[PATCH] Keys: Make request-key create an authorisation key
[linux-2.6.git] / security / keys / request_key.c
1 /* request_key.c: request a key from userspace
2  *
3  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/sched.h>
14 #include <linux/kmod.h>
15 #include <linux/err.h>
16 #include <linux/keyctl.h>
17 #include "internal.h"
18
19 struct key_construction {
20         struct list_head        link;   /* link in construction queue */
21         struct key              *key;   /* key being constructed */
22 };
23
24 /* when waiting for someone else's keys, you get added to this */
25 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
26
27 /*****************************************************************************/
28 /*
29  * request userspace finish the construction of a key
30  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>"
31  */
32 static int call_request_key(struct key *key,
33                             const char *op,
34                             const char *callout_info)
35 {
36         struct task_struct *tsk = current;
37         key_serial_t prkey, sskey;
38         struct key *session_keyring, *rkakey;
39         char *argv[10], *envp[3], uid_str[12], gid_str[12];
40         char key_str[12], keyring_str[3][12];
41         int ret, i;
42
43         kenter("{%d},%s,%s", key->serial, op, callout_info);
44
45         /* generate a new session keyring with an auth key in it */
46         session_keyring = request_key_auth_new(key, &rkakey);
47         if (IS_ERR(session_keyring)) {
48                 ret = PTR_ERR(session_keyring);
49                 goto error;
50         }
51
52         /* record the UID and GID */
53         sprintf(uid_str, "%d", current->fsuid);
54         sprintf(gid_str, "%d", current->fsgid);
55
56         /* we say which key is under construction */
57         sprintf(key_str, "%d", key->serial);
58
59         /* we specify the process's default keyrings */
60         sprintf(keyring_str[0], "%d",
61                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
62
63         prkey = 0;
64         if (tsk->signal->process_keyring)
65                 prkey = tsk->signal->process_keyring->serial;
66
67         sprintf(keyring_str[1], "%d", prkey);
68
69         if (tsk->signal->session_keyring) {
70                 rcu_read_lock();
71                 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
72                 rcu_read_unlock();
73         }
74         else {
75                 sskey = tsk->user->session_keyring->serial;
76         }
77
78         sprintf(keyring_str[2], "%d", sskey);
79
80         /* set up a minimal environment */
81         i = 0;
82         envp[i++] = "HOME=/";
83         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
84         envp[i] = NULL;
85
86         /* set up the argument list */
87         i = 0;
88         argv[i++] = "/sbin/request-key";
89         argv[i++] = (char *) op;
90         argv[i++] = key_str;
91         argv[i++] = uid_str;
92         argv[i++] = gid_str;
93         argv[i++] = keyring_str[0];
94         argv[i++] = keyring_str[1];
95         argv[i++] = keyring_str[2];
96         argv[i++] = (char *) callout_info;
97         argv[i] = NULL;
98
99         /* do it */
100         ret = call_usermodehelper_keys(argv[0], argv, envp, session_keyring, 1);
101
102         /* dispose of the special keys */
103         key_revoke(rkakey);
104         key_put(rkakey);
105         key_put(session_keyring);
106
107  error:
108         kleave(" = %d", ret);
109         return ret;
110
111 } /* end call_request_key() */
112
113 /*****************************************************************************/
114 /*
115  * call out to userspace for the key
116  * - called with the construction sem held, but the sem is dropped here
117  * - we ignore program failure and go on key status instead
118  */
119 static struct key *__request_key_construction(struct key_type *type,
120                                               const char *description,
121                                               const char *callout_info)
122 {
123         struct key_construction cons;
124         struct timespec now;
125         struct key *key;
126         int ret, negated;
127
128         kenter("%s,%s,%s", type->name, description, callout_info);
129
130         /* create a key and add it to the queue */
131         key = key_alloc(type, description,
132                         current->fsuid, current->fsgid, KEY_USR_ALL, 0);
133         if (IS_ERR(key))
134                 goto alloc_failed;
135
136         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
137
138         cons.key = key;
139         list_add_tail(&cons.link, &key->user->consq);
140
141         /* we drop the construction sem here on behalf of the caller */
142         up_write(&key_construction_sem);
143
144         /* make the call */
145         ret = call_request_key(key, "create", callout_info);
146         if (ret < 0)
147                 goto request_failed;
148
149         /* if the key wasn't instantiated, then we want to give an error */
150         ret = -ENOKEY;
151         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
152                 goto request_failed;
153
154         down_write(&key_construction_sem);
155         list_del(&cons.link);
156         up_write(&key_construction_sem);
157
158         /* also give an error if the key was negatively instantiated */
159  check_not_negative:
160         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
161                 key_put(key);
162                 key = ERR_PTR(-ENOKEY);
