Commit | Line | Data |
---|---|---|
2874c5fd | 1 | // SPDX-License-Identifier: GPL-2.0-or-later |
76181c13 | 2 | /* Request a key from userspace |
1da177e4 | 3 | * |
76181c13 | 4 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
5 | * Written by David Howells (dhowells@redhat.com) |
6 | * | |
3db38ed7 | 7 | * See Documentation/security/keys/request-key.rst |
1da177e4 LT |
8 | */ |
9 | ||
876979c9 | 10 | #include <linux/export.h> |
1da177e4 LT |
11 | #include <linux/sched.h> |
12 | #include <linux/kmod.h> | |
13 | #include <linux/err.h> | |
3e30148c | 14 | #include <linux/keyctl.h> |
fdb89bce | 15 | #include <linux/slab.h> |
a58946c1 | 16 | #include <net/net_namespace.h> |
1da177e4 | 17 | #include "internal.h" |
822ad64d | 18 | #include <keys/request_key_auth-type.h> |
1da177e4 | 19 | |
e9e349b0 DH |
20 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
21 | ||
7743c48e DH |
22 | static struct key *check_cached_key(struct keyring_search_context *ctx) |
23 | { | |
24 | #ifdef CONFIG_KEYS_REQUEST_CACHE | |
25 | struct key *key = current->cached_requested_key; | |
26 | ||
27 | if (key && | |
28 | ctx->match_data.cmp(key, &ctx->match_data) && | |
29 | !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | | |
30 | (1 << KEY_FLAG_REVOKED)))) | |
31 | return key_get(key); | |
32 | #endif | |
33 | return NULL; | |
34 | } | |
35 | ||
36 | static void cache_requested_key(struct key *key) | |
37 | { | |
38 | #ifdef CONFIG_KEYS_REQUEST_CACHE | |
39 | struct task_struct *t = current; | |
40 | ||
41 | key_put(t->cached_requested_key); | |
42 | t->cached_requested_key = key_get(key); | |
43 | set_tsk_thread_flag(t, TIF_NOTIFY_RESUME); | |
44 | #endif | |
45 | } | |
46 | ||
973c9f4f DH |
47 | /** |
48 | * complete_request_key - Complete the construction of a key. | |
9fd16537 | 49 | * @authkey: The authorisation key. |
973c9f4f DH |
50 | * @error: The success or failute of the construction. |
51 | * | |
52 | * Complete the attempt to construct a key. The key will be negated | |
53 | * if an error is indicated. The authorisation key will be revoked | |
54 | * unconditionally. | |
76181c13 | 55 | */ |
822ad64d | 56 | void complete_request_key(struct key *authkey, int error) |
76181c13 | 57 | { |
822ad64d DH |
58 | struct request_key_auth *rka = get_request_key_auth(authkey); |
59 | struct key *key = rka->target_key; | |
60 | ||
61 | kenter("%d{%d},%d", authkey->serial, key->serial, error); | |
1da177e4 | 62 | |
76181c13 | 63 | if (error < 0) |
822ad64d | 64 | key_negate_and_link(key, key_negative_timeout, NULL, authkey); |
76181c13 | 65 | else |
822ad64d | 66 | key_revoke(authkey); |
76181c13 DH |
67 | } |
68 | EXPORT_SYMBOL(complete_request_key); | |
1da177e4 | 69 | |
973c9f4f DH |
70 | /* |
71 | * Initialise a usermode helper that is going to have a specific session | |
72 | * keyring. | |
73 | * | |
74 | * This is called in context of freshly forked kthread before kernel_execve(), | |
75 | * so we can simply install the desired session_keyring at this point. | |
76 | */ | |
87966996 | 77 | static int umh_keys_init(struct subprocess_info *info, struct cred *cred) |
685bfd2c | 78 | { |
685bfd2c | 79 | struct key *keyring = info->data; |
973c9f4f | 80 | |
685bfd2c ON |
81 | return install_session_keyring_to_cred(cred, keyring); |
82 | } | |
83 | ||
973c9f4f DH |
84 | /* |
85 | * Clean up a usermode helper with session keyring. | |
86 | */ | |
685bfd2c ON |
87 | static void umh_keys_cleanup(struct subprocess_info *info) |
88 | { | |
89 | struct key *keyring = info->data; | |
90 | key_put(keyring); | |
91 | } | |
92 | ||
973c9f4f DH |
93 | /* |
94 | * Call a usermode helper with a specific session keyring. | |
95 | */ | |
377e7a27 | 96 | static int call_usermodehelper_keys(const char *path, char **argv, char **envp, |
9d944ef3 | 97 | struct key *session_keyring, int wait) |
685bfd2c | 98 | { |
93997f6d LDM |
99 | struct subprocess_info *info; |
100 | ||
101 | info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL, | |
102 | umh_keys_init, umh_keys_cleanup, | |
