58d1efd4fc2c66788788edcc2e5d90bd32e1dc10
[linux-2.6.git] / security / keys / request_key.c
1 /* request_key.c: request a key from userspace
2  *
3  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * See Documentation/keys-request-key.txt
12  */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include "internal.h"
20
21 struct key_construction {
22         struct list_head        link;   /* link in construction queue */
23         struct key              *key;   /* key being constructed */
24 };
25
26 /* when waiting for someone else's keys, you get added to this */
27 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
28
29 /*****************************************************************************/
30 /*
31  * request userspace finish the construction of a key
32  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
33  */
34 static int call_sbin_request_key(struct key *key,
35                                  struct key *authkey,
36                                  const char *op)
37 {
38         struct task_struct *tsk = current;
39         key_serial_t prkey, sskey;
40         struct key *keyring;
41         char *argv[9], *envp[3], uid_str[12], gid_str[12];
42         char key_str[12], keyring_str[3][12];
43         char desc[20];
44         int ret, i;
45
46         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
47
48         /* allocate a new session keyring */
49         sprintf(desc, "_req.%u", key->serial);
50
51         keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
52                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
53         if (IS_ERR(keyring)) {
54                 ret = PTR_ERR(keyring);
55                 goto error_alloc;
56         }
57
58         /* attach the auth key to the session keyring */
59         ret = __key_link(keyring, authkey);
60         if (ret < 0)
61                 goto error_link;
62
63         /* record the UID and GID */
64         sprintf(uid_str, "%d", current->fsuid);
65         sprintf(gid_str, "%d", current->fsgid);
66
67         /* we say which key is under construction */
68         sprintf(key_str, "%d", key->serial);
69
70         /* we specify the process's default keyrings */
71         sprintf(keyring_str[0], "%d",
72                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
73
74         prkey = 0;
75         if (tsk->signal->process_keyring)
76                 prkey = tsk->signal->process_keyring->serial;
77
78         sprintf(keyring_str[1], "%d", prkey);
79
80         if (tsk->signal->session_keyring) {
81                 rcu_read_lock();
82                 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
83                 rcu_read_unlock();
84         }
85         else {
86                 sskey = tsk->user->session_keyring->serial;
87         }
88
89         sprintf(keyring_str[2], "%d", sskey);
90
91         /* set up a minimal environment */
92         i = 0;
93         envp[i++] = "HOME=/";
94         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
95         envp[i] = NULL;
96
97         /* set up the argument list */
98         i = 0;
99         argv[i++] = "/sbin/request-key";
100         argv[i++] = (char *) op;
101         argv[i++] = key_str;
102         argv[i++] = uid_str;
103         argv[i++] = gid_str;
104         argv[i++] = keyring_str[0];
105         argv[i++] = keyring_str[1];
106         argv[i++] = keyring_str[2];
107         argv[i] = NULL;
108
109         /* do it */
110         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1);
111
112 error_link:
113         key_put(keyring);
114
115 error_alloc:
116         kleave(" = %d", ret);
117         return ret;
118
119 } /* end call_sbin_request_key() */
120
121 /*****************************************************************************/
122 /*
123  * call out to userspace for the key
124  * - called with the construction sem held, but the sem is dropped here
125  * - we ignore program failure and go on key status instead
126  */
127 static struct key *__request_key_construction(struct key_type *type,
128                                               const char *description,
129                                               const char *callout_info,
130                                               unsigned long flags)
131 {
132         request_key_actor_t actor;
133         struct key_construction cons;
134         struct timespec now;
135         struct key *key, *authkey;
136         int ret, negated;
137
138         kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags);
139
140         /* create a key and add it to the queue */
141         key = key_alloc(type, description,
142                         current->fsuid, current->fsgid, current, KEY_POS_ALL,
143                         flags);
144         if (IS_ERR(key))
145                 goto alloc_failed;
146
147         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
148
149         cons.key = key;
150         list_add_tail(&cons.link, &key->user->consq);
151
152         /* we drop the construction sem here on behalf of the caller */
153         up_write(&key_construction_sem);
154
155         /* allocate an authorisation key */
156         authkey = request_key_auth_new(key, callout_info);
157         if (IS_ERR(authkey)) {
158                 ret = PTR_ERR(authkey);
159                 authkey = NULL;
160                 goto alloc_authkey_failed;
161         }
162
163         /* make the call */
164         actor = call_sbin_request_key;
165         if (type->request_key)
166                 actor = type->request_key;
167         ret = actor(key, authkey, "create");
168         if (ret < 0)
169                 goto request_failed;
170
171         /* if the key wasn't instantiated, then we want to give an error */
172         ret = -ENOKEY;
173         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
174                 goto request_failed;
175
176         key_revoke(authkey);
