1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/module.h> 13 #include <linux/init.h> 14 #include <linux/sched.h> 15 #include <linux/keyctl.h> 16 #include <linux/fs.h> 17 #include <linux/err.h> 18 #include <linux/mutex.h> 19 #include <linux/security.h> 20 #include <linux/user_namespace.h> 21 #include <linux/uaccess.h> 22 #include "internal.h" 23 24 /* Session keyring create vs join semaphore */ 25 static DEFINE_MUTEX(key_session_mutex); 26 27 /* User keyring creation semaphore */ 28 static DEFINE_MUTEX(key_user_keyring_mutex); 29 30 /* The root user's tracking struct */ 31 struct key_user root_key_user = { 32 .usage = ATOMIC_INIT(3), 33 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 34 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 35 .nkeys = ATOMIC_INIT(2), 36 .nikeys = ATOMIC_INIT(2), 37 .uid = GLOBAL_ROOT_UID, 38 }; 39 40 /* 41 * Install the user and user session keyrings for the current process's UID. 42 */ 43 int install_user_keyrings(void) 44 { 45 struct user_struct *user; 46 const struct cred *cred; 47 struct key *uid_keyring, *session_keyring; 48 key_perm_t user_keyring_perm; 49 char buf[20]; 50 int ret; 51 uid_t uid; 52 53 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 54 cred = current_cred(); 55 user = cred->user; 56 uid = from_kuid(cred->user_ns, user->uid); 57 58 kenter("%p{%u}", user, uid); 59 60 if (user->uid_keyring && user->session_keyring) { 61 kleave(" = 0 [exist]"); 62 return 0; 63 } 64 65 mutex_lock(&key_user_keyring_mutex); 66 ret = 0; 67 68 if (!user->uid_keyring) { 69 /* get the UID-specific keyring 70 * - there may be one in existence already as it may have been 71 * pinned by a session, but the user_struct pointing to it 72 * may have been destroyed by setuid */ 73 sprintf(buf, "_uid.%u", uid); 74 75 uid_keyring = find_keyring_by_name(buf, true); 76 if (IS_ERR(uid_keyring)) { 77 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 78 cred, user_keyring_perm, 79 KEY_ALLOC_IN_QUOTA, 80 NULL, NULL); 81 if (IS_ERR(uid_keyring)) { 82 ret = PTR_ERR(uid_keyring); 83 goto error; 84 } 85 } 86 87 /* get a default session keyring (which might also exist 88 * already) */ 89 sprintf(buf, "_uid_ses.%u", uid); 90 91 session_keyring = find_keyring_by_name(buf, true); 92 if (IS_ERR(session_keyring)) { 93 session_keyring = 94 keyring_alloc(buf, user->uid, INVALID_GID, 95 cred, user_keyring_perm, 96 KEY_ALLOC_IN_QUOTA, 97 NULL, NULL); 98 if (IS_ERR(session_keyring)) { 99 ret = PTR_ERR(session_keyring); 100 goto error_release; 101 } 102 103 /* we install a link from the user session keyring to 104 * the user keyring */ 105 ret = key_link(session_keyring, uid_keyring); 106 if (ret < 0) 107 goto error_release_both; 108 } 109 110 /* install the keyrings */ 111 user->uid_keyring = uid_keyring; 112 user->session_keyring = session_keyring; 113 } 114 115 mutex_unlock(&key_user_keyring_mutex); 116 kleave(" = 0"); 117 return 0; 118 119 error_release_both: 120 key_put(session_keyring); 121 error_release: 122 key_put(uid_keyring); 123 error: 124 mutex_unlock(&key_user_keyring_mutex); 125 kleave(" = %d", ret); 126 return ret; 127 } 128 129 /* 130 * Install a fresh thread keyring directly to new credentials. This keyring is 131 * allowed to overrun the quota. 132 */ 133 int install_thread_keyring_to_cred(struct cred *new) 134 { 135 struct key *keyring; 136 137 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 138 KEY_POS_ALL | KEY_USR_VIEW, 139 KEY_ALLOC_QUOTA_OVERRUN, 140 NULL, NULL); 141 if (IS_ERR(keyring)) 142 return PTR_ERR(keyring); 143 144 new->thread_keyring = keyring; 145 return 0; 146 } 147 148 /* 149 * Install a fresh thread keyring, discarding the old one. 150 */ 151 static int install_thread_keyring(void) 152 { 153 struct cred *new; 154 int ret; 155 156 new = prepare_creds(); 157 if (!new) 158 return -ENOMEM; 159 160 BUG_ON(new->thread_keyring); 161 162 ret = install_thread_keyring_to_cred(new); 163 if (ret < 0) { 164 abort_creds(new); 165 return ret; 166 } 167 168 return commit_creds(new); 169 } 170 171 /* 172 * Install a process keyring directly to a credentials struct. 