1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/sched/user.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <linux/mutex.h> 20 #include <linux/security.h> 21 #include <linux/user_namespace.h> 22 #include <linux/uaccess.h> 23 #include "internal.h" 24 25 /* Session keyring create vs join semaphore */ 26 static DEFINE_MUTEX(key_session_mutex); 27 28 /* User keyring creation semaphore */ 29 static DEFINE_MUTEX(key_user_keyring_mutex); 30 31 /* The root user's tracking struct */ 32 struct key_user root_key_user = { 33 .usage = REFCOUNT_INIT(3), 34 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 35 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 36 .nkeys = ATOMIC_INIT(2), 37 .nikeys = ATOMIC_INIT(2), 38 .uid = GLOBAL_ROOT_UID, 39 }; 40 41 /* 42 * Install the user and user session keyrings for the current process's UID. 43 */ 44 int install_user_keyrings(void) 45 { 46 struct user_struct *user; 47 const struct cred *cred; 48 struct key *uid_keyring, *session_keyring; 49 key_perm_t user_keyring_perm; 50 char buf[20]; 51 int ret; 52 uid_t uid; 53 54 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 55 cred = current_cred(); 56 user = cred->user; 57 uid = from_kuid(cred->user_ns, user->uid); 58 59 kenter("%p{%u}", user, uid); 60 61 if (user->uid_keyring && user->session_keyring) { 62 kleave(" = 0 [exist]"); 63 return 0; 64 } 65 66 mutex_lock(&key_user_keyring_mutex); 67 ret = 0; 68 69 if (!user->uid_keyring) { 70 /* get the UID-specific keyring 71 * - there may be one in existence already as it may have been 72 * pinned by a session, but the user_struct pointing to it 73 * may have been destroyed by setuid */ 74 sprintf(buf, "_uid.%u", uid); 75 76 uid_keyring = find_keyring_by_name(buf, true); 77 if (IS_ERR(uid_keyring)) { 78 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 79 cred, user_keyring_perm, 80 KEY_ALLOC_IN_QUOTA, 81 NULL, NULL); 82 if (IS_ERR(uid_keyring)) { 83 ret = PTR_ERR(uid_keyring); 84 goto error; 85 } 86 } 87 88 /* get a default session keyring (which might also exist 89 * already) */ 90 sprintf(buf, "_uid_ses.%u", uid); 91 92 session_keyring = find_keyring_by_name(buf, true); 93 if (IS_ERR(session_keyring)) { 94 session_keyring = 95 keyring_alloc(buf, user->uid, INVALID_GID, 96 cred, user_keyring_perm, 97 KEY_ALLOC_IN_QUOTA, 98 NULL, NULL); 99 if (IS_ERR(session_keyring)) { 100 ret = PTR_ERR(session_keyring); 101 goto error_release; 102 } 103 104 /* we install a link from the user session keyring to 105 * the user keyring */ 106 ret = key_link(session_keyring, uid_keyring); 107 if (ret < 0) 108 goto error_release_both; 109 } 110 111 /* install the keyrings */ 112 user->uid_keyring = uid_keyring; 113 user->session_keyring = session_keyring; 114 } 115 116 mutex_unlock(&key_user_keyring_mutex); 117 kleave(" = 0"); 118 return 0; 119 120 error_release_both: 121 key_put(session_keyring); 122 error_release: 123 key_put(uid_keyring); 124 error: 125 mutex_unlock(&key_user_keyring_mutex); 126 kleave(" = %d", ret); 127 return ret; 128 } 129 130 /* 131 * Install a thread keyring to the given credentials struct if it didn't have 132 * one already. This is allowed to overrun the quota. 133 * 134 * Return: 0 if a thread keyring is now present; -errno on failure. 135 */ 136 int install_thread_keyring_to_cred(struct cred *new) 137 { 138 struct key *keyring; 139 140 if (new->thread_keyring) 141 return 0; 142 143 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 144 KEY_POS_ALL | KEY_USR_VIEW, 145 KEY_ALLOC_QUOTA_OVERRUN, 146 NULL, NULL); 147 if (IS_ERR(keyring)) 148 return PTR_ERR(keyring); 149 150 new->thread_keyring = keyring; 151 return 0; 152 } 153 154 /* 155 * Install a thread keyring to the current task if it didn't have one already. 156 * 157 * Return: 0 if a thread keyring is now present; -errno on failure. 