[PATCH] keys: Permit running process to instantiate keys

Make it possible for a running process (such as gssapid) to be able to instantiate a key, as was requested by Trond Myklebust for NFS4. The patch makes the following changes: (1) A new, optional key type method has been added. This permits a key type to intercept requests at the point /sbin/request-key is about to be spawned and do something else with them - passing them over the rpc_pipefs files or netlink sockets for instance. The uninstantiated key, the authorisation key and the intended operation name are passed to the method. (2) The callout_info is no longer passed as an argument to /sbin/request-key to prevent unauthorised viewing of this data using ps or by looking in /proc/pid/cmdline. This means that the old /sbin/request-key program will not work with the patched kernel as it will expect to see an extra argument that is no longer there. A revised keyutils package will be made available tomorrow. (3) The callout_info is now attached to the authorisation key. Reading this key will retrieve the information. (4) A new field has been added to the task_struct. This holds the authorisation key currently active for a thread. Searches now look here for the caller's set of keys rather than looking for an auth key in the lowest level of the session keyring. This permits a thread to be servicing multiple requests at once and to switch between them. Note that this is per-thread, not per-process, and so is usable in multithreaded programs. The setting of this field is inherited across fork and exec. (5) A new keyctl function (KEYCTL_ASSUME_AUTHORITY) has been added that permits a thread to assume the authority to deal with an uninstantiated key. Assumption is only permitted if the authorisation key associated with the uninstantiated key is somewhere in the thread's keyrings. This function can also clear the assumption. (6) A new magic key specifier has been added to refer to the currently assumed authorisation key (KEY_SPEC_REQKEY_AUTH_KEY). (7) Instantiation will only proceed if the appropriate authorisation key is assumed first. The assumed authorisation key is discarded if instantiation is successful. (8) key_validate() is moved from the file of request_key functions to the file of permissions functions. (9) The documentation is updated. From: <Valdis.Kletnieks@vt.edu> Build fix. Signed-off-by: David Howells <dhowells@redhat.com> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Alexander Zangerl <az@bond.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: David Howells <dhowells@redhat.com> 2006-01-08 04:02:47 -0500
committer: Linus Torvalds <torvalds@g5.osdl.org> 2006-01-08 23:13:53 -0500
commit: b5f545c880a2a47947ba2118b2509644ab7a2969 (patch)
tree: 8720e02262b0ff6309ae79603f6c63965296d378 /security/keys/keyctl.c
parent: cab8eb594e84b434d20412fc5a3985b0bee3ab9f (diff)
1 files changed, 84 insertions, 23 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index 299f0ae11cf0..3d2ebae029c1 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -834,6 +834,17 @@ long keyctl_instantiate_key(key_serial_t id,
        if (plen > 32767)
                goto error;
+        /* the appropriate instantiation authorisation key must have been
+         * assumed before calling this */
+        ret = -EPERM;
+        instkey = current->request_key_auth;
+        if (!instkey)
+                goto error;
+        rka = instkey->payload.data;
+        if (rka->target_key->serial != id)
+                goto error;
        /* pull the payload in if one was supplied */
        payload = NULL;
@@ -848,15 +859,6 @@ long keyctl_instantiate_key(key_serial_t id,
                        goto error2;
        }
-        /* find the instantiation authorisation key */
-        instkey = key_get_instantiation_authkey(id);
-        if (IS_ERR(instkey)) {
-                ret = PTR_ERR(instkey);
-                goto error2;
-        }
-        rka = instkey->payload.data;
        /* find the destination keyring amongst those belonging to the
         * requesting task */
        keyring_ref = NULL;
@@ -865,7 +867,7 @@ long keyctl_instantiate_key(key_serial_t id,
                                              KEY_WRITE);
                if (IS_ERR(keyring_ref)) {
                        ret = PTR_ERR(keyring_ref);
-                        goto error3;
+                        goto error2;
                }
        }
@@ -874,11 +876,17 @@ long keyctl_instantiate_key(key_serial_t id,
                                       key_ref_to_ptr(keyring_ref), instkey);
        key_ref_put(keyring_ref);
- error3:
-        key_put(instkey);
+        /* discard the assumed authority if it's just been disabled by
- error2:
+         * instantiation of the key */
+        if (ret == 0) {
+                key_put(current->request_key_auth);
+                current->request_key_auth = NULL;
+        }
+error2:
        kfree(payload);
- error:
+error:
        return ret;
 } /* end keyctl_instantiate_key() */
