1/* process_keys.c: management of a process's keyrings 2 * 3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 */ 11 12#include <linux/module.h> 13#include <linux/init.h> 14#include <linux/sched.h> 15#include <linux/slab.h> 16#include <linux/keyctl.h> 17#include <linux/fs.h> 18#include <linux/err.h> 19#include <linux/mutex.h> 20#include <asm/uaccess.h> 21#include "internal.h" 22 23/* session keyring create vs join semaphore */ 24static DEFINE_MUTEX(key_session_mutex); 25 26/* the root user's tracking struct */ 27struct key_user root_key_user = { 28 .usage = ATOMIC_INIT(3), 29 .consq = LIST_HEAD_INIT(root_key_user.consq), 30 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), 31 .nkeys = ATOMIC_INIT(2), 32 .nikeys = ATOMIC_INIT(2), 33 .uid = 0, 34}; 35 36/* the root user's UID keyring */ 37struct key root_user_keyring = { 38 .usage = ATOMIC_INIT(1), 39 .serial = 2, 40 .type = &key_type_keyring, 41 .user = &root_key_user, 42 .sem = __RWSEM_INITIALIZER(root_user_keyring.sem), 43 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 44 .flags = 1 << KEY_FLAG_INSTANTIATED, 45 .description = "_uid.0", 46#ifdef KEY_DEBUGGING 47 .magic = KEY_DEBUG_MAGIC, 48#endif 49}; 50 51/* the root user's default session keyring */ 52struct key root_session_keyring = { 53 .usage = ATOMIC_INIT(1), 54 .serial = 1, 55 .type = &key_type_keyring, 56 .user = &root_key_user, 57 .sem = __RWSEM_INITIALIZER(root_session_keyring.sem), 58 .perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL, 59 .flags = 1 << KEY_FLAG_INSTANTIATED, 60 .description = "_uid_ses.0", 61#ifdef KEY_DEBUGGING 62 .magic = KEY_DEBUG_MAGIC, 63#endif 64}; 65 66/*****************************************************************************/ 67/* 68 * allocate the keyrings to be associated with a UID 69 */ 70int alloc_uid_keyring(struct user_struct *user, 71 struct task_struct *ctx) 72{ 73 struct key *uid_keyring, *session_keyring; 74 char buf[20]; 75 int ret; 76 77 /* concoct a default session keyring */ 78 sprintf(buf, "_uid_ses.%u", user->uid); 79 80 session_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx, 81 KEY_ALLOC_IN_QUOTA, NULL); 82 if (IS_ERR(session_keyring)) { 83 ret = PTR_ERR(session_keyring); 84 goto error; 85 } 86 87 /* and a UID specific keyring, pointed to by the default session 88 * keyring */ 89 sprintf(buf, "_uid.%u", user->uid); 90 91 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, ctx, 92 KEY_ALLOC_IN_QUOTA, session_keyring); 93 if (IS_ERR(uid_keyring)) { 94 key_put(session_keyring); 95 ret = PTR_ERR(uid_keyring); 96 goto error; 97 } 98 99 /* install the keyrings */ 100 user->uid_keyring = uid_keyring; 101 user->session_keyring = session_keyring; 102 ret = 0; 103 104error: 105 return ret; 106 107} /* end alloc_uid_keyring() */ 108 109/*****************************************************************************/ 110/* 111 * deal with the UID changing 112 */ 113void switch_uid_keyring(struct user_struct *new_user) 114{ 115 116} /* end switch_uid_keyring() */ 117 118/*****************************************************************************/ 119/* 120 * install a fresh thread keyring, discarding the old one 121 */ 122int install_thread_keyring(struct task_struct *tsk) 123{ 124 struct key *keyring, *old; 125 char buf[20]; 126 int ret; 127 128 sprintf(buf, "_tid.%u", tsk->pid); 129 130 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 131 KEY_ALLOC_QUOTA_OVERRUN, NULL); 132 if (IS_ERR(keyring)) { 133 ret = PTR_ERR(keyring); 134 goto error; 135 } 136 137 task_lock(tsk); 138 old = tsk->thread_keyring; 139 tsk->thread_keyring = keyring; 140 task_unlock(tsk); 141 142 ret = 0; 143 144 key_put(old); 145error: 146 return ret; 147 148} /* end install_thread_keyring() */ 149 150/*****************************************************************************/ 151/* 152 * make sure a process keyring is installed 153 */ 154int install_process_keyring(struct task_struct *tsk) 155{ 156 struct key *keyring; 157 char buf[20]; 158 int ret; 159 160 might_sleep(); 161 162 if (!tsk->signal->process_keyring) { 163 sprintf(buf, "_pid.