Gitiles
Code Review Sign In
review.shift-gmbh.com / SHIFTPHONES / mainline / linux / c24449b321095d8c80cdda3d68107269c1d5569f / . / security / keys / request_key_auth.c
blob: 41e9735006d0c1c8129fe04e03aaa0858f576127 [file] [log] [blame]
Thomas Gleixner2874c5f2019-05-27 08:55:01 +0200[diff] [blame]1// SPDX-License-Identifier: GPL-2.0-or-later
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]2/* Request key authorisation token key definition.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]3 *
4 * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
5 * Written by David Howells (dhowells@redhat.com)
6 *
Kees Cook3db38ed2017-05-13 04:51:52 -0700[diff] [blame]7 * See Documentation/security/keys/request-key.rst
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]8 */
9
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]10#include <linux/sched.h>
11#include <linux/err.h>
12#include <linux/seq_file.h>
Robert P. J. Dayfdb89bc2008-04-29 01:01:32 -0700[diff] [blame]13#include <linux/slab.h>
Linus Torvalds7c0f6ba2016-12-24 11:46:01 -0800[diff] [blame]14#include <linux/uaccess.h>
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]15#include "internal.h"
David Howells822ad642019-02-14 16:20:25 +0000[diff] [blame]16#include <keys/request_key_auth-type.h>
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]17
David Howellsf1dcde92014-07-18 18:56:36 +0100[diff] [blame]18static int request_key_auth_preparse(struct key_preparsed_payload *);
19static void request_key_auth_free_preparse(struct key_preparsed_payload *);
David Howellscf7f6012012-09-13 13:06:29 +0100[diff] [blame]20static int request_key_auth_instantiate(struct key *,
21 struct key_preparsed_payload *);
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]22static void request_key_auth_describe(const struct key *, struct seq_file *);
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]23static void request_key_auth_revoke(struct key *);
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]24static void request_key_auth_destroy(struct key *);
Waiman Longd3ec10a2020-03-21 21:11:24 -0400[diff] [blame]25static long request_key_auth_read(const struct key *, char *, size_t);
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]26
27/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]28 * The request-key authorisation key type definition.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]29 */
30struct key_type key_type_request_key_auth = {
31 .name = ".request_key_auth",
32 .def_datalen = sizeof(struct request_key_auth),
David Howellsf1dcde92014-07-18 18:56:36 +0100[diff] [blame]33 .preparse = request_key_auth_preparse,
34 .free_preparse = request_key_auth_free_preparse,
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]35 .instantiate = request_key_auth_instantiate,
36 .describe = request_key_auth_describe,
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]37 .revoke = request_key_auth_revoke,
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]38 .destroy = request_key_auth_destroy,
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]39 .read = request_key_auth_read,
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]40};
41
David Howells8da79b62014-09-16 17:07:07 +0100[diff] [blame]42static int request_key_auth_preparse(struct key_preparsed_payload *prep)
David Howellsf1dcde92014-07-18 18:56:36 +0100[diff] [blame]43{
44 return 0;
45}
46
David Howells8da79b62014-09-16 17:07:07 +0100[diff] [blame]47static void request_key_auth_free_preparse(struct key_preparsed_payload *prep)
David Howellsf1dcde92014-07-18 18:56:36 +0100[diff] [blame]48{
49}
50
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]51/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]52 * Instantiate a request-key authorisation key.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]53 */
54static int request_key_auth_instantiate(struct key *key,
David Howellscf7f6012012-09-13 13:06:29 +0100[diff] [blame]55 struct key_preparsed_payload *prep)
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]56{
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]57 rcu_assign_keypointer(key, (struct request_key_auth *)prep->data);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]58 return 0;
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]59}
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]60
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]61/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]62 * Describe an authorisation token.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]63 */
64static void request_key_auth_describe(const struct key *key,
65 struct seq_file *m)
66{
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]67 struct request_key_auth *rka = dereference_key_rcu(key);
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]68
Hillf Dantond41a3ef2019-09-02 13:37:29 +0100[diff] [blame]69 if (!rka)
70 return;
71
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]72 seq_puts(m, "key:");
73 seq_puts(m, key->description);
David Howells363b02d2017-10-04 16:43:25 +0100[diff] [blame]74 if (key_is_positive(key))
David Howells78b72802011-03-11 17:57:23 +0000[diff] [blame]75 seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]76}
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]77
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]78/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]79 * Read the callout_info data (retrieves the callout information).
