LXR linux/security/keys/request

   1/* Request a key from userspace
   2 *
   3 * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
   4 * Written by David Howells (dhowells@redhat.com)
   5 *
   6 * This program is free software; you can redistribute it and/or
   7 * modify it under the terms of the GNU General Public License
   8 * as published by the Free Software Foundation; either version
   9 * 2 of the License, or (at your option) any later version.
  10 *
  11 * See Documentation/keys-request-key.txt
  12 */
  13
  14#include <linux/module.h>
  15#include <linux/sched.h>
  16#include <linux/kmod.h>
  17#include <linux/err.h>
  18#include <linux/keyctl.h>
  19#include <linux/slab.h>
  20#include "internal.h"
  21
  22#define key_negative_timeout    60      /* default timeout on a negative key's existence */
  23
  24/*
  25 * wait_on_bit() sleep function for uninterruptible waiting
  26 */
  27static int key_wait_bit(void *flags)
  28{
  29        schedule();
  30        return 0;
  31}
  32
  33/*
  34 * wait_on_bit() sleep function for interruptible waiting
  35 */
  36static int key_wait_bit_intr(void *flags)
  37{
  38        schedule();
  39        return signal_pending(current) ? -ERESTARTSYS : 0;
  40}
  41
  42/*
  43 * call to complete the construction of a key
  44 */
  45void complete_request_key(struct key_construction *cons, int error)
  46{
  47        kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
  48
  49        if (error < 0)
  50                key_negate_and_link(cons->key, key_negative_timeout, NULL,
  51                                    cons->authkey);
  52        else
  53                key_revoke(cons->authkey);
  54
  55        key_put(cons->key);
  56        key_put(cons->authkey);
  57        kfree(cons);
  58}
  59EXPORT_SYMBOL(complete_request_key);
  60
  61/*
  62 * request userspace finish the construction of a key
  63 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  64 */
  65static int call_sbin_request_key(struct key_construction *cons,
  66                                 const char *op,
  67                                 void *aux)
  68{
  69        const struct cred *cred = current_cred();
  70        key_serial_t prkey, sskey;
  71        struct key *key = cons->key, *authkey = cons->authkey, *keyring;
  72        char *argv[9], *envp[3], uid_str[12], gid_str[12];
  73        char key_str[12], keyring_str[3][12];
  74        char desc[20];
  75        int ret, i;
  76
  77        kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
  78
  79        ret = install_user_keyrings();
  80        if (ret < 0)
  81                goto error_alloc;
  82
  83        /* allocate a new session keyring */
  84        sprintf(desc, "_req.%u", key->serial);
  85
  86        cred = get_current_cred();
  87        keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
  88                                KEY_ALLOC_QUOTA_OVERRUN, NULL);
  89        put_cred(cred);
  90        if (IS_ERR(keyring)) {
  91                ret = PTR_ERR(keyring);
  92                goto error_alloc;
  93        }
  94
  95        /* attach the auth key to the session keyring */
  96        ret = __key_link(keyring, authkey);
  97        if (ret < 0)
  98                goto error_link;
  99
 100        /* record the UID and GID */
 101        sprintf(uid_str, "%d", cred->fsuid);
 102        sprintf(gid_str, "%d", cred->fsgid);
 103
 104        /* we say which key is under construction */
 105        sprintf(key_str, "%d", key->serial);
 106
 107        /* we specify the process's default keyrings */
 108        sprintf(keyring_str[0], "%d",
 109                cred->thread_keyring ? cred->thread_keyring->serial : 0);
 110
 111        prkey = 0;
 112        if (cred->tgcred->process_keyring)
 113                prkey = cred->tgcred->process_keyring->serial;
 114
 115        if (cred->tgcred->session_keyring)
 116                sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
 117        else
 118                sskey = cred->user->session_keyring->serial;
 119
 120        sprintf(keyring_str[2], "%d", sskey);
 121
 122        /* set up a minimal environment */
 123        i = 0;
 124        envp[i++] = "HOME=/";
 125        envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
 126        envp[i] = NULL;
 127
 128        /* set up the argument list */
 129        i = 0;
 130        argv[i++] = "/sbin/request-key";
 131        argv[i++] = (char *) op;
 132        argv[i++] = key_str;
 133        argv[i++] = uid_str;
 134        argv[i++] = gid_str;
 135        argv[i++] = keyring_str[0];
 136        argv[i++] = keyring_str[1];
 137        argv[i++] = keyring_str[2];
 138        argv[i] = NULL;
 139
 140        /* do it */
 141        ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
 142                                       UMH_WAIT_PROC);
 143        kdebug("usermode -> 0x%x", ret);
 144        if (ret >= 0) {
 145                /* ret is the exit/wait code */
 146                if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
 147                    key_validate(key) < 0)
 148                        ret = -ENOKEY;
 149                else
 150                        /* ignore any errors from userspace if the key was
