CRED: Inaugurate COW credentials
[linux-2.6.git] / security / keys / request_key.c
1 /* Request a key from userspace
2  *
3  * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * See Documentation/keys-request-key.txt
12  */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include <linux/slab.h>
20 #include "internal.h"
21
22 #define key_negative_timeout    60      /* default timeout on a negative key's existence */
23
24 /*
25  * wait_on_bit() sleep function for uninterruptible waiting
26  */
27 static int key_wait_bit(void *flags)
28 {
29         schedule();
30         return 0;
31 }
32
33 /*
34  * wait_on_bit() sleep function for interruptible waiting
35  */
36 static int key_wait_bit_intr(void *flags)
37 {
38         schedule();
39         return signal_pending(current) ? -ERESTARTSYS : 0;
40 }
41
42 /*
43  * call to complete the construction of a key
44  */
45 void complete_request_key(struct key_construction *cons, int error)
46 {
47         kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
48
49         if (error < 0)
50                 key_negate_and_link(cons->key, key_negative_timeout, NULL,
51                                     cons->authkey);
52         else
53                 key_revoke(cons->authkey);
54
55         key_put(cons->key);
56         key_put(cons->authkey);
57         kfree(cons);
58 }
59 EXPORT_SYMBOL(complete_request_key);
60
61 /*
62  * request userspace finish the construction of a key
63  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
64  */
65 static int call_sbin_request_key(struct key_construction *cons,
66                                  const char *op,
67                                  void *aux)
68 {
69         const struct cred *cred = current_cred();
70         key_serial_t prkey, sskey;
71         struct key *key = cons->key, *authkey = cons->authkey, *keyring;
72         char *argv[9], *envp[3], uid_str[12], gid_str[12];
73         char key_str[12], keyring_str[3][12];
74         char desc[20];
75         int ret, i;
76
77         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
78
79         ret = install_user_keyrings();
80         if (ret < 0)
81                 goto error_alloc;
82
83         /* allocate a new session keyring */
84         sprintf(desc, "_req.%u", key->serial);
85
86         cred = get_current_cred();
87         keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
88                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
89         put_cred(cred);
90         if (IS_ERR(keyring)) {
91                 ret = PTR_ERR(keyring);
92                 goto error_alloc;
93         }
94
95         /* attach the auth key to the session keyring */
96         ret = __key_link(keyring, authkey);
97         if (ret < 0)
98                 goto error_link;
99
100         /* record the UID and GID */
101         sprintf(uid_str, "%d", cred->fsuid);
102         sprintf(gid_str, "%d", cred->fsgid);
103
104         /* we say which key is under construction */
105         sprintf(key_str, "%d", key->serial);
106
107         /* we specify the process's default keyrings */
108         sprintf(keyring_str[0], "%d",
109                 cred->thread_keyring ? cred->thread_keyring->serial : 0);
110
111         prkey = 0;
112         if (cred->tgcred->process_keyring)
113                 prkey = cred->tgcred->process_keyring->serial;
114
115         if (cred->tgcred->session_keyring)
116                 sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
117         else
118                 sskey = cred->user->session_keyring->serial;
119
120         sprintf(keyring_str[2], "%d", sskey);
121
122         /* set up a minimal environment */
123         i = 0;
124         envp[i++] = "HOME=/";
125         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
126         envp[i] = NULL;
127
128         /* set up the argument list */
129         i = 0;
130         argv[i++] = "/sbin/request-key";
131         argv[i++] = (char *) op;
132         argv[i++] = key_str;
133         argv[i++] = uid_str;
134         argv[i++] = gid_str;
135         argv[i++] = keyring_str[0];
136         argv[i++] = keyring_str[1];
137         argv[i++] = keyring_str[2];
138         argv[i] = NULL;
139
140         /* do it */
141         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
142                                        UMH_WAIT_PROC);
143         kdebug("usermode -> 0x%x", ret);
144         if (ret >= 0) {
145                 /* ret is the exit/wait code */
146                 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
147                     key_validate(key) < 0)
148                         ret = -ENOKEY;
149                 else
150                         /* ignore any errors from userspace if the key was
151                          * instantiated */
152                         ret = 0;
153         }
154
155 error_link:
156         key_put(keyring);
157
158 error_alloc:
159         complete_request_key(cons, ret);
160         kleave(" = %d", ret);
161         return ret;
162 }
163
164 /*
165  * call out to userspace for key construction
