diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
| commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
| tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /security/keys/keyctl.c | |
| parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) | |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/keyctl.c')
| -rw-r--r-- | security/keys/keyctl.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fcce331eca7..8833b447ade 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -889,7 +889,7 @@ long keyctl_instantiate_key(key_serial_t id, | |||
| 889 | /* the appropriate instantiation authorisation key must have been | 889 | /* the appropriate instantiation authorisation key must have been |
| 890 | * assumed before calling this */ | 890 | * assumed before calling this */ |
| 891 | ret = -EPERM; | 891 | ret = -EPERM; |
| 892 | instkey = current->request_key_auth; | 892 | instkey = current->cred->request_key_auth; |
| 893 | if (!instkey) | 893 | if (!instkey) |
| 894 | goto error; | 894 | goto error; |
| 895 | 895 | ||
| @@ -932,8 +932,8 @@ long keyctl_instantiate_key(key_serial_t id, | |||
| 932 | /* discard the assumed authority if it's just been disabled by | 932 | /* discard the assumed authority if it's just been disabled by |
| 933 | * instantiation of the key */ | 933 | * instantiation of the key */ |
| 934 | if (ret == 0) { | 934 | if (ret == 0) { |
| 935 | key_put(current->request_key_auth); | 935 | key_put(current->cred->request_key_auth); |
| 936 | current->request_key_auth = NULL; | 936 | current->cred->request_key_auth = NULL; |
| 937 | } | 937 | } |
| 938 | 938 | ||
| 939 | error2: | 939 | error2: |
| @@ -960,7 +960,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
| 960 | /* the appropriate instantiation authorisation key must have been | 960 | /* the appropriate instantiation authorisation key must have been |
| 961 | * assumed before calling this */ | 961 | * assumed before calling this */ |
| 962 | ret = -EPERM; | 962 | ret = -EPERM; |
| 963 | instkey = current->request_key_auth; | 963 | instkey = current->cred->request_key_auth; |
| 964 | if (!instkey) | 964 | if (!instkey) |
| 965 | goto error; | 965 | goto error; |
| 966 | 966 | ||
| @@ -983,8 +983,8 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
| 983 | /* discard the assumed authority if it's just been disabled by | 983 | /* discard the assumed authority if it's just been disabled by |
| 984 | * instantiation of the key */ | 984 | * instantiation of the key */ |
| 985 | if (ret == 0) { | 985 | if (ret == 0) { |
| 986 | key_put(current->request_key_auth); | 986 | key_put(current->cred->request_key_auth); |
| 987 | current->request_key_auth = NULL; | 987 | current->cred->request_key_auth = NULL; |
| 988 | } | 988 | } |
| 989 | 989 | ||
| 990 | error: | 990 | error: |
| @@ -999,6 +999,7 @@ error: | |||
| 999 | */ | 999 | */ |
| 1000 | long keyctl_set_reqkey_keyring(int reqkey_defl) | 1000 | long keyctl_set_reqkey_keyring(int reqkey_defl) |
| 1001 | { | 1001 | { |
| 1002 | struct cred *cred = current->cred; | ||
| 1002 | int ret; | 1003 | int ret; |
| 1003 | 1004 | ||
| 1004 | switch (reqkey_defl) { | 1005 | switch (reqkey_defl) { |
| @@ -1018,10 +1019,10 @@ long keyctl_set_reqkey_keyring(int reqkey_defl) | |||
| 1018 | case KEY_REQKEY_DEFL_USER_KEYRING: | 1019 | case KEY_REQKEY_DEFL_USER_KEYRING: |
| 1019 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 1020 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
| 1020 | set: | 1021 | set: |
| 1021 | current->jit_keyring = reqkey_defl; | 1022 | cred->jit_keyring = reqkey_defl; |
| 1022 | 1023 | ||
| 1023 | case KEY_REQKEY_DEFL_NO_CHANGE: | 1024 | case KEY_REQKEY_DEFL_NO_CHANGE: |
| 1024 | return current->jit_keyring; | 1025 | return cred->jit_keyring; |
| 1025 | 1026 | ||
| 1026 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 1027 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
| 1027 | default: | 1028 | default: |
| @@ -1086,8 +1087,8 @@ long keyctl_assume_authority(key_serial_t id) | |||
| 1086 | 1087 | ||
| 1087 | /* we divest ourselves of authority if given an ID of 0 */ | 1088 | /* we divest ourselves of authority if given an ID of 0 */ |
| 1088 | if (id == 0) { | 1089 | if (id == 0) { |
| 1089 | key_put(current->request_key_auth); | 1090 | key_put(current->cred->request_key_auth); |
| 1090 | current->request_key_auth = NULL; | 1091 | current->cred->request_key_auth = NULL; |
| 1091 | ret = 0; | 1092 | ret = 0; |
| 1092 | goto error; | 1093 | goto error; |
| 1093 | } | 1094 | } |
| @@ -1103,8 +1104,8 @@ long keyctl_assume_authority(key_serial_t id) | |||
| 1103 | goto error; | 1104 | goto error; |
| 1104 | } | 1105 | } |
| 1105 | 1106 | ||
| 1106 | key_put(current->request_key_auth); | 1107 | key_put(current->cred->request_key_auth); |
| 1107 | current->request_key_auth = authkey; | 1108 | current->cred->request_key_auth = authkey; |
| 1108 | ret = authkey->serial; | 1109 | ret = authkey->serial; |
| 1109 | 1110 | ||
| 1110 | error: | 1111 | error: |