projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
KEYS: Disperse linux/key_ui.h
[deliverable/linux.git] / security / keys / process_keys.c
CommitLineData
69664cf1 1/* Management of a process's keyrings
1da177e4 2 *
69664cf1 3 * Copyright (C) 2004-2005, 2008 Red Hat, Inc. All Rights Reserved.
1da177e4
LT		 4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 */
11
12#include <linux/module.h>
13#include <linux/init.h>
14#include <linux/sched.h>
15#include <linux/slab.h>
16#include <linux/keyctl.h>
17#include <linux/fs.h>
18#include <linux/err.h>
bb003079 19#include <linux/mutex.h>
1da177e4
LT		 20#include <asm/uaccess.h>
21#include "internal.h"
22
23/* session keyring create vs join semaphore */
bb003079 24static DEFINE_MUTEX(key_session_mutex);
1da177e4 25
69664cf1
DH		 26/* user keyring creation semaphore */
27static DEFINE_MUTEX(key_user_keyring_mutex);
28
1da177e4
LT		 29/* the root user's tracking struct */
30struct key_user root_key_user = {
31 .usage = ATOMIC_INIT(3),
76181c13 32 .cons_lock = __MUTEX_INITIALIZER(root_key_user.cons_lock),
6cfd76a2 33 .lock = __SPIN_LOCK_UNLOCKED(root_key_user.lock),
1da177e4
LT		 34 .nkeys = ATOMIC_INIT(2),
35 .nikeys = ATOMIC_INIT(2),
36 .uid = 0,
37};
38
1da177e4
LT		 39/*****************************************************************************/
40/*
69664cf1 41 * install user and user session keyrings for a particular UID
1da177e4 42 */
69664cf1 43static int install_user_keyrings(struct task_struct *tsk)
1da177e4 44{
69664cf1 45 struct user_struct *user = tsk->user;
1da177e4
LT		 46 struct key *uid_keyring, *session_keyring;
47 char buf[20];
48 int ret;
49
69664cf1 50 kenter("%p{%u}", user, user->uid);
1da177e4 51
69664cf1
DH		 52 if (user->uid_keyring) {
53 kleave(" = 0 [exist]");
54 return 0;
1da177e4
LT		 55 }
56
69664cf1
DH		 57 mutex_lock(&key_user_keyring_mutex);
58 ret = 0;
1da177e4 59
69664cf1
DH		 60 if (!user->uid_keyring) {
61 /* get the UID-specific keyring
62 * - there may be one in existence already as it may have been
63 * pinned by a session, but the user_struct pointing to it
64 * may have been destroyed by setuid */
65 sprintf(buf, "_uid.%u", user->uid);
66
67 uid_keyring = find_keyring_by_name(buf, true);
68 if (IS_ERR(uid_keyring)) {
69 uid_keyring = keyring_alloc(buf, user->uid, (gid_t) -1,
70 tsk, KEY_ALLOC_IN_QUOTA,
71 NULL);
72 if (IS_ERR(uid_keyring)) {
73 ret = PTR_ERR(uid_keyring);
74 goto error;
75 }
76 }
77
78 /* get a default session keyring (which might also exist
79 * already) */
80 sprintf(buf, "_uid_ses.%u", user->uid);
81
82 session_keyring = find_keyring_by_name(buf, true);
83 if (IS_ERR(session_keyring)) {
84 session_keyring =
85 keyring_alloc(buf, user->uid, (gid_t) -1,
86 tsk, KEY_ALLOC_IN_QUOTA, NULL);
87 if (IS_ERR(session_keyring)) {
88 ret = PTR_ERR(session_keyring);
89 goto error_release;
90 }
91
92 /* we install a link from the user session keyring to
93 * the user keyring */
94 ret = key_link(session_keyring, uid_keyring);
95 if (ret < 0)
96 goto error_release_both;
97 }
98
99 /* install the keyrings */
100 user->uid_keyring = uid_keyring;
101 user->session_keyring = session_keyring;
1da177e4
LT		 102 }
103
69664cf1
DH		 104 mutex_unlock(&key_user_keyring_mutex);
105 kleave(" = 0");
106 return 0;
1da177e4 107
69664cf1
DH		 108error_release_both:
109 key_put(session_keyring);
110error_release:
