Root/
Source at commit be977234bfb4a6dca8a39e7c52165e4cd536ad71 created 12 years 9 months ago. By Lars-Peter Clausen, jz4740: Fix compile error | |
---|---|
1 | /* Manage a process's keyrings |
2 | * |
3 | * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | */ |
11 | |
12 | #include <linux/module.h> |
13 | #include <linux/init.h> |
14 | #include <linux/sched.h> |
15 | #include <linux/keyctl.h> |
16 | #include <linux/fs.h> |
17 | #include <linux/err.h> |
18 | #include <linux/mutex.h> |
19 | #include <linux/security.h> |
20 | #include <linux/user_namespace.h> |
21 | #include <asm/uaccess.h> |
22 | #include "internal.h" |
23 | |
24 | /* Session keyring create vs join semaphore */ |
25 | static DEFINE_MUTEX(key_session_mutex); |
26 | |
27 | /* User keyring creation semaphore */ |
28 | static DEFINE_MUTEX(key_user_keyring_mutex); |
29 | |
30 | /* The root user's tracking struct */ |
31 | struct key_user root_key_user = { |
32 | .usage = ATOMIC_INIT(3), |
33 | .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock), |
34 | .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock), |
35 | .nkeys = ATOMIC_INIT(2), |
36 | .nikeys = ATOMIC_INIT(2), |
37 | .uid = 0, |
38 | .user_ns = &init_user_ns, |
39 | }; |
40 | |
41 | /* |
42 | * Install the user and user session keyrings for the current process's UID. |
43 | */ |
44 | int install_user_keyrings(void) |
45 | { |
46 | struct user_struct *user; |
47 | const struct cred *cred; |
48 | struct key *uid_keyring, *session_keyring; |
49 | char buf[20]; |
50 | int ret; |
51 | |
52 | cred = current_cred(); |
53 | user = cred->user; |
54 | |
55 | kenter("%p{%u}", user, user->uid); |
56 | |
57 | if (user->uid_keyring) { |
58 | kleave(" = 0 [exist]"); |
59 | return 0; |
60 | } |
61 | |
62 | mutex_lock(&key_user_keyring_mutex); |
63 | ret = 0; |
64 | |
65 | if (!user->uid_keyring) { |
66 | /* get the UID-specific keyring |
67 | * - there may be one in existence already as it may have been |
68 | * pinned by a session, but the user_struct pointing to it |
69 | * may have been destroyed by setuid */ |
70 | sprintf(buf, "_uid.%u", user->uid); |
71 | |
72 | uid_keyring = find_keyring_by_name(buf, true); |
73 | if (IS_ERR(uid_keyring)) { |
74 | uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1, |
75 | cred, KEY_ALLOC_IN_QUOTA, |
76 | NULL); |
77 | if (IS_ERR(uid_keyring)) { |
78 | ret = PTR_ERR(uid_keyring); |
79 | goto error; |
80 | } |
81 | } |
82 | |
83 | /* get a default session keyring (which might also exist |
84 | * already) */ |
85 | sprintf(buf, "_uid_ses.%u", user->uid); |
86 | |
87 | session_keyring = find_keyring_by_name(buf, true); |
88 | if (IS_ERR(session_keyring)) { |
89 | session_keyring = |
90 | keyring_alloc(buf, user->uid, (gid_t) -1, |
91 | cred, KEY_ALLOC_IN_QUOTA, NULL); |
92 | if (IS_ERR(session_keyring)) { |
93 | ret = PTR_ERR(session_keyring); |
94 | goto error_release; |
95 | } |
96 | |
97 | /* we install a link from the user session keyring to |
98 | * the user keyring */ |
99 | ret = key_link(session_keyring, uid_keyring); |
100 | if (ret < 0) |
101 | goto error_release_both; |
102 | } |
103 | |
104 | /* install the keyrings */ |
105 | user->uid_keyring = uid_keyring; |
106 | user->session_keyring = session_keyring; |
107 | } |
