security/keys/process_keys.c

0001 // SPDX-License-Identifier: GPL-2.0-or-later
0002 /* Manage a process's keyrings
0003  *
0004  * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
0005  * Written by David Howells (dhowells@redhat.com)
0006  */
0007
0008 #include <linux/init.h>
0009 #include <linux/sched.h>
0010 #include <linux/sched/user.h>
0011 #include <linux/keyctl.h>
0012 #include <linux/fs.h>
0013 #include <linux/err.h>
0014 #include <linux/mutex.h>
0015 #include <linux/security.h>
0016 #include <linux/user_namespace.h>
0017 #include <linux/uaccess.h>
0018 #include <linux/init_task.h>
0019 #include <keys/request_key_auth-type.h>
0020 #include "internal.h"
0021
0022 /* Session keyring create vs join semaphore */
0023 static DEFINE_MUTEX(key_session_mutex);
0024
0025 /* The root user's tracking struct */
0026 struct key_user root_key_user = {
0027     .usage      = REFCOUNT_INIT(3),
0028     .cons_lock  = __MUTEX_INITIALIZER(root_key_user.cons_lock),
0029     .lock       = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
0030     .nkeys      = ATOMIC_INIT(2),
0031     .nikeys     = ATOMIC_INIT(2),
0032     .uid        = GLOBAL_ROOT_UID,
0033 };
0034
0035 /*
0036  * Get or create a user register keyring.
0037  */
0038 static struct key *get_user_register(struct user_namespace *user_ns)
0039 {
0040     struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register);
0041
0042     if (reg_keyring)
0043         return reg_keyring;
0044
0045     down_write(&user_ns->keyring_sem);
0046
0047     /* Make sure there's a register keyring.  It gets owned by the
0048      * user_namespace's owner.
0049      */
0050     reg_keyring = user_ns->user_keyring_register;
0051     if (!reg_keyring) {
0052         reg_keyring = keyring_alloc(".user_reg",
0053                         user_ns->owner, INVALID_GID,
0054                         &init_cred,
0055                         KEY_POS_WRITE | KEY_POS_SEARCH |
0056                         KEY_USR_VIEW | KEY_USR_READ,
0057                         0,
0058                         NULL, NULL);
0059         if (!IS_ERR(reg_keyring))
0060             smp_store_release(&user_ns->user_keyring_register,
0061                       reg_keyring);
0062     }
0063
0064     up_write(&user_ns->keyring_sem);
0065
0066     /* We don't return a ref since the keyring is pinned by the user_ns */
0067     return reg_keyring;
0068 }
0069
0070 /*
0071  * Look up the user and user session keyrings for the current process's UID,
0072  * creating them if they don't exist.
0073  */
0074 int look_up_user_keyrings(struct key **_user_keyring,
0075               struct key **_user_session_keyring)
0076 {
0077     const struct cred *cred = current_cred();
0078     struct user_namespace *user_ns = current_user_ns();
0079     struct key *reg_keyring, *uid_keyring, *session_keyring;
0080     key_perm_t user_keyring_perm;
0081     key_ref_t uid_keyring_r, session_keyring_r;
0082     uid_t uid = from_kuid(user_ns, cred->user->uid);
0083     char buf[20];
0084     int ret;
0085
0086     user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
0087
0088     kenter("%u", uid);
0089
0090     reg_keyring = get_user_register(user_ns);
0091     if (IS_ERR(reg_keyring))
0092         return PTR_ERR(reg_keyring);
0093
0094     down_write(&user_ns->keyring_sem);
0095     ret = 0;
0096
0097     /* Get the user keyring.  Note that there may be one in existence
0098      * already as it may have been pinned by a session, but the user_struct
0099      * pointing to it may have been destroyed by setuid.