103 | session_keyring); | |
104 | if (!info) | |
105 | return -ENOMEM; | |
106 | ||
107 | key_get(session_keyring); | |
108 | return call_usermodehelper_exec(info, wait); | |
685bfd2c ON |
109 | } |
110 | ||
1da177e4 | 111 | /* |
973c9f4f | 112 | * Request userspace finish the construction of a key |
b5f545c8 | 113 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 114 | */ |
822ad64d | 115 | static int call_sbin_request_key(struct key *authkey, void *aux) |
1da177e4 | 116 | { |
377e7a27 | 117 | static char const request_key[] = "/sbin/request-key"; |
822ad64d | 118 | struct request_key_auth *rka = get_request_key_auth(authkey); |
86a264ab | 119 | const struct cred *cred = current_cred(); |
1da177e4 | 120 | key_serial_t prkey, sskey; |
0f44e4d9 | 121 | struct key *key = rka->target_key, *keyring, *session, *user_session; |
b5f545c8 | 122 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
1da177e4 | 123 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 124 | char desc[20]; |
3e30148c DH |
125 | int ret, i; |
126 | ||
822ad64d | 127 | kenter("{%d},{%d},%s", key->serial, authkey->serial, rka->op); |
3e30148c | 128 | |
0f44e4d9 | 129 | ret = look_up_user_keyrings(NULL, &user_session); |
8bbf4976 | 130 | if (ret < 0) |
0f44e4d9 | 131 | goto error_us; |
8bbf4976 | 132 | |
b5f545c8 DH |
133 | /* allocate a new session keyring */ |
134 | sprintf(desc, "_req.%u", key->serial); | |
135 | ||
d84f4f99 DH |
136 | cred = get_current_cred(); |
137 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | |
028db3e2 LT |
138 | KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, |
139 | KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL); | |
d84f4f99 | 140 | put_cred(cred); |
b5f545c8 DH |
141 | if (IS_ERR(keyring)) { |
142 | ret = PTR_ERR(keyring); | |
143 | goto error_alloc; | |
3e30148c | 144 | } |
1da177e4 | 145 | |
b5f545c8 | 146 | /* attach the auth key to the session keyring */ |
896903c2 | 147 | ret = key_link(keyring, authkey); |
b5f545c8 DH |
148 | if (ret < 0) |
149 | goto error_link; | |
150 | ||
1da177e4 | 151 | /* record the UID and GID */ |
9a56c2db EB |
152 | sprintf(uid_str, "%d", from_kuid(&init_user_ns, cred->fsuid)); |
153 | sprintf(gid_str, "%d", from_kgid(&init_user_ns, cred->fsgid)); | |
1da177e4 LT |
154 | |
155 | /* we say which key is under construction */ | |
156 | sprintf(key_str, "%d", key->serial); | |
157 | ||
158 | /* we specify the process's default keyrings */ | |
159 | sprintf(keyring_str[0], "%d", | |
d84f4f99 | 160 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
1da177e4 LT |
161 | |
162 | prkey = 0; | |
3a50597d DH |
163 | if (cred->process_keyring) |
164 | prkey = cred->process_keyring->serial; | |
5ad18a0d | 165 | sprintf(keyring_str[1], "%d", prkey); |
1da177e4 | 166 | |
5c7e372c | 167 | session = cred->session_keyring; |
93b4a44f | 168 | if (!session) |
0f44e4d9 | 169 | session = user_session; |
93b4a44f | 170 | sskey = session->serial; |
1da177e4 | 171 | |
1da177e4 LT |
172 | sprintf(keyring_str[2], "%d", sskey); |
173 | ||
174 | /* set up a minimal environment */ | |
175 | i = 0; | |
176 | envp[i++] = "HOME=/"; | |
177 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
178 | envp[i] = NULL; | |
179 | ||
180 | /* set up the argument list */ | |
181 | i = 0; | |
377e7a27 | 182 | argv[i++] = (char *)request_key; |
822ad64d | 183 | argv[i++] = (char *)rka->op; |
1da177e4 LT |
184 | argv[i++] = key_str; |
185 | argv[i++] = uid_str; | |
186 | argv[i++] = gid_str; | |
187 | argv[i++] = keyring_str[0]; | |
188 | argv[i++] = keyring_str[1]; | |
189 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
190 | argv[i] = NULL; |
191 | ||
192 | /* do it */ | |
377e7a27 | 193 | ret = call_usermodehelper_keys(request_key, argv, envp, keyring, |
86313c48 | 194 | UMH_WAIT_PROC); |
76181c13 DH |
195 | kdebug("usermode -> 0x%x", ret); |
196 | if (ret >= 0) { | |
197 | /* ret is the exit/wait code */ | |
198 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || | |
199 | key_validate(key) < 0) | |
200 | ret = -ENOKEY; | |