108 | |
109 | mutex_unlock(&key_user_keyring_mutex); |
110 | kleave(" = 0"); |
111 | return 0; |
112 | |
113 | error_release_both: |
114 | key_put(session_keyring); |
115 | error_release: |
116 | key_put(uid_keyring); |
117 | error: |
118 | mutex_unlock(&key_user_keyring_mutex); |
119 | kleave(" = %d", ret); |
120 | return ret; |
121 | } |
122 | |
123 | /* |
124 | * Install a fresh thread keyring directly to new credentials. This keyring is |
125 | * allowed to overrun the quota. |
126 | */ |
127 | int install_thread_keyring_to_cred(struct cred *new) |
128 | { |
129 | struct key *keyring; |
130 | |
131 | keyring = keyring_alloc("_tid", new->uid, new->gid, new, |
132 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
133 | if (IS_ERR(keyring)) |
134 | return PTR_ERR(keyring); |
135 | |
136 | new->thread_keyring = keyring; |
137 | return 0; |
138 | } |
139 | |
140 | /* |
141 | * Install a fresh thread keyring, discarding the old one. |
142 | */ |
143 | static int install_thread_keyring(void) |
144 | { |
145 | struct cred *new; |
146 | int ret; |
147 | |
148 | new = prepare_creds(); |
149 | if (!new) |
150 | return -ENOMEM; |
151 | |
152 | BUG_ON(new->thread_keyring); |
153 | |
154 | ret = install_thread_keyring_to_cred(new); |
155 | if (ret < 0) { |
156 | abort_creds(new); |
157 | return ret; |
158 | } |
159 | |
160 | return commit_creds(new); |
161 | } |
162 | |
163 | /* |
164 | * Install a process keyring directly to a credentials struct. |
165 | * |
166 | * Returns -EEXIST if there was already a process keyring, 0 if one installed, |
167 | * and other value on any other error |
168 | */ |
169 | int install_process_keyring_to_cred(struct cred *new) |
170 | { |
171 | struct key *keyring; |
172 | int ret; |
173 | |
174 | if (new->tgcred->process_keyring) |
175 | return -EEXIST; |
176 | |
177 | keyring = keyring_alloc("_pid", new->uid, new->gid, |
178 | new, KEY_ALLOC_QUOTA_OVERRUN, NULL); |
179 | if (IS_ERR(keyring)) |
180 | return PTR_ERR(keyring); |
181 | |
182 | spin_lock_irq(&new->tgcred->lock); |
183 | if (!new->tgcred->process_keyring) { |
184 | new->tgcred->process_keyring = keyring; |
185 | keyring = NULL; |
186 | ret = 0; |
187 | } else { |
188 | ret = -EEXIST; |
189 | } |
190 | spin_unlock_irq(&new->tgcred->lock); |
191 | key_put(keyring); |
192 | return ret; |
193 | } |
194 | |
195 | /* |
196 | * Make sure a process keyring is installed for the current process. The |
197 | * existing process keyring is not replaced. |
198 | * |
199 | * Returns 0 if there is a process keyring by the end of this function, some |
200 | * error otherwise. |
201 | */ |
202 | static int install_process_keyring(void) |
203 | { |
204 | struct cred *new; |
205 | int ret; |
206 | |
207 | new = prepare_creds(); |
208 | if (!new) |
209 | return -ENOMEM; |
210 | |
211 | ret = install_process_keyring_to_cred(new); |
212 | if (ret < 0) { |
213 | abort_creds(new); |
214 | return ret != -EEXIST ? ret : 0; |
215 | } |
216 | |
217 | return commit_creds(new); |
218 | } |
219 | |
220 | /* |
221 | * Install a session keyring directly to a credentials struct. |
222 | */ |
223 | int install_session_keyring_to_cred(struct cred *cred, struct key *keyring) |
224 | { |
225 | unsigned long flags; |
226 | struct key *old; |