0100      */
0101     snprintf(buf, sizeof(buf), "_uid.%u", uid);
0102     uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
0103                        &key_type_keyring, buf, false);
0104     kdebug("_uid %p", uid_keyring_r);
0105     if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
0106         uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
0107                         cred, user_keyring_perm,
0108                         KEY_ALLOC_UID_KEYRING |
0109                         KEY_ALLOC_IN_QUOTA,
0110                         NULL, reg_keyring);
0111         if (IS_ERR(uid_keyring)) {
0112             ret = PTR_ERR(uid_keyring);
0113             goto error;
0114         }
0115     } else if (IS_ERR(uid_keyring_r)) {
0116         ret = PTR_ERR(uid_keyring_r);
0117         goto error;
0118     } else {
0119         uid_keyring = key_ref_to_ptr(uid_keyring_r);
0120     }
0121
0122     /* Get a default session keyring (which might also exist already) */
0123     snprintf(buf, sizeof(buf), "_uid_ses.%u", uid);
0124     session_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
0125                        &key_type_keyring, buf, false);
0126     kdebug("_uid_ses %p", session_keyring_r);
0127     if (session_keyring_r == ERR_PTR(-EAGAIN)) {
0128         session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
0129                         cred, user_keyring_perm,
0130                         KEY_ALLOC_UID_KEYRING |
0131                         KEY_ALLOC_IN_QUOTA,
0132                         NULL, NULL);
0133         if (IS_ERR(session_keyring)) {
0134             ret = PTR_ERR(session_keyring);
0135             goto error_release;
0136         }
0137
0138         /* We install a link from the user session keyring to
0139          * the user keyring.
0140          */
0141         ret = key_link(session_keyring, uid_keyring);
0142         if (ret < 0)
0143             goto error_release_session;
0144
0145         /* And only then link the user-session keyring to the
0146          * register.
0147          */
0148         ret = key_link(reg_keyring, session_keyring);
0149         if (ret < 0)
0150             goto error_release_session;
0151     } else if (IS_ERR(session_keyring_r)) {
0152         ret = PTR_ERR(session_keyring_r);
0153         goto error_release;
0154     } else {
0155         session_keyring = key_ref_to_ptr(session_keyring_r);
0156     }
0157
0158     up_write(&user_ns->keyring_sem);
0159
0160     if (_user_session_keyring)
0161         *_user_session_keyring = session_keyring;
0162     else
0163         key_put(session_keyring);
0164     if (_user_keyring)
0165         *_user_keyring = uid_keyring;
0166     else
0167         key_put(uid_keyring);
0168     kleave(" = 0");
0169     return 0;
0170
0171 error_release_session:
0172     key_put(session_keyring);
0173 error_release:
0174     key_put(uid_keyring);
0175 error:
0176     up_write(&user_ns->keyring_sem);
0177     kleave(" = %d", ret);
0178     return ret;
0179 }
0180
0181 /*
0182  * Get the user session keyring if it exists, but don't create it if it
0183  * doesn't.
0184  */
0185 struct key *get_user_session_keyring_rcu(const struct cred *cred)
0186 {
0187     struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register);
0188     key_ref_t session_keyring_r;
0189     char buf[20];
0190
0191     struct keyring_search_context ctx = {
0192         .index_key.type     = &key_type_keyring,
0193         .index_key.description  = buf,
0194         .cred           = cred,
0195         .match_data.cmp     = key_default_cmp,
0196         .match_data.raw_data    = buf,
0197         .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
0198         .flags          = KEYRING_SEARCH_DO_STATE_CHECK,
0199     };
0200
0201     if (!reg_keyring)
0202         return NULL;
0203
0204     ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u",
0205                       from_kuid(cred->user_ns,
0206                             cred->user->uid));
0207
0208     session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true),
0209                            &ctx);
0210     if (IS_ERR(session_keyring_r))
0211         return NULL;
0212     return key_ref_to_ptr(session_keyring_r);
0213 }
0214
0215 /*
0216  * Install a thread keyring to the given credentials struct if it didn't have
0217  * one already.  This is allowed to overrun the quota.
0218  *
0219  * Return: 0 if a thread keyring is now present; -errno on failure.
