | 349 | case -EAGAIN: /* no key */ |
| 1da177e4 | 350 | case -ENOKEY: /* negative key */ |
| 664cceb0 | 351 | ret = key_ref; |
| 1da177e4 LT |
352 | break; |
| 353 | default: | |
| 664cceb0 | 354 | err = key_ref; |
| 1da177e4 LT |
355 | break; |
| 356 | } | |
| 357 | } | |
| 358 | ||
| 359 | /* search the process keyring second */ | |
| 3a50597d | 360 | if (cred->process_keyring) { |
| 664cceb0 | 361 | key_ref = keyring_search_aux( |
| 3a50597d | 362 | make_key_ref(cred->process_keyring, 1), |
| 78b7280c | 363 | cred, type, description, match, no_state_check); |
| 664cceb0 | 364 | if (!IS_ERR(key_ref)) |
| 1da177e4 LT |
365 | goto found; |
| 366 | ||
| 664cceb0 | 367 | switch (PTR_ERR(key_ref)) { |
| 1da177e4 LT |
368 | case -EAGAIN: /* no key */ |
| 369 | if (ret) | |
| 370 | break; | |
| 371 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 372 | ret = key_ref; |
| 1da177e4 LT |
373 | break; |
| 374 | default: | |
| 664cceb0 | 375 | err = key_ref; |
| 1da177e4 LT |
376 | break; |
| 377 | } | |
| 378 | } | |
| 379 | ||
| 3e30148c | 380 | /* search the session keyring */ |
| 3a50597d | 381 | if (cred->session_keyring) { |
| 8589b4e0 | 382 | rcu_read_lock(); |
| 664cceb0 | 383 | key_ref = keyring_search_aux( |
| 3a50597d | 384 | make_key_ref(rcu_dereference(cred->session_keyring), 1), |
| 78b7280c | 385 | cred, type, description, match, no_state_check); |
| 8589b4e0 | 386 | rcu_read_unlock(); |
| 3e30148c | 387 | |
| 664cceb0 | 388 | if (!IS_ERR(key_ref)) |
| 3e30148c DH |
389 | goto found; |
| 390 | ||
| 664cceb0 | 391 | switch (PTR_ERR(key_ref)) { |
| 3e30148c DH |
392 | case -EAGAIN: /* no key */ |
| 393 | if (ret) | |
| 394 | break; | |
| 395 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 396 | ret = key_ref; |
| 3e30148c DH |
397 | break; |
| 398 | default: | |
| 664cceb0 | 399 | err = key_ref; |
| 3e30148c DH |
400 | break; |
| 401 | } | |
| b5f545c8 DH |
402 | } |
| 403 | /* or search the user-session keyring */ | |
| c69e8d9c | 404 | else if (cred->user->session_keyring) { |
| b5f545c8 | 405 | key_ref = keyring_search_aux( |
| c69e8d9c | 406 | make_key_ref(cred->user->session_keyring, 1), |
| 78b7280c | 407 | cred, type, description, match, no_state_check); |
| 664cceb0 | 408 | if (!IS_ERR(key_ref)) |
| 3e30148c DH |
409 | goto found; |
| 410 | ||
| 664cceb0 | 411 | switch (PTR_ERR(key_ref)) { |
| 3e30148c DH |
412 | case -EAGAIN: /* no key */ |
| 413 | if (ret) | |
| 414 | break; | |
| 415 | case -ENOKEY: /* negative key */ | |
| 664cceb0 | 416 | ret = key_ref; |
| 3e30148c DH |
417 | break; |
| 418 | default: | |
| 664cceb0 | 419 | err = key_ref; |
| 3e30148c DH |
420 | break; |
| 421 | } | |
| 8589b4e0 | 422 | } |
| b5f545c8 | 423 | |
| 927942aa DH |
424 | /* no key - decide on the error we're going to go for */ |
| 425 | key_ref = ret ? ret : err; | |
| 426 | ||
| 427 | found: | |
| 428 | return key_ref; | |
| 429 | } | |
| 430 | ||
| 927942aa | 431 | /* |
| 973c9f4f DH |
432 | * Search the process keyrings attached to the supplied cred for the first |
| 433 | * matching key in the manner of search_my_process_keyrings(), but also search | |
| 434 | * the keys attached to the assumed authorisation key using its credentials if | |
| 435 | * one is available. | |
| 436 | * | |