227 | |
228 | might_sleep(); |
229 | |
230 | /* create an empty session keyring */ |
231 | if (!keyring) { |
232 | flags = KEY_ALLOC_QUOTA_OVERRUN; |
233 | if (cred->tgcred->session_keyring) |
234 | flags = KEY_ALLOC_IN_QUOTA; |
235 | |
236 | keyring = keyring_alloc("_ses", cred->uid, cred->gid, |
237 | cred, flags, NULL); |
238 | if (IS_ERR(keyring)) |
239 | return PTR_ERR(keyring); |
240 | } else { |
241 | atomic_inc(&keyring->usage); |
242 | } |
243 | |
244 | /* install the keyring */ |
245 | spin_lock_irq(&cred->tgcred->lock); |
246 | old = cred->tgcred->session_keyring; |
247 | rcu_assign_pointer(cred->tgcred->session_keyring, keyring); |
248 | spin_unlock_irq(&cred->tgcred->lock); |
249 | |
250 | /* we're using RCU on the pointer, but there's no point synchronising |
251 | * on it if it didn't previously point to anything */ |
252 | if (old) { |
253 | synchronize_rcu(); |
254 | key_put(old); |
255 | } |
256 | |
257 | return 0; |
258 | } |
259 | |
260 | /* |
261 | * Install a session keyring, discarding the old one. If a keyring is not |
262 | * supplied, an empty one is invented. |
263 | */ |
264 | static int install_session_keyring(struct key *keyring) |
265 | { |
266 | struct cred *new; |
267 | int ret; |
268 | |
269 | new = prepare_creds(); |
270 | if (!new) |
271 | return -ENOMEM; |
272 | |
273 | ret = install_session_keyring_to_cred(new, NULL); |
274 | if (ret < 0) { |
275 | abort_creds(new); |
276 | return ret; |
277 | } |
278 | |
279 | return commit_creds(new); |
280 | } |
281 | |
282 | /* |
283 | * Handle the fsuid changing. |
284 | */ |
285 | void key_fsuid_changed(struct task_struct *tsk) |
286 | { |
287 | /* update the ownership of the thread keyring */ |
288 | BUG_ON(!tsk->cred); |
289 | if (tsk->cred->thread_keyring) { |
290 | down_write(&tsk->cred->thread_keyring->sem); |
291 | tsk->cred->thread_keyring->uid = tsk->cred->fsuid; |
292 | up_write(&tsk->cred->thread_keyring->sem); |
293 | } |
294 | } |
295 | |
296 | /* |
297 | * Handle the fsgid changing. |
298 | */ |
299 | void key_fsgid_changed(struct task_struct *tsk) |
300 | { |
301 | /* update the ownership of the thread keyring */ |
302 | BUG_ON(!tsk->cred); |
303 | if (tsk->cred->thread_keyring) { |
304 | down_write(&tsk->cred->thread_keyring->sem); |
305 | tsk->cred->thread_keyring->gid = tsk->cred->fsgid; |
306 | up_write(&tsk->cred->thread_keyring->sem); |
307 | } |
308 | } |
309 | |
310 | /* |
311 | * Search the process keyrings attached to the supplied cred for the first |
312 | * matching key. |
313 | * |
314 | * The search criteria are the type and the match function. The description is |
315 | * given to the match function as a parameter, but doesn't otherwise influence |
316 | * the search. Typically the match function will compare the description |
317 | * parameter to the key's description. |
318 | * |
319 | * This can only search keyrings that grant Search permission to the supplied |
320 | * credentials. Keyrings linked to searched keyrings will also be searched if |
321 | * they grant Search permission too. Keys can only be found if they grant |
322 | * Search permission to the credentials. |
323 | * |
324 | * Returns a pointer to the key with the key usage count incremented if |
