1
2
3
4
5
6
7
8#include <linux/init.h>
9#include <linux/sched.h>
10#include <linux/sched/user.h>
11#include <linux/keyctl.h>
12#include <linux/fs.h>
13#include <linux/err.h>
14#include <linux/mutex.h>
15#include <linux/security.h>
16#include <linux/user_namespace.h>
17#include <linux/uaccess.h>
18#include <linux/init_task.h>
19#include <keys/request_key_auth-type.h>
20#include "internal.h"
21
22
23static DEFINE_MUTEX(key_session_mutex);
24
25
26struct key_user root_key_user = {
27 .usage = REFCOUNT_INIT(3),
28 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
29 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
30 .nkeys = ATOMIC_INIT(2),
31 .nikeys = ATOMIC_INIT(2),
32 .uid = GLOBAL_ROOT_UID,
33};
34
35
36
37
38static struct key *get_user_register(struct user_namespace *user_ns)
39{
40 struct key *reg_keyring = READ_ONCE(user_ns->user_keyring_register);
41
42 if (reg_keyring)
43 return reg_keyring;
44
45 down_write(&user_ns->keyring_sem);
46
47
48
49
50 reg_keyring = user_ns->user_keyring_register;
51 if (!reg_keyring) {
52 reg_keyring = keyring_alloc(".user_reg",
53 user_ns->owner, INVALID_GID,
54 &init_cred,
55 KEY_POS_WRITE | KEY_POS_SEARCH |
56 KEY_USR_VIEW | KEY_USR_READ,
57 0,
58 NULL, NULL);
59 if (!IS_ERR(reg_keyring))
60 smp_store_release(&user_ns->user_keyring_register,
61 reg_keyring);
62 }
63
64 up_write(&user_ns->keyring_sem);
65
66
67 return reg_keyring;
68}
69
70
71
72
73
74int look_up_user_keyrings(struct key **_user_keyring,
75 struct key **_user_session_keyring)
76{
77 const struct cred *cred = current_cred();
78 struct user_namespace *user_ns = current_user_ns();
79 struct key *reg_keyring, *uid_keyring, *session_keyring;
80 key_perm_t user_keyring_perm;
81 key_ref_t uid_keyring_r, session_keyring_r;
82 uid_t uid = from_kuid(user_ns, cred->user->uid);
83 char buf[20];
84 int ret;
85
86 user_keyring_perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_ALL;
87
88 kenter("%u", uid);
89
90 reg_keyring = get_user_register(user_ns);
91 if (IS_ERR(reg_keyring))
92 return PTR_ERR(reg_keyring);
93
94 down_write(&user_ns->keyring_sem);
95 ret = 0;
96
97
98
99
100
101 snprintf(buf, sizeof(buf), "_uid.%u", uid);
102 uid_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
103 &key_type_keyring, buf, false);
104 kdebug("_uid %p", uid_keyring_r);
105 if (uid_keyring_r == ERR_PTR(-EAGAIN)) {
106 uid_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
107 cred, user_keyring_perm,
108 KEY_ALLOC_UID_KEYRING |
109 KEY_ALLOC_IN_QUOTA,
110 NULL, reg_keyring);
111 if (IS_ERR(uid_keyring)) {
112 ret = PTR_ERR(uid_keyring);
113 goto error;
114 }
115 } else if (IS_ERR(uid_keyring_r)) {
116 ret = PTR_ERR(uid_keyring_r);
117 goto error;
118 } else {
119 uid_keyring = key_ref_to_ptr(uid_keyring_r);
120 }
121
122
123 snprintf(buf, sizeof(buf), "_uid_ses.%u", uid);
124 session_keyring_r = keyring_search(make_key_ref(reg_keyring, true),
125 &key_type_keyring, buf, false);
126 kdebug("_uid_ses %p", session_keyring_r);
127 if (session_keyring_r == ERR_PTR(-EAGAIN)) {
128 session_keyring = keyring_alloc(buf, cred->user->uid, INVALID_GID,
129 cred, user_keyring_perm,
