Root/
1 | /* Request a key from userspace |
2 | * |
3 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * |
6 | * This program is free software; you can redistribute it and/or |
7 | * modify it under the terms of the GNU General Public License |
8 | * as published by the Free Software Foundation; either version |
9 | * 2 of the License, or (at your option) any later version. |
10 | * |
11 | * See Documentation/keys-request-key.txt |
12 | */ |
13 | |
14 | #include <linux/module.h> |
15 | #include <linux/sched.h> |
16 | #include <linux/kmod.h> |
17 | #include <linux/err.h> |
18 | #include <linux/keyctl.h> |
19 | #include <linux/slab.h> |
20 | #include "internal.h" |
21 | |
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
23 | |
24 | /* |
25 | * wait_on_bit() sleep function for uninterruptible waiting |
26 | */ |
27 | static int key_wait_bit(void *flags) |
28 | { |
29 | schedule(); |
30 | return 0; |
31 | } |
32 | |
33 | /* |
34 | * wait_on_bit() sleep function for interruptible waiting |
35 | */ |
36 | static int key_wait_bit_intr(void *flags) |
37 | { |
38 | schedule(); |
39 | return signal_pending(current) ? -ERESTARTSYS : 0; |
40 | } |
41 | |
42 | /* |
43 | * call to complete the construction of a key |
44 | */ |
45 | void complete_request_key(struct key_construction *cons, int error) |
46 | { |
47 | kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); |
48 | |
49 | if (error < 0) |
50 | key_negate_and_link(cons->key, key_negative_timeout, NULL, |
51 | cons->authkey); |
52 | else |
53 | key_revoke(cons->authkey); |
54 | |
55 | key_put(cons->key); |
56 | key_put(cons->authkey); |
57 | kfree(cons); |
58 | } |
59 | EXPORT_SYMBOL(complete_request_key); |
60 | |
61 | static int umh_keys_init(struct subprocess_info *info) |
62 | { |
63 | struct cred *cred = (struct cred*)current_cred(); |
64 | struct key *keyring = info->data; |
65 | /* |
66 | * This is called in context of freshly forked kthread before |
67 | * kernel_execve(), we can just change our ->session_keyring. |
68 | */ |
69 | return install_session_keyring_to_cred(cred, keyring); |
70 | } |
71 | |
72 | static void umh_keys_cleanup(struct subprocess_info *info) |
73 | { |
74 | struct key *keyring = info->data; |
75 | key_put(keyring); |
76 | } |
77 | |
78 | static int call_usermodehelper_keys(char *path, char **argv, char **envp, |
79 | struct key *session_keyring, enum umh_wait wait) |
80 | { |
81 | gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; |
82 | struct subprocess_info *info = |
83 | call_usermodehelper_setup(path, argv, envp, gfp_mask); |
84 | |
85 | if (!info) |
86 | return -ENOMEM; |
87 | |
88 | call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup, |
89 | key_get(session_keyring)); |
90 | return call_usermodehelper_exec(info, wait); |
91 | } |
92 | |
93 | /* |
94 | * request userspace finish the construction of a key |
95 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
96 | */ |
97 | static int call_sbin_request_key(struct key_construction *cons, |
98 | const char *op, |
99 | void *aux) |
100 | { |
101 | const struct cred *cred = current_cred(); |
102 | key_serial_t prkey, sskey; |
103 | struct key *key = cons->key, *authkey = cons->authkey, *keyring, |
104 | *session; |
105 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
106 | char key_str[12], keyring_str[3][12]; |
107 | char desc[20]; |
108 | int ret, i; |
109 | |
110 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
111 | |
112 | ret = install_user_keyrings(); |
113 | if (ret < 0) |
114 | goto error_alloc; |
115 | |
116 | /* allocate a new session keyring */ |
117 | sprintf(desc, "_req.%u", key->serial); |
118 | |
119 | cred = get_current_cred(); |
120 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, |
121 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
122 | put_cred(cred); |
123 | if (IS_ERR(keyring)) { |
124 | ret = PTR_ERR(keyring); |
125 | goto error_alloc; |
126 | } |
127 | |
128 | /* attach the auth key to the session keyring */ |
129 | ret = key_link(keyring, authkey); |