111 key_put(uid_keyring);
664cceb0 112error:
69664cf1
DH		 113 mutex_unlock(&key_user_keyring_mutex);
114 kleave(" = %d", ret);
1da177e4 115 return ret;
69664cf1 116}
1da177e4
LT		 117
118/*****************************************************************************/
119/*
120 * deal with the UID changing
121 */
122void switch_uid_keyring(struct user_struct *new_user)
123{
124#if 0 /* do nothing for now */
125 struct key *old;
126
127 /* switch to the new user's session keyring if we were running under
128 * root's default session keyring */
129 if (new_user->uid != 0 &&
130 current->session_keyring == &root_session_keyring
131 ) {
132 atomic_inc(&new_user->session_keyring->usage);
133
134 task_lock(current);
135 old = current->session_keyring;
136 current->session_keyring = new_user->session_keyring;
137 task_unlock(current);
138
139 key_put(old);
140 }
141#endif
142
143} /* end switch_uid_keyring() */
144
145/*****************************************************************************/
146/*
147 * install a fresh thread keyring, discarding the old one
148 */
149int install_thread_keyring(struct task_struct *tsk)
150{
151 struct key *keyring, *old;
152 char buf[20];
153 int ret;
154
155 sprintf(buf, "_tid.%u", tsk->pid);
156
7e047ef5
DH		 157 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
158 KEY_ALLOC_QUOTA_OVERRUN, NULL);
1da177e4
LT		 159 if (IS_ERR(keyring)) {
160 ret = PTR_ERR(keyring);
161 goto error;
162 }
163
164 task_lock(tsk);
165 old = tsk->thread_keyring;
166 tsk->thread_keyring = keyring;
167 task_unlock(tsk);
168
169 ret = 0;
170
171 key_put(old);
664cceb0 172error:
1da177e4
LT		 173 return ret;
174
175} /* end install_thread_keyring() */
176
177/*****************************************************************************/
178/*
179 * make sure a process keyring is installed
180 */
3e30148c 181int install_process_keyring(struct task_struct *tsk)
1da177e4 182{
1da177e4
LT		 183 struct key *keyring;
184 char buf[20];
185 int ret;
186
1a26feb9
DH		 187 might_sleep();
188
1da177e4
LT		 189 if (!tsk->signal->process_keyring) {
190 sprintf(buf, "_pid.%u", tsk->tgid);
191
7e047ef5
DH		 192 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
193 KEY_ALLOC_QUOTA_OVERRUN, NULL);
1da177e4
LT		 194 if (IS_ERR(keyring)) {
195 ret = PTR_ERR(keyring);
196 goto error;
197 }
198
8589b4e0 199 /* attach keyring */
1a26feb9 200 spin_lock_irq(&tsk->sighand->siglock);
1da177e4
LT		 201 if (!tsk->signal->process_keyring) {
202 tsk->signal->process_keyring = keyring;
203 keyring = NULL;
204 }
1a26feb9 205 spin_unlock_irq(&tsk->sighand->siglock);
1da177e4
LT		 206
207 key_put(keyring);
208 }
209
210 ret = 0;
664cceb0 211error:
1da177e4
LT		 212 return ret;
213
214} /* end install_process_keyring() */
215
216/*****************************************************************************/
217/*
218 * install a session keyring, discarding the old one
219 * - if a keyring is not supplied, an empty one is invented
220 */
221static int install_session_keyring(struct task_struct *tsk,
222 struct key *keyring)
223{
7e047ef5 224 unsigned long flags;
1da177e4
LT		 225 struct key *old;
226 char buf[20];
1a26feb9
DH		 227
228 might_sleep();
1da177e4
LT		 229
230 /* create an empty session keyring */
231 if (!keyring) {
232 sprintf(buf, "_ses.%u", tsk->tgid);
233
7e047ef5
DH		 234 flags = KEY_ALLOC_QUOTA_OVERRUN;
