Commit | Line | Data |
---|---|---|
76181c13 | 1 | /* Request a key from userspace |
1da177e4 | 2 | * |
76181c13 | 3 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
1da177e4 LT |
4 | * Written by David Howells (dhowells@redhat.com) |
5 | * | |
6 | * This program is free software; you can redistribute it and/or | |
7 | * modify it under the terms of the GNU General Public License | |
8 | * as published by the Free Software Foundation; either version | |
9 | * 2 of the License, or (at your option) any later version. | |
f1a9badc DH |
10 | * |
11 | * See Documentation/keys-request-key.txt | |
1da177e4 LT |
12 | */ |
13 | ||
14 | #include <linux/module.h> | |
15 | #include <linux/sched.h> | |
16 | #include <linux/kmod.h> | |
17 | #include <linux/err.h> | |
3e30148c | 18 | #include <linux/keyctl.h> |
fdb89bce | 19 | #include <linux/slab.h> |
1da177e4 LT |
20 | #include "internal.h" |
21 | ||
e9e349b0 DH |
22 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
23 | ||
76181c13 DH |
24 | /* |
25 | * wait_on_bit() sleep function for uninterruptible waiting | |
26 | */ | |
27 | static int key_wait_bit(void *flags) | |
28 | { | |
29 | schedule(); | |
30 | return 0; | |
31 | } | |
32 | ||
33 | /* | |
34 | * wait_on_bit() sleep function for interruptible waiting | |
35 | */ | |
36 | static int key_wait_bit_intr(void *flags) | |
37 | { | |
38 | schedule(); | |
39 | return signal_pending(current) ? -ERESTARTSYS : 0; | |
40 | } | |
41 | ||
42 | /* | |
43 | * call to complete the construction of a key | |
44 | */ | |
45 | void complete_request_key(struct key_construction *cons, int error) | |
46 | { | |
47 | kenter("{%d,%d},%d", cons->key->serial, cons->authkey->serial, error); | |
1da177e4 | 48 | |
76181c13 DH |
49 | if (error < 0) |
50 | key_negate_and_link(cons->key, key_negative_timeout, NULL, | |
51 | cons->authkey); | |
52 | else | |
53 | key_revoke(cons->authkey); | |
54 | ||
55 | key_put(cons->key); | |
56 | key_put(cons->authkey); | |
57 | kfree(cons); | |
58 | } | |
59 | EXPORT_SYMBOL(complete_request_key); | |
1da177e4 | 60 | |
685bfd2c ON |
61 | static int umh_keys_init(struct subprocess_info *info) |
62 | { | |
63 | struct cred *cred = (struct cred*)current_cred(); | |
64 | struct key *keyring = info->data; | |
65 | /* | |
66 | * This is called in context of freshly forked kthread before | |
67 | * kernel_execve(), we can just change our ->session_keyring. | |
68 | */ | |
69 | return install_session_keyring_to_cred(cred, keyring); | |
70 | } | |
71 | ||
72 | static void umh_keys_cleanup(struct subprocess_info *info) | |
73 | { | |
74 | struct key *keyring = info->data; | |
75 | key_put(keyring); | |
76 | } | |
77 | ||
78 | static int call_usermodehelper_keys(char *path, char **argv, char **envp, | |
79 | struct key *session_keyring, enum umh_wait wait) | |
80 | { | |
81 | gfp_t gfp_mask = (wait == UMH_NO_WAIT) ? GFP_ATOMIC : GFP_KERNEL; | |
82 | struct subprocess_info *info = | |
83 | call_usermodehelper_setup(path, argv, envp, gfp_mask); | |
84 | ||
85 | if (!info) | |
86 | return -ENOMEM; | |
87 | ||
88 | call_usermodehelper_setfns(info, umh_keys_init, umh_keys_cleanup, | |
89 | key_get(session_keyring)); | |
90 | return call_usermodehelper_exec(info, wait); | |
91 | } | |
92 | ||
1da177e4 LT |
93 | /* |
94 | * request userspace finish the construction of a key | |
b5f545c8 | 95 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
