aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Documentation/security/keys.txt17
-rw-r--r--fs/cifs/cifsacl.c12
-rw-r--r--fs/nfs/idmap.c12
-rw-r--r--net/dns_resolver/dns_key.c13
-rw-r--r--security/keys/keyring.c1
5 files changed, 31 insertions, 24 deletions
diff --git a/Documentation/security/keys.txt b/Documentation/security/keys.txt
index aa0dbd74b71b..a4f9125c0333 100644
--- a/Documentation/security/keys.txt
+++ b/Documentation/security/keys.txt
@@ -990,6 +990,23 @@ payload contents" for more information.
990 reference pointer if successful. 990 reference pointer if successful.
991 991
992 992
993(*) A keyring can be created by:
994
995 struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
996 const struct cred *cred,
997 key_perm_t perm,
998 unsigned long flags,
999 struct key *dest);
1000
1001 This creates a keyring with the given attributes and returns it. If dest
1002 is not NULL, the new keyring will be linked into the keyring to which it
1003 points. No permission checks are made upon the destination keyring.
1004
1005 Error EDQUOT can be returned if the keyring would overload the quota (pass
1006 KEY_ALLOC_NOT_IN_QUOTA in flags if the keyring shouldn't be accounted
1007 towards the user's quota). Error ENOMEM can also be returned.
1008
1009
993(*) To check the validity of a key, this function can be called: 1010(*) To check the validity of a key, this function can be called:
994 1011
995 int validate_key(struct key *key); 1012 int validate_key(struct key *key);
diff --git a/fs/cifs/cifsacl.c b/fs/cifs/cifsacl.c
index 05f4dc263a23..a8a753c8fcd5 100644
--- a/fs/cifs/cifsacl.c
+++ b/fs/cifs/cifsacl.c
@@ -537,19 +537,15 @@ init_cifs_idmap(void)
537 if (!cred) 537 if (!cred)
538 return -ENOMEM; 538 return -ENOMEM;
539 539
540 keyring = key_alloc(&key_type_keyring, ".cifs_idmap", 0, 0, cred, 540 keyring = keyring_alloc(".cifs_idmap", 0, 0, cred,
541 (KEY_POS_ALL & ~KEY_POS_SETATTR) | 541 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
542 KEY_USR_VIEW | KEY_USR_READ, 542 KEY_USR_VIEW | KEY_USR_READ,
543 KEY_ALLOC_NOT_IN_QUOTA); 543 KEY_ALLOC_NOT_IN_QUOTA, NULL);
544 if (IS_ERR(keyring)) { 544 if (IS_ERR(keyring)) {
545 ret = PTR_ERR(keyring); 545 ret = PTR_ERR(keyring);
546 goto failed_put_cred; 546 goto failed_put_cred;
547 } 547 }
548 548
549 ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
550 if (ret < 0)
551 goto failed_put_key;
552
553 ret = register_key_type(&cifs_idmap_key_type); 549 ret = register_key_type(&cifs_idmap_key_type);
554 if (ret < 0) 550 if (ret < 0)
555 goto failed_put_key; 551 goto failed_put_key;
diff --git a/fs/nfs/idmap.c b/fs/nfs/idmap.c
index a850079467d8..957134b4c0fd 100644
--- a/fs/nfs/idmap.c
+++ b/fs/nfs/idmap.c
@@ -192,19 +192,15 @@ static int nfs_idmap_init_keyring(void)
192 if (!cred) 192 if (!cred)
193 return -ENOMEM; 193 return -ENOMEM;
194 194
195 keyring = key_alloc(&key_type_keyring, ".id_resolver", 0, 0, cred, 195 keyring = keyring_alloc(".id_resolver", 0, 0, cred,
196 (KEY_POS_ALL & ~KEY_POS_SETATTR) | 196 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
197 KEY_USR_VIEW | KEY_USR_READ, 197 KEY_USR_VIEW | KEY_USR_READ,
198 KEY_ALLOC_NOT_IN_QUOTA); 198 KEY_ALLOC_NOT_IN_QUOTA, NULL);
199 if (IS_ERR(keyring)) { 199 if (IS_ERR(keyring)) {
200 ret = PTR_ERR(keyring); 200 ret = PTR_ERR(keyring);
201 goto failed_put_cred; 201 goto failed_put_cred;
202 } 202 }
203 203
204 ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
205 if (ret < 0)
206 goto failed_put_key;
207
208 ret = register_key_type(&key_type_id_resolver); 204 ret = register_key_type(&key_type_id_resolver);
209 if (ret < 0) 205 if (ret < 0)
210 goto failed_put_key; 206 goto failed_put_key;
diff --git a/net/dns_resolver/dns_key.c b/net/dns_resolver/dns_key.c
index d9507dd05818..f2c379d835e3 100644
--- a/net/dns_resolver/dns_key.c
+++ b/net/dns_resolver/dns_key.c
@@ -259,19 +259,15 @@ static int __init init_dns_resolver(void)
259 if (!cred) 259 if (!cred)
260 return -ENOMEM; 260 return -ENOMEM;
261 261
262 keyring = key_alloc(&key_type_keyring, ".dns_resolver", 0, 0, cred, 262 keyring = keyring_alloc(".dns_resolver", 0, 0, cred,
263 (KEY_POS_ALL & ~KEY_POS_SETATTR) | 263 (KEY_POS_ALL & ~KEY_POS_SETATTR) |
264 KEY_USR_VIEW | KEY_USR_READ, 264 KEY_USR_VIEW | KEY_USR_READ,
265 KEY_ALLOC_NOT_IN_QUOTA); 265 KEY_ALLOC_NOT_IN_QUOTA, NULL);
266 if (IS_ERR(keyring)) { 266 if (IS_ERR(keyring)) {
267 ret = PTR_ERR(keyring); 267 ret = PTR_ERR(keyring);
268 goto failed_put_cred; 268 goto failed_put_cred;
269 } 269 }
270 270
271 ret = key_instantiate_and_link(keyring, NULL, 0, NULL, NULL);
272 if (ret < 0)
273 goto failed_put_key;
274
275 ret = register_key_type(&key_type_dns_resolver); 271 ret = register_key_type(&key_type_dns_resolver);
276 if (ret < 0) 272 if (ret < 0)
277 goto failed_put_key; 273 goto failed_put_key;
@@ -303,3 +299,4 @@ static void __exit exit_dns_resolver(void)
303module_init(init_dns_resolver) 299module_init(init_dns_resolver)
304module_exit(exit_dns_resolver) 300module_exit(exit_dns_resolver)
305MODULE_LICENSE("GPL"); 301MODULE_LICENSE("GPL");
302
diff --git a/security/keys/keyring.c b/security/keys/keyring.c
index cf704a92083f..8c25558da14e 100644
--- a/security/keys/keyring.c
+++ b/security/keys/keyring.c
@@ -275,6 +275,7 @@ struct key *keyring_alloc(const char *description, uid_t uid, gid_t gid,
275 275
276 return keyring; 276 return keyring;
277} 277}
278EXPORT_SYMBOL(keyring_alloc);
278 279
279/** 280/**
280 * keyring_search_aux - Search a keyring tree for a key matching some criteria 281 * keyring_search_aux - Search a keyring tree for a key matching some criteria