search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[PATCH] keys: discard the contents of a key on revocation
[wrt350n-kernel.git] / security / keys / request_key.c
blob58d1efd4fc2c66788788edcc2e5d90bd32e1dc10
1 /* request_key.c: request a key from userspace
2 *
3 * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 * See Documentation/keys-request-key.txt
12 */
13
14 #include <linux/module.h>
15 #include <linux/sched.h>
16 #include <linux/kmod.h>
17 #include <linux/err.h>
18 #include <linux/keyctl.h>
19 #include "internal.h"
20
21 struct key_construction {
22 struct list_head link; /* link in construction queue */
23 struct key *key; /* key being constructed */
24 };
25
26 /* when waiting for someone else's keys, you get added to this */
27 DECLARE_WAIT_QUEUE_HEAD(request_key_conswq);
28
29 /*****************************************************************************/
30 /*
31 * request userspace finish the construction of a key
32 * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>"
33 */
34 static int call_sbin_request_key(struct key *key,
35 struct key *authkey,
36 const char *op)
37 {
38 struct task_struct *tsk = current;
39 key_serial_t prkey, sskey;
40 struct key *keyring;
41 char *argv[9], *envp[3], uid_str[12], gid_str[12];
42 char key_str[12], keyring_str[3][12];
43 char desc[20];
44 int ret, i;
45
46 kenter("{%d},{%d},%s", key->serial, authkey->serial, op);
47
48 /* allocate a new session keyring */
49 sprintf(desc, "_req.%u", key->serial);
50
51 keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current,
52 KEY_ALLOC_QUOTA_OVERRUN, NULL);
53 if (IS_ERR(keyring)) {
54 ret = PTR_ERR(keyring);
55 goto error_alloc;
56 }
57
58 /* attach the auth key to the session keyring */
59 ret = __key_link(keyring, authkey);
60 if (ret < 0)
61 goto error_link;
62
63 /* record the UID and GID */
64 sprintf(uid_str, "%d", current->fsuid);
65 sprintf(gid_str, "%d", current->fsgid);
66
67 /* we say which key is under construction */
68 sprintf(key_str, "%d", key->serial);
69
70 /* we specify the process's default keyrings */
71 sprintf(keyring_str[0], "%d",
72 tsk->thread_keyring ? tsk->thread_keyring->serial : 0);
73
74 prkey = 0;
75 if (tsk->signal->process_keyring)
76 prkey = tsk->signal->process_keyring->serial;
77
78 sprintf(keyring_str[1], "%d", prkey);
79
80 if (tsk->signal->session_keyring) {
81 rcu_read_lock();
82 sskey = rcu_dereference(tsk->signal->session_keyring)->serial;
83 rcu_read_unlock();
84 }
85 else {
86 sskey = tsk->user->session_keyring->serial;
87 }
88
89 sprintf(keyring_str[2], "%d", sskey);
90
91 /* set up a minimal environment */
92 i = 0;
93 envp[i++] = "HOME=/";
94 envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin";
95 envp[i] = NULL;
96
97 /* set up the argument list */
98 i = 0;
99 argv[i++] = "/sbin/request-key";
100 argv[i++] = (char *) op;
101 argv[i++] = key_str;
102 argv[i++] = uid_str;
103 argv[i++] = gid_str;
104 argv[i++] = keyring_str[0];
105 argv[i++] = keyring_str[1];
106 argv[i++] = keyring_str[2];
107 argv[i] = NULL;
108
109 /* do it */
110 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1);
111
112 error_link:
113 key_put(keyring);
114
115 error_alloc:
116 kleave(" = %d", ret);
117 return ret;
118
119 } /* end call_sbin_request_key() */
120
121 /*****************************************************************************/
122 /*
123 * call out to userspace for the key
124 * - called with the construction sem held, but the sem is dropped here
125 * - we ignore program failure and go on key status instead
126 */
127 static struct key *__request_key_construction(struct key_type *type,
128 const char *description,
129 const char *callout_info,
130 unsigned long flags)
131 {
132 request_key_actor_t actor;
133 struct key_construction cons;
134 struct timespec now;
135 struct key *key, *authkey;
136 int ret, negated;
137
138 kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags);
139
140 /* create a key and add it to the queue */
141 key = key_alloc(type, description,
142 current->fsuid, current->fsgid, current, KEY_POS_ALL,
143 flags);
144 if (IS_ERR(key))
145 goto alloc_failed;
146
147 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
148
149 cons.key = key;
150 list_add_tail(&cons.link, &key->user->consq);
151
152 /* we drop the construction sem here on behalf of the caller */
153 up_write(&key_construction_sem);
154
155 /* allocate an authorisation key */
156 authkey = request_key_auth_new(key, callout_info);
157 if (IS_ERR(authkey)) {
