1 /* Task credentials management
3 * Copyright (C) 2008 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public Licence
8 * as published by the Free Software Foundation; either version
9 * 2 of the Licence, or (at your option) any later version.
11 #include <linux/module.h>
12 #include <linux/cred.h>
13 #include <linux/sched.h>
14 #include <linux/key.h>
15 #include <linux/keyctl.h>
16 #include <linux/init_task.h>
17 #include <linux/security.h>
18 #include <linux/cn_proc.h>
19 #include "cred-internals.h"
21 static struct kmem_cache
*cred_jar
;
24 * The common credentials for the initial task's thread group
27 static struct thread_group_cred init_tgcred
= {
28 .usage
= ATOMIC_INIT(2),
30 .lock
= SPIN_LOCK_UNLOCKED
,
35 * The initial credentials for the initial task
37 struct cred init_cred
= {
38 .usage
= ATOMIC_INIT(3),
39 .securebits
= SECUREBITS_DEFAULT
,
40 .cap_inheritable
= CAP_INIT_INH_SET
,
41 .cap_permitted
= CAP_FULL_SET
,
42 .cap_effective
= CAP_INIT_EFF_SET
,
43 .cap_bset
= CAP_INIT_BSET
,
45 .group_info
= &init_groups
,
47 .tgcred
= &init_tgcred
,
52 * Dispose of the shared task group credentials
55 static void release_tgcred_rcu(struct rcu_head
*rcu
)
57 struct thread_group_cred
*tgcred
=
58 container_of(rcu
, struct thread_group_cred
, rcu
);
60 BUG_ON(atomic_read(&tgcred
->usage
) != 0);
62 key_put(tgcred
->session_keyring
);
63 key_put(tgcred
->process_keyring
);
69 * Release a set of thread group credentials.
71 void release_tgcred(struct cred
*cred
)
74 struct thread_group_cred
*tgcred
= cred
->tgcred
;
76 if (atomic_dec_and_test(&tgcred
->usage
))
77 call_rcu(&tgcred
->rcu
, release_tgcred_rcu
);
82 * The RCU callback to actually dispose of a set of credentials
84 static void put_cred_rcu(struct rcu_head
*rcu
)
86 struct cred
*cred
= container_of(rcu
, struct cred
, rcu
);
88 if (atomic_read(&cred
->usage
) != 0)
89 panic("CRED: put_cred_rcu() sees %p with usage %d\n",
90 cred
, atomic_read(&cred
->usage
));
92 security_cred_free(cred
);
93 key_put(cred
->thread_keyring
);
94 key_put(cred
->request_key_auth
);
96 put_group_info(cred
->group_info
);
98 kmem_cache_free(cred_jar
, cred
);
102 * __put_cred - Destroy a set of credentials
103 * @cred: The record to release
105 * Destroy a set of credentials on which no references remain.
107 void __put_cred(struct cred
*cred
)
109 BUG_ON(atomic_read(&cred
->usage
) != 0);
111 call_rcu(&cred
->rcu
, put_cred_rcu
);
113 EXPORT_SYMBOL(__put_cred
);
116 * prepare_creds - Prepare a new set of credentials for modification
118 * Prepare a new set of task credentials for modification. A task's creds
119 * shouldn't generally be modified directly, therefore this function is used to
120 * prepare a new copy, which the caller then modifies and then commits by
121 * calling commit_creds().
123 * Returns a pointer to the new creds-to-be if successful, NULL otherwise.
125 * Call commit_creds() or abort_creds() to clean up.
127 struct cred
*prepare_creds(void)
129 struct task_struct
*task
= current
;
130 const struct cred
*old
;
133 BUG_ON(atomic_read(&task
->cred
->usage
) < 1);
135 new = kmem_cache_alloc(cred_jar
, GFP_KERNEL
);
140 memcpy(new, old
, sizeof(struct cred
));
142 atomic_set(&new->usage
, 1);
143 get_group_info(new->group_info
);
147 key_get(new->thread_keyring
);
148 key_get(new->request_key_auth
);
149 atomic_inc(&new->tgcred
->usage
);
152 #ifdef CONFIG_SECURITY
153 new->security
= NULL
;
156 if (security_prepare_creds(new, old
, GFP_KERNEL
) < 0)
164 EXPORT_SYMBOL(prepare_creds
);
167 * prepare new credentials for the usermode helper dispatcher
169 struct cred
*prepare_usermodehelper_creds(void)
172 struct thread_group_cred
*tgcred
= NULL
;
177 tgcred
= kzalloc(sizeof(*new->tgcred
), GFP_ATOMIC
);
182 new = kmem_cache_alloc(cred_jar
, GFP_ATOMIC
);
186 memcpy(new, &init_cred
, sizeof(struct cred
));
188 atomic_set(&new->usage
, 1);
189 get_group_info(new->group_info
);
193 new->thread_keyring
= NULL
;
194 new->request_key_auth
= NULL
;
195 new->jit_keyring
= KEY_REQKEY_DEFL_DEFAULT
;
197 atomic_set(&tgcred
->usage
, 1);
198 spin_lock_init(&tgcred
->lock
);
199 new->tgcred
= tgcred
;
202 #ifdef CONFIG_SECURITY
203 new->security
= NULL
;
205 if (security_prepare_creds(new, &init_cred
, GFP_ATOMIC
) < 0)
208 BUG_ON(atomic_read(&new->usage
) != 1);
217 * Copy credentials for the new process created by fork()
219 * We share if we can, but under some circumstances we have to generate a new
