diff options
| author | David Howells <dhowells@redhat.com> | 2008-11-13 18:39:11 -0500 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2008-11-13 18:39:11 -0500 |
| commit | 47d804bfa1857b0edcac972c86499dcd14df3cf2 (patch) | |
| tree | 200b2d1190e29be40c771bf6a4e0db0ef9e7d383 /security | |
| parent | 8192b0c482d7078fcdcb4854341b977426f6f09b (diff) | |
CRED: Wrap task credential accesses in the key management code
Wrap access to task credentials so that they can be separated more easily from
the task_struct during the introduction of COW creds.
Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id().
Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more
sense to use RCU directly rather than a convenient wrapper; these will be
addressed by later patches.
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <jmorris@namei.org>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/key.c | 2 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 2 | ||||
| -rw-r--r-- | security/keys/request_key.c | 10 | ||||
| -rw-r--r-- | security/keys/request_key_auth.c | 2 |
4 files changed, 8 insertions, 8 deletions
diff --git a/security/keys/key.c b/security/keys/key.c index 14948cf83ef6..a6ca39ed3b0e 100644 --- a/security/keys/key.c +++ b/security/keys/key.c | |||
| @@ -802,7 +802,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref, | |||
| 802 | } | 802 | } |
| 803 | 803 | ||
| 804 | /* allocate a new key */ | 804 | /* allocate a new key */ |
| 805 | key = key_alloc(ktype, description, current->fsuid, current->fsgid, | 805 | key = key_alloc(ktype, description, current_fsuid(), current_fsgid(), |
| 806 | current, perm, flags); | 806 | current, perm, flags); |
| 807 | if (IS_ERR(key)) { | 807 | if (IS_ERR(key)) { |
| 808 | key_ref = ERR_CAST(key); | 808 | key_ref = ERR_CAST(key); |
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index acc9c89e40a8..3f09e5b2a784 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
| 817 | down_write(&key->sem); | 817 | down_write(&key->sem); |
| 818 | 818 | ||
| 819 | /* if we're not the sysadmin, we can only change a key that we own */ | 819 | /* if we're not the sysadmin, we can only change a key that we own */ |
| 820 | if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { | 820 | if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) { |
| 821 | key->perm = perm; | 821 | key->perm = perm; |
| 822 | ret = 0; | 822 | ret = 0; |
| 823 | } | 823 | } |
diff --git a/security/keys/request_key.c b/security/keys/request_key.c index ba32ca6469bd..a8ebc9520cac 100644 --- a/security/keys/request_key.c +++ b/security/keys/request_key.c | |||
| @@ -77,7 +77,7 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 77 | /* allocate a new session keyring */ | 77 | /* allocate a new session keyring */ |
| 78 | sprintf(desc, "_req.%u", key->serial); | 78 | sprintf(desc, "_req.%u", key->serial); |
| 79 | 79 | ||
| 80 | keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, | 80 | keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current, |
| 81 | KEY_ALLOC_QUOTA_OVERRUN, NULL); | 81 | KEY_ALLOC_QUOTA_OVERRUN, NULL); |
| 82 | if (IS_ERR(keyring)) { | 82 | if (IS_ERR(keyring)) { |
| 83 | ret = PTR_ERR(keyring); | 83 | ret = PTR_ERR(keyring); |
| @@ -90,8 +90,8 @@ static int call_sbin_request_key(struct key_construction *cons, | |||
| 90 | goto error_link; | 90 | goto error_link; |
| 91 | 91 | ||
| 92 | /* record the UID and GID */ | 92 | /* record the UID and GID */ |
| 93 | sprintf(uid_str, "%d", current->fsuid); | 93 | sprintf(uid_str, "%d", current_fsuid()); |
| 94 | sprintf(gid_str, "%d", current->fsgid); | 94 | sprintf(gid_str, "%d", current_fsgid()); |
| 95 | 95 | ||
| 96 | /* we say which key is under construction */ | 96 | /* we say which key is under construction */ |
| 97 | sprintf(key_str, "%d", key->serial); | 97 | sprintf(key_str, "%d", key->serial); |
| @@ -279,7 +279,7 @@ static int construct_alloc_key(struct key_type *type, | |||
| 279 | mutex_lock(&user->cons_lock); | 279 | mutex_lock(&user->cons_lock); |
| 280 | 280 | ||
| 281 | key = key_alloc(type, description, | 281 | key = key_alloc(type, description, |
| 282 | current->fsuid, current->fsgid, current, KEY_POS_ALL, | 282 | current_fsuid(), current_fsgid(), current, KEY_POS_ALL, |
| 283 | flags); | 283 | flags); |
| 284 | if (IS_ERR(key)) | 284 | if (IS_ERR(key)) |
| 285 | goto alloc_failed; | 285 | goto alloc_failed; |
| @@ -342,7 +342,7 @@ static struct key *construct_key_and_link(struct key_type *type, | |||
| 342 | struct key *key; | 342 | struct key *key; |
| 343 | int ret; | 343 | int ret; |
| 344 | 344 | ||
| 345 | user = key_user_lookup(current->fsuid); | 345 | user = key_user_lookup(current_fsuid()); |
| 346 | if (!user) | 346 | if (!user) |
| 347 | return ERR_PTR(-ENOMEM); | 347 | return ERR_PTR(-ENOMEM); |
| 348 | 348 | ||
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c index bd237b0a6331..729156b3485e 100644 --- a/security/keys/request_key_auth.c +++ b/security/keys/request_key_auth.c | |||
| @@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info, | |||
| 195 | sprintf(desc, "%x", target->serial); | 195 | sprintf(desc, "%x", target->serial); |
| 196 | 196 | ||
| 197 | authkey = key_alloc(&key_type_request_key_auth, desc, | 197 | authkey = key_alloc(&key_type_request_key_auth, desc, |
| 198 | current->fsuid, current->fsgid, current, | 198 | current_fsuid(), current_fsgid(), current, |
| 199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | | 199 | KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | |
| 200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); | 200 | KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); |
| 201 | if (IS_ERR(authkey)) { | 201 | if (IS_ERR(authkey)) { |