1/* request_key_auth.c: request key authorisation controlling key def
2 *
3 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
4 * Written by David Howells (dhowells@redhat.com)
5 *
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License
8 * as published by the Free Software Foundation; either version
9 * 2 of the License, or (at your option) any later version.
10 *
11 * See Documentation/keys-request-key.txt
12 */
13
14#include <linux/module.h>
15#include <linux/sched.h>
16#include <linux/err.h>
17#include <linux/seq_file.h>
18#include <asm/uaccess.h>
19#include "internal.h"
20
21static int request_key_auth_instantiate(struct key *, const void *, size_t);
22static void request_key_auth_describe(const struct key *, struct seq_file *);
23static void request_key_auth_revoke(struct key *);
24static void request_key_auth_destroy(struct key *);
25static long request_key_auth_read(const struct key *, char __user *, size_t);
26
27/*
28 * the request-key authorisation key type definition
29 */
30struct key_type key_type_request_key_auth = {
31	.name		= ".request_key_auth",
32	.def_datalen	= sizeof(struct request_key_auth),
33	.instantiate	= request_key_auth_instantiate,
34	.describe	= request_key_auth_describe,
35	.revoke		= request_key_auth_revoke,
36	.destroy	= request_key_auth_destroy,
37	.read		= request_key_auth_read,
38};
39
40/*****************************************************************************/
41/*
42 * instantiate a request-key authorisation key
43 */
44static int request_key_auth_instantiate(struct key *key,
45					const void *data,
46					size_t datalen)
47{
48	key->payload.data = (struct request_key_auth *) data;
49	return 0;
50
51} /* end request_key_auth_instantiate() */
52
53/*****************************************************************************/
54/*
55 * reading a request-key authorisation key retrieves the callout information
56 */
57static void request_key_auth_describe(const struct key *key,
58				      struct seq_file *m)
59{
60	struct request_key_auth *rka = key->payload.data;
61
62	seq_puts(m, "key:");
63	seq_puts(m, key->description);
64	seq_printf(m, " pid:%d ci:%zu", rka->pid, strlen(rka->callout_info));
65
66} /* end request_key_auth_describe() */
67
68/*****************************************************************************/
69/*
70 * read the callout_info data
71 * - the key's semaphore is read-locked
72 */
73static long request_key_auth_read(const struct key *key,
74				  char __user *buffer, size_t buflen)
75{
76	struct request_key_auth *rka = key->payload.data;
77	size_t datalen;
78	long ret;
79
80	datalen = strlen(rka->callout_info);
81	ret = datalen;
82
83	/* we can return the data as is */
84	if (buffer && buflen > 0) {
85		if (buflen > datalen)
86			buflen = datalen;
87
88		if (copy_to_user(buffer, rka->callout_info, buflen) != 0)
89			ret = -EFAULT;
90	}
91
92	return ret;
93
94} /* end request_key_auth_read() */
95
96/*****************************************************************************/
97/*
98 * handle revocation of an authorisation token key
99 * - called with the key sem write-locked
100 */
101static void request_key_auth_revoke(struct key *key)
102{
103	struct request_key_auth *rka = key->payload.data;
104
105	kenter("{%d}", key->serial);
106
107	if (rka->context) {
108		put_task_struct(rka->context);
109		rka->context = NULL;
110	}
111
112} /* end request_key_auth_revoke() */
113
114/*****************************************************************************/
115/*
116 * destroy an instantiation authorisation token key
117 */
118static void request_key_auth_destroy(struct key *key)
119{
120	struct request_key_auth *rka = key->payload.data;
121
122	kenter("{%d}", key->serial);
123
124	if (rka->context) {
125		put_task_struct(rka->context);
126		rka->context = NULL;
127	}
128
129	key_put(rka->target_key);
130	kfree(rka);
131
132} /* end request_key_auth_destroy() */
133
134/*****************************************************************************/
135/*
136 * create an authorisation token for /sbin/request-key or whoever to gain
137 * access to the caller's security data
138 */
139struct key *request_key_auth_new(struct key *target, const char *callout_info)
140{
141	struct request_key_auth *rka, *irka;
142	struct key *authkey = NULL;
143	char desc[20];
144	int ret;
145
146	kenter("%d,", target->serial);
147
148	/* allocate a auth record */
149	rka = kmalloc(sizeof(*rka), GFP_KERNEL);
150	if (!rka) {
151		kleave(" = -ENOMEM");
152		return ERR_PTR(-ENOMEM);
153	}
154
155	/* see if the calling process is already servicing the key request of
156	 * another process */
157	if (current->request_key_auth) {
158		/* it is - use that instantiation context here too */
159		down_read(&current->request_key_auth->sem);
160
161		/* if the auth key has been revoked, then the key we're
162		 * servicing is already instantiated */
163		if (test_bit(KEY_FLAG_REVOKED,
164			     &current->request_key_auth->flags))
165			goto auth_key_revoked;
166
167		irka = current->request_key_auth->payload.data;
168		rka->context = irka->context;
169		rka->pid = irka->pid;
170		get_task_struct(rka->context);
171
172		up_read(&current->request_key_auth->sem);
173	}
174	else {
175		/* it isn't - use this process as the context */
176		rka->context = current;
177		rka->pid = current->pid;
178		get_task_struct(rka->context);
179	}
180
181	rka->target_key = key_get(target);
182	rka->callout_info = callout_info;
183
184	/* allocate the auth key */
185	sprintf(desc, "%x", target->serial);
186
187	authkey = key_alloc(&key_type_request_key_auth, desc,
188			    current->fsuid, current->fsgid, current,
189			    KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
190			    KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
191	if (IS_ERR(authkey)) {
192		ret = PTR_ERR(authkey);
193		goto error_alloc;
194	}
195
196	/* construct and attach to the keyring */
197	ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
198	if (ret < 0)
199		goto error_inst;
200
201	kleave(" = {%d}", authkey->serial);
202	return authkey;
203
204auth_key_revoked:
205	up_read(&current->request_key_auth->sem);
206	kfree(rka);
207	kleave("= -EKEYREVOKED");
208	return ERR_PTR(-EKEYREVOKED);
209
210error_inst:
211	key_revoke(authkey);
212	key_put(authkey);
213error_alloc:
214	key_put(rka->target_key);
215	kfree(rka);
216	kleave("= %d", ret);
217	return ERR_PTR(ret);
218
219} /* end request_key_auth_new() */
220
221/*****************************************************************************/
222/*
223 * see if an authorisation key is associated with a particular key
224 */
225static int key_get_instantiation_authkey_match(const struct key *key,
226					       const void *_id)
227{
228	struct request_key_auth *rka = key->payload.data;
229	key_serial_t id = (key_serial_t)(unsigned long) _id;
230
231	return rka->target_key->serial == id;
232
233} /* end key_get_instantiation_authkey_match() */
234
235/*****************************************************************************/
236/*
237 * get the authorisation key for instantiation of a specific key if attached to
238 * the current process's keyrings
239 * - this key is inserted into a keyring and that is set as /sbin/request-key's
240 *   session keyring
241 * - a target_id of zero specifies any valid token
242 */
243struct key *key_get_instantiation_authkey(key_serial_t target_id)
244{
245	struct key *authkey;
246	key_ref_t authkey_ref;
247
248	authkey_ref = search_process_keyrings(
249		&key_type_request_key_auth,
250		(void *) (unsigned long) target_id,
251		key_get_instantiation_authkey_match,
252		current);
253
254	if (IS_ERR(authkey_ref)) {
255		authkey = ERR_PTR(PTR_ERR(authkey_ref));
256		goto error;
257	}
258
259	authkey = key_ref_to_ptr(authkey_ref);
260	if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {
261		key_put(authkey);
262		authkey = ERR_PTR(-EKEYREVOKED);
263	}
264
265error:
266	return authkey;
267
268} /* end key_get_instantiation_authkey() */
269