[PATCH] keys: Permit running process to instantiate keys
[linux-3.10.git] / security / keys / request_key.c
1 /* request_key.c: request a key from userspace
2  *
3  * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * See Documentation/keys-request-key.txt
12  */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include "internal.h"
20
21 struct key_construction {
22         struct list_head        link;   /* link in construction queue */
23         struct key              *key;   /* key being constructed */
24 };
25
26 /* when waiting for someone else's keys, you get added to this */
27 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
28
29 /*****************************************************************************/
30 /*
31  * request userspace finish the construction of a key
32  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
33  */
34 static int call_sbin_request_key(struct key *key,
35                                  struct key *authkey,
36                                  const char *op)
37 {
38         struct task_struct *tsk = current;
39         key_serial_t prkey, sskey;
40         struct key *keyring;
41         char *argv[9], *envp[3], uid_str[12], gid_str[12];
42         char key_str[12], keyring_str[3][12];
43         char desc[20];
44         int ret, i;
45
46         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
47
48         /* allocate a new session keyring */
49         sprintf(desc, "_req.%u", key->serial);
50
51         keyring = keyring_alloc(desc, current->fsuid, current->fsgid, 1, NULL);
52         if (IS_ERR(keyring)) {
53                 ret = PTR_ERR(keyring);
54                 goto error_alloc;
55         }
56
57         /* attach the auth key to the session keyring */
58         ret = __key_link(keyring, authkey);
59         if (ret < 0)
60                 goto error_link;
61
62         /* record the UID and GID */
63         sprintf(uid_str, "%d", current->fsuid);
64         sprintf(gid_str, "%d", current->fsgid);
65
66         /* we say which key is under construction */
67         sprintf(key_str, "%d", key->serial);
68
69         /* we specify the process's default keyrings */
70         sprintf(keyring_str[0], "%d",
71                 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
72
73         prkey = 0;
74         if (tsk->signal->process_keyring)
75                 prkey = tsk->signal->process_keyring->serial;
76
77         sprintf(keyring_str[1], "%d", prkey);
78
79         if (tsk->signal->session_keyring) {
80                 rcu_read_lock();
81                 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
82                 rcu_read_unlock();
83         }
84         else {
85                 sskey = tsk->user->session_keyring->serial;
86         }
87
88         sprintf(keyring_str[2], "%d", sskey);
89
90         /* set up a minimal environment */
91         i = 0;
92         envp[i++] = "HOME=/";
93         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
94         envp[i] = NULL;
95
96         /* set up the argument list */
97         i = 0;
98         argv[i++] = "/sbin/request-key";
99         argv[i++] = (char *) op;
100         argv[i++] = key_str;
101         argv[i++] = uid_str;
102         argv[i++] = gid_str;
103         argv[i++] = keyring_str[0];
104         argv[i++] = keyring_str[1];
105         argv[i++] = keyring_str[2];
106         argv[i] = NULL;
107
108         /* do it */
109         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1);
110
111 error_link:
112         key_put(keyring);
113
114 error_alloc:
115         kleave(" = %d", ret);
116         return ret;
117
118 } /* end call_sbin_request_key() */
119
120 /*****************************************************************************/
121 /*
122  * call out to userspace for the key
123  * - called with the construction sem held, but the sem is dropped here
124  * - we ignore program failure and go on key status instead
125  */
126 static struct key *__request_key_construction(struct key_type *type,
127                                               const char *description,
128                                               const char *callout_info)
129 {
130         request_key_actor_t actor;
131         struct key_construction cons;
132         struct timespec now;
133         struct key *key, *authkey;
134         int ret, negated;
135
136         kenter("%s,%s,%s", type->name, description, callout_info);
137
138         /* create a key and add it to the queue */
139         key = key_alloc(type, description,
140                         current->fsuid, current->fsgid, KEY_POS_ALL, 0);
141         if (IS_ERR(key))
142                 goto alloc_failed;
143
144         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
145
146         cons.key = key;
147         list_add_tail(&cons.link, &key->user->consq);
148
149         /* we drop the construction sem here on behalf of the caller */
150         up_write(&key_construction_sem);
151
152         /* allocate an authorisation key */
153         authkey = request_key_auth_new(key, callout_info);
154         if (IS_ERR(authkey)) {
155                 ret = PTR_ERR(authkey);
156                 authkey = NULL;
157                 goto alloc_authkey_failed;
158         }
159
160         /* make the call */
161         actor = call_sbin_request_key;
162         if (type->request_key)
163                 actor = type->request_key;
164         ret = actor(key, authkey, "create");
165         if (ret < 0)
166                 goto request_failed;
167
168         /* if the key wasn't instantiated, then we want to give an error */
169         ret = -ENOKEY;
170         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
171                 goto request_failed;
172
173         key_revoke(authkey);
