]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
87d2c1ff LP |
2 | |
3 | #include <errno.h> | |
4 | #include <fcntl.h> | |
5 | #include <unistd.h> | |
6 | ||
80514f9c | 7 | #include "sd-id128.h" |
07630cea | 8 | |
b3415f5d | 9 | #include "alloc-util.h" |
c004493c | 10 | #include "fd-util.h" |
cf0fbc49 | 11 | #include "hexdecoct.h" |
910fd145 | 12 | #include "id128-util.h" |
c004493c | 13 | #include "io-util.h" |
70fc4f57 | 14 | #include "khash.h" |
07630cea | 15 | #include "macro.h" |
f5947a5e | 16 | #include "missing_syscall.h" |
3df3e884 | 17 | #include "random-util.h" |
b3415f5d | 18 | #include "user-util.h" |
07630cea | 19 | #include "util.h" |
87d2c1ff | 20 | |
4199f689 | 21 | _public_ char *sd_id128_to_string(sd_id128_t id, char s[_SD_ARRAY_STATIC SD_ID128_STRING_MAX]) { |
87d2c1ff LP |
22 | unsigned n; |
23 | ||
1ae464e0 | 24 | assert_return(s, NULL); |
87d2c1ff LP |
25 | |
26 | for (n = 0; n < 16; n++) { | |
27 | s[n*2] = hexchar(id.bytes[n] >> 4); | |
28 | s[n*2+1] = hexchar(id.bytes[n] & 0xF); | |
29 | } | |
30 | ||
31 | s[32] = 0; | |
32 | ||
33 | return s; | |
34 | } | |
35 | ||
aa96c6cb LP |
36 | _public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) { |
37 | unsigned n, i; | |
87d2c1ff | 38 | sd_id128_t t; |
aa96c6cb | 39 | bool is_guid = false; |
87d2c1ff | 40 | |
1ae464e0 | 41 | assert_return(s, -EINVAL); |
87d2c1ff | 42 | |
aa96c6cb | 43 | for (n = 0, i = 0; n < 16;) { |
87d2c1ff LP |
44 | int a, b; |
45 | ||
aa96c6cb LP |
46 | if (s[i] == '-') { |
47 | /* Is this a GUID? Then be nice, and skip over | |
48 | * the dashes */ | |
49 | ||
50 | if (i == 8) | |
51 | is_guid = true; | |
945c2931 | 52 | else if (IN_SET(i, 13, 18, 23)) { |
aa96c6cb LP |
53 | if (!is_guid) |
54 | return -EINVAL; | |
55 | } else | |
56 | return -EINVAL; | |
57 | ||
58 | i++; | |
59 | continue; | |
60 | } | |
61 | ||
62 | a = unhexchar(s[i++]); | |
87d2c1ff LP |
63 | if (a < 0) |
64 | return -EINVAL; | |
65 | ||
aa96c6cb | 66 | b = unhexchar(s[i++]); |
87d2c1ff LP |
67 | if (b < 0) |
68 | return -EINVAL; | |
69 | ||
aa96c6cb | 70 | t.bytes[n++] = (a << 4) | b; |
87d2c1ff LP |
71 | } |
72 | ||
aa96c6cb LP |
73 | if (i != (is_guid ? 36 : 32)) |
74 | return -EINVAL; | |
75 | ||
76 | if (s[i] != 0) | |
87d2c1ff LP |
77 | return -EINVAL; |
78 | ||
9ca8d434 LP |
79 | if (ret) |
80 | *ret = t; | |
87d2c1ff LP |
81 | return 0; |
82 | } | |
83 | ||
000a2c98 | 84 | _public_ int sd_id128_get_machine(sd_id128_t *ret) { |
910fd145 | 85 | static thread_local sd_id128_t saved_machine_id = {}; |
a6dcc7e5 | 86 | int r; |
87d2c1ff | 87 | |
1ae464e0 | 88 | assert_return(ret, -EINVAL); |
000a2c98 | 89 | |
910fd145 LP |
90 | if (sd_id128_is_null(saved_machine_id)) { |
91 | r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id); | |
92 | if (r < 0) | |
93 | return r; | |
87d2c1ff | 94 | |
910fd145 | 95 | if (sd_id128_is_null(saved_machine_id)) |
ea03f6ba | 96 | return -ENOMEDIUM; |
87d2c1ff LP |
97 | } |
98 | ||
910fd145 | 99 | *ret = saved_machine_id; |
87d2c1ff LP |
100 | return 0; |
101 | } | |
102 | ||
000a2c98 | 103 | _public_ int sd_id128_get_boot(sd_id128_t *ret) { |
910fd145 | 104 | static thread_local sd_id128_t saved_boot_id = {}; |
a6dcc7e5 | 105 | int r; |
87d2c1ff | 106 | |
1ae464e0 | 107 | assert_return(ret, -EINVAL); |
000a2c98 | 108 | |
910fd145 LP |
109 | if (sd_id128_is_null(saved_boot_id)) { |
110 | r = id128_read("/proc/sys/kernel/random/boot_id", ID128_UUID, &saved_boot_id); | |