173 * 174 * Returns -EEXIST if there was already a process keyring, 0 if one installed, 175 * and other value on any other error 176 */ 177 int install_process_keyring_to_cred(struct cred *new) 178 { 179 struct key *keyring; 180 181 if (new->process_keyring) 182 return -EEXIST; 183 184 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 185 KEY_POS_ALL | KEY_USR_VIEW, 186 KEY_ALLOC_QUOTA_OVERRUN, 187 NULL, NULL); 188 if (IS_ERR(keyring)) 189 return PTR_ERR(keyring); 190 191 new->process_keyring = keyring; 192 return 0; 193 } 194 195 /* 196 * Make sure a process keyring is installed for the current process. The 197 * existing process keyring is not replaced. 198 * 199 * Returns 0 if there is a process keyring by the end of this function, some 200 * error otherwise. 201 */ 202 static int install_process_keyring(void) 203 { 204 struct cred *new; 205 int ret; 206 207 new = prepare_creds(); 208 if (!new) 209 return -ENOMEM; 210 211 ret = install_process_keyring_to_cred(new); 212 if (ret < 0) { 213 abort_creds(new); 214 return ret != -EEXIST ? ret : 0; 215 } 216 217 return commit_creds(new); 218 } 219 220 /* 221 * Install a session keyring directly to a credentials struct. 222 */ 223 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 224 { 225 unsigned long flags; 226 struct key *old; 227 228 might_sleep(); 229 230 /* create an empty session keyring */ 231 if (!keyring) { 232 flags = KEY_ALLOC_QUOTA_OVERRUN; 233 if (cred->session_keyring) 234 flags = KEY_ALLOC_IN_QUOTA; 235 236 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 237 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 238 flags, NULL, NULL); 239 if (IS_ERR(keyring)) 240 return PTR_ERR(keyring); 241 } else { 242 __key_get(keyring); 243 } 244 245 /* install the keyring */ 246 old = cred->session_keyring; 247 rcu_assign_pointer(cred->session_keyring, keyring); 248 249 if (old) 250 key_put(old); 251 252 return 0; 253 } 254 255 /* 256 * Install a session keyring, discarding the old one. If a keyring is not 257 * supplied, an empty one is invented. 258 */ 259 static int install_session_keyring(struct key *keyring) 260 { 261 struct cred *new; 262 int ret; 263 264 new = prepare_creds(); 265 if (!new) 266 return -ENOMEM; 267 268 ret = install_session_keyring_to_cred(new, keyring); 269 if (ret < 0) { 270 abort_creds(new); 271 return ret; 272 } 273 274 return commit_creds(new); 275 } 276 277 /* 278 * Handle the fsuid changing. 279 */ 280 void key_fsuid_changed(struct task_struct *tsk) 281 { 282 /* update the ownership of the thread keyring */ 283 BUG_ON(!tsk->cred); 284 if (tsk->cred->thread_keyring) { 285 down_write(&tsk->cred->thread_keyring->sem); 286 tsk->cred->thread_keyring->uid = tsk->cred->fsuid; 287 up_write(&tsk->cred->thread_keyring->sem); 288 } 289 } 290 291 /* 292 * Handle the fsgid changing. 293 */ 294 void key_fsgid_changed(struct task_struct *tsk) 295 { 296 /* update the ownership of the thread keyring */ 297 BUG_ON(!tsk->cred); 298 if (tsk->cred->thread_keyring) { 299 down_write(&tsk->cred->thread_keyring->sem); 300 tsk->cred->thread_keyring->gid = tsk->cred->fsgid; 301 up_write(&tsk->cred->thread_keyring->sem); 302 } 303 } 304 305 /* 306 * Search the process keyrings attached to the supplied cred for the first 307 * matching key. 308 * 309 * The search criteria are the type and the match function. The description is 310 * given to the match function as a parameter, but doesn't otherwise influence 311 * the search. Typically the match function will compare the description 312 * parameter to the key's description. 