]>
Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* request_key.c: request a key from userspace |
2 | * | |
3e30148c | 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
1da177e4 LT |
19 | #include "internal.h" |
20 | ||
21 | struct key_construction { | |
22 | struct list_head link; /* link in construction queue */ | |
23 | struct key *key; /* key being constructed */ | |
24 | }; | |
25 | ||
26 | /* when waiting for someone else's keys, you get added to this */ | |
27 | DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); | |
28 | ||
29 | /*****************************************************************************/ | |
30 | /* | |
31 | * request userspace finish the construction of a key | |
b5f545c8 | 32 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 33 | */ |
b5f545c8 DH |
34 | static int call_sbin_request_key(struct key *key, |
35 | struct key *authkey, | |
36 | const char *op) | |
1da177e4 LT |
37 | { |
38 | struct task_struct *tsk = current; | |
1da177e4 | 39 | key_serial_t prkey, sskey; |
b5f545c8 DH |
40 | struct key *keyring; |
41 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; | |
1da177e4 | 42 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 43 | char desc[20]; |
3e30148c DH |
44 | int ret, i; |
45 | ||
b5f545c8 | 46 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 47 | |
b5f545c8 DH |
48 | /* allocate a new session keyring */ |
49 | sprintf(desc, "_req.%u", key->serial); | |
50 | ||
7e047ef5 DH |
51 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, |
52 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | |
b5f545c8 DH |
53 | if (IS_ERR(keyring)) { |
54 | ret = PTR_ERR(keyring); | |
55 | goto error_alloc; | |
3e30148c | 56 | } |
1da177e4 | 57 | |
b5f545c8 DH |
58 | /* attach the auth key to the session keyring */ |
59 | ret = __key_link(keyring, authkey); | |
60 | if (ret < 0) | |
61 | goto error_link; | |
62 | ||
1da177e4 LT |
63 | /* record the UID and GID */ |
64 | sprintf(uid_str, "%d", current->fsuid); | |
65 | sprintf(gid_str, "%d", current->fsgid); | |
66 | ||
67 | /* we say which key is under construction */ | |
68 | sprintf(key_str, "%d", key->serial); | |
69 | ||
70 | /* we specify the process's default keyrings */ | |
71 | sprintf(keyring_str[0], "%d", | |
72 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); | |
73 | ||
74 | prkey = 0; | |
75 | if (tsk->signal->process_keyring) | |
76 | prkey = tsk->signal->process_keyring->serial; | |
77 | ||
3e30148c | 78 | sprintf(keyring_str[1], "%d", prkey); |
1da177e4 | 79 | |
3e30148c DH |
80 | if (tsk->signal->session_keyring) { |
81 | rcu_read_lock(); | |
82 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; | |
83 | rcu_read_unlock(); | |
84 | } | |
85 | else { | |
1da177e4 | 86 | sskey = tsk->user->session_keyring->serial; |
3e30148c | 87 | } |
1da177e4 | 88 | |
1da177e4 LT |
89 | sprintf(keyring_str[2], "%d", sskey); |
90 | ||
91 | /* set up a minimal environment */ | |
92 | i = 0; | |
93 | envp[i++] = "HOME=/"; | |
94 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
95 | envp[i] = NULL; | |
96 | ||
97 | /* set up the argument list */ | |
98 | i = 0; | |
99 | argv[i++] = "/sbin/request-key"; | |
100 | argv[i++] = (char *) op; | |
101 | argv[i++] = key_str; | |
102 | argv[i++] = uid_str; | |
103 | argv[i++] = gid_str; | |
104 | argv[i++] = keyring_str[0]; | |
105 | argv[i++] = keyring_str[1]; | |
106 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
107 | argv[i] = NULL; |