| 437 | * Return same as search_my_process_keyrings(). | |
| 927942aa DH |
438 | */ |
| 439 | key_ref_t search_process_keyrings(struct key_type *type, | |
| 440 | const void *description, | |
| 441 | key_match_func_t match, | |
| 442 | const struct cred *cred) | |
| 443 | { | |
| 444 | struct request_key_auth *rka; | |
| 445 | key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; | |
| 446 | ||
| 447 | might_sleep(); | |
| 448 | ||
| 78b7280c DH |
449 | key_ref = search_my_process_keyrings(type, description, match, |
| 450 | false, cred); | |
| 927942aa DH |
451 | if (!IS_ERR(key_ref)) |
| 452 | goto found; | |
| 453 | err = key_ref; | |
| 454 | ||
| b5f545c8 DH |
455 | /* if this process has an instantiation authorisation key, then we also |
| 456 | * search the keyrings of the process mentioned there | |
| 457 | * - we don't permit access to request_key auth keys via this method | |
| 458 | */ | |
| c69e8d9c | 459 | if (cred->request_key_auth && |
| d84f4f99 | 460 | cred == current_cred() && |
| 04c567d9 | 461 | type != &key_type_request_key_auth |
| b5f545c8 | 462 | ) { |
| 04c567d9 | 463 | /* defend against the auth key being revoked */ |
| c69e8d9c | 464 | down_read(&cred->request_key_auth->sem); |
| b5f545c8 | 465 | |
| c69e8d9c DH |
466 | if (key_validate(cred->request_key_auth) == 0) { |
| 467 | rka = cred->request_key_auth->payload.data; | |
| b5f545c8 | 468 | |
| 04c567d9 | 469 | key_ref = search_process_keyrings(type, description, |
| d84f4f99 | 470 | match, rka->cred); |
| 1da177e4 | 471 | |
| c69e8d9c | 472 | up_read(&cred->request_key_auth->sem); |
| 04c567d9 DH |
473 | |
| 474 | if (!IS_ERR(key_ref)) | |
| 475 | goto found; | |
| 476 | ||
| 927942aa | 477 | ret = key_ref; |
| 04c567d9 | 478 | } else { |
| c69e8d9c | 479 | up_read(&cred->request_key_auth->sem); |
| 3e30148c | 480 | } |
| 1da177e4 LT |
481 | } |
| 482 | ||
| 483 | /* no key - decide on the error we're going to go for */ | |
| 927942aa DH |
484 | if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) |
| 485 | key_ref = ERR_PTR(-ENOKEY); | |
| 486 | else if (err == ERR_PTR(-EACCES)) | |
| 487 | key_ref = ret; | |
| 488 | else | |
| 489 | key_ref = err; | |
| 1da177e4 | 490 | |
| 3e30148c | 491 | found: |
| 664cceb0 | 492 | return key_ref; |
| a8b17ed0 | 493 | } |
| 1da177e4 | 494 | |
| 664cceb0 | 495 | /* |
| 973c9f4f | 496 | * See if the key we're looking at is the target key. |
| 664cceb0 | 497 | */ |
| 927942aa | 498 | int lookup_user_key_possessed(const struct key *key, const void *target) |
| 664cceb0 DH |
499 | { |
| 500 | return key == target; | |
| a8b17ed0 | 501 | } |
| 664cceb0 | 502 | |
| 1da177e4 | 503 | /* |
| 973c9f4f DH |
504 | * Look up a key ID given us by userspace with a given permissions mask to get |
| 505 | * the key it refers to. | |
| 506 | * | |
| 507 | * Flags can be passed to request that special keyrings be created if referred | |
| 508 | * to directly, to permit partially constructed keys to be found and to skip | |
| 509 | * validity and permission checks on the found key. | |
| 510 | * | |
| 511 | * Returns a pointer to the key with an incremented usage count if successful; | |
| 512 | * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond | |
| 513 | * to a key or the best found key was a negative key; -EKEYREVOKED or | |