158 ret = PTR_ERR(authkey);
159 authkey = NULL;
160 goto alloc_authkey_failed;
161 }
162
163 /* make the call */
164 actor = call_sbin_request_key;
165 if (type->request_key)
166 actor = type->request_key;
167 ret = actor(key, authkey, "create");
168 if (ret < 0)
169 goto request_failed;
170
171 /* if the key wasn't instantiated, then we want to give an error */
172 ret = -ENOKEY;
173 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags))
174 goto request_failed;
175
176 key_revoke(authkey);
177 key_put(authkey);
178
179 down_write(&key_construction_sem);
180 list_del(&cons.link);
181 up_write(&key_construction_sem);
182
183 /* also give an error if the key was negatively instantiated */
184 check_not_negative:
185 if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) {
186 key_put(key);
187 key = ERR_PTR(-ENOKEY);
188 }
189
190 out:
191 kleave(" = %p", key);
192 return key;
193
194 request_failed:
195 key_revoke(authkey);
196 key_put(authkey);
197
198 alloc_authkey_failed:
199 /* it wasn't instantiated
200 * - remove from construction queue
201 * - mark the key as dead
202 */
203 negated = 0;
204 down_write(&key_construction_sem);
205
206 list_del(&cons.link);
207
208 /* check it didn't get instantiated between the check and the down */
209 if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) {
210 set_bit(KEY_FLAG_NEGATIVE, &key->flags);
211 set_bit(KEY_FLAG_INSTANTIATED, &key->flags);
212 negated = 1;
213 }
214
215 clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
216
217 up_write(&key_construction_sem);
218
219 if (!negated)
220 goto check_not_negative; /* surprisingly, the key got
221 * instantiated */
222
223 /* set the timeout and store in the session keyring if we can */
224 now = current_kernel_time();
225 key->expiry = now.tv_sec + key_negative_timeout;
226
227 if (current->signal->session_keyring) {
228 struct key *keyring;
229
230 rcu_read_lock();
231 keyring = rcu_dereference(current->signal->session_keyring);
232 atomic_inc(&keyring->usage);
233 rcu_read_unlock();
234
235 key_link(keyring, key);
236 key_put(keyring);
237 }
238
239 key_put(key);
240
241 /* notify anyone who was waiting */
242 wake_up_all(&request_key_conswq);
243
244 key = ERR_PTR(ret);
245 goto out;
246
247 alloc_failed:
248 up_write(&key_construction_sem);
249 goto out;
250
251 } /* end __request_key_construction() */
252
253 /*****************************************************************************/
254 /*
255 * call out to userspace to request the key
256 * - we check the construction queue first to see if an appropriate key is
257 * already being constructed by userspace
258 */
259 static struct key *request_key_construction(struct key_type *type,
260 const char *description,
261 struct key_user *user,
262 const char *callout_info,
263 unsigned long flags)
264 {
265 struct key_construction *pcons;
266 struct key *key, *ckey;
267
268 DECLARE_WAITQUEUE(myself, current);
269
270 kenter("%s,%s,{%d},%s,%lx",
271 type->name, description, user->uid, callout_info, flags);
272
273 /* see if there's such a key under construction already */
274 down_write(&key_construction_sem);
275
276 list_for_each_entry(pcons, &user->consq, link) {
277 ckey = pcons->key;
278
279 if (ckey->type != type)
280 continue;
281
282 if (type->match(ckey, description))
283 goto found_key_under_construction;
284 }
285
286 /* see about getting userspace to construct the key */
287 key = __request_key_construction(type, description, callout_info,
288 flags);
289 error:
290 kleave(" = %p", key);
291 return key;
292
293 /* someone else has the same key under construction
294 * - we want to keep an eye on their key
295 */
296 found_key_under_construction:
297 atomic_inc(&ckey->usage);
298 up_write(&key_construction_sem);
299
300 /* wait for the key to be completed one way or another */
301 add_wait_queue(&request_key_conswq, &myself);
302
303 for (;;) {
304 set_current_state(TASK_INTERRUPTIBLE);
305 if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags))
306 break;
307 if (signal_pending(current))
308 break;
309 schedule();
310 }
311
312 set_current_state(TASK_RUNNING);
313 remove_wait_queue(&request_key_conswq, &myself);
314
315 /* we'll need to search this process's keyrings to see if the key is
316 * now there since we can't automatically assume it's also available
317 * there */
318 key_put(ckey);
319 ckey = NULL;
320
321 key = NULL; /* request a retry */
322 goto error;
323
324 } /* end request_key_construction() */
325