158 */ 159 static int install_thread_keyring(void) 160 { 161 struct cred *new; 162 int ret; 163 164 new = prepare_creds(); 165 if (!new) 166 return -ENOMEM; 167 168 ret = install_thread_keyring_to_cred(new); 169 if (ret < 0) { 170 abort_creds(new); 171 return ret; 172 } 173 174 return commit_creds(new); 175 } 176 177 /* 178 * Install a process keyring to the given credentials struct if it didn't have 179 * one already. This is allowed to overrun the quota. 180 * 181 * Return: 0 if a process keyring is now present; -errno on failure. 182 */ 183 int install_process_keyring_to_cred(struct cred *new) 184 { 185 struct key *keyring; 186 187 if (new->process_keyring) 188 return 0; 189 190 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 191 KEY_POS_ALL | KEY_USR_VIEW, 192 KEY_ALLOC_QUOTA_OVERRUN, 193 NULL, NULL); 194 if (IS_ERR(keyring)) 195 return PTR_ERR(keyring); 196 197 new->process_keyring = keyring; 198 return 0; 199 } 200 201 /* 202 * Install a process keyring to the current task if it didn't have one already. 203 * 204 * Return: 0 if a process keyring is now present; -errno on failure. 205 */ 206 static int install_process_keyring(void) 207 { 208 struct cred *new; 209 int ret; 210 211 new = prepare_creds(); 212 if (!new) 213 return -ENOMEM; 214 215 ret = install_process_keyring_to_cred(new); 216 if (ret < 0) { 217 abort_creds(new); 218 return ret; 219 } 220 221 return commit_creds(new); 222 } 223 224 /* 225 * Install the given keyring as the session keyring of the given credentials 226 * struct, replacing the existing one if any. If the given keyring is NULL, 227 * then install a new anonymous session keyring. 228 * 229 * Return: 0 on success; -errno on failure. 230 */ 231 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 232 { 233 unsigned long flags; 234 struct key *old; 235 236 might_sleep(); 237 238 /* create an empty session keyring */ 239 if (!keyring) { 240 flags = KEY_ALLOC_QUOTA_OVERRUN; 241 if (cred->session_keyring) 242 flags = KEY_ALLOC_IN_QUOTA; 243 244 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 245 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 246 flags, NULL, NULL); 247 if (IS_ERR(keyring)) 248 return PTR_ERR(keyring); 249 } else { 250 __key_get(keyring); 251 } 252 253 /* install the keyring */ 254 old = cred->session_keyring; 255 rcu_assign_pointer(cred->session_keyring, keyring); 256 257 if (old) 258 key_put(old); 259 260 return 0; 261 } 262 263 /* 264 * Install the given keyring as the session keyring of the current task, 265 * replacing the existing one if any. If the given keyring is NULL, then 266 * install a new anonymous session keyring. 267 * 268 * Return: 0 on success; -errno on failure. 269 */ 270 static int install_session_keyring(struct key *keyring) 271 { 272 struct cred *new; 273 int ret; 274 275 new = prepare_creds(); 276 if (!new) 277 return -ENOMEM; 278 279 ret = install_session_keyring_to_cred(new, keyring); 280 if (ret < 0) { 281 abort_creds(new); 282 return ret; 283 } 284 285 return commit_creds(new); 286 } 287 288 /* 289 * Handle the fsuid changing. 290 */ 291 void key_fsuid_changed(struct task_struct *tsk) 292 { 293 /* update the ownership of the thread keyring */ 294 BUG_ON(!tsk->cred); 295 if (tsk->cred->thread_keyring) { 296 down_write(&tsk->cred->thread_keyring->sem); 297 tsk->cred->thread_keyring->uid = tsk->cred->fsuid; 298 up_write(&tsk->cred->thread_keyring->sem); 299 } 300 } 301 302 /* 303 * Handle the fsgid changing. 304 */ 305 void key_fsgid_changed(struct task_struct *tsk) 306 { 307 /* update the ownership of the thread keyring */ 308 BUG_ON(!tsk->cred); 309 if (tsk->cred->thread_keyring) { 310 down_write(&tsk->cred->thread_keyring->sem); 311 tsk->cred->thread_keyring->gid = tsk->cred->fsgid; 312 up_write(&tsk->cred->thread_keyring->sem); 313 } 314 } 315 316 /* 317 * Search the process keyrings attached to the supplied cred for the first 318 * matching key. 319 * 320 * The search criteria are the type and the match function. The description is 321 * given to the match function as a parameter, but doesn't otherwise influence 322 * the search. Typically the match function will compare the description 323 * parameter to the key's description. 