| 514 | * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the | |
| 515 | * found key doesn't grant the requested permit or the LSM denied access to it; | |
| 516 | * or -ENOMEM if a special keyring couldn't be created. | |
| 517 | * | |
| 518 | * In the case of a successful return, the possession attribute is set on the | |
| 519 | * returned key reference. | |
| 1da177e4 | 520 | */ |
| 5593122e | 521 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
| 8bbf4976 | 522 | key_perm_t perm) |
| 1da177e4 | 523 | { |
| 8bbf4976 | 524 | struct request_key_auth *rka; |
| d84f4f99 | 525 | const struct cred *cred; |
| 1da177e4 | 526 | struct key *key; |
| b6dff3ec | 527 | key_ref_t key_ref, skey_ref; |
| 1da177e4 LT |
528 | int ret; |
| 529 | ||
| bb952bb9 DH |
530 | try_again: |
| 531 | cred = get_current_cred(); | |
| 664cceb0 | 532 | key_ref = ERR_PTR(-ENOKEY); |
| 1da177e4 LT |
533 | |
| 534 | switch (id) { | |
| 535 | case KEY_SPEC_THREAD_KEYRING: | |
| b6dff3ec | 536 | if (!cred->thread_keyring) { |
| 5593122e | 537 | if (!(lflags & KEY_LOOKUP_CREATE)) |
| 1da177e4 LT |
538 | goto error; |
| 539 | ||
| 8bbf4976 | 540 | ret = install_thread_keyring(); |
| 1da177e4 | 541 | if (ret < 0) { |
| 4d09ec0f | 542 | key_ref = ERR_PTR(ret); |
| 1da177e4 LT |
543 | goto error; |
| 544 | } | |
| bb952bb9 | 545 | goto reget_creds; |
| 1da177e4 LT |
546 | } |
| 547 | ||
| b6dff3ec | 548 | key = cred->thread_keyring; |
| 1da177e4 | 549 | atomic_inc(&key->usage); |
| 664cceb0 | 550 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
551 | break; |
| 552 | ||
| 553 | case KEY_SPEC_PROCESS_KEYRING: | |
| 3a50597d | 554 | if (!cred->process_keyring) { |
| 5593122e | 555 | if (!(lflags & KEY_LOOKUP_CREATE)) |
| 1da177e4 LT |
556 | goto error; |
| 557 | ||
| 8bbf4976 | 558 | ret = install_process_keyring(); |
| 1da177e4 | 559 | if (ret < 0) { |
| 4d09ec0f | 560 | key_ref = ERR_PTR(ret); |
| 1da177e4 LT |
561 | goto error; |
| 562 | } | |
| bb952bb9 | 563 | goto reget_creds; |
| 1da177e4 LT |
564 | } |
| 565 | ||
| 3a50597d | 566 | key = cred->process_keyring; |
| 1da177e4 | 567 | atomic_inc(&key->usage); |
| 664cceb0 | 568 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
569 | break; |
| 570 | ||
| 571 | case KEY_SPEC_SESSION_KEYRING: | |
| 3a50597d | 572 | if (!cred->session_keyring) { |
| 1da177e4 LT |
573 | /* always install a session keyring upon access if one |
| 574 | * doesn't exist yet */ | |
| 8bbf4976 | 575 | ret = install_user_keyrings(); |
| 69664cf1 DH |
576 | if (ret < 0) |
| 577 | goto error; | |
| 3ecf1b4f DH |
578 | if (lflags & KEY_LOOKUP_CREATE) |
| 579 | ret = join_session_keyring(NULL); | |
| 580 | else | |
| 581 | ret = install_session_keyring( | |
| 582 | cred->user->session_keyring); | |
| d84f4f99 | 583 | |
| 1da177e4 LT |
584 | if (ret < 0) |
| 585 | goto error; | |
| bb952bb9 | 586 | goto reget_creds; |
| 3a50597d | 587 | } else if (cred->session_keyring == |
| 3ecf1b4f DH |
588 | cred->user->session_keyring && |
| 589 | lflags & KEY_LOOKUP_CREATE) { | |
| 590 | ret = join_session_keyring(NULL); | |
| 591 | if (ret < 0) | |
| 592 | goto error; | |
| 593 | goto reget_creds; | |
| 1da177e4 LT |
594 | } |
| 595 | ||
| 3e30148c | 596 | rcu_read_lock(); |