130 KEY_ALLOC_UID_KEYRING |
131 KEY_ALLOC_IN_QUOTA,
132 NULL, NULL);
133 if (IS_ERR(session_keyring)) {
134 ret = PTR_ERR(session_keyring);
135 goto error_release;
136 }
137
138
139
140
141 ret = key_link(session_keyring, uid_keyring);
142 if (ret < 0)
143 goto error_release_session;
144
145
146
147
148 ret = key_link(reg_keyring, session_keyring);
149 if (ret < 0)
150 goto error_release_session;
151 } else if (IS_ERR(session_keyring_r)) {
152 ret = PTR_ERR(session_keyring_r);
153 goto error_release;
154 } else {
155 session_keyring = key_ref_to_ptr(session_keyring_r);
156 }
157
158 up_write(&user_ns->keyring_sem);
159
160 if (_user_session_keyring)
161 *_user_session_keyring = session_keyring;
162 else
163 key_put(session_keyring);
164 if (_user_keyring)
165 *_user_keyring = uid_keyring;
166 else
167 key_put(uid_keyring);
168 kleave(" = 0");
169 return 0;
170
171error_release_session:
172 key_put(session_keyring);
173error_release:
174 key_put(uid_keyring);
175error:
176 up_write(&user_ns->keyring_sem);
177 kleave(" = %d", ret);
178 return ret;
179}
180
181
182
183
184
185struct key *get_user_session_keyring_rcu(const struct cred *cred)
186{
187 struct key *reg_keyring = READ_ONCE(cred->user_ns->user_keyring_register);
188 key_ref_t session_keyring_r;
189 char buf[20];
190
191 struct keyring_search_context ctx = {
192 .index_key.type = &key_type_keyring,
193 .index_key.description = buf,
194 .cred = cred,
195 .match_data.cmp = key_default_cmp,
196 .match_data.raw_data = buf,
197 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
198 .flags = KEYRING_SEARCH_DO_STATE_CHECK,
199 };
200
201 if (!reg_keyring)
202 return NULL;
203
204 ctx.index_key.desc_len = snprintf(buf, sizeof(buf), "_uid_ses.%u",
205 from_kuid(cred->user_ns,
206 cred->user->uid));
207
208 session_keyring_r = keyring_search_rcu(make_key_ref(reg_keyring, true),
209 &ctx);
210 if (IS_ERR(session_keyring_r))
211 return NULL;
212 return key_ref_to_ptr(session_keyring_r);
213}
214
215
216
217
218
219
220
221int install_thread_keyring_to_cred(struct cred *new)
222{
223 struct key *keyring;
224
225 if (new->thread_keyring)
226 return 0;
227
228 keyring = keyring_alloc("_tid", new->uid, new->gid, new,
229 KEY_POS_ALL | KEY_USR_VIEW,
230 KEY_ALLOC_QUOTA_OVERRUN,
231 NULL, NULL);
232 if (IS_ERR(keyring))
233 return PTR_ERR(keyring);
234
235 new->thread_keyring = keyring;
236 return 0;
237}
238
239
240
241
242
243
244static int install_thread_keyring(void)
245{
246 struct cred *new;
247 int ret;
248
249 new = prepare_creds();
250 if (!new)
251 return -ENOMEM;
252
253 ret = install_thread_keyring_to_cred(new);
254 if (ret < 0) {
255 abort_creds(new);
256 return ret;
257 }
258
259 return commit_creds(new);
260}
261
262
263
264
265
266
267
268int install_process_keyring_to_cred(struct cred *new)
269{
270 struct key *keyring;
271
272 if (new->process_keyring)
273 return 0;
274
275 keyring = keyring_alloc("_pid", new->uid, new->gid, new,
276 KEY_POS_ALL | KEY_USR_VIEW,
277 KEY_ALLOC_QUOTA_OVERRUN,
278 NULL, NULL);
279 if (IS_ERR(keyring))
280 return PTR_ERR(keyring);
281
282 new->process_keyring = keyring;
283 return 0;
284}
285
286
