12874c5fdSThomas Gleixner // SPDX-License-Identifier: GPL-2.0-or-later
2973c9f4fSDavid Howells /* Manage a process's keyrings
31da177e4SLinus Torvalds *
469664cf1SDavid Howells * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
51da177e4SLinus Torvalds * Written by David Howells (dhowells@redhat.com)
61da177e4SLinus Torvalds */
71da177e4SLinus Torvalds
81da177e4SLinus Torvalds #include <linux/init.h>
91da177e4SLinus Torvalds #include <linux/sched.h>
108703e8a4SIngo Molnar #include <linux/sched/user.h>
111da177e4SLinus Torvalds #include <linux/keyctl.h>
121da177e4SLinus Torvalds #include <linux/fs.h>
131da177e4SLinus Torvalds #include <linux/err.h>
14bb003079SIngo Molnar #include <linux/mutex.h>
15ee18d64cSDavid Howells #include <linux/security.h>
161d1e9756SSerge E. Hallyn #include <linux/user_namespace.h>
177c0f6ba6SLinus Torvalds #include <linux/uaccess.h>
180f44e4d9SDavid Howells #include <linux/init_task.h>
19822ad64dSDavid Howells #include <keys/request_key_auth-type.h>
201da177e4SLinus Torvalds #include "internal.h"
211da177e4SLinus Torvalds
22973c9f4fSDavid Howells /* Session keyring create vs join semaphore */
23bb003079SIngo Molnar static DEFINE_MUTEX(key_session_mutex);
241da177e4SLinus Torvalds
25973c9f4fSDavid Howells /* The root user's tracking struct */
261da177e4SLinus Torvalds struct key_user root_key_user = {
27ddb99e11SElena Reshetova .usage = REFCOUNT_INIT(3),
2876181c13SDavid Howells .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
296cfd76a2SPeter Zijlstra .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
301da177e4SLinus Torvalds .nkeys = ATOMIC_INIT(2),
311da177e4SLinus Torvalds .nikeys = ATOMIC_INIT(2),
329a56c2dbSEric W. Biederman .uid = GLOBAL_ROOT_UID,
331da177e4SLinus Torvalds };
341da177e4SLinus Torvalds
351da177e4SLinus Torvalds /*
360f44e4d9SDavid Howells * Get or create a user register keyring.
371da177e4SLinus Torvalds */
get_user_register(struct user_namespace * user_ns)380f44e4d9SDavid Howells static struct key *get_user_register(struct user_namespace *user_ns)
391da177e4SLinus Torvalds {
400f44e4d9SDavid Howells struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register);
411da177e4SLinus Torvalds
420f44e4d9SDavid Howells if (reg_keyring)
430f44e4d9SDavid Howells return reg_keyring;
44d84f4f99SDavid Howells
450f44e4d9SDavid Howells down_write(&user_ns->keyring_sem);
461da177e4SLinus Torvalds
470f44e4d9SDavid Howells /* Make sure there's a register keyring. It gets owned by the
480f44e4d9SDavid Howells * user_namespace's owner.
490f44e4d9SDavid Howells */
500f44e4d9SDavid Howells reg_keyring = user_ns->user_keyring_register;
510f44e4d9SDavid Howells if (!reg_keyring) {
520f44e4d9SDavid Howells reg_keyring = keyring_alloc(".user_reg",
530f44e4d9SDavid Howells user_ns->owner, INVALID_GID,
54028db3e2SLinus Torvalds &init_cred,
55028db3e2SLinus Torvalds KEY_POS_WRITE | KEY_POS_SEARCH |
56028db3e2SLinus Torvalds KEY_USR_VIEW | KEY_USR_READ,
57028db3e2SLinus Torvalds 0,
58028db3e2SLinus Torvalds NULL, NULL);
590f44e4d9SDavid Howells if (!IS_ERR(reg_keyring))
600f44e4d9SDavid Howells smp_store_release(&user_ns->user_keyring_register,
610f44e4d9SDavid Howells reg_keyring);
621da177e4SLinus Torvalds }
631da177e4SLinus Torvalds
640f44e4d9SDavid Howells up_write(&user_ns->keyring_sem);
650f44e4d9SDavid Howells
660f44e4d9SDavid Howells /* We don't return a ref since the keyring is pinned by the user_ns */
670f44e4d9SDavid Howells return reg_keyring;
680f44e4d9SDavid Howells }
690f44e4d9SDavid Howells
700f44e4d9SDavid Howells /*
710f44e4d9SDavid Howells * Look up the user and user session keyrings for the current process's UID,
720f44e4d9SDavid Howells * creating them if they don't exist.
730f44e4d9SDavid Howells */
look_up_user_keyrings(struct key ** _user_keyring,struct key ** _user_session_keyring)740f44e4d9SDavid Howells int look_up_user_keyrings(struct key **_user_keyring,
750f44e4d9SDavid Howells struct key **_user_session_keyring)
760f44e4d9SDavid Howells {
770f44e4d9SDavid Howells const struct cred *cred = current_cred();
780f44e4d9SDavid Howells struct user_namespace *user_ns = current_user_ns();
790f44e4d9SDavid Howells struct key *reg_keyring, *uid_keyring, *session_keyring;
80028db3e2SLinus Torvalds key_perm_t user_keyring_perm;
810f44e4d9SDavid Howells key_ref_t uid_keyring_r, session_keyring_r;
820f44e4d9SDavid Howells uid_t uid = from_kuid(user_ns, cred->user->uid);
830f44e4d9SDavid Howells char buf[20];
840f44e4d9SDavid Howells int ret;
850f44e4d9SDavid Howells
86028db3e2SLinus Torvalds user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
87028db3e2SLinus Torvalds
880f44e4d9SDavid Howells kenter("%u", uid);
890f44e4d9SDavid Howells
900f44e4d9SDavid Howells reg_keyring = get_user_register(user_ns);
910f44e4d9SDavid Howells if (IS_ERR(reg_keyring))
920f44e4d9SDavid Howells return PTR_ERR(reg_keyring);
930f44e4d9SDavid Howells
940f44e4d9SDavid Howells down_write(&user_ns->keyring_sem);
9569664cf1SDavid Howells ret = 0;
9669664cf1SDavid Howells
970f44e4d9SDavid Howells /* Get the user keyring. Note that there may be one in existence
980f44e4d9SDavid Howells * already as it may have been pinned by a session, but the user_struct
990f44e4d9SDavid Howells * pointing to it may have been destroyed by setuid.
