security/keys/request_key.c

   1 /* request_key.c: request a key from userspace
   2  *
   3  * Copyright (C) 2004-6 Red Hat, Inc. All Rights Reserved.
   4  * Written by David Howells (dhowells@redhat.com)
   5  *
   6  * This program is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU General Public License
   8  * as published by the Free Software Foundation; either version
   9  * 2 of the License, or (at your option) any later version.
  10  *
  11  * See Documentation/keys-request-key.txt
  12  */
  13
  14 #include <linux/module.h>
  15 #include <linux/sched.h>
  16 #include <linux/kmod.h>
  17 #include <linux/err.h>
  18 #include <linux/keyctl.h>
  19 #include "internal.h"
  20
  21 struct key_construction {
  22         struct list_head        link;   /* link in construction queue */
  23         struct key              *key;   /* key being constructed */
  24 };
  25
  26 /* when waiting for someone else's keys, you get added to this */
  27 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
  28
  29 /*****************************************************************************/
  30 /*
  31  * request userspace finish the construction of a key
  32  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  33  */
  34 static int call_sbin_request_key(struct key *key,
  35                                  struct key *authkey,
  36                                  const char *op,
  37                                  void *aux)
  38 {
  39         struct task_struct *tsk = current;
  40         key_serial_t prkey, sskey;
  41         struct key *keyring;
  42         char *argv[9], *envp[3], uid_str[12], gid_str[12];
  43         char key_str[12], keyring_str[3][12];
  44         char desc[20];
  45         int ret, i;
  46
  47         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
  48
  49         /* allocate a new session keyring */
  50         sprintf(desc, "_req.%u", key->serial);
  51
  52         keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
  53                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
  54         if (IS_ERR(keyring)) {
  55                 ret = PTR_ERR(keyring);
  56                 goto error_alloc;
  57         }
  58
  59         /* attach the auth key to the session keyring */
  60         ret = __key_link(keyring, authkey);
  61         if (ret < 0)
  62                 goto error_link;
  63
  64         /* record the UID and GID */
  65         sprintf(uid_str, "%d", current->fsuid);
  66         sprintf(gid_str, "%d", current->fsgid);
  67
  68         /* we say which key is under construction */
  69         sprintf(key_str, "%d", key->serial);
  70
  71         /* we specify the process's default keyrings */
  72         sprintf(keyring_str[0], "%d",
  73                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
  74
  75         prkey = 0;
  76         if (tsk->signal->process_keyring)
  77                 prkey = tsk->signal->process_keyring->serial;
  78
  79         sprintf(keyring_str[1], "%d", prkey);
  80
  81         if (tsk->signal->session_keyring) {
  82                 rcu_read_lock();
  83                 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
  84                 rcu_read_unlock();
  85         }
  86         else {
  87                 sskey = tsk->user->session_keyring->serial;
  88         }
  89
  90         sprintf(keyring_str[2], "%d", sskey);
  91
  92         /* set up a minimal environment */
  93         i = 0;
  94         envp[i++] = "HOME=/";
  95         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
  96         envp[i] = NULL;
  97
  98         /* set up the argument list */
  99         i = 0;
 100         argv[i++] = "/sbin/request-key";
 101         argv[i++] = (char *) op;
 102         argv[i++] = key_str;
 103         argv[i++] = uid_str;
 104         argv[i++] = gid_str;
 105         argv[i++] = keyring_str[0];
 106         argv[i++] = keyring_str[1];
 107         argv[i++] = keyring_str[2];
 108         argv[i] = NULL;
 109
 110         /* do it */
 111         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
 112                                        UMH_WAIT_PROC);
 113
 114 error_link:
 115         key_put(keyring);
 116
 117 error_alloc:
 118         kleave(" = %d", ret);
 119         return ret;
 120
 121 } /* end call_sbin_request_key() */
 122
 123 /*****************************************************************************/
 124 /*
 125  * call out to userspace for the key
 126  * - called with the construction sem held, but the sem is dropped here
 127  * - we ignore program failure and go on key status instead
 128  */
 129 static struct key *__request_key_construction(struct key_type *type,
 130                                               const char *description,
 131                                               const char *callout_info,
 132                                               void *aux,
 133                                               unsigned long flags)
