1 /* Management of a process's keyrings
3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
12 #include <linux/module.h>
13 #include <linux/init.h>
14 #include <linux/sched.h>
15 #include <linux/slab.h>
16 #include <linux/keyctl.h>
18 #include <linux/err.h>
19 #include <linux/mutex.h>
20 #include <asm/uaccess.h>
23 /* session keyring create vs join semaphore */
24 static DEFINE_MUTEX(key_session_mutex);
26 /* user keyring creation semaphore */
27 static DEFINE_MUTEX(key_user_keyring_mutex);
29 /* the root user's tracking struct */
30 struct key_user root_key_user = {
31 .usage = ATOMIC_INIT(3),
32 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
33 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
34 .nkeys = ATOMIC_INIT(2),
35 .nikeys = ATOMIC_INIT(2),
39 /*****************************************************************************/
41 * install user and user session keyrings for a particular UID
43 static int install_user_keyrings(struct task_struct *tsk)
45 struct user_struct *user = tsk->user;
46 struct key *uid_keyring, *session_keyring;
50 kenter("%p{%u}", user, user->uid);
52 if (user->uid_keyring) {
53 kleave(" = 0 [exist]");
57 mutex_lock(&key_user_keyring_mutex);
60 if (!user->uid_keyring) {
61 /* get the UID-specific keyring
62 * - there may be one in existence already as it may have been
63 * pinned by a session, but the user_struct pointing to it
64 * may have been destroyed by setuid */
65 sprintf(buf, "_uid.%u", user->uid);
67 uid_keyring = find_keyring_by_name(buf, true);
68 if (IS_ERR(uid_keyring)) {
69 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1,
70 tsk, KEY_ALLOC_IN_QUOTA,
72 if (IS_ERR(uid_keyring)) {
73 ret = PTR_ERR(uid_keyring);
78 /* get a default session keyring (which might also exist
80 sprintf(buf, "_uid_ses.%u", user->uid);
82 session_keyring = find_keyring_by_name(buf, true);
83 if (IS_ERR(session_keyring)) {
85 keyring_alloc(buf, user->uid, (gid_t) -1,
86 tsk, KEY_ALLOC_IN_QUOTA, NULL);
87 if (IS_ERR(session_keyring)) {
88 ret = PTR_ERR(session_keyring);
92 /* we install a link from the user session keyring to
94 ret = key_link(session_keyring, uid_keyring);
96 goto error_release_both;
99 /* install the keyrings */
100 user->uid_keyring = uid_keyring;
101 user->session_keyring = session_keyring;
104 mutex_unlock(&key_user_keyring_mutex);
109 key_put(session_keyring);
111 key_put(uid_keyring);
113 mutex_unlock(&key_user_keyring_mutex);
114 kleave(" = %d", ret);
118 /*****************************************************************************/
120 * deal with the UID changing
122 void switch_uid_keyring(struct user_struct *new_user)
124 #if 0 /* do nothing for now */
127 /* switch to the new user's session keyring if we were running under
128 * root's default session keyring */
129 if (new_user->uid != 0 &&
130 current->session_keyring == &root_session_keyring
132 atomic_inc(&new_user->session_keyring->usage);
135 old = current->session_keyring;
136 current->session_keyring = new_user->session_keyring;
137 task_unlock(current);
143 } /* end switch_uid_keyring() */
145 /*****************************************************************************/
147 * install a fresh thread keyring, discarding the old one
149 int install_thread_keyring(struct task_struct *tsk)
151 struct key *keyring, *old;
155 sprintf(buf, "_tid.%u", tsk->pid);
157 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
158 KEY_ALLOC_QUOTA_OVERRUN, NULL);
159 if (IS_ERR(keyring)) {
160 ret = PTR_ERR(keyring);
165 old = tsk->thread_keyring;
166 tsk->thread_keyring = keyring;
175 } /* end install_thread_keyring() */
177 /*****************************************************************************/
179 * make sure a process keyring is installed
181 int install_process_keyring(struct task_struct *tsk)
189 if (!tsk->signal->process_keyring) {
190 sprintf(buf, "_pid.%u", tsk->tgid);
192 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
193 KEY_ALLOC_QUOTA_OVERRUN, NULL);
