Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* request_key.c: request a key from userspace |
2 | * | |
4e54f085 | 3 | * Copyright (C) 2004-6 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
1da177e4 LT |
19 | #include "internal.h" |
20 | ||
21 | struct key_construction { | |
22 | struct list_head link; /* link in construction queue */ | |
23 | struct key *key; /* key being constructed */ | |
24 | }; | |
25 | ||
26 | /* when waiting for someone else's keys, you get added to this */ | |
27 | DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); | |
28 | ||
29 | /*****************************************************************************/ | |
30 | /* | |
31 | * request userspace finish the construction of a key | |
b5f545c8 | 32 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 33 | */ |
b5f545c8 DH |
34 | static int call_sbin_request_key(struct key *key, |
35 | struct key *authkey, | |
4e54f085 DH |
36 | const char *op, |
37 | void *aux) | |
1da177e4 LT |
38 | { |
39 | struct task_struct *tsk = current; | |
1da177e4 | 40 | key_serial_t prkey, sskey; |
b5f545c8 DH |
41 | struct key *keyring; |
42 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | |
1da177e4 | 43 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 44 | char desc[20]; |
3e30148c DH |
45 | int ret, i; |
46 | ||
b5f545c8 | 47 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 48 | |
b5f545c8 DH |
49 | /* allocate a new session keyring */ |
50 | sprintf(desc, "_req.%u", key->serial); | |
51 | ||
7e047ef5 DH |
52 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, |
53 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
b5f545c8 DH |
54 | if (IS_ERR(keyring)) { |
55 | ret = PTR_ERR(keyring); | |
56 | goto error_alloc; | |
3e30148c | 57 | } |
1da177e4 | 58 | |
b5f545c8 DH |
59 | /* attach the auth key to the session keyring */ |
60 | ret = __key_link(keyring, authkey); | |
61 | if (ret < 0) | |
62 | goto error_link; | |
63 | ||
1da177e4 LT |
64 | /* record the UID and GID */ |
65 | sprintf(uid_str, "%d", current->fsuid); | |
66 | sprintf(gid_str, "%d", current->fsgid); | |
67 | ||
68 | /* we say which key is under construction */ | |
69 | sprintf(key_str, "%d", key->serial); | |
70 | ||
71 | /* we specify the process's default keyrings */ | |
72 | sprintf(keyring_str[0], "%d", | |
73 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | |
74 | ||
75 | prkey = 0; | |
76 | if (tsk->signal->process_keyring) | |
77 | prkey = tsk->signal->process_keyring->serial; | |
78 | ||
3e30148c | 79 | sprintf(keyring_str[1], "%d", prkey); |
1da177e4 | 80 | |
3e30148c DH |
81 | if (tsk->signal->session_keyring) { |
82 | rcu_read_lock(); | |
83 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | |
84 | rcu_read_unlock(); | |
85 | } | |
86 | else { | |
1da177e4 | 87 | sskey = tsk->user->session_keyring->serial; |
3e30148c | 88 | } |
1da177e4 | 89 | |
1da177e4 LT |
90 | sprintf(keyring_str[2], "%d", sskey); |
91 | ||
92 | /* set up a minimal environment */ | |
93 | i = 0; | |
94 | envp[i++] = "HOME=/"; | |
95 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
96 | envp[i] = NULL; | |
97 | ||
98 | /* set up the argument list */ | |
99 | i = 0; | |
100 | argv[i++] = "/sbin/request-key"; | |
101 | argv[i++] = (char *) op; | |
102 | argv[i++] = key_str; | |
103 | argv[i++] = uid_str; | |
104 | argv[i++] = gid_str; | |
105 | argv[i++] = keyring_str[0]; | |
106 | argv[i++] = keyring_str[1]; | |
107 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
108 | argv[i] = NULL; |
109 | ||
110 | /* do it */ | |
b5f545c8 | 111 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1); |
3e30148c | 112 | |
b5f545c8 DH |
113 | error_link: |
