Merge commit 'v2.6.30-rc5' into core/iommu
[linux-2.6] / security / keys / request_key.c
1 /* Request a key from userspace
2  *
3  * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved.
4  * Written by David Howells (dhowells@redhat.com)
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version
9  * 2 of the License, or (at your option) any later version.
10  *
11  * See Documentation/keys-request-key.txt
12  */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include <linux/slab.h>
20 #include "internal.h"
21
22 #define key_negative_timeout    60      /* default timeout on a negative key's existence */
23
24 /*
25  * wait_on_bit() sleep function for uninterruptible waiting
26  */
27 static int key_wait_bit(void *flags)
28 {
29         schedule();
30         return 0;
31 }
32
33 /*
34  * wait_on_bit() sleep function for interruptible waiting
35  */
36 static int key_wait_bit_intr(void *flags)
37 {
38         schedule();
39         return signal_pending(current) ? -ERESTARTSYS : 0;
40 }
41
42 /*
43  * call to complete the construction of a key
44  */
45 void complete_request_key(struct key_construction *cons, int error)
46 {
47         kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
48
49         if (error < 0)
50                 key_negate_and_link(cons->key, key_negative_timeout, NULL,
51                                     cons->authkey);
52         else
53                 key_revoke(cons->authkey);
54
55         key_put(cons->key);
56         key_put(cons->authkey);
57         kfree(cons);
58 }
59 EXPORT_SYMBOL(complete_request_key);
60
61 /*
62  * request userspace finish the construction of a key
63  * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
64  */
65 static int call_sbin_request_key(struct key_construction *cons,
66                                  const char *op,
67                                  void *aux)
68 {
69         const struct cred *cred = current_cred();
70         key_serial_t prkey, sskey;
71         struct key *key = cons->key, *authkey = cons->authkey, *keyring;
72         char *argv[9], *envp[3], uid_str[12], gid_str[12];
73         char key_str[12], keyring_str[3][12];
74         char desc[20];
75         int ret, i;
76
77         kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
78
79         ret = install_user_keyrings();
80         if (ret < 0)
81                 goto error_alloc;
82
83         /* allocate a new session keyring */
84         sprintf(desc, "_req.%u", key->serial);
85
86         cred = get_current_cred();
87         keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred,
88                                 KEY_ALLOC_QUOTA_OVERRUN, NULL);
89         put_cred(cred);
90         if (IS_ERR(keyring)) {
91                 ret = PTR_ERR(keyring);
92                 goto error_alloc;
93         }
94
95         /* attach the auth key to the session keyring */
96         ret = __key_link(keyring, authkey);
97         if (ret < 0)
98                 goto error_link;
99
100         /* record the UID and GID */
101         sprintf(uid_str, "%d", cred->fsuid);
102         sprintf(gid_str, "%d", cred->fsgid);
103
104         /* we say which key is under construction */
105         sprintf(key_str, "%d", key->serial);
106
107         /* we specify the process's default keyrings */
108         sprintf(keyring_str[0], "%d",
109                 cred->thread_keyring ? cred->thread_keyring->serial : 0);
110
111         prkey = 0;
112         if (cred->tgcred->process_keyring)
113                 prkey = cred->tgcred->process_keyring->serial;
114
115         if (cred->tgcred->session_keyring)
116                 sskey = rcu_dereference(cred->tgcred->session_keyring)->serial;
117         else
118                 sskey = cred->user->session_keyring->serial;
119
120         sprintf(keyring_str[2], "%d", sskey);
121
122         /* set up a minimal environment */
123         i = 0;
124         envp[i++] = "HOME=/";
125         envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
126         envp[i] = NULL;
127
128         /* set up the argument list */
129         i = 0;
130         argv[i++] = "/sbin/request-key";
131         argv[i++] = (char *) op;
132         argv[i++] = key_str;
133         argv[i++] = uid_str;
134         argv[i++] = gid_str;
135         argv[i++] = keyring_str[0];
136         argv[i++] = keyring_str[1];
137         argv[i++] = keyring_str[2];
138         argv[i] = NULL;
139
140         /* do it */
141         ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
142                                        UMH_WAIT_PROC);
143         kdebug("usermode -> 0x%x", ret);
144         if (ret >= 0) {
145                 /* ret is the exit/wait code */
146                 if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
147                     key_validate(key) < 0)
148                         ret = -ENOKEY;
149                 else
150                         /* ignore any errors from userspace if the key was
151                          * instantiated */
152                         ret = 0;
153         }
154
155 error_link:
156         key_put(keyring);
157
158 error_alloc:
159         complete_request_key(cons, ret);