1000f44e4d9SDavid Howells */
1010f44e4d9SDavid Howells snprintf(buf, sizeof(buf), "_uid.%u", uid);
1020f44e4d9SDavid Howells uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
1030f44e4d9SDavid Howells &key_type_keyring, buf, false);
1040f44e4d9SDavid Howells kdebug("_uid %p", uid_keyring_r);
1050f44e4d9SDavid Howells if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
1060f44e4d9SDavid Howells uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
107028db3e2SLinus Torvalds cred, user_keyring_perm,
108237bbd29SEric Biggers KEY_ALLOC_UID_KEYRING |
1095ac7eaceSDavid Howells KEY_ALLOC_IN_QUOTA,
1100f44e4d9SDavid Howells NULL, reg_keyring);
11169664cf1SDavid Howells if (IS_ERR(uid_keyring)) {
1121da177e4SLinus Torvalds ret = PTR_ERR(uid_keyring);
1131da177e4SLinus Torvalds goto error;
1141da177e4SLinus Torvalds }
1150f44e4d9SDavid Howells } else if (IS_ERR(uid_keyring_r)) {
1160f44e4d9SDavid Howells ret = PTR_ERR(uid_keyring_r);
1170f44e4d9SDavid Howells goto error;
1180f44e4d9SDavid Howells } else {
1190f44e4d9SDavid Howells uid_keyring = key_ref_to_ptr(uid_keyring_r);
12069664cf1SDavid Howells }
12169664cf1SDavid Howells
1220f44e4d9SDavid Howells /* Get a default session keyring (which might also exist already) */
1230f44e4d9SDavid Howells snprintf(buf, sizeof(buf), "_uid_ses.%u", uid);
1240f44e4d9SDavid Howells session_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
1250f44e4d9SDavid Howells &key_type_keyring, buf, false);
1260f44e4d9SDavid Howells kdebug("_uid_ses %p", session_keyring_r);
1270f44e4d9SDavid Howells if (session_keyring_r == ERR_PTR(-EAGAIN)) {
1280f44e4d9SDavid Howells session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
129028db3e2SLinus Torvalds cred, user_keyring_perm,
130237bbd29SEric Biggers KEY_ALLOC_UID_KEYRING |
1315ac7eaceSDavid Howells KEY_ALLOC_IN_QUOTA,
1325ac7eaceSDavid Howells NULL, NULL);
13369664cf1SDavid Howells if (IS_ERR(session_keyring)) {
13469664cf1SDavid Howells ret = PTR_ERR(session_keyring);
13569664cf1SDavid Howells goto error_release;
13669664cf1SDavid Howells }
13769664cf1SDavid Howells
1380f44e4d9SDavid Howells /* We install a link from the user session keyring to
1390f44e4d9SDavid Howells * the user keyring.
1400f44e4d9SDavid Howells */
14169664cf1SDavid Howells ret = key_link(session_keyring, uid_keyring);
14269664cf1SDavid Howells if (ret < 0)
1430f44e4d9SDavid Howells goto error_release_session;
1440f44e4d9SDavid Howells
1450f44e4d9SDavid Howells /* And only then link the user-session keyring to the
1460f44e4d9SDavid Howells * register.
1470f44e4d9SDavid Howells */
1480f44e4d9SDavid Howells ret = key_link(reg_keyring, session_keyring);
1490f44e4d9SDavid Howells if (ret < 0)
1500f44e4d9SDavid Howells goto error_release_session;
1510f44e4d9SDavid Howells } else if (IS_ERR(session_keyring_r)) {
1520f44e4d9SDavid Howells ret = PTR_ERR(session_keyring_r);
1530f44e4d9SDavid Howells goto error_release;
1540f44e4d9SDavid Howells } else {
1550f44e4d9SDavid Howells session_keyring = key_ref_to_ptr(session_keyring_r);
15669664cf1SDavid Howells }
1571da177e4SLinus Torvalds
1580f44e4d9SDavid Howells up_write(&user_ns->keyring_sem);
1591da177e4SLinus Torvalds
1600f44e4d9SDavid Howells if (_user_session_keyring)
1610f44e4d9SDavid Howells *_user_session_keyring = session_keyring;
1620f44e4d9SDavid Howells else
1630f44e4d9SDavid Howells key_put(session_keyring);
1640f44e4d9SDavid Howells if (_user_keyring)
1650f44e4d9SDavid Howells *_user_keyring = uid_keyring;
1660f44e4d9SDavid Howells else
1670f44e4d9SDavid Howells key_put(uid_keyring);
16869664cf1SDavid Howells kleave(" = 0");
16969664cf1SDavid Howells return 0;
17069664cf1SDavid Howells
1710f44e4d9SDavid Howells error_release_session:
17269664cf1SDavid Howells key_put(session_keyring);
17369664cf1SDavid Howells error_release:
17469664cf1SDavid Howells key_put(uid_keyring);
1751da177e4SLinus Torvalds error:
1760f44e4d9SDavid Howells up_write(&user_ns->keyring_sem);
17769664cf1SDavid Howells kleave(" = %d", ret);
1781da177e4SLinus Torvalds return ret;
17969664cf1SDavid Howells }
1801da177e4SLinus Torvalds
1811da177e4SLinus Torvalds /*
1820f44e4d9SDavid Howells * Get the user session keyring if it exists, but don't create it if it
1830f44e4d9SDavid Howells * doesn't.
1840f44e4d9SDavid Howells */
get_user_session_keyring_rcu(const struct cred * cred)1850f44e4d9SDavid Howells struct key *get_user_session_keyring_rcu(const struct cred *cred)
1860f44e4d9SDavid Howells {
1870f44e4d9SDavid Howells struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register);
1880f44e4d9SDavid Howells key_ref_t session_keyring_r;
1890f44e4d9SDavid Howells char buf[20];
1900f44e4d9SDavid Howells
1910f44e4d9SDavid Howells struct keyring_search_context ctx = {
1920f44e4d9SDavid Howells .index_key.type = &key_type_keyring,
1930f44e4d9SDavid Howells .index_key.description = buf,
1940f44e4d9SDavid Howells .cred = cred,
1950f44e4d9SDavid Howells .match_data.cmp = key_default_cmp,
1960f44e4d9SDavid Howells .match_data.raw_data = buf,
1970f44e4d9SDavid Howells .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
1980f44e4d9SDavid Howells .flags = KEYRING_SEARCH_DO_STATE_CHECK,
1990f44e4d9SDavid Howells };
2000f44e4d9SDavid Howells
2010f44e4d9SDavid Howells if (!reg_keyring)
2020f44e4d9SDavid Howells return NULL;
2030f44e4d9SDavid Howells
2040f44e4d9SDavid Howells ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u",
2050f44e4d9SDavid Howells from_kuid(cred->user_ns,
2060f44e4d9SDavid Howells cred->user->uid));
2070f44e4d9SDavid Howells
2080f44e4d9SDavid Howells session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true),
2090f44e4d9SDavid Howells &ctx);
2100f44e4d9SDavid Howells if (IS_ERR(session_keyring_r))
2110f44e4d9SDavid Howells return NULL;
2120f44e4d9SDavid Howells return key_ref_to_ptr(session_keyring_r);
2130f44e4d9SDavid Howells }
2140f44e4d9SDavid Howells
2150f44e4d9SDavid Howells /*
216c9f838d1SEric Biggers * Install a thread keyring to the given credentials struct if it didn't have
217c9f838d1SEric Biggers * one already. This is allowed to overrun the quota.
218c9f838d1SEric Biggers *
219c9f838d1SEric Biggers * Return: 0 if a thread keyring is now present; -errno on failure.
2201da177e4SLinus Torvalds */
install_thread_keyring_to_cred(struct cred * new)221d84f4f99SDavid Howells int install_thread_keyring_to_cred(struct cred *new)
2221da177e4SLinus Torvalds {
223d84f4f99SDavid Howells struct key *keyring;
2241da177e4SLinus Torvalds
225c9f838d1SEric Biggers if (new->thread_keyring)
226c9f838d1SEric Biggers return 0;
227c9f838d1SEric Biggers
228d84f4f99SDavid Howells keyring = keyring_alloc("_tid", new->uid, new->gid, new,
229028db3e2SLinus Torvalds KEY_POS_ALL | KEY_USR_VIEW,
2305ac7eaceSDavid Howells KEY_ALLOC_QUOTA_OVERRUN,
2315ac7eaceSDavid Howells NULL, NULL);
232d84f4f99SDavid Howells if (IS_ERR(keyring))
233d84f4f99SDavid Howells return PTR_ERR(keyring);
2341da177e4SLinus Torvalds
235d84f4f99SDavid Howells new->thread_keyring = keyring;
236d84f4f99SDavid Howells return 0;
2371da177e4SLinus Torvalds }
2381da177e4SLinus Torvalds
2391da177e4SLinus Torvalds /*
240c9f838d1SEric Biggers * Install a thread keyring to the current task if it didn't have one already.