| 3a50597d | 597 | key = rcu_dereference(cred->session_keyring); |
| 1da177e4 | 598 | atomic_inc(&key->usage); |
| 3e30148c | 599 | rcu_read_unlock(); |
| 664cceb0 | 600 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
601 | break; |
| 602 | ||
| 603 | case KEY_SPEC_USER_KEYRING: | |
| b6dff3ec | 604 | if (!cred->user->uid_keyring) { |
| 8bbf4976 | 605 | ret = install_user_keyrings(); |
| 69664cf1 DH |
606 | if (ret < 0) |
| 607 | goto error; | |
| 608 | } | |
| 609 | ||
| b6dff3ec | 610 | key = cred->user->uid_keyring; |
| 1da177e4 | 611 | atomic_inc(&key->usage); |
| 664cceb0 | 612 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
613 | break; |
| 614 | ||
| 615 | case KEY_SPEC_USER_SESSION_KEYRING: | |
| b6dff3ec | 616 | if (!cred->user->session_keyring) { |
| 8bbf4976 | 617 | ret = install_user_keyrings(); |
| 69664cf1 DH |
618 | if (ret < 0) |
| 619 | goto error; | |
| 620 | } | |
| 621 | ||
| b6dff3ec | 622 | key = cred->user->session_keyring; |
| 1da177e4 | 623 | atomic_inc(&key->usage); |
| 664cceb0 | 624 | key_ref = make_key_ref(key, 1); |
| 1da177e4 LT |
625 | break; |
| 626 | ||
| 627 | case KEY_SPEC_GROUP_KEYRING: | |
| 628 | /* group keyrings are not yet supported */ | |
| 4d09ec0f | 629 | key_ref = ERR_PTR(-EINVAL); |
| 1da177e4 LT |
630 | goto error; |
| 631 | ||
| b5f545c8 | 632 | case KEY_SPEC_REQKEY_AUTH_KEY: |
| b6dff3ec | 633 | key = cred->request_key_auth; |
| b5f545c8 DH |
634 | if (!key) |
| 635 | goto error; | |
| 636 | ||
| 637 | atomic_inc(&key->usage); | |
| 638 | key_ref = make_key_ref(key, 1); | |
| 639 | break; | |
| 640 | ||
| 8bbf4976 | 641 | case KEY_SPEC_REQUESTOR_KEYRING: |
| b6dff3ec | 642 | if (!cred->request_key_auth) |
| 8bbf4976 DH |
643 | goto error; |
| 644 | ||
| b6dff3ec | 645 | down_read(&cred->request_key_auth->sem); |
| f67dabbd DC |
646 | if (test_bit(KEY_FLAG_REVOKED, |
| 647 | &cred->request_key_auth->flags)) { | |
| 8bbf4976 DH |
648 | key_ref = ERR_PTR(-EKEYREVOKED); |
| 649 | key = NULL; | |
| 650 | } else { | |
| b6dff3ec | 651 | rka = cred->request_key_auth->payload.data; |
| 8bbf4976 DH |
652 | key = rka->dest_keyring; |
| 653 | atomic_inc(&key->usage); | |
| 654 | } | |
| b6dff3ec | 655 | up_read(&cred->request_key_auth->sem); |
| 8bbf4976 DH |
656 | if (!key) |
| 657 | goto error; | |
| 658 | key_ref = make_key_ref(key, 1); | |
| 659 | break; | |
| 660 | ||
| 1da177e4 | 661 | default: |
| 664cceb0 | 662 | key_ref = ERR_PTR(-EINVAL); |
| 1da177e4 LT |
663 | if (id < 1) |
| 664 | goto error; | |
| 665 | ||
| 666 | key = key_lookup(id); | |
| 664cceb0 | 667 | if (IS_ERR(key)) { |
| e231c2ee | 668 | key_ref = ERR_CAST(key); |
| 1da177e4 | 669 | goto error; |
| 664cceb0 DH |
670 | } |
| 671 | ||
| 672 | key_ref = make_key_ref(key, 0); | |
| 673 | ||
| 674 | /* check to see if we possess the key */ | |
| 675 | skey_ref = search_process_keyrings(key->type, key, | |
| 676 | lookup_user_key_possessed, | |
| d84f4f99 | 677 | cred); |
| 664cceb0 DH |
678 | |
| 679 | if (!IS_ERR(skey_ref)) { | |
| 680 | key_put(key); | |
| 681 | key_ref = skey_ref; | |
| 682 | } | |
| 683 | ||
| 1da177e4 LT |
684 | break; |
| 685 | } | |
| 686 | ||
| 5593122e DH |
687 | /* unlink does not use the nominated key in any way, so can skip all |
| 688 | * the permission checks as it is only concerned with the keyring */ | |