235 if (tsk->signal->session_keyring)
236 flags = KEY_ALLOC_IN_QUOTA;
237
238 keyring = keyring_alloc(buf, tsk->uid, tsk->gid, tsk,
239 flags, NULL);
1a26feb9
DH		 240 if (IS_ERR(keyring))
241 return PTR_ERR(keyring);
1da177e4
LT		 242 }
243 else {
244 atomic_inc(&keyring->usage);
245 }
246
247 /* install the keyring */
1a26feb9
DH		 248 spin_lock_irq(&tsk->sighand->siglock);
249 old = tsk->signal->session_keyring;
8589b4e0 250 rcu_assign_pointer(tsk->signal->session_keyring, keyring);
1a26feb9 251 spin_unlock_irq(&tsk->sighand->siglock);
1da177e4 252
1a26feb9
DH		 253 /* we're using RCU on the pointer, but there's no point synchronising
254 * on it if it didn't previously point to anything */
255 if (old) {
256 synchronize_rcu();
257 key_put(old);
258 }
1da177e4 259
1a26feb9 260 return 0;
1da177e4
LT		 261
262} /* end install_session_keyring() */
263
264/*****************************************************************************/
265/*
266 * copy the keys in a thread group for fork without CLONE_THREAD
267 */
268int copy_thread_group_keys(struct task_struct *tsk)
269{
1da177e4
LT		 270 key_check(current->thread_group->session_keyring);
271 key_check(current->thread_group->process_keyring);
272
273 /* no process keyring yet */
274 tsk->signal->process_keyring = NULL;
275
276 /* same session keyring */
8589b4e0 277 rcu_read_lock();
1da177e4 278 tsk->signal->session_keyring =
8589b4e0
DH		 279 key_get(rcu_dereference(current->signal->session_keyring));
280 rcu_read_unlock();
1da177e4
LT		 281
282 return 0;
283
284} /* end copy_thread_group_keys() */
285
286/*****************************************************************************/
287/*
288 * copy the keys for fork
289 */
290int copy_keys(unsigned long clone_flags, struct task_struct *tsk)
291{
292 key_check(tsk->thread_keyring);
b5f545c8 293 key_check(tsk->request_key_auth);
1da177e4
LT		 294
295 /* no thread keyring yet */
296 tsk->thread_keyring = NULL;
b5f545c8
DH		 297
298 /* copy the request_key() authorisation for this thread */
299 key_get(tsk->request_key_auth);
300
1da177e4
LT		 301 return 0;
302
303} /* end copy_keys() */
304
305/*****************************************************************************/
306/*
307 * dispose of thread group keys upon thread group destruction
308 */
309void exit_thread_group_keys(struct signal_struct *tg)
310{
311 key_put(tg->session_keyring);
312 key_put(tg->process_keyring);
313
314} /* end exit_thread_group_keys() */
315
316/*****************************************************************************/
317/*
b5f545c8 318 * dispose of per-thread keys upon thread exit
1da177e4
LT		 319 */
320void exit_keys(struct task_struct *tsk)
321{
322 key_put(tsk->thread_keyring);
b5f545c8 323 key_put(tsk->request_key_auth);
1da177e4
LT		 324
325} /* end exit_keys() */
326
327/*****************************************************************************/
328/*
329 * deal with execve()
330 */
331int exec_keys(struct task_struct *tsk)
332{
1da177e4
LT		 333 struct key *old;
334
335 /* newly exec'd tasks don't get a thread keyring */
336 task_lock(tsk);
337 old = tsk->thread_keyring;
338 tsk->thread_keyring = NULL;
339 task_unlock(tsk);
340
341 key_put(old);
342
343 /* discard the process keyring from a newly exec'd task */
1a26feb9 344 spin_lock_irq(&tsk->sighand->siglock);
1da177e4