1da177e4 | 96 | */ |
76181c13 | 97 | static int call_sbin_request_key(struct key_construction *cons, |
4e54f085 DH |
98 | const char *op, |
99 | void *aux) | |
1da177e4 | 100 | { |
86a264ab | 101 | const struct cred *cred = current_cred(); |
1da177e4 | 102 | key_serial_t prkey, sskey; |
93b4a44f DH |
103 | struct key *key = cons->key, *authkey = cons->authkey, *keyring, |
104 | *session; | |
b5f545c8 | 105 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
1da177e4 | 106 | char key_str[12], keyring_str[3][12]; |
b5f545c8 | 107 | char desc[20]; |
3e30148c DH |
108 | int ret, i; |
109 | ||
b5f545c8 | 110 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
3e30148c | 111 | |
8bbf4976 DH |
112 | ret = install_user_keyrings(); |
113 | if (ret < 0) | |
114 | goto error_alloc; | |
115 | ||
b5f545c8 DH |
116 | /* allocate a new session keyring */ |
117 | sprintf(desc, "_req.%u", key->serial); | |
118 | ||
d84f4f99 DH |
119 | cred = get_current_cred(); |
120 | keyring = keyring_alloc(desc, cred->fsuid, cred->fsgid, cred, | |
7e047ef5 | 121 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
d84f4f99 | 122 | put_cred(cred); |
b5f545c8 DH |
123 | if (IS_ERR(keyring)) { |
124 | ret = PTR_ERR(keyring); | |
125 | goto error_alloc; | |
3e30148c | 126 | } |
1da177e4 | 127 | |
b5f545c8 | 128 | /* attach the auth key to the session keyring */ |
896903c2 | 129 | ret = key_link(keyring, authkey); |
b5f545c8 DH |
130 | if (ret < 0) |
131 | goto error_link; | |
132 | ||
1da177e4 | 133 | /* record the UID and GID */ |
86a264ab DH |
134 | sprintf(uid_str, "%d", cred->fsuid); |
135 | sprintf(gid_str, "%d", cred->fsgid); | |
1da177e4 LT |
136 | |
137 | /* we say which key is under construction */ | |
138 | sprintf(key_str, "%d", key->serial); | |
139 | ||
140 | /* we specify the process's default keyrings */ | |
141 | sprintf(keyring_str[0], "%d", | |
d84f4f99 | 142 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
1da177e4 LT |
143 | |
144 | prkey = 0; | |
bb952bb9 DH |
145 | if (cred->tgcred->process_keyring) |
146 | prkey = cred->tgcred->process_keyring->serial; | |
1da177e4 | 147 | |
93b4a44f DH |
148 | rcu_read_lock(); |
149 | session = rcu_dereference(cred->tgcred->session_keyring); | |
150 | if (!session) | |
151 | session = cred->user->session_keyring; | |
152 | sskey = session->serial; | |
153 | rcu_read_unlock(); | |
1da177e4 | 154 | |
1da177e4 LT |
155 | sprintf(keyring_str[2], "%d", sskey); |
156 | ||
157 | /* set up a minimal environment */ | |
158 | i = 0; | |
159 | envp[i++] = "HOME=/"; | |
160 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; | |
161 | envp[i] = NULL; | |
162 | ||
163 | /* set up the argument list */ | |
164 | i = 0; | |
165 | argv[i++] = "/sbin/request-key"; | |
166 | argv[i++] = (char *) op; | |
167 | argv[i++] = key_str; | |
168 | argv[i++] = uid_str; | |
169 | argv[i++] = gid_str; | |
170 | argv[i++] = keyring_str[0]; | |
171 | argv[i++] = keyring_str[1]; | |
172 | argv[i++] = keyring_str[2]; | |
1da177e4 LT |
173 | argv[i] = NULL; |
174 | ||
175 | /* do it */ | |
86313c48 JF |
176 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, |
177 | UMH_WAIT_PROC); | |
76181c13 DH |
178 | kdebug("usermode -> 0x%x", ret); |
179 | if (ret >= 0) { | |
180 | /* ret is the exit/wait code */ | |
181 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || | |
182 | key_validate(key) < 0) | |
