1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/init.h> 13 #include <linux/sched.h> 14 #include <linux/sched/user.h> 15 #include <linux/keyctl.h> 16 #include <linux/fs.h> 17 #include <linux/err.h> 18 #include <linux/mutex.h> 19 #include <linux/security.h> 20 #include <linux/user_namespace.h> 21 #include <linux/uaccess.h> 22 #include <keys/request_key_auth-type.h> 23 #include "internal.h" 24 25 /* Session keyring create vs join semaphore */ 26 static DEFINE_MUTEX(key_session_mutex); 27 28 /* User keyring creation semaphore */ 29 static DEFINE_MUTEX(key_user_keyring_mutex); 30 31 /* The root user's tracking struct */ 32 struct key_user root_key_user = { 33 .usage = REFCOUNT_INIT(3), 34 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 35 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 36 .nkeys = ATOMIC_INIT(2), 37 .nikeys = ATOMIC_INIT(2), 38 .uid = GLOBAL_ROOT_UID, 39 }; 40 41 /* 42 * Install the user and user session keyrings for the current process's UID. 43 */ 44 int install_user_keyrings(void) 45 { 46 struct user_struct *user; 47 const struct cred *cred; 48 struct key *uid_keyring, *session_keyring; 49 key_perm_t user_keyring_perm; 50 char buf[20]; 51 int ret; 52 uid_t uid; 53 54 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 55 cred = current_cred(); 56 user = cred->user; 57 uid = from_kuid(cred->user_ns, user->uid); 58 59 kenter("%p{%u}", user, uid); 60 61 if (READ_ONCE(user->uid_keyring) && READ_ONCE(user->session_keyring)) { 62 kleave(" = 0 [exist]"); 63 return 0; 64 } 65 66 mutex_lock(&key_user_keyring_mutex); 67 ret = 0; 68 69 if (!user->uid_keyring) { 70 /* get the UID-specific keyring 71 * - there may be one in existence already as it may have been 72 * pinned by a session, but the user_struct pointing to it 73 * may have been destroyed by setuid */ 74 sprintf(buf, "_uid.%u", uid); 75 76 uid_keyring = find_keyring_by_name(buf, true); 77 if (IS_ERR(uid_keyring)) { 78 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 79 cred, user_keyring_perm, 80 KEY_ALLOC_UID_KEYRING | 81 KEY_ALLOC_IN_QUOTA, 82 NULL, NULL); 83 if (IS_ERR(uid_keyring)) { 84 ret = PTR_ERR(uid_keyring); 85 goto error; 86 } 87 } 88 89 /* get a default session keyring (which might also exist 90 * already) */ 91 sprintf(buf, "_uid_ses.%u", uid); 92 93 session_keyring = find_keyring_by_name(buf, true); 94 if (IS_ERR(session_keyring)) { 95 session_keyring = 96 keyring_alloc(buf, user->uid, INVALID_GID, 97 cred, user_keyring_perm, 98 KEY_ALLOC_UID_KEYRING | 99 KEY_ALLOC_IN_QUOTA, 100 NULL, NULL); 101 if (IS_ERR(session_keyring)) { 102 ret = PTR_ERR(session_keyring); 103 goto error_release; 104 } 105 106 /* we install a link from the user session keyring to 107 * the user keyring */ 108 ret = key_link(session_keyring, uid_keyring); 109 if (ret < 0) 110 goto error_release_both; 111 } 112 113 /* install the keyrings */ 114 /* paired with READ_ONCE() */ 115 smp_store_release(&user->uid_keyring, uid_keyring); 116 /* paired with READ_ONCE() */ 117 smp_store_release(&user->session_keyring, session_keyring); 118 } 119 120 mutex_unlock(&key_user_keyring_mutex); 121 kleave(" = 0"); 122 return 0; 123 124 error_release_both: 125 key_put(session_keyring); 126 error_release: 127 key_put(uid_keyring); 128 error: 129 mutex_unlock(&key_user_keyring_mutex); 130 kleave(" = %d", ret); 131 return ret; 132 } 133 134 /* 135 * Install a thread keyring to the given credentials struct if it didn't have 136 * one already. This is allowed to overrun the quota. 137 * 138 * Return: 0 if a thread keyring is now present; -errno on failure. 139 */ 140 int install_thread_keyring_to_cred(struct cred *new) 141 { 142 struct key *keyring; 143 144 if (new->thread_keyring) 145 return 0; 146 147 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 148 KEY_POS_ALL | KEY_USR_VIEW, 149 KEY_ALLOC_QUOTA_OVERRUN, 150 NULL, NULL); 151 if (IS_ERR(keyring)) 152 return PTR_ERR(keyring); 153 154 new->thread_keyring = keyring; 155 return 0; 156 } 157 158 /* 159 * Install a thread keyring to the current task if it didn't have one already. 