%u", tsk->tgid); 164 165 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 166 KEY_ALLOC_QUOTA_OVERRUN, NULL); 167 if (IS_ERR(keyring)) { 168 ret = PTR_ERR(keyring); 169 goto error; 170 } 171 172 /* attach keyring */ 173 spin_lock_irq(&tsk->sighand->siglock); 174 if (!tsk->signal->process_keyring) { 175 tsk->signal->process_keyring = keyring; 176 keyring = NULL; 177 } 178 spin_unlock_irq(&tsk->sighand->siglock); 179 180 key_put(keyring); 181 } 182 183 ret = 0; 184error: 185 return ret; 186 187} /* end install_process_keyring() */ 188 189/*****************************************************************************/ 190/* 191 * install a session keyring, discarding the old one 192 * - if a keyring is not supplied, an empty one is invented 193 */ 194static int install_session_keyring(struct task_struct *tsk, 195 struct key *keyring) 196{ 197 unsigned long flags; 198 struct key *old; 199 char buf[20]; 200 201 might_sleep(); 202 203 /* create an empty session keyring */ 204 if (!keyring) { 205 sprintf(buf, "_ses.%u", tsk->tgid); 206 207 flags = KEY_ALLOC_QUOTA_OVERRUN; 208 if (tsk->signal->session_keyring) 209 flags = KEY_ALLOC_IN_QUOTA; 210 211 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk, 212 flags, NULL); 213 if (IS_ERR(keyring)) 214 return PTR_ERR(keyring); 215 } 216 else { 217 atomic_inc(&keyring->usage); 218 } 219 220 /* install the keyring */ 221 spin_lock_irq(&tsk->sighand->siglock); 222 old = tsk->signal->session_keyring; 223 rcu_assign_pointer(tsk->signal->session_keyring, keyring); 224 spin_unlock_irq(&tsk->sighand->siglock); 225 226 /* we're using RCU on the pointer, but there's no point synchronising 227 * on it if it didn't previously point to anything */ 228 if (old) { 229 synchronize_rcu(); 230 key_put(old); 231 } 232 233 return 0; 234 235} /* end install_session_keyring() */ 236 237/*****************************************************************************/ 238/* 239 * copy the keys in a thread group for fork without CLONE_THREAD 240 */ 241int copy_thread_group_keys(struct task_struct *tsk) 242{ 243 key_check(current->thread_group->session_keyring); 244 key_check(current->thread_group->process_keyring); 245 246 /* no process keyring yet */ 247 tsk->signal->process_keyring = NULL; 248 249 /* same session keyring */ 250 rcu_read_lock(); 251 tsk->signal->session_keyring = 252 key_get(rcu_dereference(current->signal->session_keyring)); 253 rcu_read_unlock(); 254 255 return 0; 256 257} /* end copy_thread_group_keys() */ 258 259/*****************************************************************************/ 260/* 261 * copy the keys for fork 262 */ 263int copy_keys(unsigned long clone_flags, struct task_struct *tsk) 264{ 265 key_check(tsk->thread_keyring); 266 key_check(tsk->request_key_auth); 267 268 /* no thread keyring yet */ 269 tsk->thread_keyring = NULL; 270 271 /* copy the request_key() authorisation for this thread */ 272 key_get(tsk->request_key_auth); 273 274 return 0; 275 276} /* end copy_keys() */ 277 278/*****************************************************************************/ 279/* 280 * dispose of thread group keys upon thread group destruction 281 */ 282void exit_thread_group_keys(struct signal_struct *tg) 283{ 284 key_put(tg->session_keyring); 285 key_put(tg->process_keyring); 286 287} /* end exit_thread_group_keys() */ 288 289/*****************************************************************************/ 290/* 291 * dispose of per-thread keys upon thread exit 292 */ 293void exit_keys(struct task_struct *tsk) 294{ 295 key_put(tsk->thread_keyring); 