130 | if (ret < 0) |
131 | goto error_link; |
132 | |
133 | /* record the UID and GID */ |
134 | sprintf(uid_str, "%d", cred->fsuid); |
135 | sprintf(gid_str, "%d", cred->fsgid); |
136 | |
137 | /* we say which key is under construction */ |
138 | sprintf(key_str, "%d", key->serial); |
139 | |
140 | /* we specify the process's default keyrings */ |
141 | sprintf(keyring_str[0], "%d", |
142 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
143 | |
144 | prkey = 0; |
145 | if (cred->tgcred->process_keyring) |
146 | prkey = cred->tgcred->process_keyring->serial; |
147 | sprintf(keyring_str[1], "%d", prkey); |
148 | |
149 | rcu_read_lock(); |
150 | session = rcu_dereference(cred->tgcred->session_keyring); |
151 | if (!session) |
152 | session = cred->user->session_keyring; |
153 | sskey = session->serial; |
154 | rcu_read_unlock(); |
155 | |
156 | sprintf(keyring_str[2], "%d", sskey); |
157 | |
158 | /* set up a minimal environment */ |
159 | i = 0; |
160 | envp[i++] = "HOME=/"; |
161 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; |
162 | envp[i] = NULL; |
163 | |
164 | /* set up the argument list */ |
165 | i = 0; |
166 | argv[i++] = "/sbin/request-key"; |
167 | argv[i++] = (char *) op; |
168 | argv[i++] = key_str; |
169 | argv[i++] = uid_str; |
170 | argv[i++] = gid_str; |
171 | argv[i++] = keyring_str[0]; |
172 | argv[i++] = keyring_str[1]; |
173 | argv[i++] = keyring_str[2]; |
174 | argv[i] = NULL; |
175 | |
176 | /* do it */ |
177 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, |
178 | UMH_WAIT_PROC); |
179 | kdebug("usermode -> 0x%x", ret); |
180 | if (ret >= 0) { |
181 | /* ret is the exit/wait code */ |
182 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || |
183 | key_validate(key) < 0) |
184 | ret = -ENOKEY; |
185 | else |
186 | /* ignore any errors from userspace if the key was |
187 | * instantiated */ |
188 | ret = 0; |
189 | } |
190 | |
191 | error_link: |
192 | key_put(keyring); |
193 | |
194 | error_alloc: |
195 | complete_request_key(cons, ret); |
196 | kleave(" = %d", ret); |
197 | return ret; |
198 | } |
199 | |
200 | /* |
201 | * call out to userspace for key construction |
202 | * - we ignore program failure and go on key status instead |
203 | */ |
204 | static int construct_key(struct key *key, const void *callout_info, |
205 | size_t callout_len, void *aux, |
206 | struct key *dest_keyring) |
207 | { |
208 | struct key_construction *cons; |
209 | request_key_actor_t actor; |
210 | struct key *authkey; |
211 | int ret; |
212 | |
213 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
214 | |
215 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
216 | if (!cons) |
217 | return -ENOMEM; |
218 | |
219 | /* allocate an authorisation key */ |
220 | authkey = request_key_auth_new(key, callout_info, callout_len, |
221 | dest_keyring); |
222 | if (IS_ERR(authkey)) { |
223 | kfree(cons); |
224 | ret = PTR_ERR(authkey); |
225 | authkey = NULL; |
226 | } else { |
227 | cons->authkey = key_get(authkey); |
228 | cons->key = key_get(key); |
229 | |
230 | /* make the call */ |
231 | actor = call_sbin_request_key; |
232 | if (key->type->request_key) |
233 | actor = key->type->request_key; |
234 | |
235 | ret = actor(cons, "create", aux); |
236 | |
237 | /* check that the actor called complete_request_key() prior to |
238 | * returning an error */ |
239 | WARN_ON(ret < 0 && |
240 | !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); |
241 | key_put(authkey); |
242 | } |
243 | |
244 | kleave(" = %d", ret); |
245 | return ret; |
246 | } |
247 | |
248 | /* |
249 | * get the appropriate destination keyring for the request |
250 | * - we return whatever keyring we select with an extra reference upon it which |
251 | * the caller must release |
252 | */ |
253 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
254 | { |
255 | struct request_key_auth *rka; |
256 | const struct cred *cred = current_cred(); |
257 | struct key *dest_keyring = *_dest_keyring, *authkey; |
258 | |
259 | kenter("%p", dest_keyring); |
