1 | // SPDX-License-Identifier: GPL-2.0-or-later |
2 | /* Request a key from userspace |
3 | * |
4 | * Copyright (C) 2004-2007 Red Hat, Inc. All Rights Reserved. |
5 | * Written by David Howells (dhowells@redhat.com) |
6 | * |
7 | * See Documentation/security/keys/request-key.rst |
8 | */ |
9 | |
10 | #include <linux/export.h> |
11 | #include <linux/sched.h> |
12 | #include <linux/kmod.h> |
13 | #include <linux/err.h> |
14 | #include <linux/keyctl.h> |
15 | #include <linux/slab.h> |
16 | #include <net/net_namespace.h> |
17 | #include "internal.h" |
18 | #include <keys/request_key_auth-type.h> |
19 | |
20 | #define key_negative_timeout 60 /* default timeout on a negative key's existence */ |
21 | |
22 | static struct key *check_cached_key(struct keyring_search_context *ctx) |
23 | { |
24 | #ifdef CONFIG_KEYS_REQUEST_CACHE |
25 | struct key *key = current->cached_requested_key; |
26 | |
27 | if (key && |
28 | ctx->match_data.cmp(key, &ctx->match_data) && |
29 | !(key->flags & ((1 << KEY_FLAG_INVALIDATED) | |
30 | (1 << KEY_FLAG_REVOKED)))) |
31 | return key_get(key); |
32 | #endif |
33 | return NULL; |
34 | } |
35 | |
36 | static void cache_requested_key(struct key *key) |
37 | { |
38 | #ifdef CONFIG_KEYS_REQUEST_CACHE |
39 | struct task_struct *t = current; |
40 | |
41 | /* Do not cache key if it is a kernel thread */ |
42 | if (!(t->flags & PF_KTHREAD)) { |
43 | key_put(key: t->cached_requested_key); |
44 | t->cached_requested_key = key_get(key); |
45 | set_tsk_thread_flag(tsk: t, TIF_NOTIFY_RESUME); |
46 | } |
47 | #endif |
48 | } |
49 | |
50 | /** |
51 | * complete_request_key - Complete the construction of a key. |
52 | * @authkey: The authorisation key. |
53 | * @error: The success or failute of the construction. |
54 | * |
55 | * Complete the attempt to construct a key. The key will be negated |
56 | * if an error is indicated. The authorisation key will be revoked |
57 | * unconditionally. |
58 | */ |
59 | void complete_request_key(struct key *authkey, int error) |
60 | { |
61 | struct request_key_auth *rka = get_request_key_auth(key: authkey); |
62 | struct key *key = rka->target_key; |
63 | |
64 | kenter("%d{%d},%d" , authkey->serial, key->serial, error); |
65 | |
66 | if (error < 0) |
67 | key_negate_and_link(key, key_negative_timeout, NULL, authkey); |
68 | else |
69 | key_revoke(key: authkey); |
70 | } |
71 | EXPORT_SYMBOL(complete_request_key); |
72 | |
73 | /* |
74 | * Initialise a usermode helper that is going to have a specific session |
75 | * keyring. |
76 | * |
77 | * This is called in context of freshly forked kthread before kernel_execve(), |
78 | * so we can simply install the desired session_keyring at this point. |
79 | */ |
80 | static int umh_keys_init(struct subprocess_info *info, struct cred *cred) |
81 | { |
82 | struct key *keyring = info->data; |
83 | |
84 | return install_session_keyring_to_cred(cred, keyring); |
85 | } |
86 | |
87 | /* |
88 | * Clean up a usermode helper with session keyring. |
89 | */ |
90 | static void umh_keys_cleanup(struct subprocess_info *info) |
91 | { |
92 | struct key *keyring = info->data; |
93 | key_put(key: keyring); |
94 | } |
95 | |
96 | /* |
97 | * Call a usermode helper with a specific session keyring. |
98 | */ |
99 | static int call_usermodehelper_keys(const char *path, char **argv, char **envp, |
100 | struct key *session_keyring, int wait) |
101 | { |
102 | struct subprocess_info *info; |
103 | |
104 | info = call_usermodehelper_setup(path, argv, envp, GFP_KERNEL, |
105 | init: umh_keys_init, cleanup: umh_keys_cleanup, |
