KEYS: Disperse linux/key_ui.h
[linux-2.6.git] / security / keys / request_key.c
index 1f6c094..91953c8 100644 (file)
@@ -1,48 +1,99 @@
-/* request_key.c: request a key from userspace
+/* Request a key from userspace
  *
- * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
+ * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
  * Written by David Howells (dhowells@redhat.com)
  *
  * This program is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version
  * 2 of the License, or (at your option) any later version.
+ *
+ * See Documentation/keys-request-key.txt
  */
 
 #include <linux/module.h>
 #include <linux/sched.h>
 #include <linux/kmod.h>
 #include <linux/err.h>
+#include <linux/keyctl.h>
+#include <linux/slab.h>
 #include "internal.h"
 
-struct key_construction {
-       struct list_head        link;   /* link in construction queue */
-       struct key              *key;   /* key being constructed */
-};
+#define key_negative_timeout   60      /* default timeout on a negative key's existence */
+
+/*
+ * wait_on_bit() sleep function for uninterruptible waiting
+ */
+static int key_wait_bit(void *flags)
+{
+       schedule();
+       return 0;
+}
+
+/*
+ * wait_on_bit() sleep function for interruptible waiting
+ */
+static int key_wait_bit_intr(void *flags)
+{
+       schedule();
+       return signal_pending(current) ? -ERESTARTSYS : 0;
+}
+
+/*
+ * call to complete the construction of a key
+ */
+void complete_request_key(struct key_construction *cons, int error)
+{
+       kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
+
+       if (error < 0)
+               key_negate_and_link(cons->key, key_negative_timeout, NULL,
+                                   cons->authkey);
+       else
+               key_revoke(cons->authkey);
 
-/* when waiting for someone else's keys, you get added to this */
-DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
+       key_put(cons->key);
+       key_put(cons->authkey);
+       kfree(cons);
+}
+EXPORT_SYMBOL(complete_request_key);
 
-/*****************************************************************************/
 /*
  * request userspace finish the construction of a key
- * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring> <info>"
- * - if callout_info is an empty string, it'll be rendered as a "-" instead
+ * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
  */
-static int call_request_key(struct key *key,
-                           const char *op,
-                           const char *callout_info)
+static int call_sbin_request_key(struct key_construction *cons,
+                                const char *op,
+                                void *aux)
 {
        struct task_struct *tsk = current;
-       unsigned long flags;
        key_serial_t prkey, sskey;
-       char *argv[10], *envp[3], uid_str[12], gid_str[12];
+       struct key *key = cons->key, *authkey = cons->authkey, *keyring;
+       char *argv[9], *envp[3], uid_str[12], gid_str[12];
        char key_str[12], keyring_str[3][12];
-       int i;
+       char desc[20];
+       int ret, i;
+
+       kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
+
+       /* allocate a new session keyring */
+       sprintf(desc, "_req.%u", key->serial);
+
+       keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
+                               KEY_ALLOC_QUOTA_OVERRUN, NULL);
+       if (IS_ERR(keyring)) {
+               ret = PTR_ERR(keyring);
+               goto error_alloc;
+       }
+
+       /* attach the auth key to the session keyring */
+       ret = __key_link(keyring, authkey);
+       if (ret < 0)
+               goto error_link;
 
        /* record the UID and GID */
-       sprintf(uid_str, "%d", current->fsuid);
-       sprintf(gid_str, "%d", current->fsgid);
+       sprintf(uid_str, "%d", current_fsuid());
+       sprintf(gid_str, "%d", current_fsgid());
 
        /* we say which key is under construction */
        sprintf(key_str, "%d", key->serial);
@@ -55,17 +106,16 @@ static int call_request_key(struct key *key,
        if (tsk->signal->process_keyring)
                prkey = tsk->signal->process_keyring->serial;
 
-       sskey = 0;
-       spin_lock_irqsave(&tsk->sighand->siglock, flags);
-       if (tsk->signal->session_keyring)
-               sskey = tsk->signal->session_keyring->serial;
-       spin_unlock_irqrestore(&tsk->sighand->siglock, flags);
-
+       sprintf(keyring_str[1], "%d", prkey);
 
-       if (!sskey)
+       if (tsk->signal->session_keyring) {
+               rcu_read_lock();
+               sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
+               rcu_read_unlock();
+       } else {
                sskey = tsk->user->session_keyring->serial;
+       }
 
-       sprintf(keyring_str[1], "%d", prkey);
        sprintf(keyring_str[2], "%d", sskey);
 