166  * - we ignore program failure and go on key status instead
167  */
168 static int construct_key(struct key *key, const void *callout_info,
169                          size_t callout_len, void *aux,
170                          struct key *dest_keyring)
171 {
172         struct key_construction *cons;
173         request_key_actor_t actor;
174         struct key *authkey;
175         int ret;
176
177         kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
178
179         cons = kmalloc(sizeof(*cons), GFP_KERNEL);
180         if (!cons)
181                 return -ENOMEM;
182
183         /* allocate an authorisation key */
184         authkey = request_key_auth_new(key, callout_info, callout_len,
185                                        dest_keyring);
186         if (IS_ERR(authkey)) {
187                 kfree(cons);
188                 ret = PTR_ERR(authkey);
189                 authkey = NULL;
190         } else {
191                 cons->authkey = key_get(authkey);
192                 cons->key = key_get(key);
193
194                 /* make the call */
195                 actor = call_sbin_request_key;
196                 if (key->type->request_key)
197                         actor = key->type->request_key;
198
199                 ret = actor(cons, "create", aux);
200
201                 /* check that the actor called complete_request_key() prior to
202                  * returning an error */
203                 WARN_ON(ret < 0 &&
204                         !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
205                 key_put(authkey);
206         }
207
208         kleave(" = %d", ret);
209         return ret;
210 }
211
212 /*
213  * get the appropriate destination keyring for the request
214  * - we return whatever keyring we select with an extra reference upon it which
215  *   the caller must release
216  */
217 static void construct_get_dest_keyring(struct key **_dest_keyring)
218 {
219         struct request_key_auth *rka;
220         const struct cred *cred = current_cred();
221         struct key *dest_keyring = *_dest_keyring, *authkey;
222
223         kenter("%p", dest_keyring);
224
225         /* find the appropriate keyring */
226         if (dest_keyring) {
227                 /* the caller supplied one */
228                 key_get(dest_keyring);
229         } else {
230                 /* use a default keyring; falling through the cases until we
231                  * find one that we actually have */
232                 switch (cred->jit_keyring) {
233                 case KEY_REQKEY_DEFL_DEFAULT:
234                 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
235                         if (cred->request_key_auth) {
236                                 authkey = cred->request_key_auth;
237                                 down_read(&authkey->sem);
238                                 rka = authkey->payload.data;
239                                 if (!test_bit(KEY_FLAG_REVOKED,
240                                               &authkey->flags))
241                                         dest_keyring =
242                                                 key_get(rka->dest_keyring);
243                                 up_read(&authkey->sem);
244                                 if (dest_keyring)
245                                         break;
246                         }
247
248                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
249                         dest_keyring = key_get(cred->thread_keyring);
250                         if (dest_keyring)
251                                 break;
252
253                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
254                         dest_keyring = key_get(cred->tgcred->process_keyring);
255                         if (dest_keyring)
256                                 break;
257
258                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
259                         rcu_read_lock();
260                         dest_keyring = key_get(
261                                 rcu_dereference(cred->tgcred->session_keyring));
262                         rcu_read_unlock();
263
264                         if (dest_keyring)
265                                 break;
266
267                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
268                         dest_keyring =
269                                 key_get(cred->user->session_keyring);
270                         break;
271
272                 case KEY_REQKEY_DEFL_USER_KEYRING:
273                         dest_keyring = key_get(cred->user->uid_keyring);
274                         break;
275
276                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
277                 default:
278                         BUG();
279                 }
280         }
281
282         *_dest_keyring = dest_keyring;
283         kleave(" [dk %d]", key_serial(dest_keyring));
284         return;
285 }
286
287 /*
288  * allocate a new key in under-construction state and attempt to link it in to
289  * the requested place
