1 /* Manage a process's keyrings 2 * 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12 #include <linux/init.h> 13 #include <linux/sched.h> 14 #include <linux/sched/user.h> 15 #include <linux/keyctl.h> 16 #include <linux/fs.h> 17 #include <linux/err.h> 18 #include <linux/mutex.h> 19 #include <linux/security.h> 20 #include <linux/user_namespace.h> 21 #include <linux/uaccess.h> 22 #include <keys/request_key_auth-type.h> 23 #include "internal.h" 24 25 /* Session keyring create vs join semaphore */ 26 static DEFINE_MUTEX(key_session_mutex); 27 28 /* User keyring creation semaphore */ 29 static DEFINE_MUTEX(key_user_keyring_mutex); 30 31 /* The root user's tracking struct */ 32 struct key_user root_key_user = { 33 .usage = REFCOUNT_INIT(3), 34 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), 35 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 36 .nkeys = ATOMIC_INIT(2), 37 .nikeys = ATOMIC_INIT(2), 38 .uid = GLOBAL_ROOT_UID, 39 }; 40 41 /* 42 * Install the user and user session keyrings for the current process's UID. 43 */ 44 int install_user_keyrings(void) 45 { 46 struct user_struct *user; 47 const struct cred *cred; 48 struct key *uid_keyring, *session_keyring; 49 key_perm_t user_keyring_perm; 50 char buf[20]; 51 int ret; 52 uid_t uid; 53 54 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL; 55 cred = current_cred(); 56 user = cred->user; 57 uid = from_kuid(cred->user_ns, user->uid); 58 59 kenter("%p{%u}", user, uid); 60 61 if (user->uid_keyring && user->session_keyring) { 62 kleave(" = 0 [exist]"); 63 return 0; 64 } 65 66 mutex_lock(&key_user_keyring_mutex); 67 ret = 0; 68 69 if (!user->uid_keyring) { 70 /* get the UID-specific keyring 71 * - there may be one in existence already as it may have been 72 * pinned by a session, but the user_struct pointing to it 73 * may have been destroyed by setuid */ 74 sprintf(buf, "_uid.%u", uid); 75 76 uid_keyring = find_keyring_by_name(buf, true); 77 if (IS_ERR(uid_keyring)) { 78 uid_keyring = keyring_alloc(buf, user->uid, INVALID_GID, 79 cred, user_keyring_perm, 80 KEY_ALLOC_UID_KEYRING | 81 KEY_ALLOC_IN_QUOTA, 82 NULL, NULL); 83 if (IS_ERR(uid_keyring)) { 84 ret = PTR_ERR(uid_keyring); 85 goto error; 86 } 87 } 88 89 /* get a default session keyring (which might also exist 90 * already) */ 91 sprintf(buf, "_uid_ses.%u", uid); 92 93 session_keyring = find_keyring_by_name(buf, true); 94 if (IS_ERR(session_keyring)) { 95 session_keyring = 96 keyring_alloc(buf, user->uid, INVALID_GID, 97 cred, user_keyring_perm, 98 KEY_ALLOC_UID_KEYRING | 99 KEY_ALLOC_IN_QUOTA, 100 NULL, NULL); 101 if (IS_ERR(session_keyring)) { 102 ret = PTR_ERR(session_keyring); 103 goto error_release; 104 } 105 106 /* we install a link from the user session keyring to 107 * the user keyring */ 108 ret = key_link(session_keyring, uid_keyring); 109 if (ret < 0) 110 goto error_release_both; 111 } 112 113 /* install the keyrings */ 114 user->uid_keyring = uid_keyring; 115 user->session_keyring = session_keyring; 116 } 117 118 mutex_unlock(&key_user_keyring_mutex); 119 kleave(" = 0"); 120 return 0; 121 122 error_release_both: 123 key_put(session_keyring); 124 error_release: 125 key_put(uid_keyring); 126 error: 127 mutex_unlock(&key_user_keyring_mutex); 128 kleave(" = %d", ret); 129 return ret; 130 } 131 132 /* 133 * Install a thread keyring to the given credentials struct if it didn't have 134 * one already. This is allowed to overrun the quota. 