106 | data: session_keyring); |
107 | if (!info) |
108 | return -ENOMEM; |
109 | |
110 | key_get(key: session_keyring); |
111 | return call_usermodehelper_exec(info, wait); |
112 | } |
113 | |
114 | /* |
115 | * Request userspace finish the construction of a key |
116 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
117 | */ |
118 | static int call_sbin_request_key(struct key *authkey, void *aux) |
119 | { |
120 | static char const request_key[] = "/sbin/request-key" ; |
121 | struct request_key_auth *rka = get_request_key_auth(key: authkey); |
122 | const struct cred *cred = current_cred(); |
123 | key_serial_t prkey, sskey; |
124 | struct key *key = rka->target_key, *keyring, *session, *user_session; |
125 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
126 | char key_str[12], keyring_str[3][12]; |
127 | char desc[20]; |
128 | int ret, i; |
129 | |
130 | kenter("{%d},{%d},%s" , key->serial, authkey->serial, rka->op); |
131 | |
132 | ret = look_up_user_keyrings(NULL, &user_session); |
133 | if (ret < 0) |
134 | goto error_us; |
135 | |
136 | /* allocate a new session keyring */ |
137 | sprintf(buf: desc, fmt: "_req.%u" , key->serial); |
138 | |
139 | cred = get_current_cred(); |
140 | keyring = keyring_alloc(description: desc, uid: cred->fsuid, gid: cred->fsgid, cred, |
141 | KEY_POS_ALL | KEY_USR_VIEW | KEY_USR_READ, |
142 | KEY_ALLOC_QUOTA_OVERRUN, NULL, NULL); |
143 | put_cred(cred); |
144 | if (IS_ERR(ptr: keyring)) { |
145 | ret = PTR_ERR(ptr: keyring); |
146 | goto error_alloc; |
147 | } |
148 | |
149 | /* attach the auth key to the session keyring */ |
150 | ret = key_link(keyring, key: authkey); |
151 | if (ret < 0) |
152 | goto error_link; |
153 | |
154 | /* record the UID and GID */ |
155 | sprintf(buf: uid_str, fmt: "%d" , from_kuid(to: &init_user_ns, uid: cred->fsuid)); |
156 | sprintf(buf: gid_str, fmt: "%d" , from_kgid(to: &init_user_ns, gid: cred->fsgid)); |
157 | |
158 | /* we say which key is under construction */ |
159 | sprintf(buf: key_str, fmt: "%d" , key->serial); |
160 | |
161 | /* we specify the process's default keyrings */ |
162 | sprintf(buf: keyring_str[0], fmt: "%d" , |
163 | cred->thread_keyring ? cred->thread_keyring->serial : 0); |
164 | |
165 | prkey = 0; |
166 | if (cred->process_keyring) |
167 | prkey = cred->process_keyring->serial; |
168 | sprintf(buf: keyring_str[1], fmt: "%d" , prkey); |
169 | |
170 | session = cred->session_keyring; |
171 | if (!session) |
172 | session = user_session; |
173 | sskey = session->serial; |
174 | |
175 | sprintf(buf: keyring_str[2], fmt: "%d" , sskey); |
176 | |
177 | /* set up a minimal environment */ |
178 | i = 0; |
179 | envp[i++] = "HOME=/" ; |
180 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin" ; |
181 | envp[i] = NULL; |
182 | |
183 | /* set up the argument list */ |
184 | i = 0; |
185 | argv[i++] = (char *)request_key; |
186 | argv[i++] = (char *)rka->op; |
187 | argv[i++] = key_str; |
188 | argv[i++] = uid_str; |
189 | argv[i++] = gid_str; |
190 | argv[i++] = keyring_str[0]; |
191 | argv[i++] = keyring_str[1]; |
192 | argv[i++] = keyring_str[2]; |
193 | argv[i] = NULL; |
194 | |
195 | /* do it */ |
196 | ret = call_usermodehelper_keys(path: request_key, argv, envp, session_keyring: keyring, |
197 | UMH_WAIT_PROC); |
198 | kdebug("usermode -> 0x%x" , ret); |
199 | if (ret >= 0) { |
200 | /* ret is the exit/wait code */ |
201 | if (test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) || |
202 | key_validate(key) < 0) |
203 | ret = -ENOKEY; |