313 * 314 * This can only search keyrings that grant Search permission to the supplied 315 * credentials. Keyrings linked to searched keyrings will also be searched if 316 * they grant Search permission too. Keys can only be found if they grant 317 * Search permission to the credentials. 318 * 319 * Returns a pointer to the key with the key usage count incremented if 320 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 321 * matched negative keys. 322 * 323 * In the case of a successful return, the possession attribute is set on the 324 * returned key reference. 325 */ 326 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx) 327 { 328 key_ref_t key_ref, ret, err; 329 330 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 331 * searchable, but we failed to find a key or we found a negative key; 332 * otherwise we want to return a sample error (probably -EACCES) if 333 * none of the keyrings were searchable 334 * 335 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 336 */ 337 key_ref = NULL; 338 ret = NULL; 339 err = ERR_PTR(-EAGAIN); 340 341 /* search the thread keyring first */ 342 if (ctx->cred->thread_keyring) { 343 key_ref = keyring_search_aux( 344 make_key_ref(ctx->cred->thread_keyring, 1), ctx); 345 if (!IS_ERR(key_ref)) 346 goto found; 347 348 switch (PTR_ERR(key_ref)) { 349 case -EAGAIN: /* no key */ 350 case -ENOKEY: /* negative key */ 351 ret = key_ref; 352 break; 353 default: 354 err = key_ref; 355 break; 356 } 357 } 358 359 /* search the process keyring second */ 360 if (ctx->cred->process_keyring) { 361 key_ref = keyring_search_aux( 362 make_key_ref(ctx->cred->process_keyring, 1), ctx); 363 if (!IS_ERR(key_ref)) 364 goto found; 365 366 switch (PTR_ERR(key_ref)) { 367 case -EAGAIN: /* no key */ 368 if (ret) 369 break; 370 case -ENOKEY: /* negative key */ 371 ret = key_ref; 372 break; 373 default: 374 err = key_ref; 375 break; 376 } 377 } 378 379 /* search the session keyring */ 380 if (ctx->cred->session_keyring) { 381 rcu_read_lock(); 382 key_ref = keyring_search_aux( 383 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1), 384 ctx); 385 rcu_read_unlock(); 386 387 if (!IS_ERR(key_ref)) 388 goto found; 389 390 switch (PTR_ERR(key_ref)) { 391 case -EAGAIN: /* no key */ 392 if (ret) 393 break; 394 case -ENOKEY: /* negative key */ 395 ret = key_ref; 396 break; 397 default: 398 err = key_ref; 399 break; 400 } 401 } 402 /* or search the user-session keyring */ 403 else if (ctx->cred->user->session_keyring) { 404 key_ref = keyring_search_aux( 405 make_key_ref(ctx->cred->user->session_keyring, 1), 406 ctx); 407 if (!IS_ERR(key_ref)) 408 goto found; 409 410 switch (PTR_ERR(key_ref)) { 411 case -EAGAIN: /* no key */ 412 if (ret) 413 break; 414 case -ENOKEY: /* negative key */ 415 ret = key_ref; 416 break; 417 default: 418 err = key_ref; 419 break; 420 } 421 } 422 423 /* no key - decide on the error we're going to go for */ 424 key_ref = ret ? ret : err; 425 426 found: 427 return key_ref; 428 } 429 430 /* 431 * Search the process keyrings attached to the supplied cred for the first 432 * matching key in the manner of search_my_process_keyrings(), but also search 433 * the keys attached to the assumed authorisation key using its credentials if 434 * one is available. 435 * 436 * Return same as search_my_process_keyrings(). 