135 * 136 * Return: 0 if a thread keyring is now present; -errno on failure. 137 */ 138 int install_thread_keyring_to_cred(struct cred *new) 139 { 140 struct key *keyring; 141 142 if (new->thread_keyring) 143 return 0; 144 145 keyring = keyring_alloc("_tid", new->uid, new->gid, new, 146 KEY_POS_ALL | KEY_USR_VIEW, 147 KEY_ALLOC_QUOTA_OVERRUN, 148 NULL, NULL); 149 if (IS_ERR(keyring)) 150 return PTR_ERR(keyring); 151 152 new->thread_keyring = keyring; 153 return 0; 154 } 155 156 /* 157 * Install a thread keyring to the current task if it didn't have one already. 158 * 159 * Return: 0 if a thread keyring is now present; -errno on failure. 160 */ 161 static int install_thread_keyring(void) 162 { 163 struct cred *new; 164 int ret; 165 166 new = prepare_creds(); 167 if (!new) 168 return -ENOMEM; 169 170 ret = install_thread_keyring_to_cred(new); 171 if (ret < 0) { 172 abort_creds(new); 173 return ret; 174 } 175 176 return commit_creds(new); 177 } 178 179 /* 180 * Install a process keyring to the given credentials struct if it didn't have 181 * one already. This is allowed to overrun the quota. 182 * 183 * Return: 0 if a process keyring is now present; -errno on failure. 184 */ 185 int install_process_keyring_to_cred(struct cred *new) 186 { 187 struct key *keyring; 188 189 if (new->process_keyring) 190 return 0; 191 192 keyring = keyring_alloc("_pid", new->uid, new->gid, new, 193 KEY_POS_ALL | KEY_USR_VIEW, 194 KEY_ALLOC_QUOTA_OVERRUN, 195 NULL, NULL); 196 if (IS_ERR(keyring)) 197 return PTR_ERR(keyring); 198 199 new->process_keyring = keyring; 200 return 0; 201 } 202 203 /* 204 * Install a process keyring to the current task if it didn't have one already. 205 * 206 * Return: 0 if a process keyring is now present; -errno on failure. 207 */ 208 static int install_process_keyring(void) 209 { 210 struct cred *new; 211 int ret; 212 213 new = prepare_creds(); 214 if (!new) 215 return -ENOMEM; 216 217 ret = install_process_keyring_to_cred(new); 218 if (ret < 0) { 219 abort_creds(new); 220 return ret; 221 } 222 223 return commit_creds(new); 224 } 225 226 /* 227 * Install the given keyring as the session keyring of the given credentials 228 * struct, replacing the existing one if any. If the given keyring is NULL, 229 * then install a new anonymous session keyring. 230 * 231 * Return: 0 on success; -errno on failure. 232 */ 233 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) 234 { 235 unsigned long flags; 236 struct key *old; 237 238 might_sleep(); 239 240 /* create an empty session keyring */ 241 if (!keyring) { 242 flags = KEY_ALLOC_QUOTA_OVERRUN; 243 if (cred->session_keyring) 244 flags = KEY_ALLOC_IN_QUOTA; 245 246 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred, 247 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, 248 flags, NULL, NULL); 249 if (IS_ERR(keyring)) 250 return PTR_ERR(keyring); 251 } else { 252 __key_get(keyring); 253 } 254 255 /* install the keyring */ 256 old = cred->session_keyring; 257 rcu_assign_pointer(cred->session_keyring, keyring); 258 259 if (old) 260 key_put(old); 261 262 return 0; 263 } 264 265 /* 266 * Install the given keyring as the session keyring of the current task, 267 * replacing the existing one if any. If the given keyring is NULL, then 268 * install a new anonymous session keyring. 