[thirdparty/systemd.git] / src / libsystemd / sd-id128 / sd-id128.c

/* SPDX-License-Identifier: LGPL-2.1-or-later */

#include <errno.h>
#include <fcntl.h>
#include <unistd.h>

#include "sd-id128.h"

#include "alloc-util.h"
#include "fd-util.h"
#include "hexdecoct.h"
#include "id128-util.h"
#include "io-util.h"
#include "khash.h"
#include "macro.h"
#include "missing_syscall.h"
#include "random-util.h"
#include "user-util.h"
#include "util.h"

_public_ char *sd_id128_to_string(sd_id128_t id, char s[_SD_ARRAY_STATIC SD_ID128_STRING_MAX]) {
        unsigned n;

        assert_return(s, NULL);

        for (n = 0; n < 16; n++) {
                s[n*2] = hexchar(id.bytes[n] >> 4);
                s[n*2+1] = hexchar(id.bytes[n] & 0xF);
        }

        s[32] = 0;

        return s;
}

_public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) {
        unsigned n, i;
        sd_id128_t t;
        bool is_guid = false;

        assert_return(s, -EINVAL);

        for (n = 0, i = 0; n < 16;) {
                int a, b;

                if (s[i] == '-') {
                        /* Is this a GUID? Then be nice, and skip over
                         * the dashes */

                        if (i == 8)
                                is_guid = true;
                        else if (IN_SET(i, 13, 18, 23)) {
                                if (!is_guid)
                                        return -EINVAL;
                        } else
                                return -EINVAL;

                        i++;
                        continue;
                }

                a = unhexchar(s[i++]);
                if (a < 0)
                        return -EINVAL;

                b = unhexchar(s[i++]);
                if (b < 0)
                        return -EINVAL;

                t.bytes[n++] = (a << 4) | b;
        }

        if (i != (is_guid ? 36 : 32))
                return -EINVAL;

        if (s[i] != 0)
                return -EINVAL;

        if (ret)
                *ret = t;
        return 0;
}

_public_ int sd_id128_get_machine(sd_id128_t *ret) {
        static thread_local sd_id128_t saved_machine_id = {};
        int r;

        assert_return(ret, -EINVAL);

        if (sd_id128_is_null(saved_machine_id)) {
                r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
                if (r < 0)
                        return r;

                if (sd_id128_is_null(saved_machine_id))
                        return -ENOMEDIUM;
        }

        *ret = saved_machine_id;
        return 0;
}

_public_ int sd_id128_get_boot(sd_id128_t *ret) {
        static thread_local sd_id128_t saved_boot_id = {};
        int r;

        assert_return(ret, -EINVAL);

        if (sd_id128_is_null(saved_boot_id)) {
                r = id128_read("/proc/sys/kernel/random/boot_id", ID128_UUID, &saved_boot_id);
                if (r < 0)
                        return r;
        }

        *ret = saved_boot_id;
        return 0;
}

static int get_invocation_from_keyring(sd_id128_t *ret) {
        _cleanup_free_ char *description = NULL;
        char *d, *p, *g, *u, *e;
        unsigned long perms;
        key_serial_t key;
        size_t sz = 256;
        uid_t uid;
        gid_t gid;
        int r, c;

#define MAX_PERMS ((unsigned long) (KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH| \
                                    KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH))

        assert(ret);

        key = request_key("user", "invocation_id", NULL, 0);
        if (key == -1) {
                /* Keyring support not available? No invocation key stored? */
                if (IN_SET(errno, ENOSYS, ENOKEY))
                        return -ENXIO;

                return -errno;
        }

        for (;;) {
                description = new(char, sz);
                if (!description)
                        return -ENOMEM;

                c = keyctl(KEYCTL_DESCRIBE, key, (unsigned long) description, sz, 0);
                if (c < 0)
                        return -errno;

                if ((size_t) c <= sz)
                        break;

                sz = c;
                free(description);
        }

        /* The kernel returns a final NUL in the string, verify that. */
        assert(description[c-1] == 0);

        /* Chop off the final description string */
        d = strrchr(description, ';');
        if (!d)
                return -EIO;
        *d = 0;

