1 /* Management of a process's keyrings
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/keyctl.h>
18 #include <linux/err.h>
19 #include <linux/mutex.h>
20 #include <asm/uaccess.h>
23 /* session keyring create vs join semaphore */
24 static DEFINE_MUTEX(key_session_mutex
);
26 /* user keyring creation semaphore */
27 static DEFINE_MUTEX(key_user_keyring_mutex
);
29 /* the root user's tracking struct */
30 struct key_user root_key_user
= {
31 .usage
= ATOMIC_INIT(3),
32 .cons_lock
= __MUTEX_INITIALIZER(root_key_user
.cons_lock
),
33 .lock
= __SPIN_LOCK_UNLOCKED(root_key_user
.lock
),
34 .nkeys
= ATOMIC_INIT(2),
35 .nikeys
= ATOMIC_INIT(2),
39 /*****************************************************************************/
41 * install user and user session keyrings for a particular UID
43 static int install_user_keyrings(struct task_struct
*tsk
)
45 struct user_struct
*user
= tsk
->user
;
46 struct key
*uid_keyring
, *session_keyring
;
50 kenter("%p{%u}", user
, user
->uid
);
52 if (user
->uid_keyring
) {
53 kleave(" = 0 [exist]");
57 mutex_lock(&key_user_keyring_mutex
);
60 if (!user
->uid_keyring
) {
61 /* get the UID-specific keyring
62 * - there may be one in existence already as it may have been
63 * pinned by a session, but the user_struct pointing to it
64 * may have been destroyed by setuid */
65 sprintf(buf
, "_uid.%u", user
->uid
);
67 uid_keyring
= find_keyring_by_name(buf
, true);
68 if (IS_ERR(uid_keyring
)) {
69 uid_keyring
= keyring_alloc(buf
, user
->uid
, (gid_t
) -1,
70 tsk
, KEY_ALLOC_IN_QUOTA
,
72 if (IS_ERR(uid_keyring
)) {
73 ret
= PTR_ERR(uid_keyring
);
78 /* get a default session keyring (which might also exist
80 sprintf(buf
, "_uid_ses.%u", user
->uid
);
82 session_keyring
= find_keyring_by_name(buf
, true);
83 if (IS_ERR(session_keyring
)) {
85 keyring_alloc(buf
, user
->uid
, (gid_t
) -1,
86 tsk
, KEY_ALLOC_IN_QUOTA
, NULL
);
87 if (IS_ERR(session_keyring
)) {
88 ret
= PTR_ERR(session_keyring
);
92 /* we install a link from the user session keyring to
94 ret
= key_link(session_keyring
, uid_keyring
);
96 goto error_release_both
;
99 /* install the keyrings */
100 user
->uid_keyring
= uid_keyring
;
101 user
->session_keyring
= session_keyring
;
104 mutex_unlock(&key_user_keyring_mutex
);
109 key_put(session_keyring
);
111 key_put(uid_keyring
);
113 mutex_unlock(&key_user_keyring_mutex
);
114 kleave(" = %d", ret
);
118 /*****************************************************************************/
120 * deal with the UID changing
122 void switch_uid_keyring(struct user_struct
*new_user
)
124 #if 0 /* do nothing for now */
127 /* switch to the new user's session keyring if we were running under
128 * root's default session keyring */
129 if (new_user
->uid
!= 0 &&
130 current
->session_keyring
== &root_session_keyring
132 atomic_inc(&new_user
->session_keyring
->usage
);
135 old
= current
->session_keyring
;
136 current
->session_keyring
= new_user
->session_keyring
;
137 task_unlock(current
);
143 } /* end switch_uid_keyring() */
145 /*****************************************************************************/
147 * install a fresh thread keyring, discarding the old one
149 int install_thread_keyring(struct task_struct
*tsk
)
151 struct key
*keyring
, *old
;
155 sprintf(buf
, "_tid.%u", tsk
->pid
);
157 keyring
= keyring_alloc(buf
, tsk
->uid
, tsk
->gid
, tsk
,
158 KEY_ALLOC_QUOTA_OVERRUN
, NULL
);
159 if (IS_ERR(keyring
)) {
160 ret
= PTR_ERR(keyring
);
165 old
= tsk
->thread_keyring
;
166 tsk
->thread_keyring
= keyring
;
175 } /* end install_thread_keyring() */
177 /*****************************************************************************/
179 * make sure a process keyring is installed
181 int install_process_keyring(struct task_struct
*tsk
)
189 if (!tsk
->signal
->process_keyring
) {
190 sprintf(buf
, "_pid.%u", tsk
->tgid
);
192 keyring
= keyring_alloc(buf
, tsk
->uid
, tsk
->gid
, tsk
,
193 KEY_ALLOC_QUOTA_OVERRUN
, NULL
);
194 if (IS_ERR(keyring
)) {
195 ret
= PTR_ERR(keyring
);
200 spin_lock_irq(&tsk
->sighand
->siglock
);
