1 /* Management of a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/slab.h> 16 #include <linux/keyctl.h> 17 #include <linux/fs.h> 18 #include <linux/err.h> 19 #include <linux/mutex.h> 20 #include <asm/uaccess.h> 21 #include "internal.h" 22 23 /* session keyring create vs join semaphore */ 24 static DEFINE_MUTEX(key_session_mutex); 25 26 /* user keyring creation semaphore */ 27 static DEFINE_MUTEX(key_user_keyring_mutex); 28 29 /* the root user's tracking struct */ 30 struct key_user root_key_user = { 31 .usage = ATOMIC_INIT(3), 32 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 33 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 34 .nkeys = ATOMIC_INIT(2), 35 .nikeys = ATOMIC_INIT(2), 36 .uid = 0, 37 }; 38 39 /*****************************************************************************/ 40 /* 41 * install user and user session keyrings for a particular UID 42 */ 43 int install_user_keyrings(void) 44 { 45 struct user_struct *user = current->user; 46 struct key *uid_keyring, *session_keyring; 47 char buf[20]; 48 int ret; 49 50 kenter("%p{%u}", user, user->uid); 51 52 if (user->uid_keyring) { 53 kleave(" = 0 [exist]"); 54 return 0; 55 } 56 57 mutex_lock(&key_user_keyring_mutex); 58 ret = 0; 59 60 if (!user->uid_keyring) { 61 /* get the UID-specific keyring 62 * - there may be one in existence already as it may have been 63 * pinned by a session, but the user_struct pointing to it 64 * may have been destroyed by setuid */ 65 sprintf(buf, "_uid.%u", user->uid); 66 67 uid_keyring = find_keyring_by_name(buf, true); 68 if (IS_ERR(uid_keyring)) { 69 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, 70 current, KEY_ALLOC_IN_QUOTA, 71 NULL); 72 if (IS_ERR(uid_keyring)) { 73 ret = PTR_ERR(uid_keyring); 74 goto error; 75 } 76 } 77 78 /* get a default session keyring (which might also exist 79 * already) */ 80 sprintf(buf, "_uid_ses.%u", user->uid); 81 82 session_keyring = find_keyring_by_name(buf, true); 83 if (IS_ERR(session_keyring)) { 84 session_keyring = 85 keyring_alloc(buf, user->uid, (gid_t) -1, 86 current, KEY_ALLOC_IN_QUOTA, 87 NULL); 88 if (IS_ERR(session_keyring)) { 89 ret = PTR_ERR(session_keyring); 90 goto error_release; 91 } 92 93 /* we install a link from the user session keyring to 94 * the user keyring */ 95 ret = key_link(session_keyring, uid_keyring); 96 if (ret < 0) 97 goto error_release_both; 98 } 99 100 /* install the keyrings */ 101 user->uid_keyring = uid_keyring; 102 user->session_keyring = session_keyring; 103 } 104 105 mutex_unlock(&key_user_keyring_mutex); 106 kleave(" = 0"); 107 return 0; 108 109 error_release_both: 110 key_put(session_keyring); 111 error_release: 112 key_put(uid_keyring); 113 error: 114 mutex_unlock(&key_user_keyring_mutex); 115 kleave(" = %d", ret); 116 return ret; 117 } 118 119 /*****************************************************************************/ 120 /* 121 * deal with the UID changing 122 */ 123 void switch_uid_keyring(struct user_struct *new_user) 124 { 125 #if 0 /* do nothing for now */ 126 struct key *old; 127 128 /* switch to the new user's session keyring if we were running under 129 * root's default session keyring */ 130 if (new_user->uid != 0 && 131 current->session_keyring == &root_session_keyring 132 ) { 133 atomic_inc(&new_user->session_keyring->usage); 134 135 task_lock(current); 136 old = current->session_keyring; 137 current->session_keyring = new_user->session_keyring; 138 task_unlock(current); 139 140 key_put(old); 141 } 142 #endif 143 144 } /* end switch_uid_keyring() */ 145 146 /*****************************************************************************/ 147 /* 148 * install a fresh thread keyring, discarding the old one 149 */ 150 int install_thread_keyring(void) 151 { 152 struct task_struct *tsk = current; 153 struct key *keyring, *old; 154 char buf[20]; 155 int ret; 156 157 sprintf(buf, "_tid.