aboutsummaryrefslogtreecommitdiffstats
path: root/include/linux/key.h
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-04-29 04:01:31 -0400
committerLinus Torvalds <torvalds@linux-foundation.org>2008-04-29 11:06:17 -0400
commit69664cf16af4f31cd54d77948a4baf9c7e0ca7b9 (patch)
tree3ff4ecae21c140a2beed25cfa9e55b788f9814ac /include/linux/key.h
parent6b79ccb5144f9ffb4d4596c23e7570238dd12abc (diff)
keys: don't generate user and user session keyrings unless they're accessed
Don't generate the per-UID user and user session keyrings unless they're explicitly accessed. This solves a problem during a login process whereby set*uid() is called before the SELinux PAM module, resulting in the per-UID keyrings having the wrong security labels. This also cures the problem of multiple per-UID keyrings sometimes appearing due to PAM modules (including pam_keyinit) setuiding and causing user_structs to come into and go out of existence whilst the session keyring pins the user keyring. This is achieved by first searching for extant per-UID keyrings before inventing new ones. The serial bound argument is also dropped from find_keyring_by_name() as it's not currently made use of (setting it to 0 disables the feature). Signed-off-by: David Howells <dhowells@redhat.com> Cc: <kwc@citi.umich.edu> Cc: <arunsr@cse.iitk.ac.in> Cc: <dwalsh@redhat.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'include/linux/key.h')
-rw-r--r--include/linux/key.h8
1 files changed, 0 insertions, 8 deletions
diff --git a/include/linux/key.h b/include/linux/key.h
index 8b0bd3393abc..2effd031a817 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -268,9 +268,6 @@ extern struct key *key_lookup(key_serial_t id);
268/* 268/*
269 * the userspace interface 269 * the userspace interface
270 */ 270 */
271extern struct key root_user_keyring, root_session_keyring;
272extern int alloc_uid_keyring(struct user_struct *user,
273 struct task_struct *ctx);
274extern void switch_uid_keyring(struct user_struct *new_user); 271extern void switch_uid_keyring(struct user_struct *new_user);
275extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk); 272extern int copy_keys(unsigned long clone_flags, struct task_struct *tsk);
276extern int copy_thread_group_keys(struct task_struct *tsk); 273extern int copy_thread_group_keys(struct task_struct *tsk);
@@ -299,7 +296,6 @@ extern void key_init(void);
299#define make_key_ref(k, p) ({ NULL; }) 296#define make_key_ref(k, p) ({ NULL; })
300#define key_ref_to_ptr(k) ({ NULL; }) 297#define key_ref_to_ptr(k) ({ NULL; })
301#define is_key_possessed(k) 0 298#define is_key_possessed(k) 0
302#define alloc_uid_keyring(u,c) 0
303#define switch_uid_keyring(u) do { } while(0) 299#define switch_uid_keyring(u) do { } while(0)
304#define __install_session_keyring(t, k) ({ NULL; }) 300#define __install_session_keyring(t, k) ({ NULL; })
305#define copy_keys(f,t) 0 301#define copy_keys(f,t) 0
@@ -312,10 +308,6 @@ extern void key_init(void);
312#define key_fsgid_changed(t) do { } while(0) 308#define key_fsgid_changed(t) do { } while(0)
313#define key_init() do { } while(0) 309#define key_init() do { } while(0)
314 310
315/* Initial keyrings */
316extern struct key root_user_keyring;
317extern struct key root_session_keyring;
318
319#endif /* CONFIG_KEYS */ 311#endif /* CONFIG_KEYS */
320#endif /* __KERNEL__ */ 312#endif /* __KERNEL__ */
321#endif /* _LINUX_KEY_H */ 313#endif /* _LINUX_KEY_H */