201 if (!tsk
->signal
->process_keyring
) {
202 tsk
->signal
->process_keyring
= keyring
;
205 spin_unlock_irq(&tsk
->sighand
->siglock
);
214 } /* end install_process_keyring() */
216 /*****************************************************************************/
218 * install a session keyring, discarding the old one
219 * - if a keyring is not supplied, an empty one is invented
221 static int install_session_keyring(struct task_struct
*tsk
,
230 /* create an empty session keyring */
232 sprintf(buf
, "_ses.%u", tsk
->tgid
);
234 flags
= KEY_ALLOC_QUOTA_OVERRUN
;
235 if (tsk
->signal
->session_keyring
)
236 flags
= KEY_ALLOC_IN_QUOTA
;
238 keyring
= keyring_alloc(buf
, tsk
->uid
, tsk
->gid
, tsk
,
241 return PTR_ERR(keyring
);
244 atomic_inc(&keyring
->usage
);
247 /* install the keyring */
248 spin_lock_irq(&tsk
->sighand
->siglock
);
249 old
= tsk
->signal
->session_keyring
;
250 rcu_assign_pointer(tsk
->signal
->session_keyring
, keyring
);
251 spin_unlock_irq(&tsk
->sighand
->siglock
);
253 /* we're using RCU on the pointer, but there's no point synchronising
254 * on it if it didn't previously point to anything */
262 } /* end install_session_keyring() */
264 /*****************************************************************************/
266 * copy the keys in a thread group for fork without CLONE_THREAD
268 int copy_thread_group_keys(struct task_struct
*tsk
)
270 key_check(current
->thread_group
->session_keyring
);
271 key_check(current
->thread_group
->process_keyring
);
273 /* no process keyring yet */
274 tsk
->signal
->process_keyring
= NULL
;
276 /* same session keyring */
278 tsk
->signal
->session_keyring
=
279 key_get(rcu_dereference(current
->signal
->session_keyring
));
284 } /* end copy_thread_group_keys() */
286 /*****************************************************************************/
288 * copy the keys for fork
290 int copy_keys(unsigned long clone_flags
, struct task_struct
*tsk
)
292 key_check(tsk
->thread_keyring
);
293 key_check(tsk
->request_key_auth
);
295 /* no thread keyring yet */
296 tsk
->thread_keyring
= NULL
;
298 /* copy the request_key() authorisation for this thread */
299 key_get(tsk
->request_key_auth
);
303 } /* end copy_keys() */
305 /*****************************************************************************/
307 * dispose of thread group keys upon thread group destruction
309 void exit_thread_group_keys(struct signal_struct
*tg
)
311 key_put(tg
->session_keyring
);
312 key_put(tg
->process_keyring
);
314 } /* end exit_thread_group_keys() */
316 /*****************************************************************************/
318 * dispose of per-thread keys upon thread exit
320 void exit_keys(struct task_struct
*tsk
)
322 key_put(tsk
->thread_keyring
);
323 key_put(tsk
->request_key_auth
);
325 } /* end exit_keys() */
327 /*****************************************************************************/
331 int exec_keys(struct task_struct
*tsk
)
335 /* newly exec'd tasks don't get a thread keyring */
337 old
= tsk
->thread_keyring
;
338 tsk
->thread_keyring
= NULL
;
343 /* discard the process keyring from a newly exec'd task */
344 spin_lock_irq(&tsk
->sighand
->siglock
);
345 old
= tsk
->signal
->process_keyring
;
346 tsk
->signal
->process_keyring
= NULL
;
347 spin_unlock_irq(&tsk
->sighand
->siglock
);
353 } /* end exec_keys() */
355 /*****************************************************************************/
357 * deal with SUID programs
358 * - we might want to make this invent a new session keyring
360 int suid_keys(struct task_struct
*tsk
)
364 } /* end suid_keys() */
366 /*****************************************************************************/
368 * the filesystem user ID changed
370 void key_fsuid_changed(struct task_struct
*tsk
)
372 /* update the ownership of the thread keyring */
373 if (tsk
->thread_keyring
) {
374 down_write(&tsk
->thread_keyring
->sem
);
375 tsk
->thread_keyring
->uid
= tsk
->fsuid
;
376 up_write(&tsk
->thread_keyring
->sem
);
379 } /* end key_fsuid_changed() */