326 /*****************************************************************************/
327 /*
328 * link a freshly minted key to an appropriate destination keyring
329 */
330 static void request_key_link(struct key *key, struct key *dest_keyring)
331 {
332 struct task_struct *tsk = current;
333 struct key *drop = NULL;
334
335 kenter("{%d},%p", key->serial, dest_keyring);
336
337 /* find the appropriate keyring */
338 if (!dest_keyring) {
339 switch (tsk->jit_keyring) {
340 case KEY_REQKEY_DEFL_DEFAULT:
341 case KEY_REQKEY_DEFL_THREAD_KEYRING:
342 dest_keyring = tsk->thread_keyring;
343 if (dest_keyring)
344 break;
345
346 case KEY_REQKEY_DEFL_PROCESS_KEYRING:
347 dest_keyring = tsk->signal->process_keyring;
348 if (dest_keyring)
349 break;
350
351 case KEY_REQKEY_DEFL_SESSION_KEYRING:
352 rcu_read_lock();
353 dest_keyring = key_get(
354 rcu_dereference(tsk->signal->session_keyring));
355 rcu_read_unlock();
356 drop = dest_keyring;
357
358 if (dest_keyring)
359 break;
360
361 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
362 dest_keyring = current->user->session_keyring;
363 break;
364
365 case KEY_REQKEY_DEFL_USER_KEYRING:
366 dest_keyring = current->user->uid_keyring;
367 break;
368
369 case KEY_REQKEY_DEFL_GROUP_KEYRING:
370 default:
371 BUG();
372 }
373 }
374
375 /* and attach the key to it */
376 key_link(dest_keyring, key);
377
378 key_put(drop);
379
380 kleave("");
381
382 } /* end request_key_link() */
383
384 /*****************************************************************************/
385 /*
386 * request a key
387 * - search the process's keyrings
388 * - check the list of keys being created or updated
389 * - call out to userspace for a key if supplementary info was provided
390 * - cache the key in an appropriate keyring
391 */
392 struct key *request_key_and_link(struct key_type *type,
393 const char *description,
394 const char *callout_info,
395 struct key *dest_keyring,
396 unsigned long flags)
397 {
398 struct key_user *user;
399 struct key *key;
400 key_ref_t key_ref;
401
402 kenter("%s,%s,%s,%p,%lx",
403 type->name, description, callout_info, dest_keyring, flags);
404
405 /* search all the process keyrings for a key */
406 key_ref = search_process_keyrings(type, description, type->match,
407 current);
408
409 kdebug("search 1: %p", key_ref);
410
411 if (!IS_ERR(key_ref)) {
412 key = key_ref_to_ptr(key_ref);
413 }
414 else if (PTR_ERR(key_ref) != -EAGAIN) {
415 key = ERR_PTR(PTR_ERR(key_ref));
416 }
417 else {
418 /* the search failed, but the keyrings were searchable, so we
419 * should consult userspace if we can */
420 key = ERR_PTR(-ENOKEY);
421 if (!callout_info)
422 goto error;
423
424 /* - get hold of the user's construction queue */
425 user = key_user_lookup(current->fsuid);
426 if (!user)
427 goto nomem;
428
429 for (;;) {
430 if (signal_pending(current))
431 goto interrupted;
432
433 /* ask userspace (returns NULL if it waited on a key
434 * being constructed) */
435 key = request_key_construction(type, description,
436 user, callout_info,
437 flags);
438 if (key)
439 break;
440
441 /* someone else made the key we want, so we need to
442 * search again as it might now be available to us */
443 key_ref = search_process_keyrings(type, description,
444 type->match,
445 current);
446
447 kdebug("search 2: %p", key_ref);
448
449 if (!IS_ERR(key_ref)) {
450 key = key_ref_to_ptr(key_ref);
451 break;
452 }
453
454 if (PTR_ERR(key_ref) != -EAGAIN) {
455 key = ERR_PTR(PTR_ERR(key_ref));
456 break;
457 }
458 }
459
460 key_user_put(user);
461
462 /* link the new key into the appropriate keyring */
463 if (!IS_ERR(key))
464 request_key_link(key, dest_keyring);
465 }
466
467 error:
468 kleave(" = %p", key);
469 return key;
470
471 nomem:
472 key = ERR_PTR(-ENOMEM);
473 goto error;
474
475 interrupted:
476 key_user_put(user);
477 key = ERR_PTR(-EINTR);
478 goto error;
479
480 } /* end request_key_and_link() */
481
482 /*****************************************************************************/
483 /*
484 * request a key
485 * - search the process's keyrings
486 * - check the list of keys being created or updated
487 * - call out to userspace for a key if supplementary info was provided
488 */
489 struct key *request_key(struct key_type *type,
490 const char *description,
491 const char *callout_info)
492 {
493 return request_key_and_link(type, description, callout_info, NULL,
494 KEY_ALLOC_IN_QUOTA);
495
496 } /* end request_key() */
497
498 EXPORT_SYMBOL(request_key);
WRT350N Kernel Patches