194 if (IS_ERR(keyring)) {
195 ret = PTR_ERR(keyring);
200 spin_lock_irq(&tsk->sighand->siglock);
201 if (!tsk->signal->process_keyring) {
202 tsk->signal->process_keyring = keyring;
205 spin_unlock_irq(&tsk->sighand->siglock);
214 } /* end install_process_keyring() */
216 /*****************************************************************************/
218 * install a session keyring, discarding the old one
219 * - if a keyring is not supplied, an empty one is invented
221 static int install_session_keyring(struct task_struct *tsk,
230 /* create an empty session keyring */
232 sprintf(buf, "_ses.%u", tsk->tgid);
234 flags = KEY_ALLOC_QUOTA_OVERRUN;
235 if (tsk->signal->session_keyring)
236 flags = KEY_ALLOC_IN_QUOTA;
238 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
241 return PTR_ERR(keyring);
244 atomic_inc(&keyring->usage);
247 /* install the keyring */
248 spin_lock_irq(&tsk->sighand->siglock);
249 old = tsk->signal->session_keyring;
250 rcu_assign_pointer(tsk->signal->session_keyring, keyring);
251 spin_unlock_irq(&tsk->sighand->siglock);
253 /* we're using RCU on the pointer, but there's no point synchronising
254 * on it if it didn't previously point to anything */
262 } /* end install_session_keyring() */
264 /*****************************************************************************/
266 * copy the keys in a thread group for fork without CLONE_THREAD
268 int copy_thread_group_keys(struct task_struct *tsk)
270 key_check(current->thread_group->session_keyring);
271 key_check(current->thread_group->process_keyring);
273 /* no process keyring yet */
274 tsk->signal->process_keyring = NULL;
276 /* same session keyring */
278 tsk->signal->session_keyring =
279 key_get(rcu_dereference(current->signal->session_keyring));
284 } /* end copy_thread_group_keys() */
286 /*****************************************************************************/
288 * copy the keys for fork
290 int copy_keys(unsigned long clone_flags, struct task_struct *tsk)
292 key_check(tsk->thread_keyring);
293 key_check(tsk->request_key_auth);
295 /* no thread keyring yet */
296 tsk->thread_keyring = NULL;
298 /* copy the request_key() authorisation for this thread */
299 key_get(tsk->request_key_auth);
303 } /* end copy_keys() */
305 /*****************************************************************************/
307 * dispose of thread group keys upon thread group destruction
309 void exit_thread_group_keys(struct signal_struct *tg)
311 key_put(tg->session_keyring);
312 key_put(tg->process_keyring);
314 } /* end exit_thread_group_keys() */
316 /*****************************************************************************/
318 * dispose of per-thread keys upon thread exit
320 void exit_keys(struct task_struct *tsk)
322 key_put(tsk->thread_keyring);
323 key_put(tsk->request_key_auth);
325 } /* end exit_keys() */
327 /*****************************************************************************/
331 int exec_keys(struct task_struct *tsk)
335 /* newly exec'd tasks don't get a thread keyring */
337 old = tsk->thread_keyring;
338 tsk->thread_keyring = NULL;
343 /* discard the process keyring from a newly exec'd task */
344 spin_lock_irq(&tsk->sighand->siglock);
345 old = tsk->signal->process_keyring;
346 tsk->signal->process_keyring = NULL;
347 spin_unlock_irq(&tsk->sighand->siglock);
353 } /* end exec_keys() */
355 /*****************************************************************************/
357 * deal with SUID programs
358 * - we might want to make this invent a new session keyring
360 int suid_keys(struct task_struct *tsk)
364 } /* end suid_keys() */
366 /*****************************************************************************/
368 * the filesystem user ID changed
370 void key_fsuid_changed(struct task_struct *tsk)
372 /* update the ownership of the thread keyring */
373 if (tsk->thread_keyring) {
374 down_write(&tsk->thread_keyring->sem);
375 tsk->thread_keyring->uid = tsk->fsuid;
376 up_write(&tsk->thread_keyring->sem);