296 key_put(tsk->request_key_auth); 297 298} /* end exit_keys() */ 299 300/*****************************************************************************/ 301/* 302 * deal with execve() 303 */ 304int exec_keys(struct task_struct *tsk) 305{ 306 struct key *old; 307 308 /* newly exec'd tasks don't get a thread keyring */ 309 task_lock(tsk); 310 old = tsk->thread_keyring; 311 tsk->thread_keyring = NULL; 312 task_unlock(tsk); 313 314 key_put(old); 315 316 /* discard the process keyring from a newly exec'd task */ 317 spin_lock_irq(&tsk->sighand->siglock); 318 old = tsk->signal->process_keyring; 319 tsk->signal->process_keyring = NULL; 320 spin_unlock_irq(&tsk->sighand->siglock); 321 322 key_put(old); 323 324 return 0; 325 326} /* end exec_keys() */ 327 328/*****************************************************************************/ 329/* 330 * deal with SUID programs 331 * - we might want to make this invent a new session keyring 332 */ 333int suid_keys(struct task_struct *tsk) 334{ 335 return 0; 336 337} /* end suid_keys() */ 338 339/*****************************************************************************/ 340/* 341 * the filesystem user ID changed 342 */ 343void key_fsuid_changed(struct task_struct *tsk) 344{ 345 /* update the ownership of the thread keyring */ 346 if (tsk->thread_keyring) { 347 down_write(&tsk->thread_keyring->sem); 348 tsk->thread_keyring->uid = tsk->fsuid; 349 up_write(&tsk->thread_keyring->sem); 350 } 351 352} /* end key_fsuid_changed() */ 353 354/*****************************************************************************/ 355/* 356 * the filesystem group ID changed 357 */ 358void key_fsgid_changed(struct task_struct *tsk) 359{ 360 /* update the ownership of the thread keyring */ 361 if (tsk->thread_keyring) { 362 down_write(&tsk->thread_keyring->sem); 363 tsk->thread_keyring->gid = tsk->fsgid; 364 up_write(&tsk->thread_keyring->sem); 365 } 366 367} /* end key_fsgid_changed() */ 368 369/*****************************************************************************/ 370/* 371 * search the process keyrings for the first matching key 372 * - we use the supplied match function to see if the description (or other 373 * feature of interest) matches 374 * - we return -EAGAIN if we didn't find any matching key 375 * - we return -ENOKEY if we found only negative matching keys 376 */ 377key_ref_t search_process_keyrings(struct key_type *type, 378 const void *description, 379 key_match_func_t match, 380 struct task_struct *context) 381{ 382 struct request_key_auth *rka; 383 key_ref_t key_ref, ret, err; 384 385 might_sleep(); 386 387 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were 388 * searchable, but we failed to find a key or we found a negative key; 389 * otherwise we want to return a sample error (probably -EACCES) if 390 * none of the keyrings were searchable 391 * 392 * in terms of priority: success > -ENOKEY > -EAGAIN > other error 393 */ 394 key_ref = NULL; 395 ret = NULL; 396 err = ERR_PTR(-EAGAIN); 397 398 /* search the thread keyring first */ 399 if (context->thread_keyring) { 400 key_ref = keyring_search_aux( 401 make_key_ref(context->thread_keyring, 1), 402 context, type, description, match); 403 if (!IS_ERR(key_ref)) 404 goto found; 405 406 switch (PTR_ERR(key_ref)) { 407 case -EAGAIN: /* no key */ 408 if (ret) 409 break; 410 case -ENOKEY: /* negative key */ 411 ret = key_ref; 412 break; 413 default: 414 err = key_ref; 415 break; 416 } 417 } 418 419 /* search the process keyring second */ 420 if (context->signal->process_keyring) { 421 key_ref = keyring_search_aux( 422 make_key_ref(context->signal->process_keyring, 1), 423 context, type, description, match); 424 if (!IS_ERR(key_ref)) 425 goto found; 426 427 switch (PTR_ERR(key_ref)) { 428 case -EAGAIN: /* no key */ 429 if (ret) 430 break; 431 