0220  */
0221 int install_thread_keyring_to_cred(struct cred *new)
0222 {
0223     struct key *keyring;
0224
0225     if (new->thread_keyring)
0226         return 0;
0227
0228     keyring = keyring_alloc("_tid", new->uid, new->gid, new,
0229                 KEY_POS_ALL | KEY_USR_VIEW,
0230                 KEY_ALLOC_QUOTA_OVERRUN,
0231                 NULL, NULL);
0232     if (IS_ERR(keyring))
0233         return PTR_ERR(keyring);
0234
0235     new->thread_keyring = keyring;
0236     return 0;
0237 }
0238
0239 /*
0240  * Install a thread keyring to the current task if it didn't have one already.
0241  *
0242  * Return: 0 if a thread keyring is now present; -errno on failure.
0243  */
0244 static int install_thread_keyring(void)
0245 {
0246     struct cred *new;
0247     int ret;
0248
0249     new = prepare_creds();
0250     if (!new)
0251         return -ENOMEM;
0252
0253     ret = install_thread_keyring_to_cred(new);
0254     if (ret < 0) {
0255         abort_creds(new);
0256         return ret;
0257     }
0258
0259     return commit_creds(new);
0260 }
0261
0262 /*
0263  * Install a process keyring to the given credentials struct if it didn't have
0264  * one already.  This is allowed to overrun the quota.
0265  *
0266  * Return: 0 if a process keyring is now present; -errno on failure.
0267  */
0268 int install_process_keyring_to_cred(struct cred *new)
0269 {
0270     struct key *keyring;
0271
0272     if (new->process_keyring)
0273         return 0;
0274
0275     keyring = keyring_alloc("_pid", new->uid, new->gid, new,
0276                 KEY_POS_ALL | KEY_USR_VIEW,
0277                 KEY_ALLOC_QUOTA_OVERRUN,
0278                 NULL, NULL);
0279     if (IS_ERR(keyring))
0280         return PTR_ERR(keyring);
0281
0282     new->process_keyring = keyring;
0283     return 0;
0284 }
0285
0286 /*
0287  * Install a process keyring to the current task if it didn't have one already.
0288  *
0289  * Return: 0 if a process keyring is now present; -errno on failure.
0290  */
0291 static int install_process_keyring(void)
0292 {
0293     struct cred *new;
0294     int ret;
0295
0296     new = prepare_creds();
0297     if (!new)
0298         return -ENOMEM;
0299
0300     ret = install_process_keyring_to_cred(new);
0301     if (ret < 0) {
0302         abort_creds(new);
0303         return ret;
0304     }
0305
0306     return commit_creds(new);
0307 }
0308
0309 /*
0310  * Install the given keyring as the session keyring of the given credentials
0311  * struct, replacing the existing one if any.  If the given keyring is NULL,
0312  * then install a new anonymous session keyring.
0313  * @cred can not be in use by any task yet.
0314  *
0315  * Return: 0 on success; -errno on failure.
0316  */
0317 int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
0318 {
0319     unsigned long flags;
0320     struct key *old;
0321
0322     might_sleep();
0323
0324     /* create an empty session keyring */
0325     if (!keyring) {
0326         flags = KEY_ALLOC_QUOTA_OVERRUN;
0327         if (cred->session_keyring)
0328             flags = KEY_ALLOC_IN_QUOTA;
0329
0330         keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
0331                     KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
0332                     flags, NULL, NULL);
0333         if (IS_ERR(keyring))
0334             return PTR_ERR(keyring);
0335     } else {
0336         __key_get(keyring);
0337     }
0338
0339     /* install the keyring */
0340     old = cred->session_keyring;
0341     cred->session_keyring = keyring;
0342
0343     if (old)
0344         key_put(old);
0345
0346     return 0;
0347 }
0348
0349 /*
0350  * Install the given keyring as the session keyring of the current task,
0351  * replacing the existing one if any.  If the given keyring is NULL, then
0352  * install a new anonymous session keyring.
0353  *
0354  * Return: 0 on success; -errno on failure.