241c9f838d1SEric Biggers *
242c9f838d1SEric Biggers * Return: 0 if a thread keyring is now present; -errno on failure.
2431da177e4SLinus Torvalds */
install_thread_keyring(void)244d84f4f99SDavid Howells static int install_thread_keyring(void)
2451da177e4SLinus Torvalds {
246d84f4f99SDavid Howells struct cred *new;
2471da177e4SLinus Torvalds int ret;
2481da177e4SLinus Torvalds
249d84f4f99SDavid Howells new = prepare_creds();
250d84f4f99SDavid Howells if (!new)
251d84f4f99SDavid Howells return -ENOMEM;
2521da177e4SLinus Torvalds
253d84f4f99SDavid Howells ret = install_thread_keyring_to_cred(new);
254d84f4f99SDavid Howells if (ret < 0) {
255d84f4f99SDavid Howells abort_creds(new);
256d84f4f99SDavid Howells return ret;
2571da177e4SLinus Torvalds }
2581da177e4SLinus Torvalds
259d84f4f99SDavid Howells return commit_creds(new);
260d84f4f99SDavid Howells }
2611da177e4SLinus Torvalds
262d84f4f99SDavid Howells /*
263c9f838d1SEric Biggers * Install a process keyring to the given credentials struct if it didn't have
264c9f838d1SEric Biggers * one already. This is allowed to overrun the quota.
265973c9f4fSDavid Howells *
266c9f838d1SEric Biggers * Return: 0 if a process keyring is now present; -errno on failure.
267d84f4f99SDavid Howells */
install_process_keyring_to_cred(struct cred * new)268d84f4f99SDavid Howells int install_process_keyring_to_cred(struct cred *new)
269d84f4f99SDavid Howells {
270d84f4f99SDavid Howells struct key *keyring;
271d84f4f99SDavid Howells
2723a50597dSDavid Howells if (new->process_keyring)
273c9f838d1SEric Biggers return 0;
274d84f4f99SDavid Howells
27596b5c8feSDavid Howells keyring = keyring_alloc("_pid", new->uid, new->gid, new,
276028db3e2SLinus Torvalds KEY_POS_ALL | KEY_USR_VIEW,
2775ac7eaceSDavid Howells KEY_ALLOC_QUOTA_OVERRUN,
2785ac7eaceSDavid Howells NULL, NULL);
279d84f4f99SDavid Howells if (IS_ERR(keyring))
280d84f4f99SDavid Howells return PTR_ERR(keyring);
281d84f4f99SDavid Howells
2823a50597dSDavid Howells new->process_keyring = keyring;
2833a50597dSDavid Howells return 0;
284d84f4f99SDavid Howells }
2851da177e4SLinus Torvalds
2861da177e4SLinus Torvalds /*
287c9f838d1SEric Biggers * Install a process keyring to the current task if it didn't have one already.
288973c9f4fSDavid Howells *
289c9f838d1SEric Biggers * Return: 0 if a process keyring is now present; -errno on failure.
2901da177e4SLinus Torvalds */
install_process_keyring(void)291d84f4f99SDavid Howells static int install_process_keyring(void)
2921da177e4SLinus Torvalds {
293d84f4f99SDavid Howells struct cred *new;
2941da177e4SLinus Torvalds int ret;
2951da177e4SLinus Torvalds
296d84f4f99SDavid Howells new = prepare_creds();
297d84f4f99SDavid Howells if (!new)
298d84f4f99SDavid Howells return -ENOMEM;
2991a26feb9SDavid Howells
300d84f4f99SDavid Howells ret = install_process_keyring_to_cred(new);
301d84f4f99SDavid Howells if (ret < 0) {
302d84f4f99SDavid Howells abort_creds(new);
303c9f838d1SEric Biggers return ret;
3041da177e4SLinus Torvalds }
3051da177e4SLinus Torvalds
306d84f4f99SDavid Howells return commit_creds(new);
3071da177e4SLinus Torvalds }
3081da177e4SLinus Torvalds
3091da177e4SLinus Torvalds /*
310c9f838d1SEric Biggers * Install the given keyring as the session keyring of the given credentials
311c9f838d1SEric Biggers * struct, replacing the existing one if any. If the given keyring is NULL,
312c9f838d1SEric Biggers * then install a new anonymous session keyring.
3135c7e372cSJann Horn * @cred can not be in use by any task yet.
314c9f838d1SEric Biggers *
315c9f838d1SEric Biggers * Return: 0 on success; -errno on failure.
3161da177e4SLinus Torvalds */
install_session_keyring_to_cred(struct cred * cred,struct key * keyring)317685bfd2cSOleg Nesterov int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
3181da177e4SLinus Torvalds {
3197e047ef5SDavid Howells unsigned long flags;
3201da177e4SLinus Torvalds struct key *old;
3211a26feb9SDavid Howells
3221a26feb9SDavid Howells might_sleep();
3231da177e4SLinus Torvalds
3241da177e4SLinus Torvalds /* create an empty session keyring */
3251da177e4SLinus Torvalds if (!keyring) {
3267e047ef5SDavid Howells flags = KEY_ALLOC_QUOTA_OVERRUN;
3273a50597dSDavid Howells if (cred->session_keyring)
3287e047ef5SDavid Howells flags = KEY_ALLOC_IN_QUOTA;
3297e047ef5SDavid Howells
33096b5c8feSDavid Howells keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
331028db3e2SLinus Torvalds KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
332028db3e2SLinus Torvalds flags, NULL, NULL);
3331a26feb9SDavid Howells if (IS_ERR(keyring))
3341a26feb9SDavid Howells return PTR_ERR(keyring);
335d84f4f99SDavid Howells } else {
336ccc3e6d9SDavid Howells __key_get(keyring);
3371da177e4SLinus Torvalds }
3381da177e4SLinus Torvalds
3391da177e4SLinus Torvalds /* install the keyring */
3403a50597dSDavid Howells old = cred->session_keyring;
3415c7e372cSJann Horn cred->session_keyring = keyring;
3421da177e4SLinus Torvalds
3433a50597dSDavid Howells if (old)
3441da177e4SLinus Torvalds key_put(old);
3451a26feb9SDavid Howells
3461a26feb9SDavid Howells return 0;
347d84f4f99SDavid Howells }
3481da177e4SLinus Torvalds
3491da177e4SLinus Torvalds /*
350c9f838d1SEric Biggers * Install the given keyring as the session keyring of the current task,
351c9f838d1SEric Biggers * replacing the existing one if any. If the given keyring is NULL, then
352c9f838d1SEric Biggers * install a new anonymous session keyring.
353c9f838d1SEric Biggers *
354c9f838d1SEric Biggers * Return: 0 on success; -errno on failure.