%u", tsk->pid); 158 159 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 160 KEY_ALLOC_QUOTA_OVERRUN, NULL); 161 if (IS_ERR(keyring)) { 162 ret = PTR_ERR(keyring); 163 goto error; 164 } 165 166 task_lock(tsk); 167 old = tsk->thread_keyring; 168 tsk->thread_keyring = keyring; 169 task_unlock(tsk); 170 171 ret = 0; 172 173 key_put(old); 174 error: 175 return ret; 176 177 } /* end install_thread_keyring() */ 178 179 /*****************************************************************************/ 180 /* 181 * make sure a process keyring is installed 182 */ 183 int install_process_keyring(void) 184 { 185 struct task_struct *tsk = current; 186 struct key *keyring; 187 char buf[20]; 188 int ret; 189 190 might_sleep(); 191 192 if (!tsk->signal->process_keyring) { 193 sprintf(buf, "_pid.%u", tsk->tgid); 194 195 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 196 KEY_ALLOC_QUOTA_OVERRUN, NULL); 197 if (IS_ERR(keyring)) { 198 ret = PTR_ERR(keyring); 199 goto error; 200 } 201 202 /* attach keyring */ 203 spin_lock_irq(&tsk->sighand->siglock); 204 if (!tsk->signal->process_keyring) { 205 tsk->signal->process_keyring = keyring; 206 keyring = NULL; 207 } 208 spin_unlock_irq(&tsk->sighand->siglock); 209 210 key_put(keyring); 211 } 212 213 ret = 0; 214 error: 215 return ret; 216 217 } /* end install_process_keyring() */ 218 219 /*****************************************************************************/ 220 /* 221 * install a session keyring, discarding the old one 222 * - if a keyring is not supplied, an empty one is invented 223 */ 224 static int install_session_keyring(struct key *keyring) 225 { 226 struct task_struct *tsk = current; 227 unsigned long flags; 228 struct key *old; 229 char buf[20]; 230 231 might_sleep(); 232 233 /* create an empty session keyring */ 234 if (!keyring) { 235 sprintf(buf, "_ses.%u", tsk->tgid); 236 237 flags = KEY_ALLOC_QUOTA_OVERRUN; 238 if (tsk->signal->session_keyring) 239 flags = KEY_ALLOC_IN_QUOTA; 240 241 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 242 flags, NULL); 243 if (IS_ERR(keyring)) 244 return PTR_ERR(keyring); 245 } 246 else { 247 atomic_inc(&keyring->usage); 248 } 249 250 /* install the keyring */ 251 spin_lock_irq(&tsk->sighand->siglock); 252 old = tsk->signal->session_keyring; 253 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 254 spin_unlock_irq(&tsk->sighand->siglock); 255 256 /* we're using RCU on the pointer, but there's no point synchronising 257 * on it if it didn't previously point to anything */ 258 if (old) { 259 synchronize_rcu(); 260 key_put(old); 261 } 262 263 return 0; 264 265 } /* end install_session_keyring() */ 266 267 /*****************************************************************************/ 268 /* 269 * copy the keys in a thread group for fork without CLONE_THREAD 270 */ 271 int copy_thread_group_keys(struct task_struct *tsk) 272 { 273 key_check(current->thread_group->session_keyring); 274 key_check(current->thread_group->process_keyring); 275 276 /* no process keyring yet */ 277 tsk->signal->process_keyring = NULL; 278 279 /* same session keyring */ 280 rcu_read_lock(); 281 tsk->signal->session_keyring = 282 key_get(rcu_dereference(current->signal->session_keyring)); 283 rcu_read_unlock(); 284 285 return 0; 286 287 } /* end copy_thread_group_keys() */ 288 289 /*****************************************************************************/ 290 /* 291 * copy the keys for fork 292 */ 293 int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 294 { 295 key_check(tsk->thread_keyring); 296 key_check(tsk->request_key_auth); 297 298 /* no thread keyring yet */ 299 tsk->thread_keyring = NULL; 300 301 /* copy the request_key() authorisation for this thread */ 302 key_get(tsk->request_key_auth); 303 304 return 0; 305 306 } /* end copy_keys() */ 307 308 /*****************************************************************************/ 309 /* 310 * dispose of thread group keys upon thread group destruction 311 */ 312 void exit_thread_group_keys(struct signal_struct *tg) 313 { 314 key_put(tg->session_keyring); 315 key_put(tg->process_keyring); 316 317 } /* end exit_thread_group_keys() */ 318 319 /*****************************************************************************/ 320 /* 321 * dispose of per-thread keys upon thread exit 322 */ 323 void exit_keys(struct task_struct *tsk) 324 { 325 key_put(tsk->thread_keyring); 326 