 134 {
 135         request_key_actor_t actor;
 136         struct key_construction cons;
 137         struct timespec now;
 138         struct key *key, *authkey;
 139         int ret, negated;
 140
 141         kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags);
 142
 143         /* create a key and add it to the queue */
 144         key = key_alloc(type, description,
 145                         current->fsuid, current->fsgid, current, KEY_POS_ALL,
 146                         flags);
 147         if (IS_ERR(key))
 148                 goto alloc_failed;
 149
 150         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 151
 152         cons.key = key;
 153         list_add_tail(&cons.link, &key->user->consq);
 154
 155         /* we drop the construction sem here on behalf of the caller */
 156         up_write(&key_construction_sem);
 157
 158         /* allocate an authorisation key */
 159         authkey = request_key_auth_new(key, callout_info);
 160         if (IS_ERR(authkey)) {
 161                 ret = PTR_ERR(authkey);
 162                 authkey = NULL;
 163                 goto alloc_authkey_failed;
 164         }
 165
 166         /* make the call */
 167         actor = call_sbin_request_key;
 168         if (type->request_key)
 169                 actor = type->request_key;
 170         ret = actor(key, authkey, "create", aux);
 171         if (ret < 0)
 172                 goto request_failed;
 173
 174         /* if the key wasn't instantiated, then we want to give an error */
 175         ret = -ENOKEY;
 176         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
 177                 goto request_failed;
 178
 179         key_revoke(authkey);
 180         key_put(authkey);
 181
 182         down_write(&key_construction_sem);
 183         list_del(&cons.link);
 184         up_write(&key_construction_sem);
 185
 186         /* also give an error if the key was negatively instantiated */
 187 check_not_negative:
 188         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
 189                 key_put(key);
 190                 key = ERR_PTR(-ENOKEY);
 191         }
 192
 193 out:
 194         kleave(" = %p", key);
 195         return key;
 196
 197 request_failed:
 198         key_revoke(authkey);
 199         key_put(authkey);
 200
 201 alloc_authkey_failed:
 202         /* it wasn't instantiated
 203          * - remove from construction queue
 204          * - mark the key as dead
 205          */
 206         negated = 0;
 207         down_write(&key_construction_sem);
 208
 209         list_del(&cons.link);
 210
 211         /* check it didn't get instantiated between the check and the down */
 212         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
 213                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
 214                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
 215                 negated = 1;
 216         }
 217
 218         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 219
 220         up_write(&key_construction_sem);
 221
 222         if (!negated)
 223                 goto check_not_negative; /* surprisingly, the key got
 224                                           * instantiated */
 225
 226         /* set the timeout and store in the session keyring if we can */
 227         now = current_kernel_time();
 228         key->expiry = now.tv_sec + key_negative_timeout;
 229
 230         if (current->signal->session_keyring) {
 231                 struct key *keyring;
 232
 233                 rcu_read_lock();
 234                 keyring = rcu_dereference(current->signal->session_keyring);
 235                 atomic_inc(&keyring->usage);
 236                 rcu_read_unlock();
 237
 238                 key_link(keyring, key);
 239                 key_put(keyring);
 240         }
 241
 242         key_put(key);
 243
 244         /* notify anyone who was waiting */
 245         wake_up_all(&request_key_conswq);
 246
 247         key = ERR_PTR(ret);
 248         goto out;
 249
 250 alloc_failed:
 251         up_write(&key_construction_sem);
 252         goto out;
 253
 254 } /* end __request_key_construction() */
 255
 256 /*****************************************************************************/
 257 /*
 258  * call out to userspace to request the key
 259  * - we check the construction queue first to see if an appropriate key is
 260  *   already being constructed by userspace
 261  */
 262 static struct key *request_key_construction(struct key_type *type,
 263                                             const char *description,
 264                                             const char *callout_info,
 265                                             void *aux,
 266                                             struct key_user *user,
 267                                             unsigned long flags)
 268 {
 269         struct key_construction *pcons;