 151                         * instantiated */
 152                        ret = 0;
 153        }
 154
 155error_link:
 156        key_put(keyring);
 157
 158error_alloc:
 159        complete_request_key(cons, ret);
 160        kleave(" = %d", ret);
 161        return ret;
 162}
 163
 164/*
 165 * call out to userspace for key construction
 166 * - we ignore program failure and go on key status instead
 167 */
 168static int construct_key(struct key *key, const void *callout_info,
 169                         size_t callout_len, void *aux,
 170                         struct key *dest_keyring)
 171{
 172        struct key_construction *cons;
 173        request_key_actor_t actor;
 174        struct key *authkey;
 175        int ret;
 176
 177        kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
 178
 179        cons = kmalloc(sizeof(*cons), GFP_KERNEL);
 180        if (!cons)
 181                return -ENOMEM;
 182
 183        /* allocate an authorisation key */
 184        authkey = request_key_auth_new(key, callout_info, callout_len,
 185                                       dest_keyring);
 186        if (IS_ERR(authkey)) {
 187                kfree(cons);
 188                ret = PTR_ERR(authkey);
 189                authkey = NULL;
 190        } else {
 191                cons->authkey = key_get(authkey);
 192                cons->key = key_get(key);
 193
 194                /* make the call */
 195                actor = call_sbin_request_key;
 196                if (key->type->request_key)
 197                        actor = key->type->request_key;
 198
 199                ret = actor(cons, "create", aux);
 200
 201                /* check that the actor called complete_request_key() prior to
 202                 * returning an error */
 203                WARN_ON(ret < 0 &&
 204                        !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
 205                key_put(authkey);
 206        }
 207
 208        kleave(" = %d", ret);
 209        return ret;
 210}
 211
 212/*
 213 * get the appropriate destination keyring for the request
 214 * - we return whatever keyring we select with an extra reference upon it which
 215 *   the caller must release
 216 */
 217static void construct_get_dest_keyring(struct key **_dest_keyring)
 218{
 219        struct request_key_auth *rka;
 220        const struct cred *cred = current_cred();
 221        struct key *dest_keyring = *_dest_keyring, *authkey;
 222
 223        kenter("%p", dest_keyring);
 224
 225        /* find the appropriate keyring */
 226        if (dest_keyring) {
 227                /* the caller supplied one */
 228                key_get(dest_keyring);
 229        } else {
 230                /* use a default keyring; falling through the cases until we
 231                 * find one that we actually have */
 232                switch (cred->jit_keyring) {
 233                case KEY_REQKEY_DEFL_DEFAULT:
 234                case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
 235                        if (cred->request_key_auth) {
 236                                authkey = cred->request_key_auth;
 237                                down_read(&authkey->sem);
 238                                rka = authkey->payload.data;
 239                                if (!test_bit(KEY_FLAG_REVOKED,
 240                                              &authkey->flags))
 241                                        dest_keyring =
 242                                                key_get(rka->dest_keyring);
 243                                up_read(&authkey->sem);
 244                                if (dest_keyring)
 245                                        break;
 246                        }
 247
 248                case KEY_REQKEY_DEFL_THREAD_KEYRING:
 249                        dest_keyring = key_get(cred->thread_keyring);
 250                        if (dest_keyring)
 251                                break;
 252
 253                case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 254                        dest_keyring = key_get(cred->tgcred->process_keyring);
 255                        if (dest_keyring)
 256                                break;
 257
 258                case KEY_REQKEY_DEFL_SESSION_KEYRING:
 259                        rcu_read_lock();
 260                        dest_keyring = key_get(
 261                                rcu_dereference(cred->tgcred->session_keyring));
 262                        rcu_read_unlock();
 263
 264                        if (dest_keyring)
 265                                break;
 266
 267                case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 268                        dest_keyring =
 269                                key_get(cred->user->session_keyring);
 270                        break;
 271
 272                case KEY_REQKEY_DEFL_USER_KEYRING:
 273                        dest_keyring = key_get(cred->user->uid_keyring);
 274                        break;
 275
 276                case KEY_REQKEY_DEFL_GROUP_KEYRING:
 277                default:
 278                        BUG();
 279                }
 280        }
 281
 282        *_dest_keyring = dest_keyring;
 283        kleave(" [dk %d]", key_serial(dest_keyring));
