diff options
author | James Morris <jmorris@namei.org> | 2008-12-24 19:40:09 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-12-24 19:40:09 -0500 |
commit | cbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (patch) | |
tree | 90d1093131d2a3543a8b3b1f3364e7c6f4081a93 /security/keys/request_key_auth.c | |
parent | 4a6908a3a050aacc9c3a2f36b276b46c0629ad91 (diff) | |
parent | 74192246910ff4fb95309ba1a683215644beeb62 (diff) |
Merge branch 'next' into for-linus
Diffstat (limited to 'security/keys/request_key_auth.c')
-rw-r--r-- | security/keys/request_key_auth.c | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index bd237b0a6331..86747151ee5b 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key) | |||
105 | 105 | ||
106 | kenter("{%d}", key->serial); | 106 | kenter("{%d}", key->serial); |
107 | 107 | ||
108 | if (rka->context) { | 108 | if (rka->cred) { |
109 | put_task_struct(rka->context); | 109 | put_cred(rka->cred); |
110 | rka->context = NULL; | 110 | rka->cred = NULL; |
111 | } | 111 | } |
112 | 112 | ||
113 | } /* end request_key_auth_revoke() */ | 113 | } /* end request_key_auth_revoke() */ |
@@ -122,12 +122,13 @@ static void request_key_auth_destroy(struct key *key) | |||
122 | 122 | ||
123 | kenter("{%d}", key->serial); | 123 | kenter("{%d}", key->serial); |
124 | 124 | ||
125 | if (rka->context) { | 125 | if (rka->cred) { |
126 | put_task_struct(rka->context); | 126 | put_cred(rka->cred); |
127 | rka->context = NULL; | 127 | rka->cred = NULL; |
128 | } | 128 | } |
129 | 129 | ||
130 | key_put(rka->target_key); | 130 | key_put(rka->target_key); |
131 | key_put(rka->dest_keyring); | ||
131 | kfree(rka->callout_info); | 132 | kfree(rka->callout_info); |
132 | kfree(rka); | 133 | kfree(rka); |
133 | 134 | ||
@@ -139,9 +140,10 @@ static void request_key_auth_destroy(struct key *key) | |||
139 | * access to the caller's security data | 140 | * access to the caller's security data |
140 | */ | 141 | */ |
141 | struct key *request_key_auth_new(struct key *target, const void *callout_info, | 142 | struct key *request_key_auth_new(struct key *target, const void *callout_info, |
142 | size_t callout_len) | 143 | size_t callout_len, struct key *dest_keyring) |
143 | { | 144 | { |
144 | struct request_key_auth *rka, *irka; | 145 | struct request_key_auth *rka, *irka; |
146 | const struct cred *cred = current->cred; | ||
145 | struct key *authkey = NULL; | 147 | struct key *authkey = NULL; |
146 | char desc[20]; | 148 | char desc[20]; |
147 | int ret; | 149 | int ret; |
@@ -163,31 +165,29 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
163 | 165 | ||
164 | /* see if the calling process is already servicing the key request of | 166 | /* see if the calling process is already servicing the key request of |
165 | * another process */ | 167 | * another process */ |
166 | if (current->request_key_auth) { | 168 | if (cred->request_key_auth) { |
167 | /* it is - use that instantiation context here too */ | 169 | /* it is - use that instantiation context here too */ |
168 | down_read(¤t->request_key_auth->sem); | 170 | down_read(&cred->request_key_auth->sem); |
169 | 171 | ||
170 | /* if the auth key has been revoked, then the key we're | 172 | /* if the auth key has been revoked, then the key we're |
171 | * servicing is already instantiated */ | 173 | * servicing is already instantiated */ |
172 | if (test_bit(KEY_FLAG_REVOKED, | 174 | if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags)) |
173 | ¤t->request_key_auth->flags)) | ||
174 | goto auth_key_revoked; | 175 | goto auth_key_revoked; |
175 | 176 | ||
176 | irka = current->request_key_auth->payload.data; | 177 | irka = cred->request_key_auth->payload.data; |
177 | rka->context = irka->context; | 178 | rka->cred = get_cred(irka->cred); |
178 | rka->pid = irka->pid; | 179 | rka->pid = irka->pid; |
179 | get_task_struct(rka->context); | ||