160 * 161 * Return: 0 if a thread keyring is now present; -errno on failure. 162 */ 163 static int install_thread_keyring(void) 164 { 165 struct cred *new; 166 int ret; 167 168 new = prepare_creds(); 169 if (!new) 170 return -ENOMEM; 171 172 ret = install_thread_keyring_to_cred(new); 173 if (ret < 0) { 174 abort_creds(new); 175 return ret; 176 } 177 178 return commit_creds(new); 179 } 180 181 /* 182 * Install a process keyring to the given credentials struct if it didn't have 183 * one already. This is allowed to overrun the quota. 184 * 185 * Return: 0 if a process keyring is now present; -errno on failure. 186 */ 187 int install_process_keyring_to_cred(struct cred *new) 188 { 189 struct key *keyring; 190 191 if (new->process_keyring) 192 return 0; 193 194 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 195 KEY_POS_ALL | KEY_USR_VIEW, 196 KEY_ALLOC_QUOTA_OVERRUN, 197 NULL, NULL); 198 if (IS_ERR(keyring)) 199 return PTR_ERR(keyring); 200 201 new->process_keyring = keyring; 202 return 0; 203 } 204 205 /* 206 * Install a process keyring to the current task if it didn't have one already. 207 * 208 * Return: 0 if a process keyring is now present; -errno on failure. 209 */ 210 static int install_process_keyring(void) 211 { 212 struct cred *new; 213 int ret; 214 215 new = prepare_creds(); 216 if (!new) 217 return -ENOMEM; 218 219 ret = install_process_keyring_to_cred(new); 220 if (ret < 0) { 221 abort_creds(new); 222 return ret; 223 } 224 225 return commit_creds(new); 226 } 227 228 /* 229 * Install the given keyring as the session keyring of the given credentials 230 * struct, replacing the existing one if any. If the given keyring is NULL, 231 * then install a new anonymous session keyring. 232 * @cred can not be in use by any task yet. 233 * 234 * Return: 0 on success; -errno on failure. 235 */ 236 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 237 { 238 unsigned long flags; 239 struct key *old; 240 241 might_sleep(); 242 243 /* create an empty session keyring */ 244 if (!keyring) { 245 flags = KEY_ALLOC_QUOTA_OVERRUN; 246 if (cred->session_keyring) 247 flags = KEY_ALLOC_IN_QUOTA; 248 249 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 250 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 251 flags, NULL, NULL); 252 if (IS_ERR(keyring)) 253 return PTR_ERR(keyring); 254 } else { 255 __key_get(keyring); 256 } 257 258 /* install the keyring */ 259 old = cred->session_keyring; 260 cred->session_keyring = keyring; 261 262 if (old) 263 key_put(old); 264 265 return 0; 266 } 267 268 /* 269 * Install the given keyring as the session keyring of the current task, 270 * replacing the existing one if any. If the given keyring is NULL, then 271 * install a new anonymous session keyring. 272 * 273 * Return: 0 on success; -errno on failure. 274 */ 275 static int install_session_keyring(struct key *keyring) 276 { 277 struct cred *new; 278 int ret; 279 280 new = prepare_creds(); 281 if (!new) 282 return -ENOMEM; 283 284 ret = install_session_keyring_to_cred(new, keyring); 285 if (ret < 0) { 286 abort_creds(new); 287 return ret; 288 } 289 290 return commit_creds(new); 291 } 292 293 /* 294 * Handle the fsuid changing. 295 */ 296 void key_fsuid_changed(struct cred *new_cred) 297 { 298 /* update the ownership of the thread keyring */ 299 if (new_cred->thread_keyring) { 300 down_write(&new_cred->thread_keyring->sem); 301 new_cred->thread_keyring->uid = new_cred->fsuid; 302 up_write(&new_cred->thread_keyring->sem); 303 } 304 } 305 306 /* 307 * Handle the fsgid changing. 