201 | else | |
202 | /* ignore any errors from userspace if the key was | |
203 | * instantiated */ | |
204 | ret = 0; | |
205 | } | |
3e30148c | 206 | |
b5f545c8 DH |
207 | error_link: |
208 | key_put(keyring); | |
3e30148c | 209 | |
b5f545c8 | 210 | error_alloc: |
0f44e4d9 DH |
211 | key_put(user_session); |
212 | error_us: | |
822ad64d | 213 | complete_request_key(authkey, ret); |
d84f4f99 | 214 | kleave(" = %d", ret); |
3e30148c | 215 | return ret; |
76181c13 | 216 | } |
1da177e4 | 217 | |
1da177e4 | 218 | /* |
973c9f4f DH |
219 | * Call out to userspace for key construction. |
220 | * | |
221 | * Program failure is ignored in favour of key status. | |
1da177e4 | 222 | */ |
4a38e122 | 223 | static int construct_key(struct key *key, const void *callout_info, |
8bbf4976 DH |
224 | size_t callout_len, void *aux, |
225 | struct key *dest_keyring) | |
1da177e4 | 226 | { |
b5f545c8 | 227 | request_key_actor_t actor; |
76181c13 DH |
228 | struct key *authkey; |
229 | int ret; | |
1da177e4 | 230 | |
4a38e122 | 231 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
3e30148c | 232 | |
b5f545c8 | 233 | /* allocate an authorisation key */ |
822ad64d | 234 | authkey = request_key_auth_new(key, "create", callout_info, callout_len, |
8bbf4976 | 235 | dest_keyring); |
822ad64d DH |
236 | if (IS_ERR(authkey)) |
237 | return PTR_ERR(authkey); | |
76181c13 | 238 | |
822ad64d DH |
239 | /* Make the call */ |
240 | actor = call_sbin_request_key; | |
241 | if (key->type->request_key) | |
242 | actor = key->type->request_key; | |
76181c13 | 243 | |
822ad64d | 244 | ret = actor(authkey, aux); |
76181c13 | 245 | |
822ad64d DH |
246 | /* check that the actor called complete_request_key() prior to |
247 | * returning an error */ | |
248 | WARN_ON(ret < 0 && | |
a09003b5 | 249 | !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags)); |
1da177e4 | 250 | |
822ad64d | 251 | key_put(authkey); |
76181c13 DH |
252 | kleave(" = %d", ret); |
253 | return ret; | |
254 | } | |
1da177e4 | 255 | |
3e30148c | 256 | /* |
973c9f4f DH |
257 | * Get the appropriate destination keyring for the request. |
258 | * | |
259 | * The keyring selected is returned with an extra reference upon it which the | |
260 | * caller must release. | |
3e30148c | 261 | */ |
4dca6ea1 | 262 | static int construct_get_dest_keyring(struct key **_dest_keyring) |
3e30148c | 263 | { |
8bbf4976 | 264 | struct request_key_auth *rka; |
bb952bb9 | 265 | const struct cred *cred = current_cred(); |
8bbf4976 | 266 | struct key *dest_keyring = *_dest_keyring, *authkey; |
4dca6ea1 | 267 | int ret; |
3e30148c | 268 | |
8bbf4976 | 269 | kenter("%p", dest_keyring); |
3e30148c DH |
270 | |
271 | /* find the appropriate keyring */ | |
8bbf4976 DH |
272 | if (dest_keyring) { |
273 | /* the caller supplied one */ | |
274 | key_get(dest_keyring); | |
275 | } else { | |
4dca6ea1 EB |
276 | bool do_perm_check = true; |
277 | ||
8bbf4976 DH |
278 | /* use a default keyring; falling through the cases until we |
279 | * find one that we actually have */ | |
bb952bb9 | 280 | switch (cred->jit_keyring) { |
3e30148c | 281 | case KEY_REQKEY_DEFL_DEFAULT: |
8bbf4976 | 282 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
bb952bb9 DH |
283 | if (cred->request_key_auth) { |
284 | authkey = cred->request_key_auth; | |
8bbf4976 | 285 | down_read(&authkey->sem); |
822ad64d | 286 | rka = get_request_key_auth(authkey); |
8bbf4976 DH |
287 | if (!test_bit(KEY_FLAG_REVOKED, |
288 | &authkey->flags)) | |
289 | dest_keyring = | |
290 | key_get(rka->dest_keyring); | |
291 | up_read(&authkey->sem); | |
4dca6ea1 EB |
292 | if (dest_keyring) { |
293 | do_perm_check = false; | |
8bbf4976 | 294 | break; |
4dca6ea1 | 295 | } |
8bbf4976 DH |
296 | } |
297 | ||
df561f66 | 298 | fallthrough; |
3e30148c | 299 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
bb952bb9 | 300 | dest_keyring = key_get(cred->thread_keyring); |
3e30148c DH |
301 | if (dest_keyring) |
302 | break; | |
303 | ||
df561f66 | 304 | fallthrough; |