260 | |
261 | /* find the appropriate keyring */ |
262 | if (dest_keyring) { |
263 | /* the caller supplied one */ |
264 | key_get(dest_keyring); |
265 | } else { |
266 | /* use a default keyring; falling through the cases until we |
267 | * find one that we actually have */ |
268 | switch (cred->jit_keyring) { |
269 | case KEY_REQKEY_DEFL_DEFAULT: |
270 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
271 | if (cred->request_key_auth) { |
272 | authkey = cred->request_key_auth; |
273 | down_read(&authkey->sem); |
274 | rka = authkey->payload.data; |
275 | if (!test_bit(KEY_FLAG_REVOKED, |
276 | &authkey->flags)) |
277 | dest_keyring = |
278 | key_get(rka->dest_keyring); |
279 | up_read(&authkey->sem); |
280 | if (dest_keyring) |
281 | break; |
282 | } |
283 | |
284 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
285 | dest_keyring = key_get(cred->thread_keyring); |
286 | if (dest_keyring) |
287 | break; |
288 | |
289 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
290 | dest_keyring = key_get(cred->tgcred->process_keyring); |
291 | if (dest_keyring) |
292 | break; |
293 | |
294 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
295 | rcu_read_lock(); |
296 | dest_keyring = key_get( |
297 | rcu_dereference(cred->tgcred->session_keyring)); |
298 | rcu_read_unlock(); |
299 | |
300 | if (dest_keyring) |
301 | break; |
302 | |
303 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
304 | dest_keyring = |
305 | key_get(cred->user->session_keyring); |
306 | break; |
307 | |
308 | case KEY_REQKEY_DEFL_USER_KEYRING: |
309 | dest_keyring = key_get(cred->user->uid_keyring); |
310 | break; |
311 | |
312 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
313 | default: |
314 | BUG(); |
315 | } |
316 | } |
317 | |
318 | *_dest_keyring = dest_keyring; |
319 | kleave(" [dk %d]", key_serial(dest_keyring)); |
320 | return; |
321 | } |
322 | |
323 | /* |
324 | * allocate a new key in under-construction state and attempt to link it in to |
325 | * the requested place |
326 | * - may return a key that's already under construction instead |
327 | */ |
328 | static int construct_alloc_key(struct key_type *type, |
329 | const char *description, |
330 | struct key *dest_keyring, |
331 | unsigned long flags, |
332 | struct key_user *user, |
333 | struct key **_key) |
334 | { |
335 | struct keyring_list *prealloc; |
336 | const struct cred *cred = current_cred(); |
337 | struct key *key; |
338 | key_ref_t key_ref; |
339 | int ret; |
340 | |
341 | kenter("%s,%s,,,", type->name, description); |
342 | |
343 | *_key = NULL; |
344 | mutex_lock(&user->cons_lock); |
345 | |
346 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
347 | KEY_POS_ALL, flags); |
348 | if (IS_ERR(key)) |
349 | goto alloc_failed; |
350 | |
351 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
352 | |
353 | if (dest_keyring) { |
354 | ret = __key_link_begin(dest_keyring, type, description, |
355 | &prealloc); |
356 | if (ret < 0) |
357 | goto link_prealloc_failed; |
358 | } |
359 | |
360 | /* attach the key to the destination keyring under lock, but we do need |
361 | * to do another check just in case someone beat us to it whilst we |
362 | * waited for locks */ |
363 | mutex_lock(&key_construction_mutex); |
364 | |
365 | key_ref = search_process_keyrings(type, description, type->match, cred); |
366 | if (!IS_ERR(key_ref)) |
367 | goto key_already_present; |
368 | |
369 | if (dest_keyring) |
370 | __key_link(dest_keyring, key, &prealloc); |
371 | |
372 | mutex_unlock(&key_construction_mutex); |
373 | if (dest_keyring) |
374 | __key_link_end(dest_keyring, type, prealloc); |
375 | mutex_unlock(&user->cons_lock); |
376 | *_key = key; |
377 | kleave(" = 0 [%d]", key_serial(key)); |
378 | return 0; |
379 | |
380 | /* the key is now present - we tell the caller that we found it by |
381 | * returning -EINPROGRESS */ |
382 | key_already_present: |
383 | key_put(key); |
384 | mutex_unlock(&key_construction_mutex); |
385 | key = key_ref_to_ptr(key_ref); |
