src/libsystemd/sd-id128/sd-id128.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include <errno.h>
   4 #include <fcntl.h>
   5 #include <unistd.h>
   6
   7 #include "sd-id128.h"
   8
   9 #include "alloc-util.h"
  10 #include "fd-util.h"
  11 #include "hexdecoct.h"
  12 #include "id128-util.h"
  13 #include "io-util.h"
  14 #include "khash.h"
  15 #include "macro.h"
  16 #include "missing.h"
  17 #include "random-util.h"
  18 #include "user-util.h"
  19 #include "util.h"
  20
  21 _public_ char *sd_id128_to_string(sd_id128_t id, char s[_SD_ARRAY_STATIC SD_ID128_STRING_MAX]) {
  22         unsigned n;
  23
  24         assert_return(s, NULL);
  25
  26         for (n = 0; n < 16; n++) {
  27                 s[n*2] = hexchar(id.bytes[n] >> 4);
  28                 s[n*2+1] = hexchar(id.bytes[n] & 0xF);
  29         }
  30
  31         s[32] = 0;
  32
  33         return s;
  34 }
  35
  36 _public_ int sd_id128_from_string(const char s[], sd_id128_t *ret) {
  37         unsigned n, i;
  38         sd_id128_t t;
  39         bool is_guid = false;
  40
  41         assert_return(s, -EINVAL);
  42
  43         for (n = 0, i = 0; n < 16;) {
  44                 int a, b;
  45
  46                 if (s[i] == '-') {
  47                         /* Is this a GUID? Then be nice, and skip over
  48                          * the dashes */
  49
  50                         if (i == 8)
  51                                 is_guid = true;
  52                         else if (IN_SET(i, 13, 18, 23)) {
  53                                 if (!is_guid)
  54                                         return -EINVAL;
  55                         } else
  56                                 return -EINVAL;
  57
  58                         i++;
  59                         continue;
  60                 }
  61
  62                 a = unhexchar(s[i++]);
  63                 if (a < 0)
  64                         return -EINVAL;
  65
  66                 b = unhexchar(s[i++]);
  67                 if (b < 0)
  68                         return -EINVAL;
  69
  70                 t.bytes[n++] = (a << 4) | b;
  71         }
  72
  73         if (i != (is_guid ? 36 : 32))
  74                 return -EINVAL;
  75
  76         if (s[i] != 0)
  77                 return -EINVAL;
  78
  79         if (ret)
  80                 *ret = t;
  81         return 0;
  82 }
  83
  84 _public_ int sd_id128_get_machine(sd_id128_t *ret) {
  85         static thread_local sd_id128_t saved_machine_id = {};
  86         int r;
  87
  88         assert_return(ret, -EINVAL);
  89
  90         if (sd_id128_is_null(saved_machine_id)) {
  91                 r = id128_read("/etc/machine-id", ID128_PLAIN, &saved_machine_id);
  92                 if (r < 0)
  93                         return r;
  94
  95                 if (sd_id128_is_null(saved_machine_id))
  96                         return -ENOMEDIUM;
  97         }
  98
  99         *ret = saved_machine_id;
 100         return 0;
 101 }
 102
 103 _public_ int sd_id128_get_boot(sd_id128_t *ret) {
 104         static thread_local sd_id128_t saved_boot_id = {};
 105         int r;
 106
 107         assert_return(ret, -EINVAL);
 108
 109         if (sd_id128_is_null(saved_boot_id)) {
 110                 r = id128_read("/proc/sys/kernel/random/boot_id", ID128_UUID, &saved_boot_id);
 111                 if (r < 0)
 112                         return r;
 113         }
 114
 115         *ret = saved_boot_id;
 116         return 0;
 117 }
 118
 119 static int get_invocation_from_keyring(sd_id128_t *ret) {
 120
 121         _cleanup_free_ char *description = NULL;
 122         char *d, *p, *g, *u, *e;
 123         unsigned long perms;
 124         key_serial_t key;
 125         size_t sz = 256;
 126         uid_t uid;
 127         gid_t gid;
 128         int r, c;
 129
 130 #define MAX_PERMS ((unsigned long) (KEY_POS_VIEW|KEY_POS_READ|KEY_POS_SEARCH| \
 131                                     KEY_USR_VIEW|KEY_USR_READ|KEY_USR_SEARCH))
 132
 133         assert(ret);
 134
 135         key = request_key("user", "invocation_id", NULL, 0);
 136         if (key == -1) {
 137                 /* Keyring support not available? No invocation key stored? */
 138                 if (IN_SET(errno, ENOSYS, ENOKEY))
 139                         return 0;
 140
 141                 return -errno;
 142         }
 143
 144         for (;;) {
 145                 description = new(char, sz);
 146                 if (!description)
 147                         return -ENOMEM;
 148
 149                 c = keyctl(KEYCTL_DESCRIBE, key, (unsigned long) description, sz, 0);
 150                 if (c < 0)
 151                         return -errno;
 152
 153                 if ((size_t) c <= sz)
 154                         break;
 155
 156                 sz = c;
 157                 free(description);
 158         }
 159
 160         /* The kernel returns a final NUL in the string, verify that. */
 161         assert(description[c-1] == 0);
 162
 163         /* Chop off the final description string */
 164         d = strrchr(description, ';');
 165         if (!d)
 166                 return -EIO;
 167         *d = 0;
 168
 169         /* Look for the permissions */
 170         p = strrchr(description, ';');
 171         if (!p)
 172                 return -EIO;
 173
 174         errno = 0;
 175         perms = strtoul(p + 1, &e, 16);
 176         if (errno > 0)
 177                 return -errno;
 178         if (e == p + 1) /* Read at least one character */