3e30148c | 305 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
3a50597d | 306 | dest_keyring = key_get(cred->process_keyring); |
3e30148c DH |
307 | if (dest_keyring) |
308 | break; | |
309 | ||
df561f66 | 310 | fallthrough; |
3e30148c | 311 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
5c7e372c | 312 | dest_keyring = key_get(cred->session_keyring); |
3e30148c DH |
313 | |
314 | if (dest_keyring) | |
315 | break; | |
316 | ||
df561f66 | 317 | fallthrough; |
3e30148c | 318 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
0f44e4d9 DH |
319 | ret = look_up_user_keyrings(NULL, &dest_keyring); |
320 | if (ret < 0) | |
321 | return ret; | |
3e30148c DH |
322 | break; |
323 | ||
324 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
0f44e4d9 DH |
325 | ret = look_up_user_keyrings(&dest_keyring, NULL); |
326 | if (ret < 0) | |
327 | return ret; | |
3e30148c DH |
328 | break; |
329 | ||
330 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
331 | default: | |
332 | BUG(); | |
333 | } | |
4dca6ea1 EB |
334 | |
335 | /* | |
336 | * Require Write permission on the keyring. This is essential | |
337 | * because the default keyring may be the session keyring, and | |
338 | * joining a keyring only requires Search permission. | |
339 | * | |
340 | * However, this check is skipped for the "requestor keyring" so | |
341 | * that /sbin/request-key can itself use request_key() to add | |
342 | * keys to the original requestor's destination keyring. | |
343 | */ | |
344 | if (dest_keyring && do_perm_check) { | |
345 | ret = key_permission(make_key_ref(dest_keyring, 1), | |
346 | KEY_NEED_WRITE); | |
347 | if (ret) { | |
348 | key_put(dest_keyring); | |
349 | return ret; | |
350 | } | |
351 | } | |
3e30148c DH |
352 | } |
353 | ||
8bbf4976 DH |
354 | *_dest_keyring = dest_keyring; |
355 | kleave(" [dk %d]", key_serial(dest_keyring)); | |
4dca6ea1 | 356 | return 0; |
76181c13 | 357 | } |
3e30148c | 358 | |
76181c13 | 359 | /* |
973c9f4f DH |
360 | * Allocate a new key in under-construction state and attempt to link it in to |
361 | * the requested keyring. | |
362 | * | |
363 | * May return a key that's already under construction instead if there was a | |
364 | * race between two thread calling request_key(). | |
76181c13 | 365 | */ |
4bdf0bc3 | 366 | static int construct_alloc_key(struct keyring_search_context *ctx, |
76181c13 DH |
367 | struct key *dest_keyring, |
368 | unsigned long flags, | |
369 | struct key_user *user, | |
370 | struct key **_key) | |
371 | { | |
df593ee2 | 372 | struct assoc_array_edit *edit = NULL; |
76181c13 | 373 | struct key *key; |
028db3e2 | 374 | key_perm_t perm; |
76181c13 | 375 | key_ref_t key_ref; |
2b9e4688 | 376 | int ret; |
76181c13 | 377 | |
4bdf0bc3 DH |
378 | kenter("%s,%s,,,", |
379 | ctx->index_key.type->name, ctx->index_key.description); | |
76181c13 | 380 | |
f70e2e06 | 381 | *_key = NULL; |
76181c13 DH |
382 | mutex_lock(&user->cons_lock); |
383 | ||
028db3e2 LT |
384 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; |
385 | perm |= KEY_USR_VIEW; | |
386 | if (ctx->index_key.type->read) | |
387 | perm |= KEY_POS_READ; | |
388 | if (ctx->index_key.type == &key_type_keyring || | |
389 | ctx->index_key.type->update) | |
390 | perm |= KEY_POS_WRITE; | |
391 | ||
4bdf0bc3 DH |
392 | key = key_alloc(ctx->index_key.type, ctx->index_key.description, |
393 | ctx->cred->fsuid, ctx->cred->fsgid, ctx->cred, | |
028db3e2 | 394 | perm, flags, NULL); |
76181c13 DH |
395 | if (IS_ERR(key)) |
396 | goto alloc_failed; | |
397 | ||
398 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | |
399 | ||
f70e2e06 | 400 | if (dest_keyring) { |
df593ee2 DH |
401 | ret = __key_link_lock(dest_keyring, &ctx->index_key); |
402 | if (ret < 0) | |
403 | goto link_lock_failed; | |
b2a4df20 | 404 | ret = __key_link_begin(dest_keyring, &ctx->index_key, &edit); |
f70e2e06 DH |
405 | if (ret < 0) |
406 | goto link_prealloc_failed; | |
407 | } | |
76181c13 DH |
408 | |
409 | /* attach the key to the destination keyring under lock, but we do need | |
