aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/request_key_auth.c
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
committerJames Morris <jmorris@namei.org>2008-12-24 19:40:09 -0500
commitcbacc2c7f066a1e01b33b0e27ae5efbf534bc2db (patch)
tree90d1093131d2a3543a8b3b1f3364e7c6f4081a93 /security/keys/request_key_auth.c
parent4a6908a3a050aacc9c3a2f36b276b46c0629ad91 (diff)
parent74192246910ff4fb95309ba1a683215644beeb62 (diff)
Merge branch 'next' into for-linus
Diffstat (limited to 'security/keys/request_key_auth.c')
-rw-r--r--security/keys/request_key_auth.c46
1 files changed, 24 insertions, 22 deletions
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index bd237b0a6331..86747151ee5b 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -105,9 +105,9 @@ static void request_key_auth_revoke(struct key *key)
105 105
106 kenter("{%d}", key->serial); 106 kenter("{%d}", key->serial);
107 107
108 if (rka->context) { 108 if (rka->cred) {
109 put_task_struct(rka->context); 109 put_cred(rka->cred);
110 rka->context = NULL; 110 rka->cred = NULL;
111 } 111 }
112 112
113} /* end request_key_auth_revoke() */ 113} /* end request_key_auth_revoke() */
@@ -122,12 +122,13 @@ static void request_key_auth_destroy(struct key *key)
122 122
123 kenter("{%d}", key->serial); 123 kenter("{%d}", key->serial);
124 124
125 if (rka->context) { 125 if (rka->cred) {
126 put_task_struct(rka->context); 126 put_cred(rka->cred);
127 rka->context = NULL; 127 rka->cred = NULL;
128 } 128 }
129 129
130 key_put(rka->target_key); 130 key_put(rka->target_key);
131 key_put(rka->dest_keyring);
131 kfree(rka->callout_info); 132 kfree(rka->callout_info);
132 kfree(rka); 133 kfree(rka);
133 134
@@ -139,9 +140,10 @@ static void request_key_auth_destroy(struct key *key)
139 * access to the caller's security data 140 * access to the caller's security data
140 */ 141 */
141struct key *request_key_auth_new(struct key *target, const void *callout_info, 142struct key *request_key_auth_new(struct key *target, const void *callout_info,
142 size_t callout_len) 143 size_t callout_len, struct key *dest_keyring)
143{ 144{
144 struct request_key_auth *rka, *irka; 145 struct request_key_auth *rka, *irka;
146 const struct cred *cred = current->cred;
145 struct key *authkey = NULL; 147 struct key *authkey = NULL;
146 char desc[20]; 148 char desc[20];
147 int ret; 149 int ret;
@@ -163,31 +165,29 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
163 165
164 /* see if the calling process is already servicing the key request of 166 /* see if the calling process is already servicing the key request of
165 * another process */ 167 * another process */
166 if (current->request_key_auth) { 168 if (cred->request_key_auth) {
167 /* it is - use that instantiation context here too */ 169 /* it is - use that instantiation context here too */
168 down_read(&current->request_key_auth->sem); 170 down_read(&cred->request_key_auth->sem);
169 171
170 /* if the auth key has been revoked, then the key we're 172 /* if the auth key has been revoked, then the key we're
171 * servicing is already instantiated */ 173 * servicing is already instantiated */
172 if (test_bit(KEY_FLAG_REVOKED, 174 if (test_bit(KEY_FLAG_REVOKED, &cred->request_key_auth->flags))
173 &current->request_key_auth->flags))
174 goto auth_key_revoked; 175 goto auth_key_revoked;
175 176
176 irka = current->request_key_auth->payload.data; 177 irka = cred->request_key_auth->payload.data;
177 rka->context = irka->context; 178 rka->cred = get_cred(irka->cred);
178 rka->pid = irka->pid; 179 rka->pid = irka->pid;
179 get_task_struct(rka->context);
180 180
181 up_read(&current->request_key_auth->sem); 181 up_read(&cred->request_key_auth->sem);
182 } 182 }
183 else { 183 else {
184 /* it isn't - use this process as the context */ 184 /* it isn't - use this process as the context */
185 rka->context = current; 185 rka->cred = get_cred(cred);
186 rka->pid = current->pid; 186 rka->pid = current->pid;
187 get_task_struct(rka->context);
188 } 187 }
189 188
190 rka->target_key = key_get(target); 189 rka->target_key = key_get(target);
190 rka->dest_keyring = key_get(dest_keyring);
191 memcpy(rka->callout_info, callout_info, callout_len); 191 memcpy(rka->callout_info, callout_info, callout_len);
192 rka->callout_len = callout_len; 192 rka->callout_len = callout_len;
193 193
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
195 sprintf(desc, "%x", target->serial); 195 sprintf(desc, "%x", target->serial);
196 196
197 authkey = key_alloc(&key_type_request_key_auth, desc, 197 authkey = key_alloc(&key_type_request_key_auth, desc,
198 current->fsuid, current->fsgid, current, 198 cred->fsuid, cred->fsgid, cred,
199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | 199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); 200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
201 if (IS_ERR(authkey)) { 201 if (IS_ERR(authkey)) {
@@ -203,16 +203,16 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
203 goto error_alloc; 203 goto error_alloc;
204 } 204 }
205 205
206 /* construct and attach to the keyring */ 206 /* construct the auth key */
207 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL); 207 ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
208 if (ret < 0) 208 if (ret < 0)
209 goto error_inst; 209 goto error_inst;
210 210
211 kleave(" = {%d}", authkey->serial); 211 kleave(" = {%d,%d}", authkey->serial, atomic_read(&authkey->usage));
212 return authkey; 212 return authkey;
213 213
214auth_key_revoked: 214auth_key_revoked:
215 up_read(&current->request_key_auth->sem); 215 up_read(&cred->request_key_auth->sem);
216 kfree(rka->callout_info); 216 kfree(rka->callout_info);
217 kfree(rka); 217 kfree(rka);
218 kleave("= -EKEYREVOKED"); 218 kleave("= -EKEYREVOKED");
@@ -223,6 +223,7 @@ error_inst:
223 key_put(authkey); 223 key_put(authkey);
224error_alloc: 224error_alloc:
225 key_put(rka->target_key); 225 key_put(rka->target_key);
226 key_put(rka->dest_keyring);
226 kfree(rka->callout_info); 227 kfree(rka->callout_info);
227 kfree(rka); 228 kfree(rka);
228 kleave("= %d", ret); 229 kleave("= %d", ret);
@@ -254,6 +255,7 @@ static int key_get_instantiation_authkey_match(const struct key *key,
254 */ 255 */
255struct key *key_get_instantiation_authkey(key_serial_t target_id) 256struct key *key_get_instantiation_authkey(key_serial_t target_id)
256{ 257{
258 const struct cred *cred = current_cred();
257 struct key *authkey; 259 struct key *authkey;
258 key_ref_t authkey_ref; 260 key_ref_t authkey_ref;
259 261
@@ -261,7 +263,7 @@ struct key *key_get_instantiation_authkey(key_serial_t target_id)
261 &key_type_request_key_auth, 263 &key_type_request_key_auth,
262 (void *) (unsigned long) target_id, 264 (void *) (unsigned long) target_id,
263 key_get_instantiation_authkey_match, 265 key_get_instantiation_authkey_match,
264 current); 266 cred);
265 267
266 if (IS_ERR(authkey_ref)) { 268 if (IS_ERR(authkey_ref)) {
267 authkey = ERR_CAST(authkey_ref); 269 authkey = ERR_CAST(authkey_ref);