        /* Look for the permissions */
        p = strrchr(description, ';');
        if (!p)
                return -EIO;

        errno = 0;
        perms = strtoul(p + 1, &e, 16);
        if (errno > 0)
                return -errno;
        if (e == p + 1) /* Read at least one character */
                return -EIO;
        if (e != d) /* Must reached the end */
                return -EIO;

        if ((perms & ~MAX_PERMS) != 0)
                return -EPERM;

        *p = 0;

        /* Look for the group ID */
        g = strrchr(description, ';');
        if (!g)
                return -EIO;
        r = parse_gid(g + 1, &gid);
        if (r < 0)
                return r;
        if (gid != 0)
                return -EPERM;
        *g = 0;

        /* Look for the user ID */
        u = strrchr(description, ';');
        if (!u)
                return -EIO;
        r = parse_uid(u + 1, &uid);
        if (r < 0)
                return r;
        if (uid != 0)
                return -EPERM;

        c = keyctl(KEYCTL_READ, key, (unsigned long) ret, sizeof(sd_id128_t), 0);
        if (c < 0)
                return -errno;
        if (c != sizeof(sd_id128_t))
                return -EIO;

        return 0;
}

static int get_invocation_from_environment(sd_id128_t *ret) {
        const char *e;

        assert(ret);

        e = secure_getenv("INVOCATION_ID");
        if (!e)
                return -ENXIO;

        return sd_id128_from_string(e, ret);
}

_public_ int sd_id128_get_invocation(sd_id128_t *ret) {
        static thread_local sd_id128_t saved_invocation_id = {};
        int r;

        assert_return(ret, -EINVAL);

        if (sd_id128_is_null(saved_invocation_id)) {
                /* We first check the environment. The environment variable is primarily relevant for user
                 * services, and sufficiently safe as long as no privilege boundary is involved. */
                r = get_invocation_from_environment(&saved_invocation_id);
                if (r < 0 && r != -ENXIO)
                        return r;

                /* The kernel keyring is relevant for system services (as for user services we don't store
                 * the invocation ID in the keyring, as there'd be no trust benefit in that). */
                r = get_invocation_from_keyring(&saved_invocation_id);
                if (r < 0)
                        return r;
        }

        *ret = saved_invocation_id;
        return 0;
}

_public_ int sd_id128_randomize(sd_id128_t *ret) {
        sd_id128_t t;
        int r;

        assert_return(ret, -EINVAL);

        /* We allow usage if x86-64 RDRAND here. It might not be trusted enough for keeping secrets, but it should be
         * fine for UUIDS. */
        r = genuine_random_bytes(&t, sizeof t, RANDOM_ALLOW_RDRAND);
        if (r < 0)
                return r;

        /* Turn this into a valid v4 UUID, to be nice. Note that we
         * only guarantee this for newly generated UUIDs, not for
         * pre-existing ones. */

        *ret = id128_make_v4_uuid(t);
        return 0;
}

static int get_app_specific(sd_id128_t base, sd_id128_t app_id, sd_id128_t *ret) {
        _cleanup_(khash_unrefp) khash *h = NULL;
        sd_id128_t result;
        const void *p;
        int r;

        assert(ret);

        r = khash_new_with_key(&h, "hmac(sha256)", &base, sizeof(base));
        if (r < 0)
                return r;

        r = khash_put(h, &app_id, sizeof(app_id));
        if (r < 0)
                return r;

        r = khash_digest_data(h, &p);
        if (r < 0)
                return r;

        /* We chop off the trailing 16 bytes */
        memcpy(&result, p, MIN(khash_get_size(h), sizeof(result)));

