security/keys/request_key.c

   1 /* request_key.c: request a key from userspace
   2  *
   3  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells (dhowells@redhat.com)
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the License, or (at your option) any later version.
  10  *
  11  * See Documentation/keys-request-key.txt
  12  */
  13
  14 #include <linux/module.h>
  15 #include <linux/sched.h>
  16 #include <linux/kmod.h>
  17 #include <linux/err.h>
  18 #include <linux/keyctl.h>
  19 #include "internal.h"
  20
  21 struct key_construction {
  22         struct list_head        link;   /* link in construction queue */
  23         struct key              *key;   /* key being constructed */
  24 };
  25
  26 /* when waiting for someone else's keys, you get added to this */
  27 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
  28
  29 /*****************************************************************************/
  30 /*
  31  * request userspace finish the construction of a key
  32  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  33  */
  34 static int call_sbin_request_key(struct key *key,
  35                                  struct key *authkey,
  36                                  const char *op)
  37 {
  38         struct task_struct *tsk = current;
  39         key_serial_t prkey, sskey;
  40         struct key *keyring;
  41         char *argv[9], *envp[3], uid_str[12], gid_str[12];
  42         char key_str[12], keyring_str[3][12];
  43         char desc[20];
  44         int ret, i;
  45
  46         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
  47
  48         /* allocate a new session keyring */
  49         sprintf(desc, "_req.%u", key->serial);
  50
  51         keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
  52                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
  53         if (IS_ERR(keyring)) {
  54                 ret = PTR_ERR(keyring);
  55                 goto error_alloc;
  56         }
  57
  58         /* attach the auth key to the session keyring */
  59         ret = __key_link(keyring, authkey);
  60         if (ret < 0)
  61                 goto error_link;
  62
  63         /* record the UID and GID */
  64         sprintf(uid_str, "%d", current->fsuid);
  65         sprintf(gid_str, "%d", current->fsgid);
  66
  67         /* we say which key is under construction */
  68         sprintf(key_str, "%d", key->serial);
  69
  70         /* we specify the process's default keyrings */
  71         sprintf(keyring_str[0], "%d",
  72                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
  73
  74         prkey = 0;
  75         if (tsk->signal->process_keyring)
  76                 prkey = tsk->signal->process_keyring->serial;
  77
  78         sprintf(keyring_str[1], "%d", prkey);
  79
  80         if (tsk->signal->session_keyring) {
  81                 rcu_read_lock();
  82                 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
  83                 rcu_read_unlock();
  84         }
  85         else {
  86                 sskey = tsk->user->session_keyring->serial;
  87         }
  88
  89         sprintf(keyring_str[2], "%d", sskey);
  90
  91         /* set up a minimal environment */
  92         i = 0;
  93         envp[i++] = "HOME=/";
  94         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
  95         envp[i] = NULL;
  96
  97         /* set up the argument list */
  98         i = 0;
  99         argv[i++] = "/sbin/request-key";
 100         argv[i++] = (char *) op;
 101         argv[i++] = key_str;
 102         argv[i++] = uid_str;
 103         argv[i++] = gid_str;
 104         argv[i++] = keyring_str[0];
 105         argv[i++] = keyring_str[1];
 106         argv[i++] = keyring_str[2];
 107         argv[i] = NULL;
 108
 109         /* do it */
 110         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1);
 111
 112 error_link:
 113         key_put(keyring);
 114
 115 error_alloc:
 116         kleave(" = %d", ret);
 117         return ret;
 118
 119 } /* end call_sbin_request_key() */
 120
 121 /*****************************************************************************/
 122 /*
 123  * call out to userspace for the key
 124  * - called with the construction sem held, but the sem is dropped here
 125  * - we ignore program failure and go on key status instead
 126  */
 127 static struct key *__request_key_construction(struct key_type *type,
 128                                               const char *description,
 129                                               const char *callout_info,
 130                                               unsigned long flags)
 131 {
 132         request_key_actor_t actor;
 133         struct key_construction cons;
 134         struct timespec now;
 135         struct key *key, *authkey;
 136         int ret, negated;
 137
 138         kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags);
 139
 140         /* create a key and add it to the queue */
 141         key = key_alloc(type, description,
 142                         current->fsuid, current->fsgid, current, KEY_POS_ALL,
 143                         flags);
 144         if (IS_ERR(key))
 145                 goto alloc_failed;
 146
 147         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 148
 149         cons.key = key;
 150         list_add_tail(&cons.link, &key->user->consq);
 151
 152         /* we drop the construction sem here on behalf of the caller */
 153         up_write(&key_construction_sem);
 154
 155         /* allocate an authorisation key */
 156         authkey = request_key_auth_new(key, callout_info);
 157         if (IS_ERR(authkey)) {
 158                 ret = PTR_ERR(authkey);
 159                 authkey = NULL;
 160                 goto alloc_authkey_failed;
 161         }
 162
 163         /* make the call */
 164         actor = call_sbin_request_key;
 165         if (type->request_key)
 166                 actor = type->request_key;
 167         ret = actor(key, authkey, "create");
 168         if (ret < 0)
 169                 goto request_failed;
 170
 171         /* if the key wasn't instantiated, then we want to give an error */