381 /*****************************************************************************/
383 * the filesystem group ID changed
385 void key_fsgid_changed(struct task_struct
*tsk
)
387 /* update the ownership of the thread keyring */
388 if (tsk
->thread_keyring
) {
389 down_write(&tsk
->thread_keyring
->sem
);
390 tsk
->thread_keyring
->gid
= tsk
->fsgid
;
391 up_write(&tsk
->thread_keyring
->sem
);
394 } /* end key_fsgid_changed() */
396 /*****************************************************************************/
398 * search the process keyrings for the first matching key
399 * - we use the supplied match function to see if the description (or other
400 * feature of interest) matches
401 * - we return -EAGAIN if we didn't find any matching key
402 * - we return -ENOKEY if we found only negative matching keys
404 key_ref_t
search_process_keyrings(struct key_type
*type
,
405 const void *description
,
406 key_match_func_t match
,
407 struct task_struct
*context
)
409 struct request_key_auth
*rka
;
410 key_ref_t key_ref
, ret
, err
;
414 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
415 * searchable, but we failed to find a key or we found a negative key;
416 * otherwise we want to return a sample error (probably -EACCES) if
417 * none of the keyrings were searchable
419 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
423 err
= ERR_PTR(-EAGAIN
);
425 /* search the thread keyring first */
426 if (context
->thread_keyring
) {
427 key_ref
= keyring_search_aux(
428 make_key_ref(context
->thread_keyring
, 1),
429 context
, type
, description
, match
);
430 if (!IS_ERR(key_ref
))
433 switch (PTR_ERR(key_ref
)) {
434 case -EAGAIN
: /* no key */
437 case -ENOKEY
: /* negative key */
446 /* search the process keyring second */
447 if (context
->signal
->process_keyring
) {
448 key_ref
= keyring_search_aux(
449 make_key_ref(context
->signal
->process_keyring
, 1),
450 context
, type
, description
, match
);
451 if (!IS_ERR(key_ref
))
454 switch (PTR_ERR(key_ref
)) {
455 case -EAGAIN
: /* no key */
458 case -ENOKEY
: /* negative key */
467 /* search the session keyring */
468 if (context
->signal
->session_keyring
) {
470 key_ref
= keyring_search_aux(
471 make_key_ref(rcu_dereference(
472 context
->signal
->session_keyring
),
474 context
, type
, description
, match
);
477 if (!IS_ERR(key_ref
))
480 switch (PTR_ERR(key_ref
)) {
481 case -EAGAIN
: /* no key */
484 case -ENOKEY
: /* negative key */
492 /* or search the user-session keyring */
493 else if (context
->user
->session_keyring
) {
494 key_ref
= keyring_search_aux(
495 make_key_ref(context
->user
->session_keyring
, 1),
496 context
, type
, description
, match
);
497 if (!IS_ERR(key_ref
))
500 switch (PTR_ERR(key_ref
)) {
501 case -EAGAIN
: /* no key */
504 case -ENOKEY
: /* negative key */
513 /* if this process has an instantiation authorisation key, then we also
514 * search the keyrings of the process mentioned there
515 * - we don't permit access to request_key auth keys via this method
517 if (context
->request_key_auth
&&
518 context
== current
&&
519 type
!= &key_type_request_key_auth
521 /* defend against the auth key being revoked */
522 down_read(&context
->request_key_auth
->sem
);
524 if (key_validate(context
->request_key_auth
) == 0) {
525 rka
= context
->request_key_auth
->payload
.data
;
527 key_ref
= search_process_keyrings(type
, description
,
528 match
, rka
->context
);
530 up_read(&context
->request_key_auth
->sem
);
532 if (!IS_ERR(key_ref
))
535 switch (PTR_ERR(key_ref
)) {
536 case -EAGAIN
: /* no key */
539 case -ENOKEY
: /* negative key */
547 up_read(&context
->request_key_auth
->sem
);
551 /* no key - decide on the error we're going to go for */
552 key_ref
= ret
? ret
: err
;
557 } /* end search_process_keyrings() */
559 /*****************************************************************************/
561 * see if the key we're looking at is the target key
563 static int lookup_user_key_possessed(const struct key
*key
, const void *target
)
565 return key
== target
;
567 } /* end lookup_user_key_possessed() */