437 */ 438 key_ref_t search_process_keyrings(struct keyring_search_context *ctx) 439 { 440 struct request_key_auth *rka; 441 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 442 443 might_sleep(); 444 445 key_ref = search_my_process_keyrings(ctx); 446 if (!IS_ERR(key_ref)) 447 goto found; 448 err = key_ref; 449 450 /* if this process has an instantiation authorisation key, then we also 451 * search the keyrings of the process mentioned there 452 * - we don't permit access to request_key auth keys via this method 453 */ 454 if (ctx->cred->request_key_auth && 455 ctx->cred == current_cred() && 456 ctx->index_key.type != &key_type_request_key_auth 457 ) { 458 const struct cred *cred = ctx->cred; 459 460 /* defend against the auth key being revoked */ 461 down_read(&cred->request_key_auth->sem); 462 463 if (key_validate(ctx->cred->request_key_auth) == 0) { 464 rka = ctx->cred->request_key_auth->payload.data[0]; 465 466 ctx->cred = rka->cred; 467 key_ref = search_process_keyrings(ctx); 468 ctx->cred = cred; 469 470 up_read(&cred->request_key_auth->sem); 471 472 if (!IS_ERR(key_ref)) 473 goto found; 474 475 ret = key_ref; 476 } else { 477 up_read(&cred->request_key_auth->sem); 478 } 479 } 480 481 /* no key - decide on the error we're going to go for */ 482 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 483 key_ref = ERR_PTR(-ENOKEY); 484 else if (err == ERR_PTR(-EACCES)) 485 key_ref = ret; 486 else 487 key_ref = err; 488 489 found: 490 return key_ref; 491 } 492 493 /* 494 * See if the key we're looking at is the target key. 495 */ 496 bool lookup_user_key_possessed(const struct key *key, 497 const struct key_match_data *match_data) 498 { 499 return key == match_data->raw_data; 500 } 501 502 /* 503 * Look up a key ID given us by userspace with a given permissions mask to get 504 * the key it refers to. 505 * 506 * Flags can be passed to request that special keyrings be created if referred 507 * to directly, to permit partially constructed keys to be found and to skip 508 * validity and permission checks on the found key. 509 * 510 * Returns a pointer to the key with an incremented usage count if successful; 511 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 512 * to a key or the best found key was a negative key; -EKEYREVOKED or 513 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 514 * found key doesn't grant the requested permit or the LSM denied access to it; 515 * or -ENOMEM if a special keyring couldn't be created. 516 * 517 * In the case of a successful return, the possession attribute is set on the 518 * returned key reference. 519 */ 520 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 521 key_perm_t perm) 522 { 523 struct keyring_search_context ctx = { 524 .match_data.cmp = lookup_user_key_possessed, 525 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 526 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 527 }; 528 struct request_key_auth *rka; 529 struct key *key; 530 key_ref_t key_ref, skey_ref; 531 int ret; 532 533 try_again: 534 ctx.cred = get_current_cred(); 535 key_ref = ERR_PTR(-ENOKEY); 536 537 switch (id) { 538 case KEY_SPEC_THREAD_KEYRING: 539 if (!ctx.cred->thread_keyring) { 540 if (!(lflags & KEY_LOOKUP_CREATE)) 541 goto error; 542 543 ret = install_thread_keyring(); 544 if (ret < 0) { 545 key_ref = ERR_PTR(ret); 546 goto error; 547 } 548 goto reget_creds; 549 } 550 551 key = ctx.cred->thread_keyring; 552 __key_get(key); 553 key_ref = make_key_ref(key, 1); 554 break; 555 556 case KEY_SPEC_PROCESS_KEYRING: 557 if (!ctx.cred->process_keyring) { 558 if (!