114 | key_put(keyring); | |
3e30148c | 115 | |
b5f545c8 | 116 | error_alloc: |
3e30148c DH |
117 | kleave(" = %d", ret); |
118 | return ret; | |
1da177e4 | 119 | |
b5f545c8 | 120 | } /* end call_sbin_request_key() */ |
1da177e4 LT |
121 | |
122 | /*****************************************************************************/ | |
123 | /* | |
124 | * call out to userspace for the key | |
125 | * - called with the construction sem held, but the sem is dropped here | |
126 | * - we ignore program failure and go on key status instead | |
127 | */ | |
128 | static struct key *__request_key_construction(struct key_type *type, | |
129 | const char *description, | |
7e047ef5 | 130 | const char *callout_info, |
4e54f085 | 131 | void *aux, |
7e047ef5 | 132 | unsigned long flags) |
1da177e4 | 133 | { |
b5f545c8 | 134 | request_key_actor_t actor; |
1da177e4 LT |
135 | struct key_construction cons; |
136 | struct timespec now; | |
b5f545c8 | 137 | struct key *key, *authkey; |
76d8aeab | 138 | int ret, negated; |
1da177e4 | 139 | |
7e047ef5 | 140 | kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags); |
3e30148c | 141 | |
1da177e4 LT |
142 | /* create a key and add it to the queue */ |
143 | key = key_alloc(type, description, | |
7e047ef5 DH |
144 | current->fsuid, current->fsgid, current, KEY_POS_ALL, |
145 | flags); | |
1da177e4 LT |
146 | if (IS_ERR(key)) |
147 | goto alloc_failed; | |
148 | ||
76d8aeab | 149 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
1da177e4 LT |
150 | |
151 | cons.key = key; | |
152 | list_add_tail(&cons.link, &key->user->consq); | |
153 | ||
154 | /* we drop the construction sem here on behalf of the caller */ | |
155 | up_write(&key_construction_sem); | |
156 | ||
b5f545c8 DH |
157 | /* allocate an authorisation key */ |
158 | authkey = request_key_auth_new(key, callout_info); | |
159 | if (IS_ERR(authkey)) { | |
160 | ret = PTR_ERR(authkey); | |
161 | authkey = NULL; | |
162 | goto alloc_authkey_failed; | |
163 | } | |
164 | ||
1da177e4 | 165 | /* make the call */ |
b5f545c8 DH |
166 | actor = call_sbin_request_key; |
167 | if (type->request_key) | |
168 | actor = type->request_key; | |
4e54f085 | 169 | ret = actor(key, authkey, "create", aux); |
1da177e4 LT |
170 | if (ret < 0) |
171 | goto request_failed; | |
172 | ||
173 | /* if the key wasn't instantiated, then we want to give an error */ | |
174 | ret = -ENOKEY; | |
76d8aeab | 175 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
1da177e4 LT |
176 | goto request_failed; |
177 | ||
b5f545c8 DH |
178 | key_revoke(authkey); |
179 | key_put(authkey); | |
180 | ||
1da177e4 LT |
181 | down_write(&key_construction_sem); |
182 | list_del(&cons.link); | |
183 | up_write(&key_construction_sem); | |
184 | ||
185 | /* also give an error if the key was negatively instantiated */ | |
b5f545c8 | 186 | check_not_negative: |
76d8aeab | 187 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { |
1da177e4 LT |
188 | key_put(key); |
189 | key = ERR_PTR(-ENOKEY); | |
190 | } | |
191 | ||
b5f545c8 | 192 | out: |
3e30148c | 193 | kleave(" = %p", key); |
1da177e4 LT |
194 | return key; |
195 | ||
b5f545c8 DH |
196 | request_failed: |
197 | key_revoke(authkey); | |
198 | key_put(authkey); | |
199 | ||
200 | alloc_authkey_failed: | |
1da177e4 LT |
201 | /* it wasn't instantiated |
202 | * - remove from construction queue | |
203 | * - mark the key as dead | |
204 | */ | |
76d8aeab | 205 | negated = 0; |
1da177e4 LT |
206 | down_write(&key_construction_sem); |
207 | ||
208 | list_del(&cons.link); | |
209 | ||
1da177e4 | 210 | /* check it didn't get instantiated between the check and the down */ |
76d8aeab DH |