410 | * to do another check just in case someone beat us to it whilst we | |
411 | * waited for locks */ | |
412 | mutex_lock(&key_construction_mutex); | |
413 | ||
e59428f7 DH |
414 | rcu_read_lock(); |
415 | key_ref = search_process_keyrings_rcu(ctx); | |
416 | rcu_read_unlock(); | |
76181c13 DH |
417 | if (!IS_ERR(key_ref)) |
418 | goto key_already_present; | |
419 | ||
34574dd1 | 420 | if (dest_keyring) |
f7e47677 | 421 | __key_link(dest_keyring, key, &edit); |
76181c13 DH |
422 | |
423 | mutex_unlock(&key_construction_mutex); | |
34574dd1 | 424 | if (dest_keyring) |
b2a4df20 | 425 | __key_link_end(dest_keyring, &ctx->index_key, edit); |
76181c13 DH |
426 | mutex_unlock(&user->cons_lock); |
427 | *_key = key; | |
428 | kleave(" = 0 [%d]", key_serial(key)); | |
429 | return 0; | |
430 | ||
2b9e4688 DH |
431 | /* the key is now present - we tell the caller that we found it by |
432 | * returning -EINPROGRESS */ | |
76181c13 | 433 | key_already_present: |
f70e2e06 | 434 | key_put(key); |
76181c13 | 435 | mutex_unlock(&key_construction_mutex); |
f70e2e06 | 436 | key = key_ref_to_ptr(key_ref); |
03449cd9 | 437 | if (dest_keyring) { |
f70e2e06 DH |
438 | ret = __key_link_check_live_key(dest_keyring, key); |
439 | if (ret == 0) | |
f7e47677 | 440 | __key_link(dest_keyring, key, &edit); |
b2a4df20 | 441 | __key_link_end(dest_keyring, &ctx->index_key, edit); |
f70e2e06 DH |
442 | if (ret < 0) |
443 | goto link_check_failed; | |
03449cd9 | 444 | } |
76181c13 | 445 | mutex_unlock(&user->cons_lock); |
f70e2e06 | 446 | *_key = key; |
76181c13 DH |
447 | kleave(" = -EINPROGRESS [%d]", key_serial(key)); |
448 | return -EINPROGRESS; | |
449 | ||
f70e2e06 DH |
450 | link_check_failed: |
451 | mutex_unlock(&user->cons_lock); | |
452 | key_put(key); | |
453 | kleave(" = %d [linkcheck]", ret); | |
454 | return ret; | |
455 | ||
456 | link_prealloc_failed: | |
df593ee2 DH |
457 | __key_link_end(dest_keyring, &ctx->index_key, edit); |
458 | link_lock_failed: | |
f70e2e06 | 459 | mutex_unlock(&user->cons_lock); |
d0709f1e | 460 | key_put(key); |
f70e2e06 DH |
461 | kleave(" = %d [prelink]", ret); |
462 | return ret; | |
463 | ||
76181c13 DH |
464 | alloc_failed: |
465 | mutex_unlock(&user->cons_lock); | |
76181c13 DH |
466 | kleave(" = %ld", PTR_ERR(key)); |
467 | return PTR_ERR(key); | |
468 | } | |
469 | ||
470 | /* | |
973c9f4f | 471 | * Commence key construction. |
76181c13 | 472 | */ |
4bdf0bc3 | 473 | static struct key *construct_key_and_link(struct keyring_search_context *ctx, |
76181c13 | 474 | const char *callout_info, |
4a38e122 | 475 | size_t callout_len, |
76181c13 DH |
476 | void *aux, |
477 | struct key *dest_keyring, | |
478 | unsigned long flags) | |
479 | { | |
480 | struct key_user *user; | |
481 | struct key *key; | |
482 | int ret; | |
483 | ||
d84f4f99 DH |
484 | kenter(""); |
485 | ||
911b79cd DH |
486 | if (ctx->index_key.type == &key_type_keyring) |
487 | return ERR_PTR(-EPERM); | |
965475ac | 488 | |
4dca6ea1 EB |
489 | ret = construct_get_dest_keyring(&dest_keyring); |
490 | if (ret) | |
491 | goto error; | |
76181c13 | 492 | |
4dca6ea1 EB |
493 | user = key_user_lookup(current_fsuid()); |
494 | if (!user) { | |
495 | ret = -ENOMEM; | |
496 | goto error_put_dest_keyring; | |
497 | } | |
8bbf4976 | 498 | |
028db3e2 | 499 | ret = construct_alloc_key(ctx, dest_keyring, flags, user, &key); |
76181c13 DH |
500 | key_user_put(user); |
501 | ||
502 | if (ret == 0) { | |
8bbf4976 DH |
503 | ret = construct_key(key, callout_info, callout_len, aux, |
504 | dest_keyring); | |
d84f4f99 DH |
505 | if (ret < 0) { |
506 | kdebug("cons failed"); | |
76181c13 | 507 | goto construction_failed; |
d84f4f99 | 508 | } |
2b9e4688 DH |
509 | } else if (ret == -EINPROGRESS) { |
510 | ret = 0; | |
511 | } else { | |
4dca6ea1 | 512 | goto error_put_dest_keyring; |
76181c13 DH |
513 | } |
514 | ||
8bbf4976 | 515 | key_put(dest_keyring); |
d84f4f99 | 516 | kleave(" = key %d", key_serial(key)); |
76181c13 DH |
517 | return key; |
518 | ||
519 | construction_failed: | |