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]80 * - the key's semaphore is read-locked
81 */
82static long request_key_auth_read(const struct key *key,
Waiman Longd3ec10a2020-03-21 21:11:24 -0400[diff] [blame]83 char *buffer, size_t buflen)
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]84{
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]85 struct request_key_auth *rka = dereference_key_locked(key);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]86 size_t datalen;
87 long ret;
88
Hillf Dantond41a3ef2019-09-02 13:37:29 +0100[diff] [blame]89 if (!rka)
90 return -EKEYREVOKED;
91
David Howells4a38e122008-04-29 01:01:24 -0700[diff] [blame]92 datalen = rka->callout_len;
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]93 ret = datalen;
94
95 /* we can return the data as is */
96 if (buffer && buflen > 0) {
97 if (buflen > datalen)
98 buflen = datalen;
99
Waiman Longd3ec10a2020-03-21 21:11:24 -0400[diff] [blame]100 memcpy(buffer, rka->callout_info, buflen);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]101 }
102
103 return ret;
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]104}
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]105
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]106static void free_request_key_auth(struct request_key_auth *rka)
107{
108 if (!rka)
109 return;
110 key_put(rka->target_key);
111 key_put(rka->dest_keyring);
112 if (rka->cred)
113 put_cred(rka->cred);
114 kfree(rka->callout_info);
115 kfree(rka);
116}
117
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]118/*
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]119 * Dispose of the request_key_auth record under RCU conditions
120 */
121static void request_key_auth_rcu_disposal(struct rcu_head *rcu)
122{
123 struct request_key_auth *rka =
124 container_of(rcu, struct request_key_auth, rcu);
125
126 free_request_key_auth(rka);
127}
128
129/*
130 * Handle revocation of an authorisation token key.
131 *
132 * Called with the key sem write-locked.
133 */
134static void request_key_auth_revoke(struct key *key)
135{
136 struct request_key_auth *rka = dereference_key_locked(key);
137
138 kenter("{%d}", key->serial);
139 rcu_assign_keypointer(key, NULL);
140 call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
141}
142
143/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]144 * Destroy an instantiation authorisation token key.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]145 */
146static void request_key_auth_destroy(struct key *key)
147{
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]148 struct request_key_auth *rka = rcu_access_pointer(key->payload.rcu_data0);
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]149
150 kenter("{%d}", key->serial);
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]151 if (rka) {
152 rcu_assign_keypointer(key, NULL);
153 call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
154 }
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]155}
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]156
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]157/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]158 * Create an authorisation token for /sbin/request-key or whoever to gain
159 * access to the caller's security data.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]160 */
David Howells822ad642019-02-14 16:20:25 +0000[diff] [blame]161struct key *request_key_auth_new(struct key *target, const char *op,
162 const void *callout_info, size_t callout_len,
163 struct key *dest_keyring)
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]164{
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]165 struct request_key_auth *rka, *irka;
David Howells7936d162019-05-22 14:09:29 +0100[diff] [blame]166 const struct cred *cred = current_cred();
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]167 struct key *authkey = NULL;
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]168 char desc[20];
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]169 int ret = -ENOMEM;
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]170
171 kenter("%d,", target->serial);
172
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]173 /* allocate a auth record */
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]174 rka = kzalloc(sizeof(*rka), GFP_KERNEL);
175 if (!rka)
176 goto error;
Eric Biggerse007ce92017-09-21 13:57:42 -0700[diff] [blame]177 rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL);
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]178 if (!rka->callout_info)
179 goto error_free_rka;
Eric Biggerse007ce92017-09-21 13:57:42 -0700[diff] [blame]180 rka->callout_len = callout_len;
David Howells822ad642019-02-14 16:20:25 +0000[diff] [blame]181 strlcpy(rka->op, op, sizeof(rka->op));
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]182
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]183 /* see if the calling process is already servicing the key request of
184 * another process */
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]185 if (cred->request_key_auth) {
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]186 /* it is - use that instantiation context here too */
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]187 down_read(&cred->request_key_auth->sem);
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]188
189 /* if the auth key has been revoked, then the key we're
190 * servicing is already instantiated */
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]191 if (test_bit(KEY_FLAG_REVOKED,
192 &cred->request_key_auth->flags)) {
193 up_read(&cred->request_key_auth->sem);
194 ret = -EKEYREVOKED;
195 goto error_free_rka;
196 }
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]197
David Howells146aa8b2015-10-21 14:04:48 +0100[diff] [blame]198 irka = cred->request_key_auth->payload.data[0];
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]199 rka->cred = get_cred(irka->cred);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]200 rka->pid = irka->pid;
David Howells04c567d2006-06-22 14:47:18 -0700[diff] [blame]201
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]202 up_read(&cred->request_key_auth->sem);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]203 }
204 else {
205 /* it isn't - use this process as the context */
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]206 rka->cred = get_cred(cred);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]207 rka->pid = current->pid;
208 }
209
210 rka->target_key = key_get(target);
David Howells8bbf49762008-11-14 10:39:14 +1100[diff] [blame]211 rka->dest_keyring = key_get(dest_keyring);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]212
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]213 /* allocate the auth key */
214 sprintf(desc, "%x", target->serial);
215
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]216 authkey = key_alloc(&key_type_request_key_auth, desc,
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]217 cred->fsuid, cred->fsgid, cred,
Linus Torvalds028db3e2019-07-10 18:43:43 -0700[diff] [blame]218 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
219 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]220 if (IS_ERR(authkey)) {
221 ret = PTR_ERR(authkey);
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]222 goto error_free_rka;
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]223 }
224
David Howellsd84f4f92008-11-14 10:39:23 +1100[diff] [blame]225 /* construct the auth key */
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]226 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
227 if (ret < 0)
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]228 goto error_put_authkey;
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]229
Elena Reshetovafff29292017-03-31 15:20:48 +0300[diff] [blame]230 kleave(" = {%d,%d}", authkey->serial, refcount_read(&authkey->usage));
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]231 return authkey;
232
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]233error_put_authkey:
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]234 key_put(authkey);
Eric Biggers44d81432017-09-21 13:57:40 -0700[diff] [blame]235error_free_rka:
236 free_request_key_auth(rka);
237error:
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]238 kleave("= %d", ret);
239 return ERR_PTR(ret);
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]240}
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]241
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]242/*
David Howells973c9f42011-01-20 16:38:33 +0000[diff] [blame]243 * Search the current process's keyrings for the authorisation key for
244 * instantiation of a key.
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]245 */
246struct key *key_get_instantiation_authkey(key_serial_t target_id)
247{
David Howellsd0a059c2013-09-24 10:35:16 +0100[diff] [blame]248 char description[16];
David Howells4bdf0bc2013-09-24 10:35:15 +0100[diff] [blame]249 struct keyring_search_context ctx = {
250 .index_key.type = &key_type_request_key_auth,
David Howellsd0a059c2013-09-24 10:35:16 +0100[diff] [blame]251 .index_key.description = description,
David Howells4bdf0bc2013-09-24 10:35:15 +0100[diff] [blame]252 .cred = current_cred(),
David Howellsc06cfb02014-09-16 17:36:06 +0100[diff] [blame]253 .match_data.cmp = key_default_cmp,
David Howells46291952014-09-16 17:36:02 +0100[diff] [blame]254 .match_data.raw_data = description,
255 .match_data.lookup_type = KEYRING_SEARCH_LOOKUP_DIRECT,
David Howellsdcf49db2019-06-26 21:02:32 +0100[diff] [blame]256 .flags = (KEYRING_SEARCH_DO_STATE_CHECK |
257 KEYRING_SEARCH_RECURSE),
David Howells4bdf0bc2013-09-24 10:35:15 +0100[diff] [blame]258 };
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]259 struct key *authkey;
260 key_ref_t authkey_ref;
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]261
Eric Biggersede0fa982019-02-22 15:36:18 +0000[diff] [blame]262 ctx.index_key.desc_len = sprintf(description, "%x", target_id);
David Howellsd0a059c2013-09-24 10:35:16 +0100[diff] [blame]263
David Howellse59428f2019-06-19 16:10:15 +0100[diff] [blame]264 rcu_read_lock();
265 authkey_ref = search_process_keyrings_rcu(&ctx);
266 rcu_read_unlock();
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]267
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]268 if (IS_ERR(authkey_ref)) {
David Howellse231c2e2008-02-07 00:15:26 -0800[diff] [blame]269 authkey = ERR_CAST(authkey_ref);
David Howells4d674312011-06-13 22:33:52 +0100[diff] [blame]270 if (authkey == ERR_PTR(-EAGAIN))
271 authkey = ERR_PTR(-ENOKEY);
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]272 goto error;
273 }
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]274
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]275 authkey = key_ref_to_ptr(authkey_ref);
276 if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {
277 key_put(authkey);
278 authkey = ERR_PTR(-EKEYREVOKED);
279 }
David Howells3e301482005-06-23 22:00:56 -0700[diff] [blame]280
David Howellsb5f545c2006-01-08 01:02:47 -0800[diff] [blame]281error:
282 return authkey;
David Howellsa8b17ed2011-01-20 16:38:27 +0000[diff] [blame]283}