diff options
Diffstat (limited to 'security/keys/keyctl.c')
| -rw-r--r-- | security/keys/keyctl.c | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index cee72ce64222..cd5bd0cef25d 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c | |||
| @@ -111,7 +111,7 @@ SYSCALL_DEFINE5(add_key, const char __user *, _type, | |||
| 111 | } | 111 | } |
| 112 | 112 | ||
| 113 | /* find the target keyring (which must be writable) */ | 113 | /* find the target keyring (which must be writable) */ |
| 114 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); | 114 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); |
| 115 | if (IS_ERR(keyring_ref)) { | 115 | if (IS_ERR(keyring_ref)) { |
| 116 | ret = PTR_ERR(keyring_ref); | 116 | ret = PTR_ERR(keyring_ref); |
| 117 | goto error3; | 117 | goto error3; |
| @@ -195,7 +195,7 @@ SYSCALL_DEFINE4(request_key, const char __user *, _type, | |||
| 195 | dest_ref = NULL; | 195 | dest_ref = NULL; |
| 196 | if (destringid) { | 196 | if (destringid) { |
| 197 | dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, | 197 | dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, |
| 198 | KEY_WRITE); | 198 | KEY_NEED_WRITE); |
| 199 | if (IS_ERR(dest_ref)) { | 199 | if (IS_ERR(dest_ref)) { |
| 200 | ret = PTR_ERR(dest_ref); | 200 | ret = PTR_ERR(dest_ref); |
| 201 | goto error3; | 201 | goto error3; |
| @@ -253,7 +253,7 @@ long keyctl_get_keyring_ID(key_serial_t id, int create) | |||
| 253 | long ret; | 253 | long ret; |
| 254 | 254 | ||
| 255 | lflags = create ? KEY_LOOKUP_CREATE : 0; | 255 | lflags = create ? KEY_LOOKUP_CREATE : 0; |
| 256 | key_ref = lookup_user_key(id, lflags, KEY_SEARCH); | 256 | key_ref = lookup_user_key(id, lflags, KEY_NEED_SEARCH); |
| 257 | if (IS_ERR(key_ref)) { | 257 | if (IS_ERR(key_ref)) { |
| 258 | ret = PTR_ERR(key_ref); | 258 | ret = PTR_ERR(key_ref); |
| 259 | goto error; | 259 | goto error; |
| @@ -334,7 +334,7 @@ long keyctl_update_key(key_serial_t id, | |||
| 334 | } | 334 | } |
| 335 | 335 | ||
| 336 | /* find the target key (which must be writable) */ | 336 | /* find the target key (which must be writable) */ |
| 337 | key_ref = lookup_user_key(id, 0, KEY_WRITE); | 337 | key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); |
| 338 | if (IS_ERR(key_ref)) { | 338 | if (IS_ERR(key_ref)) { |
| 339 | ret = PTR_ERR(key_ref); | 339 | ret = PTR_ERR(key_ref); |
| 340 | goto error2; | 340 | goto error2; |
| @@ -365,12 +365,12 @@ long keyctl_revoke_key(key_serial_t id) | |||
| 365 | key_ref_t key_ref; | 365 | key_ref_t key_ref; |
| 366 | long ret; | 366 | long ret; |
| 367 | 367 | ||
| 368 | key_ref = lookup_user_key(id, 0, KEY_WRITE); | 368 | key_ref = lookup_user_key(id, 0, KEY_NEED_WRITE); |
| 369 | if (IS_ERR(key_ref)) { | 369 | if (IS_ERR(key_ref)) { |
| 370 | ret = PTR_ERR(key_ref); | 370 | ret = PTR_ERR(key_ref); |
| 371 | if (ret != -EACCES) | 371 | if (ret != -EACCES) |
| 372 | goto error; | 372 | goto error; |
| 373 | key_ref = lookup_user_key(id, 0, KEY_SETATTR); | 373 | key_ref = lookup_user_key(id, 0, KEY_NEED_SETATTR); |
| 374 | if (IS_ERR(key_ref)) { | 374 | if (IS_ERR(key_ref)) { |
| 375 | ret = PTR_ERR(key_ref); | 375 | ret = PTR_ERR(key_ref); |
| 376 | goto error; | 376 | goto error; |
| @@ -401,7 +401,7 @@ long keyctl_invalidate_key(key_serial_t id) | |||
| 401 | 401 | ||
| 402 | kenter("%d", id); | 402 | kenter("%d", id); |
| 403 | 403 | ||
| 404 | key_ref = lookup_user_key(id, 0, KEY_SEARCH); | 404 | key_ref = lookup_user_key(id, 0, KEY_NEED_SEARCH); |
| 405 | if (IS_ERR(key_ref)) { | 405 | if (IS_ERR(key_ref)) { |
| 406 | ret = PTR_ERR(key_ref); | 406 | ret = PTR_ERR(key_ref); |
| 407 | goto error; | 407 | goto error; |
| @@ -428,7 +428,7 @@ long keyctl_keyring_clear(key_serial_t ringid) | |||
| 428 | key_ref_t keyring_ref; | 428 | key_ref_t keyring_ref; |
| 429 | long ret; | 429 | long ret; |
| 430 | 430 | ||