183 | ret = -ENOKEY; | |
184 | else | |
185 | /* ignore any errors from userspace if the key was | |
186 | * instantiated */ | |
187 | ret = 0; | |
188 | } | |
3e30148c | 189 | |
b5f545c8 DH |
190 | error_link: |
191 | key_put(keyring); | |
3e30148c | 192 | |
b5f545c8 | 193 | error_alloc: |
76181c13 | 194 | complete_request_key(cons, ret); |
d84f4f99 | 195 | kleave(" = %d", ret); |
3e30148c | 196 | return ret; |
76181c13 | 197 | } |
1da177e4 | 198 | |
1da177e4 | 199 | /* |
76181c13 | 200 | * call out to userspace for key construction |
1da177e4 LT |
201 | * - we ignore program failure and go on key status instead |
202 | */ | |
4a38e122 | 203 | static int construct_key(struct key *key, const void *callout_info, |
8bbf4976 DH |
204 | size_t callout_len, void *aux, |
205 | struct key *dest_keyring) | |
1da177e4 | 206 | { |
76181c13 | 207 | struct key_construction *cons; |
b5f545c8 | 208 | request_key_actor_t actor; |
76181c13 DH |
209 | struct key *authkey; |
210 | int ret; | |
1da177e4 | 211 | |
4a38e122 | 212 | kenter("%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux); |
3e30148c | 213 | |
76181c13 DH |
214 | cons = kmalloc(sizeof(*cons), GFP_KERNEL); |
215 | if (!cons) | |
216 | return -ENOMEM; | |
1da177e4 | 217 | |
b5f545c8 | 218 | /* allocate an authorisation key */ |
8bbf4976 DH |
219 | authkey = request_key_auth_new(key, callout_info, callout_len, |
220 | dest_keyring); | |
b5f545c8 | 221 | if (IS_ERR(authkey)) { |
76181c13 | 222 | kfree(cons); |
b5f545c8 DH |
223 | ret = PTR_ERR(authkey); |
224 | authkey = NULL; | |
76181c13 DH |
225 | } else { |
226 | cons->authkey = key_get(authkey); | |
227 | cons->key = key_get(key); | |
228 | ||
229 | /* make the call */ | |
230 | actor = call_sbin_request_key; | |
231 | if (key->type->request_key) | |
232 | actor = key->type->request_key; | |
233 | ||
234 | ret = actor(cons, "create", aux); | |
235 | ||
236 | /* check that the actor called complete_request_key() prior to | |
237 | * returning an error */ | |
238 | WARN_ON(ret < 0 && | |
239 | !test_bit(KEY_FLAG_REVOKED, &authkey->flags)); | |
240 | key_put(authkey); | |
1da177e4 LT |
241 | } |
242 | ||
76181c13 DH |
243 | kleave(" = %d", ret); |
244 | return ret; | |
245 | } | |
1da177e4 | 246 | |
3e30148c | 247 | /* |
8bbf4976 DH |
248 | * get the appropriate destination keyring for the request |
249 | * - we return whatever keyring we select with an extra reference upon it which | |
250 | * the caller must release | |
3e30148c | 251 | */ |
8bbf4976 | 252 | static void construct_get_dest_keyring(struct key **_dest_keyring) |
3e30148c | 253 | { |
8bbf4976 | 254 | struct request_key_auth *rka; |
bb952bb9 | 255 | const struct cred *cred = current_cred(); |
8bbf4976 | 256 | struct key *dest_keyring = *_dest_keyring, *authkey; |
3e30148c | 257 | |
8bbf4976 | 258 | kenter("%p", dest_keyring); |
3e30148c DH |
259 | |
260 | /* find the appropriate keyring */ | |
8bbf4976 DH |
261 | if (dest_keyring) { |
262 | /* the caller supplied one */ | |
263 | key_get(dest_keyring); | |
264 | } else { | |
265 | /* use a default keyring; falling through the cases until we | |
266 | * find one that we actually have */ | |
bb952bb9 | 267 | switch (cred->jit_keyring) { |
3e30148c | 268 | case KEY_REQKEY_DEFL_DEFAULT: |
8bbf4976 | 269 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
bb952bb9 DH |
270 | if (cred->request_key_auth) { |