308 */ 309 void key_fsgid_changed(struct cred *new_cred) 310 { 311 /* update the ownership of the thread keyring */ 312 if (new_cred->thread_keyring) { 313 down_write(&new_cred->thread_keyring->sem); 314 new_cred->thread_keyring->gid = new_cred->fsgid; 315 up_write(&new_cred->thread_keyring->sem); 316 } 317 } 318 319 /* 320 * Search the process keyrings attached to the supplied cred for the first 321 * matching key under RCU conditions (the caller must be holding the RCU read 322 * lock). 323 * 324 * The search criteria are the type and the match function. The description is 325 * given to the match function as a parameter, but doesn't otherwise influence 326 * the search. Typically the match function will compare the description 327 * parameter to the key's description. 328 * 329 * This can only search keyrings that grant Search permission to the supplied 330 * credentials. Keyrings linked to searched keyrings will also be searched if 331 * they grant Search permission too. Keys can only be found if they grant 332 * Search permission to the credentials. 333 * 334 * Returns a pointer to the key with the key usage count incremented if 335 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 336 * matched negative keys. 337 * 338 * In the case of a successful return, the possession attribute is set on the 339 * returned key reference. 340 */ 341 key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx) 342 { 343 key_ref_t key_ref, ret, err; 344 const struct cred *cred = ctx->cred; 345 346 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 347 * searchable, but we failed to find a key or we found a negative key; 348 * otherwise we want to return a sample error (probably -EACCES) if 349 * none of the keyrings were searchable 350 * 351 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 352 */ 353 key_ref = NULL; 354 ret = NULL; 355 err = ERR_PTR(-EAGAIN); 356 357 /* search the thread keyring first */ 358 if (cred->thread_keyring) { 359 key_ref = keyring_search_rcu( 360 make_key_ref(cred->thread_keyring, 1), ctx); 361 if (!IS_ERR(key_ref)) 362 goto found; 363 364 switch (PTR_ERR(key_ref)) { 365 case -EAGAIN: /* no key */ 366 case -ENOKEY: /* negative key */ 367 ret = key_ref; 368 break; 369 default: 370 err = key_ref; 371 break; 372 } 373 } 374 375 /* search the process keyring second */ 376 if (cred->process_keyring) { 377 key_ref = keyring_search_rcu( 378 make_key_ref(cred->process_keyring, 1), ctx); 379 if (!IS_ERR(key_ref)) 380 goto found; 381 382 switch (PTR_ERR(key_ref)) { 383 case -EAGAIN: /* no key */ 384 if (ret) 385 break; 386 /* fall through */ 387 case -ENOKEY: /* negative key */ 388 ret = key_ref; 389 break; 390 default: 391 err = key_ref; 392 break; 393 } 394 } 395 396 /* search the session keyring */ 397 if (cred->session_keyring) { 398 key_ref = keyring_search_rcu( 399 make_key_ref(cred->session_keyring, 1), ctx); 400 401 if (!IS_ERR(key_ref)) 402 goto found; 403 404 switch (PTR_ERR(key_ref)) { 405 case -EAGAIN: /* no key */ 406 if (ret) 407 break; 408 /* fall through */ 409 case -ENOKEY: /* negative key */ 410 ret = key_ref; 411 break; 412 default: 413 err = key_ref; 414 break; 415 } 416 } 417 /* or search the user-session keyring */ 418 else if (READ_ONCE(cred->user->session_keyring)) { 419 key_ref = keyring_search_rcu( 420 make_key_ref(READ_ONCE(cred->user->session_keyring), 1), 421 ctx); 422 if (!IS_ERR(key_ref)) 423 goto found; 424 425 switch (PTR_ERR(key_ref)) { 426 case -EAGAIN: /* no key */ 427 if (ret) 428 break; 429 /* fall through */ 430 case -ENOKEY: /* negative key */ 431 ret = key_ref; 432 break; 433 default: 434 err = key_ref; 435 break; 436 } 437 } 438 439 /* no key - decide on the error we're going to go for */ 440 key_ref = ret ? ret : err; 441 442 found: 443 return key_ref; 444 } 445 446 /* 447 * Search the process keyrings attached to the supplied cred for the first 448 * matching key in the manner of search_my_process_keyrings(), but also search 449 * the keys attached to the assumed authorisation key using its credentials if 450 * one is available. 