        *ret = id128_make_v4_uuid(result);
        return 0;
}

_public_ int sd_id128_get_machine_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
        sd_id128_t id;
        int r;

        assert_return(ret, -EINVAL);

        r = sd_id128_get_machine(&id);
        if (r < 0)
                return r;

        return get_app_specific(id, app_id, ret);
}

_public_ int sd_id128_get_boot_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
        sd_id128_t id;
        int r;

        assert_return(ret, -EINVAL);

        r = sd_id128_get_boot(&id);
        if (r < 0)
                return r;

        return get_app_specific(id, app_id, ret);
}
Commit	Line	Data
db9ecf05	1	/* SPDX-License-Identifier: LGPL-2.1-or-later */
87d2c1ff LP	2
	3	#include <errno.h>
	4	#include <fcntl.h>
	5	#include <unistd.h>
	6
80514f9c	7	#include "sd-id128.h"
07630cea	8
b3415f5d	9	#include "alloc-util.h"
c004493c	10	#include "fd-util.h"
cf0fbc49	11	#include "hexdecoct.h"
910fd145	12	#include "id128-util.h"
c004493c	13	#include "io-util.h"
70fc4f57	14	#include "khash.h"
07630cea	15	#include "macro.h"
f5947a5e	16	#include "missing_syscall.h"
3df3e884	17	#include "random-util.h"
b3415f5d	18	#include "user-util.h"
07630cea	19	#include "util.h"
87d2c1ff	20
4199f689	21	_public_ char *sd_id128_to_string(sd_id128_t id, char s[_SD_ARRAY_STATIC SD_ID128_STRING_MAX]) {
87d2c1ff LP	22	unsigned n;
87d2c1ff LP	23
1ae464e0	24	assert_return(s, NULL);
87d2c1ff LP	25
	26	for (n = 0; n < 16; n++) {
	27	s[n*2] = hexchar(id.bytes[n] >> 4);
	28	s[n*2+1] = hexchar(id.bytes[n] & 0xF);
	29	}
	30
	31	s[32] = 0;
	32
	33	return s;
	34	}
	35
aa96c6cb LP	36	_public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) {
aa96c6cb LP	37	unsigned n, i;
87d2c1ff	38	sd_id128_t t;
aa96c6cb	39	bool is_guid = false;
87d2c1ff	40
1ae464e0	41	assert_return(s, -EINVAL);
87d2c1ff	42
aa96c6cb	43	for (n = 0, i = 0; n < 16;) {
87d2c1ff LP	44	int a, b;
87d2c1ff LP	45
aa96c6cb LP	46	if (s[i] == '-') {
	47	/* Is this a GUID? Then be nice, and skip over
	48	* the dashes */
	49
	50	if (i == 8)
	51	is_guid = true;
945c2931	52	else if (IN_SET(i, 13, 18, 23)) {
aa96c6cb LP	53	if (!is_guid)
	54	return -EINVAL;
	55	} else
	56	return -EINVAL;
	57
	58	i++;
	59	continue;
	60	}
	61
	62	a = unhexchar(s[i++]);
87d2c1ff LP	63	if (a < 0)
	64	return -EINVAL;
	65
aa96c6cb	66	b = unhexchar(s[i++]);
87d2c1ff LP	67	if (b < 0)
	68	return -EINVAL;
	69
aa96c6cb	70	t.bytes[n++] = (a << 4) \| b;
87d2c1ff LP	71	}
87d2c1ff LP	72
aa96c6cb LP	73	if (i != (is_guid ? 36 : 32))
	74	return -EINVAL;
	75
	76	if (s[i] != 0)
87d2c1ff LP	77	return -EINVAL;
87d2c1ff LP	78
9ca8d434 LP	79	if (ret)
9ca8d434 LP	80	*ret = t;
87d2c1ff LP	81	return 0;
	82	}
	83
000a2c98	84	_public_ int sd_id128_get_machine(sd_id128_t *ret) {
910fd145	85	static thread_local sd_id128_t saved_machine_id = {};
a6dcc7e5	86	int r;
87d2c1ff	87
1ae464e0	88	assert_return(ret, -EINVAL);
000a2c98	89
910fd145 LP	90	if (sd_id128_is_null(saved_machine_id)) {
	91	r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
	92	if (r < 0)
	93	return r;
87d2c1ff	94
910fd145	95	if (sd_id128_is_null(saved_machine_id))