211 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { |
212 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); | |
213 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | |
214 | negated = 1; | |
1da177e4 LT |
215 | } |
216 | ||
76d8aeab DH |
217 | clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
218 | ||
1da177e4 LT |
219 | up_write(&key_construction_sem); |
220 | ||
76d8aeab | 221 | if (!negated) |
1da177e4 LT |
222 | goto check_not_negative; /* surprisingly, the key got |
223 | * instantiated */ | |
224 | ||
225 | /* set the timeout and store in the session keyring if we can */ | |
226 | now = current_kernel_time(); | |
227 | key->expiry = now.tv_sec + key_negative_timeout; | |
228 | ||
229 | if (current->signal->session_keyring) { | |
1da177e4 LT |
230 | struct key *keyring; |
231 | ||
8589b4e0 DH |
232 | rcu_read_lock(); |
233 | keyring = rcu_dereference(current->signal->session_keyring); | |
1da177e4 | 234 | atomic_inc(&keyring->usage); |
8589b4e0 | 235 | rcu_read_unlock(); |
1da177e4 LT |
236 | |
237 | key_link(keyring, key); | |
238 | key_put(keyring); | |
239 | } | |
240 | ||
241 | key_put(key); | |
242 | ||
243 | /* notify anyone who was waiting */ | |
244 | wake_up_all(&request_key_conswq); | |
245 | ||
246 | key = ERR_PTR(ret); | |
247 | goto out; | |
248 | ||
b5f545c8 | 249 | alloc_failed: |
1da177e4 LT |
250 | up_write(&key_construction_sem); |
251 | goto out; | |
252 | ||
253 | } /* end __request_key_construction() */ | |
254 | ||
255 | /*****************************************************************************/ | |
256 | /* | |
257 | * call out to userspace to request the key | |
258 | * - we check the construction queue first to see if an appropriate key is | |
259 | * already being constructed by userspace | |
260 | */ | |
261 | static struct key *request_key_construction(struct key_type *type, | |
262 | const char *description, | |
7e047ef5 | 263 | const char *callout_info, |
4e54f085 DH |
264 | void *aux, |
265 | struct key_user *user, | |
7e047ef5 | 266 | unsigned long flags) |
1da177e4 LT |
267 | { |
268 | struct key_construction *pcons; | |
269 | struct key *key, *ckey; | |
270 | ||
271 | DECLARE_WAITQUEUE(myself, current); | |
272 | ||
7e047ef5 DH |
273 | kenter("%s,%s,{%d},%s,%lx", |
274 | type->name, description, user->uid, callout_info, flags); | |
3e30148c | 275 | |
1da177e4 LT |
276 | /* see if there's such a key under construction already */ |
277 | down_write(&key_construction_sem); | |
278 | ||
279 | list_for_each_entry(pcons, &user->consq, link) { | |
280 | ckey = pcons->key; | |
281 | ||
282 | if (ckey->type != type) | |
283 | continue; | |
284 | ||
285 | if (type->match(ckey, description)) | |
286 | goto found_key_under_construction; | |
287 | } | |
288 | ||
289 | /* see about getting userspace to construct the key */ | |
4e54f085 | 290 | key = __request_key_construction(type, description, callout_info, aux, |
7e047ef5 | 291 | flags); |
1da177e4 | 292 | error: |
3e30148c | 293 | kleave(" = %p", key); |
1da177e4 LT |
294 | return key; |
295 | ||
296 | /* someone else has the same key under construction | |
297 | * - we want to keep an eye on their key | |
298 | */ | |
299 | found_key_under_construction: | |
300 | atomic_inc(&ckey->usage); | |
301 | up_write(&key_construction_sem); | |
302 | ||
303 | /* wait for the key to be completed one way or another */ | |
304 | add_wait_queue(&request_key_conswq, &myself); | |
305 | ||
306 | for (;;) { | |
3e30148c | 307 | set_current_state(TASK_INTERRUPTIBLE); |
76d8aeab | 308 | if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags)) |
1da177e4 | 309 | break; |
3e30148c DH |
310 | if (signal_pending(current)) |
311 | break; | |