| 431 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); | 431 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); |
| 432 | if (IS_ERR(keyring_ref)) { | 432 | if (IS_ERR(keyring_ref)) { |
| 433 | ret = PTR_ERR(keyring_ref); | 433 | ret = PTR_ERR(keyring_ref); |
| 434 | 434 | ||
| @@ -470,13 +470,13 @@ long keyctl_keyring_link(key_serial_t id, key_serial_t ringid) | |||
| 470 | key_ref_t keyring_ref, key_ref; | 470 | key_ref_t keyring_ref, key_ref; |
| 471 | long ret; | 471 | long ret; |
| 472 | 472 | ||
| 473 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); | 473 | keyring_ref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); |
| 474 | if (IS_ERR(keyring_ref)) { | 474 | if (IS_ERR(keyring_ref)) { |
| 475 | ret = PTR_ERR(keyring_ref); | 475 | ret = PTR_ERR(keyring_ref); |
| 476 | goto error; | 476 | goto error; |
| 477 | } | 477 | } |
| 478 | 478 | ||
| 479 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_LINK); | 479 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE, KEY_NEED_LINK); |
| 480 | if (IS_ERR(key_ref)) { | 480 | if (IS_ERR(key_ref)) { |
| 481 | ret = PTR_ERR(key_ref); | 481 | ret = PTR_ERR(key_ref); |
| 482 | goto error2; | 482 | goto error2; |
| @@ -505,7 +505,7 @@ long keyctl_keyring_unlink(key_serial_t id, key_serial_t ringid) | |||
| 505 | key_ref_t keyring_ref, key_ref; | 505 | key_ref_t keyring_ref, key_ref; |
| 506 | long ret; | 506 | long ret; |
| 507 | 507 | ||
| 508 | keyring_ref = lookup_user_key(ringid, 0, KEY_WRITE); | 508 | keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_WRITE); |
| 509 | if (IS_ERR(keyring_ref)) { | 509 | if (IS_ERR(keyring_ref)) { |
| 510 | ret = PTR_ERR(keyring_ref); | 510 | ret = PTR_ERR(keyring_ref); |
| 511 | goto error; | 511 | goto error; |
| @@ -548,7 +548,7 @@ long keyctl_describe_key(key_serial_t keyid, | |||
| 548 | char *tmpbuf; | 548 | char *tmpbuf; |
| 549 | long ret; | 549 | long ret; |
| 550 | 550 | ||
| 551 | key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); | 551 | key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); |
| 552 | if (IS_ERR(key_ref)) { | 552 | if (IS_ERR(key_ref)) { |
| 553 | /* viewing a key under construction is permitted if we have the | 553 | /* viewing a key under construction is permitted if we have the |
| 554 | * authorisation token handy */ | 554 | * authorisation token handy */ |
| @@ -639,7 +639,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
| 639 | } | 639 | } |
| 640 | 640 | ||
| 641 | /* get the keyring at which to begin the search */ | 641 | /* get the keyring at which to begin the search */ |
| 642 | keyring_ref = lookup_user_key(ringid, 0, KEY_SEARCH); | 642 | keyring_ref = lookup_user_key(ringid, 0, KEY_NEED_SEARCH); |
| 643 | if (IS_ERR(keyring_ref)) { | 643 | if (IS_ERR(keyring_ref)) { |
| 644 | ret = PTR_ERR(keyring_ref); | 644 | ret = PTR_ERR(keyring_ref); |
| 645 | goto error2; | 645 | goto error2; |
| @@ -649,7 +649,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
| 649 | dest_ref = NULL; | 649 | dest_ref = NULL; |
| 650 | if (destringid) { | 650 | if (destringid) { |
| 651 | dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, | 651 | dest_ref = lookup_user_key(destringid, KEY_LOOKUP_CREATE, |
| 652 | KEY_WRITE); | 652 | KEY_NEED_WRITE); |
| 653 | if (IS_ERR(dest_ref)) { | 653 | if (IS_ERR(dest_ref)) { |
| 654 | ret = PTR_ERR(dest_ref); | 654 | ret = PTR_ERR(dest_ref); |
| 655 | goto error3; | 655 | goto error3; |
| @@ -676,7 +676,7 @@ long keyctl_keyring_search(key_serial_t ringid, | |||
| 676 | 676 | ||
| 677 | /* link the resulting key to the destination keyring if we can */ | 677 | /* link the resulting key to the destination keyring if we can */ |
| 678 | if (dest_ref) { | 678 | if (dest_ref) { |
| 679 | ret = key_permission(key_ref, KEY_LINK); | 679 | ret = key_permission(key_ref, KEY_NEED_LINK); |
| 680 | if (ret < 0) | 680 | if (ret < 0) |
| 681 | goto error6; | 681 | goto error6; |
| 682 | 682 | ||