324 * 325 * This can only search keyrings that grant Search permission to the supplied 326 * credentials. Keyrings linked to searched keyrings will also be searched if 327 * they grant Search permission too. Keys can only be found if they grant 328 * Search permission to the credentials. 329 * 330 * Returns a pointer to the key with the key usage count incremented if 331 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 332 * matched negative keys. 333 * 334 * In the case of a successful return, the possession attribute is set on the 335 * returned key reference. 336 */ 337 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx) 338 { 339 key_ref_t key_ref, ret, err; 340 341 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 342 * searchable, but we failed to find a key or we found a negative key; 343 * otherwise we want to return a sample error (probably -EACCES) if 344 * none of the keyrings were searchable 345 * 346 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 347 */ 348 key_ref = NULL; 349 ret = NULL; 350 err = ERR_PTR(-EAGAIN); 351 352 /* search the thread keyring first */ 353 if (ctx->cred->thread_keyring) { 354 key_ref = keyring_search_aux( 355 make_key_ref(ctx->cred->thread_keyring, 1), ctx); 356 if (!IS_ERR(key_ref)) 357 goto found; 358 359 switch (PTR_ERR(key_ref)) { 360 case -EAGAIN: /* no key */ 361 case -ENOKEY: /* negative key */ 362 ret = key_ref; 363 break; 364 default: 365 err = key_ref; 366 break; 367 } 368 } 369 370 /* search the process keyring second */ 371 if (ctx->cred->process_keyring) { 372 key_ref = keyring_search_aux( 373 make_key_ref(ctx->cred->process_keyring, 1), ctx); 374 if (!IS_ERR(key_ref)) 375 goto found; 376 377 switch (PTR_ERR(key_ref)) { 378 case -EAGAIN: /* no key */ 379 if (ret) 380 break; 381 case -ENOKEY: /* negative key */ 382 ret = key_ref; 383 break; 384 default: 385 err = key_ref; 386 break; 387 } 388 } 389 390 /* search the session keyring */ 391 if (ctx->cred->session_keyring) { 392 rcu_read_lock(); 393 key_ref = keyring_search_aux( 394 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1), 395 ctx); 396 rcu_read_unlock(); 397 398 if (!IS_ERR(key_ref)) 399 goto found; 400 401 switch (PTR_ERR(key_ref)) { 402 case -EAGAIN: /* no key */ 403 if (ret) 404 break; 405 case -ENOKEY: /* negative key */ 406 ret = key_ref; 407 break; 408 default: 409 err = key_ref; 410 break; 411 } 412 } 413 /* or search the user-session keyring */ 414 else if (ctx->cred->user->session_keyring) { 415 key_ref = keyring_search_aux( 416 make_key_ref(ctx->cred->user->session_keyring, 1), 417 ctx); 418 if (!IS_ERR(key_ref)) 419 goto found; 420 421 switch (PTR_ERR(key_ref)) { 422 case -EAGAIN: /* no key */ 423 if (ret) 424 break; 425 case -ENOKEY: /* negative key */ 426 ret = key_ref; 427 break; 428 default: 429 err = key_ref; 430 break; 431 } 432 } 433 434 /* no key - decide on the error we're going to go for */ 435 key_ref = ret ? ret : err; 436 437 found: 438 return key_ref; 439 } 440 441 /* 442 * Search the process keyrings attached to the supplied cred for the first 443 * matching key in the manner of search_my_process_keyrings(), but also search 444 * the keys attached to the assumed authorisation key using its credentials if 445 * one is available. 446 * 447 * Return same as search_my_process_keyrings(). 