LT		 345 old = tsk->signal->process_keyring;
346 tsk->signal->process_keyring = NULL;
1a26feb9 347 spin_unlock_irq(&tsk->sighand->siglock);
1da177e4
LT		 348
349 key_put(old);
350
351 return 0;
352
353} /* end exec_keys() */
354
355/*****************************************************************************/
356/*
357 * deal with SUID programs
358 * - we might want to make this invent a new session keyring
359 */
360int suid_keys(struct task_struct *tsk)
361{
362 return 0;
363
364} /* end suid_keys() */
365
366/*****************************************************************************/
367/*
368 * the filesystem user ID changed
369 */
370void key_fsuid_changed(struct task_struct *tsk)
371{
372 /* update the ownership of the thread keyring */
373 if (tsk->thread_keyring) {
374 down_write(&tsk->thread_keyring->sem);
1da177e4 375 tsk->thread_keyring->uid = tsk->fsuid;
1da177e4
LT		 376 up_write(&tsk->thread_keyring->sem);
377 }
378
379} /* end key_fsuid_changed() */
380
381/*****************************************************************************/
382/*
383 * the filesystem group ID changed
384 */
385void key_fsgid_changed(struct task_struct *tsk)
386{
387 /* update the ownership of the thread keyring */
388 if (tsk->thread_keyring) {
389 down_write(&tsk->thread_keyring->sem);
1da177e4 390 tsk->thread_keyring->gid = tsk->fsgid;
1da177e4
LT		 391 up_write(&tsk->thread_keyring->sem);
392 }
393
394} /* end key_fsgid_changed() */
395
396/*****************************************************************************/
397/*
398 * search the process keyrings for the first matching key
399 * - we use the supplied match function to see if the description (or other
400 * feature of interest) matches
401 * - we return -EAGAIN if we didn't find any matching key
402 * - we return -ENOKEY if we found only negative matching keys
403 */
664cceb0
DH		 404key_ref_t search_process_keyrings(struct key_type *type,
405 const void *description,
406 key_match_func_t match,
407 struct task_struct *context)
1da177e4 408{
3e30148c 409 struct request_key_auth *rka;
b5f545c8 410 key_ref_t key_ref, ret, err;
1da177e4 411
04c567d9
DH		 412 might_sleep();
413
1da177e4
LT		 414 /* we want to return -EAGAIN or -ENOKEY if any of the keyrings were
415 * searchable, but we failed to find a key or we found a negative key;
416 * otherwise we want to return a sample error (probably -EACCES) if
417 * none of the keyrings were searchable
418 *
419 * in terms of priority: success > -ENOKEY > -EAGAIN > other error
420 */
664cceb0 421 key_ref = NULL;
1da177e4
LT		 422 ret = NULL;
423 err = ERR_PTR(-EAGAIN);
424
425 /* search the thread keyring first */
3e30148c 426 if (context->thread_keyring) {
664cceb0
DH		 427 key_ref = keyring_search_aux(
428 make_key_ref(context->thread_keyring, 1),
429 context, type, description, match);
430 if (!IS_ERR(key_ref))
1da177e4
LT		 431 goto found;
432
664cceb0 433 switch (PTR_ERR(key_ref)) {
1da177e4
LT		 434 case -EAGAIN: /* no key */
435 if (ret)
436 break;
437 case -ENOKEY: /* negative key */
664cceb0 438 ret = key_ref;
1da177e4
LT		 439 break;
440 default:
664cceb0 441 err = key_ref;
1da177e4
LT		 442 break;
443 }
444 }
445
446 /* search the process keyring second */
3e30148c 447 if (context->signal->process_keyring) {
664cceb0
DH		 448 key_ref = keyring_search_aux(