269 * 270 * Return: 0 on success; -errno on failure. 271 */ 272 static int install_session_keyring(struct key *keyring) 273 { 274 struct cred *new; 275 int ret; 276 277 new = prepare_creds(); 278 if (!new) 279 return -ENOMEM; 280 281 ret = install_session_keyring_to_cred(new, keyring); 282 if (ret < 0) { 283 abort_creds(new); 284 return ret; 285 } 286 287 return commit_creds(new); 288 } 289 290 /* 291 * Handle the fsuid changing. 292 */ 293 void key_fsuid_changed(struct task_struct *tsk) 294 { 295 /* update the ownership of the thread keyring */ 296 BUG_ON(!tsk->cred); 297 if (tsk->cred->thread_keyring) { 298 down_write(&tsk->cred->thread_keyring->sem); 299 tsk->cred->thread_keyring->uid = tsk->cred->fsuid; 300 up_write(&tsk->cred->thread_keyring->sem); 301 } 302 } 303 304 /* 305 * Handle the fsgid changing. 306 */ 307 void key_fsgid_changed(struct task_struct *tsk) 308 { 309 /* update the ownership of the thread keyring */ 310 BUG_ON(!tsk->cred); 311 if (tsk->cred->thread_keyring) { 312 down_write(&tsk->cred->thread_keyring->sem); 313 tsk->cred->thread_keyring->gid = tsk->cred->fsgid; 314 up_write(&tsk->cred->thread_keyring->sem); 315 } 316 } 317 318 /* 319 * Search the process keyrings attached to the supplied cred for the first 320 * matching key. 321 * 322 * The search criteria are the type and the match function. The description is 323 * given to the match function as a parameter, but doesn't otherwise influence 324 * the search. Typically the match function will compare the description 325 * parameter to the key's description. 326 * 327 * This can only search keyrings that grant Search permission to the supplied 328 * credentials. Keyrings linked to searched keyrings will also be searched if 329 * they grant Search permission too. Keys can only be found if they grant 330 * Search permission to the credentials. 331 * 332 * Returns a pointer to the key with the key usage count incremented if 333 * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only 334 * matched negative keys. 335 * 336 * In the case of a successful return, the possession attribute is set on the 337 * returned key reference. 338 */ 339 key_ref_t search_my_process_keyrings(struct keyring_search_context *ctx) 340 { 341 key_ref_t key_ref, ret, err; 342 343 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 344 * searchable, but we failed to find a key or we found a negative key; 345 * otherwise we want to return a sample error (probably -EACCES) if 346 * none of the keyrings were searchable 347 * 348 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 349 */ 350 key_ref = NULL; 351 ret = NULL; 352 err = ERR_PTR(-EAGAIN); 353 354 /* search the thread keyring first */ 355 if (ctx->cred->thread_keyring) { 356 key_ref = keyring_search_aux( 357 make_key_ref(ctx->cred->thread_keyring, 1), ctx); 358 if (!IS_ERR(key_ref)) 359 goto found; 360 361 switch (PTR_ERR(key_ref)) { 362 case -EAGAIN: /* no key */ 363 case -ENOKEY: /* negative key */ 364 ret = key_ref; 365 break; 366 default: 367 err = key_ref; 368 break; 369 } 370 } 371 372 /* search the process keyring second */ 373 if (ctx->cred->process_keyring) { 374 key_ref = keyring_search_aux( 375 make_key_ref(ctx->cred->process_keyring, 1), ctx); 376 if (!IS_ERR(key_ref)) 377 goto found; 378 379 