aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/key-ui.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2005-10-07 10:07:38 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-10-08 17:53:31 -0400
commit468ed2b0c85ec4310b429e60358213b6d077289e (patch)
treed1f570c1b89df450753cbec8768b1c1cfac6d9a2 /include/linux/key-ui.h
parentf1a9badcf6ecad9975240d94514721cb93932151 (diff)
[PATCH] Keys: Split key permissions checking into a .c file
The attached patch splits key permissions checking out of key-ui.h and moves it into a .c file. It's quite large and called quite a lot, and it's about to get bigger with the addition of LSM support for keys... key_any_permission() is also discarded as it's no longer used. Signed-Off-By: David Howells <dhowells@redhat.com> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/key-ui.h')
-rw-r--r--include/linux/key-ui.h91
1 files changed, 5 insertions, 86 deletions
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
index 918c34a8347e..7a2e332067c3 100644
--- a/include/linux/key-ui.h
+++ b/include/linux/key-ui.h
@@ -38,97 +38,16 @@ struct keyring_list {
38 struct key *keys[0]; 38 struct key *keys[0];
39}; 39};
40 40
41
42/* 41/*
43 * check to see whether permission is granted to use a key in the desired way 42 * check to see whether permission is granted to use a key in the desired way
44 */ 43 */
45static inline int key_permission(const key_ref_t key_ref, key_perm_t perm) 44extern int key_task_permission(const key_ref_t key_ref,
46{ 45 struct task_struct *context,
47 struct key *key = key_ref_to_ptr(key_ref); 46 key_perm_t perm);
48 key_perm_t kperm;
49
50 if (is_key_possessed(key_ref))
51 kperm = key->perm >> 24;
52 else if (key->uid == current->fsuid)
53 kperm = key->perm >> 16;
54 else if (key->gid != -1 &&
55 key->perm & KEY_GRP_ALL &&
56 in_group_p(key->gid)
57 )
58 kperm = key->perm >> 8;
59 else
60 kperm = key->perm;
61
62 kperm = kperm & perm & KEY_ALL;
63
64 return kperm == perm;
65}
66
67/*
68 * check to see whether permission is granted to use a key in at least one of
69 * the desired ways
70 */
71static inline int key_any_permission(const key_ref_t key_ref, key_perm_t perm)
72{
73 struct key *key = key_ref_to_ptr(key_ref);
74 key_perm_t kperm;
75
76 if (is_key_possessed(key_ref))
77 kperm = key->perm >> 24;
78 else if (key->uid == current->fsuid)
79 kperm = key->perm >> 16;
80 else if (key->gid != -1 &&
81 key->perm & KEY_GRP_ALL &&
82 in_group_p(key->gid)
83 )
84 kperm = key->perm >> 8;
85 else
86 kperm = key->perm;
87 47
88 kperm = kperm & perm & KEY_ALL; 48static inline int key_permission(const key_ref_t key_ref, key_perm_t perm)
89
90 return kperm != 0;
91}
92
93static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
94{
95 int ret;
96
97 task_lock(tsk);
98 ret = groups_search(tsk->group_info, gid);
99 task_unlock(tsk);
100 return ret;
101}
102
103static inline int key_task_permission(const key_ref_t key_ref,
104 struct task_struct *context,
105 key_perm_t perm)
106{ 49{
107 struct key *key = key_ref_to_ptr(key_ref); 50 return key_task_permission(key_ref, current, perm);
108 key_perm_t kperm;
109
110 if (is_key_possessed(key_ref)) {
111 kperm = key->perm >> 24;
112 }
113 else if (key->uid == context->fsuid) {
114 kperm = key->perm >> 16;
115 }
116 else if (key->gid != -1 &&
117 key->perm & KEY_GRP_ALL && (
118 key->gid == context->fsgid ||
119 key_task_groups_search(context, key->gid)
120 )
121 ) {
122 kperm = key->perm >> 8;
123 }
124 else {
125 kperm = key->perm;
126 }
127
128 kperm = kperm & perm & KEY_ALL;
129
130 return kperm == perm;
131
132} 51}
133 52
134extern key_ref_t lookup_user_key(struct task_struct *context, 53extern key_ref_t lookup_user_key(struct task_struct *context,