379 } /* end key_fsuid_changed() */
381 /*****************************************************************************/
383 * the filesystem group ID changed
385 void key_fsgid_changed(struct task_struct *tsk)
387 /* update the ownership of the thread keyring */
388 if (tsk->thread_keyring) {
389 down_write(&tsk->thread_keyring->sem);
390 tsk->thread_keyring->gid = tsk->fsgid;
391 up_write(&tsk->thread_keyring->sem);
394 } /* end key_fsgid_changed() */
396 /*****************************************************************************/
398 * search the process keyrings for the first matching key
399 * - we use the supplied match function to see if the description (or other
400 * feature of interest) matches
401 * - we return -EAGAIN if we didn't find any matching key
402 * - we return -ENOKEY if we found only negative matching keys
404 key_ref_t search_process_keyrings(struct key_type *type,
405 const void *description,
406 key_match_func_t match,
407 struct task_struct *context)
409 struct request_key_auth *rka;
410 key_ref_t key_ref, ret, err;
414 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
415 * searchable, but we failed to find a key or we found a negative key;
416 * otherwise we want to return a sample error (probably -EACCES) if
417 * none of the keyrings were searchable
419 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
423 err = ERR_PTR(-EAGAIN);
425 /* search the thread keyring first */
426 if (context->thread_keyring) {
427 key_ref = keyring_search_aux(
428 make_key_ref(context->thread_keyring, 1),
429 context, type, description, match);
430 if (!IS_ERR(key_ref))
433 switch (PTR_ERR(key_ref)) {
434 case -EAGAIN: /* no key */
437 case -ENOKEY: /* negative key */
446 /* search the process keyring second */
447 if (context->signal->process_keyring) {
448 key_ref = keyring_search_aux(
449 make_key_ref(context->signal->process_keyring, 1),
450 context, type, description, match);
451 if (!IS_ERR(key_ref))
454 switch (PTR_ERR(key_ref)) {
455 case -EAGAIN: /* no key */
458 case -ENOKEY: /* negative key */
467 /* search the session keyring */
468 if (context->signal->session_keyring) {
470 key_ref = keyring_search_aux(
471 make_key_ref(rcu_dereference(
472 context->signal->session_keyring),
474 context, type, description, match);
477 if (!IS_ERR(key_ref))
480 switch (PTR_ERR(key_ref)) {
481 case -EAGAIN: /* no key */
484 case -ENOKEY: /* negative key */
492 /* or search the user-session keyring */
493 else if (context->user->session_keyring) {
494 key_ref = keyring_search_aux(
495 make_key_ref(context->user->session_keyring, 1),
496 context, type, description, match);
497 if (!IS_ERR(key_ref))
500 switch (PTR_ERR(key_ref)) {
501 case -EAGAIN: /* no key */
504 case -ENOKEY: /* negative key */
513 /* if this process has an instantiation authorisation key, then we also
514 * search the keyrings of the process mentioned there
515 * - we don't permit access to request_key auth keys via this method
517 if (context->request_key_auth &&
518 context == current &&
519 type != &key_type_request_key_auth
521 /* defend against the auth key being revoked */
522 down_read(&context->request_key_auth->sem);
524 if (key_validate(context->request_key_auth) == 0) {
525 rka = context->request_key_auth->payload.data;
527 key_ref = search_process_keyrings(type, description,
528 match, rka->context);
530 up_read(&context->request_key_auth->sem);
532 if (!IS_ERR(key_ref))
535 switch (PTR_ERR(key_ref)) {
536 case -EAGAIN: /* no key */
539 case -ENOKEY: /* negative key */
547 up_read(&context->request_key_auth->sem);
551 /* no key - decide on the error we're going to go for */
552 key_ref = ret ? ret : err;
557 } /* end search_process_keyrings() */
559 /*****************************************************************************/
561 * see if the key we're looking at is the target key
563 static int lookup_user_key_possessed(const struct key *key, const void *target)
565 return key == target;