448 */ 449 key_ref_t search_process_keyrings(struct keyring_search_context *ctx) 450 { 451 struct request_key_auth *rka; 452 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 453 454 might_sleep(); 455 456 key_ref = search_my_process_keyrings(ctx); 457 if (!IS_ERR(key_ref)) 458 goto found; 459 err = key_ref; 460 461 /* if this process has an instantiation authorisation key, then we also 462 * search the keyrings of the process mentioned there 463 * - we don't permit access to request_key auth keys via this method 464 */ 465 if (ctx->cred->request_key_auth && 466 ctx->cred == current_cred() && 467 ctx->index_key.type != &key_type_request_key_auth 468 ) { 469 const struct cred *cred = ctx->cred; 470 471 /* defend against the auth key being revoked */ 472 down_read(&cred->request_key_auth->sem); 473 474 if (key_validate(ctx->cred->request_key_auth) == 0) { 475 rka = ctx->cred->request_key_auth->payload.data[0]; 476 477 ctx->cred = rka->cred; 478 key_ref = search_process_keyrings(ctx); 479 ctx->cred = cred; 480 481 up_read(&cred->request_key_auth->sem); 482 483 if (!IS_ERR(key_ref)) 484 goto found; 485 486 ret = key_ref; 487 } else { 488 up_read(&cred->request_key_auth->sem); 489 } 490 } 491 492 /* no key - decide on the error we're going to go for */ 493 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 494 key_ref = ERR_PTR(-ENOKEY); 495 else if (err == ERR_PTR(-EACCES)) 496 key_ref = ret; 497 else 498 key_ref = err; 499 500 found: 501 return key_ref; 502 } 503 504 /* 505 * See if the key we're looking at is the target key. 506 */ 507 bool lookup_user_key_possessed(const struct key *key, 508 const struct key_match_data *match_data) 509 { 510 return key == match_data->raw_data; 511 } 512 513 /* 514 * Look up a key ID given us by userspace with a given permissions mask to get 515 * the key it refers to. 516 * 517 * Flags can be passed to request that special keyrings be created if referred 518 * to directly, to permit partially constructed keys to be found and to skip 519 * validity and permission checks on the found key. 520 * 521 * Returns a pointer to the key with an incremented usage count if successful; 522 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 523 * to a key or the best found key was a negative key; -EKEYREVOKED or 524 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 525 * found key doesn't grant the requested permit or the LSM denied access to it; 526 * or -ENOMEM if a special keyring couldn't be created. 527 * 528 * In the case of a successful return, the possession attribute is set on the 529 * returned key reference. 530 */ 531 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 532 key_perm_t perm) 533 { 534 struct keyring_search_context ctx = { 535 .match_data.cmp = lookup_user_key_possessed, 536 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 537 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 538 }; 539 struct request_key_auth *rka; 540 struct key *key; 541 key_ref_t key_ref, skey_ref; 542 int ret; 543 544 try_again: 545 ctx.cred = get_current_cred(); 546 key_ref = ERR_PTR(-ENOKEY); 547 548 switch (id) { 549 case KEY_SPEC_THREAD_KEYRING: 550 if (!ctx.cred->thread_keyring) { 551 if (!(lflags & KEY_LOOKUP_CREATE)) 552 goto error; 553 554 ret = install_thread_keyring(); 555 if (ret < 0) { 556 key_ref = ERR_PTR(ret); 557 goto error; 558 } 559 goto reget_creds; 560 } 561 562 key = ctx.cred->thread_keyring; 563 __key_get(key); 564 key_ref = make_key_ref(key, 1); 565 break; 566 567 case KEY_SPEC_PROCESS_KEYRING: 568 if (!ctx.cred->process_keyring) { 569 if (!