325 | * successful, -EAGAIN if we didn't find any matching key or -ENOKEY if we only |
326 | * matched negative keys. |
327 | * |
328 | * In the case of a successful return, the possession attribute is set on the |
329 | * returned key reference. |
330 | */ |
331 | key_ref_t search_my_process_keyrings(struct key_type *type, |
332 | const void *description, |
333 | key_match_func_t match, |
334 | const struct cred *cred) |
335 | { |
336 | key_ref_t key_ref, ret, err; |
337 | |
338 | /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were |
339 | * searchable, but we failed to find a key or we found a negative key; |
340 | * otherwise we want to return a sample error (probably -EACCES) if |
341 | * none of the keyrings were searchable |
342 | * |
343 | * in terms of priority: success > -ENOKEY > -EAGAIN > other error |
344 | */ |
345 | key_ref = NULL; |
346 | ret = NULL; |
347 | err = ERR_PTR(-EAGAIN); |
348 | |
349 | /* search the thread keyring first */ |
350 | if (cred->thread_keyring) { |
351 | key_ref = keyring_search_aux( |
352 | make_key_ref(cred->thread_keyring, 1), |
353 | cred, type, description, match); |
354 | if (!IS_ERR(key_ref)) |
355 | goto found; |
356 | |
357 | switch (PTR_ERR(key_ref)) { |
358 | case -EAGAIN: /* no key */ |
359 | if (ret) |
360 | break; |
361 | case -ENOKEY: /* negative key */ |
362 | ret = key_ref; |
363 | break; |
364 | default: |
365 | err = key_ref; |
366 | break; |
367 | } |
368 | } |
369 | |
370 | /* search the process keyring second */ |
371 | if (cred->tgcred->process_keyring) { |
372 | key_ref = keyring_search_aux( |
373 | make_key_ref(cred->tgcred->process_keyring, 1), |
374 | cred, type, description, match); |
375 | if (!IS_ERR(key_ref)) |
376 | goto found; |
377 | |
378 | switch (PTR_ERR(key_ref)) { |
379 | case -EAGAIN: /* no key */ |
380 | if (ret) |
381 | break; |
382 | case -ENOKEY: /* negative key */ |
383 | ret = key_ref; |
384 | break; |
385 | default: |
386 | err = key_ref; |
387 | break; |
388 | } |
389 | } |
390 | |
391 | /* search the session keyring */ |
392 | if (cred->tgcred->session_keyring) { |
393 | rcu_read_lock(); |
394 | key_ref = keyring_search_aux( |
395 | make_key_ref(rcu_dereference( |
396 | cred->tgcred->session_keyring), |
397 | 1), |
398 | cred, type, description, match); |
399 | rcu_read_unlock(); |
400 | |
401 | if (!IS_ERR(key_ref)) |
402 | goto found; |
403 | |
404 | switch (PTR_ERR(key_ref)) { |
405 | case -EAGAIN: /* no key */ |
406 | if (ret) |
407 | break; |
408 | case -ENOKEY: /* negative key */ |
409 | ret = key_ref; |
410 | break; |
411 | default: |
412 | err = key_ref; |
413 | break; |
414 | } |
415 | } |
416 | /* or search the user-session keyring */ |
417 | else if (cred->user->session_keyring) { |
418 | key_ref = keyring_search_aux( |
419 | make_key_ref(cred->user->session_keyring, 1), |
420 | cred, type, description, match); |
421 | if (!IS_ERR(key_ref)) |
422 | goto found; |
423 | |
424 | switch (PTR_ERR(key_ref)) { |
425 | case -EAGAIN: /* no key */ |
426 | if (ret) |
427 | break; |
428 | case -ENOKEY: /* negative key */ |
429 | ret = key_ref; |
430 | break; |
431 | default: |
432 | err = key_ref; |
433 | break; |
434 | } |
435 | } |
436 | |
437 | /* no key - decide on the error we're going to go for */ |