 270         struct key *key, *ckey;
 271
 272         DECLARE_WAITQUEUE(myself, current);
 273
 274         kenter("%s,%s,{%d},%s,%lx",
 275                type->name, description, user->uid, callout_info, flags);
 276
 277         /* see if there's such a key under construction already */
 278         down_write(&key_construction_sem);
 279
 280         list_for_each_entry(pcons, &user->consq, link) {
 281                 ckey = pcons->key;
 282
 283                 if (ckey->type != type)
 284                         continue;
 285
 286                 if (type->match(ckey, description))
 287                         goto found_key_under_construction;
 288         }
 289
 290         /* see about getting userspace to construct the key */
 291         key = __request_key_construction(type, description, callout_info, aux,
 292                                          flags);
 293  error:
 294         kleave(" = %p", key);
 295         return key;
 296
 297         /* someone else has the same key under construction
 298          * - we want to keep an eye on their key
 299          */
 300  found_key_under_construction:
 301         atomic_inc(&ckey->usage);
 302         up_write(&key_construction_sem);
 303
 304         /* wait for the key to be completed one way or another */
 305         add_wait_queue(&request_key_conswq, &myself);
 306
 307         for (;;) {
 308                 set_current_state(TASK_INTERRUPTIBLE);
 309                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
 310                         break;
 311                 if (signal_pending(current))
 312                         break;
 313                 schedule();
 314         }
 315
 316         set_current_state(TASK_RUNNING);
 317         remove_wait_queue(&request_key_conswq, &myself);
 318
 319         /* we'll need to search this process's keyrings to see if the key is
 320          * now there since we can't automatically assume it's also available
 321          * there */
 322         key_put(ckey);
 323         ckey = NULL;
 324
 325         key = NULL; /* request a retry */
 326         goto error;
 327
 328 } /* end request_key_construction() */
 329
 330 /*****************************************************************************/
 331 /*
 332  * link a freshly minted key to an appropriate destination keyring
 333  */
 334 static void request_key_link(struct key *key, struct key *dest_keyring)
 335 {
 336         struct task_struct *tsk = current;
 337         struct key *drop = NULL;
 338
 339         kenter("{%d},%p", key->serial, dest_keyring);
 340
 341         /* find the appropriate keyring */
 342         if (!dest_keyring) {
 343                 switch (tsk->jit_keyring) {
 344                 case KEY_REQKEY_DEFL_DEFAULT:
 345                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
 346                         dest_keyring = tsk->thread_keyring;
 347                         if (dest_keyring)
 348                                 break;
 349
 350                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
 351                         dest_keyring = tsk->signal->process_keyring;
 352                         if (dest_keyring)
 353                                 break;
 354
 355                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
 356                         rcu_read_lock();
 357                         dest_keyring = key_get(
 358                                 rcu_dereference(tsk->signal->session_keyring));
 359                         rcu_read_unlock();
 360                         drop = dest_keyring;
 361
 362                         if (dest_keyring)
 363                                 break;
 364
 365                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
 366                         dest_keyring = current->user->session_keyring;
 367                         break;
 368
 369                 case KEY_REQKEY_DEFL_USER_KEYRING:
 370                         dest_keyring = current->user->uid_keyring;
 371                         break;
 372
 373                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
 374                 default:
 375                         BUG();
 376                 }
 377         }
 378
 379         /* and attach the key to it */
 380         key_link(dest_keyring, key);
 381
 382         key_put(drop);
 383
 384         kleave("");
 385
 386 } /* end request_key_link() */
 387
 388 /*****************************************************************************/
 389 /*
 390  * request a key
 391  * - search the process's keyrings
 392  * - check the list of keys being created or updated
 393  * - call out to userspace for a key if supplementary info was provided
 394  * - cache the key in an appropriate keyring
 395  */
 396 struct key *request_key_and_link(struct key_type *type,
 397                                  const char *description,
 398                                  const char *callout_info,
 399                                  void *aux,