111 | if (r < 0) | |
112 | return r; | |
87d2c1ff LP |
113 | } |
114 | ||
910fd145 LP |
115 | *ret = saved_boot_id; |
116 | return 0; | |
117 | } | |
87d2c1ff | 118 | |
b3415f5d | 119 | static int get_invocation_from_keyring(sd_id128_t *ret) { |
b3415f5d LP |
120 | _cleanup_free_ char *description = NULL; |
121 | char *d, *p, *g, *u, *e; | |
122 | unsigned long perms; | |
123 | key_serial_t key; | |
124 | size_t sz = 256; | |
125 | uid_t uid; | |
126 | gid_t gid; | |
127 | int r, c; | |
128 | ||
129 | #define MAX_PERMS ((unsigned long) (KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH| \ | |
130 | KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH)) | |
131 | ||
132 | assert(ret); | |
133 | ||
134 | key = request_key("user", "invocation_id", NULL, 0); | |
135 | if (key == -1) { | |
136 | /* Keyring support not available? No invocation key stored? */ | |
137 | if (IN_SET(errno, ENOSYS, ENOKEY)) | |
c924888f | 138 | return -ENXIO; |
b3415f5d LP |
139 | |
140 | return -errno; | |
141 | } | |
142 | ||
143 | for (;;) { | |
144 | description = new(char, sz); | |
145 | if (!description) | |
146 | return -ENOMEM; | |
147 | ||
148 | c = keyctl(KEYCTL_DESCRIBE, key, (unsigned long) description, sz, 0); | |
149 | if (c < 0) | |
150 | return -errno; | |
151 | ||
152 | if ((size_t) c <= sz) | |
153 | break; | |
154 | ||
155 | sz = c; | |
156 | free(description); | |
157 | } | |
158 | ||
159 | /* The kernel returns a final NUL in the string, verify that. */ | |
160 | assert(description[c-1] == 0); | |
161 | ||
162 | /* Chop off the final description string */ | |
163 | d = strrchr(description, ';'); | |
164 | if (!d) | |
165 | return -EIO; | |
166 | *d = 0; | |
167 | ||
168 | /* Look for the permissions */ | |
169 | p = strrchr(description, ';'); | |
170 | if (!p) | |
171 | return -EIO; | |
172 | ||
173 | errno = 0; | |
174 | perms = strtoul(p + 1, &e, 16); | |
175 | if (errno > 0) | |
176 | return -errno; | |
177 | if (e == p + 1) /* Read at least one character */ | |
178 | return -EIO; | |
179 | if (e != d) /* Must reached the end */ | |
180 | return -EIO; | |
181 | ||
182 | if ((perms & ~MAX_PERMS) != 0) | |
183 | return -EPERM; | |
184 | ||
185 | *p = 0; | |
186 | ||
187 | /* Look for the group ID */ | |
188 | g = strrchr(description, ';'); | |
189 | if (!g) | |
190 | return -EIO; | |
191 | r = parse_gid(g + 1, &gid); | |
192 | if (r < 0) | |
193 | return r; | |
194 | if (gid != 0) | |
195 | return -EPERM; | |
196 | *g = 0; | |
197 | ||
198 | /* Look for the user ID */ | |
199 | u = strrchr(description, ';'); | |
200 | if (!u) | |
201 | return -EIO; | |
202 | r = parse_uid(u + 1, &uid); | |
203 | if (r < 0) | |
204 | return r; | |
205 | if (uid != 0) | |
206 | return -EPERM; | |
207 | ||
208 | c = keyctl(KEYCTL_READ, key, (unsigned long) ret, sizeof(sd_id128_t), 0); | |
209 | if (c < 0) | |
210 | return -errno; | |
211 | if (c != sizeof(sd_id128_t)) | |
212 | return -EIO; | |
213 | ||
c924888f | 214 | return 0; |
b3415f5d LP |
215 | } |
216 | ||
8efb042e YW |
217 | static int get_invocation_from_environment(sd_id128_t *ret) { |
218 | const char *e; | |
219 | ||
220 | assert(ret); | |
221 | ||
222 | e = secure_getenv("INVOCATION_ID"); | |
223 | if (!e) | |
224 | return -ENXIO; | |
225 | ||
226 | return sd_id128_from_string(e, ret); | |
227 | } | |
228 | ||
4b58153d LP |
229 | _public_ int sd_id128_get_invocation(sd_id128_t *ret) { |