key_put(tsk->request_key_auth); 327 328 } /* end exit_keys() */ 329 330 /*****************************************************************************/ 331 /* 332 * deal with execve() 333 */ 334 int exec_keys(struct task_struct *tsk) 335 { 336 struct key *old; 337 338 /* newly exec'd tasks don't get a thread keyring */ 339 task_lock(tsk); 340 old = tsk->thread_keyring; 341 tsk->thread_keyring = NULL; 342 task_unlock(tsk); 343 344 key_put(old); 345 346 /* discard the process keyring from a newly exec'd task */ 347 spin_lock_irq(&tsk->sighand->siglock); 348 old = tsk->signal->process_keyring; 349 tsk->signal->process_keyring = NULL; 350 spin_unlock_irq(&tsk->sighand->siglock); 351 352 key_put(old); 353 354 return 0; 355 356 } /* end exec_keys() */ 357 358 /*****************************************************************************/ 359 /* 360 * deal with SUID programs 361 * - we might want to make this invent a new session keyring 362 */ 363 int suid_keys(struct task_struct *tsk) 364 { 365 return 0; 366 367 } /* end suid_keys() */ 368 369 /*****************************************************************************/ 370 /* 371 * the filesystem user ID changed 372 */ 373 void key_fsuid_changed(struct task_struct *tsk) 374 { 375 /* update the ownership of the thread keyring */ 376 if (tsk->thread_keyring) { 377 down_write(&tsk->thread_keyring->sem); 378 tsk->thread_keyring->uid = tsk->fsuid; 379 up_write(&tsk->thread_keyring->sem); 380 } 381 382 } /* end key_fsuid_changed() */ 383 384 /*****************************************************************************/ 385 /* 386 * the filesystem group ID changed 387 */ 388 void key_fsgid_changed(struct task_struct *tsk) 389 { 390 /* update the ownership of the thread keyring */ 391 if (tsk->thread_keyring) { 392 down_write(&tsk->thread_keyring->sem); 393 tsk->thread_keyring->gid = tsk->fsgid; 394 up_write(&tsk->thread_keyring->sem); 395 } 396 397 } /* end key_fsgid_changed() */ 398 399 /*****************************************************************************/ 400 /* 401 * search the process keyrings for the first matching key 402 * - we use the supplied match function to see if the description (or other 403 * feature of interest) matches 404 * - we return -EAGAIN if we didn't find any matching key 405 * - we return -ENOKEY if we found only negative matching keys 406 */ 407 key_ref_t search_process_keyrings(struct key_type *type, 408 const void *description, 409 key_match_func_t match, 410 struct task_struct *context) 411 { 412 struct request_key_auth *rka; 413 key_ref_t key_ref, ret, err; 414 415 might_sleep(); 416 417 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 418 * searchable, but we failed to find a key or we found a negative key; 419 * otherwise we want to return a sample error (probably -EACCES) if 420 * none of the keyrings were searchable 421 * 422 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 423 */ 424 key_ref = NULL; 425 ret = NULL; 426 err = ERR_PTR(-EAGAIN); 427 428 /* search the thread keyring first */ 429 if (context->thread_keyring) { 430 key_ref = keyring_search_aux( 431 make_key_ref(context->thread_keyring, 1), 432 context, type, description, match); 433 if (!IS_ERR(key_ref)) 434 goto found; 435 436 switch (PTR_ERR(key_ref)) { 437 case -EAGAIN: /* no key */ 438 if (ret) 439 break; 440 case -ENOKEY: /* negative key */ 441 ret = key_ref; 442 break; 443 default: 444 err = key_ref; 445 break; 446 } 447 } 448 449 /* search the process keyring second */ 450 if (context->signal->process_keyring) { 451 key_ref = keyring_search_aux( 452 make_key_ref(context->signal->process_keyring, 1), 453 context, type, description, match); 454 if (!IS_ERR(key_ref)) 455 goto found; 456 457 switch (PTR_ERR(key_ref)) { 458 case -EAGAIN: /* no key */ 459 if (ret) 460 break; 461 case -ENOKEY: /* negative key */ 462 ret = key_ref; 463 break; 464 default: 465 err = key_ref; 466 break; 467 } 468 } 469 470 /* search the session keyring */ 471 if (context->signal->session_keyring) { 472 rcu_read_lock(); 473 key_ref = keyring_search_aux( 474 make_key_ref(rcu_dereference( 475 