204 | else |
205 | /* ignore any errors from userspace if the key was |
206 | * instantiated */ |
207 | ret = 0; |
208 | } |
209 | |
210 | error_link: |
211 | key_put(key: keyring); |
212 | |
213 | error_alloc: |
214 | key_put(key: user_session); |
215 | error_us: |
216 | complete_request_key(authkey, ret); |
217 | kleave(" = %d" , ret); |
218 | return ret; |
219 | } |
220 | |
221 | /* |
222 | * Call out to userspace for key construction. |
223 | * |
224 | * Program failure is ignored in favour of key status. |
225 | */ |
226 | static int construct_key(struct key *key, const void *callout_info, |
227 | size_t callout_len, void *aux, |
228 | struct key *dest_keyring) |
229 | { |
230 | request_key_actor_t actor; |
231 | struct key *authkey; |
232 | int ret; |
233 | |
234 | kenter("%d,%p,%zu,%p" , key->serial, callout_info, callout_len, aux); |
235 | |
236 | /* allocate an authorisation key */ |
237 | authkey = request_key_auth_new(target: key, op: "create" , callout_info, callout_len, |
238 | dest_keyring); |
239 | if (IS_ERR(ptr: authkey)) |
240 | return PTR_ERR(ptr: authkey); |
241 | |
242 | /* Make the call */ |
243 | actor = call_sbin_request_key; |
244 | if (key->type->request_key) |
245 | actor = key->type->request_key; |
246 | |
247 | ret = actor(authkey, aux); |
248 | |
249 | /* check that the actor called complete_request_key() prior to |
250 | * returning an error */ |
251 | WARN_ON(ret < 0 && |
252 | !test_bit(KEY_FLAG_INVALIDATED, &authkey->flags)); |
253 | |
254 | key_put(key: authkey); |
255 | kleave(" = %d" , ret); |
256 | return ret; |
257 | } |
258 | |
259 | /* |
260 | * Get the appropriate destination keyring for the request. |
261 | * |
262 | * The keyring selected is returned with an extra reference upon it which the |
263 | * caller must release. |
264 | */ |
265 | static int construct_get_dest_keyring(struct key **_dest_keyring) |
266 | { |
267 | struct request_key_auth *rka; |
268 | const struct cred *cred = current_cred(); |
269 | struct key *dest_keyring = *_dest_keyring, *authkey; |
270 | int ret; |
271 | |
272 | kenter("%p" , dest_keyring); |
273 | |
274 | /* find the appropriate keyring */ |
275 | if (dest_keyring) { |
276 | /* the caller supplied one */ |
277 | key_get(key: dest_keyring); |
278 | } else { |
279 | bool do_perm_check = true; |
280 | |
281 | /* use a default keyring; falling through the cases until we |
282 | * find one that we actually have */ |
283 | switch (cred->jit_keyring) { |
284 | case KEY_REQKEY_DEFL_DEFAULT: |
285 | case KEY_REQKEY_DEFL_REQUESTOR_KEYRING: |
286 | if (cred->request_key_auth) { |
287 | authkey = cred->request_key_auth; |
288 | down_read(sem: &authkey->sem); |
289 | rka = get_request_key_auth(key: authkey); |
290 | if (!test_bit(KEY_FLAG_REVOKED, |
291 | &authkey->flags)) |
292 | dest_keyring = |
293 | key_get(key: rka->dest_keyring); |
294 | up_read(sem: &authkey->sem); |
295 | if (dest_keyring) { |
296 | do_perm_check = false; |
297 | break; |
298 | } |
299 | } |
300 | |
301 | fallthrough; |
302 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
303 | dest_keyring = key_get(key: cred->thread_keyring); |
304 | if (dest_keyring) |
305 | break; |
306 | |
307 | fallthrough; |
308 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
309 | dest_keyring = key_get(key: cred->process_keyring); |
310 | if (dest_keyring) |
311 | break; |
312 | |
313 | fallthrough; |
314 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
315 | dest_keyring = key_get(key: cred->session_keyring); |
316 | |
317 | if (dest_keyring) |
