gianfar: fix signedness issue
[linux-2.6.git] / security / keys / request_key.c
1 /* Request a key from userspace
2  *
3  * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * See Documentation/keys-request-key.txt
12  */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include <linux/slab.h>
20 #include "internal.h"
21
22 #define key_negative_timeout    60      /* default timeout on a negative key's existence */
23
24 /*
25  * wait_on_bit() sleep function for uninterruptible waiting
26  */
27 static int key_wait_bit(void *flags)
28 {
29         schedule();
30         return 0;
31 }
32
33 /*
34  * wait_on_bit() sleep function for interruptible waiting
35  */
36 static int key_wait_bit_intr(void *flags)
37 {
38         schedule();
39         return signal_pending(current) ? -ERESTARTSYS : 0;
40 }
41
42 /*
43  * call to complete the construction of a key
44  */
45 void complete_request_key(struct key_construction *cons, int error)
46 {
47         kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
48
49         if (error < 0)
50                 key_negate_and_link(cons->key, key_negative_timeout, NULL,
51                                     cons->authkey);
52         else
53                 key_revoke(cons->authkey);
54
55         key_put(cons->key);
56         key_put(cons->authkey);
57         kfree(cons);
58 }
59 EXPORT_SYMBOL(complete_request_key);
60
61 static int umh_keys_init(struct subprocess_info *info)
62 {
63         struct cred *cred = (struct cred*)current_cred();
64         struct key *keyring = info->data;
65         /*
66          * This is called in context of freshly forked kthread before
67          * kernel_execve(), we can just change our ->session_keyring.
68          */
69         return install_session_keyring_to_cred(cred, keyring);
70 }
71
72 static void umh_keys_cleanup(struct subprocess_info *info)
73 {
74         struct key *keyring = info->data;
75         key_put(keyring);
76 }
77
78 static int call_usermodehelper_keys(char *path, char **argv, char **envp,
79                          struct key *session_keyring, enum umh_wait wait)
80 {
81         gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL;
82         struct subprocess_info *info =
83                 call_usermodehelper_setup(path, argv, envp, gfp_mask);
84
85         if (!info)
86                 return -ENOMEM;
87
88         call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup,
89                                         key_get(session_keyring));
90         return call_usermodehelper_exec(info, wait);
91 }
92
93 /*
94  * request userspace finish the construction of a key
95  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
96  */
97 static int call_sbin_request_key(struct key_construction *cons,
98                                  const char *op,
99                                  void *aux)
100 {
101         const struct cred *cred = current_cred();
102         key_serial_t prkey, sskey;
103         struct key *key = cons->key, *authkey = cons->authkey, *keyring,
104                 *session;
105         char *argv[9], *envp[3], uid_str[12], gid_str[12];
106         char key_str[12], keyring_str[3][12];
107         char desc[20];
108         int ret, i;
109
110         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
111
112         ret = install_user_keyrings();
113         if (ret < 0)
114                 goto error_alloc;
115
116         /* allocate a new session keyring */
117         sprintf(desc, "_req.%u", key->serial);
118
119         cred = get_current_cred();
120         keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
121                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
122         put_cred(cred);
123         if (IS_ERR(keyring)) {
124                 ret = PTR_ERR(keyring);
125                 goto error_alloc;
126         }
127
128         /* attach the auth key to the session keyring */
129         ret = key_link(keyring, authkey);
130         if (ret < 0)
131                 goto error_link;
132
133         /* record the UID and GID */
134         sprintf(uid_str, "%d", cred->fsuid);
135         sprintf(gid_str, "%d", cred->fsgid);
136
137         /* we say which key is under construction */
138         sprintf(key_str, "%d", key->serial);
139
140         /* we specify the process's default keyrings */
141         sprintf(keyring_str[0], "%d",
142                 cred->thread_keyring ? cred->thread_keyring->serial : 0);
143
144         prkey = 0;
145         if (cred->tgcred->process_keyring)
146                 prkey = cred->tgcred->process_keyring->serial;
147         sprintf(keyring_str[1], "%d", prkey);
148
149         rcu_read_lock();
150         session = rcu_dereference(cred->tgcred->session_keyring);
151         if (!session)
152                 session = cred->user->session_keyring;
153         sskey = session->serial;
154         rcu_read_unlock();
155
156         sprintf(keyring_str[2], "%d", sskey);
157
158         /* set up a minimal environment */
159         i = 0;
160         envp[i++] = "HOME=/";
161         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
162         envp[i] = NULL;
163
164         /* set up the argument list */
165         i = 0;
166         argv[i++] = "/sbin/request-key";
167         argv[i++] = (char *) op;
168         argv[i++] = key_str;
169         argv[i++] = uid_str;
170         argv[i++] = gid_str;
171         argv[i++] = keyring_str[0];
172         argv[i++] = keyring_str[1];
173         argv[i++] = keyring_str[2];
174         argv[i] = NULL;
175
176         /* do it */
177         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
178                                        UMH_WAIT_PROC);
179         kdebug("usermode -> 0x%x", ret);
180         if (ret >= 0) {
181                 /* ret is the exit/wait code */
182                 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