290  * - may return a key that's already under construction instead
291  */
292 static int construct_alloc_key(struct key_type *type,
293                                const char *description,
294                                struct key *dest_keyring,
295                                unsigned long flags,
296                                struct key_user *user,
297                                struct key **_key)
298 {
299         const struct cred *cred = current_cred();
300         struct key *key;
301         key_ref_t key_ref;
302
303         kenter("%s,%s,,,", type->name, description);
304
305         mutex_lock(&user->cons_lock);
306
307         key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
308                         KEY_POS_ALL, flags);
309         if (IS_ERR(key))
310                 goto alloc_failed;
311
312         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
313
314         down_write(&dest_keyring->sem);
315
316         /* attach the key to the destination keyring under lock, but we do need
317          * to do another check just in case someone beat us to it whilst we
318          * waited for locks */
319         mutex_lock(&key_construction_mutex);
320
321         key_ref = search_process_keyrings(type, description, type->match, cred);
322         if (!IS_ERR(key_ref))
323                 goto key_already_present;
324
325         __key_link(dest_keyring, key);
326
327         mutex_unlock(&key_construction_mutex);
328         up_write(&dest_keyring->sem);
329         mutex_unlock(&user->cons_lock);
330         *_key = key;
331         kleave(" = 0 [%d]", key_serial(key));
332         return 0;
333
334 key_already_present:
335         mutex_unlock(&key_construction_mutex);
336         if (dest_keyring)
337                 up_write(&dest_keyring->sem);
338         mutex_unlock(&user->cons_lock);
339         key_put(key);
340         *_key = key = key_ref_to_ptr(key_ref);
341         kleave(" = -EINPROGRESS [%d]", key_serial(key));
342         return -EINPROGRESS;
343
344 alloc_failed:
345         mutex_unlock(&user->cons_lock);
346         *_key = NULL;
347         kleave(" = %ld", PTR_ERR(key));
348         return PTR_ERR(key);
349 }
350
351 /*
352  * commence key construction
353  */
354 static struct key *construct_key_and_link(struct key_type *type,
355                                           const char *description,
356                                           const char *callout_info,
357                                           size_t callout_len,
358                                           void *aux,
359                                           struct key *dest_keyring,
360                                           unsigned long flags)
361 {
362         struct key_user *user;
363         struct key *key;
364         int ret;
365
366         kenter("");
367
368         user = key_user_lookup(current_fsuid());
369         if (!user)
370                 return ERR_PTR(-ENOMEM);
371
372         construct_get_dest_keyring(&dest_keyring);
373
374         ret = construct_alloc_key(type, description, dest_keyring, flags, user,
375                                   &key);
376         key_user_put(user);
377
378         if (ret == 0) {
379                 ret = construct_key(key, callout_info, callout_len, aux,
380                                     dest_keyring);
381                 if (ret < 0) {
382                         kdebug("cons failed");
383                         goto construction_failed;
384                 }
385         }
386
387         key_put(dest_keyring);
388         kleave(" = key %d", key_serial(key));
389         return key;
390
391 construction_failed:
392         key_negate_and_link(key, key_negative_timeout, NULL, NULL);
393         key_put(key);
394         key_put(dest_keyring);
395         kleave(" = %d", ret);
396         return ERR_PTR(ret);
397 }
398
399 /*
400  * request a key
401  * - search the process's keyrings
402  * - check the list of keys being created or updated
403  * - call out to userspace for a key if supplementary info was provided
404  * - cache the key in an appropriate keyring
405  */
406 struct key *request_key_and_link(struct key_type *type,
407                                  const char *description,
408                                  const void *callout_info,
409                                  size_t callout_len,
410                                  void *aux,
411                                  struct key *dest_keyring,
412                                  unsigned long flags)
413 {
414         const struct cred *cred = current_cred();
415         struct key *key;
416         key_ref_t key_ref;
417
418         kenter("%s,%s,%p,%zu,%p,%p,%lx",
419                type->name, description, callout_info, callout_len, aux,
420                dest_keyring, flags);
421
422         /* search all the process keyrings for a key */
423         key_ref = search_process_keyrings(type, description, type->match,
424                                           cred);
425
426         if (!IS_ERR(key_ref)) {