| 689 | if (lflags & KEY_LOOKUP_FOR_UNLINK) { | |
| 690 | ret = 0; | |
| 691 | goto error; | |
| 692 | } | |
| 693 | ||
| 694 | if (!(lflags & KEY_LOOKUP_PARTIAL)) { | |
| 76181c13 DH |
695 | ret = wait_for_key_construction(key, true); |
| 696 | switch (ret) { | |
| 697 | case -ERESTARTSYS: | |
| 698 | goto invalid_key; | |
| 699 | default: | |
| 700 | if (perm) | |
| 701 | goto invalid_key; | |
| 702 | case 0: | |
| 703 | break; | |
| 704 | } | |
| 705 | } else if (perm) { | |
| 1da177e4 LT |
706 | ret = key_validate(key); |
| 707 | if (ret < 0) | |
| 708 | goto invalid_key; | |
| 709 | } | |
| 710 | ||
| 711 | ret = -EIO; | |
| 5593122e DH |
712 | if (!(lflags & KEY_LOOKUP_PARTIAL) && |
| 713 | !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) | |
| 1da177e4 LT |
714 | goto invalid_key; |
| 715 | ||
| 3e30148c | 716 | /* check the permissions */ |
| d84f4f99 | 717 | ret = key_task_permission(key_ref, cred, perm); |
| 29db9190 | 718 | if (ret < 0) |
| 1da177e4 LT |
719 | goto invalid_key; |
| 720 | ||
| 31d5a79d DH |
721 | key->last_used_at = current_kernel_time().tv_sec; |
| 722 | ||
| 664cceb0 | 723 | error: |
| bb952bb9 | 724 | put_cred(cred); |
| 664cceb0 | 725 | return key_ref; |
| 1da177e4 | 726 | |
| 664cceb0 DH |
727 | invalid_key: |
| 728 | key_ref_put(key_ref); | |
| 729 | key_ref = ERR_PTR(ret); | |
| 1da177e4 LT |
730 | goto error; |
| 731 | ||
| bb952bb9 DH |
732 | /* if we attempted to install a keyring, then it may have caused new |
| 733 | * creds to be installed */ | |
| 734 | reget_creds: | |
| 735 | put_cred(cred); | |
| 736 | goto try_again; | |
| a8b17ed0 | 737 | } |
| bb952bb9 | 738 | |
| 1da177e4 | 739 | /* |
| 973c9f4f DH |
740 | * Join the named keyring as the session keyring if possible else attempt to |
| 741 | * create a new one of that name and join that. | |
| 742 | * | |
| 743 | * If the name is NULL, an empty anonymous keyring will be installed as the | |
| 744 | * session keyring. | |
| 745 | * | |
| 746 | * Named session keyrings are joined with a semaphore held to prevent the | |
| 747 | * keyrings from going away whilst the attempt is made to going them and also | |
| 748 | * to prevent a race in creating compatible session keyrings. | |
| 1da177e4 LT |
749 | */ |
| 750 | long join_session_keyring(const char *name) | |
| 751 | { | |
| d84f4f99 DH |
752 | const struct cred *old; |
| 753 | struct cred *new; | |
| 1da177e4 | 754 | struct key *keyring; |
| d84f4f99 DH |
755 | long ret, serial; |
| 756 | ||
| d84f4f99 DH |
757 | new = prepare_creds(); |
| 758 | if (!new) | |
| 759 | return -ENOMEM; | |
| 760 | old = current_cred(); | |
| 1da177e4 LT |
761 | |
| 762 | /* if no name is provided, install an anonymous keyring */ | |
| 763 | if (!name) { | |
| d84f4f99 | 764 | ret = install_session_keyring_to_cred(new, NULL); |
| 1da177e4 LT |
765 | if (ret < 0) |
| 766 | goto error; | |
| 767 | ||
| 3a50597d | 768 | serial = new->session_keyring->serial; |
| d84f4f99 DH |
769 | ret = commit_creds(new); |
| 770 | if (ret == 0) | |
| 771 | ret = serial; | |
| 772 | goto okay; | |
| 1da177e4 LT |
773 | } |
| 774 | ||
| 775 | /* allow the user to join or create a named keyring */ | |
| bb003079 | 776 | mutex_lock(&key_session_mutex); |
| 1da177e4 LT |
777 | |