1da177e4 LT |
312 | schedule(); |
313 | } | |
314 | ||
315 | set_current_state(TASK_RUNNING); | |
316 | remove_wait_queue(&request_key_conswq, &myself); | |
317 | ||
318 | /* we'll need to search this process's keyrings to see if the key is | |
319 | * now there since we can't automatically assume it's also available | |
320 | * there */ | |
321 | key_put(ckey); | |
322 | ckey = NULL; | |
323 | ||
324 | key = NULL; /* request a retry */ | |
325 | goto error; | |
326 | ||
327 | } /* end request_key_construction() */ | |
328 | ||
3e30148c DH |
329 | /*****************************************************************************/ |
330 | /* | |
331 | * link a freshly minted key to an appropriate destination keyring | |
332 | */ | |
333 | static void request_key_link(struct key *key, struct key *dest_keyring) | |
334 | { | |
335 | struct task_struct *tsk = current; | |
336 | struct key *drop = NULL; | |
337 | ||
338 | kenter("{%d},%p", key->serial, dest_keyring); | |
339 | ||
340 | /* find the appropriate keyring */ | |
341 | if (!dest_keyring) { | |
342 | switch (tsk->jit_keyring) { | |
343 | case KEY_REQKEY_DEFL_DEFAULT: | |
344 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | |
345 | dest_keyring = tsk->thread_keyring; | |
346 | if (dest_keyring) | |
347 | break; | |
348 | ||
349 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
350 | dest_keyring = tsk->signal->process_keyring; | |
351 | if (dest_keyring) | |
352 | break; | |
353 | ||
354 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
355 | rcu_read_lock(); | |
356 | dest_keyring = key_get( | |
357 | rcu_dereference(tsk->signal->session_keyring)); | |
358 | rcu_read_unlock(); | |
359 | drop = dest_keyring; | |
360 | ||
361 | if (dest_keyring) | |
362 | break; | |
363 | ||
364 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
365 | dest_keyring = current->user->session_keyring; | |
366 | break; | |
367 | ||
368 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
369 | dest_keyring = current->user->uid_keyring; | |
370 | break; | |
371 | ||
372 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
373 | default: | |
374 | BUG(); | |
375 | } | |
376 | } | |
377 | ||
378 | /* and attach the key to it */ | |
379 | key_link(dest_keyring, key); | |
380 | ||
381 | key_put(drop); | |
382 | ||
383 | kleave(""); | |
384 | ||
385 | } /* end request_key_link() */ | |
386 | ||
1da177e4 LT |
387 | /*****************************************************************************/ |
388 | /* | |
389 | * request a key | |
390 | * - search the process's keyrings | |
391 | * - check the list of keys being created or updated | |
3e30148c DH |
392 | * - call out to userspace for a key if supplementary info was provided |
393 | * - cache the key in an appropriate keyring | |
1da177e4 | 394 | */ |
3e30148c DH |
395 | struct key *request_key_and_link(struct key_type *type, |
396 | const char *description, | |
397 | const char *callout_info, | |
4e54f085 | 398 | void *aux, |
7e047ef5 DH |
399 | struct key *dest_keyring, |
400 | unsigned long flags) | |
1da177e4 LT |
401 | { |
402 | struct key_user *user; | |
403 | struct key *key; | |
664cceb0 | 404 | key_ref_t key_ref; |
1da177e4 | 405 | |
4e54f085 DH |
406 | kenter("%s,%s,%s,%p,%p,%lx", |
407 | type->name, description, callout_info, aux, | |
408 | dest_keyring, flags); | |
3e30148c | 409 | |
1da177e4 | 410 | /* search all the process keyrings for a key */ |
664cceb0 DH |
411 | key_ref = search_process_keyrings(type, description, type->match, |
412 | current); | |
1da177e4 | 413 | |
664cceb0 DH |
414 | kdebug("search 1: %p", key_ref); |
415 | ||
416 | if (!IS_ERR(key_ref)) { | |
417 | key = key_ref_to_ptr(key_ref); | |