 284        return;
 285}
 286
 287/*
 288 * allocate a new key in under-construction state and attempt to link it in to
 289 * the requested place
 290 * - may return a key that's already under construction instead
 291 */
 292static int construct_alloc_key(struct key_type *type,
 293                               const char *description,
 294                               struct key *dest_keyring,
 295                               unsigned long flags,
 296                               struct key_user *user,
 297                               struct key **_key)
 298{
 299        const struct cred *cred = current_cred();
 300        struct key *key;
 301        key_ref_t key_ref;
 302
 303        kenter("%s,%s,,,", type->name, description);
 304
 305        mutex_lock(&user->cons_lock);
 306
 307        key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
 308                        KEY_POS_ALL, flags);
 309        if (IS_ERR(key))
 310                goto alloc_failed;
 311
 312        set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 313
 314        if (dest_keyring)
 315                down_write(&dest_keyring->sem);
 316
 317        /* attach the key to the destination keyring under lock, but we do need
 318         * to do another check just in case someone beat us to it whilst we
 319         * waited for locks */
 320        mutex_lock(&key_construction_mutex);
 321
 322        key_ref = search_process_keyrings(type, description, type->match, cred);
 323        if (!IS_ERR(key_ref))
 324                goto key_already_present;
 325
 326        if (dest_keyring)
 327                __key_link(dest_keyring, key);
 328
 329        mutex_unlock(&key_construction_mutex);
 330        if (dest_keyring)
 331                up_write(&dest_keyring->sem);
 332        mutex_unlock(&user->cons_lock);
 333        *_key = key;
 334        kleave(" = 0 [%d]", key_serial(key));
 335        return 0;
 336
 337key_already_present:
 338        mutex_unlock(&key_construction_mutex);
 339        if (dest_keyring)
 340                up_write(&dest_keyring->sem);
 341        mutex_unlock(&user->cons_lock);
 342        key_put(key);
 343        *_key = key = key_ref_to_ptr(key_ref);
 344        kleave(" = -EINPROGRESS [%d]", key_serial(key));
 345        return -EINPROGRESS;
 346
 347alloc_failed:
 348        mutex_unlock(&user->cons_lock);
 349        *_key = NULL;
 350        kleave(" = %ld", PTR_ERR(key));
 351        return PTR_ERR(key);
 352}
 353
 354/*
 355 * commence key construction
 356 */
 357static struct key *construct_key_and_link(struct key_type *type,
 358                                          const char *description,
 359                                          const char *callout_info,
 360                                          size_t callout_len,
 361                                          void *aux,
 362                                          struct key *dest_keyring,
 363                                          unsigned long flags)
 364{
 365        struct key_user *user;
 366        struct key *key;
 367        int ret;
 368
 369        kenter("");
 370
 371        user = key_user_lookup(current_fsuid(), current_user_ns());
 372        if (!user)
 373                return ERR_PTR(-ENOMEM);
 374
 375        construct_get_dest_keyring(&dest_keyring);
 376
 377        ret = construct_alloc_key(type, description, dest_keyring, flags, user,
 378                                  &key);
 379        key_user_put(user);
 380
 381        if (ret == 0) {
 382                ret = construct_key(key, callout_info, callout_len, aux,
 383                                    dest_keyring);
 384                if (ret < 0) {
 385                        kdebug("cons failed");
 386                        goto construction_failed;
 387                }
 388        }
 389
 390        key_put(dest_keyring);
 391        kleave(" = key %d", key_serial(key));
 392        return key;
 393
 394construction_failed:
 395        key_negate_and_link(key, key_negative_timeout, NULL, NULL);
 396        key_put(key);
 397        key_put(dest_keyring);
 398        kleave(" = %d", ret);
 399        return ERR_PTR(ret);
 400}
 401
 402/*
 403 * request a key
 404 * - search the process's keyrings
 405 * - check the list of keys being created or updated
 406 * - call out to userspace for a key if supplementary info was provided
 407 * - cache the key in an appropriate keyring
 408 */
 409struct key *request_key_and_link(struct key_type *type,
 410                                 const char *description,
 411                                 const void *callout_info,
 412                                 size_t callout_len,
 413                                 void *aux,
 414                                 struct key *dest_keyring,
 415                                 unsigned long flags)
 416{
 417        const struct cred *cred = current_cred();
 418        struct key *key;
 419        key_ref_t key_ref;
 420
 421        kenter("%s,%s,%p,%zu,%p,%p,%lx",
 422               type->name, description, callout_info, callout_len, aux,
 423               dest_keyring, flags);
 424
 425        /* search all the process keyrings for a key */