| @@ -727,7 +727,7 @@ long keyctl_read_key(key_serial_t keyid, char __user *buffer, size_t buflen) | |||
| 727 | key = key_ref_to_ptr(key_ref); | 727 | key = key_ref_to_ptr(key_ref); |
| 728 | 728 | ||
| 729 | /* see if we can read it directly */ | 729 | /* see if we can read it directly */ |
| 730 | ret = key_permission(key_ref, KEY_READ); | 730 | ret = key_permission(key_ref, KEY_NEED_READ); |
| 731 | if (ret == 0) | 731 | if (ret == 0) |
| 732 | goto can_read_key; | 732 | goto can_read_key; |
| 733 | if (ret != -EACCES) | 733 | if (ret != -EACCES) |
| @@ -799,7 +799,7 @@ long keyctl_chown_key(key_serial_t id, uid_t user, gid_t group) | |||
| 799 | goto error; | 799 | goto error; |
| 800 | 800 | ||
| 801 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, | 801 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, |
| 802 | KEY_SETATTR); | 802 | KEY_NEED_SETATTR); |
| 803 | if (IS_ERR(key_ref)) { | 803 | if (IS_ERR(key_ref)) { |
| 804 | ret = PTR_ERR(key_ref); | 804 | ret = PTR_ERR(key_ref); |
| 805 | goto error; | 805 | goto error; |
| @@ -905,7 +905,7 @@ long keyctl_setperm_key(key_serial_t id, key_perm_t perm) | |||
| 905 | goto error; | 905 | goto error; |
| 906 | 906 | ||
| 907 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, | 907 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, |
| 908 | KEY_SETATTR); | 908 | KEY_NEED_SETATTR); |
| 909 | if (IS_ERR(key_ref)) { | 909 | if (IS_ERR(key_ref)) { |
| 910 | ret = PTR_ERR(key_ref); | 910 | ret = PTR_ERR(key_ref); |
| 911 | goto error; | 911 | goto error; |
| @@ -947,7 +947,7 @@ static long get_instantiation_keyring(key_serial_t ringid, | |||
| 947 | 947 | ||
| 948 | /* if a specific keyring is nominated by ID, then use that */ | 948 | /* if a specific keyring is nominated by ID, then use that */ |
| 949 | if (ringid > 0) { | 949 | if (ringid > 0) { |
| 950 | dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_WRITE); | 950 | dkref = lookup_user_key(ringid, KEY_LOOKUP_CREATE, KEY_NEED_WRITE); |
| 951 | if (IS_ERR(dkref)) | 951 | if (IS_ERR(dkref)) |
| 952 | return PTR_ERR(dkref); | 952 | return PTR_ERR(dkref); |
| 953 | *_dest_keyring = key_ref_to_ptr(dkref); | 953 | *_dest_keyring = key_ref_to_ptr(dkref); |
| @@ -1315,7 +1315,7 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) | |||
| 1315 | long ret; | 1315 | long ret; |
| 1316 | 1316 | ||
| 1317 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, | 1317 | key_ref = lookup_user_key(id, KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL, |
| 1318 | KEY_SETATTR); | 1318 | KEY_NEED_SETATTR); |
| 1319 | if (IS_ERR(key_ref)) { | 1319 | if (IS_ERR(key_ref)) { |
| 1320 | /* setting the timeout on a key under construction is permitted | 1320 | /* setting the timeout on a key under construction is permitted |
| 1321 | * if we have the authorisation token handy */ | 1321 | * if we have the authorisation token handy */ |
| @@ -1418,7 +1418,7 @@ long keyctl_get_security(key_serial_t keyid, | |||
| 1418 | char *context; | 1418 | char *context; |
| 1419 | long ret; | 1419 | long ret; |
| 1420 | 1420 | ||
| 1421 | key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_VIEW); | 1421 | key_ref = lookup_user_key(keyid, KEY_LOOKUP_PARTIAL, KEY_NEED_VIEW); |
| 1422 | if (IS_ERR(key_ref)) { | 1422 | if (IS_ERR(key_ref)) { |
| 1423 | if (PTR_ERR(key_ref) != -EACCES) | 1423 | if (PTR_ERR(key_ref) != -EACCES) |
| 1424 | return PTR_ERR(key_ref); | 1424 | return PTR_ERR(key_ref); |
| @@ -1482,7 +1482,7 @@ long keyctl_session_to_parent(void) | |||
| 1482 | struct cred *cred; | 1482 | struct cred *cred; |
| 1483 | int ret; | 1483 | int ret; |
| 1484 | 1484 | ||
| 1485 | keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_LINK); | 1485 | keyring_r = lookup_user_key(KEY_SPEC_SESSION_KEYRING, 0, KEY_NEED_LINK); |
| 1486 | if (IS_ERR(keyring_r)) | 1486 | if (IS_ERR(keyring_r)) |
| 1487 | return PTR_ERR(keyring_r); | 1487 | return PTR_ERR(keyring_r); |
| 1488 | 1488 | ||