3551da177e4SLinus Torvalds */
install_session_keyring(struct key * keyring)356d84f4f99SDavid Howells static int install_session_keyring(struct key *keyring)
3571da177e4SLinus Torvalds {
358d84f4f99SDavid Howells struct cred *new;
359d84f4f99SDavid Howells int ret;
3601da177e4SLinus Torvalds
361d84f4f99SDavid Howells new = prepare_creds();
362d84f4f99SDavid Howells if (!new)
363d84f4f99SDavid Howells return -ENOMEM;
364b5f545c8SDavid Howells
36599599537SDavid Howells ret = install_session_keyring_to_cred(new, keyring);
366d84f4f99SDavid Howells if (ret < 0) {
367d84f4f99SDavid Howells abort_creds(new);
368d84f4f99SDavid Howells return ret;
369d84f4f99SDavid Howells }
370b5f545c8SDavid Howells
371d84f4f99SDavid Howells return commit_creds(new);
372d84f4f99SDavid Howells }
3731da177e4SLinus Torvalds
3741da177e4SLinus Torvalds /*
375973c9f4fSDavid Howells * Handle the fsuid changing.
3761da177e4SLinus Torvalds */
key_fsuid_changed(struct cred * new_cred)3772e21865fSDavid Howells void key_fsuid_changed(struct cred *new_cred)
3781da177e4SLinus Torvalds {
3791da177e4SLinus Torvalds /* update the ownership of the thread keyring */
3802e21865fSDavid Howells if (new_cred->thread_keyring) {
3812e21865fSDavid Howells down_write(&new_cred->thread_keyring->sem);
3822e21865fSDavid Howells new_cred->thread_keyring->uid = new_cred->fsuid;
3832e21865fSDavid Howells up_write(&new_cred->thread_keyring->sem);
3841da177e4SLinus Torvalds }
385a8b17ed0SDavid Howells }
3861da177e4SLinus Torvalds
3871da177e4SLinus Torvalds /*
388973c9f4fSDavid Howells * Handle the fsgid changing.
3891da177e4SLinus Torvalds */
key_fsgid_changed(struct cred * new_cred)3902e21865fSDavid Howells void key_fsgid_changed(struct cred *new_cred)
3911da177e4SLinus Torvalds {
3921da177e4SLinus Torvalds /* update the ownership of the thread keyring */
3932e21865fSDavid Howells if (new_cred->thread_keyring) {
3942e21865fSDavid Howells down_write(&new_cred->thread_keyring->sem);
3952e21865fSDavid Howells new_cred->thread_keyring->gid = new_cred->fsgid;
3962e21865fSDavid Howells up_write(&new_cred->thread_keyring->sem);
3971da177e4SLinus Torvalds }
398a8b17ed0SDavid Howells }
3991da177e4SLinus Torvalds
4001da177e4SLinus Torvalds /*
401973c9f4fSDavid Howells * Search the process keyrings attached to the supplied cred for the first
402e59428f7SDavid Howells * matching key under RCU conditions (the caller must be holding the RCU read
403e59428f7SDavid Howells * lock).
404973c9f4fSDavid Howells *
405973c9f4fSDavid Howells * The search criteria are the type and the match function. The description is
406973c9f4fSDavid Howells * given to the match function as a parameter, but doesn't otherwise influence
407973c9f4fSDavid Howells * the search. Typically the match function will compare the description
408973c9f4fSDavid Howells * parameter to the key's description.
409973c9f4fSDavid Howells *
410973c9f4fSDavid Howells * This can only search keyrings that grant Search permission to the supplied
411973c9f4fSDavid Howells * credentials. Keyrings linked to searched keyrings will also be searched if
412973c9f4fSDavid Howells * they grant Search permission too. Keys can only be found if they grant
413973c9f4fSDavid Howells * Search permission to the credentials.
414973c9f4fSDavid Howells *
415973c9f4fSDavid Howells * Returns a pointer to the key with the key usage count incremented if
416973c9f4fSDavid Howells * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
417973c9f4fSDavid Howells * matched negative keys.
418973c9f4fSDavid Howells *
419973c9f4fSDavid Howells * In the case of a successful return, the possession attribute is set on the
420973c9f4fSDavid Howells * returned key reference.
4211da177e4SLinus Torvalds */
search_cred_keyrings_rcu(struct keyring_search_context * ctx)422e59428f7SDavid Howells key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
4231da177e4SLinus Torvalds {
4240f44e4d9SDavid Howells struct key *user_session;
425b5f545c8SDavid Howells key_ref_t key_ref, ret, err;
4260b9dc6c9SJann Horn const struct cred *cred = ctx->cred;
4271da177e4SLinus Torvalds
4281da177e4SLinus Torvalds /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
4291da177e4SLinus Torvalds * searchable, but we failed to find a key or we found a negative key;
4301da177e4SLinus Torvalds * otherwise we want to return a sample error (probably -EACCES) if
4311da177e4SLinus Torvalds * none of the keyrings were searchable
4321da177e4SLinus Torvalds *
4331da177e4SLinus Torvalds * in terms of priority: success > -ENOKEY > -EAGAIN > other error
4341da177e4SLinus Torvalds */
435664cceb0SDavid Howells key_ref = NULL;
4361da177e4SLinus Torvalds ret = NULL;
4371da177e4SLinus Torvalds err = ERR_PTR(-EAGAIN);
4381da177e4SLinus Torvalds
4391da177e4SLinus Torvalds /* search the thread keyring first */
4400b9dc6c9SJann Horn if (cred->thread_keyring) {
441e59428f7SDavid Howells key_ref = keyring_search_rcu(
4420b9dc6c9SJann Horn make_key_ref(cred->thread_keyring, 1), ctx);
443664cceb0SDavid Howells if (!IS_ERR(key_ref))
4441da177e4SLinus Torvalds goto found;
4451da177e4SLinus Torvalds
446664cceb0SDavid Howells switch (PTR_ERR(key_ref)) {
4471da177e4SLinus Torvalds case -EAGAIN: /* no key */
4481da177e4SLinus Torvalds case -ENOKEY: /* negative key */
449664cceb0SDavid Howells ret = key_ref;
4501da177e4SLinus Torvalds break;
4511da177e4SLinus Torvalds default:
452664cceb0SDavid Howells err = key_ref;
4531da177e4SLinus Torvalds break;
4541da177e4SLinus Torvalds }
4551da177e4SLinus Torvalds }
4561da177e4SLinus Torvalds
4571da177e4SLinus Torvalds /* search the process keyring second */
4580b9dc6c9SJann Horn if (cred->process_keyring) {
459e59428f7SDavid Howells key_ref = keyring_search_rcu(
4600b9dc6c9SJann Horn make_key_ref(cred->process_keyring, 1), ctx);
461664cceb0SDavid Howells if (!IS_ERR(key_ref))
4621da177e4SLinus Torvalds goto found;
4631da177e4SLinus Torvalds
464664cceb0SDavid Howells switch (PTR_ERR(key_ref)) {
4651da177e4SLinus Torvalds case -EAGAIN: /* no key */
466fe9453a1SDavid Howells if (ret)
467fe9453a1SDavid Howells break;
468df561f66SGustavo A. R. Silva fallthrough;
4691da177e4SLinus Torvalds case -ENOKEY: /* negative key */
470664cceb0SDavid Howells ret = key_ref;
4711da177e4SLinus Torvalds break;
4721da177e4SLinus Torvalds default:
473664cceb0SDavid Howells err = key_ref;
4741da177e4SLinus Torvalds break;
4751da177e4SLinus Torvalds }
4761da177e4SLinus Torvalds }
4771da177e4SLinus Torvalds
4783e30148cSDavid Howells /* search the session keyring */
4790b9dc6c9SJann Horn if (cred->session_keyring) {
480e59428f7SDavid Howells key_ref = keyring_search_rcu(