183                     key_validate(key) < 0)
184                         ret = -ENOKEY;
185                 else
186                         /* ignore any errors from userspace if the key was
187                          * instantiated */
188                         ret = 0;
189         }
190
191 error_link:
192         key_put(keyring);
193
194 error_alloc:
195         complete_request_key(cons, ret);
196         kleave(" = %d", ret);
197         return ret;
198 }
199
200 /*
201  * call out to userspace for key construction
202  * - we ignore program failure and go on key status instead
203  */
204 static int construct_key(struct key *key, const void *callout_info,
205                          size_t callout_len, void *aux,
206                          struct key *dest_keyring)
207 {
208         struct key_construction *cons;
209         request_key_actor_t actor;
210         struct key *authkey;
211         int ret;
212
213         kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
214
215         cons = kmalloc(sizeof(*cons), GFP_KERNEL);
216         if (!cons)
217                 return -ENOMEM;
218
219         /* allocate an authorisation key */
220         authkey = request_key_auth_new(key, callout_info, callout_len,
221                                        dest_keyring);
222         if (IS_ERR(authkey)) {
223                 kfree(cons);
224                 ret = PTR_ERR(authkey);
225                 authkey = NULL;
226         } else {
227                 cons->authkey = key_get(authkey);
228                 cons->key = key_get(key);
229
230                 /* make the call */
231                 actor = call_sbin_request_key;
232                 if (key->type->request_key)
233                         actor = key->type->request_key;
234
235                 ret = actor(cons, "create", aux);
236
237                 /* check that the actor called complete_request_key() prior to
238                  * returning an error */
239                 WARN_ON(ret < 0 &&
240                         !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
241                 key_put(authkey);
242         }
243
244         kleave(" = %d", ret);
245         return ret;
246 }
247
248 /*
249  * get the appropriate destination keyring for the request
250  * - we return whatever keyring we select with an extra reference upon it which
251  *   the caller must release
252  */
253 static void construct_get_dest_keyring(struct key **_dest_keyring)
254 {
255         struct request_key_auth *rka;
256         const struct cred *cred = current_cred();
257         struct key *dest_keyring = *_dest_keyring, *authkey;
258
259         kenter("%p", dest_keyring);
260
261         /* find the appropriate keyring */
262         if (dest_keyring) {
263                 /* the caller supplied one */
264                 key_get(dest_keyring);
265         } else {
266                 /* use a default keyring; falling through the cases until we
267                  * find one that we actually have */
268                 switch (cred->jit_keyring) {
269                 case KEY_REQKEY_DEFL_DEFAULT:
270                 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
271                         if (cred->request_key_auth) {
272                                 authkey = cred->request_key_auth;
273                                 down_read(&authkey->sem);
274                                 rka = authkey->payload.data;
275                                 if (!test_bit(KEY_FLAG_REVOKED,
276                                               &authkey->flags))
277                                         dest_keyring =
278                                                 key_get(rka->dest_keyring);
279                                 up_read(&authkey->sem);
280                                 if (dest_keyring)
281                                         break;
282                         }
283
284                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
285                         dest_keyring = key_get(cred->thread_keyring);
286                         if (dest_keyring)
287                                 break;
288
289                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
290                         dest_keyring = key_get(cred->tgcred->process_keyring);
291                         if (dest_keyring)
292                                 break;
293
294                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
295                         rcu_read_lock();
296                         dest_keyring = key_get(
297                                 rcu_dereference(cred->tgcred->session_keyring));
298                         rcu_read_unlock();
299
300                         if (dest_keyring)
301                                 break;
302
303                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
304                         dest_keyring =
305                                 key_get(cred->user->session_keyring);
306                         break;
307
308                 case KEY_REQKEY_DEFL_USER_KEYRING:
309                         dest_keyring = key_get(cred->user->uid_keyring);
310                         break;
311
312                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
313                 default:
314                         BUG();
315                 }
316         }
317
318         *_dest_keyring = dest_keyring;
319         kleave(" [dk %d]", key_serial(dest_keyring));
320         return;
321 }
322
323 /*
324  * allocate a new key in under-construction state and attempt to link it in to
325  * the requested place
326  * - may return a key that's already under construction instead
327  */
328 static int construct_alloc_key(struct key_type *type,
329                                const char *description,
330                                struct key *dest_keyring,
