diff options
| author | David Howells <dhowells@redhat.com> | 2005-06-24 01:00:51 -0400 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-06-24 03:05:18 -0400 |
| commit | 7888e7ff4ee579442128d7d12a9c9dbf2cf7de6a (patch) | |
| tree | abe428ecb966e1dae07fce17f38e3e0c0ab4f134 /kernel/kmod.c | |
| parent | 76d8aeabfeb1c42641a81c44280177b9a08670d8 (diff) | |
[PATCH] Keys: Pass session keyring to call_usermodehelper()
The attached patch makes it possible to pass a session keyring through to the
process spawned by call_usermodehelper(). This allows patch 3/3 to pass an
authorisation key through to /sbin/request-key, thus permitting better access
controls when doing just-in-time key creation.
Signed-Off-By: David Howells <dhowells@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'kernel/kmod.c')
| -rw-r--r-- | kernel/kmod.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/kernel/kmod.c b/kernel/kmod.c index eed53d4f5230..44166e3bb8af 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c | |||
| @@ -120,6 +120,7 @@ struct subprocess_info { | |||
| 120 | char *path; | 120 | char *path; |
| 121 | char **argv; | 121 | char **argv; |
| 122 | char **envp; | 122 | char **envp; |
| 123 | struct key *ring; | ||
| 123 | int wait; | 124 | int wait; |
| 124 | int retval; | 125 | int retval; |
| 125 | }; | 126 | }; |
| @@ -130,16 +131,21 @@ struct subprocess_info { | |||
| 130 | static int ____call_usermodehelper(void *data) | 131 | static int ____call_usermodehelper(void *data) |
| 131 | { | 132 | { |
| 132 | struct subprocess_info *sub_info = data; | 133 | struct subprocess_info *sub_info = data; |
| 134 | struct key *old_session; | ||
| 133 | int retval; | 135 | int retval; |
| 134 | 136 | ||
| 135 | /* Unblock all signals. */ | 137 | /* Unblock all signals and set the session keyring. */ |
| 138 | key_get(sub_info->ring); | ||
| 136 | flush_signals(current); | 139 | flush_signals(current); |
| 137 | spin_lock_irq(¤t->sighand->siglock); | 140 | spin_lock_irq(¤t->sighand->siglock); |
| 141 | old_session = __install_session_keyring(current, sub_info->ring); | ||
| 138 | flush_signal_handlers(current, 1); | 142 | flush_signal_handlers(current, 1); |
| 139 | sigemptyset(¤t->blocked); | 143 | sigemptyset(¤t->blocked); |
| 140 | recalc_sigpending(); | 144 | recalc_sigpending(); |
| 141 | spin_unlock_irq(¤t->sighand->siglock); | 145 | spin_unlock_irq(¤t->sighand->siglock); |
| 142 | 146 | ||
| 147 | key_put(old_session); | ||
| 148 | |||
| 143 | /* We can run anywhere, unlike our parent keventd(). */ | 149 | /* We can run anywhere, unlike our parent keventd(). */ |
| 144 | set_cpus_allowed(current, CPU_MASK_ALL); | 150 | set_cpus_allowed(current, CPU_MASK_ALL); |
| 145 | 151 | ||
| @@ -211,10 +217,11 @@ static void __call_usermodehelper(void *data) | |||
| 211 | } | 217 | } |
| 212 | 218 | ||
| 213 | /** | 219 | /** |
| 214 | * call_usermodehelper - start a usermode application | 220 | * call_usermodehelper_keys - start a usermode application |
| 215 | * @path: pathname for the application | 221 | * @path: pathname for the application |
| 216 | * @argv: null-terminated argument list | 222 | * @argv: null-terminated argument list |
| 217 | * @envp: null-terminated environment list | 223 | * @envp: null-terminated environment list |
| 224 | * @session_keyring: session keyring for process (NULL for an empty keyring) | ||
| 218 | * @wait: wait for the application to finish and return status. | 225 | * @wait: wait for the application to finish and return status. |
| 219 | * | 226 | * |
| 220 | * Runs a user-space application. The application is started | 227 | * Runs a user-space application. The application is started |
| @@ -224,7 +231,8 @@ static void __call_usermodehelper(void *data) | |||
| 224 | * Must be called from process context. Returns a negative error code | 231 | * Must be called from process context. Returns a negative error code |
| 225 | * if program was not execed successfully, or 0. | 232 | * if program was not execed successfully, or 0. |
| 226 | */ | 233 | */ |
| 227 | int call_usermodehelper(char *path, char **argv, char **envp, int wait) | 234 | int call_usermodehelper_keys(char *path, char **argv, char **envp, |
| 235 | struct key *session_keyring, int wait) | ||
| 228 | { | 236 | { |
| 229 | DECLARE_COMPLETION(done); | 237 | DECLARE_COMPLETION(done); |
| 230 | struct subprocess_info sub_info = { | 238 | struct subprocess_info sub_info = { |
| @@ -232,6 +240,7 @@ int call_usermodehelper(char *path, char **argv, char **envp, int wait) | |||
| 232 | .path = path, | 240 | .path = path, |
| 233 | .argv = argv, | 241 | .argv = argv, |
| 234 | .envp = envp, | 242 | .envp = envp, |
| 243 | .ring = session_keyring, | ||
| 235 | .wait = wait, | 244 | .wait = wait, |
| 236 | .retval = 0, | 245 | .retval = 0, |
| 237 | }; | 246 | }; |
| @@ -247,7 +256,7 @@ int call_usermodehelper(char *path, char **argv, char **envp, int wait) | |||
| 247 | wait_for_completion(&done); | 256 | wait_for_completion(&done); |
| 248 | return sub_info.retval; | 257 | return sub_info.retval; |
| 249 | } | 258 | } |
| 250 | EXPORT_SYMBOL(call_usermodehelper); | 259 | EXPORT_SYMBOL(call_usermodehelper_keys); |
| 251 | 260 | ||
| 252 | void __init usermodehelper_init(void) | 261 | void __init usermodehelper_init(void) |
| 253 | { | 262 | { |