180 | 180 | ||
181 | up_read(¤t->request_key_auth->sem); | 181 | up_read(&cred->request_key_auth->sem); |
182 | } | 182 | } |
183 | else { | 183 | else { |
184 | /* it isn't - use this process as the context */ | 184 | /* it isn't - use this process as the context */ |
185 | rka->context = current; | 185 | rka->cred = get_cred(cred); |
186 | rka->pid = current->pid; | 186 | rka->pid = current->pid; |
187 | get_task_struct(rka->context); | ||
188 | } | 187 | } |
189 | 188 | ||
190 | rka->target_key = key_get(target); | 189 | rka->target_key = key_get(target); |
190 | rka->dest_keyring = key_get(dest_keyring); | ||
191 | memcpy(rka->callout_info, callout_info, callout_len); | 191 | memcpy(rka->callout_info, callout_info, callout_len); |
192 | rka->callout_len = callout_len; | 192 | rka->callout_len = callout_len; |
193 | 193 | ||
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
195 | sprintf(desc, "%x", target->serial); | 195 | sprintf(desc, "%x", target->serial); |
196 | 196 | ||
197 | authkey = key_alloc(&key_type_request_key_auth, desc, | 197 | authkey = key_alloc(&key_type_request_key_auth, desc, |
198 | current->fsuid, current->fsgid, current, | 198 | cred->fsuid, cred->fsgid, cred, |
199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | | 199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | |
200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); | 200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); |
201 | if (IS_ERR(authkey)) { | 201 | if (IS_ERR(authkey)) { |
@@ -203,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
203 | goto error_alloc; | 203 | goto error_alloc; |
204 | } | 204 | } |
205 | 205 | ||
206 | /* construct and attach to the keyring */ | 206 | /* construct the auth key */ |
207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); | 207 | ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); |
208 | if (ret < 0) | 208 | if (ret < 0) |
209 | goto error_inst; | 209 | goto error_inst; |
210 | 210 | ||
211 | kleave(" = {%d}", authkey->serial); | 211 | kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage)); |
212 | return authkey; | 212 | return authkey; |
213 | 213 | ||
214 | auth_key_revoked: | 214 | auth_key_revoked: |
215 | up_read(¤t->request_key_auth->sem); | 215 | up_read(&cred->request_key_auth->sem); |
216 | kfree(rka->callout_info); | 216 | kfree(rka->callout_info); |
217 | kfree(rka); | 217 | kfree(rka); |
218 | kleave("= -EKEYREVOKED"); | 218 | kleave("= -EKEYREVOKED"); |
@@ -223,6 +223,7 @@ error_inst: | |||
223 | key_put(authkey); | 223 | key_put(authkey); |
224 | error_alloc: | 224 | error_alloc: |
225 | key_put(rka->target_key); | 225 | key_put(rka->target_key); |
226 | key_put(rka->dest_keyring); | ||
226 | kfree(rka->callout_info); | 227 | kfree(rka->callout_info); |
227 | kfree(rka); | 228 | kfree(rka); |
228 | kleave("= %d", ret); | 229 | kleave("= %d", ret); |
@@ -254,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key, | |||
254 | */ | 255 | */ |
255 | struct key *key_get_instantiation_authkey(key_serial_t target_id) | 256 | struct key *key_get_instantiation_authkey(key_serial_t target_id) |
256 | { | 257 | { |
258 | const struct cred *cred = current_cred(); | ||
257 | struct key *authkey; | 259 | struct key *authkey; |
258 | key_ref_t authkey_ref; | 260 | key_ref_t authkey_ref; |
259 | 261 | ||
@@ -261,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id) | |||
261 | &key_type_request_key_auth, | 263 | &key_type_request_key_auth, |
262 | (void *) (unsigned long) target_id, | 264 | (void *) (unsigned long) target_id, |
263 | key_get_instantiation_authkey_match, | 265 | key_get_instantiation_authkey_match, |
264 | current); | 266 | cred); |
265 | 267 | ||
266 | if (IS_ERR(authkey_ref)) { | 268 | if (IS_ERR(authkey_ref)) { |
267 | authkey = ERR_CAST(authkey_ref); | 269 | authkey = ERR_CAST(authkey_ref); |