 400                                  struct key *dest_keyring,
 401                                  unsigned long flags)
 402 {
 403         struct key_user *user;
 404         struct key *key;
 405         key_ref_t key_ref;
 406
 407         kenter("%s,%s,%s,%p,%p,%lx",
 408                type->name, description, callout_info, aux,
 409                dest_keyring, flags);
 410
 411         /* search all the process keyrings for a key */
 412         key_ref = search_process_keyrings(type, description, type->match,
 413                                           current);
 414
 415         kdebug("search 1: %p", key_ref);
 416
 417         if (!IS_ERR(key_ref)) {
 418                 key = key_ref_to_ptr(key_ref);
 419         }
 420         else if (PTR_ERR(key_ref) != -EAGAIN) {
 421                 key = ERR_PTR(PTR_ERR(key_ref));
 422         }
 423         else  {
 424                 /* the search failed, but the keyrings were searchable, so we
 425                  * should consult userspace if we can */
 426                 key = ERR_PTR(-ENOKEY);
 427                 if (!callout_info)
 428                         goto error;
 429
 430                 /* - get hold of the user's construction queue */
 431                 user = key_user_lookup(current->fsuid);
 432                 if (!user)
 433                         goto nomem;
 434
 435                 for (;;) {
 436                         if (signal_pending(current))
 437                                 goto interrupted;
 438
 439                         /* ask userspace (returns NULL if it waited on a key
 440                          * being constructed) */
 441                         key = request_key_construction(type, description,
 442                                                        callout_info, aux,
 443                                                        user, flags);
 444                         if (key)
 445                                 break;
 446
 447                         /* someone else made the key we want, so we need to
 448                          * search again as it might now be available to us */
 449                         key_ref = search_process_keyrings(type, description,
 450                                                           type->match,
 451                                                           current);
 452
 453                         kdebug("search 2: %p", key_ref);
 454
 455                         if (!IS_ERR(key_ref)) {
 456                                 key = key_ref_to_ptr(key_ref);
 457                                 break;
 458                         }
 459
 460                         if (PTR_ERR(key_ref) != -EAGAIN) {
 461                                 key = ERR_PTR(PTR_ERR(key_ref));
 462                                 break;
 463                         }
 464                 }
 465
 466                 key_user_put(user);
 467
 468                 /* link the new key into the appropriate keyring */
 469                 if (!IS_ERR(key))
 470                         request_key_link(key, dest_keyring);
 471         }
 472
 473 error:
 474         kleave(" = %p", key);
 475         return key;
 476
 477 nomem:
 478         key = ERR_PTR(-ENOMEM);
 479         goto error;
 480
 481 interrupted:
 482         key_user_put(user);
 483         key = ERR_PTR(-EINTR);
 484         goto error;
 485
 486 } /* end request_key_and_link() */
 487
 488 /*****************************************************************************/
 489 /*
 490  * request a key
 491  * - search the process's keyrings
 492  * - check the list of keys being created or updated
 493  * - call out to userspace for a key if supplementary info was provided
 494  */
 495 struct key *request_key(struct key_type *type,
 496                         const char *description,
 497                         const char *callout_info)
 498 {
 499         return request_key_and_link(type, description, callout_info, NULL,
 500                                     NULL, KEY_ALLOC_IN_QUOTA);
 501
 502 } /* end request_key() */
 503
 504 EXPORT_SYMBOL(request_key);
 505
 506 /*****************************************************************************/
 507 /*
 508  * request a key with auxiliary data for the upcaller
 509  * - search the process's keyrings
 510  * - check the list of keys being created or updated
 511  * - call out to userspace for a key if supplementary info was provided
 512  */
 513 struct key *request_key_with_auxdata(struct key_type *type,
 514                                      const char *description,
 515                                      const char *callout_info,
 516                                      void *aux)
 517 {
 518         return request_key_and_link(type, description, callout_info, aux,
 519                                     NULL, KEY_ALLOC_IN_QUOTA);
 520
 521 } /* end request_key_with_auxdata() */
 522
 523 EXPORT_SYMBOL(request_key_with_auxdata);