context->signal->session_keyring), 476 1), 477 context, type, description, match); 478 rcu_read_unlock(); 479 480 if (!IS_ERR(key_ref)) 481 goto found; 482 483 switch (PTR_ERR(key_ref)) { 484 case -EAGAIN: /* no key */ 485 if (ret) 486 break; 487 case -ENOKEY: /* negative key */ 488 ret = key_ref; 489 break; 490 default: 491 err = key_ref; 492 break; 493 } 494 } 495 /* or search the user-session keyring */ 496 else if (context->user->session_keyring) { 497 key_ref = keyring_search_aux( 498 make_key_ref(context->user->session_keyring, 1), 499 context, type, description, match); 500 if (!IS_ERR(key_ref)) 501 goto found; 502 503 switch (PTR_ERR(key_ref)) { 504 case -EAGAIN: /* no key */ 505 if (ret) 506 break; 507 case -ENOKEY: /* negative key */ 508 ret = key_ref; 509 break; 510 default: 511 err = key_ref; 512 break; 513 } 514 } 515 516 /* if this process has an instantiation authorisation key, then we also 517 * search the keyrings of the process mentioned there 518 * - we don't permit access to request_key auth keys via this method 519 */ 520 if (context->request_key_auth && 521 context == current && 522 type != &key_type_request_key_auth 523 ) { 524 /* defend against the auth key being revoked */ 525 down_read(&context->request_key_auth->sem); 526 527 if (key_validate(context->request_key_auth) == 0) { 528 rka = context->request_key_auth->payload.data; 529 530 key_ref = search_process_keyrings(type, description, 531 match, rka->context); 532 533 up_read(&context->request_key_auth->sem); 534 535 if (!IS_ERR(key_ref)) 536 goto found; 537 538 switch (PTR_ERR(key_ref)) { 539 case -EAGAIN: /* no key */ 540 if (ret) 541 break; 542 case -ENOKEY: /* negative key */ 543 ret = key_ref; 544 break; 545 default: 546 err = key_ref; 547 break; 548 } 549 } else { 550 up_read(&context->request_key_auth->sem); 551 } 552 } 553 554 /* no key - decide on the error we're going to go for */ 555 key_ref = ret ? ret : err; 556 557 found: 558 return key_ref; 559 560 } /* end search_process_keyrings() */ 561 562 /*****************************************************************************/ 563 /* 564 * see if the key we're looking at is the target key 565 */ 566 static int lookup_user_key_possessed(const struct key *key, const void *target) 567 { 568 return key == target; 569 570 } /* end lookup_user_key_possessed() */ 571 572 /*****************************************************************************/ 573 /* 574 * lookup a key given a key ID from userspace with a given permissions mask 575 * - don't create special keyrings unless so requested 576 * - partially constructed keys aren't found unless requested 577 */ 578 key_ref_t lookup_user_key(key_serial_t id, int create, int partial, 579 key_perm_t perm) 580 { 581 struct request_key_auth *rka; 582 struct task_struct *t = current; 583 key_ref_t key_ref, skey_ref; 584 struct key *key; 585 int ret; 586 587 key_ref = ERR_PTR(-ENOKEY); 588 589 switch (id) { 590 case KEY_SPEC_THREAD_KEYRING: 591 if (!t->thread_keyring) { 592 if (!create) 593 goto error; 594 595 ret = install_thread_keyring(); 596 if (ret < 0) { 597 key = ERR_PTR(ret); 598 goto error; 599 } 600 } 601 602 key = t->thread_keyring; 603 atomic_inc(&key->usage); 604 key_ref = make_key_ref(key, 1); 605 break; 606 607 case KEY_SPEC_PROCESS_KEYRING: 608 if (!t->signal->process_keyring) { 609 if (!create) 610 goto error; 611 612 ret = install_process_keyring(); 613 if (ret < 0) { 614 key = ERR_PTR(ret); 615 goto error; 616 } 617 } 618 619 key = t->signal->process_keyring; 620 atomic_inc(&key->usage); 621 key_ref = make_key_ref(key, 1); 622 break; 623 624 case KEY_SPEC_SESSION_KEYRING: 625 if (!t->signal->session_keyring) { 626 /* always install a session keyring upon access if one 627 * doesn't exist yet */ 628 ret = install_user_keyrings(); 629 if (ret < 0) 630 goto error; 631 ret = install_session_keyring(t->user->session_keyring); 632 if (ret < 0) 633 goto error; 634 } 635 636 rcu_read_lock(); 637 key = rcu_dereference(t->signal->session_keyring); 638 atomic_inc(&key->usage); 639 rcu_read_unlock(); 640 key_ref = make_key_ref(key, 1); 641 break; 642 643 case