386 | if (dest_keyring) { |
387 | ret = __key_link_check_live_key(dest_keyring, key); |
388 | if (ret == 0) |
389 | __key_link(dest_keyring, key, &prealloc); |
390 | __key_link_end(dest_keyring, type, prealloc); |
391 | if (ret < 0) |
392 | goto link_check_failed; |
393 | } |
394 | mutex_unlock(&user->cons_lock); |
395 | *_key = key; |
396 | kleave(" = -EINPROGRESS [%d]", key_serial(key)); |
397 | return -EINPROGRESS; |
398 | |
399 | link_check_failed: |
400 | mutex_unlock(&user->cons_lock); |
401 | key_put(key); |
402 | kleave(" = %d [linkcheck]", ret); |
403 | return ret; |
404 | |
405 | link_prealloc_failed: |
406 | up_write(&dest_keyring->sem); |
407 | mutex_unlock(&user->cons_lock); |
408 | kleave(" = %d [prelink]", ret); |
409 | return ret; |
410 | |
411 | alloc_failed: |
412 | mutex_unlock(&user->cons_lock); |
413 | kleave(" = %ld", PTR_ERR(key)); |
414 | return PTR_ERR(key); |
415 | } |
416 | |
417 | /* |
418 | * commence key construction |
419 | */ |
420 | static struct key *construct_key_and_link(struct key_type *type, |
421 | const char *description, |
422 | const char *callout_info, |
423 | size_t callout_len, |
424 | void *aux, |
425 | struct key *dest_keyring, |
426 | unsigned long flags) |
427 | { |
428 | struct key_user *user; |
429 | struct key *key; |
430 | int ret; |
431 | |
432 | kenter(""); |
433 | |
434 | user = key_user_lookup(current_fsuid(), current_user_ns()); |
435 | if (!user) |
436 | return ERR_PTR(-ENOMEM); |
437 | |
438 | construct_get_dest_keyring(&dest_keyring); |
439 | |
440 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
441 | &key); |
442 | key_user_put(user); |
443 | |
444 | if (ret == 0) { |
445 | ret = construct_key(key, callout_info, callout_len, aux, |
446 | dest_keyring); |
447 | if (ret < 0) { |
448 | kdebug("cons failed"); |
449 | goto construction_failed; |
450 | } |
451 | } else if (ret == -EINPROGRESS) { |
452 | ret = 0; |
453 | } else { |
454 | key = ERR_PTR(ret); |
455 | } |
456 | |
457 | key_put(dest_keyring); |
458 | kleave(" = key %d", key_serial(key)); |
459 | return key; |
460 | |
461 | construction_failed: |
462 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); |
463 | key_put(key); |
464 | key_put(dest_keyring); |
465 | kleave(" = %d", ret); |
466 | return ERR_PTR(ret); |
467 | } |
468 | |
469 | /* |
470 | * request a key |
471 | * - search the process's keyrings |
472 | * - check the list of keys being created or updated |
473 | * - call out to userspace for a key if supplementary info was provided |
474 | * - cache the key in an appropriate keyring |
475 | */ |
476 | struct key *request_key_and_link(struct key_type *type, |
477 | const char *description, |
478 | const void *callout_info, |
479 | size_t callout_len, |
480 | void *aux, |
481 | struct key *dest_keyring, |
482 | unsigned long flags) |
483 | { |
484 | const struct cred *cred = current_cred(); |
485 | struct key *key; |
486 | key_ref_t key_ref; |
487 | int ret; |
488 | |
489 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
490 | type->name, description, callout_info, callout_len, aux, |
491 | dest_keyring, flags); |
492 | |
493 | /* search all the process keyrings for a key */ |
494 | key_ref = search_process_keyrings(type, description, type->match, |
495 | cred); |
496 | |
497 | if (!IS_ERR(key_ref)) { |
498 | key = key_ref_to_ptr(key_ref); |
499 | if (dest_keyring) { |
500 | construct_get_dest_keyring(&dest_keyring); |
501 | ret = key_link(dest_keyring, key); |
502 | key_put(dest_keyring); |
503 | if (ret < 0) { |
504 | key_put(key); |
505 | key = ERR_PTR(ret); |
506 | goto error; |
507 | } |
508 | } |
509 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
510 | key = ERR_CAST(key_ref); |
511 | } else { |
512 | /* the search failed, but the keyrings were searchable, so we |
513 | * should consult userspace if we can */ |
514 | key = ERR_PTR(-ENOKEY); |
515 | if (!callout_info) |
516 | goto error; |
517 | |
518 | key = construct_key_and_link(type, description, callout_info, |
519 | callout_len, aux, dest_keyring, |