0355  */
0356 static int install_session_keyring(struct key *keyring)
0357 {
0358     struct cred *new;
0359     int ret;
0360
0361     new = prepare_creds();
0362     if (!new)
0363         return -ENOMEM;
0364
0365     ret = install_session_keyring_to_cred(new, keyring);
0366     if (ret < 0) {
0367         abort_creds(new);
0368         return ret;
0369     }
0370
0371     return commit_creds(new);
0372 }
0373
0374 /*
0375  * Handle the fsuid changing.
0376  */
0377 void key_fsuid_changed(struct cred *new_cred)
0378 {
0379     /* update the ownership of the thread keyring */
0380     if (new_cred->thread_keyring) {
0381         down_write(&new_cred->thread_keyring->sem);
0382         new_cred->thread_keyring->uid = new_cred->fsuid;
0383         up_write(&new_cred->thread_keyring->sem);
0384     }
0385 }
0386
0387 /*
0388  * Handle the fsgid changing.
0389  */
0390 void key_fsgid_changed(struct cred *new_cred)
0391 {
0392     /* update the ownership of the thread keyring */
0393     if (new_cred->thread_keyring) {
0394         down_write(&new_cred->thread_keyring->sem);
0395         new_cred->thread_keyring->gid = new_cred->fsgid;
0396         up_write(&new_cred->thread_keyring->sem);
0397     }
0398 }
0399
0400 /*
0401  * Search the process keyrings attached to the supplied cred for the first
0402  * matching key under RCU conditions (the caller must be holding the RCU read
0403  * lock).
0404  *
0405  * The search criteria are the type and the match function.  The description is
0406  * given to the match function as a parameter, but doesn't otherwise influence
0407  * the search.  Typically the match function will compare the description
0408  * parameter to the key's description.
0409  *
0410  * This can only search keyrings that grant Search permission to the supplied
0411  * credentials.  Keyrings linked to searched keyrings will also be searched if
0412  * they grant Search permission too.  Keys can only be found if they grant
0413  * Search permission to the credentials.
0414  *
0415  * Returns a pointer to the key with the key usage count incremented if
0416  * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only
0417  * matched negative keys.
0418  *
0419  * In the case of a successful return, the possession attribute is set on the
0420  * returned key reference.
0421  */
0422 key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
0423 {
0424     struct key *user_session;
0425     key_ref_t key_ref, ret, err;
0426     const struct cred *cred = ctx->cred;
0427
0428     /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
0429      * searchable, but we failed to find a key or we found a negative key;
0430      * otherwise we want to return a sample error (probably -EACCES) if
0431      * none of the keyrings were searchable
0432      *
0433      * in terms of priority: success > -ENOKEY > -EAGAIN > other error
0434      */
0435     key_ref = NULL;
0436     ret = NULL;
0437     err = ERR_PTR(-EAGAIN);
0438
0439     /* search the thread keyring first */
0440     if (cred->thread_keyring) {
0441         key_ref = keyring_search_rcu(
0442             make_key_ref(cred->thread_keyring, 1), ctx);
0443         if (!IS_ERR(key_ref))
0444             goto found;
0445
0446         switch (PTR_ERR(key_ref)) {
0447         case -EAGAIN: /* no key */
0448         case -ENOKEY: /* negative key */
0449             ret = key_ref;
0450             break;
0451         default:
0452             err = key_ref;
0453             break;
0454         }
0455     }
0456
0457     /* search the process keyring second */
0458     if (cred->process_keyring) {
0459         key_ref = keyring_search_rcu(
0460             make_key_ref(cred->process_keyring, 1), ctx);
0461         if (!IS_ERR(key_ref))
0462             goto found;
0463
0464         switch (PTR_ERR(key_ref)) {
0465         case -EAGAIN: /* no key */
0466             if (ret)
0467                 break;
0468             fallthrough;
0469         case -ENOKEY: /* negative key */
0470             ret = key_ref;
0471             break;
0472         default:
0473             err = key_ref;
0474             break;
0475         }
0476     }
0477
0478     /* search the session keyring */
0479     if (cred->session_keyring) {
0480         key_ref = keyring_search_rcu(
0481             make_key_ref(cred->session_keyring, 1), ctx);
0482
0483         if (!IS_ERR(key_ref))
0484             goto found;
0485