ea03f6ba	96	return -ENOMEDIUM;
87d2c1ff LP	97	}
87d2c1ff LP	98
910fd145	99	*ret = saved_machine_id;
87d2c1ff LP	100	return 0;
	101	}
	102
000a2c98	103	_public_ int sd_id128_get_boot(sd_id128_t *ret) {
910fd145	104	static thread_local sd_id128_t saved_boot_id = {};
a6dcc7e5	105	int r;
87d2c1ff	106
1ae464e0	107	assert_return(ret, -EINVAL);
000a2c98	108
910fd145 LP	109	if (sd_id128_is_null(saved_boot_id)) {
	110	r = id128_read("/proc/sys/kernel/random/boot_id", ID128_UUID, &saved_boot_id);
	111	if (r < 0)
	112	return r;
87d2c1ff LP	113	}
87d2c1ff LP	114
910fd145 LP	115	*ret = saved_boot_id;
	116	return 0;
	117	}
87d2c1ff	118
b3415f5d	119	static int get_invocation_from_keyring(sd_id128_t *ret) {
b3415f5d LP	120	_cleanup_free_ char *description = NULL;
	121	char d, p, g, u, *e;
	122	unsigned long perms;
	123	key_serial_t key;
	124	size_t sz = 256;
	125	uid_t uid;
	126	gid_t gid;
	127	int r, c;
	128
	129	#define MAX_PERMS ((unsigned long) (KEY_POS_VIEW\|KEY_POS_READ\|KEY_POS_SEARCH\| \
	130	KEY_USR_VIEW\|KEY_USR_READ\|KEY_USR_SEARCH))
	131
	132	assert(ret);
	133
	134	key = request_key("user", "invocation_id", NULL, 0);
	135	if (key == -1) {
	136	/* Keyring support not available? No invocation key stored? */
	137	if (IN_SET(errno, ENOSYS, ENOKEY))
c924888f	138	return -ENXIO;
b3415f5d LP	139
	140	return -errno;
	141	}
	142
	143	for (;;) {
	144	description = new(char, sz);
	145	if (!description)
	146	return -ENOMEM;
	147
	148	c = keyctl(KEYCTL_DESCRIBE, key, (unsigned long) description, sz, 0);
	149	if (c < 0)
	150	return -errno;
	151
	152	if ((size_t) c <= sz)
	153	break;
	154
	155	sz = c;
	156	free(description);
	157	}
	158
	159	/* The kernel returns a final NUL in the string, verify that. */
	160	assert(description[c-1] == 0);
	161
	162	/* Chop off the final description string */
	163	d = strrchr(description, ';');
	164	if (!d)
	165	return -EIO;
	166	*d = 0;
	167
	168	/* Look for the permissions */
	169	p = strrchr(description, ';');
	170	if (!p)
	171	return -EIO;
	172
	173	errno = 0;
	174	perms = strtoul(p + 1, &e, 16);
	175	if (errno > 0)
	176	return -errno;
	177	if (e == p + 1) /* Read at least one character */
	178	return -EIO;
	179	if (e != d) /* Must reached the end */
	180	return -EIO;
	181
	182	if ((perms & ~MAX_PERMS) != 0)
	183	return -EPERM;
	184
	185	*p = 0;
	186
	187	/* Look for the group ID */
	188	g = strrchr(description, ';');
	189	if (!g)
	190	return -EIO;
	191	r = parse_gid(g + 1, &gid);
	192	if (r < 0)
	193	return r;
	194	if (gid != 0)
	195	return -EPERM;
	196	*g = 0;
	197
	198	/* Look for the user ID */
	199	u = strrchr(description, ';');
	200	if (!u)
	201	return -EIO;
	202	r = parse_uid(u + 1, &uid);
203	if (r < 0)
204	return r;
205	if (uid != 0)
206	return -EPERM;
207
208	c = keyctl(KEYCTL_READ, key, (unsigned long) ret, sizeof(sd_id128_t), 0);
209	if (c < 0)
210	return -errno;
211	if (c != sizeof(sd_id128_t))
212	return -EIO;
213
c924888f	214	return 0;
b3415f5d LP	215	}
b3415f5d LP	216
8efb042e YW	217	static int get_invocation_from_environment(sd_id128_t *ret) {
	218	const char *e;
	219
	220	assert(ret);
	221
	222	e = secure_getenv("INVOCATION_ID");
	223	if (!e)