318 | break; |
319 | |
320 | fallthrough; |
321 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
322 | ret = look_up_user_keyrings(NULL, &dest_keyring); |
323 | if (ret < 0) |
324 | return ret; |
325 | break; |
326 | |
327 | case KEY_REQKEY_DEFL_USER_KEYRING: |
328 | ret = look_up_user_keyrings(&dest_keyring, NULL); |
329 | if (ret < 0) |
330 | return ret; |
331 | break; |
332 | |
333 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
334 | default: |
335 | BUG(); |
336 | } |
337 | |
338 | /* |
339 | * Require Write permission on the keyring. This is essential |
340 | * because the default keyring may be the session keyring, and |
341 | * joining a keyring only requires Search permission. |
342 | * |
343 | * However, this check is skipped for the "requestor keyring" so |
344 | * that /sbin/request-key can itself use request_key() to add |
345 | * keys to the original requestor's destination keyring. |
346 | */ |
347 | if (dest_keyring && do_perm_check) { |
348 | ret = key_permission(key_ref: make_key_ref(key: dest_keyring, possession: 1), |
349 | need_perm: KEY_NEED_WRITE); |
350 | if (ret) { |
351 | key_put(key: dest_keyring); |
352 | return ret; |
353 | } |
354 | } |
355 | } |
356 | |
357 | *_dest_keyring = dest_keyring; |
358 | kleave(" [dk %d]" , key_serial(dest_keyring)); |
359 | return 0; |
360 | } |
361 | |
362 | /* |
363 | * Allocate a new key in under-construction state and attempt to link it in to |
364 | * the requested keyring. |
365 | * |
366 | * May return a key that's already under construction instead if there was a |
367 | * race between two thread calling request_key(). |
368 | */ |
369 | static int construct_alloc_key(struct keyring_search_context *ctx, |
370 | struct key *dest_keyring, |
371 | unsigned long flags, |
372 | struct key_user *user, |
373 | struct key **_key) |
374 | { |
375 | struct assoc_array_edit *edit = NULL; |
376 | struct key *key; |
377 | key_perm_t perm; |
378 | key_ref_t key_ref; |
379 | int ret; |
380 | |
381 | kenter("%s,%s,,," , |
382 | ctx->index_key.type->name, ctx->index_key.description); |
383 | |
384 | *_key = NULL; |
385 | mutex_lock(&user->cons_lock); |
386 | |
387 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; |
388 | perm |= KEY_USR_VIEW; |
389 | if (ctx->index_key.type->read) |
390 | perm |= KEY_POS_READ; |
391 | if (ctx->index_key.type == &key_type_keyring || |
392 | ctx->index_key.type->update) |
393 | perm |= KEY_POS_WRITE; |
394 | |
395 | key = key_alloc(type: ctx->index_key.type, desc: ctx->index_key.description, |
396 | uid: ctx->cred->fsuid, gid: ctx->cred->fsgid, cred: ctx->cred, |
397 | perm, flags, NULL); |
398 | if (IS_ERR(ptr: key)) |
399 | goto alloc_failed; |
400 | |
401 | set_bit(KEY_FLAG_USER_CONSTRUCT, addr: &key->flags); |
402 | |
403 | if (dest_keyring) { |
404 | ret = __key_link_lock(keyring: dest_keyring, index_key: &key->index_key); |
405 | if (ret < 0) |
406 | goto link_lock_failed; |
407 | } |
408 | |
409 | /* |
410 | * Attach the key to the destination keyring under lock, but we do need |
411 | * to do another check just in case someone beat us to it whilst we |
412 | * waited for locks. |
413 | * |
414 | * The caller might specify a comparison function which looks for keys |
415 | * that do not exactly match but are still equivalent from the caller's |
416 | * perspective. The __key_link_begin() operation must be done only after |
417 | * an actual key is determined. |
418 | */ |
419 | mutex_lock(&key_construction_mutex); |
420 | |
421 | rcu_read_lock(); |
