diff options
author | Arun Raghavan <arunsr@cse.iitk.ac.in> | 2008-04-29 04:01:28 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-04-29 11:06:16 -0400 |
commit | 6b79ccb5144f9ffb4d4596c23e7570238dd12abc (patch) | |
tree | e674339e9f86c3607304496792b417b0ed66de6f | |
parent | da91d2ef9fe4fd84cc0a8a729201d38e40ac9f2e (diff) |
keys: allow clients to set key perms in key_create_or_update()
The key_create_or_update() function provided by the keyring code has a default
set of permissions that are always applied to the key when created. This
might not be desirable to all clients.
Here's a patch that adds a "perm" parameter to the function to address this,
which can be set to KEY_PERM_UNDEF to revert to the current behaviour.
Signed-off-by: Arun Raghavan <arunsr@cse.iitk.ac.in>
Signed-off-by: David Howells <dhowells@redhat.com>
Cc: Satyam Sharma <ssatyam@cse.iitk.ac.in>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | include/linux/key.h | 3 | ||||
-rw-r--r-- | security/keys/key.c | 18 | ||||
-rw-r--r-- | security/keys/keyctl.c | 3 |
3 files changed, 15 insertions, 9 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index 163f864b6bd..8b0bd3393ab 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
@@ -67,6 +67,8 @@ struct key; | |||
67 | #define KEY_OTH_SETATTR 0x00000020 | 67 | #define KEY_OTH_SETATTR 0x00000020 |
68 | #define KEY_OTH_ALL 0x0000003f | 68 | #define KEY_OTH_ALL 0x0000003f |
69 | 69 | ||
70 | #define KEY_PERM_UNDEF 0xffffffff | ||
71 | |||
70 | struct seq_file; | 72 | struct seq_file; |
71 | struct user_struct; | 73 | struct user_struct; |
72 | struct signal_struct; | 74 | struct signal_struct; |
@@ -232,6 +234,7 @@ extern key_ref_t key_create_or_update(key_ref_t keyring, | |||
232 | const char *description, | 234 | const char *description, |
233 | const void *payload, | 235 | const void *payload, |
234 | size_t plen, | 236 | size_t plen, |
237 | key_perm_t perm, | ||
235 | unsigned long flags); | 238 | unsigned long flags); |
236 | 239 | ||
237 | extern int key_update(key_ref_t key, | 240 | extern int key_update(key_ref_t key, |
diff --git a/security/keys/key.c b/security/keys/key.c index 654d23baf35..d98c61953be 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
@@ -757,11 +757,11 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
757 | const char *description, | 757 | const char *description, |
758 | const void *payload, | 758 | const void *payload, |
759 | size_t plen, | 759 | size_t plen, |
760 | key_perm_t perm, | ||
760 | unsigned long flags) | 761 | unsigned long flags) |
761 | { | 762 | { |
762 | struct key_type *ktype; | 763 | struct key_type *ktype; |
763 | struct key *keyring, *key = NULL; | 764 | struct key *keyring, *key = NULL; |
764 | key_perm_t perm; | ||
765 | key_ref_t key_ref; | 765 | key_ref_t key_ref; |
766 | int ret; | 766 | int ret; |
767 | 767 | ||
@@ -806,15 +806,17 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
806 | goto found_matching_key; | 806 | goto found_matching_key; |
807 | } | 807 | } |
808 | 808 | ||
809 | /* decide on the permissions we want */ | 809 | /* if the client doesn't provide, decide on the permissions we want */ |
810 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; | 810 | if (perm == KEY_PERM_UNDEF) { |
811 | perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; | 811 | perm = KEY_POS_VIEW | KEY_POS_SEARCH | KEY_POS_LINK | KEY_POS_SETATTR; |
812 | perm |= KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_LINK | KEY_USR_SETATTR; | ||
812 | 813 | ||
813 | if (ktype->read) | 814 | if (ktype->read) |
814 | perm |= KEY_POS_READ | KEY_USR_READ; | 815 | perm |= KEY_POS_READ | KEY_USR_READ; |
815 | 816 | ||
816 | if (ktype == &key_type_keyring || ktype->update) | 817 | if (ktype == &key_type_keyring || ktype->update) |
817 | perm |= KEY_USR_WRITE; | 818 | perm |= KEY_USR_WRITE; |
819 | } | ||
818 | 820 | ||
819 | /* allocate a new key */ | 821 | /* allocate a new key */ |
820 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | 822 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index 56e963b700b..993be634a5e 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -112,7 +112,8 @@ asmlinkage long sys_add_key(const char __user *_type, | |||
112 | /* create or update the requested key and add it to the target | 112 | /* create or update the requested key and add it to the target |
113 | * keyring */ | 113 | * keyring */ |
114 | key_ref = key_create_or_update(keyring_ref, type, description, | 114 | key_ref = key_create_or_update(keyring_ref, type, description, |
115 | payload, plen, KEY_ALLOC_IN_QUOTA); | 115 | payload, plen, KEY_PERM_UNDEF, |
116 | KEY_ALLOC_IN_QUOTA); | ||
116 | if (!IS_ERR(key_ref)) { | 117 | if (!IS_ERR(key_ref)) { |
117 | ret = key_ref_to_ptr(key_ref)->serial; | 118 | ret = key_ref_to_ptr(key_ref)->serial; |
118 | key_ref_put(key_ref); | 119 | key_ref_put(key_ref); |