160         kleave(" = %d", ret);
161         return ret;
162 }
163
164 /*
165  * call out to userspace for key construction
166  * - we ignore program failure and go on key status instead
167  */
168 static int construct_key(struct key *key, const void *callout_info,
169                          size_t callout_len, void *aux,
170                          struct key *dest_keyring)
171 {
172         struct key_construction *cons;
173         request_key_actor_t actor;
174         struct key *authkey;
175         int ret;
176
177         kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
178
179         cons = kmalloc(sizeof(*cons), GFP_KERNEL);
180         if (!cons)
181                 return -ENOMEM;
182
183         /* allocate an authorisation key */
184         authkey = request_key_auth_new(key, callout_info, callout_len,
185                                        dest_keyring);
186         if (IS_ERR(authkey)) {
187                 kfree(cons);
188                 ret = PTR_ERR(authkey);
189                 authkey = NULL;
190         } else {
191                 cons->authkey = key_get(authkey);
192                 cons->key = key_get(key);
193
194                 /* make the call */
195                 actor = call_sbin_request_key;
196                 if (key->type->request_key)
197                         actor = key->type->request_key;
198
199                 ret = actor(cons, "create", aux);
200
201                 /* check that the actor called complete_request_key() prior to
202                  * returning an error */
203                 WARN_ON(ret < 0 &&
204                         !test_bit(KEY_FLAG_REVOKED, &authkey->flags));
205                 key_put(authkey);
206         }
207
208         kleave(" = %d", ret);
209         return ret;
210 }
211
212 /*
213  * get the appropriate destination keyring for the request
214  * - we return whatever keyring we select with an extra reference upon it which
215  *   the caller must release
216  */
217 static void construct_get_dest_keyring(struct key **_dest_keyring)
218 {
219         struct request_key_auth *rka;
220         const struct cred *cred = current_cred();
221         struct key *dest_keyring = *_dest_keyring, *authkey;
222
223         kenter("%p", dest_keyring);
224
225         /* find the appropriate keyring */
226         if (dest_keyring) {
227                 /* the caller supplied one */
228                 key_get(dest_keyring);
229         } else {
230                 /* use a default keyring; falling through the cases until we
231                  * find one that we actually have */
232                 switch (cred->jit_keyring) {
233                 case KEY_REQKEY_DEFL_DEFAULT:
234                 case KEY_REQKEY_DEFL_REQUESTOR_KEYRING:
235                         if (cred->request_key_auth) {
236                                 authkey = cred->request_key_auth;
237                                 down_read(&authkey->sem);
238                                 rka = authkey->payload.data;
239                                 if (!test_bit(KEY_FLAG_REVOKED,
240                                               &authkey->flags))
241                                         dest_keyring =
242                                                 key_get(rka->dest_keyring);
243                                 up_read(&authkey->sem);
244                                 if (dest_keyring)
245                                         break;
246                         }
247
248                 case KEY_REQKEY_DEFL_THREAD_KEYRING:
249                         dest_keyring = key_get(cred->thread_keyring);
250                         if (dest_keyring)
251                                 break;
252
253                 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
254                         dest_keyring = key_get(cred->tgcred->process_keyring);
255                         if (dest_keyring)
256                                 break;
257
258                 case KEY_REQKEY_DEFL_SESSION_KEYRING:
259                         rcu_read_lock();
260                         dest_keyring = key_get(
261                                 rcu_dereference(cred->tgcred->session_keyring));
262                         rcu_read_unlock();
263
264                         if (dest_keyring)
265                                 break;
266
267                 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
268                         dest_keyring =
269                                 key_get(cred->user->session_keyring);
270                         break;
271
272                 case KEY_REQKEY_DEFL_USER_KEYRING:
273                         dest_keyring = key_get(cred->user->uid_keyring);
274                         break;
275
276                 case KEY_REQKEY_DEFL_GROUP_KEYRING:
277                 default:
278                         BUG();
279                 }
280         }
281
282         *_dest_keyring = dest_keyring;
283         kleave(" [dk %d]", key_serial(dest_keyring));
284         return;
285 }
286
287 /*
288  * allocate a new key in under-construction state and attempt to link it in to
289  * the requested place