(lflags & KEY_LOOKUP_CREATE)) 559 goto error; 560 561 ret = install_process_keyring(); 562 if (ret < 0) { 563 key_ref = ERR_PTR(ret); 564 goto error; 565 } 566 goto reget_creds; 567 } 568 569 key = ctx.cred->process_keyring; 570 __key_get(key); 571 key_ref = make_key_ref(key, 1); 572 break; 573 574 case KEY_SPEC_SESSION_KEYRING: 575 if (!ctx.cred->session_keyring) { 576 /* always install a session keyring upon access if one 577 * doesn't exist yet */ 578 ret = install_user_keyrings(); 579 if (ret < 0) 580 goto error; 581 if (lflags & KEY_LOOKUP_CREATE) 582 ret = join_session_keyring(NULL); 583 else 584 ret = install_session_keyring( 585 ctx.cred->user->session_keyring); 586 587 if (ret < 0) 588 goto error; 589 goto reget_creds; 590 } else if (ctx.cred->session_keyring == 591 ctx.cred->user->session_keyring && 592 lflags & KEY_LOOKUP_CREATE) { 593 ret = join_session_keyring(NULL); 594 if (ret < 0) 595 goto error; 596 goto reget_creds; 597 } 598 599 rcu_read_lock(); 600 key = rcu_dereference(ctx.cred->session_keyring); 601 __key_get(key); 602 rcu_read_unlock(); 603 key_ref = make_key_ref(key, 1); 604 break; 605 606 case KEY_SPEC_USER_KEYRING: 607 if (!ctx.cred->user->uid_keyring) { 608 ret = install_user_keyrings(); 609 if (ret < 0) 610 goto error; 611 } 612 613 key = ctx.cred->user->uid_keyring; 614 __key_get(key); 615 key_ref = make_key_ref(key, 1); 616 break; 617 618 case KEY_SPEC_USER_SESSION_KEYRING: 619 if (!ctx.cred->user->session_keyring) { 620 ret = install_user_keyrings(); 621 if (ret < 0) 622 goto error; 623 } 624 625 key = ctx.cred->user->session_keyring; 626 __key_get(key); 627 key_ref = make_key_ref(key, 1); 628 break; 629 630 case KEY_SPEC_GROUP_KEYRING: 631 /* group keyrings are not yet supported */ 632 key_ref = ERR_PTR(-EINVAL); 633 goto error; 634 635 case KEY_SPEC_REQKEY_AUTH_KEY: 636 key = ctx.cred->request_key_auth; 637 if (!key) 638 goto error; 639 640 __key_get(key); 641 key_ref = make_key_ref(key, 1); 642 break; 643 644 case KEY_SPEC_REQUESTOR_KEYRING: 645 if (!ctx.cred->request_key_auth) 646 goto error; 647 648 down_read(&ctx.cred->request_key_auth->sem); 649 if (test_bit(KEY_FLAG_REVOKED, 650 &ctx.cred->request_key_auth->flags)) { 651 key_ref = ERR_PTR(-EKEYREVOKED); 652 key = NULL; 653 } else { 654 rka = ctx.cred->request_key_auth->payload.data[0]; 655 key = rka->dest_keyring; 656 __key_get(key); 657 } 658 up_read(&ctx.cred->request_key_auth->sem); 659 if (!key) 660 goto error; 661 key_ref = make_key_ref(key, 1); 662 break; 663 664 default: 665 key_ref = ERR_PTR(-EINVAL); 666 if (id < 1) 667 goto error; 668 669 key = key_lookup(id); 670 if (IS_ERR(key)) { 671 key_ref = ERR_CAST(key); 672 goto error; 673 } 674 675 key_ref = make_key_ref(key, 0); 676 677 /* check to see if we possess the key */ 678 ctx.index_key.type = key->type; 679 ctx.index_key.description = key->description; 680 ctx.index_key.desc_len = strlen(key->description); 681 ctx.match_data.raw_data = key; 682 kdebug("check possessed"); 683 skey_ref = search_process_keyrings(&ctx); 684 kdebug("possessed=%p", skey_ref); 685 686 if (!IS_ERR(skey_ref)) { 687 key_put(key); 688 key_ref = skey_ref; 689 } 690 691 break; 692 } 693 694 /* unlink does not use the nominated key in any way, so can skip all 695 * the permission checks as it is only concerned with the keyring */ 696 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 697 ret = 0; 698 goto error; 699 } 700 701 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 702 ret = wait_for_key_construction(key, true); 703 switch (ret) { 704 case -ERESTARTSYS: 705 goto invalid_key; 706 default: 707 if (perm) 708 goto invalid_key; 709 case 0: 710 break; 711 } 712 } else if (perm) { 713 ret = key_validate(key); 714 if (ret < 0) 715 goto invalid_key; 716 } 717 718 ret = -EIO; 719 if (!(lflags & KEY_LOOKUP_PARTIAL) && 720 !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 721 goto invalid_key; 722 723 /* check the permissions */ 724 ret = key_task_permission(key_ref, ctx.cred, perm); 725 if (ret < 0) 726 goto invalid_key; 727 728 key->last_used_at = current_kernel_time().tv_sec; 729 730 error: 731 put_cred(ctx.cred); 732 return key_ref; 733 734 invalid_key: 735 key_ref_put(key_ref); 736 key_ref = ERR_PTR(ret); 737 goto error; 738 739 /* if we attempted to install a keyring, then it may have caused new 740 * creds to be installed */ 741 reget_creds: 742 put_cred(ctx.cred); 743 goto try_again; 744 } 745 746 /* 747 * Join the named keyring as the session keyring if possible else attempt to 748 * create a new one of that name and join that. 749 * 750 * If the name is NULL, an empty anonymous keyring will be installed as the 751 * session keyring. 