4810b9dc6c9SJann Horn make_key_ref(cred->session_keyring, 1), ctx);
4821da177e4SLinus Torvalds
483664cceb0SDavid Howells if (!IS_ERR(key_ref))
4841da177e4SLinus Torvalds goto found;
4851da177e4SLinus Torvalds
486664cceb0SDavid Howells switch (PTR_ERR(key_ref)) {
4871da177e4SLinus Torvalds case -EAGAIN: /* no key */
4881da177e4SLinus Torvalds if (ret)
4891da177e4SLinus Torvalds break;
490df561f66SGustavo A. R. Silva fallthrough;
4911da177e4SLinus Torvalds case -ENOKEY: /* negative key */
492664cceb0SDavid Howells ret = key_ref;
4931da177e4SLinus Torvalds break;
4941da177e4SLinus Torvalds default:
495664cceb0SDavid Howells err = key_ref;
4961da177e4SLinus Torvalds break;
4971da177e4SLinus Torvalds }
4983e30148cSDavid Howells }
4993e30148cSDavid Howells /* or search the user-session keyring */
5000f44e4d9SDavid Howells else if ((user_session = get_user_session_keyring_rcu(cred))) {
5010f44e4d9SDavid Howells key_ref = keyring_search_rcu(make_key_ref(user_session, 1),
5024bdf0bc3SDavid Howells ctx);
5030f44e4d9SDavid Howells key_put(user_session);
5040f44e4d9SDavid Howells
505664cceb0SDavid Howells if (!IS_ERR(key_ref))
5063e30148cSDavid Howells goto found;
5073e30148cSDavid Howells
508664cceb0SDavid Howells switch (PTR_ERR(key_ref)) {
5093e30148cSDavid Howells case -EAGAIN: /* no key */
5103e30148cSDavid Howells if (ret)
5113e30148cSDavid Howells break;
512df561f66SGustavo A. R. Silva fallthrough;
5133e30148cSDavid Howells case -ENOKEY: /* negative key */
514664cceb0SDavid Howells ret = key_ref;
5153e30148cSDavid Howells break;
5163e30148cSDavid Howells default:
517664cceb0SDavid Howells err = key_ref;
5183e30148cSDavid Howells break;
5193e30148cSDavid Howells }
5203e30148cSDavid Howells }
5213e30148cSDavid Howells
522927942aaSDavid Howells /* no key - decide on the error we're going to go for */
523927942aaSDavid Howells key_ref = ret ? ret : err;
524927942aaSDavid Howells
525927942aaSDavid Howells found:
526927942aaSDavid Howells return key_ref;
527927942aaSDavid Howells }
528927942aaSDavid Howells
529927942aaSDavid Howells /*
530973c9f4fSDavid Howells * Search the process keyrings attached to the supplied cred for the first
531973c9f4fSDavid Howells * matching key in the manner of search_my_process_keyrings(), but also search
532973c9f4fSDavid Howells * the keys attached to the assumed authorisation key using its credentials if
533973c9f4fSDavid Howells * one is available.
534973c9f4fSDavid Howells *
535e59428f7SDavid Howells * The caller must be holding the RCU read lock.
536e59428f7SDavid Howells *
537e59428f7SDavid Howells * Return same as search_cred_keyrings_rcu().
538927942aaSDavid Howells */
search_process_keyrings_rcu(struct keyring_search_context * ctx)539e59428f7SDavid Howells key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
540927942aaSDavid Howells {
541927942aaSDavid Howells struct request_key_auth *rka;
542927942aaSDavid Howells key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
543927942aaSDavid Howells
544e59428f7SDavid Howells key_ref = search_cred_keyrings_rcu(ctx);
545927942aaSDavid Howells if (!IS_ERR(key_ref))
546927942aaSDavid Howells goto found;
547927942aaSDavid Howells err = key_ref;
548927942aaSDavid Howells
549b5f545c8SDavid Howells /* if this process has an instantiation authorisation key, then we also
550b5f545c8SDavid Howells * search the keyrings of the process mentioned there
551b5f545c8SDavid Howells * - we don't permit access to request_key auth keys via this method
552b5f545c8SDavid Howells */
5534bdf0bc3SDavid Howells if (ctx->cred->request_key_auth &&
5544bdf0bc3SDavid Howells ctx->cred == current_cred() &&
5554bdf0bc3SDavid Howells ctx->index_key.type != &key_type_request_key_auth
556b5f545c8SDavid Howells ) {
5574bdf0bc3SDavid Howells const struct cred *cred = ctx->cred;
5584bdf0bc3SDavid Howells
559e59428f7SDavid Howells if (key_validate(cred->request_key_auth) == 0) {
560146aa8b1SDavid Howells rka = ctx->cred->request_key_auth->payload.data[0];
5613e30148cSDavid Howells
562e59428f7SDavid Howells //// was search_process_keyrings() [ie. recursive]
5634bdf0bc3SDavid Howells ctx->cred = rka->cred;
564e59428f7SDavid Howells key_ref = search_cred_keyrings_rcu(ctx);
5654bdf0bc3SDavid Howells ctx->cred = cred;
56604c567d9SDavid Howells
567b5f545c8SDavid Howells if (!IS_ERR(key_ref))
568b5f545c8SDavid Howells goto found;
569b5f545c8SDavid Howells ret = key_ref;
57004c567d9SDavid Howells }
571b5f545c8SDavid Howells }
572b5f545c8SDavid Howells
5731da177e4SLinus Torvalds /* no key - decide on the error we're going to go for */
574927942aaSDavid Howells if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
575927942aaSDavid Howells key_ref = ERR_PTR(-ENOKEY);
576927942aaSDavid Howells else if (err == ERR_PTR(-EACCES))
577927942aaSDavid Howells key_ref = ret;
578927942aaSDavid Howells else
579927942aaSDavid Howells key_ref = err;
5801da177e4SLinus Torvalds
5811da177e4SLinus Torvalds found:
582664cceb0SDavid Howells return key_ref;
583a8b17ed0SDavid Howells }
5841da177e4SLinus Torvalds /*
585973c9f4fSDavid Howells * See if the key we're looking at is the target key.
586664cceb0SDavid Howells */
lookup_user_key_possessed(const struct key * key,const struct key_match_data * match_data)5870c903ab6SDavid Howells bool lookup_user_key_possessed(const struct key *key,
58846291959SDavid Howells const struct key_match_data *match_data)
589664cceb0SDavid Howells {
59046291959SDavid Howells return key == match_data->raw_data;
591a8b17ed0SDavid Howells }
592664cceb0SDavid Howells
593664cceb0SDavid Howells /*
594973c9f4fSDavid Howells * Look up a key ID given us by userspace with a given permissions mask to get
595973c9f4fSDavid Howells * the key it refers to.
596973c9f4fSDavid Howells *
597973c9f4fSDavid Howells * Flags can be passed to request that special keyrings be created if referred
598973c9f4fSDavid Howells * to directly, to permit partially constructed keys to be found and to skip
599973c9f4fSDavid Howells * validity and permission checks on the found key.
600973c9f4fSDavid Howells *
601973c9f4fSDavid Howells * Returns a pointer to the key with an incremented usage count if successful;
602973c9f4fSDavid Howells * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
603973c9f4fSDavid Howells * to a key or the best found key was a negative key; -EKEYREVOKED or
604973c9f4fSDavid Howells * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
605973c9f4fSDavid Howells * found key doesn't grant the requested permit or the LSM denied access to it;
606973c9f4fSDavid Howells * or -ENOMEM if a special keyring couldn't be created.