case -ENOKEY: /* negative key */ 432 ret = key_ref; 433 break; 434 default: 435 err = key_ref; 436 break; 437 } 438 } 439 440 /* search the session keyring */ 441 if (context->signal->session_keyring) { 442 rcu_read_lock(); 443 key_ref = keyring_search_aux( 444 make_key_ref(rcu_dereference( 445 context->signal->session_keyring), 446 1), 447 context, type, description, match); 448 rcu_read_unlock(); 449 450 if (!IS_ERR(key_ref)) 451 goto found; 452 453 switch (PTR_ERR(key_ref)) { 454 case -EAGAIN: /* no key */ 455 if (ret) 456 break; 457 case -ENOKEY: /* negative key */ 458 ret = key_ref; 459 break; 460 default: 461 err = key_ref; 462 break; 463 } 464 } 465 /* or search the user-session keyring */ 466 else { 467 key_ref = keyring_search_aux( 468 make_key_ref(context->user->session_keyring, 1), 469 context, type, description, match); 470 if (!IS_ERR(key_ref)) 471 goto found; 472 473 switch (PTR_ERR(key_ref)) { 474 case -EAGAIN: /* no key */ 475 if (ret) 476 break; 477 case -ENOKEY: /* negative key */ 478 ret = key_ref; 479 break; 480 default: 481 err = key_ref; 482 break; 483 } 484 } 485 486 /* if this process has an instantiation authorisation key, then we also 487 * search the keyrings of the process mentioned there 488 * - we don't permit access to request_key auth keys via this method 489 */ 490 if (context->request_key_auth && 491 context == current && 492 type != &key_type_request_key_auth 493 ) { 494 /* defend against the auth key being revoked */ 495 down_read(&context->request_key_auth->sem); 496 497 if (key_validate(context->request_key_auth) == 0) { 498 rka = context->request_key_auth->payload.data; 499 500 key_ref = search_process_keyrings(type, description, 501 match, rka->context); 502 503 up_read(&context->request_key_auth->sem); 504 505 if (!IS_ERR(key_ref)) 506 goto found; 507 508 switch (PTR_ERR(key_ref)) { 509 case -EAGAIN: /* no key */ 510 if (ret) 511 break; 512 case -ENOKEY: /* negative key */ 513 ret = key_ref; 514 break; 515 default: 516 err = key_ref; 517 break; 518 } 519 } else { 520 up_read(&context->request_key_auth->sem); 521 } 522 } 523 524 /* no key - decide on the error we're going to go for */ 525 key_ref = ret ? ret : err; 526 527found: 528 return key_ref; 529 530} /* end search_process_keyrings() */ 531 532/*****************************************************************************/ 533/* 534 * see if the key we're looking at is the target key 535 */ 536static int lookup_user_key_possessed(const struct key *key, const void *target) 537{ 538 return key == target; 539 540} /* end lookup_user_key_possessed() */ 541 542/*****************************************************************************/ 543/* 544 * lookup a key given a key ID from userspace with a given permissions mask 545 * - don't create special keyrings unless so requested 546 * - partially constructed keys aren't found unless requested 547 */ 548key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id, 549 int create, int partial, key_perm_t perm) 550{ 551 key_ref_t key_ref, skey_ref; 552 struct key *key; 553 int ret; 554 555 if (!context) 556 context = current; 557 558 key_ref = ERR_PTR(-ENOKEY); 559 560 switch (id) { 561 case KEY_SPEC_THREAD_KEYRING: 562 if (!context->thread_keyring) { 563 if (!create) 564 goto error; 565 566 ret = install_thread_keyring(context); 567 if (ret < 0) { 568 key = ERR_PTR(ret); 569 goto error; 570 } 571 } 572 573 key = context->thread_keyring; 574 atomic_inc(&key->usage); 575 key_ref = make_key_ref(key, 1); 576 break; 577 578 case KEY_SPEC_PROCESS_KEYRING: 579 if (!context->signal->process_keyring) { 580 if (!create) 581 goto error; 582 583 ret = install_process_keyring(context); 584 if (ret < 0) { 585 key = ERR_PTR(ret); 586 goto error; 587 } 588 } 589 590 key = context->signal->process_keyring; 591 atomic_inc(&key->usage); 