KEY_SPEC_USER_KEYRING: 644 if (!t->user->uid_keyring) { 645 ret = install_user_keyrings(); 646 if (ret < 0) 647 goto error; 648 } 649 650 key = t->user->uid_keyring; 651 atomic_inc(&key->usage); 652 key_ref = make_key_ref(key, 1); 653 break; 654 655 case KEY_SPEC_USER_SESSION_KEYRING: 656 if (!t->user->session_keyring) { 657 ret = install_user_keyrings(); 658 if (ret < 0) 659 goto error; 660 } 661 662 key = t->user->session_keyring; 663 atomic_inc(&key->usage); 664 key_ref = make_key_ref(key, 1); 665 break; 666 667 case KEY_SPEC_GROUP_KEYRING: 668 /* group keyrings are not yet supported */ 669 key = ERR_PTR(-EINVAL); 670 goto error; 671 672 case KEY_SPEC_REQKEY_AUTH_KEY: 673 key = t->request_key_auth; 674 if (!key) 675 goto error; 676 677 atomic_inc(&key->usage); 678 key_ref = make_key_ref(key, 1); 679 break; 680 681 case KEY_SPEC_REQUESTOR_KEYRING: 682 if (!t->request_key_auth) 683 goto error; 684 685 down_read(&t->request_key_auth->sem); 686 if (t->request_key_auth->flags & KEY_FLAG_REVOKED) { 687 key_ref = ERR_PTR(-EKEYREVOKED); 688 key = NULL; 689 } else { 690 rka = t->request_key_auth->payload.data; 691 key = rka->dest_keyring; 692 atomic_inc(&key->usage); 693 } 694 up_read(&t->request_key_auth->sem); 695 if (!key) 696 goto error; 697 key_ref = make_key_ref(key, 1); 698 break; 699 700 default: 701 key_ref = ERR_PTR(-EINVAL); 702 if (id < 1) 703 goto error; 704 705 key = key_lookup(id); 706 if (IS_ERR(key)) { 707 key_ref = ERR_CAST(key); 708 goto error; 709 } 710 711 key_ref = make_key_ref(key, 0); 712 713 /* check to see if we possess the key */ 714 skey_ref = search_process_keyrings(key->type, key, 715 lookup_user_key_possessed, 716 current); 717 718 if (!IS_ERR(skey_ref)) { 719 key_put(key); 720 key_ref = skey_ref; 721 } 722 723 break; 724 } 725 726 if (!partial) { 727 ret = wait_for_key_construction(key, true); 728 switch (ret) { 729 case -ERESTARTSYS: 730 goto invalid_key; 731 default: 732 if (perm) 733 goto invalid_key; 734 case 0: 735 break; 736 } 737 } else if (perm) { 738 ret = key_validate(key); 739 if (ret < 0) 740 goto invalid_key; 741 } 742 743 ret = -EIO; 744 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 745 goto invalid_key; 746 747 /* check the permissions */ 748 ret = key_task_permission(key_ref, t, perm); 749 if (ret < 0) 750 goto invalid_key; 751 752 error: 753 return key_ref; 754 755 invalid_key: 756 key_ref_put(key_ref); 757 key_ref = ERR_PTR(ret); 758 goto error; 759 760 } /* end lookup_user_key() */ 761 762 /*****************************************************************************/ 763 /* 764 * join the named keyring as the session keyring if possible, or attempt to 765 * create a new one of that name if not 766 * - if the name is NULL, an empty anonymous keyring is installed instead 767 * - named session keyring joining is done with a semaphore held 768 */ 769 long join_session_keyring(const char *name) 770 { 771 struct task_struct *tsk = current; 772 struct key *keyring; 773 long ret; 774 775 /* if no name is provided, install an anonymous keyring */ 776 if (!name) { 777 ret = install_session_keyring(NULL); 778 if (ret < 0) 779 goto error; 780 781 rcu_read_lock(); 782 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 783 rcu_read_unlock(); 784 goto error; 785 } 786 787 /* allow the user to join or create a named keyring */ 788 mutex_lock(&key_session_mutex); 789 790 /* look for an existing keyring of this name */ 791 keyring = find_keyring_by_name(name, false); 792 if (PTR_ERR(keyring) == -ENOKEY) { 793 /* not found - try and create a new one */ 794 keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, 795 KEY_ALLOC_IN_QUOTA, NULL); 796 if (IS_ERR(keyring)) { 797 ret = PTR_ERR(keyring); 798 goto error2; 799 } 800 } 801 else if (IS_ERR(keyring)) { 802 ret = PTR_ERR(keyring); 803 goto error2; 804 } 805 806 /* we've got a keyring - now to install it */ 807 ret = install_session_keyring(keyring); 808 if (ret < 0) 809 goto error2; 810 811 ret = keyring->serial; 812 key_put(keyring); 813 814 error2: 815 mutex_unlock(&key_session_mutex); 816 error: 817 return ret; 818 819 } /* end join_session_keyring() */ 820