331                                unsigned long flags,
332                                struct key_user *user,
333                                struct key **_key)
334 {
335         struct keyring_list *prealloc;
336         const struct cred *cred = current_cred();
337         struct key *key;
338         key_ref_t key_ref;
339         int ret;
340
341         kenter("%s,%s,,,", type->name, description);
342
343         *_key = NULL;
344         mutex_lock(&user->cons_lock);
345
346         key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
347                         KEY_POS_ALL, flags);
348         if (IS_ERR(key))
349                 goto alloc_failed;
350
351         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
352
353         if (dest_keyring) {
354                 ret = __key_link_begin(dest_keyring, type, description,
355                                        &prealloc);
356                 if (ret < 0)
357                         goto link_prealloc_failed;
358         }
359
360         /* attach the key to the destination keyring under lock, but we do need
361          * to do another check just in case someone beat us to it whilst we
362          * waited for locks */
363         mutex_lock(&key_construction_mutex);
364
365         key_ref = search_process_keyrings(type, description, type->match, cred);
366         if (!IS_ERR(key_ref))
367                 goto key_already_present;
368
369         if (dest_keyring)
370                 __key_link(dest_keyring, key, &prealloc);
371
372         mutex_unlock(&key_construction_mutex);
373         if (dest_keyring)
374                 __key_link_end(dest_keyring, type, prealloc);
375         mutex_unlock(&user->cons_lock);
376         *_key = key;
377         kleave(" = 0 [%d]", key_serial(key));
378         return 0;
379
380         /* the key is now present - we tell the caller that we found it by
381          * returning -EINPROGRESS  */
382 key_already_present:
383         key_put(key);
384         mutex_unlock(&key_construction_mutex);
385         key = key_ref_to_ptr(key_ref);
386         if (dest_keyring) {
387                 ret = __key_link_check_live_key(dest_keyring, key);
388                 if (ret == 0)
389                         __key_link(dest_keyring, key, &prealloc);
390                 __key_link_end(dest_keyring, type, prealloc);
391                 if (ret < 0)
392                         goto link_check_failed;
393         }
394         mutex_unlock(&user->cons_lock);
395         *_key = key;
396         kleave(" = -EINPROGRESS [%d]", key_serial(key));
397         return -EINPROGRESS;
398
399 link_check_failed:
400         mutex_unlock(&user->cons_lock);
401         key_put(key);
402         kleave(" = %d [linkcheck]", ret);
403         return ret;
404
405 link_prealloc_failed:
406         up_write(&dest_keyring->sem);
407         mutex_unlock(&user->cons_lock);
408         kleave(" = %d [prelink]", ret);
409         return ret;
410
411 alloc_failed:
412         mutex_unlock(&user->cons_lock);
413         kleave(" = %ld", PTR_ERR(key));
414         return PTR_ERR(key);
415 }
416
417 /*
418  * commence key construction
419  */
420 static struct key *construct_key_and_link(struct key_type *type,
421                                           const char *description,
422                                           const char *callout_info,
423                                           size_t callout_len,
424                                           void *aux,
425                                           struct key *dest_keyring,
426                                           unsigned long flags)
427 {
428         struct key_user *user;
429         struct key *key;
430         int ret;
431
432         kenter("");
433
434         user = key_user_lookup(current_fsuid(), current_user_ns());
435         if (!user)
436                 return ERR_PTR(-ENOMEM);
437
438         construct_get_dest_keyring(&dest_keyring);
439
440         ret = construct_alloc_key(type, description, dest_keyring, flags, user,
441                                   &key);
442         key_user_put(user);
443
444         if (ret == 0) {
445                 ret = construct_key(key, callout_info, callout_len, aux,
446                                     dest_keyring);
447                 if (ret < 0) {
448                         kdebug("cons failed");
449                         goto construction_failed;
450                 }
451         } else if (ret == -EINPROGRESS) {
452                 ret = 0;
453         } else {
454                 key = ERR_PTR(ret);
455         }
456
457         key_put(dest_keyring);
458         kleave(" = key %d", key_serial(key));
459         return key;
460
461 construction_failed:
462         key_negate_and_link(key, key_negative_timeout, NULL, NULL);
463         key_put(key);
464         key_put(dest_keyring);
465         kleave(" = %d", ret);
466         return ERR_PTR(ret);
467 }
468
469 /*
470  * request a key
471  * - search the process's keyrings
472  * - check the list of keys being created or updated
473  * - call out to userspace for a key if supplementary info was provided
474  * - cache the key in an appropriate keyring
475  */
476 struct key *request_key_and_link(struct key_type *type,
477                                  const char *description,
478                                  const void *callout_info,
479                                  size_t callout_len,
480                                  void *aux,
481                                  struct key *dest_keyring,
482                                  unsigned long flags)
483 {
484         const struct cred *cred = current_cred();
485         struct key *key;
486         key_ref_t key_ref;
487         int ret;
488
489         kenter("%s,%s,%p,%zu,%p,%p,%lx",
490                type->name, description, callout_info, callout_len, aux,
491                dest_keyring, flags);
