14 #include <linux/module.h>
15 #include <linux/sched.h>
19 #include <linux/slab.h>
22 #define key_negative_timeout 60
27 static int key_wait_bit(
void *
flags)
36 static int key_wait_bit_intr(
void *
flags)
53 kenter(
"{%d,%d},%d", cons->key->serial, cons->authkey->serial, error);
76 struct key *keyring = info->
data;
86 struct key *keyring = info->
data;
93 static int call_usermodehelper_keys(
char *
path,
char **argv,
char **envp,
94 struct key *session_keyring,
int wait)
97 umh_keys_init, umh_keys_cleanup,
98 key_get(session_keyring));
105 static int call_sbin_request_key(
struct key_construction *
cons,
110 key_serial_t prkey, sskey;
111 struct key *
key = cons->key, *authkey = cons->authkey, *keyring,
113 char *argv[9], *envp[3], uid_str[12], gid_str[12];
114 char key_str[12], keyring_str[3][12];
118 kenter(
"{%d},{%d},%s", key->serial, authkey->serial, op);
125 sprintf(desc,
"_req.%u", key->serial);
129 KEY_ALLOC_QUOTA_OVERRUN,
NULL);
131 if (IS_ERR(keyring)) {
132 ret = PTR_ERR(keyring);
146 sprintf(key_str,
"%d", key->serial);
150 cred->thread_keyring ? cred->thread_keyring->serial : 0);
153 if (cred->tgcred->process_keyring)
154 prkey = cred->tgcred->process_keyring->serial;
155 sprintf(keyring_str[1],
"%d", prkey);
160 session = cred->
user->session_keyring;
161 sskey = session->serial;
164 sprintf(keyring_str[2],
"%d", sskey);
168 envp[i++] =
"HOME=/";
169 envp[i++] =
"PATH=/sbin:/bin:/usr/sbin:/usr/bin";
174 argv[i++] =
"/sbin/request-key";
175 argv[i++] = (
char *) op;
179 argv[i++] = keyring_str[0];
180 argv[i++] = keyring_str[1];
181 argv[i++] = keyring_str[2];
185 ret = call_usermodehelper_keys(argv[0], argv, envp, keyring,
187 kdebug(
"usermode -> 0x%x", ret);
190 if (
test_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags) ||
213 static int construct_key(
struct key *key,
const void *callout_info,
214 size_t callout_len,
void *aux,
215 struct key *dest_keyring)
217 struct key_construction *
cons;
218 request_key_actor_t actor;
222 kenter(
"%d,%p,%zu,%p", key->serial, callout_info, callout_len, aux);
231 if (IS_ERR(authkey)) {
233 ret = PTR_ERR(authkey);
236 cons->authkey = key_get(authkey);
237 cons->key = key_get(key);
240 actor = call_sbin_request_key;
241 if (key->type->request_key)
242 actor = key->type->request_key;
244 ret = actor(cons,
"create", aux);
249 !
test_bit(KEY_FLAG_REVOKED, &authkey->flags));
263 static void construct_get_dest_keyring(
struct key **_dest_keyring)
267 struct key *dest_keyring = *_dest_keyring, *authkey;
269 kenter(
"%p", dest_keyring);
274 key_get(dest_keyring);
278 switch (cred->jit_keyring) {
281 if (cred->request_key_auth) {
282 authkey = cred->request_key_auth;
284 rka = authkey->payload.data;
295 dest_keyring = key_get(cred->thread_keyring);
300 dest_keyring = key_get(cred->tgcred->process_keyring);
306 dest_keyring = key_get(
315 key_get(cred->
user->session_keyring);
319 dest_keyring = key_get(cred->
user->uid_keyring);
328 *_dest_keyring = dest_keyring;
329 kleave(
" [dk %d]", key_serial(dest_keyring));
340 static int construct_alloc_key(
struct key_type *
type,
342 struct key *dest_keyring,
348 unsigned long prealloc;
353 kenter(
"%s,%s,,,", type->name, description);
363 set_bit(KEY_FLAG_USER_CONSTRUCT, &key->flags);
369 goto link_prealloc_failed;
378 if (!IS_ERR(key_ref))
379 goto key_already_present;
389 kleave(
" = 0 [%d]", key_serial(key));
397 key = key_ref_to_ptr(key_ref);
404 goto link_check_failed;
408 kleave(
" = -EINPROGRESS [%d]", key_serial(key));
414 kleave(
" = %d [linkcheck]", ret);
417 link_prealloc_failed:
419 kleave(
" = %d [prelink]", ret);
424 kleave(
" = %ld", PTR_ERR(key));
431 static struct key *construct_key_and_link(
struct key_type *type,
432 const char *description,
433 const char *callout_info,
436 struct key *dest_keyring,
449 construct_get_dest_keyring(&dest_keyring);
451 ret = construct_alloc_key(type, description, dest_keyring, flags, user,
456 ret = construct_key(key, callout_info, callout_len, aux,
460 goto construction_failed;
465 goto couldnt_alloc_key;
469 kleave(
" = key %d", key_serial(key));
509 const char *description,
510 const void *callout_info,
513 struct key *dest_keyring,
521 kenter(
"%s,%s,%p,%zu,%p,%p,%lx",
522 type->name, description, callout_info, callout_len, aux,
523 dest_keyring, flags);
528 if (!IS_ERR(key_ref)) {
529 key = key_ref_to_ptr(key_ref);
531 construct_get_dest_keyring(&dest_keyring);
540 }
else if (PTR_ERR(key_ref) != -
EAGAIN) {
541 key = ERR_CAST(key_ref);
549 key = construct_key_and_link(type, description, callout_info,
550 callout_len, aux, dest_keyring,
574 ret = wait_on_bit(&key->flags, KEY_FLAG_USER_CONSTRUCT,
575 intr ? key_wait_bit_intr : key_wait_bit,
579 if (
test_bit(KEY_FLAG_NEGATIVE, &key->flags))
580 return key->type_data.reject_error;
600 const char *description,
601 const char *callout_info)
604 size_t callout_len = 0;
608 callout_len =
strlen(callout_info);
637 const char *description,
638 const void *callout_info,
646 aux,
NULL, KEY_ALLOC_IN_QUOTA);
673 const char *description,
674 const void *callout_info,
698 const char *description,
699 const void *callout_info,
704 callout_len, aux,
NULL, KEY_ALLOC_IN_QUOTA);