287
288
289
290
291static int install_process_keyring(void)
292{
293 struct cred *new;
294 int ret;
295
296 new = prepare_creds();
297 if (!new)
298 return -ENOMEM;
299
300 ret = install_process_keyring_to_cred(new);
301 if (ret < 0) {
302 abort_creds(new);
303 return ret;
304 }
305
306 return commit_creds(new);
307}
308
309
310
311
312
313
314
315
316
317int install_session_keyring_to_cred(struct cred *cred, struct key *keyring)
318{
319 unsigned long flags;
320 struct key *old;
321
322 might_sleep();
323
324
325 if (!keyring) {
326 flags = KEY_ALLOC_QUOTA_OVERRUN;
327 if (cred->session_keyring)
328 flags = KEY_ALLOC_IN_QUOTA;
329
330 keyring = keyring_alloc("_ses", cred->uid, cred->gid, cred,
331 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ,
332 flags, NULL, NULL);
333 if (IS_ERR(keyring))
334 return PTR_ERR(keyring);
335 } else {
336 __key_get(keyring);
337 }
338
339
340 old = cred->session_keyring;
341 cred->session_keyring = keyring;
342
343 if (old)
344 key_put(old);
345
346 return 0;
347}
348
349
350
351
352
353
354
355
356static int install_session_keyring(struct key *keyring)
357{
358 struct cred *new;
359 int ret;
360
361 new = prepare_creds();
362 if (!new)
363 return -ENOMEM;
364
365 ret = install_session_keyring_to_cred(new, keyring);
366 if (ret < 0) {
367 abort_creds(new);
368 return ret;
369 }
370
371 return commit_creds(new);
372}
373
374
375
376
377void key_fsuid_changed(struct cred *new_cred)
378{
379
380 if (new_cred->thread_keyring) {
381 down_write(&new_cred->thread_keyring->sem);
382 new_cred->thread_keyring->uid = new_cred->fsuid;
383 up_write(&new_cred->thread_keyring->sem);
384 }
385}
386
387
388
389
390void key_fsgid_changed(struct cred *new_cred)
391{
392
393 if (new_cred->thread_keyring) {
394 down_write(&new_cred->thread_keyring->sem);
395 new_cred->thread_keyring->gid = new_cred->fsgid;
396 up_write(&new_cred->thread_keyring->sem);
397 }
398}
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422key_ref_t search_cred_keyrings_rcu(struct keyring_search_context *ctx)
423{
424 struct key *user_session;
425 key_ref_t key_ref, ret, err;
426 const struct cred *cred = ctx->cred;
427
428
429
430
431
432
433
434
435 key_ref = NULL;
436 ret = NULL;
437 err = ERR_PTR(-EAGAIN);
438
439
440 if (cred->thread_keyring) {
441 key_ref = keyring_search_rcu(
442 make_key_ref(cred->thread_keyring, 1), ctx);
443 if (!IS_ERR(key_ref))
444 goto found;
445
446 switch (PTR_ERR(key_ref)) {
447 case -EAGAIN:
448 case -ENOKEY:
449 ret = key_ref;
450 break;
451 default:
452 err = key_ref;
453 break;
454 }
455 }
456
457
458 if (cred->process_keyring) {
459 key_ref = keyring_search_rcu(
460 make_key_ref(cred->process_keyring, 1), ctx);
461 if (!IS_ERR(key_ref))
462 goto found;
463
464 switch (PTR_ERR(key_ref)) {
465 case -EAGAIN:
466 if (ret)
467 break;
468 fallthrough;
469 case -ENOKEY:
470 ret = key_ref;
471 break;
472 default:
473 err = key_ref;
474 break;
475 }
476 }
477
478
479 if (cred->session_keyring) {
480 key_ref = keyring_search_rcu(
481 make_key_ref(cred->session_keyring, 1), ctx);
482
483 if (!IS_ERR(key_ref))
484 goto found;
485
486 switch (PTR_ERR(key_ref)) {