 172         ret = -ENOKEY;
 173         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
 174                 goto request_failed;
 175
 176         key_revoke(authkey);
 177         key_put(authkey);
 178
 179         down_write(&key_construction_sem);
 180         list_del(&cons.link);
 181         up_write(&key_construction_sem);
 182
 183         /* also give an error if the key was negatively instantiated */
 184 check_not_negative:
 185         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
 186                 key_put(key);
 187                 key = ERR_PTR(-ENOKEY);
 188         }
 189
 190 out:
 191         kleave(" = %p", key);
 192         return key;
 193
 194 request_failed:
 195         key_revoke(authkey);
 196         key_put(authkey);
 197
 198 alloc_authkey_failed:
 199         /* it wasn't instantiated
 200          * - remove from construction queue
 201          * - mark the key as dead
 202          */
 203         negated = 0;
 204         down_write(&key_construction_sem);
 205
 206         list_del(&cons.link);
 207
 208         /* check it didn't get instantiated between the check and the down */
 209         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 210                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 211                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 212                 negated = 1;
 213         }
 214
 215         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 216
 217         up_write(&key_construction_sem);
 218
 219         if (!negated)
 220                 goto check_not_negative; /* surprisingly, the key got
 221                                           * instantiated */
 222
 223         /* set the timeout and store in the session keyring if we can */
 224         now = current_kernel_time();
 225         key->expiry = now.tv_sec + key_negative_timeout;
 226
 227         if (current->signal->session_keyring) {
 228                 struct key *keyring;
 229
 230                 rcu_read_lock();
 231                 keyring = rcu_dereference(current->signal->session_keyring);
 232                 atomic_inc(&keyring->usage);
 233                 rcu_read_unlock();
 234
 235                 key_link(keyring, key);
 236                 key_put(keyring);
 237         }
 238
 239         key_put(key);
 240
 241         /* notify anyone who was waiting */
 242         wake_up_all(&request_key_conswq);
 243
 244         key = ERR_PTR(ret);
 245         goto out;
 246
 247 alloc_failed:
 248         up_write(&key_construction_sem);
 249         goto out;
 250
 251 } /* end __request_key_construction() */
 252
 253 /*****************************************************************************/
 254 /*
 255  * call out to userspace to request the key
 256  * - we check the construction queue first to see if an appropriate key is
 257  *   already being constructed by userspace
 258  */
 259 static struct key *request_key_construction(struct key_type *type,
 260                                             const char *description,
 261                                             struct key_user *user,
 262                                             const char *callout_info,
 263                                             unsigned long flags)
 264 {
 265         struct key_construction *pcons;
 266         struct key *key, *ckey;
 267
 268         DECLARE_WAITQUEUE(myself, current);
 269
 270         kenter("%s,%s,{%d},%s,%lx",
 271                type->name, description, user->uid, callout_info, flags);
 272
 273         /* see if there's such a key under construction already */
 274         down_write(&key_construction_sem);
 275
 276         list_for_each_entry(pcons, &user->consq, link) {
 277                 ckey = pcons->key;
 278
 279                 if (ckey->type != type)
 280                         continue;
 281
 282                 if (type->match(ckey, description))
 283                         goto found_key_under_construction;
 284         }
 285
 286         /* see about getting userspace to construct the key */
 287         key = __request_key_construction(type, description, callout_info,
 288                                          flags);
 289  error:
 290         kleave(" = %p", key);
 291         return key;
 292
 293         /* someone else has the same key under construction
 294          * - we want to keep an eye on their key
 295          */
 296  found_key_under_construction:
 297         atomic_inc(&ckey->usage);
 298         up_write(&key_construction_sem);
 299
 300         /* wait for the key to be completed one way or another */
 301         add_wait_queue(&request_key_conswq, &myself);
 302
 303         for (;;) {
 304                 set_current_state(TASK_INTERRUPTIBLE);
 305                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
 306                         break;
 307                 if (signal_pending(current))
 308                         break;
 309                 schedule();
 310         }
 311
 312         set_current_state(TASK_RUNNING);
 313         remove_wait_queue(&request_key_conswq, &myself);
 314
 315         /* we'll need to search this process's keyrings to see if the key is
 316          * now there since we can't automatically assume it's also available
 317          * there */
 318         key_put(ckey);
 319         ckey = NULL;
 320
 321         key = NULL; /* request a retry */
 322         goto error;
 323
 324 } /* end request_key_construction() */
 325
 326 /*****************************************************************************/
 327 /*
 328  * link a freshly minted key to an appropriate destination keyring
 329  */
 330 static void request_key_link(struct key *key, struct key *dest_keyring)
 331 {
 332         struct task_struct *tsk = current;
 333         struct key *drop = NULL;
 334
 335         kenter("{%d},%p", key->serial, dest_keyring);
 336
 337         /* find the appropriate keyring */
 338         if (!dest_keyring) {
 339                 switch (tsk->jit_keyring) {
 340                 case KEY_REQKEY_DEFL_DEFAULT:
 341                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