174         key_put(authkey);
175
176         down_write(&key_construction_sem);
177         list_del(&cons.link);
178         up_write(&key_construction_sem);
179
180         /* also give an error if the key was negatively instantiated */
181 check_not_negative:
182         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
183                 key_put(key);
184                 key = ERR_PTR(-ENOKEY);
185         }
186
187 out:
188         kleave(" = %p", key);
189         return key;
190
191 request_failed:
192         key_revoke(authkey);
193         key_put(authkey);
194
195 alloc_authkey_failed:
196         /* it wasn't instantiated
197          * - remove from construction queue
198          * - mark the key as dead
199          */
200         negated = 0;
201         down_write(&key_construction_sem);
202
203         list_del(&cons.link);
204
205         /* check it didn't get instantiated between the check and the down */
206         if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
207                 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
208                 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
209                 negated = 1;
210         }
211
212         clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
213
214         up_write(&key_construction_sem);
215
216         if (!negated)
217                 goto check_not_negative; /* surprisingly, the key got
218                                           * instantiated */
219
220         /* set the timeout and store in the session keyring if we can */
221         now = current_kernel_time();
222         key->expiry = now.tv_sec + key_negative_timeout;
223
224         if (current->signal->session_keyring) {
225                 struct key *keyring;
226
227                 rcu_read_lock();
228                 keyring = rcu_dereference(current->signal->session_keyring);
229                 atomic_inc(&keyring->usage);
230                 rcu_read_unlock();
231
232                 key_link(keyring, key);
233                 key_put(keyring);
234         }
235
236         key_put(key);
237
238         /* notify anyone who was waiting */
239         wake_up_all(&request_key_conswq);
240
241         key = ERR_PTR(ret);
242         goto out;
243
244 alloc_failed:
245         up_write(&key_construction_sem);
246         goto out;
247
248 } /* end __request_key_construction() */
249
250 /*****************************************************************************/
251 /*
252  * call out to userspace to request the key
253  * - we check the construction queue first to see if an appropriate key is
254  *   already being constructed by userspace
255  */
256 static struct key *request_key_construction(struct key_type *type,
257                                             const char *description,
258                                             struct key_user *user,
259                                             const char *callout_info)
260 {
261         struct key_construction *pcons;
262         struct key *key, *ckey;
263
264         DECLARE_WAITQUEUE(myself, current);
265
266         kenter("%s,%s,{%d},%s",
267                type->name, description, user->uid, callout_info);
268
269         /* see if there's such a key under construction already */
270         down_write(&key_construction_sem);
271
272         list_for_each_entry(pcons, &user->consq, link) {
273                 ckey = pcons->key;
274
275                 if (ckey->type != type)
276                         continue;
277
278                 if (type->match(ckey, description))
279                         goto found_key_under_construction;
280         }
281
282         /* see about getting userspace to construct the key */
283         key = __request_key_construction(type, description, callout_info);
284  error:
285         kleave(" = %p", key);
286         return key;
287
288         /* someone else has the same key under construction
289          * - we want to keep an eye on their key
290          */
291  found_key_under_construction:
292         atomic_inc(&ckey->usage);
293         up_write(&key_construction_sem);
294
295         /* wait for the key to be completed one way or another */
296         add_wait_queue(&request_key_conswq, &myself);
297
298         for (;;) {
299                 set_current_state(TASK_INTERRUPTIBLE);
300                 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
301                         break;
302                 if (signal_pending(current))
303                         break;
304                 schedule();
305         }
306
307         set_current_state(TASK_RUNNING);
308         remove_wait_queue(&request_key_conswq, &myself);
309
310         /* we'll need to search this process's keyrings to see if the key is
311          * now there since we can't automatically assume it's also available
312          * there */
313         key_put(ckey);
314         ckey = NULL;
315
316         key = NULL; /* request a retry */
317         goto error;
318
319 } /* end request_key_construction() */
320
321 /*****************************************************************************/
322 /*
323  * link a freshly minted key to an appropriate destination keyring
324  */
325 static void request_key_link(struct key *key, struct key *dest_keyring)
326 {
327         struct task_struct *tsk = current;
328         struct key *drop = NULL;
329
330         kenter("{%d},%p", key->serial, dest_keyring);
331
332         /* find the appropriate keyring */
333         if (!dest_keyring) {
334                 switch (tsk->jit_keyring) {
335                 case KEY_REQKEY_DEFL_DEFAULT:
336                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
337                         dest_keyring = tsk->thread_keyring;