427                 key = key_ref_to_ptr(key_ref);
428         } else if (PTR_ERR(key_ref) != -EAGAIN) {
429                 key = ERR_CAST(key_ref);
430         } else  {
431                 /* the search failed, but the keyrings were searchable, so we
432                  * should consult userspace if we can */
433                 key = ERR_PTR(-ENOKEY);
434                 if (!callout_info)
435                         goto error;
436
437                 key = construct_key_and_link(type, description, callout_info,
438                                              callout_len, aux, dest_keyring,
439                                              flags);
440         }
441
442 error:
443         kleave(" = %p", key);
444         return key;
445 }
446
447 /*
448  * wait for construction of a key to complete
449  */
450 int wait_for_key_construction(struct key *key, bool intr)
451 {
452         int ret;
453
454         ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
455                           intr ? key_wait_bit_intr : key_wait_bit,
456                           intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
457         if (ret < 0)
458                 return ret;
459         return key_validate(key);
460 }
461 EXPORT_SYMBOL(wait_for_key_construction);
462
463 /*
464  * request a key
465  * - search the process's keyrings
466  * - check the list of keys being created or updated
467  * - call out to userspace for a key if supplementary info was provided
468  * - waits uninterruptible for creation to complete
469  */
470 struct key *request_key(struct key_type *type,
471                         const char *description,
472                         const char *callout_info)
473 {
474         struct key *key;
475         size_t callout_len = 0;
476         int ret;
477
478         if (callout_info)
479                 callout_len = strlen(callout_info);
480         key = request_key_and_link(type, description, callout_info, callout_len,
481                                    NULL, NULL, KEY_ALLOC_IN_QUOTA);
482         if (!IS_ERR(key)) {
483                 ret = wait_for_key_construction(key, false);
484                 if (ret < 0) {
485                         key_put(key);
486                         return ERR_PTR(ret);
487                 }
488         }
489         return key;
490 }
491 EXPORT_SYMBOL(request_key);
492
493 /*
494  * request a key with auxiliary data for the upcaller
495  * - search the process's keyrings
496  * - check the list of keys being created or updated
497  * - call out to userspace for a key if supplementary info was provided
498  * - waits uninterruptible for creation to complete
499  */
500 struct key *request_key_with_auxdata(struct key_type *type,
501                                      const char *description,
502                                      const void *callout_info,
503                                      size_t callout_len,
504                                      void *aux)
505 {
506         struct key *key;
507         int ret;
508
509         key = request_key_and_link(type, description, callout_info, callout_len,
510                                    aux, NULL, KEY_ALLOC_IN_QUOTA);
511         if (!IS_ERR(key)) {
512                 ret = wait_for_key_construction(key, false);
513                 if (ret < 0) {
514                         key_put(key);
515                         return ERR_PTR(ret);
516                 }
517         }
518         return key;
519 }
520 EXPORT_SYMBOL(request_key_with_auxdata);
521
522 /*
523  * request a key (allow async construction)
524  * - search the process's keyrings
525  * - check the list of keys being created or updated
526  * - call out to userspace for a key if supplementary info was provided
527  */
528 struct key *request_key_async(struct key_type *type,
529                               const char *description,
530                               const void *callout_info,
531                               size_t callout_len)
532 {
533         return request_key_and_link(type, description, callout_info,
534                                     callout_len, NULL, NULL,
535                                     KEY_ALLOC_IN_QUOTA);
536 }
537 EXPORT_SYMBOL(request_key_async);
538
539 /*
540  * request a key with auxiliary data for the upcaller (allow async construction)
541  * - search the process's keyrings
542  * - check the list of keys being created or updated
543  * - call out to userspace for a key if supplementary info was provided
544  */
545 struct key *request_key_async_with_auxdata(struct key_type *type,
546                                            const char *description,
547                                            const void *callout_info,
548                                            size_t callout_len,
549                                            void *aux)
550 {
551         return request_key_and_link(type, description, callout_info,
552                                     callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
553 }
554 EXPORT_SYMBOL(request_key_async_with_auxdata);