230 | static thread_local sd_id128_t saved_invocation_id = {}; | |
231 | int r; | |
232 | ||
233 | assert_return(ret, -EINVAL); | |
234 | ||
235 | if (sd_id128_is_null(saved_invocation_id)) { | |
c924888f ZJS |
236 | /* We first check the environment. The environment variable is primarily relevant for user |
237 | * services, and sufficiently safe as long as no privilege boundary is involved. */ | |
238 | r = get_invocation_from_environment(&saved_invocation_id); | |
239 | if (r < 0 && r != -ENXIO) | |
240 | return r; | |
4b58153d | 241 | |
c924888f ZJS |
242 | /* The kernel keyring is relevant for system services (as for user services we don't store |
243 | * the invocation ID in the keyring, as there'd be no trust benefit in that). */ | |
b3415f5d | 244 | r = get_invocation_from_keyring(&saved_invocation_id); |
4b58153d LP |
245 | if (r < 0) |
246 | return r; | |
247 | } | |
248 | ||
249 | *ret = saved_invocation_id; | |
250 | return 0; | |
251 | } | |
252 | ||
000a2c98 | 253 | _public_ int sd_id128_randomize(sd_id128_t *ret) { |
87d2c1ff | 254 | sd_id128_t t; |
0f0e240c | 255 | int r; |
87d2c1ff | 256 | |
1ae464e0 | 257 | assert_return(ret, -EINVAL); |
87d2c1ff | 258 | |
cc83d519 LP |
259 | /* We allow usage if x86-64 RDRAND here. It might not be trusted enough for keeping secrets, but it should be |
260 | * fine for UUIDS. */ | |
261 | r = genuine_random_bytes(&t, sizeof t, RANDOM_ALLOW_RDRAND); | |
0f0e240c LP |
262 | if (r < 0) |
263 | return r; | |
87d2c1ff LP |
264 | |
265 | /* Turn this into a valid v4 UUID, to be nice. Note that we | |
266 | * only guarantee this for newly generated UUIDs, not for | |
f7340ab2 | 267 | * pre-existing ones. */ |
87d2c1ff | 268 | |
1293a168 | 269 | *ret = id128_make_v4_uuid(t); |
87d2c1ff LP |
270 | return 0; |
271 | } | |
70fc4f57 | 272 | |
65d410c7 | 273 | static int get_app_specific(sd_id128_t base, sd_id128_t app_id, sd_id128_t *ret) { |
70fc4f57 | 274 | _cleanup_(khash_unrefp) khash *h = NULL; |
65d410c7 | 275 | sd_id128_t result; |
70fc4f57 LP |
276 | const void *p; |
277 | int r; | |
278 | ||
65d410c7 | 279 | assert(ret); |
70fc4f57 | 280 | |
65d410c7 | 281 | r = khash_new_with_key(&h, "hmac(sha256)", &base, sizeof(base)); |
70fc4f57 LP |
282 | if (r < 0) |
283 | return r; | |
284 | ||
285 | r = khash_put(h, &app_id, sizeof(app_id)); | |
286 | if (r < 0) | |
287 | return r; | |
288 | ||
289 | r = khash_digest_data(h, &p); | |
290 | if (r < 0) | |
291 | return r; | |
292 | ||
293 | /* We chop off the trailing 16 bytes */ | |
294 | memcpy(&result, p, MIN(khash_get_size(h), sizeof(result))); | |
295 | ||
1293a168 | 296 | *ret = id128_make_v4_uuid(result); |
70fc4f57 LP |
297 | return 0; |
298 | } | |
65d410c7 ZJS |
299 | |
300 | _public_ int sd_id128_get_machine_app_specific(sd_id128_t app_id, sd_id128_t *ret) { | |
301 | sd_id128_t id; | |
302 | int r; | |
303 | ||
304 | assert_return(ret, -EINVAL); | |
305 | ||
306 | r = sd_id128_get_machine(&id); | |
307 | if (r < 0) | |
308 | return r; | |
309 | ||
310 | return get_app_specific(id, app_id, ret); | |
311 | } | |
312 | ||
313 | _public_ int sd_id128_get_boot_app_specific(sd_id128_t app_id, sd_id128_t *ret) { | |
314 | sd_id128_t id; | |
315 | int r; | |
316 | ||
317 | assert_return(ret, -EINVAL); | |
318 | ||
319 | r = sd_id128_get_boot(&id); | |
320 | if (r < 0) | |
321 | return r; | |
322 | ||
323 | return get_app_specific(id, app_id, ret); | |
324 | } |