switch (PTR_ERR(key_ref)) { 380 case -EAGAIN: /* no key */ 381 if (ret) 382 break; 383 /* fall through */ 384 case -ENOKEY: /* negative key */ 385 ret = key_ref; 386 break; 387 default: 388 err = key_ref; 389 break; 390 } 391 } 392 393 /* search the session keyring */ 394 if (ctx->cred->session_keyring) { 395 rcu_read_lock(); 396 key_ref = keyring_search_aux( 397 make_key_ref(rcu_dereference(ctx->cred->session_keyring), 1), 398 ctx); 399 rcu_read_unlock(); 400 401 if (!IS_ERR(key_ref)) 402 goto found; 403 404 switch (PTR_ERR(key_ref)) { 405 case -EAGAIN: /* no key */ 406 if (ret) 407 break; 408 /* fall through */ 409 case -ENOKEY: /* negative key */ 410 ret = key_ref; 411 break; 412 default: 413 err = key_ref; 414 break; 415 } 416 } 417 /* or search the user-session keyring */ 418 else if (ctx->cred->user->session_keyring) { 419 key_ref = keyring_search_aux( 420 make_key_ref(ctx->cred->user->session_keyring, 1), 421 ctx); 422 if (!IS_ERR(key_ref)) 423 goto found; 424 425 switch (PTR_ERR(key_ref)) { 426 case -EAGAIN: /* no key */ 427 if (ret) 428 break; 429 /* fall through */ 430 case -ENOKEY: /* negative key */ 431 ret = key_ref; 432 break; 433 default: 434 err = key_ref; 435 break; 436 } 437 } 438 439 /* no key - decide on the error we're going to go for */ 440 key_ref = ret ? ret : err; 441 442 found: 443 return key_ref; 444 } 445 446 /* 447 * Search the process keyrings attached to the supplied cred for the first 448 * matching key in the manner of search_my_process_keyrings(), but also search 449 * the keys attached to the assumed authorisation key using its credentials if 450 * one is available. 451 * 452 * Return same as search_my_process_keyrings(). 453 */ 454 key_ref_t search_process_keyrings(struct keyring_search_context *ctx) 455 { 456 struct request_key_auth *rka; 457 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; 458 459 might_sleep(); 460 461 key_ref = search_my_process_keyrings(ctx); 462 if (!IS_ERR(key_ref)) 463 goto found; 464 err = key_ref; 465 466 /* if this process has an instantiation authorisation key, then we also 467 * search the keyrings of the process mentioned there 468 * - we don't permit access to request_key auth keys via this method 469 */ 470 if (ctx->cred->request_key_auth && 471 ctx->cred == current_cred() && 472 ctx->index_key.type != &key_type_request_key_auth 473 ) { 474 const struct cred *cred = ctx->cred; 475 476 /* defend against the auth key being revoked */ 477 down_read(&cred->request_key_auth->sem); 478 479 if (key_validate(ctx->cred->request_key_auth) == 0) { 480 rka = ctx->cred->request_key_auth->payload.data[0]; 481 482 ctx->cred = rka->cred; 483 key_ref = search_process_keyrings(ctx); 484 ctx->cred = cred; 485 486 up_read(&cred->request_key_auth->sem); 487 488 if (!IS_ERR(key_ref)) 489 goto found; 490 491 ret = key_ref; 492 } else { 493 up_read(&cred->request_key_auth->sem); 494 } 495 } 496 497 /* no key - decide on the error we're going to go for */ 498 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) 499 key_ref = ERR_PTR(-ENOKEY); 500 else if (err == ERR_PTR(-EACCES)) 501 key_ref = ret; 502 else 503 key_ref = err; 504 505 found: 506 return key_ref; 507 } 508 509 /* 510 * See if the key we're looking at is the target key. 511 */ 512 bool lookup_user_key_possessed(const struct key *key, 513 const struct key_match_data *match_data) 514 { 515 return key == match_data->raw_data; 516 } 517 518 /* 519 * Look up a key ID given us by userspace with a given permissions mask to get 520 * the key it refers to. 521 * 522 * Flags can be passed to request that special keyrings be created if referred 523 * to directly, to permit partially constructed keys to be found and to skip 524 * validity and permission checks on the found key. 525 * 526 * Returns a pointer to the key with an incremented usage count if successful; 527 * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond 528 * to a key or the best found key was a negative key; -EKEYREVOKED or 529 * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the 530 * found key doesn't grant the requested permit or the LSM denied access to it; 531 * or -ENOMEM if a special keyring couldn't be created. 532 * 533 * In the case of a successful return, the possession attribute is set on the 534 * returned key reference. 535 */ 536 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, 537 key_perm_t perm) 538 { 539 struct keyring_search_context ctx = { 540 .match_data.cmp = lookup_user_key_possessed, 541 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 542 .flags = KEYRING_SEARCH_NO_STATE_CHECK, 543 }; 544 struct request_key_auth *rka; 545 struct key *key; 546 key_ref_t key_ref, skey_ref; 547 int ret; 548 549 try_again: 550 ctx.cred = get_current_cred(); 551 key_ref = ERR_PTR(-ENOKEY); 552 553 switch (id) { 554 case KEY_SPEC_THREAD_KEYRING: 555 if (!ctx.cred->thread_keyring) { 556 if (!(lflags & KEY_LOOKUP_CREATE)) 557 goto error; 558 559 ret = install_thread_keyring(); 560 if (ret < 0) { 561 key_ref = ERR_PTR(ret); 562 goto error; 563 } 564 goto reget_creds; 565 } 566 567 key = ctx.cred->thread_keyring; 568 __key_get(key); 569 key_ref = make_key_ref(key, 1); 570 break; 571 572 case KEY_SPEC_PROCESS_KEYRING: 573 if (!ctx.cred->process_keyring) { 574 if (!(lflags & KEY_LOOKUP_CREATE)) 575 goto error; 576 577 ret = install_process_keyring(); 578 if (ret < 0) { 579 key_ref = ERR_PTR(ret); 580 goto error; 581 } 582 goto reget_creds; 583 } 584 585 key = ctx.cred->process_keyring; 586 __key_get(key); 587 key_ref = make_key_ref(key, 1); 588 break; 589 590 case KEY_SPEC_SESSION_KEYRING: 591 if (!ctx.cred->session_keyring) { 592 /* always install a session keyring upon access if one 593 * doesn't exist yet */ 594 ret = install_user_keyrings(); 595 if (ret < 0) 596 goto error; 597 if (lflags & KEY_LOOKUP_CREATE) 598 ret = join_session_keyring(NULL); 599 else 600 ret = install_session_keyring( 601 ctx.cred->user->session_keyring); 602 603 if (ret < 0) 604 goto error; 605 goto reget_creds; 606 } else if (ctx.cred->session_keyring == 607 ctx.cred->user->session_keyring && 608 lflags & KEY_LOOKUP_CREATE) { 609 ret = join_session_keyring(NULL); 610 if (ret < 0) 611 goto error; 612 goto reget_creds; 613 } 614 615 rcu_read_lock(); 616 key = rcu_dereference(ctx.cred->session_keyring); 617 __key_get(key); 618 rcu_read_unlock(); 619 key_ref = make_key_ref(key, 1); 620 break; 621 622 case KEY_SPEC_USER_KEYRING: 623 if (!ctx.cred->user->uid_keyring) { 624 ret = install_user_keyrings(); 625 if (ret < 0) 626 goto error; 627 } 628 629 key = ctx.cred->user->uid_keyring; 630 __key_get(key); 631 key_ref = make_key_ref(key, 1); 632 break; 633 634 case KEY_SPEC_USER_SESSION_KEYRING: 