271 | authkey = cred->request_key_auth; | |
8bbf4976 DH |
272 | down_read(&authkey->sem); |
273 | rka = authkey->payload.data; | |
274 | if (!test_bit(KEY_FLAG_REVOKED, | |
275 | &authkey->flags)) | |
276 | dest_keyring = | |
277 | key_get(rka->dest_keyring); | |
278 | up_read(&authkey->sem); | |
279 | if (dest_keyring) | |
280 | break; | |
281 | } | |
282 | ||
3e30148c | 283 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
bb952bb9 | 284 | dest_keyring = key_get(cred->thread_keyring); |
3e30148c DH |
285 | if (dest_keyring) |
286 | break; | |
287 | ||
288 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: | |
bb952bb9 | 289 | dest_keyring = key_get(cred->tgcred->process_keyring); |
3e30148c DH |
290 | if (dest_keyring) |
291 | break; | |
292 | ||
293 | case KEY_REQKEY_DEFL_SESSION_KEYRING: | |
294 | rcu_read_lock(); | |
295 | dest_keyring = key_get( | |
bb952bb9 | 296 | rcu_dereference(cred->tgcred->session_keyring)); |
3e30148c | 297 | rcu_read_unlock(); |
3e30148c DH |
298 | |
299 | if (dest_keyring) | |
300 | break; | |
301 | ||
302 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | |
b6dff3ec | 303 | dest_keyring = |
bb952bb9 | 304 | key_get(cred->user->session_keyring); |
3e30148c DH |
305 | break; |
306 | ||
307 | case KEY_REQKEY_DEFL_USER_KEYRING: | |
bb952bb9 | 308 | dest_keyring = key_get(cred->user->uid_keyring); |
3e30148c DH |
309 | break; |
310 | ||
311 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | |
312 | default: | |
313 | BUG(); | |
314 | } | |
315 | } | |
316 | ||
8bbf4976 DH |
317 | *_dest_keyring = dest_keyring; |
318 | kleave(" [dk %d]", key_serial(dest_keyring)); | |
319 | return; | |
76181c13 | 320 | } |
3e30148c | 321 | |
76181c13 DH |
322 | /* |
323 | * allocate a new key in under-construction state and attempt to link it in to | |
324 | * the requested place | |
325 | * - may return a key that's already under construction instead | |
326 | */ | |
327 | static int construct_alloc_key(struct key_type *type, | |
328 | const char *description, | |
329 | struct key *dest_keyring, | |
330 | unsigned long flags, | |
331 | struct key_user *user, | |
332 | struct key **_key) | |
333 | { | |
f70e2e06 | 334 | struct keyring_list *prealloc; |
d84f4f99 | 335 | const struct cred *cred = current_cred(); |
76181c13 DH |
336 | struct key *key; |
337 | key_ref_t key_ref; | |
2b9e4688 | 338 | int ret; |
76181c13 DH |
339 | |
340 | kenter("%s,%s,,,", type->name, description); | |
341 | ||
f70e2e06 | 342 | *_key = NULL; |
76181c13 DH |
343 | mutex_lock(&user->cons_lock); |
344 | ||
d84f4f99 DH |
345 | key = key_alloc(type, description, cred->fsuid, cred->fsgid, cred, |
346 | KEY_POS_ALL, flags); | |
76181c13 DH |
347 | if (IS_ERR(key)) |
348 | goto alloc_failed; | |
349 | ||
350 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); | |
351 | ||
f70e2e06 DH |
352 | if (dest_keyring) { |
353 | ret = __key_link_begin(dest_keyring, type, description, | |
354 | &prealloc); | |
355 | if (ret < 0) | |
356 | goto link_prealloc_failed; | |
357 | } | |
76181c13 DH |
358 | |
359 | /* attach the key to the destination keyring under lock, but we do need | |
360 | * to do another check just in case someone beat us to it whilst we | |
361 | * waited for locks */ | |
362 | mutex_lock(&key_construction_mutex); | |
363 | ||
d84f4f99 | 364 | key_ref = search_process_keyrings(type, description, type->match, cred); |
76181c13 DH |
