diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:38:49 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:38:49 -0500 |
commit | 4eea03539d9a8e3f5056aed690efde1f75535e7b (patch) | |
tree | 1dd58dee9a286459c7a70b8f82edcb63d20b2c07 | |
parent | ec4c2aacd16672febca053109eb9ddf672108ca1 (diff) |
CRED: Wrap task credential accesses in the eCryptFS filesystem
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Cc: Mike Halcrow <mhalcrow@us.ibm.com>
Cc: Phillip Hellewell <phillip@hellewell.homeip.net>
Cc: ecryptfs-devel@lists.sourceforge.net
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | fs/ecryptfs/messaging.c | 18 | ||||
-rw-r--r-- | fs/ecryptfs/miscdev.c | 20 |
2 files changed, 22 insertions, 16 deletions
diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c index c6983978a31e..e0b0a4e28b9b 100644 --- a/fs/ecryptfs/messaging.c +++ b/fs/ecryptfs/messaging.c | |||
@@ -361,6 +361,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
361 | size_t msg_size; | 361 | size_t msg_size; |
362 | struct nsproxy *nsproxy; | 362 | struct nsproxy *nsproxy; |
363 | struct user_namespace *current_user_ns; | 363 | struct user_namespace *current_user_ns; |
364 | uid_t ctx_euid; | ||
364 | int rc; | 365 | int rc; |
365 | 366 | ||
366 | if (msg->index >= ecryptfs_message_buf_len) { | 367 | if (msg->index >= ecryptfs_message_buf_len) { |
@@ -385,8 +386,8 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
385 | goto wake_up; | 386 | goto wake_up; |
386 | } | 387 | } |
387 | current_user_ns = nsproxy->user_ns; | 388 | current_user_ns = nsproxy->user_ns; |
388 | rc = ecryptfs_find_daemon_by_euid(&daemon, msg_ctx->task->euid, | 389 | ctx_euid = task_euid(msg_ctx->task); |
389 | current_user_ns); | 390 | rc = ecryptfs_find_daemon_by_euid(&daemon, ctx_euid, current_user_ns); |
390 | rcu_read_unlock(); | 391 | rcu_read_unlock(); |
391 | mutex_unlock(&ecryptfs_daemon_hash_mux); | 392 | mutex_unlock(&ecryptfs_daemon_hash_mux); |
392 | if (rc) { | 393 | if (rc) { |
@@ -394,14 +395,14 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
394 | printk(KERN_WARNING "%s: User [%d] received a " | 395 | printk(KERN_WARNING "%s: User [%d] received a " |
395 | "message response from process [0x%p] but does " | 396 | "message response from process [0x%p] but does " |
396 | "not have a registered daemon\n", __func__, | 397 | "not have a registered daemon\n", __func__, |
397 | msg_ctx->task->euid, pid); | 398 | ctx_euid, pid); |
398 | goto wake_up; | 399 | goto wake_up; |
399 | } | 400 | } |
400 | if (msg_ctx->task->euid != euid) { | 401 | if (ctx_euid != euid) { |
401 | rc = -EBADMSG; | 402 | rc = -EBADMSG; |
402 | printk(KERN_WARNING "%s: Received message from user " | 403 | printk(KERN_WARNING "%s: Received message from user " |
403 | "[%d]; expected message from user [%d]\n", __func__, | 404 | "[%d]; expected message from user [%d]\n", __func__, |
404 | euid, msg_ctx->task->euid); | 405 | euid, ctx_euid); |
405 | goto unlock; | 406 | goto unlock; |
406 | } | 407 | } |
407 | if (current_user_ns != user_ns) { | 408 | if (current_user_ns != user_ns) { |
@@ -415,7 +416,7 @@ int ecryptfs_process_response(struct ecryptfs_message *msg, uid_t euid, | |||
415 | rc = -EBADMSG; | 416 | rc = -EBADMSG; |
416 | printk(KERN_ERR "%s: User [%d] sent a message response " | 417 | printk(KERN_ERR "%s: User [%d] sent a message response " |
417 | "from an unrecognized process [0x%p]\n", | 418 | "from an unrecognized process [0x%p]\n", |