635 if (!ctx.cred->user->session_keyring) { 636 ret = install_user_keyrings(); 637 if (ret < 0) 638 goto error; 639 } 640 641 key = ctx.cred->user->session_keyring; 642 __key_get(key); 643 key_ref = make_key_ref(key, 1); 644 break; 645 646 case KEY_SPEC_GROUP_KEYRING: 647 /* group keyrings are not yet supported */ 648 key_ref = ERR_PTR(-EINVAL); 649 goto error; 650 651 case KEY_SPEC_REQKEY_AUTH_KEY: 652 key = ctx.cred->request_key_auth; 653 if (!key) 654 goto error; 655 656 __key_get(key); 657 key_ref = make_key_ref(key, 1); 658 break; 659 660 case KEY_SPEC_REQUESTOR_KEYRING: 661 if (!ctx.cred->request_key_auth) 662 goto error; 663 664 down_read(&ctx.cred->request_key_auth->sem); 665 if (test_bit(KEY_FLAG_REVOKED, 666 &ctx.cred->request_key_auth->flags)) { 667 key_ref = ERR_PTR(-EKEYREVOKED); 668 key = NULL; 669 } else { 670 rka = ctx.cred->request_key_auth->payload.data[0]; 671 key = rka->dest_keyring; 672 __key_get(key); 673 } 674 up_read(&ctx.cred->request_key_auth->sem); 675 if (!key) 676 goto error; 677 key_ref = make_key_ref(key, 1); 678 break; 679 680 default: 681 key_ref = ERR_PTR(-EINVAL); 682 if (id < 1) 683 goto error; 684 685 key = key_lookup(id); 686 if (IS_ERR(key)) { 687 key_ref = ERR_CAST(key); 688 goto error; 689 } 690 691 key_ref = make_key_ref(key, 0); 692 693 /* check to see if we possess the key */ 694 ctx.index_key.type = key->type; 695 ctx.index_key.description = key->description; 696 ctx.index_key.desc_len = strlen(key->description); 697 ctx.match_data.raw_data = key; 698 kdebug("check possessed"); 699 skey_ref = search_process_keyrings(&ctx); 700 kdebug("possessed=%p", skey_ref); 701 702 if (!IS_ERR(skey_ref)) { 703 key_put(key); 704 key_ref = skey_ref; 705 } 706 707 break; 708 } 709 710 /* unlink does not use the nominated key in any way, so can skip all 711 * the permission checks as it is only concerned with the keyring */ 712 if (lflags & KEY_LOOKUP_FOR_UNLINK) { 713 ret = 0; 714 goto error; 715 } 716 717 if (!(lflags & KEY_LOOKUP_PARTIAL)) { 718 ret = wait_for_key_construction(key, true); 719 switch (ret) { 720 case -ERESTARTSYS: 721 goto invalid_key; 722 default: 723 if (perm) 724 goto invalid_key; 725 case 0: 726 break; 727 } 728 } else if (perm) { 729 ret = key_validate(key); 730 if (ret < 0) 731 goto invalid_key; 732 } 733 734 ret = -EIO; 735 if (!(lflags & KEY_LOOKUP_PARTIAL) && 736 key_read_state(key) == KEY_IS_UNINSTANTIATED) 737 goto invalid_key; 738 739 /* check the permissions */ 740 ret = key_task_permission(key_ref, ctx.cred, perm); 741 if (ret < 0) 742 goto invalid_key; 743 744 key->last_used_at = ktime_get_real_seconds(); 745 746 error: 747 put_cred(ctx.cred); 748 return key_ref; 749 750 invalid_key: 751 key_ref_put(key_ref); 752 key_ref = ERR_PTR(ret); 753 goto error; 754 755 /* if we attempted to install a keyring, then it may have caused new 756 * creds to be installed */ 757 reget_creds: 758 put_cred(ctx.cred); 759 goto try_again; 760 } 761 EXPORT_SYMBOL(lookup_user_key); 762 763 /* 764 * Join the named keyring as the session keyring if possible else attempt to 765 * create a new one of that name and join that. 766 * 767 * If the name is NULL, an empty anonymous keyring will be installed as the 768 * session keyring. 