438 | key_ref = ret ? ret : err; |
439 | |
440 | found: |
441 | return key_ref; |
442 | } |
443 | |
444 | /* |
445 | * Search the process keyrings attached to the supplied cred for the first |
446 | * matching key in the manner of search_my_process_keyrings(), but also search |
447 | * the keys attached to the assumed authorisation key using its credentials if |
448 | * one is available. |
449 | * |
450 | * Return same as search_my_process_keyrings(). |
451 | */ |
452 | key_ref_t search_process_keyrings(struct key_type *type, |
453 | const void *description, |
454 | key_match_func_t match, |
455 | const struct cred *cred) |
456 | { |
457 | struct request_key_auth *rka; |
458 | key_ref_t key_ref, ret = ERR_PTR(-EACCES), err; |
459 | |
460 | might_sleep(); |
461 | |
462 | key_ref = search_my_process_keyrings(type, description, match, cred); |
463 | if (!IS_ERR(key_ref)) |
464 | goto found; |
465 | err = key_ref; |
466 | |
467 | /* if this process has an instantiation authorisation key, then we also |
468 | * search the keyrings of the process mentioned there |
469 | * - we don't permit access to request_key auth keys via this method |
470 | */ |
471 | if (cred->request_key_auth && |
472 | cred == current_cred() && |
473 | type != &key_type_request_key_auth |
474 | ) { |
475 | /* defend against the auth key being revoked */ |
476 | down_read(&cred->request_key_auth->sem); |
477 | |
478 | if (key_validate(cred->request_key_auth) == 0) { |
479 | rka = cred->request_key_auth->payload.data; |
480 | |
481 | key_ref = search_process_keyrings(type, description, |
482 | match, rka->cred); |
483 | |
484 | up_read(&cred->request_key_auth->sem); |
485 | |
486 | if (!IS_ERR(key_ref)) |
487 | goto found; |
488 | |
489 | ret = key_ref; |
490 | } else { |
491 | up_read(&cred->request_key_auth->sem); |
492 | } |
493 | } |
494 | |
495 | /* no key - decide on the error we're going to go for */ |
496 | if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY)) |
497 | key_ref = ERR_PTR(-ENOKEY); |
498 | else if (err == ERR_PTR(-EACCES)) |
499 | key_ref = ret; |
500 | else |
501 | key_ref = err; |
502 | |
503 | found: |
504 | return key_ref; |
505 | } |
506 | |
507 | /* |
508 | * See if the key we're looking at is the target key. |
509 | */ |
510 | int lookup_user_key_possessed(const struct key *key, const void *target) |
511 | { |
512 | return key == target; |
513 | } |
514 | |
515 | /* |
516 | * Look up a key ID given us by userspace with a given permissions mask to get |
517 | * the key it refers to. |
518 | * |
519 | * Flags can be passed to request that special keyrings be created if referred |
520 | * to directly, to permit partially constructed keys to be found and to skip |
521 | * validity and permission checks on the found key. |
522 | * |
523 | * Returns a pointer to the key with an incremented usage count if successful; |
524 | * -EINVAL if the key ID is invalid; -ENOKEY if the key ID does not correspond |
525 | * to a key or the best found key was a negative key; -EKEYREVOKED or |
526 | * -EKEYEXPIRED if the best found key was revoked or expired; -EACCES if the |
527 | * found key doesn't grant the requested permit or the LSM denied access to it; |
528 | * or -ENOMEM if a special keyring couldn't be created. |