487 case -EAGAIN:
488 if (ret)
489 break;
490 fallthrough;
491 case -ENOKEY:
492 ret = key_ref;
493 break;
494 default:
495 err = key_ref;
496 break;
497 }
498 }
499
500 else if ((user_session = get_user_session_keyring_rcu(cred))) {
501 key_ref = keyring_search_rcu(make_key_ref(user_session, 1),
502 ctx);
503 key_put(user_session);
504
505 if (!IS_ERR(key_ref))
506 goto found;
507
508 switch (PTR_ERR(key_ref)) {
509 case -EAGAIN:
510 if (ret)
511 break;
512 fallthrough;
513 case -ENOKEY:
514 ret = key_ref;
515 break;
516 default:
517 err = key_ref;
518 break;
519 }
520 }
521
522
523 key_ref = ret ? ret : err;
524
525found:
526 return key_ref;
527}
528
529
530
531
532
533
534
535
536
537
538
539key_ref_t search_process_keyrings_rcu(struct keyring_search_context *ctx)
540{
541 struct request_key_auth *rka;
542 key_ref_t key_ref, ret = ERR_PTR(-EACCES), err;
543
544 key_ref = search_cred_keyrings_rcu(ctx);
545 if (!IS_ERR(key_ref))
546 goto found;
547 err = key_ref;
548
549
550
551
552
553 if (ctx->cred->request_key_auth &&
554 ctx->cred == current_cred() &&
555 ctx->index_key.type != &key_type_request_key_auth
556 ) {
557 const struct cred *cred = ctx->cred;
558
559 if (key_validate(cred->request_key_auth) == 0) {
560 rka = ctx->cred->request_key_auth->payload.data[0];
561
562
563 ctx->cred = rka->cred;
564 key_ref = search_cred_keyrings_rcu(ctx);
565 ctx->cred = cred;
566
567 if (!IS_ERR(key_ref))
568 goto found;
569 ret = key_ref;
570 }
571 }
572
573
574 if (err == ERR_PTR(-ENOKEY) || ret == ERR_PTR(-ENOKEY))
575 key_ref = ERR_PTR(-ENOKEY);
576 else if (err == ERR_PTR(-EACCES))
577 key_ref = ret;
578 else
579 key_ref = err;
580
581found:
582 return key_ref;
583}
584
585
586
587bool lookup_user_key_possessed(const struct key *key,
588 const struct key_match_data *match_data)
589{
590 return key == match_data->raw_data;
591}
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
612 enum key_need_perm need_perm)
613{
614 struct keyring_search_context ctx = {
615 .match_data.cmp = lookup_user_key_possessed,
616 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
617 .flags = (KEYRING_SEARCH_NO_STATE_CHECK |
618 KEYRING_SEARCH_RECURSE),
619 };
620 struct request_key_auth *rka;
621 struct key *key, *user_session;
622 key_ref_t key_ref, skey_ref;
623 int ret;
624
625try_again:
626 ctx.cred = get_current_cred();
627 key_ref = ERR_PTR(-ENOKEY);
628
629 switch (id) {
630 case KEY_SPEC_THREAD_KEYRING:
631 if (!ctx.cred->thread_keyring) {
632 if (!(lflags & KEY_LOOKUP_CREATE))
633 goto error;
634
635 ret = install_thread_keyring();
636 if (ret < 0) {
637 key_ref = ERR_PTR(ret);
638 goto error;
639 }
640 goto reget_creds;
641 }
642
643 key = ctx.cred->thread_keyring;
644 __key_get(key);
645 key_ref = make_key_ref(key, 1);
646 break;
647
648 case KEY_SPEC_PROCESS_KEYRING:
649 if (!ctx.cred->process_keyring) {
650 if (!(lflags & KEY_LOOKUP_CREATE))
651 goto error;
652
653 ret = install_process_keyring();
654 if (ret < 0) {
655 key_ref = ERR_PTR(ret);
656 goto error;
657 }
658 goto reget_creds;
659 }
660
661 key = ctx.cred->process_keyring;
662 __key_get(key);
663 key_ref = make_key_ref(key, 1);