@@ -895,14 +903,16 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
        key_ref_t keyring_ref;
        long ret;
-        /* find the instantiation authorisation key */
+        /* the appropriate instantiation authorisation key must have been
-        instkey = key_get_instantiation_authkey(id);
+         * assumed before calling this */
-        if (IS_ERR(instkey)) {
+        ret = -EPERM;
-                ret = PTR_ERR(instkey);
+        instkey = current->request_key_auth;
+        if (!instkey)
                goto error;
-        }
        rka = instkey->payload.data;
+        if (rka->target_key->serial != id)
+                goto error;
        /* find the destination keyring if present (which must also be
         * writable) */
@@ -911,7 +921,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
                keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
                if (IS_ERR(keyring_ref)) {
                        ret = PTR_ERR(keyring_ref);
-                        goto error2;
+                        goto error;
                }
        }
@@ -920,9 +930,15 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
                                  key_ref_to_ptr(keyring_ref), instkey);
        key_ref_put(keyring_ref);
- error2:
-        key_put(instkey);
+        /* discard the assumed authority if it's just been disabled by
- error:
+         * instantiation of the key */
+        if (ret == 0) {
+                key_put(current->request_key_auth);
+                current->request_key_auth = NULL;
+        }
+error:
        return ret;
 } /* end keyctl_negate_key() */
@@ -1007,6 +1023,48 @@ error:
 /*****************************************************************************/
 /*
+ * assume the authority to instantiate the specified key
+ */
+long keyctl_assume_authority(key_serial_t id)
+{
+        struct key *authkey;
+        long ret;
+        /* special key IDs aren't permitted */
+        ret = -EINVAL;
+        if (id < 0)
+                goto error;
+        /* we divest ourselves of authority if given an ID of 0 */
+        if (id == 0) {
+                key_put(current->request_key_auth);
+                current->request_key_auth = NULL;
+                ret = 0;
+                goto error;
+        }
+        /* attempt to assume the authority temporarily granted to us whilst we
+         * instantiate the specified key
+         * - the authorisation key must be in the current task's keyrings
+         *   somewhere
+         */
+        authkey = key_get_instantiation_authkey(id);
+        if (IS_ERR(authkey)) {
+                ret = PTR_ERR(authkey);
+                goto error;
+        }
+        key_put(current->request_key_auth);
+        current->request_key_auth = authkey;
+        ret = authkey->serial;
+error:
+        return ret;
+} /* end keyctl_assume_authority() */
+/*****************************************************************************/
+/*
 * the key control system call
 */
 asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
@@ -1082,6 +1140,9 @@ asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
                return keyctl_set_timeout((key_serial_t) arg2,
                                          (unsigned) arg3);
+        case KEYCTL_ASSUME_AUTHORITY:
+                return keyctl_assume_authority((key_serial_t) arg2);
        default:
                return -EOPNOTSUPP;
        }
author	David Howells <dhowells@redhat.com>	2006-01-08 04:02:47 -0500
committer	Linus Torvalds <torvalds@g5.osdl.org>	2006-01-08 23:13:53 -0500
commit	b5f545c880a2a47947ba2118b2509644ab7a2969 (patch)
tree	8720e02262b0ff6309ae79603f6c63965296d378 /security/keys/keyctl.c
parent	cab8eb594e84b434d20412fc5a3985b0bee3ab9f (diff)

diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 299f0ae11cf0..3d2ebae029c1 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c
@@ -834,6 +834,17 @@ long keyctl_instantiate_key(key_serial_t id,
834	if (plen > 32767)	834	if (plen > 32767)
835	goto error;	835	goto error;
836		836
		837	/* the appropriate instantiation authorisation key must have been
		838	* assumed before calling this */
		839	ret = -EPERM;
		840	instkey = current->request_key_auth;
		841	if (!instkey)
		842	goto error;
		843
		844	rka = instkey->payload.data;
		845	if (rka->target_key->serial != id)
		846	goto error;
		847
837	/* pull the payload in if one was supplied */	848	/* pull the payload in if one was supplied */
838	payload = NULL;	849	payload = NULL;
839		850
@@ -848,15 +859,6 @@ long keyctl_instantiate_key(key_serial_t id,
848	goto error2;	859	goto error2;
849	}	860	}
850		861
851	/* find the instantiation authorisation key */
852	instkey = key_get_instantiation_authkey(id);
853	if (IS_ERR(instkey)) {
854	ret = PTR_ERR(instkey);
855	goto error2;
856	}
857
858	rka = instkey->payload.data;
859
860	/* find the destination keyring amongst those belonging to the	862	/* find the destination keyring amongst those belonging to the