177         key_put(authkey);
178
179         down_write(&key_construction_sem);
180         list_del(&cons.link);
181         up_write(&key_construction_sem);
182
183         /* also give an error if the key was negatively instantiated */
184 check_not_negative:
185         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
186                 key_put(key);
187                 key = ERR_PTR(-ENOKEY);
188         }
189
190 out:
191         kleave(" = %p", key);
192         return key;
193
194 request_failed:
195         key_revoke(authkey);
196         key_put(authkey);
197
198 alloc_authkey_failed:
199         /* it wasn't instantiated
200          * - remove from construction queue
201          * - mark the key as dead
202          */
203         negated = 0;
204         down_write(&key_construction_sem);
205
206         list_del(&cons.link);
207
208         /* check it didn't get instantiated between the check and the down */
209         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
210                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
211                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
212                 negated = 1;
213         }
214
215         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
216
217         up_write(&key_construction_sem);
218
219         if (!negated)
220                 goto check_not_negative; /* surprisingly, the key got
221                                           * instantiated */
222
223         /* set the timeout and store in the session keyring if we can */
224         now = current_kernel_time();
225         key->expiry = now.tv_sec + key_negative_timeout;
226
227         if (current->signal->session_keyring) {
228                 struct key *keyring;
229
230                 rcu_read_lock();
231                 keyring = rcu_dereference(current->signal->session_keyring);
232                 atomic_inc(&keyring->usage);
233                 rcu_read_unlock();
234
235                 key_link(keyring, key);
236                 key_put(keyring);
237         }
238
239         key_put(key);
240
241         /* notify anyone who was waiting */
242         wake_up_all(&request_key_conswq);
243
244         key = ERR_PTR(ret);
245         goto out;
246
247 alloc_failed:
248         up_write(&key_construction_sem);
249         goto out;
250
251 } /* end __request_key_construction() */
252
253 /*****************************************************************************/
254 /*
255  * call out to userspace to request the key
256  * - we check the construction queue first to see if an appropriate key is
257  *   already being constructed by userspace
258  */
259 static struct key *request_key_construction(struct key_type *type,
260                                             const char *description,
261                                             struct key_user *user,
262                                             const char *callout_info,
263                                             unsigned long flags)
264 {
265         struct key_construction *pcons;
266         struct key *key, *ckey;
267
268         DECLARE_WAITQUEUE(myself, current);
269
270         kenter("%s,%s,{%d},%s,%lx",
271                type->name, description, user->uid, callout_info, flags);
272
273         /* see if there's such a key under construction already */
274         down_write(&key_construction_sem);
275
276         list_for_each_entry(pcons, &user->consq, link) {
277                 ckey = pcons->key;
278
279                 if (ckey->type != type)
280                         continue;
281
282                 if (type->match(ckey, description))
283                         goto found_key_under_construction;
284         }
285
286         /* see about getting userspace to construct the key */
287         key = __request_key_construction(type, description, callout_info,
288                                          flags);
289  error:
290         kleave(" = %p", key);
291         return key;
292
293         /* someone else has the same key under construction
294          * - we want to keep an eye on their key
295          */
296  found_key_under_construction:
297         atomic_inc(&ckey->usage);
298         up_write(&key_construction_sem);
299
300         /* wait for the key to be completed one way or another */
301         add_wait_queue(&request_key_conswq, &myself);
302
303         for (;;) {
304                 set_current_state(TASK_INTERRUPTIBLE);
305                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
306                         break;
307                 if (signal_pending(current))
308                         break;
309                 schedule();
310         }
311
312         set_current_state(TASK_RUNNING);
313         remove_wait_queue(&request_key_conswq, &myself);
314
315         /* we'll need to search this process's keyrings to see if the key is
316          * now there since we can't automatically assume it's also available
317          * there */
318         key_put(ckey);
319         ckey = NULL;
320
321         key = NULL; /* request a retry */
322         goto error;
323
324 } /* end request_key_construction() */
325
326 /*****************************************************************************/
327 /*
328  * link a freshly minted key to an appropriate destination keyring
329  */
330 static void request_key_link(struct key *key, struct key *dest_keyring)
331 {
332         struct task_struct *tsk = current;
333         struct key *drop = NULL;
334
335         kenter("{%d},%p", key->serial, dest_keyring);
336
337         /* find the appropriate keyring */
338         if (!dest_keyring) {
339                 switch (tsk->jit_keyring) {
340                 case KEY_REQKEY_DEFL_DEFAULT:
341                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
342                         dest_keyring = tsk->thread_keyring;
343                         if (dest_keyring)
