Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 1 | /* request_key.c: request a key from userspace |
| 2 | * |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 3 | * Copyright (C) 2004-5 Red Hat, Inc. All Rights Reserved. |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 4 | * Written by David Howells (dhowells@redhat.com) |
| 5 | * |
| 6 | * This program is free software; you can redistribute it and/or |
| 7 | * modify it under the terms of the GNU General Public License |
| 8 | * as published by the Free Software Foundation; either version |
| 9 | * 2 of the License, or (at your option) any later version. |
David Howells | f1a9bad | 2005-10-07 15:04:52 +0100 | [diff] [blame] | 10 | * |
| 11 | * See Documentation/keys-request-key.txt |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 12 | */ |
| 13 | |
| 14 | #include <linux/module.h> |
| 15 | #include <linux/sched.h> |
| 16 | #include <linux/kmod.h> |
| 17 | #include <linux/err.h> |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 18 | #include <linux/keyctl.h> |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 19 | #include "internal.h" |
| 20 | |
| 21 | struct key_construction { |
| 22 | struct list_head link; /* link in construction queue */ |
| 23 | struct key *key; /* key being constructed */ |
| 24 | }; |
| 25 | |
| 26 | /* when waiting for someone else's keys, you get added to this */ |
| 27 | DECLARE_WAIT_QUEUE_HEAD(request_key_conswq); |
| 28 | |
| 29 | /*****************************************************************************/ |
| 30 | /* |
| 31 | * request userspace finish the construction of a key |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 32 | * - execute "/sbin/request-key <op> <key> <uid> <gid> <keyring> <keyring> <keyring>" |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 33 | */ |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 34 | static int call_sbin_request_key(struct key *key, |
| 35 | struct key *authkey, |
| 36 | const char *op) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 37 | { |
| 38 | struct task_struct *tsk = current; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 39 | key_serial_t prkey, sskey; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 40 | struct key *keyring; |
| 41 | char *argv[9], *envp[3], uid_str[12], gid_str[12]; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 42 | char key_str[12], keyring_str[3][12]; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 43 | char desc[20]; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 44 | int ret, i; |
| 45 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 46 | kenter("{%d},{%d},%s", key->serial, authkey->serial, op); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 47 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 48 | /* allocate a new session keyring */ |
| 49 | sprintf(desc, "_req.%u", key->serial); |
| 50 | |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 51 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, |
| 52 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 53 | if (IS_ERR(keyring)) { |
| 54 | ret = PTR_ERR(keyring); |
| 55 | goto error_alloc; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 56 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 57 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 58 | /* attach the auth key to the session keyring */ |
| 59 | ret = __key_link(keyring, authkey); |
| 60 | if (ret < 0) |
| 61 | goto error_link; |
| 62 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 63 | /* record the UID and GID */ |
| 64 | sprintf(uid_str, "%d", current->fsuid); |
| 65 | sprintf(gid_str, "%d", current->fsgid); |
| 66 | |
| 67 | /* we say which key is under construction */ |
| 68 | sprintf(key_str, "%d", key->serial); |
| 69 | |
| 70 | /* we specify the process's default keyrings */ |
| 71 | sprintf(keyring_str[0], "%d", |
| 72 | tsk->thread_keyring ? tsk->thread_keyring->serial : 0); |
| 73 | |
| 74 | prkey = 0; |
| 75 | if (tsk->signal->process_keyring) |
| 76 | prkey = tsk->signal->process_keyring->serial; |
| 77 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 78 | sprintf(keyring_str[1], "%d", prkey); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 79 | |
| 80 | if (tsk->signal->session_keyring) { |
| 81 | rcu_read_lock(); |
| 82 | sskey = rcu_dereference(tsk->signal->session_keyring)->serial; |
| 83 | rcu_read_unlock(); |
| 84 | } |
| 85 | else { |
| 86 | sskey = tsk->user->session_keyring->serial; |
| 87 | } |
| 88 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 89 | sprintf(keyring_str[2], "%d", sskey); |
| 90 | |
| 91 | /* set up a minimal environment */ |