338                         if (dest_keyring)
339                                 break;
340
341                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
342                         dest_keyring = tsk->signal->process_keyring;
343                         if (dest_keyring)
344                                 break;
345
346                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
347                         rcu_read_lock();
348                         dest_keyring = key_get(
349                                 rcu_dereference(tsk->signal->session_keyring));
350                         rcu_read_unlock();
351                         drop = dest_keyring;
352
353                         if (dest_keyring)
354                                 break;
355
356                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
357                         dest_keyring = current->user->session_keyring;
358                         break;
359
360                 case KEY_REQKEY_DEFL_USER_KEYRING:
361                         dest_keyring = current->user->uid_keyring;
362                         break;
363
364                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
365                 default:
366                         BUG();
367                 }
368         }
369
370         /* and attach the key to it */
371         key_link(dest_keyring, key);
372
373         key_put(drop);
374
375         kleave("");
376
377 } /* end request_key_link() */
378
379 /*****************************************************************************/
380 /*
381  * request a key
382  * - search the process's keyrings
383  * - check the list of keys being created or updated
384  * - call out to userspace for a key if supplementary info was provided
385  * - cache the key in an appropriate keyring
386  */
387 struct key *request_key_and_link(struct key_type *type,
388                                  const char *description,
389                                  const char *callout_info,
390                                  struct key *dest_keyring)
391 {
392         struct key_user *user;
393         struct key *key;
394         key_ref_t key_ref;
395
396         kenter("%s,%s,%s,%p",
397                type->name, description, callout_info, dest_keyring);
398
399         /* search all the process keyrings for a key */
400         key_ref = search_process_keyrings(type, description, type->match,
401                                           current);
402
403         kdebug("search 1: %p", key_ref);
404
405         if (!IS_ERR(key_ref)) {
406                 key = key_ref_to_ptr(key_ref);
407         }
408         else if (PTR_ERR(key_ref) != -EAGAIN) {
409                 key = ERR_PTR(PTR_ERR(key_ref));
410         }
411         else  {
412                 /* the search failed, but the keyrings were searchable, so we
413                  * should consult userspace if we can */
414                 key = ERR_PTR(-ENOKEY);
415                 if (!callout_info)
416                         goto error;
417
418                 /* - get hold of the user's construction queue */
419                 user = key_user_lookup(current->fsuid);
420                 if (!user)
421                         goto nomem;
422
423                 for (;;) {
424                         if (signal_pending(current))
425                                 goto interrupted;
426
427                         /* ask userspace (returns NULL if it waited on a key
428                          * being constructed) */
429                         key = request_key_construction(type, description,
430                                                        user, callout_info);
431                         if (key)
432                                 break;
433
434                         /* someone else made the key we want, so we need to
435                          * search again as it might now be available to us */
436                         key_ref = search_process_keyrings(type, description,
437                                                           type->match,
438                                                           current);
439
440                         kdebug("search 2: %p", key_ref);
441
442                         if (!IS_ERR(key_ref)) {
443                                 key = key_ref_to_ptr(key_ref);
444                                 break;
445                         }
446
447                         if (PTR_ERR(key_ref) != -EAGAIN) {
448                                 key = ERR_PTR(PTR_ERR(key_ref));
449                                 break;
450                         }
451                 }
452
453                 key_user_put(user);
454
455                 /* link the new key into the appropriate keyring */
456                 if (!IS_ERR(key))
457                         request_key_link(key, dest_keyring);
458         }
459
460 error:
461         kleave(" = %p", key);
462         return key;
463
464 nomem:
465         key = ERR_PTR(-ENOMEM);
466         goto error;
467
468 interrupted:
469         key_user_put(user);
470         key = ERR_PTR(-EINTR);
471         goto error;
472
473 } /* end request_key_and_link() */
474
475 /*****************************************************************************/
476 /*
477  * request a key
478  * - search the process's keyrings
479  * - check the list of keys being created or updated
480  * - call out to userspace for a key if supplementary info was provided
481  */
482 struct key *request_key(struct key_type *type,
483                         const char *description,
484                         const char *callout_info)
485 {
486         return request_key_and_link(type, description, callout_info, NULL);
487
488 } /* end request_key() */
489
490 EXPORT_SYMBOL(request_key);