290  * - may return a key that's already under construction instead
291  */
292 static int construct_alloc_key(struct key_type *type,
293                                const char *description,
294                                struct key *dest_keyring,
295                                unsigned long flags,
296                                struct key_user *user,
297                                struct key **_key)
298 {
299         const struct cred *cred = current_cred();
300         struct key *key;
301         key_ref_t key_ref;
302
303         kenter("%s,%s,,,", type->name, description);
304
305         mutex_lock(&user->cons_lock);
306
307         key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred,
308                         KEY_POS_ALL, flags);
309         if (IS_ERR(key))
310                 goto alloc_failed;
311
312         set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
313
314         if (dest_keyring)
315                 down_write(&dest_keyring->sem);
316
317         /* attach the key to the destination keyring under lock, but we do need
318          * to do another check just in case someone beat us to it whilst we
319          * waited for locks */
320         mutex_lock(&key_construction_mutex);
321
322         key_ref = search_process_keyrings(type, description, type->match, cred);
323         if (!IS_ERR(key_ref))
324                 goto key_already_present;
325
326         if (dest_keyring)
327                 __key_link(dest_keyring, key);
328
329         mutex_unlock(&key_construction_mutex);
330         if (dest_keyring)
331                 up_write(&dest_keyring->sem);
332         mutex_unlock(&user->cons_lock);
333         *_key = key;
334         kleave(" = 0 [%d]", key_serial(key));
335         return 0;
336
337 key_already_present:
338         mutex_unlock(&key_construction_mutex);
339         if (dest_keyring)
340                 up_write(&dest_keyring->sem);
341         mutex_unlock(&user->cons_lock);
342         key_put(key);
343         *_key = key = key_ref_to_ptr(key_ref);
344         kleave(" = -EINPROGRESS [%d]", key_serial(key));
345         return -EINPROGRESS;
346
347 alloc_failed:
348         mutex_unlock(&user->cons_lock);
349         *_key = NULL;
350         kleave(" = %ld", PTR_ERR(key));
351         return PTR_ERR(key);
352 }
353
354 /*
355  * commence key construction
356  */
357 static struct key *construct_key_and_link(struct key_type *type,
358                                           const char *description,
359                                           const char *callout_info,
360                                           size_t callout_len,
361                                           void *aux,
362                                           struct key *dest_keyring,
363                                           unsigned long flags)
364 {
365         struct key_user *user;
366         struct key *key;
367         int ret;
368
369         kenter("");
370
371         user = key_user_lookup(current_fsuid(), current_user_ns());
372         if (!user)
373                 return ERR_PTR(-ENOMEM);
374
375         construct_get_dest_keyring(&dest_keyring);
376
377         ret = construct_alloc_key(type, description, dest_keyring, flags, user,
378                                   &key);
379         key_user_put(user);
380
381         if (ret == 0) {
382                 ret = construct_key(key, callout_info, callout_len, aux,
383                                     dest_keyring);
384                 if (ret < 0) {
385                         kdebug("cons failed");
386                         goto construction_failed;
387                 }
388         }
389
390         key_put(dest_keyring);
391         kleave(" = key %d", key_serial(key));
392         return key;
393
394 construction_failed:
395         key_negate_and_link(key, key_negative_timeout, NULL, NULL);
396         key_put(key);
397         key_put(dest_keyring);
398         kleave(" = %d", ret);
399         return ERR_PTR(ret);
400 }
401
402 /*
403  * request a key
404  * - search the process's keyrings
405  * - check the list of keys being created or updated
406  * - call out to userspace for a key if supplementary info was provided
407  * - cache the key in an appropriate keyring
408  */
409 struct key *request_key_and_link(struct key_type *type,
410                                  const char *description,
411                                  const void *callout_info,
412                                  size_t callout_len,
413                                  void *aux,
414                                  struct key *dest_keyring,
415                                  unsigned long flags)
416 {
417         const struct cred *cred = current_cred();
418         struct key *key;
419         key_ref_t key_ref;
420
421         kenter("%s,%s,%p,%zu,%p,%p,%lx",
422                type->name, description, callout_info, callout_len, aux,
423                dest_keyring, flags);
424
425         /* search all the process keyrings for a key */
426         key_ref = search_process_keyrings(type, description, type->match,
427                                           cred);