108 | ||
109 | /* do it */ | |
b5f545c8 | 110 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1); |
3e30148c | 111 | |
b5f545c8 DH |
112 | error_link: |
113 | key_put(keyring); | |
3e30148c | 114 | |
b5f545c8 | 115 | error_alloc: |
3e30148c DH |
116 | kleave(" = %d", ret); |
117 | return ret; | |
1da177e4 | 118 | |
b5f545c8 | 119 | } /* end call_sbin_request_key() */ |
1da177e4 LT |
120 | |
121 | /*****************************************************************************/ | |
122 | /* | |
123 | * call out to userspace for the key | |
124 | * - called with the construction sem held, but the sem is dropped here | |
125 | * - we ignore program failure and go on key status instead | |
126 | */ | |
127 | static struct key *__request_key_construction(struct key_type *type, | |
128 | const char *description, | |
7e047ef5 DH |
129 | const char *callout_info, |
130 | unsigned long flags) | |
1da177e4 | 131 | { |
b5f545c8 | 132 | request_key_actor_t actor; |
1da177e4 LT |
133 | struct key_construction cons; |
134 | struct timespec now; | |
b5f545c8 | 135 | struct key *key, *authkey; |
76d8aeab | 136 | int ret, negated; |
1da177e4 | 137 | |
7e047ef5 | 138 | kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags); |
3e30148c | 139 | |
1da177e4 LT |
140 | /* create a key and add it to the queue */ |
141 | key = key_alloc(type, description, | |
7e047ef5 DH |
142 | current->fsuid, current->fsgid, current, KEY_POS_ALL, |
143 | flags); | |
1da177e4 LT |
144 | if (IS_ERR(key)) |
145 | goto alloc_failed; | |
146 | ||
76d8aeab | 147 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
1da177e4 LT |
148 | |
149 | cons.key = key; | |
150 | list_add_tail(&cons.link, &key->user->consq); | |
151 | ||
152 | /* we drop the construction sem here on behalf of the caller */ | |
153 | up_write(&key_construction_sem); | |
154 | ||
b5f545c8 DH |
155 | /* allocate an authorisation key */ |
156 | authkey = request_key_auth_new(key, callout_info); | |
157 | if (IS_ERR(authkey)) { | |
158 | ret = PTR_ERR(authkey); | |
159 | authkey = NULL; | |
160 | goto alloc_authkey_failed; | |
161 | } | |
162 | ||
1da177e4 | 163 | /* make the call */ |
b5f545c8 DH |
164 | actor = call_sbin_request_key; |
165 | if (type->request_key) | |
166 | actor = type->request_key; | |
167 | ret = actor(key, authkey, "create"); | |
1da177e4 LT |
168 | if (ret < 0) |
169 | goto request_failed; | |
170 | ||
171 | /* if the key wasn't instantiated, then we want to give an error */ | |
172 | ret = -ENOKEY; | |
76d8aeab | 173 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
1da177e4 LT |
174 | goto request_failed; |
175 | ||
b5f545c8 DH |
176 | key_revoke(authkey); |
177 | key_put(authkey); | |
178 | ||
1da177e4 LT |
179 | down_write(&key_construction_sem); |
180 | list_del(&cons.link); | |
181 | up_write(&key_construction_sem); | |
182 | ||
183 | /* also give an error if the key was negatively instantiated */ | |
b5f545c8 | 184 | check_not_negative: |
76d8aeab | 185 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { |
1da177e4 LT |
186 | key_put(key); |
187 | key = ERR_PTR(-ENOKEY); | |
188 | } | |
189 | ||
b5f545c8 | 190 | out: |
3e30148c | 191 | kleave(" = %p", key); |
1da177e4 LT |
192 | return key; |
193 | ||
b5f545c8 DH |
194 | request_failed: |
195 | key_revoke(authkey); | |
196 | key_put(authkey); | |
197 | ||
198 | alloc_authkey_failed: | |
1da177e4 LT |
199 | /* it wasn't instantiated |
200 | * - remove from construction queue | |