(lflags & KEY_LOOKUP_CREATE)) 570 goto error; 571 572 ret = install_process_keyring(); 573 if (ret < 0) { 574 key_ref = ERR_PTR(ret); 575 goto error; 576 } 577 goto reget_creds; 578 } 579 580 key = ctx.cred->process_keyring; 581 __key_get(key); 582 key_ref = make_key_ref(key, 1); 583 break; 584 585 case KEY_SPEC_SESSION_KEYRING: 586 if (!ctx.cred->session_keyring) { 587 /* always install a session keyring upon access if one 588 * doesn't exist yet */ 589 ret = install_user_keyrings(); 590 if (ret < 0) 591 goto error; 592 if (lflags & KEY_LOOKUP_CREATE) 593 ret = join_session_keyring(NULL); 594 else 595 ret = install_session_keyring( 596 ctx.cred->user->session_keyring); 597 598 if (ret < 0) 599 goto error; 600 goto reget_creds; 601 } else if (ctx.cred->session_keyring == 602 ctx.cred->user->session_keyring && 603 lflags & KEY_LOOKUP_CREATE) { 604 ret = join_session_keyring(NULL); 605 if (ret < 0) 606 goto error; 607 goto reget_creds; 608 } 609 610 rcu_read_lock(); 611 key = rcu_dereference(ctx.cred->session_keyring); 612 __key_get(key); 613 rcu_read_unlock(); 614 key_ref = make_key_ref(key, 1); 615 break; 616 617 case KEY_SPEC_USER_KEYRING: 618 if (!ctx.cred->user->uid_keyring) { 619 ret = install_user_keyrings(); 620 if (ret < 0) 621 goto error; 622 } 623 624 key = ctx.cred->user->uid_keyring; 625 __key_get(key); 626 key_ref = make_key_ref(key, 1); 627 break; 628 629 case KEY_SPEC_USER_SESSION_KEYRING: 630 if (!ctx.cred->user->session_keyring) { 631 ret = install_user_keyrings(); 632 if (ret < 0) 633 goto error; 634 } 635 636 key = ctx.cred->user->session_keyring; 637 __key_get(key); 638 key_ref = make_key_ref(key, 1); 639 break; 640 641 case KEY_SPEC_GROUP_KEYRING: 642 /* group keyrings are not yet supported */ 643 key_ref = ERR_PTR(-EINVAL); 644 goto error; 645 646 case KEY_SPEC_REQKEY_AUTH_KEY: 647 key = ctx.cred->request_key_auth; 648 if (!key) 649 goto error; 650 651 __key_get(key); 652 key_ref = make_key_ref(key, 1); 653 break; 654 655 case KEY_SPEC_REQUESTOR_KEYRING: 656 if (!ctx.cred->request_key_auth) 657 goto error; 658 659 down_read(&ctx.cred->request_key_auth->sem); 660 if (test_bit(KEY_FLAG_REVOKED, 661 &ctx.cred->request_key_auth->flags)) { 662 key_ref = ERR_PTR(-EKEYREVOKED); 663 key = NULL; 664 } else { 665 rka = ctx.cred->request_key_auth->payload.data[0]; 666 key = rka->dest_keyring; 667 __key_get(key); 668 } 669 up_read(&ctx.cred->request_key_auth->sem); 670 if (!key) 671 goto error; 672 key_ref = make_key_ref(key, 1); 673 break; 674 675 default: 676 key_ref = ERR_PTR(-EINVAL); 677 if (id < 1) 678 goto error; 679 680 key = key_lookup(id); 681 if (IS_ERR(key)) { 682 key_ref = ERR_CAST(key); 683 goto error; 684 } 685 686 key_ref = make_key_ref(key, 0); 687 688 /* check to see if we possess the key */ 689 ctx.index_key.type = key->type; 690 ctx.index_key.description = key->description; 691 ctx.index_key.desc_len = strlen(key->description); 692 ctx.match_data.raw_data = key; 693 kdebug("check possessed"); 694 skey_ref = search_process_keyrings(&ctx); 695 kdebug("possessed=%p", skey_ref); 696 697 if (!IS_ERR(skey_ref)) { 698 key_put(key); 699 key_ref = skey_ref; 700 } 701 702 break; 703 } 704 705 /* unlink does not use the nominated key in any way, so can skip all 706 * the permission checks as it is only concerned with the keyring */ 707 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 708 ret = 0; 709 goto error; 710 } 711 712 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 713 ret = wait_for_key_construction(key, true); 714 switch (ret) { 715 case -ERESTARTSYS: 716 goto invalid_key; 717 default: 718 if (perm) 719 goto invalid_key; 720 case 0: 721 break; 722 } 723 } else if (perm) { 724 ret = key_validate(key); 725 if (ret < 0) 726 goto invalid_key; 727 } 728 729 ret = -EIO; 730 if (!(lflags & KEY_LOOKUP_PARTIAL) && 731 !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 732 goto invalid_key; 733 734 /* check the permissions */ 735 ret = key_task_permission(key_ref, ctx.cred, perm); 736 if (ret < 0) 737 goto invalid_key; 738 739 key->last_used_at = current_kernel_time().tv_sec; 740 741 error: 742 put_cred(ctx.cred); 743 return key_ref; 744 745 invalid_key: 746 key_ref_put(key_ref); 747 key_ref = ERR_PTR(ret); 748 goto error; 749 750 /* if we attempted to install a keyring, then it may have caused new 751 * creds to be installed */ 752 reget_creds: 753 put_cred(ctx.cred); 754 goto try_again; 755 } 756 757 /* 758 * Join the named keyring as the session keyring if possible else attempt to 759 * create a new one of that name and join that. 760 * 761 * If the name is NULL, an empty anonymous keyring will be installed as the 762 * session keyring. 