4 files changed, 59 insertions, 10 deletions
diff --git a/include/linux/key-ui.h b/include/linux/key-ui.h
index 159ca8d54e9a..cc326174a808 100644
--- a/include/linux/key-ui.h
+++ b/include/linux/key-ui.h
@@ -1,4 +1,4 @@
-/* key-ui.h: key userspace interface stuff for use by keyfs
+/* key-ui.h: key userspace interface stuff
 *
 * Copyright (C) 2004 Red Hat, Inc. All Rights Reserved.
 * Written by David Howells (dhowells@redhat.com)
@@ -84,8 +84,45 @@ static inline int key_any_permission(const struct key *key, key_perm_t perm)
        return kperm != 0;
 }
+static inline int key_task_groups_search(struct task_struct *tsk, gid_t gid)
+{
+        int ret;
+        task_lock(tsk);
+        ret = groups_search(tsk->group_info, gid);
+        task_unlock(tsk);
+        return ret;
+}
+static inline int key_task_permission(const struct key *key,
+                                      struct task_struct *context,
+                                      key_perm_t perm)
+{
+        key_perm_t kperm;
+        if (key->uid == context->fsuid) {
+                kperm = key->perm >> 16;
+        }
+        else if (key->gid != -1 &&
+                 key->perm & KEY_GRP_ALL && (
+                         key->gid == context->fsgid ||
+                         key_task_groups_search(context, key->gid)
+                         )
+                 ) {
+                kperm = key->perm >> 8;
+        }
+        else {
+                kperm = key->perm;
+        }
+        kperm = kperm & perm & KEY_ALL;
+        return kperm == perm;
+}
-extern struct key *lookup_user_key(key_serial_t id, int create, int part,
+extern struct key *lookup_user_key(struct task_struct *context,
+                                   key_serial_t id, int create, int partial,
                                   key_perm_t perm);
 extern long join_session_keyring(const char *name);
diff --git a/include/linux/key.h b/include/linux/key.h
index 2bfbf88d2740..970bbd916cf4 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -199,10 +199,12 @@ extern int key_payload_reserve(struct key *key, size_t datalen);
 extern int key_instantiate_and_link(struct key *key,
                                    const void *data,
                                    size_t datalen,
-                                    struct key *keyring);
+                                    struct key *keyring,
+                                    struct key *instkey);
 extern int key_negate_and_link(struct key *key,
                               unsigned timeout,
-                               struct key *keyring);
+                               struct key *keyring,
+                               struct key *instkey);
 extern void key_revoke(struct key *key);
 extern void key_put(struct key *key);
@@ -245,9 +247,6 @@ extern struct key *keyring_search(struct key *keyring,
                                  struct key_type *type,
                                  const char *description);
-extern struct key *search_process_keyrings(struct key_type *type,
-                                           const char *description);
 extern int keyring_add_key(struct key *keyring,
                           struct key *key);
diff --git a/include/linux/keyctl.h b/include/linux/keyctl.h
index 381dedc370a3..8d7c59a29e09 100644
--- a/include/linux/keyctl.h
+++ b/include/linux/keyctl.h
@@ -20,6 +20,16 @@
 #define KEY_SPEC_USER_SESSION_KEYRING   -5      /* - key ID for UID-session keyring */
 #define KEY_SPEC_GROUP_KEYRING          -6      /* - key ID for GID-specific keyring */
+/* request-key default keyrings */
+#define KEY_REQKEY_DEFL_NO_CHANGE               -1
+#define KEY_REQKEY_DEFL_DEFAULT                 0
+#define KEY_REQKEY_DEFL_THREAD_KEYRING          1
+#define KEY_REQKEY_DEFL_PROCESS_KEYRING         2
+#define KEY_REQKEY_DEFL_SESSION_KEYRING         3
+#define KEY_REQKEY_DEFL_USER_KEYRING            4
+#define KEY_REQKEY_DEFL_USER_SESSION_KEYRING    5
+#define KEY_REQKEY_DEFL_GROUP_KEYRING           6
 /* keyctl commands */
 #define KEYCTL_GET_KEYRING_ID           0       /* ask for a keyring's ID */
 #define KEYCTL_JOIN_SESSION_KEYRING     1       /* join or start named session keyring */
@@ -35,5 +45,6 @@
 #define KEYCTL_READ                     11      /* read a key or keyring's contents */
 #define KEYCTL_INSTANTIATE              12      /* instantiate a partially constructed key */
 #define KEYCTL_NEGATE                   13      /* negate a partially constructed key */
+#define KEYCTL_SET_REQKEY_KEYRING       14      /* set default request-key keyring */
 #endif /*  _LINUX_KEYCTL_H */
diff --git a/include/linux/sched.h b/include/linux/sched.h
index 901742f92389..2c69682b0444 100644
--- a/include/linux/sched.h
+++ b/include/linux/sched.h
@@ -561,9 +561,10 @@ struct group_info {
                groups_free(group_info); \
 } while (0)
-struct group_info *groups_alloc(int gidsetsize);
+extern struct group_info *groups_alloc(int gidsetsize);
-void groups_free(struct group_info *group_info);
+extern void groups_free(struct group_info *group_info);
-int set_current_groups(struct group_info *group_info);
+extern int set_current_groups(struct group_info *group_info);
+extern int groups_search(struct group_info *group_info, gid_t grp);
 /* access the groups "array" with this macro */
 #define GROUP_AT(gi, i) \
    ((gi)->blocks[(i)/NGROUPS_PER_BLOCK][(i)%NGROUPS_PER_BLOCK])
@@ -660,6 +661,7 @@ struct task_struct {
        struct user_struct *user;
 #ifdef CONFIG_KEYS
        struct key *thread_keyring;     /* keyring private to this thread */
+        unsigned char jit_keyring;      /* default keyring to attach requested keys to */
 #endif
        int oomkilladj; /* OOM kill score adjustment (bit shift). */
        char comm[TASK_COMM_LEN]; /* executable name excluding path