520 | flags); |
521 | } |
522 | |
523 | error: |
524 | kleave(" = %p", key); |
525 | return key; |
526 | } |
527 | |
528 | /* |
529 | * wait for construction of a key to complete |
530 | */ |
531 | int wait_for_key_construction(struct key *key, bool intr) |
532 | { |
533 | int ret; |
534 | |
535 | ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, |
536 | intr ? key_wait_bit_intr : key_wait_bit, |
537 | intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); |
538 | if (ret < 0) |
539 | return ret; |
540 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) |
541 | return -ENOKEY; |
542 | return key_validate(key); |
543 | } |
544 | EXPORT_SYMBOL(wait_for_key_construction); |
545 | |
546 | /* |
547 | * request a key |
548 | * - search the process's keyrings |
549 | * - check the list of keys being created or updated |
550 | * - call out to userspace for a key if supplementary info was provided |
551 | * - waits uninterruptible for creation to complete |
552 | */ |
553 | struct key *request_key(struct key_type *type, |
554 | const char *description, |
555 | const char *callout_info) |
556 | { |
557 | struct key *key; |
558 | size_t callout_len = 0; |
559 | int ret; |
560 | |
561 | if (callout_info) |
562 | callout_len = strlen(callout_info); |
563 | key = request_key_and_link(type, description, callout_info, callout_len, |
564 | NULL, NULL, KEY_ALLOC_IN_QUOTA); |
565 | if (!IS_ERR(key)) { |
566 | ret = wait_for_key_construction(key, false); |
567 | if (ret < 0) { |
568 | key_put(key); |
569 | return ERR_PTR(ret); |
570 | } |
571 | } |
572 | return key; |
573 | } |
574 | EXPORT_SYMBOL(request_key); |
575 | |
576 | /* |
577 | * request a key with auxiliary data for the upcaller |
578 | * - search the process's keyrings |
579 | * - check the list of keys being created or updated |
580 | * - call out to userspace for a key if supplementary info was provided |
581 | * - waits uninterruptible for creation to complete |
582 | */ |
583 | struct key *request_key_with_auxdata(struct key_type *type, |
584 | const char *description, |
585 | const void *callout_info, |
586 | size_t callout_len, |
587 | void *aux) |
588 | { |
589 | struct key *key; |
590 | int ret; |
591 | |
592 | key = request_key_and_link(type, description, callout_info, callout_len, |
593 | aux, NULL, KEY_ALLOC_IN_QUOTA); |
594 | if (!IS_ERR(key)) { |
595 | ret = wait_for_key_construction(key, false); |
596 | if (ret < 0) { |
597 | key_put(key); |
598 | return ERR_PTR(ret); |
599 | } |
600 | } |
601 | return key; |
602 | } |
603 | EXPORT_SYMBOL(request_key_with_auxdata); |
604 | |
605 | /* |
606 | * request a key (allow async construction) |
607 | * - search the process's keyrings |
608 | * - check the list of keys being created or updated |
609 | * - call out to userspace for a key if supplementary info was provided |
610 | */ |
611 | struct key *request_key_async(struct key_type *type, |
612 | const char *description, |
613 | const void *callout_info, |
614 | size_t callout_len) |
615 | { |
616 | return request_key_and_link(type, description, callout_info, |
617 | callout_len, NULL, NULL, |
618 | KEY_ALLOC_IN_QUOTA); |
619 | } |
620 | EXPORT_SYMBOL(request_key_async); |
621 | |
622 | /* |
623 | * request a key with auxiliary data for the upcaller (allow async construction) |
624 | * - search the process's keyrings |
625 | * - check the list of keys being created or updated |
626 | * - call out to userspace for a key if supplementary info was provided |
627 | */ |
628 | struct key *request_key_async_with_auxdata(struct key_type *type, |
629 | const char *description, |
630 | const void *callout_info, |
631 | size_t callout_len, |
632 | void *aux) |
633 | { |
634 | return request_key_and_link(type, description, callout_info, |
635 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); |
636 | } |
637 | EXPORT_SYMBOL(request_key_async_with_auxdata); |
638 |
Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master
Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9