607973c9f4fSDavid Howells *
608973c9f4fSDavid Howells * In the case of a successful return, the possession attribute is set on the
609973c9f4fSDavid Howells * returned key reference.
6101da177e4SLinus Torvalds */
lookup_user_key(key_serial_t id,unsigned long lflags,enum key_need_perm need_perm)6115593122eSDavid Howells key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
6128c0637e9SDavid Howells enum key_need_perm need_perm)
6131da177e4SLinus Torvalds {
6144bdf0bc3SDavid Howells struct keyring_search_context ctx = {
61546291959SDavid Howells .match_data.cmp = lookup_user_key_possessed,
61646291959SDavid Howells .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
617dcf49dbcSDavid Howells .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
618dcf49dbcSDavid Howells KEYRING_SEARCH_RECURSE),
6194bdf0bc3SDavid Howells };
6208bbf4976SDavid Howells struct request_key_auth *rka;
6210f44e4d9SDavid Howells struct key *key, *user_session;
622b6dff3ecSDavid Howells key_ref_t key_ref, skey_ref;
6231da177e4SLinus Torvalds int ret;
6241da177e4SLinus Torvalds
625bb952bb9SDavid Howells try_again:
6264bdf0bc3SDavid Howells ctx.cred = get_current_cred();
627664cceb0SDavid Howells key_ref = ERR_PTR(-ENOKEY);
6281da177e4SLinus Torvalds
6291da177e4SLinus Torvalds switch (id) {
6301da177e4SLinus Torvalds case KEY_SPEC_THREAD_KEYRING:
6314bdf0bc3SDavid Howells if (!ctx.cred->thread_keyring) {
6325593122eSDavid Howells if (!(lflags & KEY_LOOKUP_CREATE))
6331da177e4SLinus Torvalds goto error;
6341da177e4SLinus Torvalds
6358bbf4976SDavid Howells ret = install_thread_keyring();
6361da177e4SLinus Torvalds if (ret < 0) {
6374d09ec0fSDan Carpenter key_ref = ERR_PTR(ret);
6381da177e4SLinus Torvalds goto error;
6391da177e4SLinus Torvalds }
640bb952bb9SDavid Howells goto reget_creds;
6411da177e4SLinus Torvalds }
6421da177e4SLinus Torvalds
6434bdf0bc3SDavid Howells key = ctx.cred->thread_keyring;
644ccc3e6d9SDavid Howells __key_get(key);
645664cceb0SDavid Howells key_ref = make_key_ref(key, 1);
6461da177e4SLinus Torvalds break;
6471da177e4SLinus Torvalds
6481da177e4SLinus Torvalds case KEY_SPEC_PROCESS_KEYRING:
6494bdf0bc3SDavid Howells if (!ctx.cred->process_keyring) {
6505593122eSDavid Howells if (!(lflags & KEY_LOOKUP_CREATE))
6511da177e4SLinus Torvalds goto error;
6521da177e4SLinus Torvalds
6538bbf4976SDavid Howells ret = install_process_keyring();
6541da177e4SLinus Torvalds if (ret < 0) {
6554d09ec0fSDan Carpenter key_ref = ERR_PTR(ret);
6561da177e4SLinus Torvalds goto error;
6571da177e4SLinus Torvalds }
658bb952bb9SDavid Howells goto reget_creds;
6591da177e4SLinus Torvalds }
6601da177e4SLinus Torvalds
6614bdf0bc3SDavid Howells key = ctx.cred->process_keyring;
662ccc3e6d9SDavid Howells __key_get(key);
663664cceb0SDavid Howells key_ref = make_key_ref(key, 1);
6641da177e4SLinus Torvalds break;
6651da177e4SLinus Torvalds
6661da177e4SLinus Torvalds case KEY_SPEC_SESSION_KEYRING:
6674bdf0bc3SDavid Howells if (!ctx.cred->session_keyring) {
6681da177e4SLinus Torvalds /* always install a session keyring upon access if one
6691da177e4SLinus Torvalds * doesn't exist yet */
6700f44e4d9SDavid Howells ret = look_up_user_keyrings(NULL, &user_session);
67169664cf1SDavid Howells if (ret < 0)
67269664cf1SDavid Howells goto error;
6733ecf1b4fSDavid Howells if (lflags & KEY_LOOKUP_CREATE)
6743ecf1b4fSDavid Howells ret = join_session_keyring(NULL);
6753ecf1b4fSDavid Howells else
6760f44e4d9SDavid Howells ret = install_session_keyring(user_session);
677d84f4f99SDavid Howells
6780f44e4d9SDavid Howells key_put(user_session);
6791da177e4SLinus Torvalds if (ret < 0)
6801da177e4SLinus Torvalds goto error;
681bb952bb9SDavid Howells goto reget_creds;
6820f44e4d9SDavid Howells } else if (test_bit(KEY_FLAG_UID_KEYRING,
6830f44e4d9SDavid Howells &ctx.cred->session_keyring->flags) &&
6843ecf1b4fSDavid Howells lflags & KEY_LOOKUP_CREATE) {
6853ecf1b4fSDavid Howells ret = join_session_keyring(NULL);
6863ecf1b4fSDavid Howells if (ret < 0)
6873ecf1b4fSDavid Howells goto error;
6883ecf1b4fSDavid Howells goto reget_creds;
6891da177e4SLinus Torvalds }
6901da177e4SLinus Torvalds
6915c7e372cSJann Horn key = ctx.cred->session_keyring;
692ccc3e6d9SDavid Howells __key_get(key);
693664cceb0SDavid Howells key_ref = make_key_ref(key, 1);
6941da177e4SLinus Torvalds break;
6951da177e4SLinus Torvalds
6961da177e4SLinus Torvalds case KEY_SPEC_USER_KEYRING:
6970f44e4d9SDavid Howells ret = look_up_user_keyrings(&key, NULL);
69869664cf1SDavid Howells if (ret < 0)
69969664cf1SDavid Howells goto error;
700664cceb0SDavid Howells key_ref = make_key_ref(key, 1);
7011da177e4SLinus Torvalds break;
7021da177e4SLinus Torvalds
7031da177e4SLinus Torvalds case KEY_SPEC_USER_SESSION_KEYRING:
7040f44e4d9SDavid Howells ret = look_up_user_keyrings(NULL, &key);
70569664cf1SDavid Howells if (ret < 0)
70669664cf1SDavid Howells goto error;
707664cceb0SDavid Howells key_ref = make_key_ref(key, 1);
7081da177e4SLinus Torvalds break;
7091da177e4SLinus Torvalds
7101da177e4SLinus Torvalds case KEY_SPEC_GROUP_KEYRING:
7111da177e4SLinus Torvalds /* group keyrings are not yet supported */
7124d09ec0fSDan Carpenter key_ref = ERR_PTR(-EINVAL);
7131da177e4SLinus Torvalds goto error;
7141da177e4SLinus Torvalds
715b5f545c8SDavid Howells case KEY_SPEC_REQKEY_AUTH_KEY:
7164bdf0bc3SDavid Howells key = ctx.cred->request_key_auth;
717b5f545c8SDavid Howells if (!key)
718b5f545c8SDavid Howells goto error;
719b5f545c8SDavid Howells
720ccc3e6d9SDavid Howells __key_get(key);
721b5f545c8SDavid Howells key_ref = make_key_ref(key, 1);