        /* set up a minimal environment */
@@ -84,274 +134,390 @@ static int call_request_key(struct key *key,
        argv[i++] = keyring_str[0];
        argv[i++] = keyring_str[1];
        argv[i++] = keyring_str[2];
-       argv[i++] = callout_info[0] ? (char *) callout_info : "-";
        argv[i] = NULL;
 
        /* do it */
-       return call_usermodehelper(argv[0], argv, envp, 1);
+       ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
+                                      UMH_WAIT_PROC);
+       kdebug("usermode -> 0x%x", ret);
+       if (ret >= 0) {
+               /* ret is the exit/wait code */
+               if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
+                   key_validate(key) < 0)
+                       ret = -ENOKEY;
+               else
+                       /* ignore any errors from userspace if the key was
+                        * instantiated */
+                       ret = 0;
+       }
+
+error_link:
+       key_put(keyring);
 
-} /* end call_request_key() */
+error_alloc:
+       kleave(" = %d", ret);
+       complete_request_key(cons, ret);
+       return ret;
+}
 
-/*****************************************************************************/
 /*
- * call out to userspace for the key
- * - called with the construction sem held, but the sem is dropped here
+ * call out to userspace for key construction
  * - we ignore program failure and go on key status instead
  */
-static struct key *__request_key_construction(struct key_type *type,
-                                             const char *description,
-                                             const char *callout_info)
+static int construct_key(struct key *key, const void *callout_info,
+                        size_t callout_len, void *aux)
 {
-       struct key_construction cons;
-       struct timespec now;
-       struct key *key;
-       int ret, negated;
+       struct key_construction *cons;
+       request_key_actor_t actor;
+       struct key *authkey;
+       int ret;
+
+       kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
+
+       cons = kmalloc(sizeof(*cons), GFP_KERNEL);
+       if (!cons)
+               return -ENOMEM;
+
+       /* allocate an authorisation key */
+       authkey = request_key_auth_new(key, callout_info, callout_len);
+       if (IS_ERR(authkey)) {
+               kfree(cons);
+               ret = PTR_ERR(authkey);
+               authkey = NULL;
+       } else {
+               cons->authkey = key_get(authkey);
+               cons->key = key_get(key);
+
+               /* make the call */
+               actor = call_sbin_request_key;
+               if (key->type->request_key)
+                       actor = key->type->request_key;
+
+               ret = actor(cons, "create", aux);
+
+               /* check that the actor called complete_request_key() prior to
+                * returning an error */
+               WARN_ON(ret < 0 &&
+                       !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
+               key_put(authkey);
+       }
 
-       /* create a key and add it to the queue */
-       key = key_alloc(type, description,
-                       current->fsuid, current->fsgid, KEY_USR_ALL, 0);
-       if (IS_ERR(key))
-               goto alloc_failed;
+       kleave(" = %d", ret);
+       return ret;
+}
 
-       set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
+/*
+ * link a key to the appropriate destination keyring
+ * - the caller must hold a write lock on the destination keyring
+ */
+static void construct_key_make_link(struct key *key, struct key *dest_keyring)
+{
+       struct task_struct *tsk = current;
+       struct key *drop = NULL;
 
-       cons.key = key;
-       list_add_tail(&cons.link, &key->user->consq);
+       kenter("{%d},%p", key->serial, dest_keyring);
 
-       /* we drop the construction sem here on behalf of the caller */
-       up_write(&key_construction_sem);
+       /* find the appropriate keyring */
+       if (!dest_keyring) {
+               switch (tsk->jit_keyring) {
+               case KEY_REQKEY_DEFL_DEFAULT:
+               case KEY_REQKEY_DEFL_THREAD_KEYRING:
+                       dest_keyring = tsk->thread_keyring;
+                       if (dest_keyring)
+                               break;
 
-       /* make the call */
-       ret = call_request_key(key, "create", callout_info);
-       if (ret < 0)
-               goto request_failed;
+               case KEY_REQKEY_DEFL_PROCESS_KEYRING:
+                       dest_keyring = tsk->signal->process_keyring;
+                       if (dest_keyring)
+                               break;
 
-       /* if the key wasn't instantiated, then we want to give an error */
-       ret = -ENOKEY;
-       if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
-               goto request_failed;
+               case KEY_REQKEY_DEFL_SESSION_KEYRING:
+                       rcu_read_lock();
+                       dest_keyring = key_get(
+                               rcu_dereference(tsk->signal->session_keyring));
+                       rcu_read_unlock();
+                       drop = dest_keyring;
 
-       down_write(&key_construction_sem);
-       list_del(&cons.link);
-       up_write(&key_construction_sem);
+                       if (dest_keyring)
+                               break;
 