569 /*****************************************************************************/
571 * lookup a key given a key ID from userspace with a given permissions mask
572 * - don't create special keyrings unless so requested
573 * - partially constructed keys aren't found unless requested
575 key_ref_t
lookup_user_key(struct task_struct
*context
, key_serial_t id
,
576 int create
, int partial
, key_perm_t perm
)
578 key_ref_t key_ref
, skey_ref
;
585 key_ref
= ERR_PTR(-ENOKEY
);
588 case KEY_SPEC_THREAD_KEYRING
:
589 if (!context
->thread_keyring
) {
593 ret
= install_thread_keyring(context
);
600 key
= context
->thread_keyring
;
601 atomic_inc(&key
->usage
);
602 key_ref
= make_key_ref(key
, 1);
605 case KEY_SPEC_PROCESS_KEYRING
:
606 if (!context
->signal
->process_keyring
) {
610 ret
= install_process_keyring(context
);
617 key
= context
->signal
->process_keyring
;
618 atomic_inc(&key
->usage
);
619 key_ref
= make_key_ref(key
, 1);
622 case KEY_SPEC_SESSION_KEYRING
:
623 if (!context
->signal
->session_keyring
) {
624 /* always install a session keyring upon access if one
625 * doesn't exist yet */
626 ret
= install_user_keyrings(context
);
629 ret
= install_session_keyring(
630 context
, context
->user
->session_keyring
);
636 key
= rcu_dereference(context
->signal
->session_keyring
);
637 atomic_inc(&key
->usage
);
639 key_ref
= make_key_ref(key
, 1);
642 case KEY_SPEC_USER_KEYRING
:
643 if (!context
->user
->uid_keyring
) {
644 ret
= install_user_keyrings(context
);
649 key
= context
->user
->uid_keyring
;
650 atomic_inc(&key
->usage
);
651 key_ref
= make_key_ref(key
, 1);
654 case KEY_SPEC_USER_SESSION_KEYRING
:
655 if (!context
->user
->session_keyring
) {
656 ret
= install_user_keyrings(context
);
661 key
= context
->user
->session_keyring
;
662 atomic_inc(&key
->usage
);
663 key_ref
= make_key_ref(key
, 1);
666 case KEY_SPEC_GROUP_KEYRING
:
667 /* group keyrings are not yet supported */
668 key
= ERR_PTR(-EINVAL
);
671 case KEY_SPEC_REQKEY_AUTH_KEY
:
672 key
= context
->request_key_auth
;
676 atomic_inc(&key
->usage
);
677 key_ref
= make_key_ref(key
, 1);
681 key_ref
= ERR_PTR(-EINVAL
);
685 key
= key_lookup(id
);
687 key_ref
= ERR_CAST(key
);
691 key_ref
= make_key_ref(key
, 0);
693 /* check to see if we possess the key */
694 skey_ref
= search_process_keyrings(key
->type
, key
,
695 lookup_user_key_possessed
,
698 if (!IS_ERR(skey_ref
)) {
707 ret
= wait_for_key_construction(key
, true);
718 ret
= key_validate(key
);
724 if (!partial
&& !test_bit(KEY_FLAG_INSTANTIATED
, &key
->flags
))
727 /* check the permissions */
728 ret
= key_task_permission(key_ref
, context
, perm
);
736 key_ref_put(key_ref
);
737 key_ref
= ERR_PTR(ret
);
740 } /* end lookup_user_key() */
742 /*****************************************************************************/
744 * join the named keyring as the session keyring if possible, or attempt to
745 * create a new one of that name if not
746 * - if the name is NULL, an empty anonymous keyring is installed instead
747 * - named session keyring joining is done with a semaphore held
749 long join_session_keyring(const char *name
)
751 struct task_struct
*tsk
= current
;
755 /* if no name is provided, install an anonymous keyring */
757 ret
= install_session_keyring(tsk
, NULL
);
762 ret
= rcu_dereference(tsk
->signal
->session_keyring
)->serial
;
767 /* allow the user to join or create a named keyring */
768 mutex_lock(&key_session_mutex
);
770 /* look for an existing keyring of this name */
771 keyring
= find_keyring_by_name(name
, false);
772 if (PTR_ERR(keyring
) == -ENOKEY
) {
773 /* not found - try and create a new one */
774 keyring
= keyring_alloc(name
, tsk
->uid
, tsk
->gid
, tsk
,
775 KEY_ALLOC_IN_QUOTA
, NULL
);
776 if (IS_ERR(keyring
)) {
777 ret
= PTR_ERR(keyring
);
781 else if (IS_ERR(keyring
)) {
782 ret
= PTR_ERR(keyring
);
786 /* we've got a keyring - now to install it */
787 ret
= install_session_keyring(tsk
, keyring
);
791 ret
= keyring
->serial
;
795 mutex_unlock(&key_session_mutex
);
799 } /* end join_session_keyring() */