422 | key_ref = search_process_keyrings_rcu(ctx); |
423 | rcu_read_unlock(); |
424 | if (!IS_ERR(ptr: key_ref)) |
425 | goto key_already_present; |
426 | |
427 | if (dest_keyring) { |
428 | ret = __key_link_begin(keyring: dest_keyring, index_key: &key->index_key, edit: &edit); |
429 | if (ret < 0) |
430 | goto link_alloc_failed; |
431 | __key_link(keyring: dest_keyring, key, edit: &edit); |
432 | } |
433 | |
434 | mutex_unlock(lock: &key_construction_mutex); |
435 | if (dest_keyring) |
436 | __key_link_end(keyring: dest_keyring, index_key: &key->index_key, edit); |
437 | mutex_unlock(lock: &user->cons_lock); |
438 | *_key = key; |
439 | kleave(" = 0 [%d]" , key_serial(key)); |
440 | return 0; |
441 | |
442 | /* the key is now present - we tell the caller that we found it by |
443 | * returning -EINPROGRESS */ |
444 | key_already_present: |
445 | key_put(key); |
446 | mutex_unlock(lock: &key_construction_mutex); |
447 | key = key_ref_to_ptr(key_ref); |
448 | if (dest_keyring) { |
449 | ret = __key_link_begin(keyring: dest_keyring, index_key: &key->index_key, edit: &edit); |
450 | if (ret < 0) |
451 | goto link_alloc_failed_unlocked; |
452 | ret = __key_link_check_live_key(keyring: dest_keyring, key); |
453 | if (ret == 0) |
454 | __key_link(keyring: dest_keyring, key, edit: &edit); |
455 | __key_link_end(keyring: dest_keyring, index_key: &key->index_key, edit); |
456 | if (ret < 0) |
457 | goto link_check_failed; |
458 | } |
459 | mutex_unlock(lock: &user->cons_lock); |
460 | *_key = key; |
461 | kleave(" = -EINPROGRESS [%d]" , key_serial(key)); |
462 | return -EINPROGRESS; |
463 | |
464 | link_check_failed: |
465 | mutex_unlock(lock: &user->cons_lock); |
466 | key_put(key); |
467 | kleave(" = %d [linkcheck]" , ret); |
468 | return ret; |
469 | |
470 | link_alloc_failed: |
471 | mutex_unlock(lock: &key_construction_mutex); |
472 | link_alloc_failed_unlocked: |
473 | __key_link_end(keyring: dest_keyring, index_key: &key->index_key, edit); |
474 | link_lock_failed: |
475 | mutex_unlock(lock: &user->cons_lock); |
476 | key_put(key); |
477 | kleave(" = %d [prelink]" , ret); |
478 | return ret; |
479 | |
480 | alloc_failed: |
481 | mutex_unlock(lock: &user->cons_lock); |
482 | kleave(" = %ld" , PTR_ERR(key)); |
483 | return PTR_ERR(ptr: key); |
484 | } |
485 | |
486 | /* |
487 | * Commence key construction. |
488 | */ |
489 | static struct key *construct_key_and_link(struct keyring_search_context *ctx, |
490 | const char *callout_info, |
491 | size_t callout_len, |
492 | void *aux, |
493 | struct key *dest_keyring, |
494 | unsigned long flags) |
495 | { |
496 | struct key_user *user; |
497 | struct key *key; |
498 | int ret; |
499 | |
500 | kenter("" ); |
501 | |
502 | if (ctx->index_key.type == &key_type_keyring) |
503 | return ERR_PTR(error: -EPERM); |
504 | |
505 | ret = construct_get_dest_keyring(dest_keyring: &dest_keyring); |
506 | if (ret) |
507 | goto error; |
508 | |
509 | user = key_user_lookup(current_fsuid()); |
510 | if (!user) { |
511 | ret = -ENOMEM; |
512 | goto error_put_dest_keyring; |
513 | } |
514 | |
515 | ret = construct_alloc_key(ctx, dest_keyring, flags, user, key: &key); |
516 | key_user_put(user); |
517 | |
518 | if (ret == 0) { |
519 | ret = construct_key(key, callout_info, callout_len, aux, |
520 | dest_keyring); |
521 | if (ret < 0) { |
522 | kdebug("cons failed" ); |
523 | goto construction_failed; |
524 | } |
525 | } else if (ret == -EINPROGRESS) { |
526 | ret = 0; |
527 | } else { |
528 | goto error_put_dest_keyring; |
529 | } |
530 | |
531 | key_put(key: dest_keyring); |