| 92 | i = 0; |
| 93 | envp[i++] = "HOME=/"; |
| 94 | envp[i++] = "PATH=/sbin:/bin:/usr/sbin:/usr/bin"; |
| 95 | envp[i] = NULL; |
| 96 | |
| 97 | /* set up the argument list */ |
| 98 | i = 0; |
| 99 | argv[i++] = "/sbin/request-key"; |
| 100 | argv[i++] = (char *) op; |
| 101 | argv[i++] = key_str; |
| 102 | argv[i++] = uid_str; |
| 103 | argv[i++] = gid_str; |
| 104 | argv[i++] = keyring_str[0]; |
| 105 | argv[i++] = keyring_str[1]; |
| 106 | argv[i++] = keyring_str[2]; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 107 | argv[i] = NULL; |
| 108 | |
| 109 | /* do it */ |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 110 | ret = call_usermodehelper_keys(argv[0], argv, envp, keyring, 1); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 111 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 112 | error_link: |
| 113 | key_put(keyring); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 114 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 115 | error_alloc: |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 116 | kleave(" = %d", ret); |
| 117 | return ret; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 118 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 119 | } /* end call_sbin_request_key() */ |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 120 | |
| 121 | /*****************************************************************************/ |
| 122 | /* |
| 123 | * call out to userspace for the key |
| 124 | * - called with the construction sem held, but the sem is dropped here |
| 125 | * - we ignore program failure and go on key status instead |
| 126 | */ |
| 127 | static struct key *__request_key_construction(struct key_type *type, |
| 128 | const char *description, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 129 | const char *callout_info, |
| 130 | unsigned long flags) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 131 | { |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 132 | request_key_actor_t actor; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 133 | struct key_construction cons; |
| 134 | struct timespec now; |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 135 | struct key *key, *authkey; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 136 | int ret, negated; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 137 | |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 138 | kenter("%s,%s,%s,%lx", type->name, description, callout_info, flags); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 139 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 140 | /* create a key and add it to the queue */ |
| 141 | key = key_alloc(type, description, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 142 | current->fsuid, current->fsgid, current, KEY_POS_ALL, |
| 143 | flags); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 144 | if (IS_ERR(key)) |
| 145 | goto alloc_failed; |
| 146 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 147 | set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 148 | |
| 149 | cons.key = key; |
| 150 | list_add_tail(&cons.link, &key->user->consq); |
| 151 | |
| 152 | /* we drop the construction sem here on behalf of the caller */ |
| 153 | up_write(&key_construction_sem); |
| 154 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 155 | /* allocate an authorisation key */ |
| 156 | authkey = request_key_auth_new(key, callout_info); |
| 157 | if (IS_ERR(authkey)) { |
| 158 | ret = PTR_ERR(authkey); |
| 159 | authkey = NULL; |
| 160 | goto alloc_authkey_failed; |
| 161 | } |
| 162 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 163 | /* make the call */ |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 164 | actor = call_sbin_request_key; |
| 165 | if (type->request_key) |
| 166 | actor = type->request_key; |
| 167 | ret = actor(key, authkey, "create"); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 168 | if (ret < 0) |
| 169 | goto request_failed; |
| 170 | |
| 171 | /* if the key wasn't instantiated, then we want to give an error */ |
| 172 | ret = -ENOKEY; |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 173 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 174 | goto request_failed; |
| 175 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 176 | key_revoke(authkey); |
| 177 | key_put(authkey); |
| 178 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 179 | down_write(&key_construction_sem); |
| 180 | list_del(&cons.link); |
| 181 | up_write(&key_construction_sem); |
| 182 | |