722b5f545c8SDavid Howells break;
723b5f545c8SDavid Howells
7248bbf4976SDavid Howells case KEY_SPEC_REQUESTOR_KEYRING:
7254bdf0bc3SDavid Howells if (!ctx.cred->request_key_auth)
7268bbf4976SDavid Howells goto error;
7278bbf4976SDavid Howells
7284bdf0bc3SDavid Howells down_read(&ctx.cred->request_key_auth->sem);
729f67dabbdSDan Carpenter if (test_bit(KEY_FLAG_REVOKED,
7304bdf0bc3SDavid Howells &ctx.cred->request_key_auth->flags)) {
7318bbf4976SDavid Howells key_ref = ERR_PTR(-EKEYREVOKED);
7328bbf4976SDavid Howells key = NULL;
7338bbf4976SDavid Howells } else {
734146aa8b1SDavid Howells rka = ctx.cred->request_key_auth->payload.data[0];
7358bbf4976SDavid Howells key = rka->dest_keyring;
736ccc3e6d9SDavid Howells __key_get(key);
7378bbf4976SDavid Howells }
7384bdf0bc3SDavid Howells up_read(&ctx.cred->request_key_auth->sem);
7398bbf4976SDavid Howells if (!key)
7408bbf4976SDavid Howells goto error;
7418bbf4976SDavid Howells key_ref = make_key_ref(key, 1);
7428bbf4976SDavid Howells break;
7438bbf4976SDavid Howells
7441da177e4SLinus Torvalds default:
745664cceb0SDavid Howells key_ref = ERR_PTR(-EINVAL);
7461da177e4SLinus Torvalds if (id < 1)
7471da177e4SLinus Torvalds goto error;
7481da177e4SLinus Torvalds
7491da177e4SLinus Torvalds key = key_lookup(id);
750664cceb0SDavid Howells if (IS_ERR(key)) {
751e231c2eeSDavid Howells key_ref = ERR_CAST(key);
7521da177e4SLinus Torvalds goto error;
753664cceb0SDavid Howells }
754664cceb0SDavid Howells
755664cceb0SDavid Howells key_ref = make_key_ref(key, 0);
756664cceb0SDavid Howells
757664cceb0SDavid Howells /* check to see if we possess the key */
75847546208SEric Biggers ctx.index_key = key->index_key;
75946291959SDavid Howells ctx.match_data.raw_data = key;
7604bdf0bc3SDavid Howells kdebug("check possessed");
761e59428f7SDavid Howells rcu_read_lock();
762e59428f7SDavid Howells skey_ref = search_process_keyrings_rcu(&ctx);
763e59428f7SDavid Howells rcu_read_unlock();
7644bdf0bc3SDavid Howells kdebug("possessed=%p", skey_ref);
765664cceb0SDavid Howells
766664cceb0SDavid Howells if (!IS_ERR(skey_ref)) {
767664cceb0SDavid Howells key_put(key);
768664cceb0SDavid Howells key_ref = skey_ref;
769664cceb0SDavid Howells }
770664cceb0SDavid Howells
7711da177e4SLinus Torvalds break;
7721da177e4SLinus Torvalds }
7731da177e4SLinus Torvalds
7745593122eSDavid Howells /* unlink does not use the nominated key in any way, so can skip all
7755593122eSDavid Howells * the permission checks as it is only concerned with the keyring */
7768c0637e9SDavid Howells if (need_perm != KEY_NEED_UNLINK) {
7775593122eSDavid Howells if (!(lflags & KEY_LOOKUP_PARTIAL)) {
77876181c13SDavid Howells ret = wait_for_key_construction(key, true);
77976181c13SDavid Howells switch (ret) {
78076181c13SDavid Howells case -ERESTARTSYS:
78176181c13SDavid Howells goto invalid_key;
78276181c13SDavid Howells default:
7838c0637e9SDavid Howells if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
7848c0637e9SDavid Howells need_perm != KEY_DEFER_PERM_CHECK)
78576181c13SDavid Howells goto invalid_key;
786634c21bbSGustavo A. R. Silva break;
78776181c13SDavid Howells case 0:
78876181c13SDavid Howells break;
78976181c13SDavid Howells }
7908c0637e9SDavid Howells } else if (need_perm != KEY_DEFER_PERM_CHECK) {
7911da177e4SLinus Torvalds ret = key_validate(key);
7921da177e4SLinus Torvalds if (ret < 0)
7931da177e4SLinus Torvalds goto invalid_key;
7941da177e4SLinus Torvalds }
7951da177e4SLinus Torvalds
7961da177e4SLinus Torvalds ret = -EIO;
7975593122eSDavid Howells if (!(lflags & KEY_LOOKUP_PARTIAL) &&
798363b02daSDavid Howells key_read_state(key) == KEY_IS_UNINSTANTIATED)
7991da177e4SLinus Torvalds goto invalid_key;
8008c0637e9SDavid Howells }
8011da177e4SLinus Torvalds
8023e30148cSDavid Howells /* check the permissions */
8038c0637e9SDavid Howells ret = key_task_permission(key_ref, ctx.cred, need_perm);
80429db9190SDavid Howells if (ret < 0)
8051da177e4SLinus Torvalds goto invalid_key;
8061da177e4SLinus Torvalds
807074d5898SBaolin Wang key->last_used_at = ktime_get_real_seconds();
80831d5a79dSDavid Howells
8091da177e4SLinus Torvalds error:
8104bdf0bc3SDavid Howells put_cred(ctx.cred);
811664cceb0SDavid Howells return key_ref;
8121da177e4SLinus Torvalds
8131da177e4SLinus Torvalds invalid_key:
814664cceb0SDavid Howells key_ref_put(key_ref);
815664cceb0SDavid Howells key_ref = ERR_PTR(ret);
8161da177e4SLinus Torvalds goto error;
8171da177e4SLinus Torvalds
818bb952bb9SDavid Howells /* if we attempted to install a keyring, then it may have caused new
819bb952bb9SDavid Howells * creds to be installed */
820bb952bb9SDavid Howells reget_creds:
8214bdf0bc3SDavid Howells put_cred(ctx.cred);
822bb952bb9SDavid Howells goto try_again;
823a8b17ed0SDavid Howells }
82476ef5e17SDave Jiang EXPORT_SYMBOL(lookup_user_key);
825bb952bb9SDavid Howells
8261da177e4SLinus Torvalds /*
827973c9f4fSDavid Howells * Join the named keyring as the session keyring if possible else attempt to
828973c9f4fSDavid Howells * create a new one of that name and join that.
829973c9f4fSDavid Howells *
830973c9f4fSDavid Howells * If the name is NULL, an empty anonymous keyring will be installed as the
831973c9f4fSDavid Howells * session keyring.
832973c9f4fSDavid Howells *
833973c9f4fSDavid Howells * Named session keyrings are joined with a semaphore held to prevent the
834973c9f4fSDavid Howells * keyrings from going away whilst the attempt is made to going them and also
835973c9f4fSDavid Howells * to prevent a race in creating compatible session keyrings.