418 | __func__, msg_ctx->task->euid, pid); | 419 | __func__, ctx_euid, pid); |
419 | goto unlock; | 420 | goto unlock; |
420 | } | 421 | } |
421 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { | 422 | if (msg_ctx->state != ECRYPTFS_MSG_CTX_STATE_PENDING) { |
@@ -464,14 +465,15 @@ ecryptfs_send_message_locked(char *data, int data_len, u8 msg_type, | |||
464 | struct ecryptfs_msg_ctx **msg_ctx) | 465 | struct ecryptfs_msg_ctx **msg_ctx) |
465 | { | 466 | { |
466 | struct ecryptfs_daemon *daemon; | 467 | struct ecryptfs_daemon *daemon; |
468 | uid_t euid = current_euid(); | ||
467 | int rc; | 469 | int rc; |
468 | 470 | ||
469 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 471 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
470 | current->nsproxy->user_ns); | 472 | current->nsproxy->user_ns); |
471 | if (rc || !daemon) { | 473 | if (rc || !daemon) { |
472 | rc = -ENOTCONN; | 474 | rc = -ENOTCONN; |
473 | printk(KERN_ERR "%s: User [%d] does not have a daemon " | 475 | printk(KERN_ERR "%s: User [%d] does not have a daemon " |
474 | "registered\n", __func__, current->euid); | 476 | "registered\n", __func__, euid); |
475 | goto out; | 477 | goto out; |
476 | } | 478 | } |
477 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); | 479 | mutex_lock(&ecryptfs_msg_ctx_lists_mux); |
diff --git a/fs/ecryptfs/miscdev.c b/fs/ecryptfs/miscdev.c index b484792a0996..047ac609695b 100644 --- a/fs/ecryptfs/miscdev.c +++ b/fs/ecryptfs/miscdev.c | |||
@@ -42,11 +42,12 @@ ecryptfs_miscdev_poll(struct file *file, poll_table *pt) | |||
42 | { | 42 | { |
43 | struct ecryptfs_daemon *daemon; | 43 | struct ecryptfs_daemon *daemon; |
44 | unsigned int mask = 0; | 44 | unsigned int mask = 0; |
45 | uid_t euid = current_euid(); | ||
45 | int rc; | 46 | int rc; |
46 | 47 | ||
47 | mutex_lock(&ecryptfs_daemon_hash_mux); | 48 | mutex_lock(&ecryptfs_daemon_hash_mux); |
48 | /* TODO: Just use file->private_data? */ | 49 | /* TODO: Just use file->private_data? */ |
49 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 50 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
50 | current->nsproxy->user_ns); | 51 | current->nsproxy->user_ns); |
51 | BUG_ON(rc || !daemon); | 52 | BUG_ON(rc || !daemon); |
52 | mutex_lock(&daemon->mux); | 53 | mutex_lock(&daemon->mux); |
@@ -83,6 +84,7 @@ static int | |||
83 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) | 84 | ecryptfs_miscdev_open(struct inode *inode, struct file *file) |
84 | { | 85 | { |
85 | struct ecryptfs_daemon *daemon = NULL; | 86 | struct ecryptfs_daemon *daemon = NULL; |
87 | uid_t euid = current_euid(); | ||
86 | int rc; | 88 | int rc; |
87 | 89 | ||
88 | mutex_lock(&ecryptfs_daemon_hash_mux); | 90 | mutex_lock(&ecryptfs_daemon_hash_mux); |
@@ -93,10 +95,10 @@ ecryptfs_miscdev_open(struct inode *inode, struct file *file) | |||
93 | "count; rc = [%d]\n", __func__, rc); | 95 | "count; rc = [%d]\n", __func__, rc); |
94 | goto out_unlock_daemon_list; | 96 | goto out_unlock_daemon_list; |
95 | } | 97 | } |
96 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 98 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
97 | current->nsproxy->user_ns); | 99 | current->nsproxy->user_ns); |
98 | if (rc || !daemon) { | 100 | if (rc || !daemon) { |
99 | rc = ecryptfs_spawn_daemon(&daemon, current->euid, | 101 | rc = ecryptfs_spawn_daemon(&daemon, euid, |