861	* requesting task */	863	* requesting task */
862	keyring_ref = NULL;	864	keyring_ref = NULL;
@@ -865,7 +867,7 @@ long keyctl_instantiate_key(key_serial_t id,
865	KEY_WRITE);	867	KEY_WRITE);
866	if (IS_ERR(keyring_ref)) {	868	if (IS_ERR(keyring_ref)) {
867	ret = PTR_ERR(keyring_ref);	869	ret = PTR_ERR(keyring_ref);
868	goto error3;	870	goto error2;
869	}	871	}
870	}	872	}
871		873
@@ -874,11 +876,17 @@ long keyctl_instantiate_key(key_serial_t id,
874	key_ref_to_ptr(keyring_ref), instkey);	876	key_ref_to_ptr(keyring_ref), instkey);
875		877
876	key_ref_put(keyring_ref);	878	key_ref_put(keyring_ref);
877	error3:	879
878	key_put(instkey);	880	/* discard the assumed authority if it's just been disabled by
879	error2:	881	* instantiation of the key */
		882	if (ret == 0) {
		883	key_put(current->request_key_auth);
		884	current->request_key_auth = NULL;
		885	}
		886
		887	error2:
880	kfree(payload);	888	kfree(payload);
881	error:	889	error:
882	return ret;	890	return ret;
883		891
884	} /* end keyctl_instantiate_key() */	892	} /* end keyctl_instantiate_key() */
@@ -895,14 +903,16 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
895	key_ref_t keyring_ref;	903	key_ref_t keyring_ref;
896	long ret;	904	long ret;
897		905
898	/* find the instantiation authorisation key */	906	/* the appropriate instantiation authorisation key must have been
899	instkey = key_get_instantiation_authkey(id);	907	* assumed before calling this */
900	if (IS_ERR(instkey)) {	908	ret = -EPERM;
901	ret = PTR_ERR(instkey);	909	instkey = current->request_key_auth;
		910	if (!instkey)
902	goto error;	911	goto error;
903	}
904		912
905	rka = instkey->payload.data;	913	rka = instkey->payload.data;
		914	if (rka->target_key->serial != id)
		915	goto error;
906		916
907	/* find the destination keyring if present (which must also be	917	/* find the destination keyring if present (which must also be
908	* writable) */	918	* writable) */
@@ -911,7 +921,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
911	keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);	921	keyring_ref = lookup_user_key(NULL, ringid, 1, 0, KEY_WRITE);
912	if (IS_ERR(keyring_ref)) {	922	if (IS_ERR(keyring_ref)) {
913	ret = PTR_ERR(keyring_ref);	923	ret = PTR_ERR(keyring_ref);
914	goto error2;	924	goto error;
915	}	925	}
916	}	926	}
917		927
@@ -920,9 +930,15 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
920	key_ref_to_ptr(keyring_ref), instkey);	930	key_ref_to_ptr(keyring_ref), instkey);
921		931
922	key_ref_put(keyring_ref);	932	key_ref_put(keyring_ref);
923	error2:	933
924	key_put(instkey);	934	/* discard the assumed authority if it's just been disabled by
925	error:	935	* instantiation of the key */
		936	if (ret == 0) {
		937	key_put(current->request_key_auth);
		938	current->request_key_auth = NULL;
		939	}
		940
		941	error:
926	return ret;	942	return ret;
927		943
928	} /* end keyctl_negate_key() */	944	} /* end keyctl_negate_key() */
@@ -1007,6 +1023,48 @@ error:
1007		1023
1008	/*****************************************************************************/	1024	/*****************************************************************************/
1009	/*	1025	/*
		1026	* assume the authority to instantiate the specified key
		1027	*/
		1028	long keyctl_assume_authority(key_serial_t id)
		1029	{
		1030	struct key *authkey;
		1031	long ret;
		1032
		1033	/* special key IDs aren't permitted */
		1034	ret = -EINVAL;
		1035	if (id < 0)
		1036	goto error;
		1037
		1038	/* we divest ourselves of authority if given an ID of 0 */
		1039	if (id == 0) {
		1040	key_put(current->request_key_auth);
		1041	current->request_key_auth = NULL;
		1042	ret = 0;
		1043	goto error;
		1044	}
		1045
		1046	/* attempt to assume the authority temporarily granted to us whilst we
		1047	* instantiate the specified key
		1048	* - the authorisation key must be in the current task's keyrings
		1049	* somewhere
		1050	*/
		1051	authkey = key_get_instantiation_authkey(id);
		1052	if (IS_ERR(authkey)) {
		1053	ret = PTR_ERR(authkey);
		1054	goto error;
		1055	}
		1056
		1057	key_put(current->request_key_auth);
		1058	current->request_key_auth = authkey;
		1059	ret = authkey->serial;
		1060
		1061	error:
		1062	return ret;
		1063
		1064	} /* end keyctl_assume_authority() */
		1065
		1066	/*****************************************************************************/
		1067	/*
1010	* the key control system call	1068	* the key control system call
1011	*/	1069	*/
1012	asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,	1070	asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
@@ -1082,6 +1140,9 @@ asmlinkage long sys_keyctl(int option, unsigned long arg2, unsigned long arg3,
1082	return keyctl_set_timeout((key_serial_t) arg2,	1140	return keyctl_set_timeout((key_serial_t) arg2,
1083	(unsigned) arg3);	1141	(unsigned) arg3);
1084		1142
		1143	case KEYCTL_ASSUME_AUTHORITY:
		1144	return keyctl_assume_authority((key_serial_t) arg2);
		1145
1085	default:	1146	default:
1086	return -EOPNOTSUPP;	1147	return -EOPNOTSUPP;
1087	}	1148	}