Re: [PATCH 3/3] Keys: Make request-key create an authorisation key

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 23 Mar 2005 20:52:45 +0000, David Howells <[email protected]> wrote:
> 
> The attached patch makes the following changes:
> 
>  (6) One of the process keyrings can be nominated as the default to which
>      request_key() should attach new keys if not otherwise specified. This is
>      done with KEYCTL_SET_REQKEY_KEYRING and one of the KEY_REQKEY_DEFL_*
>      constants. The current setting can also be read using this call.
> 
> 
> Signed-Off-By: David Howells <[email protected]>
> ---
> @@ -903,6 +922,44 @@ long keyctl_negate_key(key_serial_t id,
> 
>  /*****************************************************************************/
>  /*
> + * set the default keyring in which request_key() will cache keys
> + * - return the old setting
> + */
> +long keyctl_set_reqkey_keyring(int reqkey_defl)
> +{
> +       int ret;
> +
> +       switch (reqkey_defl) {
> +       case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +               ret = install_thread_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +               goto set;
> +
> +       case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +               ret = install_process_keyring(current);
> +               if (ret < 0)
> +                       return ret;
> +
> +       case KEY_REQKEY_DEFL_DEFAULT:
> +       case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_KEYRING:
> +       case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +       set:
> +               current->jit_keyring = reqkey_defl;
> +
> +       case KEY_REQKEY_DEFL_NO_CHANGE:
> +               return current->jit_keyring;
> +
> +       case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL__GROUP_KEYRING

> +       default:
> +               return -EINVAL;
> +       }
> +
> +} /* end keyctl_set_reqkey_keyring() */
> +

> @@ -267,21 +294,84 @@ static struct key *request_key_construct
> 
>  /*****************************************************************************/
>  /*
> + * link a freshly minted key to an appropriate destination keyring
> + */
> +static void request_key_link(struct key *key, struct key *dest_keyring)
> +{
> +       struct task_struct *tsk = current;
> +       struct key *drop = NULL;
> +
> +       kenter("{%d},%p", key->serial, dest_keyring);
> +
> +       /* find the appropriate keyring */
> +       if (!dest_keyring) {
> +               switch (tsk->jit_keyring) {
> +               case KEY_REQKEY_DEFL_DEFAULT:
> +               case KEY_REQKEY_DEFL_THREAD_KEYRING:
> +                       dest_keyring = tsk->thread_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_PROCESS_KEYRING:
> +                       dest_keyring = tsk->signal->process_keyring;
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_SESSION_KEYRING:
> +                       rcu_read_lock();
> +                       dest_keyring = key_get(
> +                               rcu_dereference(tsk->signal->session_keyring));
> +                       rcu_read_unlock();
> +                       drop = dest_keyring;
> +
> +                       if (dest_keyring)
> +                               break;
> +
> +               case KEY_REQKEY_DEFL_USER_SESSION_KEYRING:
> +                       dest_keyring = current->user->session_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_USER_KEYRING:
> +                       dest_keyring = current->user->uid_keyring;
> +                       break;
> +
> +               case KEY_REQKEY_DEFL_NO_CHANGE:

gcc-4 warns about this (warning: case label value is less than minimum
value for type) and it shouldn't be in jit_keyring anyway.

> +               case KEY_SPEC_GROUP_KEYRING:

KEY_REQKEY_DEFL_GROUP_KEYRING
> +               default:
> +                       BUG();
> +               }
> +       }
> +
> +       /* and attach the key to it */
> +       key_link(dest_keyring, key);

patch attached.

regards,

Benoit

Attachment: keys.patch
Description: Binary data


[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux