aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2008-11-13 18:39:11 -0500
committerJames Morris <jmorris@namei.org>2008-11-13 18:39:11 -0500
commit47d804bfa1857b0edcac972c86499dcd14df3cf2 (patch)
tree200b2d1190e29be40c771bf6a4e0db0ef9e7d383 /security
parent8192b0c482d7078fcdcb4854341b977426f6f09b (diff)
CRED: Wrap task credential accesses in the key management code
Wrap access to task credentials so that they can be separated more easily from the task_struct during the introduction of COW creds. Change most current->(|e|s|fs)[ug]id to current_(|e|s|fs)[ug]id(). Change some task->e?[ug]id to task_e?[ug]id(). In some places it makes more sense to use RCU directly rather than a convenient wrapper; these will be addressed by later patches. Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r--security/keys/key.c2
-rw-r--r--security/keys/keyctl.c2
-rw-r--r--security/keys/request_key.c10
-rw-r--r--security/keys/request_key_auth.c2
4 files changed, 8 insertions, 8 deletions
diff --git a/security/keys/key.c b/security/keys/key.c
index 14948cf83ef6..a6ca39ed3b0e 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -802,7 +802,7 @@ key_ref_t key_create_or_update(key_ref_t keyring_ref,
802 } 802 }
803 803
804 /* allocate a new key */ 804 /* allocate a new key */
805 key = key_alloc(ktype, description, current->fsuid, current->fsgid, 805 key = key_alloc(ktype, description, current_fsuid(), current_fsgid(),
806 current, perm, flags); 806 current, perm, flags);
807 if (IS_ERR(key)) { 807 if (IS_ERR(key)) {
808 key_ref = ERR_CAST(key); 808 key_ref = ERR_CAST(key);
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index acc9c89e40a8..3f09e5b2a784 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -817,7 +817,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm)
817 down_write(&key->sem); 817 down_write(&key->sem);
818 818
819 /* if we're not the sysadmin, we can only change a key that we own */ 819 /* if we're not the sysadmin, we can only change a key that we own */
820 if (capable(CAP_SYS_ADMIN) || key->uid == current->fsuid) { 820 if (capable(CAP_SYS_ADMIN) || key->uid == current_fsuid()) {
821 key->perm = perm; 821 key->perm = perm;
822 ret = 0; 822 ret = 0;
823 } 823 }
diff --git a/security/keys/request_key.c b/security/keys/request_key.c
index ba32ca6469bd..a8ebc9520cac 100644
--- a/security/keys/request_key.c
+++ b/security/keys/request_key.c
@@ -77,7 +77,7 @@ static int call_sbin_request_key(struct key_construction *cons,
77 /* allocate a new session keyring */ 77 /* allocate a new session keyring */
78 sprintf(desc, "_req.%u", key->serial); 78 sprintf(desc, "_req.%u", key->serial);
79 79
80 keyring = keyring_alloc(desc, current->fsuid, current->fsgid, current, 80 keyring = keyring_alloc(desc, current_fsuid(), current_fsgid(), current,
81 KEY_ALLOC_QUOTA_OVERRUN, NULL); 81 KEY_ALLOC_QUOTA_OVERRUN, NULL);
82 if (IS_ERR(keyring)) { 82 if (IS_ERR(keyring)) {
83 ret = PTR_ERR(keyring); 83 ret = PTR_ERR(keyring);
@@ -90,8 +90,8 @@ static int call_sbin_request_key(struct key_construction *cons,
90 goto error_link; 90 goto error_link;
91 91
92 /* record the UID and GID */ 92 /* record the UID and GID */
93 sprintf(uid_str, "%d", current->fsuid); 93 sprintf(uid_str, "%d", current_fsuid());
94 sprintf(gid_str, "%d", current->fsgid); 94 sprintf(gid_str, "%d", current_fsgid());
95 95
96 /* we say which key is under construction */ 96 /* we say which key is under construction */
97 sprintf(key_str, "%d", key->serial); 97 sprintf(key_str, "%d", key->serial);
@@ -279,7 +279,7 @@ static int construct_alloc_key(struct key_type *type,
279 mutex_lock(&user->cons_lock); 279 mutex_lock(&user->cons_lock);
280 280
281 key = key_alloc(type, description, 281 key = key_alloc(type, description,
282 current->fsuid, current->fsgid, current, KEY_POS_ALL, 282 current_fsuid(), current_fsgid(), current, KEY_POS_ALL,
283 flags); 283 flags);
284 if (IS_ERR(key)) 284 if (IS_ERR(key))
285 goto alloc_failed; 285 goto alloc_failed;
@@ -342,7 +342,7 @@ static struct key *construct_key_and_link(struct key_type *type,
342 struct key *key; 342 struct key *key;
343 int ret; 343 int ret;
344 344
345 user = key_user_lookup(current->fsuid); 345 user = key_user_lookup(current_fsuid());
346 if (!user) 346 if (!user)
347 return ERR_PTR(-ENOMEM); 347 return ERR_PTR(-ENOMEM);
348 348
diff --git a/security/keys/request_key_auth.c b/security/keys/request_key_auth.c
index bd237b0a6331..729156b3485e 100644
--- a/security/keys/request_key_auth.c
+++ b/security/keys/request_key_auth.c
@@ -195,7 +195,7 @@ struct key *request_key_auth_new(struct key *target, const void *callout_info,
195 sprintf(desc, "%x", target->serial); 195 sprintf(desc, "%x", target->serial);
196 196
197 authkey = key_alloc(&key_type_request_key_auth, desc, 197 authkey = key_alloc(&key_type_request_key_auth, desc,
198 current->fsuid, current->fsgid, current, 198 current_fsuid(), current_fsgid(), current,
199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | 199 KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH |
200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA); 200 KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA);
201 if (IS_ERR(authkey)) { 201 if (IS_ERR(authkey)) {