520 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | |
521 | key_put(key); | |
4dca6ea1 | 522 | error_put_dest_keyring: |
8bbf4976 | 523 | key_put(dest_keyring); |
4dca6ea1 | 524 | error: |
d84f4f99 | 525 | kleave(" = %d", ret); |
76181c13 DH |
526 | return ERR_PTR(ret); |
527 | } | |
3e30148c | 528 | |
973c9f4f DH |
529 | /** |
530 | * request_key_and_link - Request a key and cache it in a keyring. | |
531 | * @type: The type of key we want. | |
532 | * @description: The searchable description of the key. | |
a58946c1 | 533 | * @domain_tag: The domain in which the key operates. |
973c9f4f DH |
534 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
535 | * @callout_len: The length of callout_info. | |
536 | * @aux: Auxiliary data for the upcall. | |
537 | * @dest_keyring: Where to cache the key. | |
538 | * @flags: Flags to key_alloc(). | |
539 | * | |
a58946c1 DH |
540 | * A key matching the specified criteria (type, description, domain_tag) is |
541 | * searched for in the process's keyrings and returned with its usage count | |
542 | * incremented if found. Otherwise, if callout_info is not NULL, a key will be | |
543 | * allocated and some service (probably in userspace) will be asked to | |
544 | * instantiate it. | |
973c9f4f DH |
545 | * |
546 | * If successfully found or created, the key will be linked to the destination | |
547 | * keyring if one is provided. | |
548 | * | |
549 | * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED | |
550 | * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was | |
551 | * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT | |
552 | * if insufficient key quota was available to create a new key; or -ENOMEM if | |
553 | * insufficient memory was available. | |
554 | * | |
555 | * If the returned key was created, then it may still be under construction, | |
556 | * and wait_for_key_construction() should be used to wait for that to complete. | |
1da177e4 | 557 | */ |
3e30148c DH |
558 | struct key *request_key_and_link(struct key_type *type, |
559 | const char *description, | |
a58946c1 | 560 | struct key_tag *domain_tag, |
4a38e122 DH |
561 | const void *callout_info, |
562 | size_t callout_len, | |
4e54f085 | 563 | void *aux, |
7e047ef5 DH |
564 | struct key *dest_keyring, |
565 | unsigned long flags) | |
1da177e4 | 566 | { |
4bdf0bc3 DH |
567 | struct keyring_search_context ctx = { |
568 | .index_key.type = type, | |
a58946c1 | 569 | .index_key.domain_tag = domain_tag, |
4bdf0bc3 | 570 | .index_key.description = description, |
ede0fa98 | 571 | .index_key.desc_len = strlen(description), |
4bdf0bc3 | 572 | .cred = current_cred(), |
c06cfb08 | 573 | .match_data.cmp = key_default_cmp, |
46291959 DH |
574 | .match_data.raw_data = description, |
575 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | |
0b0a8415 | 576 | .flags = (KEYRING_SEARCH_DO_STATE_CHECK | |
dcf49dbc DH |
577 | KEYRING_SEARCH_SKIP_EXPIRED | |
578 | KEYRING_SEARCH_RECURSE), | |
4bdf0bc3 | 579 | }; |
1da177e4 | 580 | struct key *key; |
664cceb0 | 581 | key_ref_t key_ref; |
2b9e4688 | 582 | int ret; |
1da177e4 | 583 | |
4a38e122 | 584 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
4bdf0bc3 DH |
585 | ctx.index_key.type->name, ctx.index_key.description, |
586 | callout_info, callout_len, aux, dest_keyring, flags); | |
3e30148c | 587 | |
46291959 DH |
588 | if (type->match_preparse) { |
589 | ret = type->match_preparse(&ctx.match_data); | |
590 | if (ret < 0) { | |
591 | key = ERR_PTR(ret); | |
592 | goto error; | |
593 | } | |
594 | } | |
595 | ||
7743c48e DH |
596 | key = check_cached_key(&ctx); |
597 | if (key) | |
846d2db3 | 598 | goto error_free; |
7743c48e | 599 | |
1da177e4 | 600 | /* search all the process keyrings for a key */ |
e59428f7 DH |
601 | rcu_read_lock(); |
602 | key_ref = search_process_keyrings_rcu(&ctx); | |
603 | rcu_read_unlock(); | |
1da177e4 | 604 | |
664cceb0 | 605 | if (!IS_ERR(key_ref)) { |
504b69eb DH |
606 | if (dest_keyring) { |
607 | ret = key_task_permission(key_ref, current_cred(), | |