492
493         /* search all the process keyrings for a key */
494         key_ref = search_process_keyrings(type, description, type->match,
495                                           cred);
496
497         if (!IS_ERR(key_ref)) {
498                 key = key_ref_to_ptr(key_ref);
499                 if (dest_keyring) {
500                         construct_get_dest_keyring(&dest_keyring);
501                         ret = key_link(dest_keyring, key);
502                         key_put(dest_keyring);
503                         if (ret < 0) {
504                                 key_put(key);
505                                 key = ERR_PTR(ret);
506                                 goto error;
507                         }
508                 }
509         } else if (PTR_ERR(key_ref) != -EAGAIN) {
510                 key = ERR_CAST(key_ref);
511         } else  {
512                 /* the search failed, but the keyrings were searchable, so we
513                  * should consult userspace if we can */
514                 key = ERR_PTR(-ENOKEY);
515                 if (!callout_info)
516                         goto error;
517
518                 key = construct_key_and_link(type, description, callout_info,
519                                              callout_len, aux, dest_keyring,
520                                              flags);
521         }
522
523 error:
524         kleave(" = %p", key);
525         return key;
526 }
527
528 /*
529  * wait for construction of a key to complete
530  */
531 int wait_for_key_construction(struct key *key, bool intr)
532 {
533         int ret;
534
535         ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
536                           intr ? key_wait_bit_intr : key_wait_bit,
537                           intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
538         if (ret < 0)
539                 return ret;
540         if (test_bit(KEY_FLAG_NEGATIVE, &key->flags))
541                 return -ENOKEY;
542         return key_validate(key);
543 }
544 EXPORT_SYMBOL(wait_for_key_construction);
545
546 /*
547  * request a key
548  * - search the process's keyrings
549  * - check the list of keys being created or updated
550  * - call out to userspace for a key if supplementary info was provided
551  * - waits uninterruptible for creation to complete
552  */
553 struct key *request_key(struct key_type *type,
554                         const char *description,
555                         const char *callout_info)
556 {
557         struct key *key;
558         size_t callout_len = 0;
559         int ret;
560
561         if (callout_info)
562                 callout_len = strlen(callout_info);
563         key = request_key_and_link(type, description, callout_info, callout_len,
564                                    NULL, NULL, KEY_ALLOC_IN_QUOTA);
565         if (!IS_ERR(key)) {
566                 ret = wait_for_key_construction(key, false);
567                 if (ret < 0) {
568                         key_put(key);
569                         return ERR_PTR(ret);
570                 }
571         }
572         return key;
573 }
574 EXPORT_SYMBOL(request_key);
575
576 /*
577  * request a key with auxiliary data for the upcaller
578  * - search the process's keyrings
579  * - check the list of keys being created or updated
580  * - call out to userspace for a key if supplementary info was provided
581  * - waits uninterruptible for creation to complete
582  */
583 struct key *request_key_with_auxdata(struct key_type *type,
584                                      const char *description,
585                                      const void *callout_info,
586                                      size_t callout_len,
587                                      void *aux)
588 {
589         struct key *key;
590         int ret;
591
592         key = request_key_and_link(type, description, callout_info, callout_len,
593                                    aux, NULL, KEY_ALLOC_IN_QUOTA);
594         if (!IS_ERR(key)) {
595                 ret = wait_for_key_construction(key, false);
596                 if (ret < 0) {
597                         key_put(key);
598                         return ERR_PTR(ret);
599                 }
600         }
601         return key;
602 }
603 EXPORT_SYMBOL(request_key_with_auxdata);
604
605 /*
606  * request a key (allow async construction)
607  * - search the process's keyrings
608  * - check the list of keys being created or updated
609  * - call out to userspace for a key if supplementary info was provided
610  */
611 struct key *request_key_async(struct key_type *type,
612                               const char *description,
613                               const void *callout_info,
614                               size_t callout_len)
615 {
616         return request_key_and_link(type, description, callout_info,
617                                     callout_len, NULL, NULL,
618                                     KEY_ALLOC_IN_QUOTA);
619 }
620 EXPORT_SYMBOL(request_key_async);
621
622 /*
623  * request a key with auxiliary data for the upcaller (allow async construction)
624  * - search the process's keyrings
625  * - check the list of keys being created or updated
626  * - call out to userspace for a key if supplementary info was provided
627  */
628 struct key *request_key_async_with_auxdata(struct key_type *type,
629                                            const char *description,
630                                            const void *callout_info,
631                                            size_t callout_len,
632                                            void *aux)
633 {
634         return request_key_and_link(type, description, callout_info,
635                                     callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
636 }
637 EXPORT_SYMBOL(request_key_async_with_auxdata);