[PATCH] keys: Discard key spinlock and use RCU for key payload
[linux-2.6.git] / security / keys / request_key.c
1 /* request_key.c: request a key from userspace
2  *
3  * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  */
11
12 #include <linux/module.h>
13 #include <linux/sched.h>
14 #include <linux/kmod.h>
15 #include <linux/err.h>
16 #include "internal.h"
17
18 struct key_construction {
19         struct list_head        link;   /* link in construction queue */
20         struct key              *key;   /* key being constructed */
21 };
22
23 /* when waiting for someone else's keys, you get added to this */
24 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
25
26 /*****************************************************************************/
27 /*
28  * request userspace finish the construction of a key
29  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>"
30  * - if callout_info is an empty string, it'll be rendered as a "-" instead
31  */
32 static int call_request_key(struct key *key,
33                             const char *op,
34                             const char *callout_info)
35 {
36         struct task_struct *tsk = current;
37         unsigned long flags;
38         key_serial_t prkey, sskey;
39         char *argv[10], *envp[3], uid_str[12], gid_str[12];
40         char key_str[12], keyring_str[3][12];
41         int i;
42
43         /* record the UID and GID */
44         sprintf(uid_str, "%d", current->fsuid);
45         sprintf(gid_str, "%d", current->fsgid);
46
47         /* we say which key is under construction */
48         sprintf(key_str, "%d", key->serial);
49
50         /* we specify the process's default keyrings */
51         sprintf(keyring_str[0], "%d",
52                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
53
54         prkey = 0;
55         if (tsk->signal->process_keyring)
56                 prkey = tsk->signal->process_keyring->serial;
57
58         sskey = 0;
59         spin_lock_irqsave(&tsk->sighand->siglock, flags);
60         if (tsk->signal->session_keyring)
61                 sskey = tsk->signal->session_keyring->serial;
62         spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
63
64
65         if (!sskey)
66                 sskey = tsk->user->session_keyring->serial;
67
68         sprintf(keyring_str[1], "%d", prkey);
69         sprintf(keyring_str[2], "%d", sskey);
70
71         /* set up a minimal environment */
72         i = 0;
73         envp[i++] = "HOME=/";
74         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
75         envp[i] = NULL;
76
77         /* set up the argument list */
78         i = 0;
79         argv[i++] = "/sbin/request-key";
80         argv[i++] = (char *) op;
81         argv[i++] = key_str;
82         argv[i++] = uid_str;
83         argv[i++] = gid_str;
84         argv[i++] = keyring_str[0];
85         argv[i++] = keyring_str[1];
86         argv[i++] = keyring_str[2];
87         argv[i++] = callout_info[0] ? (char *) callout_info : "-";
88         argv[i] = NULL;
89
90         /* do it */
91         return call_usermodehelper(argv[0], argv, envp, 1);
92
93 } /* end call_request_key() */
94
95 /*****************************************************************************/
96 /*
97  * call out to userspace for the key
98  * - called with the construction sem held, but the sem is dropped here
99  * - we ignore program failure and go on key status instead
100  */
101 static struct key *__request_key_construction(struct key_type *type,
102                                               const char *description,
103                                               const char *callout_info)
104 {
105         struct key_construction cons;
106         struct timespec now;
107         struct key *key;
108         int ret, negated;
109
110         /* create a key and add it to the queue */
111         key = key_alloc(type, description,
112                         current->fsuid, current->fsgid, KEY_USR_ALL, 0);
113         if (IS_ERR(key))
114                 goto alloc_failed;
115
116         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
117
118         cons.key = key;
119         list_add_tail(&cons.link, &key->user->consq);
120
121         /* we drop the construction sem here on behalf of the caller */
122         up_write(&key_construction_sem);
123
124         /* make the call */
125         ret = call_request_key(key, "create", callout_info);
126         if (ret < 0)
127                 goto request_failed;
128
129         /* if the key wasn't instantiated, then we want to give an error */
130         ret = -ENOKEY;
131         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
132                 goto request_failed;
133
134         down_write(&key_construction_sem);
135         list_del(&cons.link);
136         up_write(&key_construction_sem);
137
138         /* also give an error if the key was negatively instantiated */
139  check_not_negative:
140         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
141                 key_put(key);
142                 key = ERR_PTR(-ENOKEY);
143         }
144
145  out:
146         return key;
147
148  request_failed:
149         /* it wasn't instantiated
150          * - remove from construction queue
151          * - mark the key as dead
152          */
153         negated = 0;
154         down_write(&key_construction_sem);
155
156         list_del(&cons.link);
157
158         /* check it didn't get instantiated between the check and the down */
159         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
160                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
161                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
162                 negated = 1;
163         }
164
165         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
166
167         up_write(&key_construction_sem);
168
169         if (!negated)
170                 goto check_not_negative; /* surprisingly, the key got
171                                           * instantiated */
172
173         /* set the timeout and store in the session keyring if we can */
174         now = current_kernel_time();
175         key->expiry = now.tv_sec + key_negative_timeout;
176
177         if (current->signal->session_keyring) {
178                 unsigned long flags;
179                 struct key *keyring;
180