100 | current->nsproxy->user_ns, | 102 | current->nsproxy->user_ns, |
101 | task_pid(current)); | 103 | task_pid(current)); |
102 | if (rc) { | 104 | if (rc) { |
@@ -147,10 +149,11 @@ static int | |||
147 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) | 149 | ecryptfs_miscdev_release(struct inode *inode, struct file *file) |
148 | { | 150 | { |
149 | struct ecryptfs_daemon *daemon = NULL; | 151 | struct ecryptfs_daemon *daemon = NULL; |
152 | uid_t euid = current_euid(); | ||
150 | int rc; | 153 | int rc; |
151 | 154 | ||
152 | mutex_lock(&ecryptfs_daemon_hash_mux); | 155 | mutex_lock(&ecryptfs_daemon_hash_mux); |
153 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 156 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
154 | current->nsproxy->user_ns); | 157 | current->nsproxy->user_ns); |
155 | BUG_ON(rc || !daemon); | 158 | BUG_ON(rc || !daemon); |
156 | mutex_lock(&daemon->mux); | 159 | mutex_lock(&daemon->mux); |
@@ -246,11 +249,12 @@ ecryptfs_miscdev_read(struct file *file, char __user *buf, size_t count, | |||
246 | char packet_length[3]; | 249 | char packet_length[3]; |
247 | size_t i; | 250 | size_t i; |
248 | size_t total_length; | 251 | size_t total_length; |
252 | uid_t euid = current_euid(); | ||
249 | int rc; | 253 | int rc; |
250 | 254 | ||
251 | mutex_lock(&ecryptfs_daemon_hash_mux); | 255 | mutex_lock(&ecryptfs_daemon_hash_mux); |
252 | /* TODO: Just use file->private_data? */ | 256 | /* TODO: Just use file->private_data? */ |
253 | rc = ecryptfs_find_daemon_by_euid(&daemon, current->euid, | 257 | rc = ecryptfs_find_daemon_by_euid(&daemon, euid, |
254 | current->nsproxy->user_ns); | 258 | current->nsproxy->user_ns); |
255 | BUG_ON(rc || !daemon); | 259 | BUG_ON(rc || !daemon); |
256 | mutex_lock(&daemon->mux); | 260 | mutex_lock(&daemon->mux); |
@@ -290,7 +294,7 @@ check_list: | |||
290 | * message from the queue; try again */ | 294 | * message from the queue; try again */ |
291 | goto check_list; | 295 | goto check_list; |
292 | } | 296 | } |
293 | BUG_ON(current->euid != daemon->euid); | 297 | BUG_ON(euid != daemon->euid); |
294 | BUG_ON(current->nsproxy->user_ns != daemon->user_ns); | 298 | BUG_ON(current->nsproxy->user_ns != daemon->user_ns); |
295 | BUG_ON(task_pid(current) != daemon->pid); | 299 | BUG_ON(task_pid(current) != daemon->pid); |
296 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, | 300 | msg_ctx = list_first_entry(&daemon->msg_ctx_out_queue, |
@@ -414,6 +418,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
414 | size_t packet_size, packet_size_length, i; | 418 | size_t packet_size, packet_size_length, i; |
415 | ssize_t sz = 0; | 419 | ssize_t sz = 0; |
416 | char *data; | 420 | char *data; |
421 | uid_t euid = current_euid(); | ||
417 | int rc; | 422 | int rc; |
418 | 423 | ||
419 | if (count == 0) | 424 | if (count == 0) |
@@ -463,8 +468,7 @@ ecryptfs_miscdev_write(struct file *file, const char __user *buf, | |||
463 | goto out_free; | 468 | goto out_free; |
464 | } | 469 | } |
465 | rc = ecryptfs_miscdev_response(&data[i], packet_size, | 470 | rc = ecryptfs_miscdev_response(&data[i], packet_size, |
466 | current->euid, | 471 | euid, current->nsproxy->user_ns, |
467 | current->nsproxy->user_ns, | ||
468 | task_pid(current), seq); | 472 | task_pid(current), seq); |
469 | if (rc) | 473 | if (rc) |
470 | printk(KERN_WARNING "%s: Failed to deliver miscdev " | 474 | printk(KERN_WARNING "%s: Failed to deliver miscdev " |