532 | kleave(" = key %d" , key_serial(key)); |
533 | return key; |
534 | |
535 | construction_failed: |
536 | key_negate_and_link(key, key_negative_timeout, NULL, NULL); |
537 | key_put(key); |
538 | error_put_dest_keyring: |
539 | key_put(key: dest_keyring); |
540 | error: |
541 | kleave(" = %d" , ret); |
542 | return ERR_PTR(error: ret); |
543 | } |
544 | |
545 | /** |
546 | * request_key_and_link - Request a key and cache it in a keyring. |
547 | * @type: The type of key we want. |
548 | * @description: The searchable description of the key. |
549 | * @domain_tag: The domain in which the key operates. |
550 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
551 | * @callout_len: The length of callout_info. |
552 | * @aux: Auxiliary data for the upcall. |
553 | * @dest_keyring: Where to cache the key. |
554 | * @flags: Flags to key_alloc(). |
555 | * |
556 | * A key matching the specified criteria (type, description, domain_tag) is |
557 | * searched for in the process's keyrings and returned with its usage count |
558 | * incremented if found. Otherwise, if callout_info is not NULL, a key will be |
559 | * allocated and some service (probably in userspace) will be asked to |
560 | * instantiate it. |
561 | * |
562 | * If successfully found or created, the key will be linked to the destination |
563 | * keyring if one is provided. |
564 | * |
565 | * Returns a pointer to the key if successful; -EACCES, -ENOKEY, -EKEYREVOKED |
566 | * or -EKEYEXPIRED if an inaccessible, negative, revoked or expired key was |
567 | * found; -ENOKEY if no key was found and no @callout_info was given; -EDQUOT |
568 | * if insufficient key quota was available to create a new key; or -ENOMEM if |
569 | * insufficient memory was available. |
570 | * |
571 | * If the returned key was created, then it may still be under construction, |
572 | * and wait_for_key_construction() should be used to wait for that to complete. |
573 | */ |
574 | struct key *request_key_and_link(struct key_type *type, |
575 | const char *description, |
576 | struct key_tag *domain_tag, |
577 | const void *callout_info, |
578 | size_t callout_len, |
579 | void *aux, |
580 | struct key *dest_keyring, |
581 | unsigned long flags) |
582 | { |
583 | struct keyring_search_context ctx = { |
584 | .index_key.type = type, |
585 | .index_key.domain_tag = domain_tag, |
586 | .index_key.description = description, |
587 | .index_key.desc_len = strlen(description), |
588 | .cred = current_cred(), |
589 | .match_data.cmp = key_default_cmp, |
590 | .match_data.raw_data = description, |
591 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
592 | .flags = (KEYRING_SEARCH_DO_STATE_CHECK | |
593 | KEYRING_SEARCH_SKIP_EXPIRED | |
594 | KEYRING_SEARCH_RECURSE), |
595 | }; |
596 | struct key *key; |
597 | key_ref_t key_ref; |
598 | int ret; |
599 | |
600 | kenter("%s,%s,%p,%zu,%p,%p,%lx" , |
601 | ctx.index_key.type->name, ctx.index_key.description, |
602 | callout_info, callout_len, aux, dest_keyring, flags); |
603 | |
604 | if (type->match_preparse) { |
605 | ret = type->match_preparse(&ctx.match_data); |
606 | if (ret < 0) { |
607 | key = ERR_PTR(error: ret); |
608 | goto error; |
609 | } |
610 | } |
611 | |
612 | key = check_cached_key(ctx: &ctx); |
613 | if (key) |
614 | goto error_free; |
615 | |
616 | /* search all the process keyrings for a key */ |
617 | rcu_read_lock(); |
618 | key_ref = search_process_keyrings_rcu(ctx: &ctx); |
619 | rcu_read_unlock(); |
620 | |
621 | if (!IS_ERR(ptr: key_ref)) { |