567 } /* end lookup_user_key_possessed() */
569 /*****************************************************************************/
571 * lookup a key given a key ID from userspace with a given permissions mask
572 * - don't create special keyrings unless so requested
573 * - partially constructed keys aren't found unless requested
575 key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
576 int create, int partial, key_perm_t perm)
578 key_ref_t key_ref, skey_ref;
585 key_ref = ERR_PTR(-ENOKEY);
588 case KEY_SPEC_THREAD_KEYRING:
589 if (!context->thread_keyring) {
593 ret = install_thread_keyring(context);
600 key = context->thread_keyring;
601 atomic_inc(&key->usage);
602 key_ref = make_key_ref(key, 1);
605 case KEY_SPEC_PROCESS_KEYRING:
606 if (!context->signal->process_keyring) {
610 ret = install_process_keyring(context);
617 key = context->signal->process_keyring;
618 atomic_inc(&key->usage);
619 key_ref = make_key_ref(key, 1);
622 case KEY_SPEC_SESSION_KEYRING:
623 if (!context->signal->session_keyring) {
624 /* always install a session keyring upon access if one
625 * doesn't exist yet */
626 ret = install_user_keyrings(context);
629 ret = install_session_keyring(
630 context, context->user->session_keyring);
636 key = rcu_dereference(context->signal->session_keyring);
637 atomic_inc(&key->usage);
639 key_ref = make_key_ref(key, 1);
642 case KEY_SPEC_USER_KEYRING:
643 if (!context->user->uid_keyring) {
644 ret = install_user_keyrings(context);
649 key = context->user->uid_keyring;
650 atomic_inc(&key->usage);
651 key_ref = make_key_ref(key, 1);
654 case KEY_SPEC_USER_SESSION_KEYRING:
655 if (!context->user->session_keyring) {
656 ret = install_user_keyrings(context);
661 key = context->user->session_keyring;
662 atomic_inc(&key->usage);
663 key_ref = make_key_ref(key, 1);
666 case KEY_SPEC_GROUP_KEYRING:
667 /* group keyrings are not yet supported */
668 key = ERR_PTR(-EINVAL);
671 case KEY_SPEC_REQKEY_AUTH_KEY:
672 key = context->request_key_auth;
676 atomic_inc(&key->usage);
677 key_ref = make_key_ref(key, 1);
681 key_ref = ERR_PTR(-EINVAL);
685 key = key_lookup(id);
687 key_ref = ERR_CAST(key);
691 key_ref = make_key_ref(key, 0);
693 /* check to see if we possess the key */
694 skey_ref = search_process_keyrings(key->type, key,
695 lookup_user_key_possessed,
698 if (!IS_ERR(skey_ref)) {
707 ret = wait_for_key_construction(key, true);
718 ret = key_validate(key);
724 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
727 /* check the permissions */
728 ret = key_task_permission(key_ref, context, perm);
736 key_ref_put(key_ref);
737 key_ref = ERR_PTR(ret);
740 } /* end lookup_user_key() */
742 /*****************************************************************************/
744 * join the named keyring as the session keyring if possible, or attempt to
745 * create a new one of that name if not
746 * - if the name is NULL, an empty anonymous keyring is installed instead
747 * - named session keyring joining is done with a semaphore held
749 long join_session_keyring(const char *name)
751 struct task_struct *tsk = current;
755 /* if no name is provided, install an anonymous keyring */
757 ret = install_session_keyring(tsk, NULL);
762 ret = rcu_dereference(tsk->signal->session_keyring)->serial;
767 /* allow the user to join or create a named keyring */
768 mutex_lock(&key_session_mutex);
770 /* look for an existing keyring of this name */
771 keyring = find_keyring_by_name(name, false);
772 if (PTR_ERR(keyring) == -ENOKEY) {
773 /* not found - try and create a new one */
774 keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk,
775 KEY_ALLOC_IN_QUOTA, NULL);
776 if (IS_ERR(keyring)) {
777 ret = PTR_ERR(keyring);
781 else if (IS_ERR(keyring)) {
782 ret = PTR_ERR(keyring);
786 /* we've got a keyring - now to install it */
787 ret = install_session_keyring(tsk, keyring);
791 ret = keyring->serial;
795 mutex_unlock(&key_session_mutex);
799 } /* end join_session_keyring() */