222 int copy_creds(struct task_struct
*p
, unsigned long clone_flags
)
225 struct thread_group_cred
*tgcred
;
229 mutex_init(&p
->cred_exec_mutex
);
233 !p
->cred
->thread_keyring
&&
235 clone_flags
& CLONE_THREAD
238 atomic_inc(&p
->cred
->user
->processes
);
242 new = prepare_creds();
247 /* new threads get their own thread keyrings if their parent already
249 if (new->thread_keyring
) {
250 key_put(new->thread_keyring
);
251 new->thread_keyring
= NULL
;
252 if (clone_flags
& CLONE_THREAD
)
253 install_thread_keyring_to_cred(new);
256 /* we share the process and session keyrings between all the threads in
257 * a process - this is slightly icky as we violate COW credentials a
259 if (!(clone_flags
& CLONE_THREAD
)) {
260 tgcred
= kmalloc(sizeof(*tgcred
), GFP_KERNEL
);
265 atomic_set(&tgcred
->usage
, 1);
266 spin_lock_init(&tgcred
->lock
);
267 tgcred
->process_keyring
= NULL
;
268 tgcred
->session_keyring
= key_get(new->tgcred
->session_keyring
);
271 new->tgcred
= tgcred
;
275 atomic_inc(&new->user
->processes
);
281 * commit_creds - Install new credentials upon the current task
282 * @new: The credentials to be assigned
284 * Install a new set of credentials to the current task, using RCU to replace
287 * This function eats the caller's reference to the new credentials.
289 * Always returns 0 thus allowing this function to be tail-called at the end
290 * of, say, sys_setgid().
292 int commit_creds(struct cred
*new)
294 struct task_struct
*task
= current
;
295 const struct cred
*old
;
297 BUG_ON(atomic_read(&new->usage
) < 1);
298 BUG_ON(atomic_read(&task
->cred
->usage
) < 1);
301 security_commit_creds(new, old
);
303 /* dumpability changes */
304 if (old
->euid
!= new->euid
||
305 old
->egid
!= new->egid
||
306 old
->fsuid
!= new->fsuid
||
307 old
->fsgid
!= new->fsgid
||
308 !cap_issubset(new->cap_permitted
, old
->cap_permitted
)) {
309 set_dumpable(task
->mm
, suid_dumpable
);
310 task
->pdeath_signal
= 0;
314 /* alter the thread keyring */
315 if (new->fsuid
!= old
->fsuid
)
316 key_fsuid_changed(task
);
317 if (new->fsgid
!= old
->fsgid
)
318 key_fsgid_changed(task
);
321 * - What if a process setreuid()'s and this brings the
322 * new uid over his NPROC rlimit? We can check this now
323 * cheaply with the new uid cache, so if it matters
324 * we should be checking for it. -DaveM
326 if (new->user
!= old
->user
)
327 atomic_inc(&new->user
->processes
);
328 rcu_assign_pointer(task
->cred
, new);
329 if (new->user
!= old
->user
)
330 atomic_dec(&old
->user
->processes
);
332 sched_switch_user(task
);
334 /* send notifications */
335 if (new->uid
!= old
->uid
||
336 new->euid
!= old
->euid
||
337 new->suid
!= old
->suid
||
338 new->fsuid
!= old
->fsuid
)
339 proc_id_connector(task
, PROC_EVENT_UID
);
341 if (new->gid
!= old
->gid
||
342 new->egid
!= old
->egid
||
343 new->sgid
!= old
->sgid
||
344 new->fsgid
!= old
->fsgid
)
345 proc_id_connector(task
, PROC_EVENT_GID
);
350 EXPORT_SYMBOL(commit_creds
);
353 * abort_creds - Discard a set of credentials and unlock the current task
354 * @new: The credentials that were going to be applied
356 * Discard a set of credentials that were under construction and unlock the
359 void abort_creds(struct cred
*new)
361 BUG_ON(atomic_read(&new->usage
) < 1);
364 EXPORT_SYMBOL(abort_creds
);
367 * override_creds - Temporarily override the current process's credentials
368 * @new: The credentials to be assigned
370 * Install a set of temporary override credentials on the current process,
371 * returning the old set for later reversion.
373 const struct cred
*override_creds(const struct cred
*new)
375 const struct cred
*old
= current
->cred
;
377 rcu_assign_pointer(current
->cred
, get_cred(new));
380 EXPORT_SYMBOL(override_creds
);
383 * revert_creds - Revert a temporary credentials override
384 * @old: The credentials to be restored
386 * Revert a temporary set of override credentials to an old set, discarding the
389 void revert_creds(const struct cred
*old
)
391 const struct cred
*override
= current
->cred
;
393 rcu_assign_pointer(current
->cred
, old
);
396 EXPORT_SYMBOL(revert_creds
);
399 * initialise the credentials stuff
401 void __init
cred_init(void)
403 /* allocate a slab in which we can store credentials */
404 cred_jar
= kmem_cache_create("cred_jar", sizeof(struct cred
),
405 0, SLAB_HWCACHE_ALIGN
|SLAB_PANIC
, NULL
);