| 778 | /* look for an existing keyring of this name */ | |
| 69664cf1 | 779 | keyring = find_keyring_by_name(name, false); |
| 1da177e4 LT |
780 | if (PTR_ERR(keyring) == -ENOKEY) { |
| 781 | /* not found - try and create a new one */ | |
| 96b5c8fe DH |
782 | keyring = keyring_alloc( |
| 783 | name, old->uid, old->gid, old, | |
| 784 | KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, | |
| 785 | KEY_ALLOC_IN_QUOTA, NULL); | |
| 1da177e4 LT |
786 | if (IS_ERR(keyring)) { |
| 787 | ret = PTR_ERR(keyring); | |
| bcf945d3 | 788 | goto error2; |
| 1da177e4 | 789 | } |
| d84f4f99 | 790 | } else if (IS_ERR(keyring)) { |
| 1da177e4 LT |
791 | ret = PTR_ERR(keyring); |
| 792 | goto error2; | |
| 3a50597d DH |
793 | } else if (keyring == new->session_keyring) { |
| 794 | ret = 0; | |
| 795 | goto error2; | |
| 1da177e4 LT |
796 | } |
| 797 | ||
| 798 | /* we've got a keyring - now to install it */ | |
| d84f4f99 | 799 | ret = install_session_keyring_to_cred(new, keyring); |
| 1da177e4 LT |
800 | if (ret < 0) |
| 801 | goto error2; | |
| 802 | ||
| d84f4f99 DH |
803 | commit_creds(new); |
| 804 | mutex_unlock(&key_session_mutex); | |
| 805 | ||
| 1da177e4 LT |
806 | ret = keyring->serial; |
| 807 | key_put(keyring); | |
| d84f4f99 DH |
808 | okay: |
| 809 | return ret; | |
| 1da177e4 | 810 | |
| 664cceb0 | 811 | error2: |
| bb003079 | 812 | mutex_unlock(&key_session_mutex); |
| 664cceb0 | 813 | error: |
| d84f4f99 | 814 | abort_creds(new); |
| 1da177e4 | 815 | return ret; |
| d84f4f99 | 816 | } |
| ee18d64c DH |
817 | |
| 818 | /* | |
| 973c9f4f DH |
819 | * Replace a process's session keyring on behalf of one of its children when |
| 820 | * the target process is about to resume userspace execution. | |
| ee18d64c | 821 | */ |
| 67d12145 | 822 | void key_change_session_keyring(struct callback_head *twork) |
| ee18d64c | 823 | { |
| 413cd3d9 | 824 | const struct cred *old = current_cred(); |
| 67d12145 | 825 | struct cred *new = container_of(twork, struct cred, rcu); |
| ee18d64c | 826 | |
| 413cd3d9 ON |
827 | if (unlikely(current->flags & PF_EXITING)) { |
| 828 | put_cred(new); | |
| ee18d64c | 829 | return; |
| 413cd3d9 | 830 | } |
| ee18d64c | 831 | |
| ee18d64c DH |
832 | new-> uid = old-> uid; |
| 833 | new-> euid = old-> euid; | |
| 834 | new-> suid = old-> suid; | |
| 835 | new->fsuid = old->fsuid; | |
| 836 | new-> gid = old-> gid; | |
| 837 | new-> egid = old-> egid; | |
| 838 | new-> sgid = old-> sgid; | |
| 839 | new->fsgid = old->fsgid; | |
| 840 | new->user = get_uid(old->user); | |
| 0093ccb6 | 841 | new->user_ns = get_user_ns(new->user_ns); |
| ee18d64c DH |
842 | new->group_info = get_group_info(old->group_info); |
| 843 | ||
| 844 | new->securebits = old->securebits; | |
| 845 | new->cap_inheritable = old->cap_inheritable; | |
| 846 | new->cap_permitted = old->cap_permitted; | |
| 847 | new->cap_effective = old->cap_effective; | |
| 848 | new->cap_bset = old->cap_bset; | |
| 849 | ||
| 850 | new->jit_keyring = old->jit_keyring; | |
| 851 | new->thread_keyring = key_get(old->thread_keyring); | |
| 3a50597d | 852 | new->process_keyring = key_get(old->process_keyring); |
| ee18d64c DH |
853 | |
| 854 | security_transfer_creds(new, old); | |
| 855 | ||
| 856 | commit_creds(new); | |
| 857 | } |