201 | * - mark the key as dead | |
202 | */ | |
76d8aeab | 203 | negated = 0; |
1da177e4 LT |
204 | down_write(&key_construction_sem); |
205 | ||
206 | list_del(&cons.link); | |
207 | ||
1da177e4 | 208 | /* check it didn't get instantiated between the check and the down */ |
76d8aeab DH |
209 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { |
210 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); | |
211 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); | |
212 | negated = 1; | |
1da177e4 LT |
213 | } |
214 | ||
76d8aeab DH |
215 | clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
216 | ||
1da177e4 LT |
217 | up_write(&key_construction_sem); |
218 | ||
76d8aeab | 219 | if (!negated) |
1da177e4 LT |
220 | goto check_not_negative; /* surprisingly, the key got |
221 | * instantiated */ | |
222 | ||
223 | /* set the timeout and store in the session keyring if we can */ | |
224 | now = current_kernel_time(); | |
225 | key->expiry = now.tv_sec + key_negative_timeout; | |
226 | ||
227 | if (current->signal->session_keyring) { | |
1da177e4 LT |
228 | struct key *keyring; |
229 | ||
8589b4e0 DH |
230 | rcu_read_lock(); |
231 | keyring = rcu_dereference(current->signal->session_keyring); | |
1da177e4 | 232 | atomic_inc(&keyring->usage); |
8589b4e0 | 233 | rcu_read_unlock(); |
1da177e4 LT |
234 | |
235 | key_link(keyring, key); | |
236 | key_put(keyring); | |
237 | } | |
238 | ||
239 | key_put(key); | |
240 | ||
241 | /* notify anyone who was waiting */ | |
242 | wake_up_all(&request_key_conswq); | |
243 | ||
244 | key = ERR_PTR(ret); | |
245 | goto out; | |
246 | ||
b5f545c8 | 247 | alloc_failed: |
1da177e4 LT |
248 | up_write(&key_construction_sem); |
249 | goto out; | |
250 | ||
251 | } /* end __request_key_construction() */ | |
252 | ||
253 | /*****************************************************************************/ | |
254 | /* | |
255 | * call out to userspace to request the key | |
256 | * - we check the construction queue first to see if an appropriate key is | |
257 | * already being constructed by userspace | |
258 | */ | |
259 | static struct key *request_key_construction(struct key_type *type, | |
260 | const char *description, | |
261 | struct key_user *user, | |
7e047ef5 DH |
262 | const char *callout_info, |
263 | unsigned long flags) | |
1da177e4 LT |
264 | { |
265 | struct key_construction *pcons; | |
266 | struct key *key, *ckey; | |
267 | ||
268 | DECLARE_WAITQUEUE(myself, current); | |
269 | ||
7e047ef5 DH |
270 | kenter("%s,%s,{%d},%s,%lx", |
271 | type->name, description, user->uid, callout_info, flags); | |
3e30148c | 272 | |
1da177e4 LT |
273 | /* see if there's such a key under construction already */ |
274 | down_write(&key_construction_sem); | |
275 | ||
276 | list_for_each_entry(pcons, &user->consq, link) { | |
277 | ckey = pcons->key; | |
278 | ||
279 | if (ckey->type != type) | |
280 | continue; | |
281 | ||
282 | if (type->match(ckey, description)) | |
283 | goto found_key_under_construction; | |
284 | } | |
285 | ||
286 | /* see about getting userspace to construct the key */ | |
7e047ef5 DH |
287 | key = __request_key_construction(type, description, callout_info, |
288 | flags); | |
1da177e4 | 289 | error: |
3e30148c | 290 | kleave(" = %p", key); |
1da177e4 LT |
291 | return key; |
292 | ||
293 | /* someone else has the same key under construction | |
294 | * - we want to keep an eye on their key | |
295 | */ | |
296 | found_key_under_construction: | |