608 | KEY_NEED_LINK); | |
609 | if (ret < 0) { | |
610 | key_ref_put(key_ref); | |
611 | key = ERR_PTR(ret); | |
612 | goto error_free; | |
613 | } | |
614 | } | |
615 | ||
664cceb0 | 616 | key = key_ref_to_ptr(key_ref); |
03449cd9 | 617 | if (dest_keyring) { |
2b9e4688 | 618 | ret = key_link(dest_keyring, key); |
2b9e4688 DH |
619 | if (ret < 0) { |
620 | key_put(key); | |
621 | key = ERR_PTR(ret); | |
46291959 | 622 | goto error_free; |
2b9e4688 | 623 | } |
03449cd9 | 624 | } |
7743c48e DH |
625 | |
626 | /* Only cache the key on immediate success */ | |
627 | cache_requested_key(key); | |
76181c13 | 628 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
e231c2ee | 629 | key = ERR_CAST(key_ref); |
76181c13 | 630 | } else { |
1da177e4 LT |
631 | /* the search failed, but the keyrings were searchable, so we |
632 | * should consult userspace if we can */ | |
633 | key = ERR_PTR(-ENOKEY); | |
634 | if (!callout_info) | |
46291959 | 635 | goto error_free; |
1da177e4 | 636 | |
4bdf0bc3 | 637 | key = construct_key_and_link(&ctx, callout_info, callout_len, |
028db3e2 | 638 | aux, dest_keyring, flags); |
1da177e4 LT |
639 | } |
640 | ||
46291959 DH |
641 | error_free: |
642 | if (type->match_free) | |
643 | type->match_free(&ctx.match_data); | |
3e30148c DH |
644 | error: |
645 | kleave(" = %p", key); | |
1da177e4 | 646 | return key; |
76181c13 | 647 | } |
1da177e4 | 648 | |
973c9f4f DH |
649 | /** |
650 | * wait_for_key_construction - Wait for construction of a key to complete | |
651 | * @key: The key being waited for. | |
652 | * @intr: Whether to wait interruptibly. | |
653 | * | |
654 | * Wait for a key to finish being constructed. | |
655 | * | |
656 | * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY | |
657 | * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was | |
658 | * revoked or expired. | |
76181c13 DH |
659 | */ |
660 | int wait_for_key_construction(struct key *key, bool intr) | |
661 | { | |
662 | int ret; | |
3e30148c | 663 | |
76181c13 | 664 | ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, |
76181c13 | 665 | intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); |
74316201 N |
666 | if (ret) |
667 | return -ERESTARTSYS; | |
363b02da DH |
668 | ret = key_read_state(key); |
669 | if (ret < 0) | |
670 | return ret; | |
76181c13 DH |
671 | return key_validate(key); |
672 | } | |
673 | EXPORT_SYMBOL(wait_for_key_construction); | |
3e30148c | 674 | |
973c9f4f | 675 | /** |
a58946c1 | 676 | * request_key_tag - Request a key and wait for construction |
973c9f4f DH |
677 | * @type: Type of key. |
678 | * @description: The searchable description of the key. | |
a58946c1 | 679 | * @domain_tag: The domain in which the key operates. |
973c9f4f DH |
680 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
681 | * | |
682 | * As for request_key_and_link() except that it does not add the returned key | |
683 | * to a keyring if found, new keys are always allocated in the user's quota, | |
684 | * the callout_info must be a NUL-terminated string and no auxiliary data can | |
685 | * be passed. | |
686 | * | |
687 | * Furthermore, it then works as wait_for_key_construction() to wait for the | |
688 | * completion of keys undergoing construction with a non-interruptible wait. | |
3e30148c | 689 | */ |
a58946c1 DH |
690 | struct key *request_key_tag(struct key_type *type, |
691 | const char *description, | |
692 | struct key_tag *domain_tag, | |
028db3e2 | 693 | const char *callout_info) |
3e30148c | 694 | { |
76181c13 | 695 | struct key *key; |
4a38e122 | 696 | size_t callout_len = 0; |
76181c13 DH |
697 | int ret; |
698 | ||
4a38e122 DH |
699 | if (callout_info) |
700 | callout_len = strlen(callout_info); | |
a58946c1 DH |
701 | key = request_key_and_link(type, description, domain_tag, |
702 | callout_info, callout_len, | |
028db3e2 | 703 | NULL, NULL, KEY_ALLOC_IN_QUOTA); |
76181c13 DH |
704 | if (!IS_ERR(key)) { |
705 | ret = wait_for_key_construction(key, false); | |
706 | if (ret < 0) { | |
707 | key_put(key); | |