763 * 764 * Named session keyrings are joined with a semaphore held to prevent the 765 * keyrings from going away whilst the attempt is made to going them and also 766 * to prevent a race in creating compatible session keyrings. 767 */ 768 long join_session_keyring(const char *name) 769 { 770 const struct cred *old; 771 struct cred *new; 772 struct key *keyring; 773 long ret, serial; 774 775 new = prepare_creds(); 776 if (!new) 777 return -ENOMEM; 778 old = current_cred(); 779 780 /* if no name is provided, install an anonymous keyring */ 781 if (!name) { 782 ret = install_session_keyring_to_cred(new, NULL); 783 if (ret < 0) 784 goto error; 785 786 serial = new->session_keyring->serial; 787 ret = commit_creds(new); 788 if (ret == 0) 789 ret = serial; 790 goto okay; 791 } 792 793 /* allow the user to join or create a named keyring */ 794 mutex_lock(&key_session_mutex); 795 796 /* look for an existing keyring of this name */ 797 keyring = find_keyring_by_name(name, false); 798 if (PTR_ERR(keyring) == -ENOKEY) { 799 /* not found - try and create a new one */ 800 keyring = keyring_alloc( 801 name, old->uid, old->gid, old, 802 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 803 KEY_ALLOC_IN_QUOTA, NULL, NULL); 804 if (IS_ERR(keyring)) { 805 ret = PTR_ERR(keyring); 806 goto error2; 807 } 808 } else if (IS_ERR(keyring)) { 809 ret = PTR_ERR(keyring); 810 goto error2; 811 } else if (keyring == new->session_keyring) { 812 ret = 0; 813 goto error3; 814 } 815 816 /* we've got a keyring - now to install it */ 817 ret = install_session_keyring_to_cred(new, keyring); 818 if (ret < 0) 819 goto error3; 820 821 commit_creds(new); 822 mutex_unlock(&key_session_mutex); 823 824 ret = keyring->serial; 825 key_put(keyring); 826 okay: 827 return ret; 828 829 error3: 830 key_put(keyring); 831 error2: 832 mutex_unlock(&key_session_mutex); 833 error: 834 abort_creds(new); 835 return ret; 836 } 837 838 /* 839 * Replace a process's session keyring on behalf of one of its children when 840 * the target process is about to resume userspace execution. 841 */ 842 void key_change_session_keyring(struct callback_head *twork) 843 { 844 const struct cred *old = current_cred(); 845 struct cred *new = container_of(twork, struct cred, rcu); 846 847 if (unlikely(current->flags & PF_EXITING)) { 848 put_cred(new); 849 return; 850 } 851 852 new-> uid = old-> uid; 853 new-> euid = old-> euid; 854 new-> suid = old-> suid; 855 new->fsuid = old->fsuid; 856 new-> gid = old-> gid; 857 new-> egid = old-> egid; 858 new-> sgid = old-> sgid; 859 new->fsgid = old->fsgid; 860 new->user = get_uid(old->user); 861 new->user_ns = get_user_ns(old->user_ns); 862 new->group_info = get_group_info(old->group_info); 863 864 new->securebits = old->securebits; 865 new->cap_inheritable = old->cap_inheritable; 866 new->cap_permitted = old->cap_permitted; 867 new->cap_effective = old->cap_effective; 868 new->cap_ambient = old->cap_ambient; 869 new->cap_bset = old->cap_bset; 870 871 new->jit_keyring = old->jit_keyring; 872 new->thread_keyring = key_get(old->thread_keyring); 873 new->process_keyring = key_get(old->process_keyring); 874 875 security_transfer_creds(new, old); 876 877 commit_creds(new); 878 } 879 880 /* 881 * Make sure that root's user and user-session keyrings exist. 882 */ 883 static int __init init_root_keyring(void) 884 { 885 return install_user_keyrings(); 886 } 887 888 late_initcall(init_root_keyring); 889