769 * 770 * Named session keyrings are joined with a semaphore held to prevent the 771 * keyrings from going away whilst the attempt is made to going them and also 772 * to prevent a race in creating compatible session keyrings. 773 */ 774 long join_session_keyring(const char *name) 775 { 776 const struct cred *old; 777 struct cred *new; 778 struct key *keyring; 779 long ret, serial; 780 781 new = prepare_creds(); 782 if (!new) 783 return -ENOMEM; 784 old = current_cred(); 785 786 /* if no name is provided, install an anonymous keyring */ 787 if (!name) { 788 ret = install_session_keyring_to_cred(new, NULL); 789 if (ret < 0) 790 goto error; 791 792 serial = new->session_keyring->serial; 793 ret = commit_creds(new); 794 if (ret == 0) 795 ret = serial; 796 goto okay; 797 } 798 799 /* allow the user to join or create a named keyring */ 800 mutex_lock(&key_session_mutex); 801 802 /* look for an existing keyring of this name */ 803 keyring = find_keyring_by_name(name, false); 804 if (PTR_ERR(keyring) == -ENOKEY) { 805 /* not found - try and create a new one */ 806 keyring = keyring_alloc( 807 name, old->uid, old->gid, old, 808 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK, 809 KEY_ALLOC_IN_QUOTA, NULL, NULL); 810 if (IS_ERR(keyring)) { 811 ret = PTR_ERR(keyring); 812 goto error2; 813 } 814 } else if (IS_ERR(keyring)) { 815 ret = PTR_ERR(keyring); 816 goto error2; 817 } else if (keyring == new->session_keyring) { 818 ret = 0; 819 goto error3; 820 } 821 822 /* we've got a keyring - now to install it */ 823 ret = install_session_keyring_to_cred(new, keyring); 824 if (ret < 0) 825 goto error3; 826 827 commit_creds(new); 828 mutex_unlock(&key_session_mutex); 829 830 ret = keyring->serial; 831 key_put(keyring); 832 okay: 833 return ret; 834 835 error3: 836 key_put(keyring); 837 error2: 838 mutex_unlock(&key_session_mutex); 839 error: 840 abort_creds(new); 841 return ret; 842 } 843 844 /* 845 * Replace a process's session keyring on behalf of one of its children when 846 * the target process is about to resume userspace execution. 847 */ 848 void key_change_session_keyring(struct callback_head *twork) 849 { 850 const struct cred *old = current_cred(); 851 struct cred *new = container_of(twork, struct cred, rcu); 852 853 if (unlikely(current->flags & PF_EXITING)) { 854 put_cred(new); 855 return; 856 } 857 858 new-> uid = old-> uid; 859 new-> euid = old-> euid; 860 new-> suid = old-> suid; 861 new->fsuid = old->fsuid; 862 new-> gid = old-> gid; 863 new-> egid = old-> egid; 864 new-> sgid = old-> sgid; 865 new->fsgid = old->fsgid; 866 new->user = get_uid(old->user); 867 new->user_ns = get_user_ns(old->user_ns); 868 new->group_info = get_group_info(old->group_info); 869 870 new->securebits = old->securebits; 871 new->cap_inheritable = old->cap_inheritable; 872 new->cap_permitted = old->cap_permitted; 873 new->cap_effective = old->cap_effective; 874 new->cap_ambient = old->cap_ambient; 875 new->cap_bset = old->cap_bset; 876 877 new->jit_keyring = old->jit_keyring; 878 new->thread_keyring = key_get(old->thread_keyring); 879 new->process_keyring = key_get(old->process_keyring); 880 881 security_transfer_creds(new, old); 882 883 commit_creds(new); 884 } 885 886 /* 887 * Make sure that root's user and user-session keyrings exist. 888 */ 889 static int __init init_root_keyring(void) 890 { 891 return install_user_keyrings(); 892 } 893 894 late_initcall(init_root_keyring); 895