8361da177e4SLinus Torvalds */
join_session_keyring(const char * name)8371da177e4SLinus Torvalds long join_session_keyring(const char *name)
8381da177e4SLinus Torvalds {
839d84f4f99SDavid Howells const struct cred *old;
840d84f4f99SDavid Howells struct cred *new;
8411da177e4SLinus Torvalds struct key *keyring;
842d84f4f99SDavid Howells long ret, serial;
843d84f4f99SDavid Howells
844d84f4f99SDavid Howells new = prepare_creds();
845d84f4f99SDavid Howells if (!new)
846d84f4f99SDavid Howells return -ENOMEM;
847d84f4f99SDavid Howells old = current_cred();
8481da177e4SLinus Torvalds
8491da177e4SLinus Torvalds /* if no name is provided, install an anonymous keyring */
8501da177e4SLinus Torvalds if (!name) {
851d84f4f99SDavid Howells ret = install_session_keyring_to_cred(new, NULL);
8521da177e4SLinus Torvalds if (ret < 0)
8531da177e4SLinus Torvalds goto error;
8541da177e4SLinus Torvalds
8553a50597dSDavid Howells serial = new->session_keyring->serial;
856d84f4f99SDavid Howells ret = commit_creds(new);
857d84f4f99SDavid Howells if (ret == 0)
858d84f4f99SDavid Howells ret = serial;
859d84f4f99SDavid Howells goto okay;
8601da177e4SLinus Torvalds }
8611da177e4SLinus Torvalds
8621da177e4SLinus Torvalds /* allow the user to join or create a named keyring */
863bb003079SIngo Molnar mutex_lock(&key_session_mutex);
8641da177e4SLinus Torvalds
8651da177e4SLinus Torvalds /* look for an existing keyring of this name */
86669664cf1SDavid Howells keyring = find_keyring_by_name(name, false);
8671da177e4SLinus Torvalds if (PTR_ERR(keyring) == -ENOKEY) {
8681da177e4SLinus Torvalds /* not found - try and create a new one */
86996b5c8feSDavid Howells keyring = keyring_alloc(
870028db3e2SLinus Torvalds name, old->uid, old->gid, old,
871028db3e2SLinus Torvalds KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
8725ac7eaceSDavid Howells KEY_ALLOC_IN_QUOTA, NULL, NULL);
8731da177e4SLinus Torvalds if (IS_ERR(keyring)) {
8741da177e4SLinus Torvalds ret = PTR_ERR(keyring);
875bcf945d3SDavid Howells goto error2;
8761da177e4SLinus Torvalds }
877d84f4f99SDavid Howells } else if (IS_ERR(keyring)) {
8781da177e4SLinus Torvalds ret = PTR_ERR(keyring);
8791da177e4SLinus Torvalds goto error2;
8803a50597dSDavid Howells } else if (keyring == new->session_keyring) {
8813a50597dSDavid Howells ret = 0;
882d636bd9fSEric Biggers goto error3;
8831da177e4SLinus Torvalds }
8841da177e4SLinus Torvalds
8851da177e4SLinus Torvalds /* we've got a keyring - now to install it */
886d84f4f99SDavid Howells ret = install_session_keyring_to_cred(new, keyring);
8871da177e4SLinus Torvalds if (ret < 0)
888d636bd9fSEric Biggers goto error3;
8891da177e4SLinus Torvalds
890d84f4f99SDavid Howells commit_creds(new);
891d84f4f99SDavid Howells mutex_unlock(&key_session_mutex);
892d84f4f99SDavid Howells
8931da177e4SLinus Torvalds ret = keyring->serial;
8941da177e4SLinus Torvalds key_put(keyring);
895d84f4f99SDavid Howells okay:
896d84f4f99SDavid Howells return ret;
8971da177e4SLinus Torvalds
898d636bd9fSEric Biggers error3:
899d636bd9fSEric Biggers key_put(keyring);
9001da177e4SLinus Torvalds error2:
901bb003079SIngo Molnar mutex_unlock(&key_session_mutex);
9021da177e4SLinus Torvalds error:
903d84f4f99SDavid Howells abort_creds(new);
9041da177e4SLinus Torvalds return ret;
905d84f4f99SDavid Howells }
906ee18d64cSDavid Howells
907ee18d64cSDavid Howells /*
908973c9f4fSDavid Howells * Replace a process's session keyring on behalf of one of its children when
909973c9f4fSDavid Howells * the target process is about to resume userspace execution.
910ee18d64cSDavid Howells */
key_change_session_keyring(struct callback_head * twork)91167d12145SAl Viro void key_change_session_keyring(struct callback_head *twork)
912ee18d64cSDavid Howells {
913413cd3d9SOleg Nesterov const struct cred *old = current_cred();
91467d12145SAl Viro struct cred *new = container_of(twork, struct cred, rcu);
915ee18d64cSDavid Howells
916413cd3d9SOleg Nesterov if (unlikely(current->flags & PF_EXITING)) {
917413cd3d9SOleg Nesterov put_cred(new);
918ee18d64cSDavid Howells return;
919413cd3d9SOleg Nesterov }
920ee18d64cSDavid Howells
921*5ebcbe34SEric W. Biederman /* If get_ucounts fails more bits are needed in the refcount */
922*5ebcbe34SEric W. Biederman if (unlikely(!get_ucounts(old->ucounts))) {
923*5ebcbe34SEric W. Biederman WARN_ONCE(1, "In %s get_ucounts failed\n", __func__);
924*5ebcbe34SEric W. Biederman put_cred(new);
925*5ebcbe34SEric W. Biederman return;
926*5ebcbe34SEric W. Biederman }
927*5ebcbe34SEric W. Biederman
928ee18d64cSDavid Howells new-> uid = old-> uid;
929ee18d64cSDavid Howells new-> euid = old-> euid;
930ee18d64cSDavid Howells new-> suid = old-> suid;
931ee18d64cSDavid Howells new->fsuid = old->fsuid;
932ee18d64cSDavid Howells new-> gid = old-> gid;
933ee18d64cSDavid Howells new-> egid = old-> egid;
934ee18d64cSDavid Howells new-> sgid = old-> sgid;
935ee18d64cSDavid Howells new->fsgid = old->fsgid;
936ee18d64cSDavid Howells new->user = get_uid(old->user);
937*5ebcbe34SEric W. Biederman new->ucounts = old->ucounts;
938ba0e3427SEric W. Biederman new->user_ns = get_user_ns(old->user_ns);
939ee18d64cSDavid Howells new->group_info = get_group_info(old->group_info);
940ee18d64cSDavid Howells
941ee18d64cSDavid Howells new->securebits = old->securebits;
942ee18d64cSDavid Howells new->cap_inheritable = old->cap_inheritable;
943ee18d64cSDavid Howells new->cap_permitted = old->cap_permitted;
944ee18d64cSDavid Howells new->cap_effective = old->cap_effective;
94558319057SAndy Lutomirski new->cap_ambient = old->cap_ambient;
946ee18d64cSDavid Howells new->cap_bset = old->cap_bset;
947ee18d64cSDavid Howells
948ee18d64cSDavid Howells new->jit_keyring = old->jit_keyring;
949ee18d64cSDavid Howells new->thread_keyring = key_get(old->thread_keyring);
9503a50597dSDavid Howells new->process_keyring = key_get(old->process_keyring);
951ee18d64cSDavid Howells
952ee18d64cSDavid Howells security_transfer_creds(new, old);
953ee18d64cSDavid Howells
954ee18d64cSDavid Howells commit_creds(new);
955ee18d64cSDavid Howells }
956c124bde2SMimi Zohar
957c124bde2SMimi Zohar /*
958c124bde2SMimi Zohar * Make sure that root's user and user-session keyrings exist.
959c124bde2SMimi Zohar */
init_root_keyring(void)960c124bde2SMimi Zohar static int __init init_root_keyring(void)
961c124bde2SMimi Zohar {
9620f44e4d9SDavid Howells return look_up_user_keyrings(NULL, NULL);
963c124bde2SMimi Zohar }
964c124bde2SMimi Zohar
965c124bde2SMimi Zohar late_initcall(init_root_keyring);
966