0486         switch (PTR_ERR(key_ref)) {
0487         case -EAGAIN: /* no key */
0488             if (ret)
0489                 break;
0490             fallthrough;
0491         case -ENOKEY: /* negative key */
0492             ret = key_ref;
0493             break;
0494         default:
0495             err = key_ref;
0496             break;
0497         }
0498     }
0499     /* or search the user-session keyring */
0500     else if ((user_session = get_user_session_keyring_rcu(cred))) {
0501         key_ref = keyring_search_rcu(make_key_ref(user_session, 1),
0502                          ctx);
0503         key_put(user_session);
0504
0505         if (!IS_ERR(key_ref))
0506             goto found;
0507
0508         switch (PTR_ERR(key_ref)) {
0509         case -EAGAIN: /* no key */
0510             if (ret)
0511                 break;
0512             fallthrough;
0513         case -ENOKEY: /* negative key */
0514             ret = key_ref;
0515             break;
0516         default:
0517             err = key_ref;
0518             break;
0519         }
0520     }
0521
0522     /* no key - decide on the error we're going to go for */
0523     key_ref = ret ? ret : err;
0524
0525 found:
0526     return key_ref;
0527 }
0528
0529 /*
0530  * Search the process keyrings attached to the supplied cred for the first
0531  * matching key in the manner of search_my_process_keyrings(), but also search
0532  * the keys attached to the assumed authorisation key using its credentials if
0533  * one is available.
0534  *
0535  * The caller must be holding the RCU read lock.
0536  *
0537  * Return same as search_cred_keyrings_rcu().
0538  */
0539 key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
0540 {
0541     struct request_key_auth *rka;
0542     key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
0543
0544     key_ref = search_cred_keyrings_rcu(ctx);
0545     if (!IS_ERR(key_ref))
0546         goto found;
0547     err = key_ref;
0548
0549     /* if this process has an instantiation authorisation key, then we also
0550      * search the keyrings of the process mentioned there
0551      * - we don't permit access to request_key auth keys via this method
0552      */
0553     if (ctx->cred->request_key_auth &&
0554         ctx->cred == current_cred() &&
0555         ctx->index_key.type != &key_type_request_key_auth
0556         ) {
0557         const struct cred *cred = ctx->cred;
0558
0559         if (key_validate(cred->request_key_auth) == 0) {
0560             rka = ctx->cred->request_key_auth->payload.data[0];
0561
0562             //// was search_process_keyrings() [ie. recursive]
0563             ctx->cred = rka->cred;
0564             key_ref = search_cred_keyrings_rcu(ctx);
0565             ctx->cred = cred;
0566
0567             if (!IS_ERR(key_ref))
0568                 goto found;
0569             ret = key_ref;
0570         }
0571     }
0572
0573     /* no key - decide on the error we're going to go for */
0574     if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
0575         key_ref = ERR_PTR(-ENOKEY);
0576     else if (err == ERR_PTR(-EACCES))
0577         key_ref = ret;
0578     else
0579         key_ref = err;
0580
0581 found:
0582     return key_ref;
0583 }
0584 /*
0585  * See if the key we're looking at is the target key.
0586  */
0587 bool lookup_user_key_possessed(const struct key *key,
0588                    const struct key_match_data *match_data)
0589 {
0590     return key == match_data->raw_data;
0591 }
0592
0593 /*
0594  * Look up a key ID given us by userspace with a given permissions mask to get
0595  * the key it refers to.
0596  *
0597  * Flags can be passed to request that special keyrings be created if referred
0598  * to directly, to permit partially constructed keys to be found and to skip
0599  * validity and permission checks on the found key.
0600  *
0601  * Returns a pointer to the key with an incremented usage count if successful;
0602  * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond
0603  * to a key or the best found key was a negative key; -EKEYREVOKED or
0604  * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the
0605  * found key doesn't grant the requested permit or the LSM denied access to it;
0606  * or -ENOMEM if a special keyring couldn't be created.
0607  *
0608  * In the case of a successful return, the possession attribute is set on the
0609  * returned key reference.