449 make_key_ref(context->signal->process_keyring, 1),
450 context, type, description, match);
451 if (!IS_ERR(key_ref))
1da177e4
LT		 452 goto found;
453
664cceb0 454 switch (PTR_ERR(key_ref)) {
1da177e4
LT		 455 case -EAGAIN: /* no key */
456 if (ret)
457 break;
458 case -ENOKEY: /* negative key */
664cceb0 459 ret = key_ref;
1da177e4
LT		 460 break;
461 default:
664cceb0 462 err = key_ref;
1da177e4
LT		 463 break;
464 }
465 }
466
3e30148c
DH		 467 /* search the session keyring */
468 if (context->signal->session_keyring) {
8589b4e0 469 rcu_read_lock();
664cceb0
DH		 470 key_ref = keyring_search_aux(
471 make_key_ref(rcu_dereference(
472 context->signal->session_keyring),
473 1),
3e30148c 474 context, type, description, match);
8589b4e0 475 rcu_read_unlock();
3e30148c 476
664cceb0 477 if (!IS_ERR(key_ref))
3e30148c
DH		 478 goto found;
479
664cceb0 480 switch (PTR_ERR(key_ref)) {
3e30148c
DH		 481 case -EAGAIN: /* no key */
482 if (ret)
483 break;
484 case -ENOKEY: /* negative key */
664cceb0 485 ret = key_ref;
3e30148c
DH		 486 break;
487 default:
664cceb0 488 err = key_ref;
3e30148c
DH		 489 break;
490 }
b5f545c8
DH		 491 }
492 /* or search the user-session keyring */
69664cf1 493 else if (context->user->session_keyring) {
b5f545c8
DH		 494 key_ref = keyring_search_aux(
495 make_key_ref(context->user->session_keyring, 1),
496 context, type, description, match);
664cceb0 497 if (!IS_ERR(key_ref))
3e30148c
DH		 498 goto found;
499
664cceb0 500 switch (PTR_ERR(key_ref)) {
3e30148c
DH		 501 case -EAGAIN: /* no key */
502 if (ret)
503 break;
504 case -ENOKEY: /* negative key */
664cceb0 505 ret = key_ref;
3e30148c
DH		 506 break;
507 default:
664cceb0 508 err = key_ref;
3e30148c
DH		 509 break;
510 }
8589b4e0 511 }
b5f545c8
DH		 512
513 /* if this process has an instantiation authorisation key, then we also
514 * search the keyrings of the process mentioned there
515 * - we don't permit access to request_key auth keys via this method
516 */
517 if (context->request_key_auth &&
518 context == current &&
04c567d9 519 type != &key_type_request_key_auth
b5f545c8 520 ) {
04c567d9
DH		 521 /* defend against the auth key being revoked */
522 down_read(&context->request_key_auth->sem);
b5f545c8 523
04c567d9
DH		 524 if (key_validate(context->request_key_auth) == 0) {
525 rka = context->request_key_auth->payload.data;
b5f545c8 526
04c567d9
DH		 527 key_ref = search_process_keyrings(type, description,
528 match, rka->context);
1da177e4 529
04c567d9
DH		 530 up_read(&context->request_key_auth->sem);
531
532 if (!IS_ERR(key_ref))
533 goto found;
534
535 switch (PTR_ERR(key_ref)) {
536 case -EAGAIN: /* no key */
537 if (ret)
538 break;
539 case -ENOKEY: /* negative key */
540 ret = key_ref;
3e30148c 541 break;
04c567d9
DH		 542 default:
543 err = key_ref;
544 break;
545 }
546 } else {
547 up_read(&context->request_key_auth->sem);
3e30148c 548 }
1da177e4
LT		 549 }
550
551 /* no key - decide on the error we're going to go for */
664cceb0 552 key_ref = ret ? ret : err;
1da177e4 553
3e30148c 554found:
664cceb0 555 return key_ref;
1da177e4 556
1da177e4
LT		 557} /* end search_process_keyrings() */
558
664cceb0
DH		 559/*****************************************************************************/
560/*
561 * see if the key we're looking at is the target key
562 */
563static int lookup_user_key_possessed(const struct key *key, const void *target)