| 183 | /* also give an error if the key was negatively instantiated */ |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 184 | check_not_negative: |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 185 | if (test_bit(KEY_FLAG_NEGATIVE, &key->flags)) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 186 | key_put(key); |
| 187 | key = ERR_PTR(-ENOKEY); |
| 188 | } |
| 189 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 190 | out: |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 191 | kleave(" = %p", key); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 192 | return key; |
| 193 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 194 | request_failed: |
| 195 | key_revoke(authkey); |
| 196 | key_put(authkey); |
| 197 | |
| 198 | alloc_authkey_failed: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 199 | /* it wasn't instantiated |
| 200 | * - remove from construction queue |
| 201 | * - mark the key as dead |
| 202 | */ |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 203 | negated = 0; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 204 | down_write(&key_construction_sem); |
| 205 | |
| 206 | list_del(&cons.link); |
| 207 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 208 | /* check it didn't get instantiated between the check and the down */ |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 209 | if (!test_bit(KEY_FLAG_INSTANTIATED, &key->flags)) { |
| 210 | set_bit(KEY_FLAG_NEGATIVE, &key->flags); |
| 211 | set_bit(KEY_FLAG_INSTANTIATED, &key->flags); |
| 212 | negated = 1; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 213 | } |
| 214 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 215 | clear_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags); |
| 216 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 217 | up_write(&key_construction_sem); |
| 218 | |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 219 | if (!negated) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 220 | goto check_not_negative; /* surprisingly, the key got |
| 221 | * instantiated */ |
| 222 | |
| 223 | /* set the timeout and store in the session keyring if we can */ |
| 224 | now = current_kernel_time(); |
| 225 | key->expiry = now.tv_sec + key_negative_timeout; |
| 226 | |
| 227 | if (current->signal->session_keyring) { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 228 | struct key *keyring; |
| 229 | |
David Howells | 8589b4e | 2005-06-23 22:00:53 -0700 | [diff] [blame] | 230 | rcu_read_lock(); |
| 231 | keyring = rcu_dereference(current->signal->session_keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 232 | atomic_inc(&keyring->usage); |
David Howells | 8589b4e | 2005-06-23 22:00:53 -0700 | [diff] [blame] | 233 | rcu_read_unlock(); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 234 | |
| 235 | key_link(keyring, key); |
| 236 | key_put(keyring); |
| 237 | } |
| 238 | |
| 239 | key_put(key); |
| 240 | |
| 241 | /* notify anyone who was waiting */ |
| 242 | wake_up_all(&request_key_conswq); |
| 243 | |
| 244 | key = ERR_PTR(ret); |
| 245 | goto out; |
| 246 | |
David Howells | b5f545c | 2006-01-08 01:02:47 -0800 | [diff] [blame] | 247 | alloc_failed: |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 248 | up_write(&key_construction_sem); |
| 249 | goto out; |
| 250 | |
| 251 | } /* end __request_key_construction() */ |
| 252 | |
| 253 | /*****************************************************************************/ |
| 254 | /* |
| 255 | * call out to userspace to request the key |
| 256 | * - we check the construction queue first to see if an appropriate key is |
| 257 | * already being constructed by userspace |
| 258 | */ |
| 259 | static struct key *request_key_construction(struct key_type *type, |
| 260 | const char *description, |
| 261 | struct key_user *user, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 262 | const char *callout_info, |
| 263 | unsigned long flags) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 264 | { |
| 265 | struct key_construction *pcons; |
| 266 | struct key *key, *ckey; |
| 267 | |
| 268 | DECLARE_WAITQUEUE(myself, current); |
| 269 | |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 270 | kenter("%s,%s,{%d},%s,%lx", |
| 271 | type->name, description, user->uid, callout_info, flags); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 272 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 273 | /* see if there's such a key under construction already */ |
| 274 | down_write(&key_construction_sem); |
| 275 | |
| 276 | list_for_each_entry(pcons, &user->consq, link) { |
| 277 | ckey = pcons->key; |
| 278 | |
| 279 | if (ckey->type != type) |
| 280 | continue; |
| 281 | |
| 282 | if (type->match(ckey, description)) |
| 283 | goto found_key_under_construction; |