 426        key_ref = search_process_keyrings(type, description, type->match,
 427                                          cred);
 428
 429        if (!IS_ERR(key_ref)) {
 430                key = key_ref_to_ptr(key_ref);
 431        } else if (PTR_ERR(key_ref) != -EAGAIN) {
 432                key = ERR_CAST(key_ref);
 433        } else  {
 434                /* the search failed, but the keyrings were searchable, so we
 435                 * should consult userspace if we can */
 436                key = ERR_PTR(-ENOKEY);
 437                if (!callout_info)
 438                        goto error;
 439
 440                key = construct_key_and_link(type, description, callout_info,
 441                                             callout_len, aux, dest_keyring,
 442                                             flags);
 443        }
 444
 445error:
 446        kleave(" = %p", key);
 447        return key;
 448}
 449
 450/*
 451 * wait for construction of a key to complete
 452 */
 453int wait_for_key_construction(struct key *key, bool intr)
 454{
 455        int ret;
 456
 457        ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
 458                          intr ? key_wait_bit_intr : key_wait_bit,
 459                          intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
 460        if (ret < 0)
 461                return ret;
 462        return key_validate(key);
 463}
 464EXPORT_SYMBOL(wait_for_key_construction);
 465
 466/*
 467 * request a key
 468 * - search the process's keyrings
 469 * - check the list of keys being created or updated
 470 * - call out to userspace for a key if supplementary info was provided
 471 * - waits uninterruptible for creation to complete
 472 */
 473struct key *request_key(struct key_type *type,
 474                        const char *description,
 475                        const char *callout_info)
 476{
 477        struct key *key;
 478        size_t callout_len = 0;
 479        int ret;
 480
 481        if (callout_info)
 482                callout_len = strlen(callout_info);
 483        key = request_key_and_link(type, description, callout_info, callout_len,
 484                                   NULL, NULL, KEY_ALLOC_IN_QUOTA);
 485        if (!IS_ERR(key)) {
 486                ret = wait_for_key_construction(key, false);
 487                if (ret < 0) {
 488                        key_put(key);
 489                        return ERR_PTR(ret);
 490                }
 491        }
 492        return key;
 493}
 494EXPORT_SYMBOL(request_key);
 495
 496/*
 497 * request a key with auxiliary data for the upcaller
 498 * - search the process's keyrings
 499 * - check the list of keys being created or updated
 500 * - call out to userspace for a key if supplementary info was provided
 501 * - waits uninterruptible for creation to complete
 502 */
 503struct key *request_key_with_auxdata(struct key_type *type,
 504                                     const char *description,
 505                                     const void *callout_info,
 506                                     size_t callout_len,
 507                                     void *aux)
 508{
 509        struct key *key;
 510        int ret;
 511
 512        key = request_key_and_link(type, description, callout_info, callout_len,
 513                                   aux, NULL, KEY_ALLOC_IN_QUOTA);
 514        if (!IS_ERR(key)) {
 515                ret = wait_for_key_construction(key, false);
 516                if (ret < 0) {
 517                        key_put(key);
 518                        return ERR_PTR(ret);
 519                }
 520        }
 521        return key;
 522}
 523EXPORT_SYMBOL(request_key_with_auxdata);
 524
 525/*
 526 * request a key (allow async construction)
 527 * - search the process's keyrings
 528 * - check the list of keys being created or updated
 529 * - call out to userspace for a key if supplementary info was provided
 530 */
 531struct key *request_key_async(struct key_type *type,
 532                              const char *description,
 533                              const void *callout_info,
 534                              size_t callout_len)
 535{
 536        return request_key_and_link(type, description, callout_info,
 537                                    callout_len, NULL, NULL,
 538                                    KEY_ALLOC_IN_QUOTA);
 539}
 540EXPORT_SYMBOL(request_key_async);
 541
 542/*
 543 * request a key with auxiliary data for the upcaller (allow async construction)
 544 * - search the process's keyrings
 545 * - check the list of keys being created or updated
 546 * - call out to userspace for a key if supplementary info was provided
 547 */
 548struct key *request_key_async_with_auxdata(struct key_type *type,
 549                                           const char *description,
 550                                           const void *callout_info,
 551                                           size_t callout_len,
 552                                           void *aux)
 553{
 554        return request_key_and_link(type, description, callout_info,
 555                                    callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
 556}
 557EXPORT_SYMBOL(request_key_async_with_auxdata);
 558