 179                 return -EIO;
 180         if (e != d) /* Must reached the end */
 181                 return -EIO;
 182
 183         if ((perms & ~MAX_PERMS) != 0)
 184                 return -EPERM;
 185
 186         *p = 0;
 187
 188         /* Look for the group ID */
 189         g = strrchr(description, ';');
 190         if (!g)
 191                 return -EIO;
 192         r = parse_gid(g + 1, &gid);
 193         if (r < 0)
 194                 return r;
 195         if (gid != 0)
 196                 return -EPERM;
 197         *g = 0;
 198
 199         /* Look for the user ID */
 200         u = strrchr(description, ';');
 201         if (!u)
 202                 return -EIO;
 203         r = parse_uid(u + 1, &uid);
 204         if (r < 0)
 205                 return r;
 206         if (uid != 0)
 207                 return -EPERM;
 208
 209         c = keyctl(KEYCTL_READ, key, (unsigned long) ret, sizeof(sd_id128_t), 0);
 210         if (c < 0)
 211                 return -errno;
 212         if (c != sizeof(sd_id128_t))
 213                 return -EIO;
 214
 215         return 1;
 216 }
 217
 218 _public_ int sd_id128_get_invocation(sd_id128_t *ret) {
 219         static thread_local sd_id128_t saved_invocation_id = {};
 220         int r;
 221
 222         assert_return(ret, -EINVAL);
 223
 224         if (sd_id128_is_null(saved_invocation_id)) {
 225
 226                 /* We first try to read the invocation ID from the kernel keyring. This has the benefit that it is not
 227                  * fakeable by unprivileged code. If the information is not available in the keyring, we use
 228                  * $INVOCATION_ID but ignore the data if our process was called by less privileged code
 229                  * (i.e. secure_getenv() instead of getenv()).
 230                  *
 231                  * The kernel keyring is only relevant for system services (as for user services we don't store the
 232                  * invocation ID in the keyring, as there'd be no trust benefit in that). The environment variable is
 233                  * primarily relevant for user services, and sufficiently safe as no privilege boundary is involved. */
 234
 235                 r = get_invocation_from_keyring(&saved_invocation_id);
 236                 if (r < 0)
 237                         return r;
 238
 239                 if (r == 0) {
 240                         const char *e;
 241
 242                         e = secure_getenv("INVOCATION_ID");
 243                         if (!e)
 244                                 return -ENXIO;
 245
 246                         r = sd_id128_from_string(e, &saved_invocation_id);
 247                         if (r < 0)
 248                                 return r;
 249                 }
 250         }
 251
 252         *ret = saved_invocation_id;
 253         return 0;
 254 }
 255
 256 static sd_id128_t make_v4_uuid(sd_id128_t id) {
 257         /* Stolen from generate_random_uuid() of drivers/char/random.c
 258          * in the kernel sources */
 259
 260         /* Set UUID version to 4 --- truly random generation */
 261         id.bytes[6] = (id.bytes[6] & 0x0F) | 0x40;
 262
 263         /* Set the UUID variant to DCE */
 264         id.bytes[8] = (id.bytes[8] & 0x3F) | 0x80;
 265
 266         return id;
 267 }
 268
 269 _public_ int sd_id128_randomize(sd_id128_t *ret) {
 270         sd_id128_t t;
 271         int r;
 272
 273         assert_return(ret, -EINVAL);
 274
 275         /* We allow usage if x86-64 RDRAND here. It might not be trusted enough for keeping secrets, but it should be
 276          * fine for UUIDS. */
 277         r = genuine_random_bytes(&t, sizeof t, RANDOM_ALLOW_RDRAND);
 278         if (r < 0)
 279                 return r;
 280
 281         /* Turn this into a valid v4 UUID, to be nice. Note that we
 282          * only guarantee this for newly generated UUIDs, not for
 283          * pre-existing ones. */
 284
 285         *ret = make_v4_uuid(t);
 286         return 0;
 287 }
 288
 289 static int get_app_specific(sd_id128_t base, sd_id128_t app_id, sd_id128_t *ret) {
 290         _cleanup_(khash_unrefp) khash *h = NULL;
 291         sd_id128_t result;
 292         const void *p;
 293         int r;
 294
 295         assert(ret);
 296
 297         r = khash_new_with_key(&h, "hmac(sha256)", &base, sizeof(base));
 298         if (r < 0)
 299                 return r;
 300
 301         r = khash_put(h, &app_id, sizeof(app_id));
 302         if (r < 0)
 303                 return r;
 304
 305         r = khash_digest_data(h, &p);
 306         if (r < 0)
 307                 return r;
 308
 309         /* We chop off the trailing 16 bytes */
 310         memcpy(&result, p, MIN(khash_get_size(h), sizeof(result)));
 311
 312         *ret = make_v4_uuid(result);
 313         return 0;
 314 }
 315
 316 _public_ int sd_id128_get_machine_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
 317         sd_id128_t id;
 318         int r;
 319
 320         assert_return(ret, -EINVAL);
 321
 322         r = sd_id128_get_machine(&id);
 323         if (r < 0)
 324                 return r;
 325
 326         return get_app_specific(id, app_id, ret);
 327 }
 328
 329 _public_ int sd_id128_get_boot_app_specific(sd_id128_t app_id, sd_id128_t *ret) {
 330         sd_id128_t id;
 331         int r;
 332
 333         assert_return(ret, -EINVAL);
 334
 335         r = sd_id128_get_boot(&id);
 336         if (r < 0)
 337                 return r;
 338
 339         return get_app_specific(id, app_id, ret);
 340 }