297 | atomic_inc(&ckey->usage); | |
298 | up_write(&key_construction_sem); | |
299 | ||
300 | /* wait for the key to be completed one way or another */ | |
301 | add_wait_queue(&request_key_conswq, &myself); | |
302 | ||
303 | for (;;) { | |
3e30148c | 304 | set_current_state(TASK_INTERRUPTIBLE); |
76d8aeab | 305 | if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags)) |
1da177e4 | 306 | break; |
3e30148c DH |
307 | if (signal_pending(current)) |
308 | break; | |
1da177e4 LT |
309 | schedule(); |
310 | } | |
311 | ||
312 | set_current_state(TASK_RUNNING); | |
313 | remove_wait_queue(&request_key_conswq, &myself); | |
314 | ||
315 | /* we'll need to search this process's keyrings to see if the key is | |
316 | * now there since we can't automatically assume it's also available | |
317 | * there */ | |
318 | key_put(ckey); | |
319 | ckey = NULL; | |
320 | ||
321 | key = NULL; /* request a retry */ | |
322 | goto error; | |
323 | ||
324 | } /* end request_key_construction() */ | |
325 | ||
3e30148c DH |
326 | /*****************************************************************************/ |
327 | /* | |
328 | * link a freshly minted key to an appropriate destination keyring | |
329 | */ | |
330 | static void request_key_link(struct key *key, struct key *dest_keyring) | |
331 | { | |
332 | struct task_struct *tsk = current; | |
333 | struct key *drop = NULL; | |
334 | ||
335 | kenter("{%d},%p", key->serial, dest_keyring); | |
336 | ||
337 | /* find the appropriate keyring */ | |
338 | if (!dest_keyring) { | |
339 | switch (tsk->jit_keyring) { | |
340 | case KEY_REQKEY_DEFL_DEFAULT: | |
341 | case KEY_REQKEY_DEFL_THREAD_KEYRING: | |
342 | dest_keyring = tsk->thread_keyring; | |
343 | if (dest_keyring) | |
344 | break; | |
345 | ||
346 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
347 | dest_keyring = tsk->signal->process_keyring; | |
348 | if (dest_keyring) | |
349 | break; | |
350 | ||
351 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
352 | rcu_read_lock(); | |
353 | dest_keyring = key_get( | |
354 | rcu_dereference(tsk->signal->session_keyring)); | |
355 | rcu_read_unlock(); | |
356 | drop = dest_keyring; | |
357 | ||
358 | if (dest_keyring) | |
359 | break; | |
360 | ||
361 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
362 | dest_keyring = current->user->session_keyring; | |
363 | break; | |
364 | ||
365 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
366 | dest_keyring = current->user->uid_keyring; | |
367 | break; | |
368 | ||
369 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
370 | default: | |
371 | BUG(); | |
372 | } | |
373 | } | |
374 | ||
375 | /* and attach the key to it */ | |
376 | key_link(dest_keyring, key); | |
377 | ||
378 | key_put(drop); | |
379 | ||
380 | kleave(""); | |
381 | ||
382 | } /* end request_key_link() */ | |
383 | ||
1da177e4 LT |
384 | /*****************************************************************************/ |
385 | /* | |
386 | * request a key | |
387 | * - search the process's keyrings | |
388 | * - check the list of keys being created or updated | |
3e30148c DH |
389 | * - call out to userspace for a key if supplementary info was provided |
390 | * - cache the key in an appropriate keyring | |
1da177e4 | 391 | */ |
3e30148c DH |
392 | struct key *request_key_and_link(struct key_type *type, |
393 | const char *description, | |
394 | const char *callout_info, | |
7e047ef5 DH |
395 | struct key *dest_keyring, |
396 | unsigned long flags) | |
