aboutsummaryrefslogtreecommitdiffstats
path: root/security/keys/keyctl.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:16 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:16 -0500
commitb6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch)
tree9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /security/keys/keyctl.c
parent15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff)
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the security data is temporarily embedded in the task_struct with two pointers pointing to it. Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in entry.S via asm-offsets. With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com> Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/keyctl.c')
-rw-r--r--security/keys/keyctl.c25
1 files changed, 13 insertions, 12 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index fcce331eca72..8833b447adef 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -889,7 +889,7 @@ long keyctl_instantiate_key(key_serial_t id,
889 /* the appropriate instantiation authorisation key must have been 889 /* the appropriate instantiation authorisation key must have been
890 * assumed before calling this */ 890 * assumed before calling this */
891 ret = -EPERM; 891 ret = -EPERM;
892 instkey = current->request_key_auth; 892 instkey = current->cred->request_key_auth;
893 if (!instkey) 893 if (!instkey)
894 goto error; 894 goto error;
895 895
@@ -932,8 +932,8 @@ long keyctl_instantiate_key(key_serial_t id,
932 /* discard the assumed authority if it's just been disabled by 932 /* discard the assumed authority if it's just been disabled by
933 * instantiation of the key */ 933 * instantiation of the key */
934 if (ret == 0) { 934 if (ret == 0) {
935 key_put(current->request_key_auth); 935 key_put(current->cred->request_key_auth);
936 current->request_key_auth = NULL; 936 current->cred->request_key_auth = NULL;
937 } 937 }
938 938
939error2: 939error2:
@@ -960,7 +960,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
960 /* the appropriate instantiation authorisation key must have been 960 /* the appropriate instantiation authorisation key must have been
961 * assumed before calling this */ 961 * assumed before calling this */
962 ret = -EPERM; 962 ret = -EPERM;
963 instkey = current->request_key_auth; 963 instkey = current->cred->request_key_auth;
964 if (!instkey) 964 if (!instkey)
965 goto error; 965 goto error;
966 966
@@ -983,8 +983,8 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid)
983 /* discard the assumed authority if it's just been disabled by 983 /* discard the assumed authority if it's just been disabled by
984 * instantiation of the key */ 984 * instantiation of the key */
985 if (ret == 0) { 985 if (ret == 0) {
986 key_put(current->request_key_auth); 986 key_put(current->cred->request_key_auth);
987 current->request_key_auth = NULL; 987 current->cred->request_key_auth = NULL;
988 } 988 }
989 989
990error: 990error:
@@ -999,6 +999,7 @@ error:
999 */ 999 */
1000long keyctl_set_reqkey_keyring(int reqkey_defl) 1000long keyctl_set_reqkey_keyring(int reqkey_defl)
1001{ 1001{
1002 struct cred *cred = current->cred;
1002 int ret; 1003 int ret;
1003 1004
1004 switch (reqkey_defl) { 1005 switch (reqkey_defl) {
@@ -1018,10 +1019,10 @@ long keyctl_set_reqkey_keyring(int reqkey_defl)
1018 case KEY_REQKEY_DEFL_USER_KEYRING: 1019 case KEY_REQKEY_DEFL_USER_KEYRING:
1019 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: 1020 case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
1020 set: 1021 set:
1021 current->jit_keyring = reqkey_defl; 1022 cred->jit_keyring = reqkey_defl;
1022 1023
1023 case KEY_REQKEY_DEFL_NO_CHANGE: 1024 case KEY_REQKEY_DEFL_NO_CHANGE:
1024 return current->jit_keyring; 1025 return cred->jit_keyring;
1025 1026
1026 case KEY_REQKEY_DEFL_GROUP_KEYRING: 1027 case KEY_REQKEY_DEFL_GROUP_KEYRING:
1027 default: 1028 default:
@@ -1086,8 +1087,8 @@ long keyctl_assume_authority(key_serial_t id)
1086 1087
1087 /* we divest ourselves of authority if given an ID of 0 */ 1088 /* we divest ourselves of authority if given an ID of 0 */
1088 if (id == 0) { 1089 if (id == 0) {
1089 key_put(current->request_key_auth); 1090 key_put(current->cred->request_key_auth);
1090 current->request_key_auth = NULL; 1091 current->cred->request_key_auth = NULL;
1091 ret = 0; 1092 ret = 0;
1092 goto error; 1093 goto error;
1093 } 1094 }
@@ -1103,8 +1104,8 @@ long keyctl_assume_authority(key_serial_t id)
1103 goto error; 1104 goto error;
1104 } 1105 }
1105 1106
1106 key_put(current->request_key_auth); 1107 key_put(current->cred->request_key_auth);
1107 current->request_key_auth = authkey; 1108 current->cred->request_key_auth = authkey;
1108 ret = authkey->serial; 1109 ret = authkey->serial;
1109 1110
1110error: 1111error: