1 files changed, 43 insertions, 4 deletions
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
index 60cc7b762e78..cc326174a808 100644
--- a/include/linux/key-ui.h
+++ b/include/linux/key-ui.h
@@ -1,4 +1,4 @@
-/* key-ui.h: key userspace interface stuff for use by keyfs
+/* key-ui.h: key userspace interface stuff
 *
 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
@@ -31,8 +31,10 @@ extern spinlock_t key_serial_lock;
 * subscribed
 */
 struct keyring_list {
-        unsigned        maxkeys;        /* max keys this list can hold */
+        struct rcu_head rcu;            /* RCU deletion hook */
-        unsigned        nkeys;          /* number of keys currently held */
+        unsigned short  maxkeys;        /* max keys this list can hold */
+        unsigned short  nkeys;          /* number of keys currently held */
+        unsigned short  delkey;         /* key to be unlinked by RCU */
        struct key      *keys[0];
 };
@@ -82,8 +84,45 @@ static inline int key_any_permission(const struct key *key, key_perm_t perm)
        return kperm != 0;
 }
+static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
+{
+        int ret;
+        task_lock(tsk);
+        ret = groups_search(tsk->group_info, gid);
+        task_unlock(tsk);
+        return ret;
+}
+static inline int key_task_permission(const struct key *key,
+                                      struct task_struct *context,
+                                      key_perm_t perm)
+{
+        key_perm_t kperm;
+        if (key->uid == context->fsuid) {
+                kperm = key->perm >> 16;
+        }
+        else if (key->gid != -1 &&
+                 key->perm & KEY_GRP_ALL && (
+                         key->gid == context->fsgid ||
+                         key_task_groups_search(context, key->gid)
+                         )
+                 ) {
+                kperm = key->perm >> 8;
+        }
+        else {
+                kperm = key->perm;
+        }
+        kperm = kperm & perm & KEY_ALL;
+        return kperm == perm;
+}
-extern struct key *lookup_user_key(key_serial_t id, int create, int part,
+extern struct key *lookup_user_key(struct task_struct *context,
+                                   key_serial_t id, int create, int partial,
                                   key_perm_t perm);
 extern long join_session_keyring(const char *name);

diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h index 60cc7b762e78..cc326174a808 100644 --- a/include/linux/key-ui.h +++ b/include/linux/key-ui.h
@@ -1,4 +1,4 @@
1	/* key-ui.h: key userspace interface stuff for use by keyfs	1	/* key-ui.h: key userspace interface stuff
2	*	2	*
3	* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.	3	* Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
4	* Written by David Howells (dhowells@redhat.com)	4	* Written by David Howells (dhowells@redhat.com)
@@ -31,8 +31,10 @@ extern spinlock_t key_serial_lock;
31	* subscribed	31	* subscribed
32	*/	32	*/
33	struct keyring_list {	33	struct keyring_list {
34	unsigned maxkeys; /* max keys this list can hold */	34	struct rcu_head rcu; /* RCU deletion hook */
35	unsigned nkeys; /* number of keys currently held */	35	unsigned short maxkeys; /* max keys this list can hold */
		36	unsigned short nkeys; /* number of keys currently held */
		37	unsigned short delkey; /* key to be unlinked by RCU */
36	struct key *keys[0];	38	struct key *keys[0];
37	};	39	};
38		40
@@ -82,8 +84,45 @@ static inline int key_any_permission(const struct key *key, key_perm_t perm)
82	return kperm != 0;	84	return kperm != 0;
83	}	85	}
84		86
		87	static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
		88	{
		89	int ret;
		90
		91	task_lock(tsk);
		92	ret = groups_search(tsk->group_info, gid);
		93	task_unlock(tsk);
		94	return ret;
		95	}
		96
		97	static inline int key_task_permission(const struct key *key,
		98	struct task_struct *context,
		99	key_perm_t perm)
		100	{
		101	key_perm_t kperm;
		102
		103	if (key->uid == context->fsuid) {
		104	kperm = key->perm >> 16;
		105	}
		106	else if (key->gid != -1 &&
		107	key->perm & KEY_GRP_ALL && (
		108	key->gid == context->fsgid \|\|
		109	key_task_groups_search(context, key->gid)
		110	)
		111	) {
		112	kperm = key->perm >> 8;
		113	}
		114	else {
		115	kperm = key->perm;
		116	}
		117
		118	kperm = kperm & perm & KEY_ALL;
		119
		120	return kperm == perm;
		121
		122	}
85		123
86	extern struct key *lookup_user_key(key_serial_t id, int create, int part,	124	extern struct key lookup_user_key(struct task_struct context,
		125	key_serial_t id, int create, int partial,
87	key_perm_t perm);	126	key_perm_t perm);
88		127
89	extern long join_session_keyring(const char *name);	128	extern long join_session_keyring(const char *name);