529 | * |
530 | * In the case of a successful return, the possession attribute is set on the |
531 | * returned key reference. |
532 | */ |
533 | key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags, |
534 | key_perm_t perm) |
535 | { |
536 | struct request_key_auth *rka; |
537 | const struct cred *cred; |
538 | struct key *key; |
539 | key_ref_t key_ref, skey_ref; |
540 | int ret; |
541 | |
542 | try_again: |
543 | cred = get_current_cred(); |
544 | key_ref = ERR_PTR(-ENOKEY); |
545 | |
546 | switch (id) { |
547 | case KEY_SPEC_THREAD_KEYRING: |
548 | if (!cred->thread_keyring) { |
549 | if (!(lflags & KEY_LOOKUP_CREATE)) |
550 | goto error; |
551 | |
552 | ret = install_thread_keyring(); |
553 | if (ret < 0) { |
554 | key_ref = ERR_PTR(ret); |
555 | goto error; |
556 | } |
557 | goto reget_creds; |
558 | } |
559 | |
560 | key = cred->thread_keyring; |
561 | atomic_inc(&key->usage); |
562 | key_ref = make_key_ref(key, 1); |
563 | break; |
564 | |
565 | case KEY_SPEC_PROCESS_KEYRING: |
566 | if (!cred->tgcred->process_keyring) { |
567 | if (!(lflags & KEY_LOOKUP_CREATE)) |
568 | goto error; |
569 | |
570 | ret = install_process_keyring(); |
571 | if (ret < 0) { |
572 | key_ref = ERR_PTR(ret); |
573 | goto error; |
574 | } |
575 | goto reget_creds; |
576 | } |
577 | |
578 | key = cred->tgcred->process_keyring; |
579 | atomic_inc(&key->usage); |
580 | key_ref = make_key_ref(key, 1); |
581 | break; |
582 | |
583 | case KEY_SPEC_SESSION_KEYRING: |
584 | if (!cred->tgcred->session_keyring) { |
585 | /* always install a session keyring upon access if one |
586 | * doesn't exist yet */ |
587 | ret = install_user_keyrings(); |
588 | if (ret < 0) |
589 | goto error; |
590 | ret = install_session_keyring( |
591 | cred->user->session_keyring); |
592 | |
593 | if (ret < 0) |
594 | goto error; |
595 | goto reget_creds; |
596 | } |
597 | |
598 | rcu_read_lock(); |
599 | key = rcu_dereference(cred->tgcred->session_keyring); |
600 | atomic_inc(&key->usage); |
601 | rcu_read_unlock(); |
602 | key_ref = make_key_ref(key, 1); |
603 | break; |
604 | |
605 | case KEY_SPEC_USER_KEYRING: |
606 | if (!cred->user->uid_keyring) { |
607 | ret = install_user_keyrings(); |
608 | if (ret < 0) |
609 | goto error; |
610 | } |
611 | |
612 | key = cred->user->uid_keyring; |
613 | atomic_inc(&key->usage); |
614 | key_ref = make_key_ref(key, 1); |
615 | break; |
616 | |
617 | case KEY_SPEC_USER_SESSION_KEYRING: |
618 | if (!cred->user->session_keyring) { |
619 | ret = install_user_keyrings(); |
620 | if (ret < 0) |
621 | goto error; |
622 | } |
623 | |
624 | key = cred->user->session_keyring; |
625 | atomic_inc(&key->usage); |
626 | key_ref = make_key_ref(key, 1); |
627 | break; |
628 | |
629 | case KEY_SPEC_GROUP_KEYRING: |
630 | /* group keyrings are not yet supported */ |
631 | key_ref = ERR_PTR(-EINVAL); |
632 | goto error; |
633 | |
634 | case KEY_SPEC_REQKEY_AUTH_KEY: |
635 | key = cred->request_key_auth; |
636 | if (!key) |
637 | goto error; |
638 | |
639 | atomic_inc(&key->usage); |
640 | key_ref = make_key_ref(key, 1); |
641 | break; |
642 | |
643 | case KEY_SPEC_REQUESTOR_KEYRING: |
644 | if (!cred->request_key_auth) |
645 | goto error; |
646 | |
647 | down_read(&cred->request_key_auth->sem); |