-       /* also give an error if the key was negatively instantiated */
- check_not_negative:
-       if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
-               key_put(key);
-               key = ERR_PTR(-ENOKEY);
-       }
+               case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
+                       dest_keyring = tsk->user->session_keyring;
+                       break;
 
- out:
-       return key;
+               case KEY_REQKEY_DEFL_USER_KEYRING:
+                       dest_keyring = tsk->user->uid_keyring;
+                       break;
 
- request_failed:
-       /* it wasn't instantiated
-        * - remove from construction queue
-        * - mark the key as dead
-        */
-       negated = 0;
-       down_write(&key_construction_sem);
-
-       list_del(&cons.link);
-
-       /* check it didn't get instantiated between the check and the down */
-       if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
-               set_bit(KEY_FLAG_NEGATIVE, &key->flags);
-               set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
-               negated = 1;
+               case KEY_REQKEY_DEFL_GROUP_KEYRING:
+               default:
+                       BUG();
+               }
        }
 
-       clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
-
-       up_write(&key_construction_sem);
+       /* and attach the key to it */
+       __key_link(dest_keyring, key);
+       key_put(drop);
+       kleave("");
+}
 
-       if (!negated)
-               goto check_not_negative; /* surprisingly, the key got
-                                         * instantiated */
+/*
+ * allocate a new key in under-construction state and attempt to link it in to
+ * the requested place
+ * - may return a key that's already under construction instead
+ */
+static int construct_alloc_key(struct key_type *type,
+                              const char *description,
+                              struct key *dest_keyring,
+                              unsigned long flags,
+                              struct key_user *user,
+                              struct key **_key)
+{
+       struct key *key;
+       key_ref_t key_ref;
 
-       /* set the timeout and store in the session keyring if we can */
-       now = current_kernel_time();
-       key->expiry = now.tv_sec + key_negative_timeout;
+       kenter("%s,%s,,,", type->name, description);
 
-       if (current->signal->session_keyring) {
-               unsigned long flags;
-               struct key *keyring;
+       mutex_lock(&user->cons_lock);
 
-               spin_lock_irqsave(&current->sighand->siglock, flags);
-               keyring = current->signal->session_keyring;
-               atomic_inc(&keyring->usage);
-               spin_unlock_irqrestore(&current->sighand->siglock, flags);
+       key = key_alloc(type, description,
+                       current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
+                       flags);
+       if (IS_ERR(key))
+               goto alloc_failed;
 
-               key_link(keyring, key);
-               key_put(keyring);
-       }
+       set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
 
+       if (dest_keyring)
+               down_write(&dest_keyring->sem);
+
+       /* attach the key to the destination keyring under lock, but we do need
+        * to do another check just in case someone beat us to it whilst we
+        * waited for locks */
+       mutex_lock(&key_construction_mutex);
+
+       key_ref = search_process_keyrings(type, description, type->match,
+                                         current);
+       if (!IS_ERR(key_ref))
+               goto key_already_present;
+
+       if (dest_keyring)
+               construct_key_make_link(key, dest_keyring);
+
+       mutex_unlock(&key_construction_mutex);
+       if (dest_keyring)
+               up_write(&dest_keyring->sem);
+       mutex_unlock(&user->cons_lock);
+       *_key = key;
+       kleave(" = 0 [%d]", key_serial(key));
+       return 0;
+
+key_already_present:
+       mutex_unlock(&key_construction_mutex);
+       if (dest_keyring)
+               up_write(&dest_keyring->sem);
+       mutex_unlock(&user->cons_lock);
        key_put(key);
+       *_key = key = key_ref_to_ptr(key_ref);
+       kleave(" = -EINPROGRESS [%d]", key_serial(key));
+       return -EINPROGRESS;
 
-       /* notify anyone who was waiting */
-       wake_up_all(&request_key_conswq);
-
-       key = ERR_PTR(ret);
-       goto out;
+alloc_failed:
+       mutex_unlock(&user->cons_lock);
+       *_key = NULL;
+       kleave(" = %ld", PTR_ERR(key));
+       return PTR_ERR(key);
+}
 