	224	return -ENXIO;
	225
	226	return sd_id128_from_string(e, ret);
	227	}
	228
4b58153d LP	229	_public_ int sd_id128_get_invocation(sd_id128_t *ret) {
	230	static thread_local sd_id128_t saved_invocation_id = {};
	231	int r;
	232
	233	assert_return(ret, -EINVAL);
	234
	235	if (sd_id128_is_null(saved_invocation_id)) {
c924888f ZJS	236	/* We first check the environment. The environment variable is primarily relevant for user
	237	* services, and sufficiently safe as long as no privilege boundary is involved. */
	238	r = get_invocation_from_environment(&saved_invocation_id);
	239	if (r < 0 && r != -ENXIO)
	240	return r;
4b58153d	241
c924888f ZJS	242	/* The kernel keyring is relevant for system services (as for user services we don't store
c924888f ZJS	243	* the invocation ID in the keyring, as there'd be no trust benefit in that). */
b3415f5d	244	r = get_invocation_from_keyring(&saved_invocation_id);
4b58153d LP	245	if (r < 0)
	246	return r;
	247	}
	248
	249	*ret = saved_invocation_id;
	250	return 0;
	251	}
	252
000a2c98	253	_public_ int sd_id128_randomize(sd_id128_t *ret) {
87d2c1ff	254	sd_id128_t t;
0f0e240c	255	int r;
87d2c1ff	256
1ae464e0	257	assert_return(ret, -EINVAL);
87d2c1ff	258
cc83d519 LP	259	/* We allow usage if x86-64 RDRAND here. It might not be trusted enough for keeping secrets, but it should be
	260	* fine for UUIDS. */
	261	r = genuine_random_bytes(&t, sizeof t, RANDOM_ALLOW_RDRAND);
0f0e240c LP	262	if (r < 0)
0f0e240c LP	263	return r;
87d2c1ff LP	264
	265	/* Turn this into a valid v4 UUID, to be nice. Note that we
	266	* only guarantee this for newly generated UUIDs, not for
f7340ab2	267	* pre-existing ones. */
87d2c1ff	268
1293a168	269	*ret = id128_make_v4_uuid(t);
87d2c1ff LP	270	return 0;
87d2c1ff LP	271	}
70fc4f57	272
65d410c7	273	static int get_app_specific(sd_id128_t base, sd_id128_t app_id, sd_id128_t *ret) {
70fc4f57	274	_cleanup_(khash_unrefp) khash *h = NULL;
65d410c7	275	sd_id128_t result;
70fc4f57 LP	276	const void *p;
	277	int r;
	278
65d410c7	279	assert(ret);
70fc4f57	280
65d410c7	281	r = khash_new_with_key(&h, "hmac(sha256)", &base, sizeof(base));
70fc4f57 LP	282	if (r < 0)
	283	return r;
	284
	285	r = khash_put(h, &app_id, sizeof(app_id));
	286	if (r < 0)
	287	return r;
	288
	289	r = khash_digest_data(h, &p);
	290	if (r < 0)
	291	return r;
	292
	293	/* We chop off the trailing 16 bytes */
	294	memcpy(&result, p, MIN(khash_get_size(h), sizeof(result)));
	295
1293a168	296	*ret = id128_make_v4_uuid(result);
70fc4f57 LP	297	return 0;
70fc4f57 LP	298	}
65d410c7 ZJS	299
	300	_public_ int sd_id128_get_machine_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
	301	sd_id128_t id;
	302	int r;
	303
	304	assert_return(ret, -EINVAL);
	305
	306	r = sd_id128_get_machine(&id);
	307	if (r < 0)
	308	return r;
	309
	310	return get_app_specific(id, app_id, ret);
	311	}
	312
	313	_public_ int sd_id128_get_boot_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
	314	sd_id128_t id;
	315	int r;
	316
	317	assert_return(ret, -EINVAL);
	318
	319	r = sd_id128_get_boot(&id);
	320	if (r < 0)
	321	return r;
	322
	323	return get_app_specific(id, app_id, ret);
	324	}