664 break;
665
666 case KEY_SPEC_SESSION_KEYRING:
667 if (!ctx.cred->session_keyring) {
668
669
670 ret = look_up_user_keyrings(NULL, &user_session);
671 if (ret < 0)
672 goto error;
673 if (lflags & KEY_LOOKUP_CREATE)
674 ret = join_session_keyring(NULL);
675 else
676 ret = install_session_keyring(user_session);
677
678 key_put(user_session);
679 if (ret < 0)
680 goto error;
681 goto reget_creds;
682 } else if (test_bit(KEY_FLAG_UID_KEYRING,
683 &ctx.cred->session_keyring->flags) &&
684 lflags & KEY_LOOKUP_CREATE) {
685 ret = join_session_keyring(NULL);
686 if (ret < 0)
687 goto error;
688 goto reget_creds;
689 }
690
691 key = ctx.cred->session_keyring;
692 __key_get(key);
693 key_ref = make_key_ref(key, 1);
694 break;
695
696 case KEY_SPEC_USER_KEYRING:
697 ret = look_up_user_keyrings(&key, NULL);
698 if (ret < 0)
699 goto error;
700 key_ref = make_key_ref(key, 1);
701 break;
702
703 case KEY_SPEC_USER_SESSION_KEYRING:
704 ret = look_up_user_keyrings(NULL, &key);
705 if (ret < 0)
706 goto error;
707 key_ref = make_key_ref(key, 1);
708 break;
709
710 case KEY_SPEC_GROUP_KEYRING:
711
712 key_ref = ERR_PTR(-EINVAL);
713 goto error;
714
715 case KEY_SPEC_REQKEY_AUTH_KEY:
716 key = ctx.cred->request_key_auth;
717 if (!key)
718 goto error;
719
720 __key_get(key);
721 key_ref = make_key_ref(key, 1);
722 break;
723
724 case KEY_SPEC_REQUESTOR_KEYRING:
725 if (!ctx.cred->request_key_auth)
726 goto error;
727
728 down_read(&ctx.cred->request_key_auth->sem);
729 if (test_bit(KEY_FLAG_REVOKED,
730 &ctx.cred->request_key_auth->flags)) {
731 key_ref = ERR_PTR(-EKEYREVOKED);
732 key = NULL;
733 } else {
734 rka = ctx.cred->request_key_auth->payload.data[0];
735 key = rka->dest_keyring;
736 __key_get(key);
737 }
738 up_read(&ctx.cred->request_key_auth->sem);
739 if (!key)
740 goto error;
741 key_ref = make_key_ref(key, 1);
742 break;
743
744 default:
745 key_ref = ERR_PTR(-EINVAL);
746 if (id < 1)
747 goto error;
748
749 key = key_lookup(id);
750 if (IS_ERR(key)) {
751 key_ref = ERR_CAST(key);
752 goto error;
753 }
754
755 key_ref = make_key_ref(key, 0);
756
757
758 ctx.index_key = key->index_key;
759 ctx.match_data.raw_data = key;
760 kdebug("check possessed");
761 rcu_read_lock();
762 skey_ref = search_process_keyrings_rcu(&ctx);
763 rcu_read_unlock();
764 kdebug("possessed=%p", skey_ref);
765
766 if (!IS_ERR(skey_ref)) {
767 key_put(key);
768 key_ref = skey_ref;
769 }
770
771 break;
772 }
773
774
775
776 if (need_perm != KEY_NEED_UNLINK) {
777 if (!(lflags & KEY_LOOKUP_PARTIAL)) {
778 ret = wait_for_key_construction(key, true);
779 switch (ret) {
780 case -ERESTARTSYS:
781 goto invalid_key;
782 default:
783 if (need_perm != KEY_AUTHTOKEN_OVERRIDE &&
784 need_perm != KEY_DEFER_PERM_CHECK)
785 goto invalid_key;
786 break;
787 case 0:
788 break;
789 }
790 } else if (need_perm != KEY_DEFER_PERM_CHECK) {
791 ret = key_validate(key);
792 if (ret < 0)
793 goto invalid_key;
794 }
795
796 ret = -EIO;
797 if (!(lflags & KEY_LOOKUP_PARTIAL) &&
798 key_read_state(key) == KEY_IS_UNINSTANTIATED)
799 goto invalid_key;
800 }
801
802
803 ret = key_task_permission(key_ref, ctx.cred, need_perm);
