diff options
author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:16 -0500 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:16 -0500 |
commit | b6dff3ec5e116e3af6f537d4caedcad6b9e5082a (patch) | |
tree | 9e76f972eb7ce9b84e0146c8e4126a3f86acb428 /security/keys/keyctl.c | |
parent | 15a2460ed0af7538ca8e6c610fe607a2cd9da142 (diff) |
CRED: Separate task security context from task_struct
Separate the task security context from task_struct. At this point, the
security data is temporarily embedded in the task_struct with two pointers
pointing to it.
Note that the Alpha arch is altered as it refers to (E)UID and (E)GID in
entry.S via asm-offsets.
With comment fixes Signed-off-by: Marc Dionne <marc.c.dionne@gmail.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/keys/keyctl.c')
-rw-r--r-- | security/keys/keyctl.c | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index fcce331eca72..8833b447adef 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
@@ -889,7 +889,7 @@ long keyctl_instantiate_key(key_serial_t id, | |||
889 | /* the appropriate instantiation authorisation key must have been | 889 | /* the appropriate instantiation authorisation key must have been |
890 | * assumed before calling this */ | 890 | * assumed before calling this */ |
891 | ret = -EPERM; | 891 | ret = -EPERM; |
892 | instkey = current->request_key_auth; | 892 | instkey = current->cred->request_key_auth; |
893 | if (!instkey) | 893 | if (!instkey) |
894 | goto error; | 894 | goto error; |
895 | 895 | ||
@@ -932,8 +932,8 @@ long keyctl_instantiate_key(key_serial_t id, | |||
932 | /* discard the assumed authority if it's just been disabled by | 932 | /* discard the assumed authority if it's just been disabled by |
933 | * instantiation of the key */ | 933 | * instantiation of the key */ |
934 | if (ret == 0) { | 934 | if (ret == 0) { |
935 | key_put(current->request_key_auth); | 935 | key_put(current->cred->request_key_auth); |
936 | current->request_key_auth = NULL; | 936 | current->cred->request_key_auth = NULL; |
937 | } | 937 | } |
938 | 938 | ||
939 | error2: | 939 | error2: |
@@ -960,7 +960,7 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
960 | /* the appropriate instantiation authorisation key must have been | 960 | /* the appropriate instantiation authorisation key must have been |
961 | * assumed before calling this */ | 961 | * assumed before calling this */ |
962 | ret = -EPERM; | 962 | ret = -EPERM; |
963 | instkey = current->request_key_auth; | 963 | instkey = current->cred->request_key_auth; |
964 | if (!instkey) | 964 | if (!instkey) |
965 | goto error; | 965 | goto error; |
966 | 966 | ||
@@ -983,8 +983,8 @@ long keyctl_negate_key(key_serial_t id, unsigned timeout, key_serial_t ringid) | |||
983 | /* discard the assumed authority if it's just been disabled by | 983 | /* discard the assumed authority if it's just been disabled by |
984 | * instantiation of the key */ | 984 | * instantiation of the key */ |
985 | if (ret == 0) { | 985 | if (ret == 0) { |
986 | key_put(current->request_key_auth); | 986 | key_put(current->cred->request_key_auth); |
987 | current->request_key_auth = NULL; | 987 | current->cred->request_key_auth = NULL; |
988 | } | 988 | } |
989 | 989 | ||
990 | error: | 990 | error: |
@@ -999,6 +999,7 @@ error: | |||
999 | */ | 999 | */ |
1000 | long keyctl_set_reqkey_keyring(int reqkey_defl) | 1000 | long keyctl_set_reqkey_keyring(int reqkey_defl) |
1001 | { | 1001 | { |
1002 | struct cred *cred = current->cred; | ||
1002 | int ret; | 1003 | int ret; |
1003 | 1004 | ||
1004 | switch (reqkey_defl) { | 1005 | switch (reqkey_defl) { |
@@ -1018,10 +1019,10 @@ long keyctl_set_reqkey_keyring(int reqkey_defl) | |||
1018 | case KEY_REQKEY_DEFL_USER_KEYRING: | 1019 | case KEY_REQKEY_DEFL_USER_KEYRING: |
1019 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: | 1020 | case KEY_REQKEY_DEFL_USER_SESSION_KEYRING: |
1020 | set: | 1021 | set: |
1021 | current->jit_keyring = reqkey_defl; | 1022 | cred->jit_keyring = reqkey_defl; |
1022 | 1023 | ||
1023 | case KEY_REQKEY_DEFL_NO_CHANGE: | 1024 | case KEY_REQKEY_DEFL_NO_CHANGE: |
1024 | return current->jit_keyring; | 1025 | return cred->jit_keyring; |
1025 | 1026 | ||
1026 | case KEY_REQKEY_DEFL_GROUP_KEYRING: | 1027 | case KEY_REQKEY_DEFL_GROUP_KEYRING: |
1027 | default: | 1028 | default: |
@@ -1086,8 +1087,8 @@ long keyctl_assume_authority(key_serial_t id) | |||
1086 | 1087 | ||
1087 | /* we divest ourselves of authority if given an ID of 0 */ | 1088 | /* we divest ourselves of authority if given an ID of 0 */ |
1088 | if (id == 0) { | 1089 | if (id == 0) { |
1089 | key_put(current->request_key_auth); | 1090 | key_put(current->cred->request_key_auth); |
1090 | current->request_key_auth = NULL; | 1091 | current->cred->request_key_auth = NULL; |
1091 | ret = 0; | 1092 | ret = 0; |
1092 | goto error; | 1093 | goto error; |
1093 | } | 1094 | } |
@@ -1103,8 +1104,8 @@ long keyctl_assume_authority(key_serial_t id) | |||
1103 | goto error; | 1104 | goto error; |
1104 | } | 1105 | } |
1105 | 1106 | ||
1106 | key_put(current->request_key_auth); | 1107 | key_put(current->cred->request_key_auth); |
1107 | current->request_key_auth = authkey; | 1108 | current->cred->request_key_auth = authkey; |
1108 | ret = authkey->serial; | 1109 | ret = authkey->serial; |
1109 | 1110 | ||
1110 | error: | 1111 | error: |