418 | } | |
419 | else if (PTR_ERR(key_ref) != -EAGAIN) { | |
420 | key = ERR_PTR(PTR_ERR(key_ref)); | |
421 | } | |
422 | else { | |
1da177e4 LT |
423 | /* the search failed, but the keyrings were searchable, so we |
424 | * should consult userspace if we can */ | |
425 | key = ERR_PTR(-ENOKEY); | |
426 | if (!callout_info) | |
427 | goto error; | |
428 | ||
429 | /* - get hold of the user's construction queue */ | |
430 | user = key_user_lookup(current->fsuid); | |
3e30148c DH |
431 | if (!user) |
432 | goto nomem; | |
433 | ||
664cceb0 | 434 | for (;;) { |
3e30148c DH |
435 | if (signal_pending(current)) |
436 | goto interrupted; | |
1da177e4 | 437 | |
1da177e4 LT |
438 | /* ask userspace (returns NULL if it waited on a key |
439 | * being constructed) */ | |
440 | key = request_key_construction(type, description, | |
4e54f085 DH |
441 | callout_info, aux, |
442 | user, flags); | |
1da177e4 LT |
443 | if (key) |
444 | break; | |
445 | ||
446 | /* someone else made the key we want, so we need to | |
447 | * search again as it might now be available to us */ | |
664cceb0 DH |
448 | key_ref = search_process_keyrings(type, description, |
449 | type->match, | |
450 | current); | |
451 | ||
452 | kdebug("search 2: %p", key_ref); | |
3e30148c | 453 | |
664cceb0 DH |
454 | if (!IS_ERR(key_ref)) { |
455 | key = key_ref_to_ptr(key_ref); | |
456 | break; | |
457 | } | |
458 | ||
459 | if (PTR_ERR(key_ref) != -EAGAIN) { | |
460 | key = ERR_PTR(PTR_ERR(key_ref)); | |
461 | break; | |
462 | } | |
463 | } | |
1da177e4 LT |
464 | |
465 | key_user_put(user); | |
3e30148c DH |
466 | |
467 | /* link the new key into the appropriate keyring */ | |
1260f801 | 468 | if (!IS_ERR(key)) |
3e30148c | 469 | request_key_link(key, dest_keyring); |
1da177e4 LT |
470 | } |
471 | ||
3e30148c DH |
472 | error: |
473 | kleave(" = %p", key); | |
1da177e4 LT |
474 | return key; |
475 | ||
3e30148c DH |
476 | nomem: |
477 | key = ERR_PTR(-ENOMEM); | |
478 | goto error; | |
479 | ||
480 | interrupted: | |
481 | key_user_put(user); | |
482 | key = ERR_PTR(-EINTR); | |
483 | goto error; | |
484 | ||
485 | } /* end request_key_and_link() */ | |
486 | ||
487 | /*****************************************************************************/ | |
488 | /* | |
489 | * request a key | |
490 | * - search the process's keyrings | |
491 | * - check the list of keys being created or updated | |
492 | * - call out to userspace for a key if supplementary info was provided | |
493 | */ | |
494 | struct key *request_key(struct key_type *type, | |
495 | const char *description, | |
496 | const char *callout_info) | |
497 | { | |
7e047ef5 | 498 | return request_key_and_link(type, description, callout_info, NULL, |
4e54f085 | 499 | NULL, KEY_ALLOC_IN_QUOTA); |
3e30148c | 500 | |
1da177e4 LT |
501 | } /* end request_key() */ |
502 | ||
503 | EXPORT_SYMBOL(request_key); | |
4e54f085 DH |
504 | |
505 | /*****************************************************************************/ | |
506 | /* | |
507 | * request a key with auxiliary data for the upcaller | |
508 | * - search the process's keyrings | |
509 | * - check the list of keys being created or updated | |
510 | * - call out to userspace for a key if supplementary info was provided | |
511 | */ | |
512 | struct key *request_key_with_auxdata(struct key_type *type, | |
513 | const char *description, | |
514 | const char *callout_info, | |
515 | void *aux) | |
516 | { | |
517 | return request_key_and_link(type, description, callout_info, aux, | |
518 | NULL, KEY_ALLOC_IN_QUOTA); | |
519 | ||
520 | } /* end request_key_with_auxdata() */ | |
521 | ||
522 | EXPORT_SYMBOL(request_key_with_auxdata); |