| 284 | } |
| 285 | |
| 286 | /* see about getting userspace to construct the key */ |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 287 | key = __request_key_construction(type, description, callout_info, |
| 288 | flags); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 289 | error: |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 290 | kleave(" = %p", key); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 291 | return key; |
| 292 | |
| 293 | /* someone else has the same key under construction |
| 294 | * - we want to keep an eye on their key |
| 295 | */ |
| 296 | found_key_under_construction: |
| 297 | atomic_inc(&ckey->usage); |
| 298 | up_write(&key_construction_sem); |
| 299 | |
| 300 | /* wait for the key to be completed one way or another */ |
| 301 | add_wait_queue(&request_key_conswq, &myself); |
| 302 | |
| 303 | for (;;) { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 304 | set_current_state(TASK_INTERRUPTIBLE); |
David Howells | 76d8aea | 2005-06-23 22:00:49 -0700 | [diff] [blame] | 305 | if (!test_bit(KEY_FLAG_USER_CONSTRUCT, &ckey->flags)) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 306 | break; |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 307 | if (signal_pending(current)) |
| 308 | break; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 309 | schedule(); |
| 310 | } |
| 311 | |
| 312 | set_current_state(TASK_RUNNING); |
| 313 | remove_wait_queue(&request_key_conswq, &myself); |
| 314 | |
| 315 | /* we'll need to search this process's keyrings to see if the key is |
| 316 | * now there since we can't automatically assume it's also available |
| 317 | * there */ |
| 318 | key_put(ckey); |
| 319 | ckey = NULL; |
| 320 | |
| 321 | key = NULL; /* request a retry */ |
| 322 | goto error; |
| 323 | |
| 324 | } /* end request_key_construction() */ |
| 325 | |
| 326 | /*****************************************************************************/ |
| 327 | /* |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 328 | * link a freshly minted key to an appropriate destination keyring |
| 329 | */ |
| 330 | static void request_key_link(struct key *key, struct key *dest_keyring) |
| 331 | { |
| 332 | struct task_struct *tsk = current; |
| 333 | struct key *drop = NULL; |
| 334 | |
| 335 | kenter("{%d},%p", key->serial, dest_keyring); |
| 336 | |
| 337 | /* find the appropriate keyring */ |
| 338 | if (!dest_keyring) { |
| 339 | switch (tsk->jit_keyring) { |
| 340 | case KEY_REQKEY_DEFL_DEFAULT: |
| 341 | case KEY_REQKEY_DEFL_THREAD_KEYRING: |
| 342 | dest_keyring = tsk->thread_keyring; |
| 343 | if (dest_keyring) |
| 344 | break; |
| 345 | |
| 346 | case KEY_REQKEY_DEFL_PROCESS_KEYRING: |
| 347 | dest_keyring = tsk->signal->process_keyring; |
| 348 | if (dest_keyring) |
| 349 | break; |
| 350 | |
| 351 | case KEY_REQKEY_DEFL_SESSION_KEYRING: |
| 352 | rcu_read_lock(); |
| 353 | dest_keyring = key_get( |
| 354 | rcu_dereference(tsk->signal->session_keyring)); |
| 355 | rcu_read_unlock(); |
| 356 | drop = dest_keyring; |
| 357 | |
| 358 | if (dest_keyring) |
| 359 | break; |
| 360 | |
| 361 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
| 362 | dest_keyring = current->user->session_keyring; |
| 363 | break; |
| 364 | |
| 365 | case KEY_REQKEY_DEFL_USER_KEYRING: |
| 366 | dest_keyring = current->user->uid_keyring; |
| 367 | break; |
| 368 | |
| 369 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
| 370 | default: |
| 371 | BUG(); |
| 372 | } |
| 373 | } |
| 374 | |
| 375 | /* and attach the key to it */ |
| 376 | key_link(dest_keyring, key); |
| 377 | |
| 378 | key_put(drop); |
| 379 | |
| 380 | kleave(""); |
| 381 | |
| 382 | } /* end request_key_link() */ |
| 383 | |
| 384 | /*****************************************************************************/ |
| 385 | /* |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 386 | * request a key |
| 387 | * - search the process's keyrings |
| 388 | * - check the list of keys being created or updated |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 389 | * - call out to userspace for a key if supplementary info was provided |
| 390 | * - cache the key in an appropriate keyring |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 391 | */ |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 392 | struct key *request_key_and_link(struct key_type *type, |
| 393 | const char *description, |
| 394 | const char *callout_info, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 395 | struct key *dest_keyring, |
| 396 | unsigned long flags) |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 397 | { |
| 398 | struct key_user *user; |