708 | return ERR_PTR(ret); | |
709 | } | |
710 | } | |
711 | return key; | |
712 | } | |
a58946c1 | 713 | EXPORT_SYMBOL(request_key_tag); |
4e54f085 | 714 | |
973c9f4f DH |
715 | /** |
716 | * request_key_with_auxdata - Request a key with auxiliary data for the upcaller | |
717 | * @type: The type of key we want. | |
718 | * @description: The searchable description of the key. | |
a58946c1 | 719 | * @domain_tag: The domain in which the key operates. |
973c9f4f DH |
720 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
721 | * @callout_len: The length of callout_info. | |
722 | * @aux: Auxiliary data for the upcall. | |
723 | * | |
724 | * As for request_key_and_link() except that it does not add the returned key | |
725 | * to a keyring if found and new keys are always allocated in the user's quota. | |
726 | * | |
727 | * Furthermore, it then works as wait_for_key_construction() to wait for the | |
728 | * completion of keys undergoing construction with a non-interruptible wait. | |
4e54f085 DH |
729 | */ |
730 | struct key *request_key_with_auxdata(struct key_type *type, | |
731 | const char *description, | |
a58946c1 | 732 | struct key_tag *domain_tag, |
4a38e122 DH |
733 | const void *callout_info, |
734 | size_t callout_len, | |
028db3e2 | 735 | void *aux) |
4e54f085 | 736 | { |
76181c13 DH |
737 | struct key *key; |
738 | int ret; | |
739 | ||
a58946c1 DH |
740 | key = request_key_and_link(type, description, domain_tag, |
741 | callout_info, callout_len, | |
028db3e2 | 742 | aux, NULL, KEY_ALLOC_IN_QUOTA); |
76181c13 DH |
743 | if (!IS_ERR(key)) { |
744 | ret = wait_for_key_construction(key, false); | |
745 | if (ret < 0) { | |
746 | key_put(key); | |
747 | return ERR_PTR(ret); | |
748 | } | |
749 | } | |
750 | return key; | |
751 | } | |
752 | EXPORT_SYMBOL(request_key_with_auxdata); | |
4e54f085 | 753 | |
896f1950 DH |
754 | /** |
755 | * request_key_rcu - Request key from RCU-read-locked context | |
756 | * @type: The type of key we want. | |
757 | * @description: The name of the key we want. | |
a58946c1 | 758 | * @domain_tag: The domain in which the key operates. |
973c9f4f | 759 | * |
896f1950 DH |
760 | * Request a key from a context that we may not sleep in (such as RCU-mode |
761 | * pathwalk). Keys under construction are ignored. | |
973c9f4f | 762 | * |
896f1950 DH |
763 | * Return a pointer to the found key if successful, -ENOKEY if we couldn't find |
764 | * a key or some other error if the key found was unsuitable or inaccessible. | |
76181c13 | 765 | */ |
a58946c1 DH |
766 | struct key *request_key_rcu(struct key_type *type, |
767 | const char *description, | |
768 | struct key_tag *domain_tag) | |
76181c13 | 769 | { |
896f1950 DH |
770 | struct keyring_search_context ctx = { |
771 | .index_key.type = type, | |
a58946c1 | 772 | .index_key.domain_tag = domain_tag, |
896f1950 DH |
773 | .index_key.description = description, |
774 | .index_key.desc_len = strlen(description), | |
775 | .cred = current_cred(), | |
776 | .match_data.cmp = key_default_cmp, | |
777 | .match_data.raw_data = description, | |
778 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, | |
779 | .flags = (KEYRING_SEARCH_DO_STATE_CHECK | | |
780 | KEYRING_SEARCH_SKIP_EXPIRED), | |
781 | }; | |
782 | struct key *key; | |
783 | key_ref_t key_ref; | |
4e54f085 | 784 | |
896f1950 DH |
785 | kenter("%s,%s", type->name, description); |
786 | ||
7743c48e DH |
787 | key = check_cached_key(&ctx); |
788 | if (key) | |
789 | return key; | |
790 | ||
896f1950 DH |
791 | /* search all the process keyrings for a key */ |
792 | key_ref = search_process_keyrings_rcu(&ctx); | |
793 | if (IS_ERR(key_ref)) { | |
794 | key = ERR_CAST(key_ref); | |
795 | if (PTR_ERR(key_ref) == -EAGAIN) | |
796 | key = ERR_PTR(-ENOKEY); | |
797 | } else { | |
798 | key = key_ref_to_ptr(key_ref); | |
7743c48e | 799 | cache_requested_key(key); |
896f1950 DH |
800 | } |
801 | ||
802 | kleave(" = %p", key); | |
803 | return key; | |
76181c13 | 804 | } |
896f1950 | 805 | EXPORT_SYMBOL(request_key_rcu); |