451 * 452 * The caller must be holding the RCU read lock. 453 * 454 * Return same as search_cred_keyrings_rcu(). 455 */ 456 key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx) 457 { 458 struct request_key_auth *rka; 459 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 460 461 key_ref = search_cred_keyrings_rcu(ctx); 462 if (!IS_ERR(key_ref)) 463 goto found; 464 err = key_ref; 465 466 /* if this process has an instantiation authorisation key, then we also 467 * search the keyrings of the process mentioned there 468 * - we don't permit access to request_key auth keys via this method 469 */ 470 if (ctx->cred->request_key_auth && 471 ctx->cred == current_cred() && 472 ctx->index_key.type != &key_type_request_key_auth 473 ) { 474 const struct cred *cred = ctx->cred; 475 476 if (key_validate(cred->request_key_auth) == 0) { 477 rka = ctx->cred->request_key_auth->payload.data[0]; 478 479 //// was search_process_keyrings() [ie. recursive] 480 ctx->cred = rka->cred; 481 key_ref = search_cred_keyrings_rcu(ctx); 482 ctx->cred = cred; 483 484 if (!IS_ERR(key_ref)) 485 goto found; 486 ret = key_ref; 487 } 488 } 489 490 /* no key - decide on the error we're going to go for */ 491 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 492 key_ref = ERR_PTR(-ENOKEY); 493 else if (err == ERR_PTR(-EACCES)) 494 key_ref = ret; 495 else 496 key_ref = err; 497 498 found: 499 return key_ref; 500 } 501 /* 502 * See if the key we're looking at is the target key. 503 */ 504 bool lookup_user_key_possessed(const struct key *key, 505 const struct key_match_data *match_data) 506 { 507 return key == match_data->raw_data; 508 } 509 510 /* 511 * Look up a key ID given us by userspace with a given permissions mask to get 512 * the key it refers to. 513 * 514 * Flags can be passed to request that special keyrings be created if referred 515 * to directly, to permit partially constructed keys to be found and to skip 516 * validity and permission checks on the found key. 517 * 518 * Returns a pointer to the key with an incremented usage count if successful; 519 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 520 * to a key or the best found key was a negative key; -EKEYREVOKED or 521 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 522 * found key doesn't grant the requested permit or the LSM denied access to it; 523 * or -ENOMEM if a special keyring couldn't be created. 524 * 525 * In the case of a successful return, the possession attribute is set on the 526 * returned key reference. 527 */ 528 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 529 key_perm_t perm) 530 { 531 struct keyring_search_context ctx = { 532 .match_data.cmp = lookup_user_key_possessed, 533 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 534 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 535 }; 536 struct request_key_auth *rka; 537 struct key *key; 538 key_ref_t key_ref, skey_ref; 539 int ret; 540 541 try_again: 542 ctx.cred = get_current_cred(); 543 key_ref = ERR_PTR(-ENOKEY); 544 545 switch (id) { 546 case KEY_SPEC_THREAD_KEYRING: 547 if (!ctx.cred->thread_keyring) { 548 if (!(lflags & KEY_LOOKUP_CREATE)) 549 goto error; 550 551 ret = install_thread_keyring(); 552 if (ret < 0) { 553 key_ref = ERR_PTR(ret); 554 goto error; 555 } 556 goto reget_creds; 557 } 558 559 key = ctx.cred->thread_keyring; 560 __key_get(key); 561 key_ref = make_key_ref(key, 1); 562 break; 563 564 case KEY_SPEC_PROCESS_KEYRING: 565 if (!ctx.cred->process_keyring) { 566 if (!