648 | if (cred->request_key_auth->flags & KEY_FLAG_REVOKED) { |
649 | key_ref = ERR_PTR(-EKEYREVOKED); |
650 | key = NULL; |
651 | } else { |
652 | rka = cred->request_key_auth->payload.data; |
653 | key = rka->dest_keyring; |
654 | atomic_inc(&key->usage); |
655 | } |
656 | up_read(&cred->request_key_auth->sem); |
657 | if (!key) |
658 | goto error; |
659 | key_ref = make_key_ref(key, 1); |
660 | break; |
661 | |
662 | default: |
663 | key_ref = ERR_PTR(-EINVAL); |
664 | if (id < 1) |
665 | goto error; |
666 | |
667 | key = key_lookup(id); |
668 | if (IS_ERR(key)) { |
669 | key_ref = ERR_CAST(key); |
670 | goto error; |
671 | } |
672 | |
673 | key_ref = make_key_ref(key, 0); |
674 | |
675 | /* check to see if we possess the key */ |
676 | skey_ref = search_process_keyrings(key->type, key, |
677 | lookup_user_key_possessed, |
678 | cred); |
679 | |
680 | if (!IS_ERR(skey_ref)) { |
681 | key_put(key); |
682 | key_ref = skey_ref; |
683 | } |
684 | |
685 | break; |
686 | } |
687 | |
688 | /* unlink does not use the nominated key in any way, so can skip all |
689 | * the permission checks as it is only concerned with the keyring */ |
690 | if (lflags & KEY_LOOKUP_FOR_UNLINK) { |
691 | ret = 0; |
692 | goto error; |
693 | } |
694 | |
695 | if (!(lflags & KEY_LOOKUP_PARTIAL)) { |
696 | ret = wait_for_key_construction(key, true); |
697 | switch (ret) { |
698 | case -ERESTARTSYS: |
699 | goto invalid_key; |
700 | default: |
701 | if (perm) |
702 | goto invalid_key; |
703 | case 0: |
704 | break; |
705 | } |
706 | } else if (perm) { |
707 | ret = key_validate(key); |
708 | if (ret < 0) |
709 | goto invalid_key; |
710 | } |
711 | |
712 | ret = -EIO; |
713 | if (!(lflags & KEY_LOOKUP_PARTIAL) && |
714 | !test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
715 | goto invalid_key; |
716 | |
717 | /* check the permissions */ |
718 | ret = key_task_permission(key_ref, cred, perm); |
719 | if (ret < 0) |
720 | goto invalid_key; |
721 | |
722 | error: |
723 | put_cred(cred); |
724 | return key_ref; |
725 | |
726 | invalid_key: |
727 | key_ref_put(key_ref); |
728 | key_ref = ERR_PTR(ret); |
729 | goto error; |
730 | |
731 | /* if we attempted to install a keyring, then it may have caused new |
732 | * creds to be installed */ |
733 | reget_creds: |
734 | put_cred(cred); |
735 | goto try_again; |
736 | } |
737 | |
738 | /* |
739 | * Join the named keyring as the session keyring if possible else attempt to |
740 | * create a new one of that name and join that. |
741 | * |
742 | * If the name is NULL, an empty anonymous keyring will be installed as the |
743 | * session keyring. |
744 | * |
745 | * Named session keyrings are joined with a semaphore held to prevent the |
746 | * keyrings from going away whilst the attempt is made to going them and also |
747 | * to prevent a race in creating compatible session keyrings. |
748 | */ |
749 | long join_session_keyring(const char *name) |
750 | { |
751 | const struct cred *old; |
752 | struct cred *new; |
753 | struct key *keyring; |
754 | long ret, serial; |
755 | |
756 | /* only permit this if there's a single thread in the thread group - |
757 | * this avoids us having to adjust the creds on all threads and risking |
758 | * ENOMEM */ |
759 | if (!current_is_single_threaded()) |