752 * 753 * Named session keyrings are joined with a semaphore held to prevent the 754 * keyrings from going away whilst the attempt is made to going them and also 755 * to prevent a race in creating compatible session keyrings. 756 */ 757 long join_session_keyring(const char *name) 758 { 759 const struct cred *old; 760 struct cred *new; 761 struct key *keyring; 762 long ret, serial; 763 764 new = prepare_creds(); 765 if (!new) 766 return -ENOMEM; 767 old = current_cred(); 768 769 /* if no name is provided, install an anonymous keyring */ 770 if (!name) { 771 ret = install_session_keyring_to_cred(new, NULL); 772 if (ret < 0) 773 goto error; 774 775 serial = new->session_keyring->serial; 776 ret = commit_creds(new); 777 if (ret == 0) 778 ret = serial; 779 goto okay; 780 } 781 782 /* allow the user to join or create a named keyring */ 783 mutex_lock(&key_session_mutex); 784 785 /* look for an existing keyring of this name */ 786 keyring = find_keyring_by_name(name, false); 787 if (PTR_ERR(keyring) == -ENOKEY) { 788 /* not found - try and create a new one */ 789 keyring = keyring_alloc( 790 name, old->uid, old->gid, old, 791 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 792 KEY_ALLOC_IN_QUOTA, NULL, NULL); 793 if (IS_ERR(keyring)) { 794 ret = PTR_ERR(keyring); 795 goto error2; 796 } 797 } else if (IS_ERR(keyring)) { 798 ret = PTR_ERR(keyring); 799 goto error2; 800 } else if (keyring == new->session_keyring) { 801 key_put(keyring); 802 ret = 0; 803 goto error2; 804 } 805 806 /* we've got a keyring - now to install it */ 807 ret = install_session_keyring_to_cred(new, keyring); 808 if (ret < 0) 809 goto error2; 810 811 commit_creds(new); 812 mutex_unlock(&key_session_mutex); 813 814 ret = keyring->serial; 815 key_put(keyring); 816 okay: 817 return ret; 818 819 error2: 820 mutex_unlock(&key_session_mutex); 821 error: 822 abort_creds(new); 823 return ret; 824 } 825 826 /* 827 * Replace a process's session keyring on behalf of one of its children when 828 * the target process is about to resume userspace execution. 829 */ 830 void key_change_session_keyring(struct callback_head *twork) 831 { 832 const struct cred *old = current_cred(); 833 struct cred *new = container_of(twork, struct cred, rcu); 834 835 if (unlikely(current->flags & PF_EXITING)) { 836 put_cred(new); 837 return; 838 } 839 840 new-> uid = old-> uid; 841 new-> euid = old-> euid; 842 new-> suid = old-> suid; 843 new->fsuid = old->fsuid; 844 new-> gid = old-> gid; 845 new-> egid = old-> egid; 846 new-> sgid = old-> sgid; 847 new->fsgid = old->fsgid; 848 new->user = get_uid(old->user); 849 new->user_ns = get_user_ns(old->user_ns); 850 new->group_info = get_group_info(old->group_info); 851 852 new->securebits = old->securebits; 853 new->cap_inheritable = old->cap_inheritable; 854 new->cap_permitted = old->cap_permitted; 855 new->cap_effective = old->cap_effective; 856 new->cap_ambient = old->cap_ambient; 857 new->cap_bset = old->cap_bset; 858 859 new->jit_keyring = old->jit_keyring; 860 new->thread_keyring = key_get(old->thread_keyring); 861 new->process_keyring = key_get(old->process_keyring); 862 863 security_transfer_creds(new, old); 864 865 commit_creds(new); 866 } 867 868 /* 869 * Make sure that root's user and user-session keyrings exist. 870 */ 871 static int __init init_root_keyring(void) 872 { 873 return install_user_keyrings(); 874 } 875 876 late_initcall(init_root_keyring); 877