1da177e4 LT |
397 | { |
398 | struct key_user *user; | |
399 | struct key *key; | |
664cceb0 | 400 | key_ref_t key_ref; |
1da177e4 | 401 | |
7e047ef5 DH |
402 | kenter("%s,%s,%s,%p,%lx", |
403 | type->name, description, callout_info, dest_keyring, flags); | |
3e30148c | 404 | |
1da177e4 | 405 | /* search all the process keyrings for a key */ |
664cceb0 DH |
406 | key_ref = search_process_keyrings(type, description, type->match, |
407 | current); | |
1da177e4 | 408 | |
664cceb0 DH |
409 | kdebug("search 1: %p", key_ref); |
410 | ||
411 | if (!IS_ERR(key_ref)) { | |
412 | key = key_ref_to_ptr(key_ref); | |
413 | } | |
414 | else if (PTR_ERR(key_ref) != -EAGAIN) { | |
415 | key = ERR_PTR(PTR_ERR(key_ref)); | |
416 | } | |
417 | else { | |
1da177e4 LT |
418 | /* the search failed, but the keyrings were searchable, so we |
419 | * should consult userspace if we can */ | |
420 | key = ERR_PTR(-ENOKEY); | |
421 | if (!callout_info) | |
422 | goto error; | |
423 | ||
424 | /* - get hold of the user's construction queue */ | |
425 | user = key_user_lookup(current->fsuid); | |
3e30148c DH |
426 | if (!user) |
427 | goto nomem; | |
428 | ||
664cceb0 | 429 | for (;;) { |
3e30148c DH |
430 | if (signal_pending(current)) |
431 | goto interrupted; | |
1da177e4 | 432 | |
1da177e4 LT |
433 | /* ask userspace (returns NULL if it waited on a key |
434 | * being constructed) */ | |
435 | key = request_key_construction(type, description, | |
7e047ef5 DH |
436 | user, callout_info, |
437 | flags); | |
1da177e4 LT |
438 | if (key) |
439 | break; | |
440 | ||
441 | /* someone else made the key we want, so we need to | |
442 | * search again as it might now be available to us */ | |
664cceb0 DH |
443 | key_ref = search_process_keyrings(type, description, |
444 | type->match, | |
445 | current); | |
446 | ||
447 | kdebug("search 2: %p", key_ref); | |
3e30148c | 448 | |
664cceb0 DH |
449 | if (!IS_ERR(key_ref)) { |
450 | key = key_ref_to_ptr(key_ref); | |
451 | break; | |
452 | } | |
453 | ||
454 | if (PTR_ERR(key_ref) != -EAGAIN) { | |
455 | key = ERR_PTR(PTR_ERR(key_ref)); | |
456 | break; | |
457 | } | |
458 | } | |
1da177e4 LT |
459 | |
460 | key_user_put(user); | |
3e30148c DH |
461 | |
462 | /* link the new key into the appropriate keyring */ | |
1260f801 | 463 | if (!IS_ERR(key)) |
3e30148c | 464 | request_key_link(key, dest_keyring); |
1da177e4 LT |
465 | } |
466 | ||
3e30148c DH |
467 | error: |
468 | kleave(" = %p", key); | |
1da177e4 LT |
469 | return key; |
470 | ||
3e30148c DH |
471 | nomem: |
472 | key = ERR_PTR(-ENOMEM); | |
473 | goto error; | |
474 | ||
475 | interrupted: | |
476 | key_user_put(user); | |
477 | key = ERR_PTR(-EINTR); | |
478 | goto error; | |
479 | ||
480 | } /* end request_key_and_link() */ | |
481 | ||
482 | /*****************************************************************************/ | |
483 | /* | |
484 | * request a key | |
485 | * - search the process's keyrings | |
486 | * - check the list of keys being created or updated | |
487 | * - call out to userspace for a key if supplementary info was provided | |
488 | */ | |
489 | struct key *request_key(struct key_type *type, | |
490 | const char *description, | |
491 | const char *callout_info) | |
492 | { | |
7e047ef5 DH |
493 | return request_key_and_link(type, description, callout_info, NULL, |
494 | KEY_ALLOC_IN_QUOTA); | |
3e30148c | 495 | |
1da177e4 LT |
496 | } /* end request_key() */ |
497 | ||
498 | EXPORT_SYMBOL(request_key); |