365 | if (!IS_ERR(key_ref)) |
366 | goto key_already_present; | |
367 | ||
34574dd1 | 368 | if (dest_keyring) |
f70e2e06 | 369 | __key_link(dest_keyring, key, &prealloc); |
76181c13 DH |
370 | |
371 | mutex_unlock(&key_construction_mutex); | |
34574dd1 | 372 | if (dest_keyring) |
f70e2e06 | 373 | __key_link_end(dest_keyring, type, prealloc); |
76181c13 DH |
374 | mutex_unlock(&user->cons_lock); |
375 | *_key = key; | |
376 | kleave(" = 0 [%d]", key_serial(key)); | |
377 | return 0; | |
378 | ||
2b9e4688 DH |
379 | /* the key is now present - we tell the caller that we found it by |
380 | * returning -EINPROGRESS */ | |
76181c13 | 381 | key_already_present: |
f70e2e06 | 382 | key_put(key); |
76181c13 | 383 | mutex_unlock(&key_construction_mutex); |
f70e2e06 | 384 | key = key_ref_to_ptr(key_ref); |
03449cd9 | 385 | if (dest_keyring) { |
f70e2e06 DH |
386 | ret = __key_link_check_live_key(dest_keyring, key); |
387 | if (ret == 0) | |
388 | __key_link(dest_keyring, key, &prealloc); | |
389 | __key_link_end(dest_keyring, type, prealloc); | |
390 | if (ret < 0) | |
391 | goto link_check_failed; | |
03449cd9 | 392 | } |
76181c13 | 393 | mutex_unlock(&user->cons_lock); |
f70e2e06 | 394 | *_key = key; |
76181c13 DH |
395 | kleave(" = -EINPROGRESS [%d]", key_serial(key)); |
396 | return -EINPROGRESS; | |
397 | ||
f70e2e06 DH |
398 | link_check_failed: |
399 | mutex_unlock(&user->cons_lock); | |
400 | key_put(key); | |
401 | kleave(" = %d [linkcheck]", ret); | |
402 | return ret; | |
403 | ||
404 | link_prealloc_failed: | |
405 | up_write(&dest_keyring->sem); | |
406 | mutex_unlock(&user->cons_lock); | |
407 | kleave(" = %d [prelink]", ret); | |
408 | return ret; | |
409 | ||
76181c13 DH |
410 | alloc_failed: |
411 | mutex_unlock(&user->cons_lock); | |
76181c13 DH |
412 | kleave(" = %ld", PTR_ERR(key)); |
413 | return PTR_ERR(key); | |
414 | } | |
415 | ||
416 | /* | |
417 | * commence key construction | |
418 | */ | |
419 | static struct key *construct_key_and_link(struct key_type *type, | |
420 | const char *description, | |
421 | const char *callout_info, | |
4a38e122 | 422 | size_t callout_len, |
76181c13 DH |
423 | void *aux, |
424 | struct key *dest_keyring, | |
425 | unsigned long flags) | |
426 | { | |
427 | struct key_user *user; | |
428 | struct key *key; | |
429 | int ret; | |
430 | ||
d84f4f99 DH |
431 | kenter(""); |
432 | ||
1d1e9756 | 433 | user = key_user_lookup(current_fsuid(), current_user_ns()); |
76181c13 DH |
434 | if (!user) |
435 | return ERR_PTR(-ENOMEM); | |
436 | ||
8bbf4976 DH |
437 | construct_get_dest_keyring(&dest_keyring); |
438 | ||
76181c13 DH |
439 | ret = construct_alloc_key(type, description, dest_keyring, flags, user, |
440 | &key); | |
441 | key_user_put(user); | |
442 | ||
443 | if (ret == 0) { | |
8bbf4976 DH |
444 | ret = construct_key(key, callout_info, callout_len, aux, |
445 | dest_keyring); | |
d84f4f99 DH |
446 | if (ret < 0) { |
447 | kdebug("cons failed"); | |
76181c13 | 448 | goto construction_failed; |
d84f4f99 | 449 | } |
2b9e4688 DH |
450 | } else if (ret == -EINPROGRESS) { |
451 | ret = 0; | |
452 | } else { | |
453 | key = ERR_PTR(ret); | |
76181c13 DH |
454 | } |
455 | ||
8bbf4976 | 456 | key_put(dest_keyring); |
d84f4f99 | 457 | kleave(" = key %d", key_serial(key)); |
76181c13 DH |
458 | return key; |
459 | ||
460 | construction_failed: | |
461 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); | |