622 | if (dest_keyring) { |
623 | ret = key_task_permission(key_ref, current_cred(), |
624 | need_perm: KEY_NEED_LINK); |
625 | if (ret < 0) { |
626 | key_ref_put(key_ref); |
627 | key = ERR_PTR(error: ret); |
628 | goto error_free; |
629 | } |
630 | } |
631 | |
632 | key = key_ref_to_ptr(key_ref); |
633 | if (dest_keyring) { |
634 | ret = key_link(keyring: dest_keyring, key); |
635 | if (ret < 0) { |
636 | key_put(key); |
637 | key = ERR_PTR(error: ret); |
638 | goto error_free; |
639 | } |
640 | } |
641 | |
642 | /* Only cache the key on immediate success */ |
643 | cache_requested_key(key); |
644 | } else if (PTR_ERR(ptr: key_ref) != -EAGAIN) { |
645 | key = ERR_CAST(ptr: key_ref); |
646 | } else { |
647 | /* the search failed, but the keyrings were searchable, so we |
648 | * should consult userspace if we can */ |
649 | key = ERR_PTR(error: -ENOKEY); |
650 | if (!callout_info) |
651 | goto error_free; |
652 | |
653 | key = construct_key_and_link(ctx: &ctx, callout_info, callout_len, |
654 | aux, dest_keyring, flags); |
655 | } |
656 | |
657 | error_free: |
658 | if (type->match_free) |
659 | type->match_free(&ctx.match_data); |
660 | error: |
661 | kleave(" = %p" , key); |
662 | return key; |
663 | } |
664 | |
665 | /** |
666 | * wait_for_key_construction - Wait for construction of a key to complete |
667 | * @key: The key being waited for. |
668 | * @intr: Whether to wait interruptibly. |
669 | * |
670 | * Wait for a key to finish being constructed. |
671 | * |
672 | * Returns 0 if successful; -ERESTARTSYS if the wait was interrupted; -ENOKEY |
673 | * if the key was negated; or -EKEYREVOKED or -EKEYEXPIRED if the key was |
674 | * revoked or expired. |
675 | */ |
676 | int wait_for_key_construction(struct key *key, bool intr) |
677 | { |
678 | int ret; |
679 | |
680 | ret = wait_on_bit(word: &key->flags, KEY_FLAG_USER_CONSTRUCT, |
681 | mode: intr ? TASK_INTERRUPTIBLE : TASK_UNINTERRUPTIBLE); |
682 | if (ret) |
683 | return -ERESTARTSYS; |
684 | ret = key_read_state(key); |
685 | if (ret < 0) |
686 | return ret; |
687 | return key_validate(key); |
688 | } |
689 | EXPORT_SYMBOL(wait_for_key_construction); |
690 | |
691 | /** |
692 | * request_key_tag - Request a key and wait for construction |
693 | * @type: Type of key. |
694 | * @description: The searchable description of the key. |
695 | * @domain_tag: The domain in which the key operates. |
696 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
697 | * |
698 | * As for request_key_and_link() except that it does not add the returned key |
699 | * to a keyring if found, new keys are always allocated in the user's quota, |
700 | * the callout_info must be a NUL-terminated string and no auxiliary data can |
701 | * be passed. |
702 | * |
703 | * Furthermore, it then works as wait_for_key_construction() to wait for the |
704 | * completion of keys undergoing construction with a non-interruptible wait. |
705 | */ |
706 | struct key *request_key_tag(struct key_type *type, |
707 | const char *description, |
708 | struct key_tag *domain_tag, |
709 | const char *callout_info) |
710 | { |
711 | struct key *key; |
712 | size_t callout_len = 0; |
713 | int ret; |
714 | |
715 | if (callout_info) |
716 | callout_len = strlen(callout_info); |
717 | key = request_key_and_link(type, description, domain_tag, |
718 | callout_info, callout_len, |
719 | NULL, NULL, KEY_ALLOC_IN_QUOTA); |
720 | if (!IS_ERR(ptr: key)) { |
721 | ret = wait_for_key_construction(key, false); |
722 | if (ret < 0) { |
723 | key_put(key); |
724 | return ERR_PTR(error: ret); |