564{
565 return key == target;
566
567} /* end lookup_user_key_possessed() */
568
1da177e4
LT		 569/*****************************************************************************/
570/*
571 * lookup a key given a key ID from userspace with a given permissions mask
572 * - don't create special keyrings unless so requested
573 * - partially constructed keys aren't found unless requested
574 */
664cceb0
DH		 575key_ref_t lookup_user_key(struct task_struct *context, key_serial_t id,
576 int create, int partial, key_perm_t perm)
1da177e4 577{
664cceb0 578 key_ref_t key_ref, skey_ref;
1da177e4
LT		 579 struct key *key;
580 int ret;
581
3e30148c
DH		 582 if (!context)
583 context = current;
584
664cceb0 585 key_ref = ERR_PTR(-ENOKEY);
1da177e4
LT		 586
587 switch (id) {
588 case KEY_SPEC_THREAD_KEYRING:
3e30148c 589 if (!context->thread_keyring) {
1da177e4
LT		 590 if (!create)
591 goto error;
592
3e30148c 593 ret = install_thread_keyring(context);
1da177e4
LT		 594 if (ret < 0) {
595 key = ERR_PTR(ret);
596 goto error;
597 }
598 }
599
3e30148c 600 key = context->thread_keyring;
1da177e4 601 atomic_inc(&key->usage);
664cceb0 602 key_ref = make_key_ref(key, 1);
1da177e4
LT		 603 break;
604
605 case KEY_SPEC_PROCESS_KEYRING:
3e30148c 606 if (!context->signal->process_keyring) {
1da177e4
LT		 607 if (!create)
608 goto error;
609
3e30148c 610 ret = install_process_keyring(context);
1da177e4
LT		 611 if (ret < 0) {
612 key = ERR_PTR(ret);
613 goto error;
614 }
615 }
616
3e30148c 617 key = context->signal->process_keyring;
1da177e4 618 atomic_inc(&key->usage);
664cceb0 619 key_ref = make_key_ref(key, 1);
1da177e4
LT		 620 break;
621
622 case KEY_SPEC_SESSION_KEYRING:
3e30148c 623 if (!context->signal->session_keyring) {
1da177e4
LT		 624 /* always install a session keyring upon access if one
625 * doesn't exist yet */
69664cf1
DH		 626 ret = install_user_keyrings(context);
627 if (ret < 0)
628 goto error;
1da177e4 629 ret = install_session_keyring(
664cceb0 630 context, context->user->session_keyring);
1da177e4
LT		 631 if (ret < 0)
632 goto error;
633 }
634
3e30148c
DH		 635 rcu_read_lock();
636 key = rcu_dereference(context->signal->session_keyring);
1da177e4 637 atomic_inc(&key->usage);
3e30148c 638 rcu_read_unlock();
664cceb0 639 key_ref = make_key_ref(key, 1);
1da177e4
LT		 640 break;
641
642 case KEY_SPEC_USER_KEYRING:
69664cf1
DH		 643 if (!context->user->uid_keyring) {
644 ret = install_user_keyrings(context);
645 if (ret < 0)
646 goto error;
647 }
648
3e30148c 649 key = context->user->uid_keyring;
1da177e4 650 atomic_inc(&key->usage);
664cceb0 651 key_ref = make_key_ref(key, 1);
1da177e4
LT		 652 break;
653
654 case KEY_SPEC_USER_SESSION_KEYRING:
69664cf1
DH		 655 if (!context->user->session_keyring) {
656 ret = install_user_keyrings(context);
657 if (ret < 0)
658 goto error;
659 }
660
3e30148c 661 key = context->user->session_keyring;
1da177e4 662 atomic_inc(&key->usage);
664cceb0 663 key_ref = make_key_ref(key, 1);
1da177e4
LT		 664 break;
665
666 case KEY_SPEC_GROUP_KEYRING:
667 /* group keyrings are not yet supported */
668 key = ERR_PTR(-EINVAL);
669 goto error;
670
b5f545c8
DH		 671 case KEY_SPEC_REQKEY_AUTH_KEY:
672 key = context->request_key_auth;
673 if (!key)
674 goto error;
675
676 atomic_inc(&key->usage);
677 key_ref = make_key_ref(key, 1);
678 break;
679