462 | key_put(key); | |
8bbf4976 | 463 | key_put(dest_keyring); |
d84f4f99 | 464 | kleave(" = %d", ret); |
76181c13 DH |
465 | return ERR_PTR(ret); |
466 | } | |
3e30148c | 467 | |
1da177e4 LT |
468 | /* |
469 | * request a key | |
470 | * - search the process's keyrings | |
471 | * - check the list of keys being created or updated | |
3e30148c DH |
472 | * - call out to userspace for a key if supplementary info was provided |
473 | * - cache the key in an appropriate keyring | |
1da177e4 | 474 | */ |
3e30148c DH |
475 | struct key *request_key_and_link(struct key_type *type, |
476 | const char *description, | |
4a38e122 DH |
477 | const void *callout_info, |
478 | size_t callout_len, | |
4e54f085 | 479 | void *aux, |
7e047ef5 DH |
480 | struct key *dest_keyring, |
481 | unsigned long flags) | |
1da177e4 | 482 | { |
d84f4f99 | 483 | const struct cred *cred = current_cred(); |
1da177e4 | 484 | struct key *key; |
664cceb0 | 485 | key_ref_t key_ref; |
2b9e4688 | 486 | int ret; |
1da177e4 | 487 | |
4a38e122 DH |
488 | kenter("%s,%s,%p,%zu,%p,%p,%lx", |
489 | type->name, description, callout_info, callout_len, aux, | |
4e54f085 | 490 | dest_keyring, flags); |
3e30148c | 491 | |
1da177e4 | 492 | /* search all the process keyrings for a key */ |
664cceb0 | 493 | key_ref = search_process_keyrings(type, description, type->match, |
d84f4f99 | 494 | cred); |
1da177e4 | 495 | |
664cceb0 DH |
496 | if (!IS_ERR(key_ref)) { |
497 | key = key_ref_to_ptr(key_ref); | |
03449cd9 DH |
498 | if (dest_keyring) { |
499 | construct_get_dest_keyring(&dest_keyring); | |
2b9e4688 | 500 | ret = key_link(dest_keyring, key); |
03449cd9 | 501 | key_put(dest_keyring); |
2b9e4688 DH |
502 | if (ret < 0) { |
503 | key_put(key); | |
504 | key = ERR_PTR(ret); | |
505 | goto error; | |
506 | } | |
03449cd9 | 507 | } |
76181c13 | 508 | } else if (PTR_ERR(key_ref) != -EAGAIN) { |
e231c2ee | 509 | key = ERR_CAST(key_ref); |
76181c13 | 510 | } else { |
1da177e4 LT |
511 | /* the search failed, but the keyrings were searchable, so we |
512 | * should consult userspace if we can */ | |
513 | key = ERR_PTR(-ENOKEY); | |
514 | if (!callout_info) | |
515 | goto error; | |
516 | ||
76181c13 | 517 | key = construct_key_and_link(type, description, callout_info, |
4a38e122 DH |
518 | callout_len, aux, dest_keyring, |
519 | flags); | |
1da177e4 LT |
520 | } |
521 | ||
3e30148c DH |
522 | error: |
523 | kleave(" = %p", key); | |
1da177e4 | 524 | return key; |
76181c13 | 525 | } |
1da177e4 | 526 | |
76181c13 DH |
527 | /* |
528 | * wait for construction of a key to complete | |
529 | */ | |
530 | int wait_for_key_construction(struct key *key, bool intr) | |
531 | { | |
532 | int ret; | |
3e30148c | 533 | |
76181c13 DH |
534 | ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT, |
535 | intr ? key_wait_bit_intr : key_wait_bit, | |
536 | intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); | |
537 | if (ret < 0) | |
538 | return ret; | |
539 | return key_validate(key); | |
540 | } | |
541 | EXPORT_SYMBOL(wait_for_key_construction); | |
3e30148c | 542 | |
3e30148c DH |
543 | /* |
544 | * request a key | |
545 | * - search the process's keyrings | |
546 | * - check the list of keys being created or updated | |
547 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 548 | * - waits uninterruptible for creation to complete |
3e30148c DH |
549 | */ |