163         }
164
165  out:
166         kleave(" = %p", key);
167         return key;
168
169  request_failed:
170         /* it wasn't instantiated
171          * - remove from construction queue
172          * - mark the key as dead
173          */
174         negated = 0;
175         down_write(&key_construction_sem);
176
177         list_del(&cons.link);
178
179         /* check it didn't get instantiated between the check and the down */
180         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
181                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
182                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
183                 negated = 1;
184         }
185
186         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
187
188         up_write(&key_construction_sem);
189
190         if (!negated)
191                 goto check_not_negative; /* surprisingly, the key got
192                                           * instantiated */
193
194         /* set the timeout and store in the session keyring if we can */
195         now = current_kernel_time();
196         key->expiry = now.tv_sec + key_negative_timeout;
197
198         if (current->signal->session_keyring) {
199                 struct key *keyring;
200
201                 rcu_read_lock();
202                 keyring = rcu_dereference(current->signal->session_keyring);
203                 atomic_inc(&keyring->usage);
204                 rcu_read_unlock();
205
206                 key_link(keyring, key);
207                 key_put(keyring);
208         }
209
210         key_put(key);
211
212         /* notify anyone who was waiting */
213         wake_up_all(&request_key_conswq);
214
215         key = ERR_PTR(ret);
216         goto out;
217
218  alloc_failed:
219         up_write(&key_construction_sem);
220         goto out;
221
222 } /* end __request_key_construction() */
223
224 /*****************************************************************************/
225 /*
226  * call out to userspace to request the key
227  * - we check the construction queue first to see if an appropriate key is
228  *   already being constructed by userspace
229  */
230 static struct key *request_key_construction(struct key_type *type,
231                                             const char *description,
232                                             struct key_user *user,
233                                             const char *callout_info)
234 {
235         struct key_construction *pcons;
236         struct key *key, *ckey;
237
238         DECLARE_WAITQUEUE(myself, current);
239
240         kenter("%s,%s,{%d},%s",
241                type->name, description, user->uid, callout_info);
242
243         /* see if there's such a key under construction already */
244         down_write(&key_construction_sem);
245
246         list_for_each_entry(pcons, &user->consq, link) {
247                 ckey = pcons->key;
248
249                 if (ckey->type != type)
250                         continue;
251
252                 if (type->match(ckey, description))
253                         goto found_key_under_construction;
254         }
255
256         /* see about getting userspace to construct the key */
257         key = __request_key_construction(type, description, callout_info);
258  error:
259         kleave(" = %p", key);
260         return key;
261
262         /* someone else has the same key under construction
263          * - we want to keep an eye on their key
264          */
265  found_key_under_construction:
266         atomic_inc(&ckey->usage);
267         up_write(&key_construction_sem);
268
269         /* wait for the key to be completed one way or another */
270         add_wait_queue(&request_key_conswq, &myself);
271
272         for (;;) {
273                 set_current_state(TASK_INTERRUPTIBLE);
274                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
275                         break;
276                 if (signal_pending(current))
277                         break;
278                 schedule();
279         }
280
281         set_current_state(TASK_RUNNING);
282         remove_wait_queue(&request_key_conswq, &myself);
283
284         /* we'll need to search this process's keyrings to see if the key is
285          * now there since we can't automatically assume it's also available
286          * there */
287         key_put(ckey);
288         ckey = NULL;
289
290         key = NULL; /* request a retry */
291         goto error;
292
293 } /* end request_key_construction() */
294
295 /*****************************************************************************/
296 /*
297  * link a freshly minted key to an appropriate destination keyring
298  */
299 static void request_key_link(struct key *key, struct key *dest_keyring)
300 {
301         struct task_struct *tsk = current;
302         struct key *drop = NULL;
303
304         kenter("{%d},%p", key->serial, dest_keyring);
305
306         /* find the appropriate keyring */
307         if (!dest_keyring) {
308                 switch (tsk->jit_keyring) {
309                 case KEY_REQKEY_DEFL_DEFAULT:
310                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
311                         dest_keyring = tsk->thread_keyring;
312                         if (dest_keyring)
313                                 break;
314
315                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
316                         dest_keyring = tsk->signal->process_keyring;
317                         if (dest_keyring)
318                                 break;