| 399 | struct key *key; |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 400 | key_ref_t key_ref; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 401 | |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 402 | kenter("%s,%s,%s,%p,%lx", |
| 403 | type->name, description, callout_info, dest_keyring, flags); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 404 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 405 | /* search all the process keyrings for a key */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 406 | key_ref = search_process_keyrings(type, description, type->match, |
| 407 | current); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 408 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 409 | kdebug("search 1: %p", key_ref); |
| 410 | |
| 411 | if (!IS_ERR(key_ref)) { |
| 412 | key = key_ref_to_ptr(key_ref); |
| 413 | } |
| 414 | else if (PTR_ERR(key_ref) != -EAGAIN) { |
| 415 | key = ERR_PTR(PTR_ERR(key_ref)); |
| 416 | } |
| 417 | else { |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 418 | /* the search failed, but the keyrings were searchable, so we |
| 419 | * should consult userspace if we can */ |
| 420 | key = ERR_PTR(-ENOKEY); |
| 421 | if (!callout_info) |
| 422 | goto error; |
| 423 | |
| 424 | /* - get hold of the user's construction queue */ |
| 425 | user = key_user_lookup(current->fsuid); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 426 | if (!user) |
| 427 | goto nomem; |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 428 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 429 | for (;;) { |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 430 | if (signal_pending(current)) |
| 431 | goto interrupted; |
| 432 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 433 | /* ask userspace (returns NULL if it waited on a key |
| 434 | * being constructed) */ |
| 435 | key = request_key_construction(type, description, |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 436 | user, callout_info, |
| 437 | flags); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 438 | if (key) |
| 439 | break; |
| 440 | |
| 441 | /* someone else made the key we want, so we need to |
| 442 | * search again as it might now be available to us */ |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 443 | key_ref = search_process_keyrings(type, description, |
| 444 | type->match, |
| 445 | current); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 446 | |
David Howells | 664cceb | 2005-09-28 17:03:15 +0100 | [diff] [blame] | 447 | kdebug("search 2: %p", key_ref); |
| 448 | |
| 449 | if (!IS_ERR(key_ref)) { |
| 450 | key = key_ref_to_ptr(key_ref); |
| 451 | break; |
| 452 | } |
| 453 | |
| 454 | if (PTR_ERR(key_ref) != -EAGAIN) { |
| 455 | key = ERR_PTR(PTR_ERR(key_ref)); |
| 456 | break; |
| 457 | } |
| 458 | } |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 459 | |
| 460 | key_user_put(user); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 461 | |
| 462 | /* link the new key into the appropriate keyring */ |
David Howells | 1260f80 | 2005-08-04 11:50:01 +0100 | [diff] [blame] | 463 | if (!IS_ERR(key)) |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 464 | request_key_link(key, dest_keyring); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 465 | } |
| 466 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 467 | error: |
| 468 | kleave(" = %p", key); |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 469 | return key; |
| 470 | |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 471 | nomem: |
| 472 | key = ERR_PTR(-ENOMEM); |
| 473 | goto error; |
| 474 | |
| 475 | interrupted: |
| 476 | key_user_put(user); |
| 477 | key = ERR_PTR(-EINTR); |
| 478 | goto error; |
| 479 | |
| 480 | } /* end request_key_and_link() */ |
| 481 | |
| 482 | /*****************************************************************************/ |
| 483 | /* |
| 484 | * request a key |
| 485 | * - search the process's keyrings |
| 486 | * - check the list of keys being created or updated |
| 487 | * - call out to userspace for a key if supplementary info was provided |
| 488 | */ |
| 489 | struct key *request_key(struct key_type *type, |
| 490 | const char *description, |
| 491 | const char *callout_info) |
| 492 | { |
David Howells | 7e047ef | 2006-06-26 00:24:50 -0700 | [diff] [blame] | 493 | return request_key_and_link(type, description, callout_info, NULL, |
| 494 | KEY_ALLOC_IN_QUOTA); |
David Howells | 3e30148 | 2005-06-23 22:00:56 -0700 | [diff] [blame] | 495 | |
Linus Torvalds | 1da177e | 2005-04-16 15:20:36 -0700 | [diff] [blame] | 496 | } /* end request_key() */ |
| 497 | |
| 498 | EXPORT_SYMBOL(request_key); |