725 | } |
726 | } |
727 | return key; |
728 | } |
729 | EXPORT_SYMBOL(request_key_tag); |
730 | |
731 | /** |
732 | * request_key_with_auxdata - Request a key with auxiliary data for the upcaller |
733 | * @type: The type of key we want. |
734 | * @description: The searchable description of the key. |
735 | * @domain_tag: The domain in which the key operates. |
736 | * @callout_info: The data to pass to the instantiation upcall (or NULL). |
737 | * @callout_len: The length of callout_info. |
738 | * @aux: Auxiliary data for the upcall. |
739 | * |
740 | * As for request_key_and_link() except that it does not add the returned key |
741 | * to a keyring if found and new keys are always allocated in the user's quota. |
742 | * |
743 | * Furthermore, it then works as wait_for_key_construction() to wait for the |
744 | * completion of keys undergoing construction with a non-interruptible wait. |
745 | */ |
746 | struct key *request_key_with_auxdata(struct key_type *type, |
747 | const char *description, |
748 | struct key_tag *domain_tag, |
749 | const void *callout_info, |
750 | size_t callout_len, |
751 | void *aux) |
752 | { |
753 | struct key *key; |
754 | int ret; |
755 | |
756 | key = request_key_and_link(type, description, domain_tag, |
757 | callout_info, callout_len, |
758 | aux, NULL, KEY_ALLOC_IN_QUOTA); |
759 | if (!IS_ERR(ptr: key)) { |
760 | ret = wait_for_key_construction(key, false); |
761 | if (ret < 0) { |
762 | key_put(key); |
763 | return ERR_PTR(error: ret); |
764 | } |
765 | } |
766 | return key; |
767 | } |
768 | EXPORT_SYMBOL(request_key_with_auxdata); |
769 | |
770 | /** |
771 | * request_key_rcu - Request key from RCU-read-locked context |
772 | * @type: The type of key we want. |
773 | * @description: The name of the key we want. |
774 | * @domain_tag: The domain in which the key operates. |
775 | * |
776 | * Request a key from a context that we may not sleep in (such as RCU-mode |
777 | * pathwalk). Keys under construction are ignored. |
778 | * |
779 | * Return a pointer to the found key if successful, -ENOKEY if we couldn't find |
780 | * a key or some other error if the key found was unsuitable or inaccessible. |
781 | */ |
782 | struct key *request_key_rcu(struct key_type *type, |
783 | const char *description, |
784 | struct key_tag *domain_tag) |
785 | { |
786 | struct keyring_search_context ctx = { |
787 | .index_key.type = type, |
788 | .index_key.domain_tag = domain_tag, |
789 | .index_key.description = description, |
790 | .index_key.desc_len = strlen(description), |
791 | .cred = current_cred(), |
792 | .match_data.cmp = key_default_cmp, |
793 | .match_data.raw_data = description, |
794 | .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, |
795 | .flags = (KEYRING_SEARCH_DO_STATE_CHECK | |
796 | KEYRING_SEARCH_SKIP_EXPIRED), |
797 | }; |
798 | struct key *key; |
799 | key_ref_t key_ref; |
800 | |
801 | kenter("%s,%s" , type->name, description); |
802 | |
803 | key = check_cached_key(ctx: &ctx); |
804 | if (key) |
805 | return key; |
806 | |
807 | /* search all the process keyrings for a key */ |
808 | key_ref = search_process_keyrings_rcu(ctx: &ctx); |
809 | if (IS_ERR(ptr: key_ref)) { |
810 | key = ERR_CAST(ptr: key_ref); |
811 | if (PTR_ERR(ptr: key_ref) == -EAGAIN) |
812 | key = ERR_PTR(error: -ENOKEY); |
813 | } else { |
814 | key = key_ref_to_ptr(key_ref); |
815 | cache_requested_key(key); |
816 | } |
817 | |
818 | kleave(" = %p" , key); |
819 | return key; |
820 | } |
821 | EXPORT_SYMBOL(request_key_rcu); |
822 | |