319
320                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
321                         rcu_read_lock();
322                         dest_keyring = key_get(
323                                 rcu_dereference(tsk->signal->session_keyring));
324                         rcu_read_unlock();
325                         drop = dest_keyring;
326
327                         if (dest_keyring)
328                                 break;
329
330                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
331                         dest_keyring = current->user->session_keyring;
332                         break;
333
334                 case KEY_REQKEY_DEFL_USER_KEYRING:
335                         dest_keyring = current->user->uid_keyring;
336                         break;
337
338                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
339                 default:
340                         BUG();
341                 }
342         }
343
344         /* and attach the key to it */
345         key_link(dest_keyring, key);
346
347         key_put(drop);
348
349         kleave("");
350
351 } /* end request_key_link() */
352
353 /*****************************************************************************/
354 /*
355  * request a key
356  * - search the process's keyrings
357  * - check the list of keys being created or updated
358  * - call out to userspace for a key if supplementary info was provided
359  * - cache the key in an appropriate keyring
360  */
361 struct key *request_key_and_link(struct key_type *type,
362                                  const char *description,
363                                  const char *callout_info,
364                                  struct key *dest_keyring)
365 {
366         struct key_user *user;
367         struct key *key;
368
369         kenter("%s,%s,%s,%p",
370                type->name, description, callout_info, dest_keyring);
371
372         /* search all the process keyrings for a key */
373         key = search_process_keyrings(type, description, type->match, current);
374
375         if (PTR_ERR(key) == -EAGAIN) {
376                 /* the search failed, but the keyrings were searchable, so we
377                  * should consult userspace if we can */
378                 key = ERR_PTR(-ENOKEY);
379                 if (!callout_info)
380                         goto error;
381
382                 /* - get hold of the user's construction queue */
383                 user = key_user_lookup(current->fsuid);
384                 if (!user)
385                         goto nomem;
386
387                 do {
388                         if (signal_pending(current))
389                                 goto interrupted;
390
391                         /* ask userspace (returns NULL if it waited on a key
392                          * being constructed) */
393                         key = request_key_construction(type, description,
394                                                        user, callout_info);
395                         if (key)
396                                 break;
397
398                         /* someone else made the key we want, so we need to
399                          * search again as it might now be available to us */
400                         key = search_process_keyrings(type, description,
401                                                       type->match, current);
402
403                 } while (PTR_ERR(key) == -EAGAIN);
404
405                 key_user_put(user);
406
407                 /* link the new key into the appropriate keyring */
408                 if (!PTR_ERR(key))
409                         request_key_link(key, dest_keyring);
410         }
411
412 error:
413         kleave(" = %p", key);
414         return key;
415
416 nomem:
417         key = ERR_PTR(-ENOMEM);
418         goto error;
419
420 interrupted:
421         key_user_put(user);
422         key = ERR_PTR(-EINTR);
423         goto error;
424
425 } /* end request_key_and_link() */
426
427 /*****************************************************************************/
428 /*
429  * request a key
430  * - search the process's keyrings
431  * - check the list of keys being created or updated
432  * - call out to userspace for a key if supplementary info was provided
433  */
434 struct key *request_key(struct key_type *type,
435                         const char *description,
436                         const char *callout_info)
437 {
438         return request_key_and_link(type, description, callout_info, NULL);
439
440 } /* end request_key() */
441
442 EXPORT_SYMBOL(request_key);
443
444 /*****************************************************************************/
445 /*
446  * validate a key
447  */
448 int key_validate(struct key *key)
449 {
450         struct timespec now;
451         int ret = 0;
452
453         if (key) {
454                 /* check it's still accessible */
455                 ret = -EKEYREVOKED;
456                 if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
457                     test_bit(KEY_FLAG_DEAD, &key->flags))
458                         goto error;
459
460                 /* check it hasn't expired */
461                 ret = 0;
462                 if (key->expiry) {
463                         now = current_kernel_time();
464                         if (now.tv_sec >= key->expiry)
465                                 ret = -EKEYEXPIRED;
466                 }
467         }
468
469  error:
470         return ret;
471
472 } /* end key_validate() */
473
474 EXPORT_SYMBOL(key_validate);