344                                 break;
345
346                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
347                         dest_keyring = tsk->signal->process_keyring;
348                         if (dest_keyring)
349                                 break;
350
351                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
352                         rcu_read_lock();
353                         dest_keyring = key_get(
354                                 rcu_dereference(tsk->signal->session_keyring));
355                         rcu_read_unlock();
356                         drop = dest_keyring;
357
358                         if (dest_keyring)
359                                 break;
360
361                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
362                         dest_keyring = current->user->session_keyring;
363                         break;
364
365                 case KEY_REQKEY_DEFL_USER_KEYRING:
366                         dest_keyring = current->user->uid_keyring;
367                         break;
368
369                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
370                 default:
371                         BUG();
372                 }
373         }
374
375         /* and attach the key to it */
376         key_link(dest_keyring, key);
377
378         key_put(drop);
379
380         kleave("");
381
382 } /* end request_key_link() */
383
384 /*****************************************************************************/
385 /*
386  * request a key
387  * - search the process's keyrings
388  * - check the list of keys being created or updated
389  * - call out to userspace for a key if supplementary info was provided
390  * - cache the key in an appropriate keyring
391  */
392 struct key *request_key_and_link(struct key_type *type,
393                                  const char *description,
394                                  const char *callout_info,
395                                  struct key *dest_keyring,
396                                  unsigned long flags)
397 {
398         struct key_user *user;
399         struct key *key;
400         key_ref_t key_ref;
401
402         kenter("%s,%s,%s,%p,%lx",
403                type->name, description, callout_info, dest_keyring, flags);
404
405         /* search all the process keyrings for a key */
406         key_ref = search_process_keyrings(type, description, type->match,
407                                           current);
408
409         kdebug("search 1: %p", key_ref);
410
411         if (!IS_ERR(key_ref)) {
412                 key = key_ref_to_ptr(key_ref);
413         }
414         else if (PTR_ERR(key_ref) != -EAGAIN) {
415                 key = ERR_PTR(PTR_ERR(key_ref));
416         }
417         else  {
418                 /* the search failed, but the keyrings were searchable, so we
419                  * should consult userspace if we can */
420                 key = ERR_PTR(-ENOKEY);
421                 if (!callout_info)
422                         goto error;
423
424                 /* - get hold of the user's construction queue */
425                 user = key_user_lookup(current->fsuid);
426                 if (!user)
427                         goto nomem;
428
429                 for (;;) {
430                         if (signal_pending(current))
431                                 goto interrupted;
432
433                         /* ask userspace (returns NULL if it waited on a key
434                          * being constructed) */
435                         key = request_key_construction(type, description,
436                                                        user, callout_info,
437                                                        flags);
438                         if (key)
439                                 break;
440
441                         /* someone else made the key we want, so we need to
442                          * search again as it might now be available to us */
443                         key_ref = search_process_keyrings(type, description,
444                                                           type->match,
445                                                           current);
446
447                         kdebug("search 2: %p", key_ref);
448
449                         if (!IS_ERR(key_ref)) {
450                                 key = key_ref_to_ptr(key_ref);
451                                 break;
452                         }
453
454                         if (PTR_ERR(key_ref) != -EAGAIN) {
455                                 key = ERR_PTR(PTR_ERR(key_ref));
456                                 break;
457                         }
458                 }
459
460                 key_user_put(user);
461
462                 /* link the new key into the appropriate keyring */
463                 if (!IS_ERR(key))
464                         request_key_link(key, dest_keyring);
465         }
466
467 error:
468         kleave(" = %p", key);
469         return key;
470
471 nomem:
472         key = ERR_PTR(-ENOMEM);
473         goto error;
474
475 interrupted:
476         key_user_put(user);
477         key = ERR_PTR(-EINTR);
478         goto error;
479
480 } /* end request_key_and_link() */
481
482 /*****************************************************************************/
483 /*
484  * request a key
485  * - search the process's keyrings
486  * - check the list of keys being created or updated
487  * - call out to userspace for a key if supplementary info was provided
488  */
489 struct key *request_key(struct key_type *type,
490                         const char *description,
491                         const char *callout_info)
492 {
493         return request_key_and_link(type, description, callout_info, NULL,
494                                     KEY_ALLOC_IN_QUOTA);
495
496 } /* end request_key() */
497
498 EXPORT_SYMBOL(request_key);