0610  */
0611 key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
0612               enum key_need_perm need_perm)
0613 {
0614     struct keyring_search_context ctx = {
0615         .match_data.cmp     = lookup_user_key_possessed,
0616         .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
0617         .flags          = (KEYRING_SEARCH_NO_STATE_CHECK |
0618                        KEYRING_SEARCH_RECURSE),
0619     };
0620     struct request_key_auth *rka;
0621     struct key *key, *user_session;
0622     key_ref_t key_ref, skey_ref;
0623     int ret;
0624
0625 try_again:
0626     ctx.cred = get_current_cred();
0627     key_ref = ERR_PTR(-ENOKEY);
0628
0629     switch (id) {
0630     case KEY_SPEC_THREAD_KEYRING:
0631         if (!ctx.cred->thread_keyring) {
0632             if (!(lflags & KEY_LOOKUP_CREATE))
0633                 goto error;
0634
0635             ret = install_thread_keyring();
0636             if (ret < 0) {
0637                 key_ref = ERR_PTR(ret);
0638                 goto error;
0639             }
0640             goto reget_creds;
0641         }
0642
0643         key = ctx.cred->thread_keyring;
0644         __key_get(key);
0645         key_ref = make_key_ref(key, 1);
0646         break;
0647
0648     case KEY_SPEC_PROCESS_KEYRING:
0649         if (!ctx.cred->process_keyring) {
0650             if (!(lflags & KEY_LOOKUP_CREATE))
0651                 goto error;
0652
0653             ret = install_process_keyring();
0654             if (ret < 0) {
0655                 key_ref = ERR_PTR(ret);
0656                 goto error;
0657             }
0658             goto reget_creds;
0659         }
0660
0661         key = ctx.cred->process_keyring;
0662         __key_get(key);
0663         key_ref = make_key_ref(key, 1);
0664         break;
0665
0666     case KEY_SPEC_SESSION_KEYRING:
0667         if (!ctx.cred->session_keyring) {
0668             /* always install a session keyring upon access if one
0669              * doesn't exist yet */
0670             ret = look_up_user_keyrings(NULL, &user_session);
0671             if (ret < 0)
0672                 goto error;
0673             if (lflags & KEY_LOOKUP_CREATE)
0674                 ret = join_session_keyring(NULL);
0675             else
0676                 ret = install_session_keyring(user_session);
0677
0678             key_put(user_session);
0679             if (ret < 0)
0680                 goto error;
0681             goto reget_creds;
0682         } else if (test_bit(KEY_FLAG_UID_KEYRING,
0683                     &ctx.cred->session_keyring->flags) &&
0684                lflags & KEY_LOOKUP_CREATE) {
0685             ret = join_session_keyring(NULL);
0686             if (ret < 0)
0687                 goto error;
0688             goto reget_creds;
0689         }
0690
0691         key = ctx.cred->session_keyring;
0692         __key_get(key);
0693         key_ref = make_key_ref(key, 1);
0694         break;
0695
0696     case KEY_SPEC_USER_KEYRING:
0697         ret = look_up_user_keyrings(&key, NULL);
0698         if (ret < 0)
0699             goto error;
0700         key_ref = make_key_ref(key, 1);
0701         break;
0702
0703     case KEY_SPEC_USER_SESSION_KEYRING:
0704         ret = look_up_user_keyrings(NULL, &key);
0705         if (ret < 0)
0706             goto error;
0707         key_ref = make_key_ref(key, 1);
0708         break;
0709
0710     case KEY_SPEC_GROUP_KEYRING:
0711         /* group keyrings are not yet supported */
0712         key_ref = ERR_PTR(-EINVAL);
0713         goto error;
0714
0715     case KEY_SPEC_REQKEY_AUTH_KEY:
0716         key = ctx.cred->request_key_auth;
0717         if (!key)
0718             goto error;
0719
0720         __key_get(key);
0721         key_ref = make_key_ref(key, 1);
0722         break;
0723