181                 spin_lock_irqsave(&current->sighand->siglock, flags);
182                 keyring = current->signal->session_keyring;
183                 atomic_inc(&keyring->usage);
184                 spin_unlock_irqrestore(&current->sighand->siglock, flags);
185
186                 key_link(keyring, key);
187                 key_put(keyring);
188         }
189
190         key_put(key);
191
192         /* notify anyone who was waiting */
193         wake_up_all(&request_key_conswq);
194
195         key = ERR_PTR(ret);
196         goto out;
197
198  alloc_failed:
199         up_write(&key_construction_sem);
200         goto out;
201
202 } /* end __request_key_construction() */
203
204 /*****************************************************************************/
205 /*
206  * call out to userspace to request the key
207  * - we check the construction queue first to see if an appropriate key is
208  *   already being constructed by userspace
209  */
210 static struct key *request_key_construction(struct key_type *type,
211                                             const char *description,
212                                             struct key_user *user,
213                                             const char *callout_info)
214 {
215         struct key_construction *pcons;
216         struct key *key, *ckey;
217
218         DECLARE_WAITQUEUE(myself, current);
219
220         /* see if there's such a key under construction already */
221         down_write(&key_construction_sem);
222
223         list_for_each_entry(pcons, &user->consq, link) {
224                 ckey = pcons->key;
225
226                 if (ckey->type != type)
227                         continue;
228
229                 if (type->match(ckey, description))
230                         goto found_key_under_construction;
231         }
232
233         /* see about getting userspace to construct the key */
234         key = __request_key_construction(type, description, callout_info);
235  error:
236         return key;
237
238         /* someone else has the same key under construction
239          * - we want to keep an eye on their key
240          */
241  found_key_under_construction:
242         atomic_inc(&ckey->usage);
243         up_write(&key_construction_sem);
244
245         /* wait for the key to be completed one way or another */
246         add_wait_queue(&request_key_conswq, &myself);
247
248         for (;;) {
249                 set_current_state(TASK_UNINTERRUPTIBLE);
250                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
251                         break;
252                 schedule();
253         }
254
255         set_current_state(TASK_RUNNING);
256         remove_wait_queue(&request_key_conswq, &myself);
257
258         /* we'll need to search this process's keyrings to see if the key is
259          * now there since we can't automatically assume it's also available
260          * there */
261         key_put(ckey);
262         ckey = NULL;
263
264         key = NULL; /* request a retry */
265         goto error;
266
267 } /* end request_key_construction() */
268
269 /*****************************************************************************/
270 /*
271  * request a key
272  * - search the process's keyrings
273  * - check the list of keys being created or updated
274  * - call out to userspace for a key if requested (supplementary info can be
275  *   passed)
276  */
277 struct key *request_key(struct key_type *type,
278                         const char *description,
279                         const char *callout_info)
280 {
281         struct key_user *user;
282         struct key *key;
283
284         /* search all the process keyrings for a key */
285         key = search_process_keyrings_aux(type, description, type->match);
286
287         if (PTR_ERR(key) == -EAGAIN) {
288                 /* the search failed, but the keyrings were searchable, so we
289                  * should consult userspace if we can */
290                 key = ERR_PTR(-ENOKEY);
291                 if (!callout_info)
292                         goto error;
293
294                 /* - get hold of the user's construction queue */
295                 user = key_user_lookup(current->fsuid);
296                 if (!user) {
297                         key = ERR_PTR(-ENOMEM);
298                         goto error;
299                 }
300
301                 for (;;) {
302                         /* ask userspace (returns NULL if it waited on a key
303                          * being constructed) */
304                         key = request_key_construction(type, description,
305                                                        user, callout_info);
306                         if (key)
307                                 break;
308
309                         /* someone else made the key we want, so we need to
310                          * search again as it might now be available to us */
311                         key = search_process_keyrings_aux(type, description,
312                                                           type->match);
313                         if (PTR_ERR(key) != -EAGAIN)
314                                 break;
315                 }
316
317                 key_user_put(user);
318         }
319
320  error:
321         return key;
322
323 } /* end request_key() */
324
325 EXPORT_SYMBOL(request_key);
326
327 /*****************************************************************************/
328 /*
329  * validate a key
330  */
331 int key_validate(struct key *key)
332 {
333         struct timespec now;
334         int ret = 0;
335
336         if (key) {
337                 /* check it's still accessible */
338                 ret = -EKEYREVOKED;
339                 if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
340                     test_bit(KEY_FLAG_DEAD, &key->flags))
341                         goto error;
342
343                 /* check it hasn't expired */
344                 ret = 0;
345                 if (key->expiry) {
346                         now = current_kernel_time();
347                         if (now.tv_sec >= key->expiry)
348                                 ret = -EKEYEXPIRED;
349                 }
350         }
351
352  error:
353         return ret;
354
355 } /* end key_validate() */
356
357 EXPORT_SYMBOL(key_validate);