428
429         if (!IS_ERR(key_ref)) {
430                 key = key_ref_to_ptr(key_ref);
431         } else if (PTR_ERR(key_ref) != -EAGAIN) {
432                 key = ERR_CAST(key_ref);
433         } else  {
434                 /* the search failed, but the keyrings were searchable, so we
435                  * should consult userspace if we can */
436                 key = ERR_PTR(-ENOKEY);
437                 if (!callout_info)
438                         goto error;
439
440                 key = construct_key_and_link(type, description, callout_info,
441                                              callout_len, aux, dest_keyring,
442                                              flags);
443         }
444
445 error:
446         kleave(" = %p", key);
447         return key;
448 }
449
450 /*
451  * wait for construction of a key to complete
452  */
453 int wait_for_key_construction(struct key *key, bool intr)
454 {
455         int ret;
456
457         ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
458                           intr ? key_wait_bit_intr : key_wait_bit,
459                           intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE);
460         if (ret < 0)
461                 return ret;
462         return key_validate(key);
463 }
464 EXPORT_SYMBOL(wait_for_key_construction);
465
466 /*
467  * request a key
468  * - search the process's keyrings
469  * - check the list of keys being created or updated
470  * - call out to userspace for a key if supplementary info was provided
471  * - waits uninterruptible for creation to complete
472  */
473 struct key *request_key(struct key_type *type,
474                         const char *description,
475                         const char *callout_info)
476 {
477         struct key *key;
478         size_t callout_len = 0;
479         int ret;
480
481         if (callout_info)
482                 callout_len = strlen(callout_info);
483         key = request_key_and_link(type, description, callout_info, callout_len,
484                                    NULL, NULL, KEY_ALLOC_IN_QUOTA);
485         if (!IS_ERR(key)) {
486                 ret = wait_for_key_construction(key, false);
487                 if (ret < 0) {
488                         key_put(key);
489                         return ERR_PTR(ret);
490                 }
491         }
492         return key;
493 }
494 EXPORT_SYMBOL(request_key);
495
496 /*
497  * request a key with auxiliary data for the upcaller
498  * - search the process's keyrings
499  * - check the list of keys being created or updated
500  * - call out to userspace for a key if supplementary info was provided
501  * - waits uninterruptible for creation to complete
502  */
503 struct key *request_key_with_auxdata(struct key_type *type,
504                                      const char *description,
505                                      const void *callout_info,
506                                      size_t callout_len,
507                                      void *aux)
508 {
509         struct key *key;
510         int ret;
511
512         key = request_key_and_link(type, description, callout_info, callout_len,
513                                    aux, NULL, KEY_ALLOC_IN_QUOTA);
514         if (!IS_ERR(key)) {
515                 ret = wait_for_key_construction(key, false);
516                 if (ret < 0) {
517                         key_put(key);
518                         return ERR_PTR(ret);
519                 }
520         }
521         return key;
522 }
523 EXPORT_SYMBOL(request_key_with_auxdata);
524
525 /*
526  * request a key (allow async construction)
527  * - search the process's keyrings
528  * - check the list of keys being created or updated
529  * - call out to userspace for a key if supplementary info was provided
530  */
531 struct key *request_key_async(struct key_type *type,
532                               const char *description,
533                               const void *callout_info,
534                               size_t callout_len)
535 {
536         return request_key_and_link(type, description, callout_info,
537                                     callout_len, NULL, NULL,
538                                     KEY_ALLOC_IN_QUOTA);
539 }
540 EXPORT_SYMBOL(request_key_async);
541
542 /*
543  * request a key with auxiliary data for the upcaller (allow async construction)
544  * - search the process's keyrings
545  * - check the list of keys being created or updated
546  * - call out to userspace for a key if supplementary info was provided
547  */
548 struct key *request_key_async_with_auxdata(struct key_type *type,
549                                            const char *description,
550                                            const void *callout_info,
551                                            size_t callout_len,
552                                            void *aux)
553 {
554         return request_key_and_link(type, description, callout_info,
555                                     callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA);
556 }
557 EXPORT_SYMBOL(request_key_async_with_auxdata);