(lflags & KEY_LOOKUP_CREATE)) 567 goto error; 568 569 ret = install_process_keyring(); 570 if (ret < 0) { 571 key_ref = ERR_PTR(ret); 572 goto error; 573 } 574 goto reget_creds; 575 } 576 577 key = ctx.cred->process_keyring; 578 __key_get(key); 579 key_ref = make_key_ref(key, 1); 580 break; 581 582 case KEY_SPEC_SESSION_KEYRING: 583 if (!ctx.cred->session_keyring) { 584 /* always install a session keyring upon access if one 585 * doesn't exist yet */ 586 ret = install_user_keyrings(); 587 if (ret < 0) 588 goto error; 589 if (lflags & KEY_LOOKUP_CREATE) 590 ret = join_session_keyring(NULL); 591 else 592 ret = install_session_keyring( 593 ctx.cred->user->session_keyring); 594 595 if (ret < 0) 596 goto error; 597 goto reget_creds; 598 } else if (ctx.cred->session_keyring == 599 READ_ONCE(ctx.cred->user->session_keyring) && 600 lflags & KEY_LOOKUP_CREATE) { 601 ret = join_session_keyring(NULL); 602 if (ret < 0) 603 goto error; 604 goto reget_creds; 605 } 606 607 key = ctx.cred->session_keyring; 608 __key_get(key); 609 key_ref = make_key_ref(key, 1); 610 break; 611 612 case KEY_SPEC_USER_KEYRING: 613 if (!READ_ONCE(ctx.cred->user->uid_keyring)) { 614 ret = install_user_keyrings(); 615 if (ret < 0) 616 goto error; 617 } 618 619 key = ctx.cred->user->uid_keyring; 620 __key_get(key); 621 key_ref = make_key_ref(key, 1); 622 break; 623 624 case KEY_SPEC_USER_SESSION_KEYRING: 625 if (!READ_ONCE(ctx.cred->user->session_keyring)) { 626 ret = install_user_keyrings(); 627 if (ret < 0) 628 goto error; 629 } 630 631 key = ctx.cred->user->session_keyring; 632 __key_get(key); 633 key_ref = make_key_ref(key, 1); 634 break; 635 636 case KEY_SPEC_GROUP_KEYRING: 637 /* group keyrings are not yet supported */ 638 key_ref = ERR_PTR(-EINVAL); 639 goto error; 640 641 case KEY_SPEC_REQKEY_AUTH_KEY: 642 key = ctx.cred->request_key_auth; 643 if (!key) 644 goto error; 645 646 __key_get(key); 647 key_ref = make_key_ref(key, 1); 648 break; 649 650 case KEY_SPEC_REQUESTOR_KEYRING: 651 if (!ctx.cred->request_key_auth) 652 goto error; 653 654 down_read(&ctx.cred->request_key_auth->sem); 655 if (test_bit(KEY_FLAG_REVOKED, 656 &ctx.cred->request_key_auth->flags)) { 657 key_ref = ERR_PTR(-EKEYREVOKED); 658 key = NULL; 659 } else { 660 rka = ctx.cred->request_key_auth->payload.data[0]; 661 key = rka->dest_keyring; 662 __key_get(key); 663 } 664 up_read(&ctx.cred->request_key_auth->sem); 665 if (!key) 666 goto error; 667 key_ref = make_key_ref(key, 1); 668 break; 669 670 default: 671 key_ref = ERR_PTR(-EINVAL); 672 if (id < 1) 673 goto error; 674 675 key = key_lookup(id); 676 if (IS_ERR(key)) { 677 key_ref = ERR_CAST(key); 678 goto error; 679 } 680 681 key_ref = make_key_ref(key, 0); 682 683 /* check to see if we possess the key */ 684 ctx.index_key = key->index_key; 685 ctx.match_data.raw_data = key; 686 kdebug("check possessed"); 687 rcu_read_lock(); 688 skey_ref = search_process_keyrings_rcu(&ctx); 689 rcu_read_unlock(); 690 kdebug("possessed=%p", skey_ref); 691 692 if (!IS_ERR(skey_ref)) { 693 key_put(key); 694 key_ref = skey_ref; 695 } 696 697 break; 698 } 699 700 /* unlink does not use the nominated key in any way, so can skip all 701 * the permission checks as it is only concerned with the keyring */ 702 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 703 ret = 0; 704 goto error; 705 } 706 707 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 708 ret = wait_for_key_construction(key, true); 709 switch (ret) { 710 case -ERESTARTSYS: 711 goto invalid_key; 712 default: 713 if (perm) 714 goto invalid_key; 715 case 0: 716 break; 717 } 718 } else if (perm) { 719 ret = key_validate(key); 720 if (ret < 0) 721 goto invalid_key; 722 } 723 724 ret = -EIO; 725 if (!(lflags & KEY_LOOKUP_PARTIAL) && 726 key_read_state(key) == KEY_IS_UNINSTANTIATED) 727 goto invalid_key; 728 729 /* check the permissions */ 730 ret = key_task_permission(key_ref, ctx.cred, perm); 731 if (ret < 0) 732 goto invalid_key; 733 734 key->last_used_at = ktime_get_real_seconds(); 735 736 error: 737 put_cred(ctx.cred); 738 return key_ref; 739 740 invalid_key: 741 key_ref_put(key_ref); 742 key_ref = ERR_PTR(ret); 743 goto error; 744 745 /* if we attempted to install a keyring, then it may have caused new 746 * creds to be installed */ 747 reget_creds: 748 put_cred(ctx.cred); 749 goto try_again; 750 } 751 EXPORT_SYMBOL(lookup_user_key); 752 753 /* 754 * Join the named keyring as the session keyring if possible else attempt to 755 * create a new one of that name and join that. 756 * 757 * If the name is NULL, an empty anonymous keyring will be installed as the 758 * session keyring. 