- alloc_failed:
-       up_write(&key_construction_sem);
-       goto out;
-
-} /* end __request_key_construction() */
-
-/*****************************************************************************/
 /*
- * call out to userspace to request the key
- * - we check the construction queue first to see if an appropriate key is
- *   already being constructed by userspace
+ * commence key construction
  */
-static struct key *request_key_construction(struct key_type *type,
-                                           const char *description,
-                                           struct key_user *user,
-                                           const char *callout_info)
+static struct key *construct_key_and_link(struct key_type *type,
+                                         const char *description,
+                                         const char *callout_info,
+                                         size_t callout_len,
+                                         void *aux,
+                                         struct key *dest_keyring,
+                                         unsigned long flags)
 {
-       struct key_construction *pcons;
-       struct key *key, *ckey;
-
-       DECLARE_WAITQUEUE(myself, current);
-
-       /* see if there's such a key under construction already */
-       down_write(&key_construction_sem);
+       struct key_user *user;
+       struct key *key;
+       int ret;
 
-       list_for_each_entry(pcons, &user->consq, link) {
-               ckey = pcons->key;
+       user = key_user_lookup(current_fsuid());
+       if (!user)
+               return ERR_PTR(-ENOMEM);
 
-               if (ckey->type != type)
-                       continue;
+       ret = construct_alloc_key(type, description, dest_keyring, flags, user,
+                                 &key);
+       key_user_put(user);
 
-               if (type->match(ckey, description))
-                       goto found_key_under_construction;
+       if (ret == 0) {
+               ret = construct_key(key, callout_info, callout_len, aux);
+               if (ret < 0)
+                       goto construction_failed;
        }
 
-       /* see about getting userspace to construct the key */
-       key = __request_key_construction(type, description, callout_info);
- error:
        return key;
 
-       /* someone else has the same key under construction
-        * - we want to keep an eye on their key
-        */
- found_key_under_construction:
-       atomic_inc(&ckey->usage);
-       up_write(&key_construction_sem);
-
-       /* wait for the key to be completed one way or another */
-       add_wait_queue(&request_key_conswq, &myself);
-
-       for (;;) {
-               set_current_state(TASK_UNINTERRUPTIBLE);
-               if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
-                       break;
-               schedule();
-       }
-
-       set_current_state(TASK_RUNNING);
-       remove_wait_queue(&request_key_conswq, &myself);
-
-       /* we'll need to search this process's keyrings to see if the key is
-        * now there since we can't automatically assume it's also available
-        * there */
-       key_put(ckey);
-       ckey = NULL;
-
-       key = NULL; /* request a retry */
-       goto error;
-
-} /* end request_key_construction() */
+construction_failed:
+       key_negate_and_link(key, key_negative_timeout, NULL, NULL);
+       key_put(key);
+       return ERR_PTR(ret);
+}
 
-/*****************************************************************************/
 /*
  * request a key
  * - search the process's keyrings
  * - check the list of keys being created or updated
- * - call out to userspace for a key if requested (supplementary info can be
- *   passed)
+ * - call out to userspace for a key if supplementary info was provided
+ * - cache the key in an appropriate keyring
  */
-struct key *request_key(struct key_type *type,
-                       const char *description,
-                       const char *callout_info)
+struct key *request_key_and_link(struct key_type *type,
+                                const char *description,
+                                const void *callout_info,
+                                size_t callout_len,
+                                void *aux,
+                                struct key *dest_keyring,
+                                unsigned long flags)
 {
-       struct key_user *user;
        struct key *key;
+       key_ref_t key_ref;
 
-       /* search all the process keyrings for a key */
-       key = search_process_keyrings_aux(type, description, type->match);
+       kenter("%s,%s,%p,%zu,%p,%p,%lx",
+              type->name, description, callout_info, callout_len, aux,
+              dest_keyring, flags);
 
-       if (PTR_ERR(key) == -EAGAIN) {
+       /* search all the process keyrings for a key */
+       key_ref = search_process_keyrings(type, description, type->match,
+                                         current);
+
+       if (!IS_ERR(key_ref)) {
+               key = key_ref_to_ptr(key_ref);
+       } else if (PTR_ERR(key_ref) != -EAGAIN) {
+               key = ERR_CAST(key_ref);
+       } else  {
                /* the search failed, but the keyrings were searchable, so we
                 * should consult userspace if we can */
                key = ERR_PTR(-ENOKEY);
                if (!callout_info)
                        goto error;
 
-               /* - get hold of the user's construction queue */
-               user = key_user_lookup(current->fsuid);
-               if (!user) {
-                       key = ERR_PTR(-ENOMEM);
-                       goto error;
-               }
-
-               for (;;) {
-                       /* ask userspace (returns NULL if it waited on a key
-                        * being constructed) */
-                       key = request_key_construction(type, description,
-                                                      user, callout_info);
-                       if (key)
-                               break;
-
-                       /* someone else made the key we want, so we need to
-                        * search again as it might now be available to us */
-                       key = search_process_keyrings_aux(type, description,
-                                                         type->match);
-                       if (PTR_ERR(key) != -EAGAIN)
-                               break;
-               }
-
-               key_user_put(user);
+               key = construct_key_and_link(type, description, callout_info,
+                                            callout_len, aux, dest_keyring,
+                                            flags);
        }
 