0724     case KEY_SPEC_REQUESTOR_KEYRING:
0725         if (!ctx.cred->request_key_auth)
0726             goto error;
0727
0728         down_read(&ctx.cred->request_key_auth->sem);
0729         if (test_bit(KEY_FLAG_REVOKED,
0730                  &ctx.cred->request_key_auth->flags)) {
0731             key_ref = ERR_PTR(-EKEYREVOKED);
0732             key = NULL;
0733         } else {
0734             rka = ctx.cred->request_key_auth->payload.data[0];
0735             key = rka->dest_keyring;
0736             __key_get(key);
0737         }
0738         up_read(&ctx.cred->request_key_auth->sem);
0739         if (!key)
0740             goto error;
0741         key_ref = make_key_ref(key, 1);
0742         break;
0743
0744     default:
0745         key_ref = ERR_PTR(-EINVAL);
0746         if (id < 1)
0747             goto error;
0748
0749         key = key_lookup(id);
0750         if (IS_ERR(key)) {
0751             key_ref = ERR_CAST(key);
0752             goto error;
0753         }
0754
0755         key_ref = make_key_ref(key, 0);
0756
0757         /* check to see if we possess the key */
0758         ctx.index_key           = key->index_key;
0759         ctx.match_data.raw_data     = key;
0760         kdebug("check possessed");
0761         rcu_read_lock();
0762         skey_ref = search_process_keyrings_rcu(&ctx);
0763         rcu_read_unlock();
0764         kdebug("possessed=%p", skey_ref);
0765
0766         if (!IS_ERR(skey_ref)) {
0767             key_put(key);
0768             key_ref = skey_ref;
0769         }
0770
0771         break;
0772     }
0773
0774     /* unlink does not use the nominated key in any way, so can skip all
0775      * the permission checks as it is only concerned with the keyring */
0776     if (need_perm != KEY_NEED_UNLINK) {
0777         if (!(lflags & KEY_LOOKUP_PARTIAL)) {
0778             ret = wait_for_key_construction(key, true);
0779             switch (ret) {
0780             case -ERESTARTSYS:
0781                 goto invalid_key;
0782             default:
0783                 if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
0784                     need_perm != KEY_DEFER_PERM_CHECK)
0785                     goto invalid_key;
0786                 break;
0787             case 0:
0788                 break;
0789             }
0790         } else if (need_perm != KEY_DEFER_PERM_CHECK) {
0791             ret = key_validate(key);
0792             if (ret < 0)
0793                 goto invalid_key;
0794         }
0795
0796         ret = -EIO;
0797         if (!(lflags & KEY_LOOKUP_PARTIAL) &&
0798             key_read_state(key) == KEY_IS_UNINSTANTIATED)
0799             goto invalid_key;
0800     }
0801
0802     /* check the permissions */
0803     ret = key_task_permission(key_ref, ctx.cred, need_perm);
0804     if (ret < 0)
0805         goto invalid_key;
0806
0807     key->last_used_at = ktime_get_real_seconds();
0808
0809 error:
0810     put_cred(ctx.cred);
0811     return key_ref;
0812
0813 invalid_key:
0814     key_ref_put(key_ref);
0815     key_ref = ERR_PTR(ret);
0816     goto error;
0817
0818     /* if we attempted to install a keyring, then it may have caused new
0819      * creds to be installed */
0820 reget_creds:
0821     put_cred(ctx.cred);
0822     goto try_again;
0823 }
0824 EXPORT_SYMBOL(lookup_user_key);
0825
0826 /*
0827  * Join the named keyring as the session keyring if possible else attempt to
0828  * create a new one of that name and join that.
0829  *
0830  * If the name is NULL, an empty anonymous keyring will be installed as the
0831  * session keyring.
0832  *
0833  * Named session keyrings are joined with a semaphore held to prevent the
0834  * keyrings from going away whilst the attempt is made to going them and also
0835  * to prevent a race in creating compatible session keyrings.