1da177e4 680 default:
664cceb0 681 key_ref = ERR_PTR(-EINVAL);
1da177e4
LT		 682 if (id < 1)
683 goto error;
684
685 key = key_lookup(id);
664cceb0 686 if (IS_ERR(key)) {
e231c2ee 687 key_ref = ERR_CAST(key);
1da177e4 688 goto error;
664cceb0
DH		 689 }
690
691 key_ref = make_key_ref(key, 0);
692
693 /* check to see if we possess the key */
694 skey_ref = search_process_keyrings(key->type, key,
695 lookup_user_key_possessed,
696 current);
697
698 if (!IS_ERR(skey_ref)) {
699 key_put(key);
700 key_ref = skey_ref;
701 }
702
1da177e4
LT		 703 break;
704 }
705
76181c13
DH		 706 if (!partial) {
707 ret = wait_for_key_construction(key, true);
708 switch (ret) {
709 case -ERESTARTSYS:
710 goto invalid_key;
711 default:
712 if (perm)
713 goto invalid_key;
714 case 0:
715 break;
716 }
717 } else if (perm) {
1da177e4
LT		 718 ret = key_validate(key);
719 if (ret < 0)
720 goto invalid_key;
721 }
722
723 ret = -EIO;
76d8aeab 724 if (!partial && !test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
1da177e4
LT		 725 goto invalid_key;
726
3e30148c 727 /* check the permissions */
29db9190
DH		 728 ret = key_task_permission(key_ref, context, perm);
729 if (ret < 0)
1da177e4
LT		 730 goto invalid_key;
731
664cceb0
DH		 732error:
733 return key_ref;
1da177e4 734
664cceb0
DH		 735invalid_key:
736 key_ref_put(key_ref);
737 key_ref = ERR_PTR(ret);
1da177e4
LT		 738 goto error;
739
740} /* end lookup_user_key() */
741
742/*****************************************************************************/
743/*
744 * join the named keyring as the session keyring if possible, or attempt to
745 * create a new one of that name if not
746 * - if the name is NULL, an empty anonymous keyring is installed instead
747 * - named session keyring joining is done with a semaphore held
748 */
749long join_session_keyring(const char *name)
750{
751 struct task_struct *tsk = current;
1da177e4
LT		 752 struct key *keyring;
753 long ret;
754
755 /* if no name is provided, install an anonymous keyring */
756 if (!name) {
757 ret = install_session_keyring(tsk, NULL);
758 if (ret < 0)
759 goto error;
760
3e30148c
DH		 761 rcu_read_lock();
762 ret = rcu_dereference(tsk->signal->session_keyring)->serial;
763 rcu_read_unlock();
1da177e4
LT		 764 goto error;
765 }
766
767 /* allow the user to join or create a named keyring */
bb003079 768 mutex_lock(&key_session_mutex);
1da177e4
LT		 769
770 /* look for an existing keyring of this name */
69664cf1 771 keyring = find_keyring_by_name(name, false);
1da177e4
LT		 772 if (PTR_ERR(keyring) == -ENOKEY) {
773 /* not found - try and create a new one */
7e047ef5
DH		 774 keyring = keyring_alloc(name, tsk->uid, tsk->gid, tsk,
775 KEY_ALLOC_IN_QUOTA, NULL);
1da177e4
LT		 776 if (IS_ERR(keyring)) {
777 ret = PTR_ERR(keyring);
bcf945d3 778 goto error2;
1da177e4
LT		 779 }
780 }
781 else if (IS_ERR(keyring)) {
782 ret = PTR_ERR(keyring);
783 goto error2;
784 }
785
786 /* we've got a keyring - now to install it */
787 ret = install_session_keyring(tsk, keyring);
788 if (ret < 0)
789 goto error2;
790
791 ret = keyring->serial;
792 key_put(keyring);
793
664cceb0 794error2:
bb003079 795 mutex_unlock(&key_session_mutex);
664cceb0 796error:
1da177e4
LT		 797 return ret;
798
799} /* end join_session_keyring() */
Linux kernel - Deliverables
This page took 0.403979 seconds and 5 git commands to generate.