1 /* Request key authorisation token key definition. 2 * 3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved. 4 * Written by David Howells (dhowells@redhat.com) 5 * 6 * This program is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU General Public License 8 * as published by the Free Software Foundation; either version 9 * 2 of the License, or (at your option) any later version. 10 * 11 * See Documentation/security/keys/request-key.rst 12 */ 13 14 #include <linux/sched.h> 15 #include <linux/err.h> 16 #include <linux/seq_file.h> 17 #include <linux/slab.h> 18 #include <linux/uaccess.h> 19 #include "internal.h" 20 #include <keys/request_key_auth-type.h> 21 22 static int request_key_auth_preparse(struct key_preparsed_payload *); 23 static void request_key_auth_free_preparse(struct key_preparsed_payload *); 24 static int request_key_auth_instantiate(struct key *, 25 struct key_preparsed_payload *); 26 static void request_key_auth_describe(const struct key *, struct seq_file *); 27 static void request_key_auth_revoke(struct key *); 28 static void request_key_auth_destroy(struct key *); 29 static long request_key_auth_read(const struct key *, char __user *, size_t); 30 31 /* 32 * The request-key authorisation key type definition. 33 */ 34 struct key_type key_type_request_key_auth = { 35 .name = ".request_key_auth", 36 .def_datalen = sizeof(struct request_key_auth), 37 .preparse = request_key_auth_preparse, 38 .free_preparse = request_key_auth_free_preparse, 39 .instantiate = request_key_auth_instantiate, 40 .describe = request_key_auth_describe, 41 .revoke = request_key_auth_revoke, 42 .destroy = request_key_auth_destroy, 43 .read = request_key_auth_read, 44 }; 45 46 static int request_key_auth_preparse(struct key_preparsed_payload *prep) 47 { 48 return 0; 49 } 50 51 static void request_key_auth_free_preparse(struct key_preparsed_payload *prep) 52 { 53 } 54 55 /* 56 * Instantiate a request-key authorisation key. 57 */ 58 static int request_key_auth_instantiate(struct key *key, 59 struct key_preparsed_payload *prep) 60 { 61 key->payload.data[0] = (struct request_key_auth *)prep->data; 62 return 0; 63 } 64 65 /* 66 * Describe an authorisation token. 67 */ 68 static void request_key_auth_describe(const struct key *key, 69 struct seq_file *m) 70 { 71 struct request_key_auth *rka = get_request_key_auth(key); 72 73 seq_puts(m, "key:"); 74 seq_puts(m, key->description); 75 if (key_is_positive(key)) 76 seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len); 77 } 78 79 /* 80 * Read the callout_info data (retrieves the callout information). 81 * - the key's semaphore is read-locked 82 */ 83 static long request_key_auth_read(const struct key *key, 84 char __user *buffer, size_t buflen) 85 { 86 struct request_key_auth *rka = get_request_key_auth(key); 87 size_t datalen; 88 long ret; 89 90 datalen = rka->callout_len; 91 ret = datalen; 92 93 /* we can return the data as is */ 94 if (buffer && buflen > 0) { 95 if (buflen > datalen) 96 buflen = datalen; 97 98 if (copy_to_user(buffer, rka->callout_info, buflen) != 0) 99 ret = -EFAULT; 100 } 101 102 return ret; 103 } 104 105 /* 106 * Handle revocation of an authorisation token key. 107 * 108 * Called with the key sem write-locked. 109 */ 110 static void request_key_auth_revoke(struct key *key) 111 { 112 struct request_key_auth *rka = get_request_key_auth(key); 113 114 kenter("{%d}", key->serial); 115 116 if (rka->cred) { 117 put_cred(rka->cred); 118 rka->cred = NULL; 119 } 120 } 121 122 static void free_request_key_auth(struct request_key_auth *rka) 123 { 124 if (!rka) 125 return; 126 key_put(rka->target_key); 127 key_put(rka->dest_keyring); 128 if (rka->cred) 129 put_cred(rka->cred); 130 kfree(rka->callout_info); 131 kfree(rka); 132 } 133 134 /* 135 * Destroy an instantiation authorisation token key. 136 */ 137 static void request_key_auth_destroy(struct key *key) 138 { 139 struct request_key_auth *rka = get_request_key_auth(key); 140 141 kenter("{%d}", key->serial); 142 143 free_request_key_auth(rka); 144 } 145 146 /* 147 * Create an authorisation token for /sbin/request-key or whoever to gain 148 * access to the caller's security data. 149 */ 150 struct key *request_key_auth_new(struct key *target, const char *op, 151 const void *callout_info, size_t callout_len, 152 struct key *dest_keyring) 153 { 154 struct request_key_auth *rka, *irka; 155 const struct cred *cred = current->cred; 156 struct key *authkey = NULL; 157 char desc[20]; 158 int ret = -ENOMEM; 159 160 kenter("%d,", target->serial); 161 162 /* allocate a auth record */ 163 rka = kzalloc(sizeof(*rka), GFP_KERNEL); 164 if (!rka) 165 goto error; 166 rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL); 167 if (!rka->callout_info) 168 goto error_free_rka; 169 rka->callout_len = callout_len; 170 strlcpy(rka->op, op, sizeof(rka->op)); 171 172 /* see if the calling process is already servicing the key request of 173 * another process */ 174 if (cred->request_key_auth) { 175 /* it is - use that instantiation context here too */ 176 down_read(&cred->request_key_auth->sem); 177 178 /* if the auth key has been revoked, then the key we're 179 * servicing is already instantiated */ 180 if (test_bit(KEY_FLAG_REVOKED, 181 &cred->request_key_auth->flags)) { 182 up_read(&cred->request_key_auth->sem); 183 ret = -EKEYREVOKED; 184 goto error_free_rka; 185 } 186 187 irka = cred->request_key_auth->payload.data[0]; 188 rka->cred = get_cred(irka->cred); 189 rka->pid = irka->pid; 190 191 up_read(&cred->request_key_auth->sem); 192 } 193 else { 194 /* it isn't - use this process as the context */ 195 rka->cred = get_cred(cred); 196 rka->pid = current->pid; 197 } 198 199 rka->target_key = key_get(target); 200 rka->dest_keyring = key_get(dest_keyring); 201 202 /* allocate the auth key */ 203 sprintf(desc, "%x", target->serial); 204 205 authkey = key_alloc(&key_type_request_key_auth, desc, 206 cred->fsuid, cred->fsgid, cred, 207 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | 208 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL); 209 if (IS_ERR(authkey)) { 210 ret = PTR_ERR(authkey); 211 goto error_free_rka; 212 } 213 214 /* construct the auth key */ 215 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); 216 if (ret < 0) 217 goto error_put_authkey; 218 219 kleave(" = {%d,%d}", authkey->serial, refcount_read(&authkey->usage)); 220 return authkey; 221 222 error_put_authkey: 223 key_put(authkey); 224 error_free_rka: 225 free_request_key_auth(rka); 226 error: 227 kleave("= %d", ret); 228 return ERR_PTR(ret); 229 } 230 231 /* 232 * Search the current process's keyrings for the authorisation key for 233 * instantiation of a key. 234 */ 235 struct key *key_get_instantiation_authkey(key_serial_t target_id) 236 { 237 char description[16]; 238 struct keyring_search_context ctx = { 239 .index_key.type = &key_type_request_key_auth, 240 .index_key.description = description, 241 .cred = current_cred(), 242 .match_data.cmp = key_default_cmp, 243 .match_data.raw_data = description, 244 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT, 245 .flags = KEYRING_SEARCH_DO_STATE_CHECK, 246 }; 247 struct key *authkey; 248 key_ref_t authkey_ref; 249 250 ctx.index_key.desc_len = sprintf(description, "%x", target_id); 251 252 authkey_ref = search_process_keyrings(&ctx); 253 254 if (IS_ERR(authkey_ref)) { 255 authkey = ERR_CAST(authkey_ref); 256 if (authkey == ERR_PTR(-EAGAIN)) 257 authkey = ERR_PTR(-ENOKEY); 258 goto error; 259 } 260 261 authkey = key_ref_to_ptr(authkey_ref); 262 if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) { 263 key_put(authkey); 264 authkey = ERR_PTR(-EKEYREVOKED); 265 } 266 267 error: 268 return authkey; 269 } 270