0836  */
0837 long join_session_keyring(const char *name)
0838 {
0839     const struct cred *old;
0840     struct cred *new;
0841     struct key *keyring;
0842     long ret, serial;
0843
0844     new = prepare_creds();
0845     if (!new)
0846         return -ENOMEM;
0847     old = current_cred();
0848
0849     /* if no name is provided, install an anonymous keyring */
0850     if (!name) {
0851         ret = install_session_keyring_to_cred(new, NULL);
0852         if (ret < 0)
0853             goto error;
0854
0855         serial = new->session_keyring->serial;
0856         ret = commit_creds(new);
0857         if (ret == 0)
0858             ret = serial;
0859         goto okay;
0860     }
0861
0862     /* allow the user to join or create a named keyring */
0863     mutex_lock(&key_session_mutex);
0864
0865     /* look for an existing keyring of this name */
0866     keyring = find_keyring_by_name(name, false);
0867     if (PTR_ERR(keyring) == -ENOKEY) {
0868         /* not found - try and create a new one */
0869         keyring = keyring_alloc(
0870             name, old->uid, old->gid, old,
0871             KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
0872             KEY_ALLOC_IN_QUOTA, NULL, NULL);
0873         if (IS_ERR(keyring)) {
0874             ret = PTR_ERR(keyring);
0875             goto error2;
0876         }
0877     } else if (IS_ERR(keyring)) {
0878         ret = PTR_ERR(keyring);
0879         goto error2;
0880     } else if (keyring == new->session_keyring) {
0881         ret = 0;
0882         goto error3;
0883     }
0884
0885     /* we've got a keyring - now to install it */
0886     ret = install_session_keyring_to_cred(new, keyring);
0887     if (ret < 0)
0888         goto error3;
0889
0890     commit_creds(new);
0891     mutex_unlock(&key_session_mutex);
0892
0893     ret = keyring->serial;
0894     key_put(keyring);
0895 okay:
0896     return ret;
0897
0898 error3:
0899     key_put(keyring);
0900 error2:
0901     mutex_unlock(&key_session_mutex);
0902 error:
0903     abort_creds(new);
0904     return ret;
0905 }
0906
0907 /*
0908  * Replace a process's session keyring on behalf of one of its children when
0909  * the target  process is about to resume userspace execution.
0910  */
0911 void key_change_session_keyring(struct callback_head *twork)
0912 {
0913     const struct cred *old = current_cred();
0914     struct cred *new = container_of(twork, struct cred, rcu);
0915
0916     if (unlikely(current->flags & PF_EXITING)) {
0917         put_cred(new);
0918         return;
0919     }
0920
0921     /* If get_ucounts fails more bits are needed in the refcount */
0922     if (unlikely(!get_ucounts(old->ucounts))) {
0923         WARN_ONCE(1, "In %s get_ucounts failed\n", __func__);
0924         put_cred(new);
0925         return;
0926     }
0927
0928     new->  uid  = old->  uid;
0929     new-> euid  = old-> euid;
0930     new-> suid  = old-> suid;
0931     new->fsuid  = old->fsuid;
0932     new->  gid  = old->  gid;
0933     new-> egid  = old-> egid;
0934     new-> sgid  = old-> sgid;
0935     new->fsgid  = old->fsgid;
0936     new->user   = get_uid(old->user);
0937     new->ucounts    = old->ucounts;
0938     new->user_ns    = get_user_ns(old->user_ns);
0939     new->group_info = get_group_info(old->group_info);
0940
0941     new->securebits = old->securebits;
0942     new->cap_inheritable    = old->cap_inheritable;
0943     new->cap_permitted  = old->cap_permitted;
0944     new->cap_effective  = old->cap_effective;
0945     new->cap_ambient    = old->cap_ambient;
0946     new->cap_bset       = old->cap_bset;
0947
0948     new->jit_keyring    = old->jit_keyring;
0949     new->thread_keyring = key_get(old->thread_keyring);
0950     new->process_keyring    = key_get(old->process_keyring);
0951
0952     security_transfer_creds(new, old);
0953
0954     commit_creds(new);
0955 }
0956
0957 /*
0958  * Make sure that root's user and user-session keyrings exist.
0959  */
0960 static int __init init_root_keyring(void)
0961 {
0962     return look_up_user_keyrings(NULL, NULL);
0963 }
0964
0965 late_initcall(init_root_keyring);