- error:
+error:
+       kleave(" = %p", key);
        return key;
+}
 
-} /* end request_key() */
+/*
+ * wait for construction of a key to complete
+ */
+int wait_for_key_construction(struct key *key, bool intr)
+{
+       int ret;
 
-EXPORT_SYMBOL(request_key);
+       ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
+                         intr ? key_wait_bit_intr : key_wait_bit,
+                         intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
+       if (ret < 0)
+               return ret;
+       return key_validate(key);
+}
+EXPORT_SYMBOL(wait_for_key_construction);
 
-/*****************************************************************************/
 /*
- * validate a key
+ * request a key
+ * - search the process's keyrings
+ * - check the list of keys being created or updated
+ * - call out to userspace for a key if supplementary info was provided
+ * - waits uninterruptible for creation to complete
  */
-int key_validate(struct key *key)
+struct key *request_key(struct key_type *type,
+                       const char *description,
+                       const char *callout_info)
 {
-       struct timespec now;
-       int ret = 0;
-
-       if (key) {
-               /* check it's still accessible */
-               ret = -EKEYREVOKED;
-               if (test_bit(KEY_FLAG_REVOKED, &key->flags) ||
-                   test_bit(KEY_FLAG_DEAD, &key->flags))
-                       goto error;
-
-               /* check it hasn't expired */
-               ret = 0;
-               if (key->expiry) {
-                       now = current_kernel_time();
-                       if (now.tv_sec >= key->expiry)
-                               ret = -EKEYEXPIRED;
+       struct key *key;
+       size_t callout_len = 0;
+       int ret;
+
+       if (callout_info)
+               callout_len = strlen(callout_info);
+       key = request_key_and_link(type, description, callout_info, callout_len,
+                                  NULL, NULL, KEY_ALLOC_IN_QUOTA);
+       if (!IS_ERR(key)) {
+               ret = wait_for_key_construction(key, false);
+               if (ret < 0) {
+                       key_put(key);
+                       return ERR_PTR(ret);
                }
        }
+       return key;
+}
+EXPORT_SYMBOL(request_key);
 
- error:
-       return ret;
+/*
+ * request a key with auxiliary data for the upcaller
+ * - search the process's keyrings
+ * - check the list of keys being created or updated
+ * - call out to userspace for a key if supplementary info was provided
+ * - waits uninterruptible for creation to complete
+ */
+struct key *request_key_with_auxdata(struct key_type *type,
+                                    const char *description,
+                                    const void *callout_info,
+                                    size_t callout_len,
+                                    void *aux)
+{
+       struct key *key;
+       int ret;
+
+       key = request_key_and_link(type, description, callout_info, callout_len,
+                                  aux, NULL, KEY_ALLOC_IN_QUOTA);
+       if (!IS_ERR(key)) {
+               ret = wait_for_key_construction(key, false);
+               if (ret < 0) {
+                       key_put(key);
+                       return ERR_PTR(ret);
+               }
+       }
+       return key;
+}
+EXPORT_SYMBOL(request_key_with_auxdata);
 
-} /* end key_validate() */
+/*
+ * request a key (allow async construction)
+ * - search the process's keyrings
+ * - check the list of keys being created or updated
+ * - call out to userspace for a key if supplementary info was provided
+ */
+struct key *request_key_async(struct key_type *type,
+                             const char *description,
+                             const void *callout_info,
+                             size_t callout_len)
+{
+       return request_key_and_link(type, description, callout_info,
+                                   callout_len, NULL, NULL,
+                                   KEY_ALLOC_IN_QUOTA);
+}
+EXPORT_SYMBOL(request_key_async);
 
-EXPORT_SYMBOL(key_validate);
+/*
+ * request a key with auxiliary data for the upcaller (allow async construction)
+ * - search the process's keyrings
+ * - check the list of keys being created or updated
+ * - call out to userspace for a key if supplementary info was provided
+ */
+struct key *request_key_async_with_auxdata(struct key_type *type,
+                                          const char *description,
+                                          const void *callout_info,
+                                          size_t callout_len,
+                                          void *aux)
+{
+       return request_key_and_link(type, description, callout_info,
+                                   callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
+}
+EXPORT_SYMBOL(request_key_async_with_auxdata);