759 * 760 * Named session keyrings are joined with a semaphore held to prevent the 761 * keyrings from going away whilst the attempt is made to going them and also 762 * to prevent a race in creating compatible session keyrings. 763 */ 764 long join_session_keyring(const char *name) 765 { 766 const struct cred *old; 767 struct cred *new; 768 struct key *keyring; 769 long ret, serial; 770 771 new = prepare_creds(); 772 if (!new) 773 return -ENOMEM; 774 old = current_cred(); 775 776 /* if no name is provided, install an anonymous keyring */ 777 if (!name) { 778 ret = install_session_keyring_to_cred(new, NULL); 779 if (ret < 0) 780 goto error; 781 782 serial = new->session_keyring->serial; 783 ret = commit_creds(new); 784 if (ret == 0) 785 ret = serial; 786 goto okay; 787 } 788 789 /* allow the user to join or create a named keyring */ 790 mutex_lock(&key_session_mutex); 791 792 /* look for an existing keyring of this name */ 793 keyring = find_keyring_by_name(name, false); 794 if (PTR_ERR(keyring) == -ENOKEY) { 795 /* not found - try and create a new one */ 796 keyring = keyring_alloc( 797 name, old->uid, old->gid, old, 798 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 799 KEY_ALLOC_IN_QUOTA, NULL, NULL); 800 if (IS_ERR(keyring)) { 801 ret = PTR_ERR(keyring); 802 goto error2; 803 } 804 } else if (IS_ERR(keyring)) { 805 ret = PTR_ERR(keyring); 806 goto error2; 807 } else if (keyring == new->session_keyring) { 808 ret = 0; 809 goto error3; 810 } 811 812 /* we've got a keyring - now to install it */ 813 ret = install_session_keyring_to_cred(new, keyring); 814 if (ret < 0) 815 goto error3; 816 817 commit_creds(new); 818 mutex_unlock(&key_session_mutex); 819 820 ret = keyring->serial; 821 key_put(keyring); 822 okay: 823 return ret; 824 825 error3: 826 key_put(keyring); 827 error2: 828 mutex_unlock(&key_session_mutex); 829 error: 830 abort_creds(new); 831 return ret; 832 } 833 834 /* 835 * Replace a process's session keyring on behalf of one of its children when 836 * the target process is about to resume userspace execution. 837 */ 838 void key_change_session_keyring(struct callback_head *twork) 839 { 840 const struct cred *old = current_cred(); 841 struct cred *new = container_of(twork, struct cred, rcu); 842 843 if (unlikely(current->flags & PF_EXITING)) { 844 put_cred(new); 845 return; 846 } 847 848 new-> uid = old-> uid; 849 new-> euid = old-> euid; 850 new-> suid = old-> suid; 851 new->fsuid = old->fsuid; 852 new-> gid = old-> gid; 853 new-> egid = old-> egid; 854 new-> sgid = old-> sgid; 855 new->fsgid = old->fsgid; 856 new->user = get_uid(old->user); 857 new->user_ns = get_user_ns(old->user_ns); 858 new->group_info = get_group_info(old->group_info); 859 860 new->securebits = old->securebits; 861 new->cap_inheritable = old->cap_inheritable; 862 new->cap_permitted = old->cap_permitted; 863 new->cap_effective = old->cap_effective; 864 new->cap_ambient = old->cap_ambient; 865 new->cap_bset = old->cap_bset; 866 867 new->jit_keyring = old->jit_keyring; 868 new->thread_keyring = key_get(old->thread_keyring); 869 new->process_keyring = key_get(old->process_keyring); 870 871 security_transfer_creds(new, old); 872 873 commit_creds(new); 874 } 875 876 /* 877 * Make sure that root's user and user-session keyrings exist. 878 */ 879 static int __init init_root_keyring(void) 880 { 881 return install_user_keyrings(); 882 } 883 884 late_initcall(init_root_keyring); 885