804 if (ret < 0)
805 goto invalid_key;
806
807 key->last_used_at = ktime_get_real_seconds();
808
809error:
810 put_cred(ctx.cred);
811 return key_ref;
812
813invalid_key:
814 key_ref_put(key_ref);
815 key_ref = ERR_PTR(ret);
816 goto error;
817
818
819
820reget_creds:
821 put_cred(ctx.cred);
822 goto try_again;
823}
824EXPORT_SYMBOL(lookup_user_key);
825
826
827
828
829
830
831
832
833
834
835
836
837long join_session_keyring(const char *name)
838{
839 const struct cred *old;
840 struct cred *new;
841 struct key *keyring;
842 long ret, serial;
843
844 new = prepare_creds();
845 if (!new)
846 return -ENOMEM;
847 old = current_cred();
848
849
850 if (!name) {
851 ret = install_session_keyring_to_cred(new, NULL);
852 if (ret < 0)
853 goto error;
854
855 serial = new->session_keyring->serial;
856 ret = commit_creds(new);
857 if (ret == 0)
858 ret = serial;
859 goto okay;
860 }
861
862
863 mutex_lock(&key_session_mutex);
864
865
866 keyring = find_keyring_by_name(name, false);
867 if (PTR_ERR(keyring) == -ENOKEY) {
868
869 keyring = keyring_alloc(
870 name, old->uid, old->gid, old,
871 KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_LINK,
872 KEY_ALLOC_IN_QUOTA, NULL, NULL);
873 if (IS_ERR(keyring)) {
874 ret = PTR_ERR(keyring);
875 goto error2;
876 }
877 } else if (IS_ERR(keyring)) {
878 ret = PTR_ERR(keyring);
879 goto error2;
880 } else if (keyring == new->session_keyring) {
881 ret = 0;
882 goto error3;
883 }
884
885
886 ret = install_session_keyring_to_cred(new, keyring);
887 if (ret < 0)
888 goto error3;
889
890 commit_creds(new);
891 mutex_unlock(&key_session_mutex);
892
893 ret = keyring->serial;
894 key_put(keyring);
895okay:
896 return ret;
897
898error3:
899 key_put(keyring);
900error2:
901 mutex_unlock(&key_session_mutex);
902error:
903 abort_creds(new);
904 return ret;
905}
906
907
908
909
910
911void key_change_session_keyring(struct callback_head *twork)
912{
913 const struct cred *old = current_cred();
914 struct cred *new = container_of(twork, struct cred, rcu);
915
916 if (unlikely(current->flags & PF_EXITING)) {
917 put_cred(new);
918 return;
919 }
920
921 new-> uid = old-> uid;
922 new-> euid = old-> euid;
923 new-> suid = old-> suid;
924 new->fsuid = old->fsuid;
925 new-> gid = old-> gid;
926 new-> egid = old-> egid;
927 new-> sgid = old-> sgid;
928 new->fsgid = old->fsgid;
929 new->user = get_uid(old->user);
930 new->user_ns = get_user_ns(old->user_ns);
931 new->group_info = get_group_info(old->group_info);
932
933 new->securebits = old->securebits;
934 new->cap_inheritable = old->cap_inheritable;
935 new->cap_permitted = old->cap_permitted;
936 new->cap_effective = old->cap_effective;
937 new->cap_ambient = old->cap_ambient;
938 new->cap_bset = old->cap_bset;
939
940 new->jit_keyring = old->jit_keyring;
941 new->thread_keyring = key_get(old->thread_keyring);
942 new->process_keyring = key_get(old->process_keyring);
943
944 security_transfer_creds(new, old);
945
946 commit_creds(new);
947}
948
949
950
951
952static int __init init_root_keyring(void)
953{
954 return look_up_user_keyrings(NULL, NULL);
955}
956
957late_initcall(init_root_keyring);
958