 342                         dest_keyring = tsk->thread_keyring;
 343                         if (dest_keyring)
 344                                 break;
 345
 346                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 347                         dest_keyring = tsk->signal->process_keyring;
 348                         if (dest_keyring)
 349                                 break;
 350
 351                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
 352                         rcu_read_lock();
 353                         dest_keyring = key_get(
 354                                 rcu_dereference(tsk->signal->session_keyring));
 355                         rcu_read_unlock();
 356                         drop = dest_keyring;
 357
 358                         if (dest_keyring)
 359                                 break;
 360
 361                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 362                         dest_keyring = current->user->session_keyring;
 363                         break;
 364
 365                 case KEY_REQKEY_DEFL_USER_KEYRING:
 366                         dest_keyring = current->user->uid_keyring;
 367                         break;
 368
 369                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
 370                 default:
 371                         BUG();
 372                 }
 373         }
 374
 375         /* and attach the key to it */
 376         key_link(dest_keyring, key);
 377
 378         key_put(drop);
 379
 380         kleave("");
 381
 382 } /* end request_key_link() */
 383
 384 /*****************************************************************************/
 385 /*
 386  * request a key
 387  * - search the process's keyrings
 388  * - check the list of keys being created or updated
 389  * - call out to userspace for a key if supplementary info was provided
 390  * - cache the key in an appropriate keyring
 391  */
 392 struct key *request_key_and_link(struct key_type *type,
 393                                  const char *description,
 394                                  const char *callout_info,
 395                                  struct key *dest_keyring,
 396                                  unsigned long flags)
 397 {
 398         struct key_user *user;
 399         struct key *key;
 400         key_ref_t key_ref;
 401
 402         kenter("%s,%s,%s,%p,%lx",
 403                type->name, description, callout_info, dest_keyring, flags);
 404
 405         /* search all the process keyrings for a key */
 406         key_ref = search_process_keyrings(type, description, type->match,
 407                                           current);
 408
 409         kdebug("search 1: %p", key_ref);
 410
 411         if (!IS_ERR(key_ref)) {
 412                 key = key_ref_to_ptr(key_ref);
 413         }
 414         else if (PTR_ERR(key_ref) != -EAGAIN) {
 415                 key = ERR_PTR(PTR_ERR(key_ref));
 416         }
 417         else  {
 418                 /* the search failed, but the keyrings were searchable, so we
 419                  * should consult userspace if we can */
 420                 key = ERR_PTR(-ENOKEY);
 421                 if (!callout_info)
 422                         goto error;
 423
 424                 /* - get hold of the user's construction queue */
 425                 user = key_user_lookup(current->fsuid);
 426                 if (!user)
 427                         goto nomem;
 428
 429                 for (;;) {
 430                         if (signal_pending(current))
 431                                 goto interrupted;
 432
 433                         /* ask userspace (returns NULL if it waited on a key
 434                          * being constructed) */
 435                         key = request_key_construction(type, description,
 436                                                        user, callout_info,
 437                                                        flags);
 438                         if (key)
 439                                 break;
 440
 441                         /* someone else made the key we want, so we need to
 442                          * search again as it might now be available to us */
 443                         key_ref = search_process_keyrings(type, description,
 444                                                           type->match,
 445                                                           current);
 446
 447                         kdebug("search 2: %p", key_ref);
 448
 449                         if (!IS_ERR(key_ref)) {
 450                                 key = key_ref_to_ptr(key_ref);
 451                                 break;
 452                         }
 453
 454                         if (PTR_ERR(key_ref) != -EAGAIN) {
 455                                 key = ERR_PTR(PTR_ERR(key_ref));
 456                                 break;
 457                         }
 458                 }
 459
 460                 key_user_put(user);
 461
 462                 /* link the new key into the appropriate keyring */
 463                 if (!IS_ERR(key))
 464                         request_key_link(key, dest_keyring);
 465         }
 466
 467 error:
 468         kleave(" = %p", key);
 469         return key;
 470
 471 nomem:
 472         key = ERR_PTR(-ENOMEM);
 473         goto error;
 474
 475 interrupted:
 476         key_user_put(user);
 477         key = ERR_PTR(-EINTR);
 478         goto error;
 479
 480 } /* end request_key_and_link() */
 481
 482 /*****************************************************************************/
 483 /*
 484  * request a key
 485  * - search the process's keyrings
 486  * - check the list of keys being created or updated
 487  * - call out to userspace for a key if supplementary info was provided
 488  */
 489 struct key *request_key(struct key_type *type,
 490                         const char *description,
 491                         const char *callout_info)
 492 {
 493         return request_key_and_link(type, description, callout_info, NULL,
 494                                     KEY_ALLOC_IN_QUOTA);
 495
 496 } /* end request_key() */
 497
 498 EXPORT_SYMBOL(request_key);