760 | return -EMLINK; |
761 | |
762 | new = prepare_creds(); |
763 | if (!new) |
764 | return -ENOMEM; |
765 | old = current_cred(); |
766 | |
767 | /* if no name is provided, install an anonymous keyring */ |
768 | if (!name) { |
769 | ret = install_session_keyring_to_cred(new, NULL); |
770 | if (ret < 0) |
771 | goto error; |
772 | |
773 | serial = new->tgcred->session_keyring->serial; |
774 | ret = commit_creds(new); |
775 | if (ret == 0) |
776 | ret = serial; |
777 | goto okay; |
778 | } |
779 | |
780 | /* allow the user to join or create a named keyring */ |
781 | mutex_lock(&key_session_mutex); |
782 | |
783 | /* look for an existing keyring of this name */ |
784 | keyring = find_keyring_by_name(name, false); |
785 | if (PTR_ERR(keyring) == -ENOKEY) { |
786 | /* not found - try and create a new one */ |
787 | keyring = keyring_alloc(name, old->uid, old->gid, old, |
788 | KEY_ALLOC_IN_QUOTA, NULL); |
789 | if (IS_ERR(keyring)) { |
790 | ret = PTR_ERR(keyring); |
791 | goto error2; |
792 | } |
793 | } else if (IS_ERR(keyring)) { |
794 | ret = PTR_ERR(keyring); |
795 | goto error2; |
796 | } |
797 | |
798 | /* we've got a keyring - now to install it */ |
799 | ret = install_session_keyring_to_cred(new, keyring); |
800 | if (ret < 0) |
801 | goto error2; |
802 | |
803 | commit_creds(new); |
804 | mutex_unlock(&key_session_mutex); |
805 | |
806 | ret = keyring->serial; |
807 | key_put(keyring); |
808 | okay: |
809 | return ret; |
810 | |
811 | error2: |
812 | mutex_unlock(&key_session_mutex); |
813 | error: |
814 | abort_creds(new); |
815 | return ret; |
816 | } |
817 | |
818 | /* |
819 | * Replace a process's session keyring on behalf of one of its children when |
820 | * the target process is about to resume userspace execution. |
821 | */ |
822 | void key_replace_session_keyring(void) |
823 | { |
824 | const struct cred *old; |
825 | struct cred *new; |
826 | |
827 | if (!current->replacement_session_keyring) |
828 | return; |
829 | |
830 | write_lock_irq(&tasklist_lock); |
831 | new = current->replacement_session_keyring; |
832 | current->replacement_session_keyring = NULL; |
833 | write_unlock_irq(&tasklist_lock); |
834 | |
835 | if (!new) |
836 | return; |
837 | |
838 | old = current_cred(); |
839 | new-> uid = old-> uid; |
840 | new-> euid = old-> euid; |
841 | new-> suid = old-> suid; |
842 | new->fsuid = old->fsuid; |
843 | new-> gid = old-> gid; |
844 | new-> egid = old-> egid; |
845 | new-> sgid = old-> sgid; |
846 | new->fsgid = old->fsgid; |
847 | new->user = get_uid(old->user); |
848 | new->group_info = get_group_info(old->group_info); |
849 | |
850 | new->securebits = old->securebits; |
851 | new->cap_inheritable = old->cap_inheritable; |
852 | new->cap_permitted = old->cap_permitted; |
853 | new->cap_effective = old->cap_effective; |
854 | new->cap_bset = old->cap_bset; |
855 | |
856 | new->jit_keyring = old->jit_keyring; |
857 | new->thread_keyring = key_get(old->thread_keyring); |
858 | new->tgcred->tgid = old->tgcred->tgid; |
859 | new->tgcred->process_keyring = key_get(old->tgcred->process_keyring); |
860 | |
861 | security_transfer_creds(new, old); |
862 | |
863 | commit_creds(new); |
864 | } |
865 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9