592 key_ref = make_key_ref(key, 1); 593 break; 594 595 case KEY_SPEC_SESSION_KEYRING: 596 if (!context->signal->session_keyring) { 597 /* always install a session keyring upon access if one 598 * doesn't exist yet */ 599 ret = install_session_keyring( 600 context, context->user->session_keyring); 601 if (ret < 0) 602 goto error; 603 } 604 605 rcu_read_lock(); 606 key = rcu_dereference(context->signal->session_keyring); 607 atomic_inc(&key->usage); 608 rcu_read_unlock(); 609 key_ref = make_key_ref(key, 1); 610 break; 611 612 case KEY_SPEC_USER_KEYRING: 613 key = context->user->uid_keyring; 614 atomic_inc(&key->usage); 615 key_ref = make_key_ref(key, 1); 616 break; 617 618 case KEY_SPEC_USER_SESSION_KEYRING: 619 key = context->user->session_keyring; 620 atomic_inc(&key->usage); 621 key_ref = make_key_ref(key, 1); 622 break; 623 624 case KEY_SPEC_GROUP_KEYRING: 625 /* group keyrings are not yet supported */ 626 key = ERR_PTR(-EINVAL); 627 goto error; 628 629 case KEY_SPEC_REQKEY_AUTH_KEY: 630 key = context->request_key_auth; 631 if (!key) 632 goto error; 633 634 atomic_inc(&key->usage); 635 key_ref = make_key_ref(key, 1); 636 break; 637 638 default: 639 key_ref = ERR_PTR(-EINVAL); 640 if (id < 1) 641 goto error; 642 643 key = key_lookup(id); 644 if (IS_ERR(key)) { 645 key_ref = ERR_PTR(PTR_ERR(key)); 646 goto error; 647 } 648 649 key_ref = make_key_ref(key, 0); 650 651 /* check to see if we possess the key */ 652 skey_ref = search_process_keyrings(key->type, key, 653 lookup_user_key_possessed, 654 current); 655 656 if (!IS_ERR(skey_ref)) { 657 key_put(key); 658 key_ref = skey_ref; 659 } 660 661 break; 662 } 663 664 /* check the status */ 665 if (perm) { 666 ret = key_validate(key); 667 if (ret < 0) 668 goto invalid_key; 669 } 670 671 ret = -EIO; 672 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) 673 goto invalid_key; 674 675 /* check the permissions */ 676 ret = key_task_permission(key_ref, context, perm); 677 if (ret < 0) 678 goto invalid_key; 679 680error: 681 return key_ref; 682 683invalid_key: 684 key_ref_put(key_ref); 685 key_ref = ERR_PTR(ret); 686 goto error; 687 688} /* end lookup_user_key() */ 689 690/*****************************************************************************/ 691/* 692 * join the named keyring as the session keyring if possible, or attempt to 693 * create a new one of that name if not 694 * - if the name is NULL, an empty anonymous keyring is installed instead 695 * - named session keyring joining is done with a semaphore held 696 */ 697long join_session_keyring(const char *name) 698{ 699 struct task_struct *tsk = current; 700 struct key *keyring; 701 long ret; 702 703 /* if no name is provided, install an anonymous keyring */ 704 if (!name) { 705 ret = install_session_keyring(tsk, NULL); 706 if (ret < 0) 707 goto error; 708 709 rcu_read_lock(); 710 ret = rcu_dereference(tsk->signal->session_keyring)->serial; 711 rcu_read_unlock(); 712 goto error; 713 } 714 715 /* allow the user to join or create a named keyring */ 716 mutex_lock(&key_session_mutex); 717 718 /* look for an existing keyring of this name */ 719 keyring = find_keyring_by_name(name, 0); 720 if (PTR_ERR(keyring) == -ENOKEY) { 721 /* not found - try and create a new one */ 722 keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk, 723 KEY_ALLOC_IN_QUOTA, NULL); 724 if (IS_ERR(keyring)) { 725 ret = PTR_ERR(keyring); 726 goto error2; 727 } 728 } 729 else if (IS_ERR(keyring)) { 730 ret = PTR_ERR(keyring); 731 goto error2; 732 } 733 734 /* we've got a keyring - now to install it */ 735 ret = install_session_keyring(tsk, keyring); 736 if (ret < 0) 737 goto error2; 738 739 ret = keyring->serial; 740 key_put(keyring); 741 742error2: 743 mutex_unlock(&key_session_mutex); 744error: 745 return ret; 746 747} /* end join_session_keyring() */ 748