550 | struct key *request_key(struct key_type *type, | |
551 | const char *description, | |
552 | const char *callout_info) | |
553 | { | |
76181c13 | 554 | struct key *key; |
4a38e122 | 555 | size_t callout_len = 0; |
76181c13 DH |
556 | int ret; |
557 | ||
4a38e122 DH |
558 | if (callout_info) |
559 | callout_len = strlen(callout_info); | |
560 | key = request_key_and_link(type, description, callout_info, callout_len, | |
561 | NULL, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
562 | if (!IS_ERR(key)) { |
563 | ret = wait_for_key_construction(key, false); | |
564 | if (ret < 0) { | |
565 | key_put(key); | |
566 | return ERR_PTR(ret); | |
567 | } | |
568 | } | |
569 | return key; | |
570 | } | |
1da177e4 | 571 | EXPORT_SYMBOL(request_key); |
4e54f085 | 572 | |
4e54f085 DH |
573 | /* |
574 | * request a key with auxiliary data for the upcaller | |
575 | * - search the process's keyrings | |
576 | * - check the list of keys being created or updated | |
577 | * - call out to userspace for a key if supplementary info was provided | |
76181c13 | 578 | * - waits uninterruptible for creation to complete |
4e54f085 DH |
579 | */ |
580 | struct key *request_key_with_auxdata(struct key_type *type, | |
581 | const char *description, | |
4a38e122 DH |
582 | const void *callout_info, |
583 | size_t callout_len, | |
4e54f085 DH |
584 | void *aux) |
585 | { | |
76181c13 DH |
586 | struct key *key; |
587 | int ret; | |
588 | ||
4a38e122 DH |
589 | key = request_key_and_link(type, description, callout_info, callout_len, |
590 | aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
591 | if (!IS_ERR(key)) { |
592 | ret = wait_for_key_construction(key, false); | |
593 | if (ret < 0) { | |
594 | key_put(key); | |
595 | return ERR_PTR(ret); | |
596 | } | |
597 | } | |
598 | return key; | |
599 | } | |
600 | EXPORT_SYMBOL(request_key_with_auxdata); | |
4e54f085 | 601 | |
76181c13 DH |
602 | /* |
603 | * request a key (allow async construction) | |
604 | * - search the process's keyrings | |
605 | * - check the list of keys being created or updated | |
606 | * - call out to userspace for a key if supplementary info was provided | |
607 | */ | |
608 | struct key *request_key_async(struct key_type *type, | |
609 | const char *description, | |
4a38e122 DH |
610 | const void *callout_info, |
611 | size_t callout_len) | |
76181c13 | 612 | { |
4a38e122 DH |
613 | return request_key_and_link(type, description, callout_info, |
614 | callout_len, NULL, NULL, | |
615 | KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
616 | } |
617 | EXPORT_SYMBOL(request_key_async); | |
4e54f085 | 618 | |
76181c13 DH |
619 | /* |
620 | * request a key with auxiliary data for the upcaller (allow async construction) | |
621 | * - search the process's keyrings | |
622 | * - check the list of keys being created or updated | |
623 | * - call out to userspace for a key if supplementary info was provided | |
624 | */ | |
625 | struct key *request_key_async_with_auxdata(struct key_type *type, | |
626 | const char *description, | |
4a38e122 DH |
627 | const void *callout_info, |
628 | size_t callout_len, | |
76181c13 DH |
629 | void *aux) |
630 | { | |
4a38e122 DH |
631 | return request_key_and_link(type, description, callout_info, |
632 | callout_len, aux, NULL, KEY_ALLOC_IN_QUOTA); | |
76181c13 DH |
633 | } |
634 | EXPORT_SYMBOL(request_key_async_with_auxdata); |